VIRUS : TROJAN DIALER
cneldc
-
Utilisateur anonyme -
Utilisateur anonyme -
bonjour à tous,
j'ai vendu mon ancien Pc à un ami (aucun souci) il a désinstaller norton par mégarde. Dès qu'il se connecte à internet son PC rame à mort...
j'ai analysé son pc avec SPYBOOT, AD..., BITDEFENDER, SECURE.COM, PANDA.... j'en passe
BITE DENFENDER me toujours trojan.dialer.de infection de trois programme qu'il n'arrive pas à éliminer.
voici le rapport hisjack..
Logfile of HijackThis v1.98.2
Scan saved at 12:34:56, on 13/12/2004
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\AVPersonal\AVWUPSRV.EXE
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\system32\ZoneLabs\vsmon.exe
C:\WINNT\Explorer.EXE
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
C:\WINNT\system32\browser7.exe
C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Softwin\BitDefender Free Edition\bdnagent.exe
C:\WINNT\system32\w?nlogon.exe
C:\PROGRA~1\WINZIP\winzip32.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://aifind.inf/?id=54
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:NavigationFailure
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:NavigationFailure
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:NavigationFailure
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:NavigationFailure
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:NavigationFailure
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:NavigationFailure
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - _{30192F8D-0958-44E6-B54D-331FD39AC959} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [Find Coal] C:\PROGRA~1\SIZEAD~1\mail jugs.exe
O4 - HKLM\..\Run: [MSZTCE] C:\WINNT\System32\MSZTCE.EXE
O4 - HKLM\..\Run: [Winsock2 Loader] wiconf.exe
O4 - HKLM\..\Run: [ab6113f6d9b6] C:\WINNT\system32\browser7.exe
O4 - HKLM\..\Run: [glueownsrectamok] C:\Documents and Settings\All Users\Application Data\Manager htm glue owns\INTERNETFLAG.exe
O4 - HKLM\..\Run: [ControlPanel] C:\WINNT\system32\twink64.exe internat.dll,LoadKeyboardProfile
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
O4 - HKLM\..\Run: [BDNewsAgent] C:\Program Files\Softwin\BitDefender Free Edition\bdnagent.exe
O4 - HKLM\..\RunServices: [Winsock2 Loader] wiconf.exe
O4 - HKCU\..\Run: [11t24idg2k] C:\WINNT\2dszid5h37.exe
O4 - HKCU\..\Run: [FreeRAM XP] "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\QZTEMP\FreeRAM XP Pro 1.40.exe" -win
O4 - HKCU\..\Run: [SpyKiller] C:\Program Files\SpyKiller\spykiller.exe /startup
O4 - HKCU\..\Run: [Winsock2 Loader] wiconf.exe
O4 - HKCU\..\Run: [Microsoft Internet System] svchosts.exe
O4 - HKCU\..\Run: [DLULRap] "C:\PROGRAM FILES\DLULRAP\DLULRap.exe
O4 - HKCU\..\Run: [DKTime] C:\WINNT\system32\dktime.exe
O4 - HKCU\..\Run: [Crp] C:\WINNT\system32\w?nlogon.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZNxmk142XXUS
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\System32\Shdocvw.dll
O14 - IERESET.INF: START_PAGE_URL=http://home.free.fr/
O15 - Trusted Zone: *.windupdates.com
O16 - DPF: {00000000-0000-0000-0000-000020030000} - http://www.advnt01.com/dialer/france_old.exe
O16 - DPF: {00000EF1-0786-4633-87C6-1AA7A44297DA} - http://install.spywarelabs.com/1151040823/WrapperOuter.exe
O16 - DPF: {0929DD18-9DD5-529A-2F4C-2E9918FA7B44} - http://66.79.169.45/1/rdgFR850.exe
O16 - DPF: {2AEEAC34-FD74-4142-B891-4B05C0C03C87} - http://akamai.downloadv3.com/binaries/DialHTML/EGCOMSERVICE_1047_pack.cab
O16 - DPF: {35F59C80-C1F2-4EEA-9981-686C7D5A9277} - http://www.advnt01.com/dialer/emsat_ver3.CAB
O16 - DPF: {469C7080-8EC8-43A6-AD97-45848113743C} - http://akamai.downloadv3.com/binaries/IA/nethv32_FR.cab
O16 - DPF: {50AD557E-3426-41FD-AFDD-2AF39BB1C387} - http://akamai.downloadv3.com/binaries/LiveService/LiveService_5_FR.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {7DBFDA8E-D33B-11D4-9269-00600868E56E} (WWWInstall Class) - http://www.le-dial.com/access/WebInstall.dll
O16 - DPF: {92ABACFE-EF6E-42C7-A824-D50A914B5B70} (MastaCash Loader Class) - http://dx.mastacash.com/loader.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {B94B4225-E02E-4D3F-BADB-026F1E2F3AD7} (HttpDownloader Control) - http://www.instantplugin.com/SexDownloader.cab
O16 - DPF: {F57D17AE-CE37-4BC8-B232-EA57747BE5E7} - http://66.230.146.53/EPlugin.cab
O16 - DPF: {F72BC3F0-6C20-4793-9DDA-258589D8A907} - http://akamai.downloadv3.com/binaries/IA/netslv32_FR.cab
O18 - Filter: text/html - {5D25F139-9803-4EDC-B2CA-B79C2D614154} - C:\WINNT\system32\iji.dll
O18 - Filter: text/plain - {5D25F139-9803-4EDC-B2CA-B79C2D614154} - C:\WINNT\system32\iji.dll
Est-ce que quelqu'un peut m'aider ? S'il vous plaît
je ne connais que les logiciels et pour moi cela est du charabiat
merci d'avance de votre aide
j'ai vendu mon ancien Pc à un ami (aucun souci) il a désinstaller norton par mégarde. Dès qu'il se connecte à internet son PC rame à mort...
j'ai analysé son pc avec SPYBOOT, AD..., BITDEFENDER, SECURE.COM, PANDA.... j'en passe
BITE DENFENDER me toujours trojan.dialer.de infection de trois programme qu'il n'arrive pas à éliminer.
voici le rapport hisjack..
Logfile of HijackThis v1.98.2
Scan saved at 12:34:56, on 13/12/2004
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\AVPersonal\AVWUPSRV.EXE
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\system32\ZoneLabs\vsmon.exe
C:\WINNT\Explorer.EXE
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
C:\WINNT\system32\browser7.exe
C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Softwin\BitDefender Free Edition\bdnagent.exe
C:\WINNT\system32\w?nlogon.exe
C:\PROGRA~1\WINZIP\winzip32.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://aifind.inf/?id=54
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:NavigationFailure
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:NavigationFailure
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:NavigationFailure
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:NavigationFailure
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:NavigationFailure
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:NavigationFailure
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - _{30192F8D-0958-44E6-B54D-331FD39AC959} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [Find Coal] C:\PROGRA~1\SIZEAD~1\mail jugs.exe
O4 - HKLM\..\Run: [MSZTCE] C:\WINNT\System32\MSZTCE.EXE
O4 - HKLM\..\Run: [Winsock2 Loader] wiconf.exe
O4 - HKLM\..\Run: [ab6113f6d9b6] C:\WINNT\system32\browser7.exe
O4 - HKLM\..\Run: [glueownsrectamok] C:\Documents and Settings\All Users\Application Data\Manager htm glue owns\INTERNETFLAG.exe
O4 - HKLM\..\Run: [ControlPanel] C:\WINNT\system32\twink64.exe internat.dll,LoadKeyboardProfile
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
O4 - HKLM\..\Run: [BDNewsAgent] C:\Program Files\Softwin\BitDefender Free Edition\bdnagent.exe
O4 - HKLM\..\RunServices: [Winsock2 Loader] wiconf.exe
O4 - HKCU\..\Run: [11t24idg2k] C:\WINNT\2dszid5h37.exe
O4 - HKCU\..\Run: [FreeRAM XP] "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\QZTEMP\FreeRAM XP Pro 1.40.exe" -win
O4 - HKCU\..\Run: [SpyKiller] C:\Program Files\SpyKiller\spykiller.exe /startup
O4 - HKCU\..\Run: [Winsock2 Loader] wiconf.exe
O4 - HKCU\..\Run: [Microsoft Internet System] svchosts.exe
O4 - HKCU\..\Run: [DLULRap] "C:\PROGRAM FILES\DLULRAP\DLULRap.exe
O4 - HKCU\..\Run: [DKTime] C:\WINNT\system32\dktime.exe
O4 - HKCU\..\Run: [Crp] C:\WINNT\system32\w?nlogon.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZNxmk142XXUS
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\System32\Shdocvw.dll
O14 - IERESET.INF: START_PAGE_URL=http://home.free.fr/
O15 - Trusted Zone: *.windupdates.com
O16 - DPF: {00000000-0000-0000-0000-000020030000} - http://www.advnt01.com/dialer/france_old.exe
O16 - DPF: {00000EF1-0786-4633-87C6-1AA7A44297DA} - http://install.spywarelabs.com/1151040823/WrapperOuter.exe
O16 - DPF: {0929DD18-9DD5-529A-2F4C-2E9918FA7B44} - http://66.79.169.45/1/rdgFR850.exe
O16 - DPF: {2AEEAC34-FD74-4142-B891-4B05C0C03C87} - http://akamai.downloadv3.com/binaries/DialHTML/EGCOMSERVICE_1047_pack.cab
O16 - DPF: {35F59C80-C1F2-4EEA-9981-686C7D5A9277} - http://www.advnt01.com/dialer/emsat_ver3.CAB
O16 - DPF: {469C7080-8EC8-43A6-AD97-45848113743C} - http://akamai.downloadv3.com/binaries/IA/nethv32_FR.cab
O16 - DPF: {50AD557E-3426-41FD-AFDD-2AF39BB1C387} - http://akamai.downloadv3.com/binaries/LiveService/LiveService_5_FR.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {7DBFDA8E-D33B-11D4-9269-00600868E56E} (WWWInstall Class) - http://www.le-dial.com/access/WebInstall.dll
O16 - DPF: {92ABACFE-EF6E-42C7-A824-D50A914B5B70} (MastaCash Loader Class) - http://dx.mastacash.com/loader.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {B94B4225-E02E-4D3F-BADB-026F1E2F3AD7} (HttpDownloader Control) - http://www.instantplugin.com/SexDownloader.cab
O16 - DPF: {F57D17AE-CE37-4BC8-B232-EA57747BE5E7} - http://66.230.146.53/EPlugin.cab
O16 - DPF: {F72BC3F0-6C20-4793-9DDA-258589D8A907} - http://akamai.downloadv3.com/binaries/IA/netslv32_FR.cab
O18 - Filter: text/html - {5D25F139-9803-4EDC-B2CA-B79C2D614154} - C:\WINNT\system32\iji.dll
O18 - Filter: text/plain - {5D25F139-9803-4EDC-B2CA-B79C2D614154} - C:\WINNT\system32\iji.dll
Est-ce que quelqu'un peut m'aider ? S'il vous plaît
je ne connais que les logiciels et pour moi cela est du charabiat
merci d'avance de votre aide
A voir également:
- VIRUS : TROJAN DIALER
- Virus mcafee - Accueil - Piratage
- Virus informatique - Guide
- Panda anti virus gratuit - Télécharger - Antivirus & Antimalwares
- Undisclosed-recipients virus - Guide
- Ordinateur bloqué virus - Accueil - Arnaque
1 réponse
Salut
en mode sans echec(presser F8 des le redemarrage du pc) coches et fixes ces lignes
puis rescan antivirus
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://aifind.inf/?id=54
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:NavigationFailure
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:NavigationFailure
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:NavigationFailure
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:NavigationFailure
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:NavigationFailure
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:NavigationFailure
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R3 - URLSearchHook: (no name) - _{30192F8D-0958-44E6-B54D-331FD39AC959} - (no file)
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [Find Coal] C:\PROGRA~1\SIZEAD~1\mail jugs.exe <<<SUSPECT
O4 - HKLM\..\Run: [MSZTCE] C:\WINNT\System32\MSZTCE.EXE <<<SUSPECT
O4 - HKLM\..\Run: [Winsock2 Loader] wiconf.exe
O4 - HKLM\..\Run: [ab6113f6d9b6] C:\WINNT\system32\browser7.exe <<<SUSPECT
O4 - HKLM\..\Run: [glueownsrectamok] C:\Documents and Settings\All Users\Application Data\Manager htm glue owns\INTERNETFLAG.exe <<<SUSPECT
O4 - HKLM\..\RunServices: [Winsock2 Loader] wiconf.exe
O4 - HKCU\..\Run: [11t24idg2k] C:\WINNT\2dszid5h37.exe
O4 - HKCU\..\Run: [Winsock2 Loader] wiconf.exe
O4 - HKCU\..\Run: [Microsoft Internet System] svchosts.exe
O4 - HKCU\..\Run: [DLULRap] "C:\PROGRAM FILES\DLULRAP\DLULRap.exe <<<SUSPECT
O4 - HKCU\..\Run: [DKTime] C:\WINNT\system32\dktime.exe
O4 - HKCU\..\Run: [Crp] C:\WINNT\system32\w?nlogon.exe
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZNxmk142XXUS
O14 - IERESET.INF: START_PAGE_URL=http://home.free.fr/
O15 - Trusted Zone: *.windupdates.com
O16 - DPF: {00000000-0000-0000-0000-000020030000} - http://www.advnt01.com/dialer/france_old.exe
O16 - DPF: {00000EF1-0786-4633-87C6-1AA7A44297DA} - http://install.spywarelabs.com/1151040823/WrapperOuter.exe
O16 - DPF: {0929DD18-9DD5-529A-2F4C-2E9918FA7B44} - http://66.79.169.45/1/rdgFR850.exe
O16 - DPF: {2AEEAC34-FD74-4142-B891-4B05C0C03C87} - http://akamai.downloadv3.com/binaries/DialHTML/EGCOMSERVICE_1047_pack.cab
O16 - DPF: {35F59C80-C1F2-4EEA-9981-686C7D5A9277} - http://www.advnt01.com/dialer/emsat_ver3.CAB
O16 - DPF: {469C7080-8EC8-43A6-AD97-45848113743C} - http://akamai.downloadv3.com/binaries/IA/nethv32_FR.cab
O16 - DPF: {50AD557E-3426-41FD-AFDD-2AF39BB1C387} - http://akamai.downloadv3.com/binaries/LiveService/LiveService_5_FR.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {7DBFDA8E-D33B-11D4-9269-00600868E56E} (WWWInstall Class) - http://www.le-dial.com/access/WebInstall.dll
O16 - DPF: {92ABACFE-EF6E-42C7-A824-D50A914B5B70} (MastaCash Loader Class) - http://dx.mastacash.com/loader.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {B94B4225-E02E-4D3F-BADB-026F1E2F3AD7} (HttpDownloader Control) - http://www.instantplugin.com/SexDownloader.cab
O16 - DPF: {F57D17AE-CE37-4BC8-B232-EA57747BE5E7} - http://66.230.146.53/EPlugin.cab
O16 - DPF: {F72BC3F0-6C20-4793-9DDA-258589D8A907} - http://akamai.downloadv3.com/binaries/IA/netslv32_FR.cab
en mode sans echec(presser F8 des le redemarrage du pc) coches et fixes ces lignes
puis rescan antivirus
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://aifind.inf/?id=54
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:NavigationFailure
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:NavigationFailure
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:NavigationFailure
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:NavigationFailure
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:NavigationFailure
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:NavigationFailure
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R3 - URLSearchHook: (no name) - _{30192F8D-0958-44E6-B54D-331FD39AC959} - (no file)
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [Find Coal] C:\PROGRA~1\SIZEAD~1\mail jugs.exe <<<SUSPECT
O4 - HKLM\..\Run: [MSZTCE] C:\WINNT\System32\MSZTCE.EXE <<<SUSPECT
O4 - HKLM\..\Run: [Winsock2 Loader] wiconf.exe
O4 - HKLM\..\Run: [ab6113f6d9b6] C:\WINNT\system32\browser7.exe <<<SUSPECT
O4 - HKLM\..\Run: [glueownsrectamok] C:\Documents and Settings\All Users\Application Data\Manager htm glue owns\INTERNETFLAG.exe <<<SUSPECT
O4 - HKLM\..\RunServices: [Winsock2 Loader] wiconf.exe
O4 - HKCU\..\Run: [11t24idg2k] C:\WINNT\2dszid5h37.exe
O4 - HKCU\..\Run: [Winsock2 Loader] wiconf.exe
O4 - HKCU\..\Run: [Microsoft Internet System] svchosts.exe
O4 - HKCU\..\Run: [DLULRap] "C:\PROGRAM FILES\DLULRAP\DLULRap.exe <<<SUSPECT
O4 - HKCU\..\Run: [DKTime] C:\WINNT\system32\dktime.exe
O4 - HKCU\..\Run: [Crp] C:\WINNT\system32\w?nlogon.exe
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZNxmk142XXUS
O14 - IERESET.INF: START_PAGE_URL=http://home.free.fr/
O15 - Trusted Zone: *.windupdates.com
O16 - DPF: {00000000-0000-0000-0000-000020030000} - http://www.advnt01.com/dialer/france_old.exe
O16 - DPF: {00000EF1-0786-4633-87C6-1AA7A44297DA} - http://install.spywarelabs.com/1151040823/WrapperOuter.exe
O16 - DPF: {0929DD18-9DD5-529A-2F4C-2E9918FA7B44} - http://66.79.169.45/1/rdgFR850.exe
O16 - DPF: {2AEEAC34-FD74-4142-B891-4B05C0C03C87} - http://akamai.downloadv3.com/binaries/DialHTML/EGCOMSERVICE_1047_pack.cab
O16 - DPF: {35F59C80-C1F2-4EEA-9981-686C7D5A9277} - http://www.advnt01.com/dialer/emsat_ver3.CAB
O16 - DPF: {469C7080-8EC8-43A6-AD97-45848113743C} - http://akamai.downloadv3.com/binaries/IA/nethv32_FR.cab
O16 - DPF: {50AD557E-3426-41FD-AFDD-2AF39BB1C387} - http://akamai.downloadv3.com/binaries/LiveService/LiveService_5_FR.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {7DBFDA8E-D33B-11D4-9269-00600868E56E} (WWWInstall Class) - http://www.le-dial.com/access/WebInstall.dll
O16 - DPF: {92ABACFE-EF6E-42C7-A824-D50A914B5B70} (MastaCash Loader Class) - http://dx.mastacash.com/loader.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {B94B4225-E02E-4D3F-BADB-026F1E2F3AD7} (HttpDownloader Control) - http://www.instantplugin.com/SexDownloader.cab
O16 - DPF: {F57D17AE-CE37-4BC8-B232-EA57747BE5E7} - http://66.230.146.53/EPlugin.cab
O16 - DPF: {F72BC3F0-6C20-4793-9DDA-258589D8A907} - http://akamai.downloadv3.com/binaries/IA/netslv32_FR.cab
