impossible de retirer coolwwwsearch.searchtoolbar

Bonjour, J'ai un probleme je vous serais tres reconnaissant si vous pouviez m'aider a le resoudre.
Je n'arrive pas a retirer coolwwwsearch.searchtoolbar. Quand je fais le scan avec spypot 1.4 updaté du 21 juillet 06, elle le trouve et quand je veux l'enlever il me dit qu'il faut l'enlever au demarrage du PC ce que j'accepte de faire. Mais aprés un scan il retrouve le meme probleme et me redit la meme chose.J'utilise AVG free edition updaté, spybot updaté, spywareblaster updaté, IEspyad.
S'il vous plait veuillez noter que je peux pas aller en safe mode avec mon pc (je sais pas pourquoi il n'y va pas).
Je vous remercie d'avance pour votre aide.
Je poste le dernier hijackthis log que j'ai fait et le online scan avec panda, et aussi avec ewido (essai de 30 jours):
Comme j'ai lu dans le forum j'ai aussi essayé cwshredder qui trouve rien, looktome qui trouve rien non plus et Vondofix qui trouve rien non plus.
Je vous remercie de m'aider.

Logfile of HijackThis v1.99.1
Scan saved at 20:57:03, on 2006-07-23
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\WINDOWS\System32\WgaTray.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Shareaza\Shareaza.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\internet explorer\IEXPLORE.EXE
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\internet explorer\IEXPLORE.EXE
C:\antispyware\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.polymtl.ca/index.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://proxy.biblio.polymtl.ca:8080/biblio
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [CommCtr] C:\PROGRA~1\NET2PH~1\CommCtr.exe -auto
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/094c80 [...] 601_fr.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activ [...] asinst.cab
O16 - DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} (Java Plug-in) -
O16 - DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} (Java Plug-in) -
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: vskype - (no CLSID) - (no file)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

Pour le panda, le voici:

Incident Status Location

Adware:adware/winprotect Not disinfected c:\windows\help\CHMRedir.chm
Adware:adware/cws.yexe Not disinfected c:\messanger.ini
Adware:adware/exact.bargainbuddy Not disinfected c:\program files\net2phone commcenter\CC_Versn.dll
Adware:adware/sbsoft Not disinfected c:\windows\rdt.ini
Adware:adware/ncase Not disinfected Windows Registry
Adware:adware/ist.yoursitebar Not disinfected Windows Registry
Spyware:Cookie/adultfriendfinder Not disinfected C:\Documents and Settings\Propriétaire\Application Data\Mozilla\Firefox\Profiles\z2o7kw9o.default\cookies.txt[.adultfriendfinder.com/]
Spyware:Cookie/Clickbank Not disinfected C:\Documents and Settings\Propriétaire\Application Data\Mozilla\Firefox\Profiles\z2o7kw9o.default\cookies.txt[.clickbank.net/]
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Propriétaire\Application Data\Mozilla\Firefox\Profiles\z2o7kw9o.default\cookies.txt[.com.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Propriétaire\Application Data\Mozilla\Firefox\Profiles\z2o7kw9o.default\cookies.txt[.realmedia.com/]
Spyware:Cookie/Toplist Not disinfected C:\Documents and Settings\Propriétaire\Application Data\Mozilla\Firefox\Profiles\z2o7kw9o.default\cookies.txt[.toplist.cz/]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Propriétaire\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\Dummy.class-7929669b-10429d46.class
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Propriétaire\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-50757294-223c4b70.zip[classload.jar-50757294-223c4b70/Dummy.class]
Virus:Exploit/ByteVerify Renamed C:\Documents and Settings\Propriétaire\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv314.jar-14b26cda-64605198.zip[Dummy.class]
Virus:Exploit/ByteVerify Renamed C:\Documents and Settings\Propriétaire\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv343.jar-19c2df36-3a7897d6.zip[Dummy.class]
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Propriétaire\Cookies\propriétaire@com[2].txt
Spyware:Cookie/fe.lea.lycos Not disinfected C:\Documents and Settings\Propriétaire\Cookies\propriétaire@fe.lea.lycos[1].txt
Spyware:Cookie/Searchportal Not disinfected C:\Documents and Settings\Propriétaire\Cookies\propriétaire@searchportal.information[2].txt
Spyware:Cookie/Yadro Not disinfected C:\Program Files\WinRescueXP\2005-05-13\appdata.zip[CDocuments and Settings/PropriTtaire/Application Data/Mozilla/Firefox/Profiles/z2o7kw9o.default/cookies.txt][.yadro.ru/]
Spyware:Cookie/BannerBank Not disinfected C:\Program Files\WinRescueXP\2005-05-13\appdata.zip[CDocuments and Settings/PropriTtaire/Application Data/Mozilla/Firefox/Profiles/z2o7kw9o.default/cookies.txt][ad10.bannerbank.ru/]
Spyware:Cookie/YieldManager Not disinfected C:\Program Files\WinRescueXP\2005-05-13\appdata.zip[CDocuments and Settings/PropriTtaire/Application Data/Mozilla/Firefox/Profiles/z2o7kw9o.default/cookies.txt][ad.yieldmanager.com/]
Spyware:Cookie/Maxserving Not disinfected C:\Program Files\WinRescueXP\2005-05-13\appdata.zip[CDocuments and Settings/PropriTtaire/Application Data/Mozilla/Firefox/Profiles/z2o7kw9o.default/cookies.txt][.maxserving.com/]
Spyware:Cookie/Falkag Not disinfected C:\Program Files\WinRescueXP\2005-05-13\appdata.zip[CDocuments and Settings/PropriTtaire/Application Data/Mozilla/Firefox/Profiles/z2o7kw9o.default/cookies.txt][.as-us.falkag.net/]
Spyware:Cookie/Kmpads Not disinfected C:\Program Files\WinRescueXP\2005-05-13\appdata.zip[CDocuments and Settings/PropriTtaire/Application Data/Mozilla/Firefox/Profiles/z2o7kw9o.default/cookies.txt][.kmpads.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Program Files\WinRescueXP\2005-05-13\appdata.zip[CDocuments and Settings/PropriTtaire/Application Data/Mozilla/Firefox/Profiles/z2o7kw9o.default/cookies.txt][.realmedia.com/]
Spyware:Cookie/FortuneCity Not disinfected C:\Program Files\WinRescueXP\2005-05-13\appdata.zip[CDocuments and Settings/PropriTtaire/Application Data/Mozilla/Firefox/Profiles/z2o7kw9o.default/cookies.txt][.fortunecity.com/]
Spyware:Cookie/Com.com Not disinfected C:\Program Files\WinRescueXP\2005-05-13\appdata.zip[CDocuments and Settings/PropriTtaire/Application Data/Mozilla/Firefox/Profiles/z2o7kw9o.default/cookies.txt][.com.com/]
Spyware:Cookie/Belnk Not disinfected C:\Program Files\WinRescueXP\2005-05-13\appdata.zip[CDocuments and Settings/PropriTtaire/Application Data/Mozilla/Firefox/Profiles/z2o7kw9o.default/cookies.txt][.belnk.com/]
Spyware:Cookie/Statcounter Not disinfected C:\Program Files\WinRescueXP\2005-05-13\appdata.zip[CDocuments and Settings/PropriTtaire/Application Data/Mozilla/Firefox/Profiles/z2o7kw9o.default/cookies.txt][.statcounter.com/]
Spyware:Cookie/Weborama Not disinfected C:\Program Files\WinRescueXP\2005-05-13\appdata.zip[CDocuments and Settings/PropriTtaire/Application Data/Mozilla/Firefox/Profiles/z2o7kw9o.default/cookies.txt][.weborama.fr/]
Spyware:Cookie/cs.sexcounter Not disinfected C:\Program Files\WinRescueXP\2005-05-13\appdata.zip[CDocuments and Settings/PropriTtaire/Application Data/Mozilla/Firefox/Profiles/z2o7kw9o.default/cookies.txt][.cs.sexcounter.com/]
Spyware:Cookie/MediaTickets Not disinfected C:\Program Files\WinRescueXP\2005-05-13\appdata.zip[CDocuments and Settings/PropriTtaire/Application Data/Mozilla/Firefox/Profiles/z2o7kw9o.default/cookies.txt][.kinghost.com/]
Spyware:Cookie/Xiti Not disinfected C:\Program Files\WinRescueXP\2005-05-13\appdata.zip[CDocuments and Settings/PropriTtaire/Application Data/Mozilla/Firefox/Profiles/z2o7kw9o.default/cookies.txt][.xiti.com/]
Spyware:Cookie/BurstNet Not disinfected C:\Program Files\WinRescueXP\2005-05-13\appdata.zip[CDocuments and Settings/PropriTtaire/Application Data/Mozilla/Firefox/Profiles/z2o7kw9o.default/cookies.txt][.burstnet.com/]
Spyware:Cookie/WebPower Not disinfected C:\Program Files\WinRescueXP\2005-05-13\appdata.zip[CDocuments and Settings/PropriTtaire/Application Data/Mozilla/Firefox/Profiles/z2o7kw9o.default/cookies.txt][.webpower.com/]
Spyware:Cookie/Versiontracker Not disinfected C:\Program Files\WinRescueXP\2005-05-13\appdata.zip[CDocuments and Settings/PropriTtaire/Application Data/Mozilla/Firefox/Profiles/z2o7kw9o.default/cookies.txt][.versiontracker.com/]
Spyware:Cookie/BurstBeacon Not disinfected C:\Program Files\WinRescueXP\2005-05-13\appdata.zip[CDocuments and Settings/PropriTtaire/Application Data/Mozilla/Firefox/Profiles/z2o7kw9o.default/cookies.txt][www.burstbeacon.com/]
Spyware:Cookie/Serving-sys Not disinfected C:\Program Files\WinRescueXP\2005-05-13\appdata.zip[CDocuments and Settings/PropriTtaire/Application Data/Mozilla/Firefox/Profiles/z2o7kw9o.default/cookies.txt][.serving-sys.com/]
Spyware:Cookie/Rightmedia Not disinfected C:\Program Files\WinRescueXP\2005-05-13\appdata.zip[CDocuments and Settings/PropriTtaire/Application Data/Mozilla/Firefox/Profiles/z2o7kw9o.default/cookies.txt][rightmedia.net/]
Spyware:Cookie/Go Not disinfected C:\Program Files\WinRescueXP\2005-05-13\appdata.zip[CDocuments and Settings/PropriTtaire/Application Data/Mozilla/Firefox/Profiles/z2o7kw9o.default/cookies.txt][.go.com/]
Spyware:Cookie/onestat.com Not disinfected C:\Program Files\WinRescueXP\2005-05-13\appdata.zip[CDocuments and Settings/PropriTtaire/Application Data/Mozilla/Firefox/Profiles/z2o7kw9o.default/cookies.txt][stat.onestat.com/]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Program Files\WinRescueXP\2005-05-13\appdata.zip[CDocuments and Settings/PropriTtaire/Application Data/Mozilla/Firefox/Profiles/z2o7kw9o.default/cookies.txt][server.iad.liveperson.net/]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Program Files\WinRescueXP\2005-05-13\appdata.zip[CDocuments and Settings/PropriTtaire/Application Data/Mozilla/Firefox/Profiles/z2o7kw9o.default/cookies.txt][server.iad.liveperson.net/hc/46369213]
Spyware:Cookie/64.62.232 Not disinfected C:\Program Files\WinRescueXP\2005-05-13\appdata.zip[CDocuments and Settings/PropriTtaire/Application Data/Mozilla/Firefox/Profiles/z2o7kw9o.default/cookies.txt][64.62.232.6/]
Spyware:Cookie/Falkag Not disinfected C:\Program Files\WinRescueXP\2005-05-13\appdata.zip[CDocuments and Settings/PropriTtaire/Application Data/Mozilla/Firefox/Profiles/z2o7kw9o.default/cookies.txt][.as-eu.falkag.net/]
Spyware:Cookie/Casalemedia Not disinfected C:\Program Files\WinRescueXP\2005-05-13\appdata.zip[CDocuments and Settings/PropriTtaire/Application Data/Mozilla/Firefox/Profiles/z2o7kw9o.default/cookies.txt][.casalemedia.com/]
Virus:Exploit/ByteVerify Renamed C:\Program Files\WinRescueXP\2005-05-13\appdata.zip[CDocuments and Settings/PropriTtaire/Application Data/Sun/Java/Deployment/cache/javapi/v1.0/jar/loaderadv314.jar-14b26cda-64605198.zip][Dummy.class]
Virus:Exploit/ByteVerify Renamed C:\Program Files\WinRescueXP\2005-05-13\appdata.zip[CDocuments and Settings/PropriTtaire/Application Data/Sun/Java/Deployment/cache/javapi/v1.0/jar/loaderadv343.jar-19c2df36-3a7897d6.zip][Dummy.class]
Virus:Trj/Lowzones.T Disinfected C:\WINDOWS\inetdata\1.02.05.dll
Virus:Bck/Optix.BZ Disinfected D:\For_PC\RealOne\RealPlus\RealOne.Player.and.iQfx3.and.vTuner.Plus.v4.0 ( OK! ).zip[RealOne.Player.and.iQfx3.and.vTuner.Plus.v4.0/RealOnePlayer.exe]
Hacktool:Hacktool/PatchTCPSP2 Not disinfected D:\For_PC\shareaza\EvID4226Patch211a-en.zip[EvID4226Patch.exe]
Virus:Bck/Optix.BZ Disinfected D:\Kasaa_My Shared Folder\Real RealONE Player Plus.exe[RealOne.Player.and.iQfx3.and.vTuner.Plus.v4.0 ( OK! ).zip][RealOne.Player.and.iQfx3.and.vTuner.Plus.v4.0/RealOnePlayer.exe]

Et pour ewido aussi:
---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------

+ Created at: 00:27:32 2006-07-22

+ Scan result:



HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\ins -> Adware.WebRebates : No action taken.
D:\For_PC\Scansoft\Scansoft PDF Converter 1.0 multilanguage + activationprog\crack\SHKPC10.EXE -> Downloader.Delf.amo : No action taken.
E:\For_PC\Scansoft\Scansoft PDF Converter 1.0 multilanguage + activationprog\crack\SHKPC10.EXE -> Downloader.Delf.amo : No action taken.
E:\PC\Winrescuebackup\2004-05-10\iecache.zip/C:/Documents and Settings/UserXp/Local Settings/Temporary Internet Files/Content.IE5/P7Z7XXOA/logiciel[1].html -> Downloader.Iwill.m : No action taken.
E:\For_PC\RealOne\RealPlus\RealOne.Player.and.iQfx3.and.vTuner.Plus.v4.0 ( OK! ).zip/RealOne.Player.and.iQfx3.and.vTuner.Plus.v4.0/RealOnePlayer.exe -> Dropper.Pakes : No action taken.
E:\For_PC\Motorolla\TrueSync Plus Starfish for Motorola v120c v60 v66 and others.zip/TrueSyncPlus/gprs/win32/software/gm32.cab/GPRSManager.exe -> Heuristic.Win32.Dialer : No action taken.
C:\Program Files\RAR Password Cracker\rpc.exe -> Not-A-Virus.PSWTool.Win32.RARPassCrack.a : No action taken.
D:\For_PC\RAR_password_crackerV412\23.09 RARPasswordCr.rar/rpc.exe -> Not-A-Virus.PSWTool.Win32.RARPassCrack.a : No action taken.
E:\For_PC\RAR_password_crackerV412\23.09 RARPasswordCr.rar/rpc.exe -> Not-A-Virus.PSWTool.Win32.RARPassCrack.a : No action taken.
:mozilla.174:C:\Program Files\WinRescueXP\2005-05-13\appdata.zip/C:/Documents and Settings/Propriétaire/Application Data/Mozilla/Firefox/Profiles/z2o7kw9o.default/cookies.txt -> TrackingCookie.Burstbeacon : No action taken.
:mozilla.161:C:\Program Files\WinRescueXP\2005-05-13\appdata.zip/C:/Documents and Settings/Propriétaire/Application Data/Mozilla/Firefox/Profiles/z2o7kw9o.default/cookies.txt -> TrackingCookie.Burstnet : No action taken.
:mozilla.283:C:\Program Files\WinRescueXP\2005-05-13\appdata.zip/C:/Documents and Settings/Propriétaire/Application Data/Mozilla/Firefox/Profiles/z2o7kw9o.default/cookies.txt -> TrackingCookie.Casalemedia : No action taken.
:mozilla.11:C:\Documents and Settings\Propriétaire\Application Data\Mozilla\Firefox\Profiles\z2o7kw9o.default\cookies.txt -> TrackingCookie.Clickbank : No action taken.
:mozilla.28:C:\Program Files\WinRescueXP\2005-05-13\appdata.zip/C:/Documents and Settings/Propriétaire/Application Data/Mozilla/Firefox/Profiles/z2o7kw9o.default/cookies.txt -> TrackingCookie.Clickhype : No action taken.
:mozilla.12:C:\Documents and Settings\Propriétaire\Application Data\Mozilla\Firefox\Profiles\z2o7kw9o.default\cookies.txt -> TrackingCookie.Com : No action taken.
:mozilla.13:C:\Documents and Settings\Propriétaire\Application Data\Mozilla\Firefox\Profiles\z2o7kw9o.default\cookies.txt -> TrackingCookie.Com : No action taken.
:mozilla.14:C:\Documents and Settings\Propriétaire\Application Data\Mozilla\Firefox\Profiles\z2o7kw9o.default\cookies.txt -> TrackingCookie.Com : No action taken.
:mozilla.96:C:\Program Files\WinRescueXP\2005-05-13\appdata.zip/C:/Documents and Settings/Propriétaire/Application Data/Mozilla/Firefox/Profiles/z2o7kw9o.default/cookies.txt -> TrackingCookie.Com : No action taken.
:mozilla.97:C:\Program Files\WinRescueXP\2005-05-13\appdata.zip/C:/Documents and Settings/Propriétaire/Application Data/Mozilla/Firefox/Profiles/z2o7kw9o.default/cookies.txt -> TrackingCookie.Com : No action taken.
C:\Documents and Settings\Propriétaire\Cookies\propriétaire@com[2].txt -> TrackingCookie.Com : No action taken.
:mozilla.158:C:\Program Files\WinRescueXP\2005-05-13\appdata.zip/C:/Documents and Settings/Propriétaire/Application Data/Mozilla/Firefox/Profiles/z2o7kw9o.default/cookies.txt -> TrackingCookie.Estat : No action taken.
:mozilla.275:C:\Program Files\WinRescueXP\2005-05-13\appdata.zip/C:/Documents and Settings/Propriétaire/Application Data/Mozilla/Firefox/Profiles/z2o7kw9o.default/cookies.txt -> TrackingCookie.Falkag : No action taken.
:mozilla.43:C:\Program Files\WinRescueXP\2005-05-13\appdata.zip/C:/Documents and Settings/Propriétaire/Application Data/Mozilla/Firefox/Profiles/z2o7kw9o.default/cookies.txt -> TrackingCookie.Falkag : No action taken.
:mozilla.44:C:\Program Files\WinRescueXP\2005-05-13\appdata.zip/C:/Documents and Settings/Propriétaire/Application Data/Mozilla/Firefox/Profiles/z2o7kw9o.default/cookies.txt -> TrackingCookie.Falkag : No action taken.
:mozilla.209:C:\Program Files\WinRescueXP\2005-05-13\appdata.zip/C:/Documents and Settings/Propriétaire/Application Data/Mozilla/Firefox/Profiles/z2o7kw9o.default/cookies.txt -> TrackingCookie.Goclick : No action taken.
:mozilla.219:C:\Program Files\WinRescueXP\2005-05-13\appdata.zip/C:/Documents and Settings/Propriétaire/Application Data/Mozilla/Firefox/Profiles/z2o7kw9o.default/cookies.txt -> TrackingCookie.Inet-cash : No action taken.
:mozilla.49:C:\Program Files\WinRescueXP\2005-05-13\appdata.zip/C:/Documents and Settings/Propriétaire/Application Data/Mozilla/Firefox/Profiles/z2o7kw9o.default/cookies.txt -> TrackingCookie.Kmpads : No action taken.
:mozilla.256:C:\Program Files\WinRescueXP\2005-05-13\appdata.zip/C:/Documents and Settings/Propriétaire/Application Data/Mozilla/Firefox/Profiles/z2o7kw9o.default/cookies.txt -> TrackingCookie.Liveperson : No action taken.
:mozilla.257:C:\Program Files\WinRescueXP\2005-05-13\appdata.zip/C:/Documents and Settings/Propriétaire/Application Data/Mozilla/Firefox/Profiles/z2o7kw9o.default/cookies.txt -> TrackingCookie.Liveperson : No action taken.
:mozilla.258:C:\Program Files\WinRescueXP\2005-05-13\appdata.zip/C:/Documents and Settings/Propriétaire/Application Data/Mozilla/Firefox/Profiles/z2o7kw9o.default/cookies.txt -> TrackingCookie.Liveperson : No action taken.
C:\Documents and Settings\Propriétaire\Cookies\propriétaire@sales.liveperson[2].txt -> TrackingCookie.Liveperson : No action taken.
:mozilla.143:C:\Program Files\WinRescueXP\2005-05-13\appdata.zip/C:/Documents and Settings/Propriétaire/Application Data/Mozilla/Firefox/Profiles/z2o7kw9o.default/cookies.txt -> TrackingCookie.Masterstats : No action taken.
:mozilla.239:C:\Program Files\WinRescueXP\2005-05-13\appdata.zip/C:/Documents and Settings/Propriétaire/Application Data/Mozilla/Firefox/Profiles/z2o7kw9o.default/cookies.txt -> TrackingCookie.Onestat : No action taken.
:mozilla.240:C:\Program Files\WinRescueXP\2005-05-13\appdata.zip/C:/Documents and Settings/Propriétaire/Application Data/Mozilla/Firefox/Profiles/z2o7kw9o.default/cookies.txt -> TrackingCookie.Onestat : No action taken.
:mozilla.194:C:\Program Files\WinRescueXP\2005-05-13\appdata.zip/C:/Documents and Settings/Propriétaire/Application Data/Mozilla/Firefox/Profiles/z2o7kw9o.default/cookies.txt -> TrackingCookie.Serving-sys : No action taken.
:mozilla.195:C:\Program Files\WinRescueXP\2005-05-13\appdata.zip/C:/Documents and Settings/Propriétaire/Application Data/Mozilla/Firefox/Profiles/z2o7kw9o.default/cookies.txt -> TrackingCookie.Serving-sys : No action taken.
:mozilla.196:C:\Program Files\WinRescueXP\2005-05-13\appdata.zip/C:/Documents and Settings/Propriétaire/Application Data/Mozilla/Firefox/Profiles/z2o7kw9o.default/cookies.txt -> TrackingCookie.Serving-sys : No action taken.
:mozilla.197:C:\Program Files\WinRescueXP\2005-05-13\appdata.zip/C:/Documents and Settings/Propriétaire/Application Data/Mozilla/Firefox/Profiles/z2o7kw9o.default/cookies.txt -> TrackingCookie.Serving-sys : No action taken.
:mozilla.148:C:\Program Files\WinRescueXP\2005-05-13\appdata.zip/C:/Documents and Settings/Propriétaire/Application Data/Mozilla/Firefox/Profiles/z2o7kw9o.default/cookies.txt -> TrackingCookie.Sexcounter : No action taken.
:mozilla.149:C:\Program Files\WinRescueXP\2005-05-13\appdata.zip/C:/Documents and Settings/Propriétaire/Application Data/Mozilla/Firefox/Profiles/z2o7kw9o.default/cookies.txt -> TrackingCookie.Sexcounter : No action taken.
:mozilla.100:C:\Program Files\WinRescueXP\2005-05-13\appdata.zip/C:/Documents and Settings/Propriétaire/Application Data/Mozilla/Firefox/Profiles/z2o7kw9o.default/cookies.txt -> TrackingCookie.Statcounter : No action taken.
:mozilla.101:C:\Program Files\WinRescueXP\2005-05-13\appdata.zip/C:/Documents and Settings/Propriétaire/Application Data/Mozilla/Firefox/Profiles/z2o7kw9o.default/cookies.txt -> TrackingCookie.Statcounter : No action taken.
:mozilla.102:C:\Program Files\WinRescueXP\2005-05-13\appdata.zip/C:/Documents and Settings/Propriétaire/Application Data/Mozilla/Firefox/Profiles/z2o7kw9o.default/cookies.txt -> TrackingCookie.Statcounter : No action taken.
:mozilla.109:C:\Program Files\WinRescueXP\2005-05-13\appdata.zip/C:/Documents and Settings/Propriétaire/Application Data/Mozilla/Firefox/Profiles/z2o7kw9o.default/cookies.txt -> TrackingCookie.Weborama : No action taken.
:mozilla.110:C:\Program Files\WinRescueXP\2005-05-13\appdata.zip/C:/Documents and Settings/Propriétaire/Application Data/Mozilla/Firefox/Profiles/z2o7kw9o.default/cookies.txt -> TrackingCookie.Weborama : No action taken.
:mozilla.111:C:\Program Files\WinRescueXP\2005-05-13\appdata.zip/C:/Documents and Settings/Propriétaire/Application Data/Mozilla/Firefox/Profiles/z2o7kw9o.default/cookies.txt -> TrackingCookie.Weborama : No action taken.
:mozilla.18:C:\Program Files\WinRescueXP\2005-05-13\appdata.zip/C:/Documents and Settings/Propriétaire/Application Data/Mozilla/Firefox/Profiles/z2o7kw9o.default/cookies.txt -> TrackingCookie.Xhit : No action taken.
:mozilla.19:C:\Program Files\WinRescueXP\2005-05-13\appdata.zip/C:/Documents and Settings/Propriétaire/Application Data/Mozilla/Firefox/Profiles/z2o7kw9o.default/cookies.txt -> TrackingCookie.Xhit : No action taken.
:mozilla.10:C:\Program Files\WinRescueXP\2005-05-13\appdata.zip/C:/Documents and Settings/Propriétaire/Application Data/Mozilla/Firefox/Profiles/z2o7kw9o.default/cookies.txt -> TrackingCookie.Yadro : No action taken.
:mozilla.24:C:\Program Files\WinRescueXP\2005-05-13\appdata.zip/C:/Documents and Settings/Propriétaire/Application Data/Mozilla/Firefox/Profiles/z2o7kw9o.default/cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.25:C:\Program Files\WinRescueXP\2005-05-13\appdata.zip/C:/Documents and Settings/Propriétaire/Application Data/Mozilla/Firefox/Profiles/z2o7kw9o.default/cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.26:C:\Program Files\WinRescueXP\2005-05-13\appdata.zip/C:/Documents and Settings/Propriétaire/Application Data/Mozilla/Firefox/Profiles/z2o7kw9o.default/cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.27:C:\Program Files\WinRescueXP\2005-05-13\appdata.zip/C:/Documents and Settings/Propriétaire/Application Data/Mozilla/Firefox/Profiles/z2o7kw9o.default/cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
E:\PC\Winrescuebackup\2004-05-10\iecache.zip/C:/Documents and Settings/UserXp/Local Settings/Temporary Internet Files/Content.IE5/WJ1RIEJT/exitpoplight1[1].htm -> Trojan.NoClose.i : No action taken.


::Report end

Bonjour,

La procédure est longue et en partie en mode sans échec. Attention, tu n'as pas accès à Internet dans ce mode, enregistre cette page Web (clique sur fichier/enregistrer sous/choisis « Bureau ») ou imprime ce que tu as à faire.

1/ Met à jour Ewido

2/ Télécharge AboutBuster.zip depuis http://www.malwarebytes.org/AboutBuster.zip
ou http://www.besttechie.net/tools/AboutBuster.zip

Décompresse (clique droit/extraire tout) l'archive dans un dossier spécifique, par exemple C:\Program Files\aboutbuster

3/ Redémarre en mode sans échec.

Redémarre l'ordinateur.
Une fois le chargement du BIOS terminé, il y a un écran noir. Tapotes sur la touche F8 (si F8 ne fonctionne pas essaie avec la touche F5) jusqu'à l'affichage du menu des options avancées de Windows.
En utilisant les touches du curseur, sélectionnes le mode sans échec approprié et appuies sur Entrée.

4/ Faire un double clic sur AboutBuster.exe (dans le dossier C:\Program Files\aboutbuster) pour lancer le programme.
Cliquer sur le bouton "Begin removal"
Un message ("Shut down Internet Explorer" ) annonce que toutes les fenêtres d'Internet Explorer vont être fermées. Clic sur "Yes".
Un scan est exécuté (attendre quelques instants).
Un message ("Scan completed" ) annonce que le balayage est terminé. Clic sur "OK".
Clic sur le bouton "Exit".
Un message ("Logfile created" ) annonce qu'un fichier journal a été créé dans le dossier d'AboutBuster (C:\Program Files\aboutbuster). Clic sur "OK".

Note:
Si l'utilitaire ne fonctionne pas et indique que le fichier COMCTL32.OCX est manquant,
*- Le télécharger ici (clic droit sur le lien ci-dessous):
http://www.malwarebytes.org/libraries/COMCTL32.OCX
*- Placer le fichier ainsi téléchargé dans le dossier système:

C:\Windows\System32

5/ Relance Ewido puis choisis l'onglet " Scanner "
Fais un " Complete System Scan "
** Si un fichier est infecté, choisis l'option " Apply All Actions " en fin d'analyse **
Clique sur " Save Report " puis sur " Save Report As "
Enregistre le fichier .txt généré sur ton bureau.

Cette fois ci n'oublie pas d'appuyer sur Apply All Actions " en fin d'analyse

6/ Redemarre normalement et poste le rapport Ewido ainsi qu'un nouveau rapport HijackThis.

c'est bizzare avec la version qui est sorti le 2006-07-21
spybot S&D devrais etre capable de suprimer ce malware. t ai sur que tu a bien la derrnière version ?

je sais bien que tu a ércit spybot s&d updaté mais peut etre que tu n a pas fait cetter maj.

salut,

autre facon pour redemarrer en mode sans echec:

tu clic sur le bouton demarrer puis

executer et tu tape " msconfig " sans les guillemets

une fenetre va apparaître tu va dans l'onglet "BOOT IN" et tu coche SAFE BOOT.
PUIS tu vas avoir une question tu clique sur redemarrer et normalement c'est bon.

Bob, est-ce quetu peux me confirmer si je peux faire ce dont tu m'as dit sans aller sur safe mode car je peux pas y acceder avec mon PC notamment pour Aboutbuster car il dit ne ne pas oublier d'aller en safe mode pour le faire.
Merci

Bonjour Bob,
Merci pour ta reponse, voici en mode normal:
Aboutbluster n'a rien trouvé et je n'ai pas pu trouver son fichier log. J'avais aussi fait un scan avec ewido dont je poste:
Peux-t'on les uploader?
---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------

+ Created at: 00:27:32 2006-07-22

+ Scan result:



HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\ins -> Adware.WebRebates : No action taken.
D:\For_PC\Scansoft\Scansoft PDF Converter 1.0 multilanguage + activationprog\crack\SHKPC10.EXE -> Downloader.Delf.amo : No action taken.
E:\For_PC\Scansoft\Scansoft PDF Converter 1.0 multilanguage + activationprog\crack\SHKPC10.EXE -> Downloader.Delf.amo : No action taken.
E:\PC\Winrescuebackup\2004-05-10\iecache.zip/CDocuments and Settings/UserXp/Local Settings/Temporary Internet Files/Content.IE5/P7Z7XXOA/logiciel[1].html -> Downloader.Iwill.m : No action taken.
E:\For_PC\RealOne\RealPlus\RealOne.Player.and.iQfx3.and.vTuner.Plus.v4.0 ( OK! ).zip/RealOne.Player.and.iQfx3.and.vTuner.Plus.v4.0/RealOnePlayer.exe -> Dropper.Pakes : No action taken.
E:\For_PC\Motorolla\TrueSync Plus Starfish for Motorola v120c v60 v66 and others.zip/TrueSyncPlus/gprs/win32/software/gm32.cab/GPRSManager.exe -> Heuristic.Win32.Dialer : No action taken.
C:\Program Files\RAR Password Cracker\rpc.exe -> Not-A-Virus.PSWTool.Win32.RARPassCrack.a : No action taken.
D:\For_PC\RAR_password_crackerV412\23.09 RARPasswordCr.rar/rpc.exe -> Not-A-Virus.PSWTool.Win32.RARPassCrack.a : No action taken.
E:\For_PC\RAR_password_crackerV412\23.09 RARPasswordCr.rar/rpc.exe -> Not-A-Virus.PSWTool.Win32.RARPassCrack.a : No action taken.
:mozilla.174:C:\Program Files\WinRescueXP\2005-05-13\appdata.zip/CDocuments and Settings/Propriétaire/Application Data/Mozilla/Firefox/Profiles/z2o7kw9o.default/cookies.txt -> TrackingCookie.Burstbeacon : No action taken.
:mozilla.161:C:\Program Files\WinRescueXP\2005-05-13\appdata.zip/CDocuments and Settings/Propriétaire/Application Data/Mozilla/Firefox/Profiles/z2o7kw9o.default/cookies.txt -> TrackingCookie.Burstnet : No action taken.
:mozilla.283:C:\Program Files\WinRescueXP\2005-05-13\appdata.zip/CDocuments and Settings/Propriétaire/Application Data/Mozilla/Firefox/Profiles/z2o7kw9o.default/cookies.txt -> TrackingCookie.Casalemedia : No action taken.
:mozilla.11:C:\Documents and Settings\Propriétaire\Application Data\Mozilla\Firefox\Profiles\z2o7kw9o.default\cookies.txt -> TrackingCookie.Clickbank : No action taken.
:mozilla.28:C:\Program Files\WinRescueXP\2005-05-13\appdata.zip/CDocuments and Settings/Propriétaire/Application Data/Mozilla/Firefox/Profiles/z2o7kw9o.default/cookies.txt -> TrackingCookie.Clickhype : No action taken.
:mozilla.12:C:\Documents and Settings\Propriétaire\Application Data\Mozilla\Firefox\Profiles\z2o7kw9o.default\cookies.txt -> TrackingCookie.Com : No action taken.
:mozilla.13:C:\Documents and Settings\Propriétaire\Application Data\Mozilla\Firefox\Profiles\z2o7kw9o.default\cookies.txt -> TrackingCookie.Com : No action taken.
:mozilla.14:C:\Documents and Settings\Propriétaire\Application Data\Mozilla\Firefox\Profiles\z2o7kw9o.default\cookies.txt -> TrackingCookie.Com : No action taken.
:mozilla.96:C:\Program Files\WinRescueXP\2005-05-13\appdata.zip/CDocuments and Settings/Propriétaire/Application Data/Mozilla/Firefox/Profiles/z2o7kw9o.default/cookies.txt -> TrackingCookie.Com : No action taken.
:mozilla.97:C:\Program Files\WinRescueXP\2005-05-13\appdata.zip/CDocuments and Settings/Propriétaire/Application Data/Mozilla/Firefox/Profiles/z2o7kw9o.default/cookies.txt -> TrackingCookie.Com : No action taken.
C:\Documents and Settings\Propriétaire\Cookies\propriétaire@com[2].txt -> TrackingCookie.Com : No action taken.
:mozilla.158:C:\Program Files\WinRescueXP\2005-05-13\appdata.zip/CDocuments and Settings/Propriétaire/Application Data/Mozilla/Firefox/Profiles/z2o7kw9o.default/cookies.txt -> TrackingCookie.Estat : No action taken.
:mozilla.275:C:\Program Files\WinRescueXP\2005-05-13\appdata.zip/CDocuments and Settings/Propriétaire/Application Data/Mozilla/Firefox/Profiles/z2o7kw9o.default/cookies.txt -> TrackingCookie.Falkag : No action taken.
:mozilla.43:C:\Program Files\WinRescueXP\2005-05-13\appdata.zip/CDocuments and Settings/Propriétaire/Application Data/Mozilla/Firefox/Profiles/z2o7kw9o.default/cookies.txt -> TrackingCookie.Falkag : No action taken.
:mozilla.44:C:\Program Files\WinRescueXP\2005-05-13\appdata.zip/CDocuments and Settings/Propriétaire/Application Data/Mozilla/Firefox/Profiles/z2o7kw9o.default/cookies.txt -> TrackingCookie.Falkag : No action taken.
:mozilla.209:C:\Program Files\WinRescueXP\2005-05-13\appdata.zip/CDocuments and Settings/Propriétaire/Application Data/Mozilla/Firefox/Profiles/z2o7kw9o.default/cookies.txt -> TrackingCookie.Goclick : No action taken.
:mozilla.219:C:\Program Files\WinRescueXP\2005-05-13\appdata.zip/CDocuments and Settings/Propriétaire/Application Data/Mozilla/Firefox/Profiles/z2o7kw9o.default/cookies.txt -> TrackingCookie.Inet-cash : No action taken.
:mozilla.49:C:\Program Files\WinRescueXP\2005-05-13\appdata.zip/CDocuments and Settings/Propriétaire/Application Data/Mozilla/Firefox/Profiles/z2o7kw9o.default/cookies.txt -> TrackingCookie.Kmpads : No action taken.
:mozilla.256:C:\Program Files\WinRescueXP\2005-05-13\appdata.zip/CDocuments and Settings/Propriétaire/Application Data/Mozilla/Firefox/Profiles/z2o7kw9o.default/cookies.txt -> TrackingCookie.Liveperson : No action taken.
:mozilla.257:C:\Program Files\WinRescueXP\2005-05-13\appdata.zip/CDocuments and Settings/Propriétaire/Application Data/Mozilla/Firefox/Profiles/z2o7kw9o.default/cookies.txt -> TrackingCookie.Liveperson : No action taken.
:mozilla.258:C:\Program Files\WinRescueXP\2005-05-13\appdata.zip/CDocuments and Settings/Propriétaire/Application Data/Mozilla/Firefox/Profiles/z2o7kw9o.default/cookies.txt -> TrackingCookie.Liveperson : No action taken.
C:\Documents and Settings\Propriétaire\Cookies\propriétaire@sales.liveperson[2].txt -> TrackingCookie.Liveperson : No action taken.
:mozilla.143:C:\Program Files\WinRescueXP\2005-05-13\appdata.zip/CDocuments and Settings/Propriétaire/Application Data/Mozilla/Firefox/Profiles/z2o7kw9o.default/cookies.txt -> TrackingCookie.Masterstats : No action taken.
:mozilla.239:C:\Program Files\WinRescueXP\2005-05-13\appdata.zip/CDocuments and Settings/Propriétaire/Application Data/Mozilla/Firefox/Profiles/z2o7kw9o.default/cookies.txt -> TrackingCookie.Onestat : No action taken.
:mozilla.240:C:\Program Files\WinRescueXP\2005-05-13\appdata.zip/CDocuments and Settings/Propriétaire/Application Data/Mozilla/Firefox/Profiles/z2o7kw9o.default/cookies.txt -> TrackingCookie.Onestat : No action taken.
:mozilla.194:C:\Program Files\WinRescueXP\2005-05-13\appdata.zip/CDocuments and Settings/Propriétaire/Application Data/Mozilla/Firefox/Profiles/z2o7kw9o.default/cookies.txt -> TrackingCookie.Serving-sys : No action taken.
:mozilla.195:C:\Program Files\WinRescueXP\2005-05-13\appdata.zip/CDocuments and Settings/Propriétaire/Application Data/Mozilla/Firefox/Profiles/z2o7kw9o.default/cookies.txt -> TrackingCookie.Serving-sys : No action taken.
:mozilla.196:C:\Program Files\WinRescueXP\2005-05-13\appdata.zip/CDocuments and Settings/Propriétaire/Application Data/Mozilla/Firefox/Profiles/z2o7kw9o.default/cookies.txt -> TrackingCookie.Serving-sys : No action taken.
:mozilla.197:C:\Program Files\WinRescueXP\2005-05-13\appdata.zip/CDocuments and Settings/Propriétaire/Application Data/Mozilla/Firefox/Profiles/z2o7kw9o.default/cookies.txt -> TrackingCookie.Serving-sys : No action taken.
:mozilla.148:C:\Program Files\WinRescueXP\2005-05-13\appdata.zip/CDocuments and Settings/Propriétaire/Application Data/Mozilla/Firefox/Profiles/z2o7kw9o.default/cookies.txt -> TrackingCookie.Sexcounter : No action taken.
:mozilla.149:C:\Program Files\WinRescueXP\2005-05-13\appdata.zip/CDocuments and Settings/Propriétaire/Application Data/Mozilla/Firefox/Profiles/z2o7kw9o.default/cookies.txt -> TrackingCookie.Sexcounter : No action taken.
:mozilla.100:C:\Program Files\WinRescueXP\2005-05-13\appdata.zip/CDocuments and Settings/Propriétaire/Application Data/Mozilla/Firefox/Profiles/z2o7kw9o.default/cookies.txt -> TrackingCookie.Statcounter : No action taken.
:mozilla.101:C:\Program Files\WinRescueXP\2005-05-13\appdata.zip/CDocuments and Settings/Propriétaire/Application Data/Mozilla/Firefox/Profiles/z2o7kw9o.default/cookies.txt -> TrackingCookie.Statcounter : No action taken.
:mozilla.102:C:\Program Files\WinRescueXP\2005-05-13\appdata.zip/CDocuments and Settings/Propriétaire/Application Data/Mozilla/Firefox/Profiles/z2o7kw9o.default/cookies.txt -> TrackingCookie.Statcounter : No action taken.
:mozilla.109:C:\Program Files\WinRescueXP\2005-05-13\appdata.zip/CDocuments and Settings/Propriétaire/Application Data/Mozilla/Firefox/Profiles/z2o7kw9o.default/cookies.txt -> TrackingCookie.Weborama : No action taken.
:mozilla.110:C:\Program Files\WinRescueXP\2005-05-13\appdata.zip/C:/Documents and Settings/Propriétaire/Application Data/Mozilla/Firefox/Profiles/z2o7kw9o.default/cookies.txt -> TrackingCookie.Weborama : No action taken.
:mozilla.111:C:\Program Files\WinRescueXP\2005-05-13\appdata.zip/C:/Documents and Settings/Propriétaire/Application Data/Mozilla/Firefox/Profiles/z2o7kw9o.default/cookies.txt -> TrackingCookie.Weborama : No action taken.
:mozilla.18:C:\Program Files\WinRescueXP\2005-05-13\appdata.zip/C:/Documents and Settings/Propriétaire/Application Data/Mozilla/Firefox/Profiles/z2o7kw9o.default/cookies.txt -> TrackingCookie.Xhit : No action taken.
:mozilla.19:C:\Program Files\WinRescueXP\2005-05-13\appdata.zip/C:/Documents and Settings/Propriétaire/Application Data/Mozilla/Firefox/Profiles/z2o7kw9o.default/cookies.txt -> TrackingCookie.Xhit : No action taken.
:mozilla.10:C:\Program Files\WinRescueXP\2005-05-13\appdata.zip/C:/Documents and Settings/Propriétaire/Application Data/Mozilla/Firefox/Profiles/z2o7kw9o.default/cookies.txt -> TrackingCookie.Yadro : No action taken.
:mozilla.24:C:\Program Files\WinRescueXP\2005-05-13\appdata.zip/C:/Documents and Settings/Propriétaire/Application Data/Mozilla/Firefox/Profiles/z2o7kw9o.default/cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.25:C:\Program Files\WinRescueXP\2005-05-13\appdata.zip/C:/Documents and Settings/Propriétaire/Application Data/Mozilla/Firefox/Profiles/z2o7kw9o.default/cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.26:C:\Program Files\WinRescueXP\2005-05-13\appdata.zip/C:/Documents and Settings/Propriétaire/Application Data/Mozilla/Firefox/Profiles/z2o7kw9o.default/cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.27:C:\Program Files\WinRescueXP\2005-05-13\appdata.zip/C:/Documents and Settings/Propriétaire/Application Data/Mozilla/Firefox/Profiles/z2o7kw9o.default/cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
E:\PC\Winrescuebackup\2004-05-10\iecache.zip/C:/Documents and Settings/UserXp/Local Settings/Temporary Internet Files/Content.IE5/WJ1RIEJT/exitpoplight1[1].htm -> Trojan.NoClose.i : No action taken.

::Report end

Le nouveau hijackthis est:
Logfile of HijackThis v1.99.1
Scan saved at 13:49:46, on 2006-07-24
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\WgaTray.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Skype\Phone\Skype.exe
E:\For_PC\Spyware_Adware_related\Tools_to_remove_spyware\Aboutbuster\AboutBuster.exe
C:\Program Files\internet explorer\IEXPLORE.EXE
C:\antispyware\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.polymtl.ca/index.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://proxy.biblio.polymtl.ca:8080/biblio
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [CommCtr] C:\PROGRA~1\NET2PH~1\CommCtr.exe -auto
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/094c80 [...] 601_fr.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activ [...] asinst.cab
O16 - DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} (Java Plug-in) -
O16 - DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} (Java Plug-in) -
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: vskype - (no CLSID) - (no file)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

Bonjour,
J'ai utilisé Fixwareout.exe du
http://downloads.subratam.org/Fixwareout.exe
http://www.bleepingcomputer.com/fi [...] areout.exe
Et le probleme semble avoir disparu:
Voici le log du Fixwareout et celle du hijackthis:
Fixwareout ver 1.003
Last edited 07/1/2006
Post this report in the forums please

Reg Entries that were deleted
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\http://69.50.166.98/users/conrad/web/ipdnssec6.gif
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\http://69.50.166.98/users/conrad/web/fixiemapi.gif
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\http://69.50.166.98/users/conrad/web/dmsadmins.gif
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\http://69.50.166.98/users/conrad/web/qwinnta.gif
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\http://69.50.166.98/users/conrad/web/sesmgr.gif
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\http://69.50.166.98/users/conrad/web/dumpsprep.gif
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\http://69.50.166.98/users/conrad/web/mqspbkup.gif
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\http://69.50.166.98/users/conrad/web/mptsgsvc.gif
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\http://69.50.166.98/users/conrad/web/cithlper.gif
...

Microsoft (R) Windows Script Host Version 5.6
Random Runs removed from HKLM
...

PLEASE NOTE, There WILL be LEGIT FILES LISTED. IF YOU ARE UNSURE OF WHAT IT IS LEAVE THEM ALONE.
Example ipsec6.exe is legitimate

»»»»» Search by size and names...

»»»»» Misc files

»»»»» Checking for older varients covered by the Rem3 tool

»»»»»
Search five digit cs, dm and jb files
This WILL/CAN also list Legit Files, Submit them at Virustotal
Other suspects
Directory of C:\WINDOWS\system32




And here is for Hijackthis:

Logfile of HijackThis v1.99.1
Scan saved at 21:53:40, on 2006-07-24
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WgaTray.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\internet explorer\IEXPLORE.EXE
C:\antispyware\HijackThis.exe
C:\Program Files\internet explorer\IEXPLORE.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.polymtl.ca/index.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://proxy.biblio.polymtl.ca:8080/biblio
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [CommCtr] C:\PROGRA~1\NET2PH~1\CommCtr.exe -auto
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/094c80af...dxIE601_fr.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} (Java Plug-in) -
O16 - DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} (Java Plug-in) -
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: vskype - (no CLSID) - (no file)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe


Merci , je les poste pour d'autres si on a besoin.
Mais je sais pas d'ou viens Fixwareout ni ce quel fait, enleve-t-il des virus ou des Spyware/Malware?

-J'ai deja essayé zone alarme mais j'ai eu pas mal de difficulté avec, le pc n'etait pas stable et se bloquait des fois, et j'ai du l'enlever.

-J'ai enlevé le 04 TKbellexe apres avoir fait un update du RealPlayer.
-J'ai installé le nouveau Sun Java V1.5.0_07 et desinstallé les anciennes versions de Java.
-Jai installé le fichier HOSTS :
Blocking Unwanted Parasites with a Hosts File
http://www.mvps.org/winhelp2002/hosts

J'ai affacé:
c:\windows\help\CHMRedir.chm
c:\windows\rdt.ini not present
c:\messanger.ini
C:\WINDOWS\inetdata

Le reste j'an ai besoin (je pense Net2phone,z2o7kw9o. etc).
Merci pour le lien vers les informations de demarrage en safe mode mais il ne donne rien de precis pour mon probleme connait-tu un site ou je pourrais demander de l'aide pour regler le problem (comme ici c'est pour spyware/virus) que je n'arrive pas a demarrer en safe mode.

Peux-tu aussi me conseiller lequel choisir entre le toolbar et antipopup de Yahoo (qui dit contenir du antispyware) et celle de Goggle.?

Je te remercie d'avance.


Voici le nouveau log de hijack:
Logfile of HijackThis v1.99.1
Scan saved at 16:28:51, on 2006-07-25
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Ahead\InCD\InCD.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Spyware Terminator\SpywareTerminator.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\Program Files\WinClamAVShield\sp_clam.exe
C:\Program Files\Real\RealPlayer\realplay.exe
C:\Program Files\internet explorer\IEXPLORE.EXE
C:\antispyware\HijackThis.exe
C:\Program Files\internet explorer\IEXPLORE.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.polymtl.ca/index.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://proxy.biblio.polymtl.ca:8080/biblio
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [CommCtr] C:\PROGRA~1\NET2PH~1\CommCtr.exe -auto
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/094c80af...dxIE601_fr.cab
O16 - DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} (Java Plug-in) -
O16 - DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} (Java Plug-in) -
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: vskype - (no CLSID) - (no file)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

Et voici celle de Spywareterminator 1.5.0.718:
Scan Progress (Full Scan)
Start time: 2006-07-25 15:17:14

Processes Scanning
PowerProfile : C:\WINDOWS\SYSTEM32\POWRPROF.DLL
Wextract : C:\WINDOWS\SYSTEM32\ADVPACK.DLL
Shdocvw : C:\WINDOWS\SYSTEM32\SHDOCVW.DLL
AcroIEHelper : C:\PROGRAM FILES\ADOBE\ACROBAT 7.0\ACTIVEX\ACROIEHELPER.DLL
Spybot S&D : C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
Google Toolbar : C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL
SSJava : C:\PROGRAM FILES\JAVA\JRE1.5.0_07\BIN\SSV.DLL
Startup Scanning
Ctfmon : HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ CTFMON.EXE
Ctfmon : C:\WINDOWS\SYSTEM32\CTFMON.EXE
CommCtr : C:\Program Files\Net2Phone CommCenter\CommCtr.exe
SpybotSD TeaTimer : C:\PROGRAM FILES\SPYBOT - SEARCH & DESTROY\TEATIMER.EXE
NeroFilterCheck : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ NeroFilterCheck
NeroFilterCheck : C:\WINDOWS\SYSTEM32\NEROCHECK.EXE
NvCplDaemon : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ NvCplDaemon
NvCplDaemon : C:\WINDOWS\SYSTEM32\NVCPL.DLL
Nwiz : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ nwiz
Nwiz : C:\WINDOWS\system32\NWIZ.EXE
NvMixerTray : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ NvMediaCenter
NvMixerTray : C:\WINDOWS\SYSTEM32\NVMCTRAY.DLL
RealSched : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ TkBellExe
RealSched : C:\PROGRAM FILES\FICHIERS COMMUNS\REAL\UPDATE_OB\REALSCHED.EXE
InCD : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ InCD
InCD : C:\PROGRAM FILES\AHEAD\INCD\INCD.EXE
AVG7_Control Center : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ AVG7_CC
AVG7_Control Center : C:\Program Files\Grisoft\AVG Free\avgcc.exe
AVG7_EMC : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ AVG7_EMC
AVG7_EMC : C:\Program Files\Grisoft\AVG Free\avgemc.exe
Lexmarkx1100Series : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ Lexmark X1100 Series
Lexmarkx1100Series : C:\PROGRAM FILES\LEXMARK X1100 SERIES\LXBKBMGR.EXE
SunJavaUpdateSched : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ SunJavaUpdateSched
SunJavaUpdateSched : C:\PROGRAM FILES\JAVA\JRE1.5.0_07\BIN\JUSCHED.EXE
Spyware Terminator : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ SpywareTerminator
Spyware Terminator : C:\PROGRAM FILES\SPYWARE TERMINATOR\SPYWARETERMINATORSHIELD.EXE
Explorer : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\ Shell
Explorer : C:\WINDOWS\EXPLORER.EXE
Toolbars Scanning
MSDXM : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ {8E718888-423F-11D2-876E-00A0C9082467}
MSDXM : C:\WINDOWS\SYSTEM32\MSDXM.OCX
Google Toolbar : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ {2318C2B1-4965-11d4-9B18-009027A5CD4F}
Google Toolbar : C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL
Google Toolbar : IEXPLORE.EXE PID: 480
Google Toolbar : IEXPLORE.EXE PID: 2288
Shdocvw : HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\{4D5C8C25-D075-11d0-B416-00C04FB90376}\
Shdocvw : C:\WINDOWS\SYSTEM32\SHDOCVW.DLL
Shdocvw : explorer.exe PID: 1312
Shdocvw : IEXPLORE.EXE PID: 480
Shdocvw : msnmsgr.exe PID: 3832
Shdocvw : YahooMessenger.exe PID: 3848
Shdocvw : IEXPLORE.EXE PID: 2288
Shdocvw : SpywareTerminator.exe PID: 2172
Shdocvw : HKCU\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E61-B078-11D0-89E4-00C04FC9E26E}\
Shdocvw : HKCU\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E62-B078-11D0-89E4-00C04FC9E26E}\
Shdocvw : HKCU\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E64-B078-11D0-89E4-00C04FC9E26E}\
Browser Helper Objects Scanning
AcroIEHelper : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\
AcroIEHelper : C:\PROGRAM FILES\ADOBE\ACROBAT 7.0\ACTIVEX\ACROIEHELPER.DLL
AcroIEHelper : explorer.exe PID: 1312
AcroIEHelper : IEXPLORE.EXE PID: 480
AcroIEHelper : IEXPLORE.EXE PID: 2288
Spybot S&D : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}\
Spybot S&D : C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
Spybot S&D : explorer.exe PID: 1312
Spybot S&D : IEXPLORE.EXE PID: 480
Spybot S&D : IEXPLORE.EXE PID: 2288
SSJava : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\
SSJava : C:\PROGRAM FILES\JAVA\JRE1.5.0_07\BIN\SSV.DLL
SSJava : IEXPLORE.EXE PID: 480
SSJava : IEXPLORE.EXE PID: 2288
Google Toolbar : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}\
IE Explorer Bars
IE Extensions
Services Scanning
AVG7_AMSVR : HKLM\SYSTEM\CurrentControlSet\Services\Avg7Alrt\
Protocol filters Scanning
Protocol handlers Scanning
WinSock2 Scanning
Uninstallers Scanning
C:\PROGRAM FILES\INSTALLSHIELD INSTALLATION INFORMATION\{225AF9A1-B556-88D5-94AA-0010B5426419}\SETUP.EXE
C:\PROGRAM FILES\7-ZIP\UNINSTALL.EXE
C:\Program Files\Lavasoft\Ad-Aware SE Personal\UNWISE.EXE
C:\PROGRAM FILES\FICHIERS COMMUNS\ADOBE\ESD\UNINST.EXE
C:\WINDOWS\ISUNINST.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\SETUP.EXE
C:\Program Files\BackEdit\UNWISE.EXE
C:\PROGRAM FILES\WEBTEH\BSPLAYERPRO\UNINSTALL.EXE
C:\WINDOWS\CMIUNINSTALL.EXE
C:\PROGRAM FILES\CLEANUP!\UNINSTALL.EXE
C:\PROGRAM FILES\COMPLETEDIR\UNINSTALL.EXE
C:\WINDOWS\UNVISE32.EXE
C:\ANTISPYWARE\HIJACKTHIS.EXE
C:\WINDOWS\NUNINST.EXE
C:\PROGRAM FILES\SMART PROJECTS\ISOBUSTER\UNINST\UNINS000.EXE
C:\WINDOWS\$NTUNINSTALLKB823182$\SPUNINST\SPUNINST.EXE
C:\WINDOWS\$NTUNINSTALLKB824105$\SPUNINST\SPUNINST.EXE
C:\WINDOWS\$NTUNINSTALLKB825119$\SPUNINST\SPUNINST.EXE
C:\WINDOWS\$NTUNINSTALLKB826939$\SPUNINST\SPUNINST.EXE
C:\WINDOWS\$NTUNINSTALLKB828035$\SPUNINST\SPUNINST.EXE
C:\WINDOWS\$NTUNINSTALLKB828741$\SPUNINST\SPUNINST.EXE
C:\WINDOWS\$NTUNINSTALLKB833987$\SPUNINST\SPUNINST.EXE
C:\WINDOWS\$NTUNINSTALLKB834707-IE6SP1-20040929.091901$\SPUNINST\SPUNINST.EXE
C:\WINDOWS\$NTUNINSTALLKB835409$\SPUNINST\SPUNINST.EXE
C:\WINDOWS\$NTUNINSTALLKB835732$\SPUNINST\SPUNINST.EXE
C:\WINDOWS\$NTUNINSTALLKB837001$\SPUNINST\SPUNINST.EXE
C:\WINDOWS\$NTUNINSTALLKB839643$\SPUNINST\SPUNINST.EXE
C:\WINDOWS\$NTUNINSTALLKB839645$\SPUNINST\SPUNINST.EXE
C:\WINDOWS\$NTUNINSTALLKB840315$\SPUNINST\SPUNINST.EXE
C:\WINDOWS\$NTUNINSTALLKB840374$\SPUNINST\SPUNINST.EXE
C:\WINDOWS\$NTUNINSTALLKB840987$\SPUNINST\SPUNINST.EXE
C:\WINDOWS\$NTUNINSTALLKB841356$\SPUNINST\SPUNINST.EXE
C:\WINDOWS\$NTUNINSTALLKB841533$\SPUNINST\SPUNINST.EXE
C:\WINDOWS\$NTUNINSTALLKB841873$\SPUNINST\SPUNINST.EXE
C:\WINDOWS\$NTUNINSTALLKB842773$\SPUNINST\SPUNINST.EXE
C:\WINDOWS\$NTUNINSTALLKB867282-IE6SP1-20050127.163319$\SPUNINST\SPUNINST.EXE
C:\WINDOWS\MUNINST.EXE
C:\WINDOWS\$NTUNINSTALLKB871250$\SPUNINST\SPUNINST.EXE
C:\WINDOWS\$NTUNINSTALLKB873333$\SPUNINST\SPUNINST.EXE
C:\WINDOWS\$NTUNINSTALLKB873339$\SPUNINST\SPUNINST.EXE
C:\WINDOWS\$NTUNINSTALLKB873376$\SPUNINST\SPUNINST.EXE
C:\WINDOWS\$NTUNINSTALLKB883939-IE6SP1-20050428.125228$\SPUNINST\SPUNINST.EXE
C:\WINDOWS\$NTUNINSTALLKB885250$\SPUNINST\SPUNINST.EXE
C:\WINDOWS\$NTUNINSTALLKB885835$\SPUNINST\SPUNINST.EXE
C:\WINDOWS\$NTUNINSTALLKB885836$\SPUNINST\SPUNINST.EXE
C:\WINDOWS\$NTUNINSTALLKB888113$\SPUNINST\SPUNINST.EXE
C:\WINDOWS\$NTUNINSTALLKB888302$\SPUNINST\SPUNINST.EXE
C:\WINDOWS\$NTUNINSTALLKB889293-IE6SP1-20041111.235619$\SPUNINST\SPUNINST.EXE
C:\WINDOWS\$NTUNINSTALLKB890046$\SPUNINST\SPUNINST.EXE
C:\WINDOWS\$NTUNINSTALLKB890047$\SPUNINST\SPUNINST.EXE
C:\WINDOWS\$NTUNINSTALLKB890175$\SPUNINST\SPUNINST.EXE
C:\WINDOWS\$NTUNINSTALLKB890859$\SPUNINST\SPUNINST.EXE
C:\WINDOWS\$NTUNINSTALLKB890923-IE6SP1-20050225.103456$\SPUNINST\SPUNINST.EXE
C:\WINDOWS\$NTUNINSTALLKB891711$\SPUNINST\SPUNINST.EXE
C:\WINDOWS\$NTUNINSTALLKB891781$\SPUNINST\SPUNINST.EXE
C:\WINDOWS\$NTUNINSTALLKB893066$\SPUNINST\SPUNINST.EXE
C:\WINDOWS\$NTUNINSTALLKB893086$\SPUNINST\SPUNINST.EXE
C:\WINDOWS\$NTUNINSTALLKB893756$\SPUNINST\SPUNINST.EXE
C:\WINDOWS\$MSI31UNINSTALL_KB893803$\SPUNINST\SPUNINST.EXE
C:\WINDOWS\$MSI31UNINSTALL_KB893803V2$\SPUNINST\SPUNINST.EXE
C:\WINDOWS\$NTUNINSTALLKB896358$\SPUNINST\SPUNINST.EXE
C:\WINDOWS\$NTUNINSTALLKB896422$\SPUNINST\SPUNINST.EXE
C:\WINDOWS\$NTUNINSTALLKB896423$\SPUNINST\SPUNINST.EXE
C:\WINDOWS\$NTUNINSTALLKB896424$\SPUNINST\SPUNINST.EXE
C:\WINDOWS\$NTUNINSTALLKB896426$\SPUNINST\SPUNINST.EXE
C:\WINDOWS\$NTUNINSTALLKB896428$\SPUNINST\SPUNINST.EXE
C:\WINDOWS\$NTUNINSTALLKB896688-IE6SP1-20051004.130236$\SPUNINST\SPUNINST.EXE
C:\WINDOWS\$NTUNINSTALLKB896727-IE6SP1-20050719.165959$\SPUNINST\SPUNINST.EXE
C:\WINDOWS\$NTUNINSTALLKB897715-OE6SP1-20050503.210336$\SPUNINST\SPUNINST.EXE
C:\WINDOWS\$NTUNINSTALLKB898461$\SPUNINST\SPUNINST.EXE
C:\WINDOWS\$NTUNINSTALLKB899587$\SPUNINST\SPUNINST.EXE
C:\WINDOWS\$NTUNINSTALLKB899588$\SPUNINST\SPUNINST.EXE
C:\WINDOWS\$NTUNINSTALLKB899591$\SPUNINST\SPUNINST.EXE
C:\WINDOWS\$NTUNINSTALLKB900725$\SPUNINST\SPUNINST.EXE
C:\WINDOWS\$NTUNINSTALLKB901017$\SPUNINST\SPUNINST.EXE
C:\WINDOWS\$NTUNINSTALLKB901214$\SPUNINST\SPUNINST.EXE
C:\WINDOWS\$NTUNINSTALLKB902400$\SPUNINST\SPUNINST.EXE
C:\WINDOWS\$NTUNINSTALLKB904706$\SPUNINST\SPUNINST.EXE
C:\WINDOWS\$NTUNINSTALLKB905414$\SPUNINST\SPUNINST.EXE
C:\WINDOWS\$NTUNINSTALLKB905495$\SPUNINST\SPUNINST.EXE
C:\WINDOWS\$NTUNINSTALLKB905749$\SPUNINST\SPUNINST.EXE
C:\WINDOWS\$NTUNINSTALLKB905915-IE6SP1-20051122.175908$\SPUNINST\SPUNINST.EXE
C:\WINDOWS\$NTUNINSTALLKB908519$\SPUNINST\SPUNINST.EXE
C:\WINDOWS\$NTUNINSTALLKB908531$\SPUNINST\SPUNINST.EXE
C:\WINDOWS\$NTUNINSTALLKB910437$\SPUNINST\SPUNINST.EXE
C:\WINDOWS\$NTUNINSTALLKB911280$\SPUNINST\SPUNINST.EXE
C:\WINDOWS\$NTUNINSTALLKB911562$\SPUNINST\SPUNINST.EXE
C:\WINDOWS\$NTUNINSTALLKB911564$\SPUNINST\SPUNINST.EXE
C:\WINDOWS\$NTUNINSTALLKB911565$\SPUNINST\SPUNINST.EXE
C:\WINDOWS\$NTUNINSTALLKB911567-OE6SP1-20060316.165634$\SPUNINST\SPUNINST.EXE
C:\WINDOWS\$NTUNINSTALLKB911927$\SPUNINST\SPUNINST.EXE
C:\WINDOWS\$NTUNINSTALLKB912919$\SPUNINST\SPUNINST.EXE
C:\WINDOWS\$NTUNINSTALLKB913446$\SPUNINST\SPUNINST.EXE
C:\WINDOWS\$NTUNINSTALLKB913580$\SPUNINST\SPUNINST.EXE
C:\WINDOWS\$NTUNINSTALLKB914388$\SPUNINST\SPUNINST.EXE
C:\WINDOWS\$NTUNINSTALLKB914389$\SPUNINST\SPUNINST.EXE
C:\WINDOWS\$NTUNINSTALLKB916281-IE6SP1-20060526.162249$\SPUNINST\SPUNINST.EXE
C:\WINDOWS\$NTUNINSTALLKB917159$\SPUNINST\SPUNINST.EXE
C:\WINDOWS\$NTUNINSTALLKB917344$\SPUNINST\SPUNINST.EXE
C:\WINDOWS\$NTUNINSTALLKB917734_WMP10$\SPUNINST\SPUNINST.EXE
C:\WINDOWS\$NTUNINSTALLKB917953$\SPUNINST\SPUNINST.EXE
C:\WINDOWS\$NTUNINSTALLKB918439-IE6SP1-20060530.145346$\SPUNINST\SPUNINST.EXE
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Plugins\UNWISE.EXE
C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\LXBKUN5C.EXE
C:\WINDOWS\system32\Macromed\Shockwave 10\UNWISE.EXE
C:\MATLAB7\UNINSTALL\UNINSTALL.EXE
C:\WINDOWS\UNINSTALLFIREFOX.EXE
C:\PROGRAM FILES\AHEAD\NERO\UNINSTALL\UNNERO.EXE
C:\Program Files\Net2Phone CommCenter\UNWISE.EXE
C:\WINDOWS\SYSTEM32\NVUDISP.EXE
C:\WINDOWS\SYSTEM32\OGGDSUNINST.EXE
C:\WINDOWS\system32\SETUPAPI.DLL
C:\PDF995\SETUP.EXE
C:\WINDOWS\$NTUNINSTALLQ819696$\SPUNINST\SPUNINST.EXE
C:\WINDOWS\$NTUNINSTALLQ828026$\SPUNINST\SPUNINST.EXE
C:\PROGRAM FILES\RAR PASSWORD CRACKER\UNINSTALL.EXE
C:\PROGRAM FILES\FICHIERS COMMUNS\REAL\UPDATE_OB\R1PUNINST.EXE
C:\PROGRAM FILES\EMTPWORKS\SCOPEVIEW\UNINSTALLERDATA\UNINSTALL SCOPEVIEW.EXE
C:\PROGRAM FILES\SHAREAZA\UNINSTALL\UNINS000.EXE
C:\WINDOWS\SYSTEM32\MACROMED\FLASH\UNINSTFL.EXE
C:\PROGRAM FILES\SIMPLE SUDOKU\UNINS000.EXE
C:\PROGRAM FILES\SKYPE\PHONE\UNINS000.EXE
C:\PROGRAM FILES\SPYBOT - SEARCH & DESTROY\UNINS000.EXE
C:\PROGRAM FILES\SPYWARE TERMINATOR\UNINS000.EXE
C:\PROGRAM FILES\SPYWAREBLASTER\UNINS000.EXE
C:\Program Files\TextTwist\UNWISE.EXE
C:\PROGRAM FILES\TWEAKNOW POWERPACK 2006\UNINS000.EXE
C:\PROGRAM FILES\WINDOWS MEDIA PLAYER\WMSETSDK.EXE
C:\PROGRAM FILES\WINDOWS MEDIA PLAYER\SETUP_WM.EXE
C:\PROGRAM FILES\WINRAR\UNINSTALL.EXE
C:\WINDOWS\INF\WNRSQXPZ.INF
C:\Program Files\Yahoo!\Messenger\UNWISE.EXE
C:\Program Files\Fichiers communs\InstallShield\Engine\6\Intel 32\ctor.dll
C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL
Google Toolbar : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2318C2B1-4965-11d4-9B18-009027A5CD4F}\
C:\WINDOWS\system32\MSIEXEC.EXE
C:\PROGRAM FILES\DIVX\DRDIVXUNINSTALL.EXE
C:\PROGRAM FILES\DIVX\DIVXCODECUNINSTALL.EXE
C:\PROGRAM FILES\DIVX\DIVXPLAYERUNINSTALL.EXE
C:\PROGRAM FILES\DIVX\DIVXWEBPLAYERUNINSTALL.EXE
Start Menu Scanning
RealTray : C:\Documents and Settings\Propriétaire\Menu Démarrer\Programmes\Accessoires\Divertissement\RealPlayer.lnk
SynchronizationManager : C:\Documents and Settings\Propriétaire\Menu Démarrer\Programmes\Accessoires\Synchroniser.lnk
Explorer : C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Accessoires\Communications\Connexions réseau.lnk
Explorer : C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Accessoires\Outils système\Tâches planifiées.lnk
AVG7_Control Center : C:\Documents and Settings\All Users\Menu Démarrer\Programmes\AVG Free Edition\AVG Free Control Center.lnk
RealTray : C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Real\RealPlayer\RealPlayer.lnk
RealTray : C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Real\RealPlayer\Vérifier les mises à jour RealPlayer.lnk
RealTray : C:\Documents and Settings\All Users\Menu Démarrer\Programmes\RealPlayer.lnk
Skype : C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Skype\Skype.lnk
Spyware Terminator : C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Spyware Terminator\Spyware Terminator.lnk
MessengerService : C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Windows Messenger.lnk
Desktop Scanning
Skype : C:\Documents and Settings\Propriétaire\Bureau\Skype.lnk
Favorites Scanning
Cookies Scanning
Registry Scanning
Google Toolbar : HKCR\CLSID\{AA58ED58-01DD-4d91-8333-CF10577473F7}\
Google Toolbar : C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL
Google Toolbar : IEXPLORE.EXE PID: 480
Google Toolbar : IEXPLORE.EXE PID: 2288
Google Toolbar : HKCR\CLSID\{2318C2B1-4965-11d4-9B18-009027A5CD4F}\
AcroIEHelper : HKCR\CLSID\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\
AcroIEHelper : C:\PROGRAM FILES\ADOBE\ACROBAT 7.0\ACTIVEX\ACROIEHELPER.DLL
AcroIEHelper : explorer.exe PID: 1312
AcroIEHelper : IEXPLORE.EXE PID: 480
AcroIEHelper : IEXPLORE.EXE PID: 2288
MSDXM : HKCR\CLSID\{8E718888-423F-11D2-876E-00A0C9082467}\
MSDXM : C:\WINDOWS\SYSTEM32\MSDXM.OCX
Spybot S&D : HKCR\CLSID\{53707962-6F74-2D53-2644-206D7942484F}\
Spybot S&D : C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
Spybot S&D : explorer.exe PID: 1312
Spybot S&D : IEXPLORE.EXE PID: 480
Spybot S&D : IEXPLORE.EXE PID: 2288
SSJava : HKCR\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\
SSJava : C:\PROGRAM FILES\JAVA\JRE1.5.0_07\BIN\SSV.DLL
SSJava : IEXPLORE.EXE PID: 480
SSJava : IEXPLORE.EXE PID: 2288
Files Scanning
Spyware Terminator : C:\Program Files\Spyware Terminator\Spywareterminatorshield.exe
Spyware Terminator : C:\Program Files\Spyware Terminator\Spywareterminator.exe
MessengerService : C:\Program Files\MSN Messenger\msnmsgr.exe
MessengerService : C:\Program Files\Messenger\msmsgs.exe
NvMixerTray : C:\WINDOWS\System32\NvMcTray.dll
Ctfmon : C:\WINDOWS\System32\ctfmon.exe
Skype : C:\Program Files\Skype\Phone\Skype.exe
NeroFilterCheck : C:\WINDOWS\System32\NeroCheck.exe
Nwiz : C:\WINDOWS\System32\nwiz.exe
MSConfig : C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe
UpdateMgr : C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe
SynchronizationManager : C:\WINDOWS\System32\mobsync.exe
RealTray : C:\Program Files\Real\RealPlayer\RealPlay.exe
NBJ : C:\Program Files\Ahead\Nero BackItUp\NBJ.exe
MSDXM : C:\WINDOWS\System32\msdxm.ocx
RealSched : C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
StillImageMonitor : C:\WINDOWS\System32\STIMON.EXE
NvCplDaemon : C:\WINDOWS\System32\NvCpl.dll
GrpConv : C:\WINDOWS\System32\grpconv.exe
InCD : C:\Program Files\Ahead\InCD\InCD.exe
Wextract : C:\WINDOWS\System32\advpack.dll
KernelFaultCheck : C:\WINDOWS\System32\dumprep.exe
Explorer : C:\WINDOWS\explorer.exe
PowerProfile : C:\WINDOWS\System32\powrprof.dll
Shdocvw : C:\WINDOWS\System32\shdocvw.dll
PHIME2002ASync : C:\WINDOWS\System32\dllcache\tintsetp.exe
MSPY2002 : C:\WINDOWS\System32\dllcache\imscinst.exe
NVIEW : C:\WINDOWS\System32\nview.dll
Verclsid : C:\WINDOWS\System32\verclsid.exe
Systray : C:\WINDOWS\System32\systray.exe
Preparing DeepFile Scan
DeepFiles Scanning
AcroIEHelper : C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
UpdateMgr : C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe
InCD : C:\Program Files\Ahead\InCD\InCD.exe
NBJ : C:\Program Files\Ahead\Nero BackItUp\NBJ.exe
RealSched : C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
Google Toolbar : C:\Program Files\Google\GoogleToolbar1.dll
AVG7_AMSVR : C:\Program Files\Grisoft\AVG Free\avgamsvr.exe
AVG7_Control Center : C:\Program Files\Grisoft\AVG Free\avgcc.exe
AVG7_EMC : C:\Program Files\Grisoft\AVG Free\avgemc.exe
SunJavaUpdateSched : C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
SSJava : C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
Lexmarkx1100Series : C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
MessengerService : C:\Program Files\Messenger\msmsgs.exe
MessengerService : C:\Program Files\MSN Messenger\msnmsgr.exe
RealTray : C:\Program Files\Real\RealPlayer\realplay.exe
Skype : C:\Program Files\Skype\Phone\Skype.exe
Spybot S&D : C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
Spyware Terminator : C:\Program Files\Spyware Terminator\SpywareTerminator.exe
Spyware Terminator : C:\Program Files\Spyware Terminator\Spywareterminatorshield.Exe
Explorer : C:\WINDOWS\explorer.exe
MSConfig : C:\WINDOWS\pchealth\helpctr\binaries\msconfig.exe
Wextract : C:\WINDOWS\system32\advpack.dll
Ctfmon : C:\WINDOWS\system32\ctfmon.exe
MSPY2002 : C:\WINDOWS\system32\dllcache\imscinst.exe
PHIME2002ASync : C:\WINDOWS\system32\dllcache\tintsetp.exe
KernelFaultCheck : C:\WINDOWS\system32\dumprep.exe
GrpConv : C:\WINDOWS\system32\grpconv.exe
SynchronizationManager : C:\WINDOWS\system32\mobsync.exe
MSDXM : C:\WINDOWS\system32\msdxm.ocx
NeroFilterCheck : C:\WINDOWS\system32\NeroCheck.exe
NvCplDaemon : C:\WINDOWS\system32\nvcpl.dll
NVIEW : C:\WINDOWS\system32\nview.dll
NvMixerTray : C:\WINDOWS\system32\nvmctray.dll
Nwiz : C:\WINDOWS\system32\nwiz.exe
PowerProfile : C:\WINDOWS\system32\powrprof.dll
Shdocvw : C:\WINDOWS\system32\SHDOCVW.DLL
StillImageMonitor : C:\WINDOWS\system32\stimon.exe
Verclsid : C:\WINDOWS\system32\verclsid.exe
Done

Scan Summary:

Total Scanning Time : 7387,99 s
Objects Scanned : 168 029
Objects Identified : 96
Objects Ignored : 0

Critical Objects : 0