[virus]w32.Toxbot
kassko
Messages postés
4
Statut
Membre
-
Utilisateur anonyme -
Utilisateur anonyme -
Bonjour j ai un virus w32.Toxbot qui s est installé sur mon ordinateur et que norton n arrive pas a desinfecté j ai pu remarqué que s est deja arrivé a d autre et donc j ai regardé et fais un hijack this comme demandé a ceux a qui s est arrivé et voici le resultat est ce que quelqu un peut m aider a analyser et a me dire ce que je dois faire merci
Logfile of HijackThis v1.99.1
Scan saved at 20:38:16, on 10/08/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
c:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
c:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\Netmon.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\Program Files\HP\HP Software Update\HPWuSchd.exe
C:\WINDOWS\System32\hphmon05.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
C:\Program Files\Media Gateway\MediaGateway.exe
C:\program files\180searchassistant\salm.exe
C:\WINDOWS\System32\i1vkruup.exe
C:\Program Files\Internet Optimizer\optimize.exe
C:\Program Files\Rjoujch\Gtpqxa.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
c:\PROGRA~1\NORTON~1\navw32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Propriétaire\Local Settings\Temp\Répertoire temporaire 1 pour hijackthis.zip\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://fr9.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-fr9.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-fr9.hpwis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://runonce.msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-fr9.hpwis.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr9.hpwis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O1 - Hosts: 69.15.98.210 onlineaccounts2.abbeynational.co.uk
O1 - Hosts: 69.15.98.210 www3.aibgbonline.co.uk
O1 - Hosts: 69.15.98.210 www.bank.alliance-leicester.co.uk
O1 - Hosts: 69.15.98.210 login.iblogin.com
O1 - Hosts: 69.15.98.210 ww2.bankofscotlandhalifax-online.co.uk
O1 - Hosts: 69.15.98.210 inet.barclays.co.uk
O1 - Hosts: 69.15.98.210 iibank.barclays.co.uk
O1 - Hosts: 69.15.98.210 iibank.cahoot.com
O1 - Hosts: 69.15.98.210 www3.coventrybuildingsociety.co.uk
O1 - Hosts: 69.15.98.210 ww.hsbc.co.uk
O1 - Hosts: 69.15.98.210 login.ebank.offshore.hsbc.co.je
O1 - Hosts: 69.15.98.210 ww3.online-offshore.lloydstsb.com
O1 - Hosts: 69.15.98.210 ww3.online-business.lloydstsb.co.uk
O1 - Hosts: 69.15.98.210 ww3.online.lloydstsb.co.uk
O1 - Hosts: 69.15.98.210 ww3.online.lloydstsb.co.uk
O1 - Hosts: 69.15.98.210 ww3.online-business.lloydstsb.co.uk
O1 - Hosts: 69.15.98.210 ob2.nationet.com
O1 - Hosts: 69.15.98.210 ww3.onlinebanking.natwestoffshore.com
O1 - Hosts: 69.15.98.210 ww1.nwolb.com
O1 - Hosts: 69.15.98.210 ww1.onlinebanking.iombank.com
O1 - Hosts: 69.15.98.210 ww1.www.rbsdigital.com
O1 - Hosts: 69.15.98.210 welcome.smile.co.uk
O1 - Hosts: 69.15.98.210 login.365online.com
O1 - Hosts: 69.15.98.210 wvw.citizensbankonline.com
O1 - Hosts: 69.15.98.210 esecure.regionsnet.com
O1 - Hosts: 69.15.98.210 rollb.associatedbank.com
O1 - Hosts: 69.15.98.210 upb.unionplanters.com
O1 - Hosts: 69.15.98.210 www.onlinebanking.huntington.com
O1 - Hosts: 69.15.98.210 inet.southtrustonlinebanking.com
O1 - Hosts: 69.15.98.210 logon.personal.wamu.com
O1 - Hosts: 69.15.98.210 login.compassweb.com
O1 - Hosts: 69.15.98.210 logon.firstmeritib.com
O1 - Hosts: 69.15.98.210 login.ccfcuonline.org
O1 - Hosts: 69.15.98.210 ww3.etimebanker.bankofthewest.com
O1 - Hosts: 69.15.98.210 ww2.onlinebanking.lasallebank.com
O1 - Hosts: 69.15.98.210 wvw.totallyfreebanking.com
O1 - Hosts: 69.15.98.210 www.online.wellsfargo.com
O1 - Hosts: 69.15.98.210 www.onlinebanking.bankofoklahoma.com
O1 - Hosts: 69.15.98.210 accounts4.keybank.com
O1 - Hosts: 69.15.98.210 logon.bankone.com
O1 - Hosts: 69.15.98.210 www.secure.tdbanknorth.com
O1 - Hosts: 69.15.98.210 www.secure.mvnt4.com
O1 - Hosts: 69.15.98.210 ww.mynfbonline.com
O1 - Hosts: 69.15.98.210 login.forumcuonline.com
O1 - Hosts: 69.15.98.210 www.eds.usersonlnet.com
O1 - Hosts: 69.15.98.210 www.onlineid.bankofamerica.com
O1 - Hosts: 69.15.98.210 wvw.e-gold.com
O1 - Hosts: 69.15.98.210 pcbs.peoples.com
O1 - Hosts: 69.15.98.210 www.global1.onlinebank.com
O1 - Hosts: 69.15.98.210 ww2.mybranch.lafcu.com
O1 - Hosts: 69.15.98.210 login.webbanking.comerica.com
O1 - Hosts: 69.15.98.210 web.banking.firsttennessee.com
O1 - Hosts: 69.15.98.210 logon.members1st.org
O1 - Hosts: 69.15.98.210 www.cib.ibanking-services.com
O1 - Hosts: 69.15.98.210 www.miwebbusbank.ebanking-services.com
O1 - Hosts: 69.15.98.210 wvw.paypal.com
O1 - Hosts: 69.15.98.210 www.signin.ebay.com
O1 - Hosts: 69.15.98.210 wvw.etrade.com
O1 - Hosts: 69.15.98.210 ww4.fleethomelink.fleet.com
O1 - Hosts: 69.15.98.210 ww3.connect.skyfi.com
O1 - Hosts: 69.15.98.210 www6.usbank.com
O1 - Hosts: 69.15.98.210 www.bvi.bancodevalencia.es
O1 - Hosts: 69.15.98.210 extrant.banesto.es
O1 - Hosts: 69.15.98.210 banesnt.banesto.es
O1 - Hosts: 69.15.98.210 activia.caixagalicia.es
O1 - Hosts: 69.15.98.210 www.bancae.caixapenedes.com
O1 - Hosts: 69.15.98.210 login.caixasabadell.net
O1 - Hosts: 69.15.98.210 oii.cajamadrid.es
O1 - Hosts: 69.15.98.210 login.cajamar.es
O1 - Hosts: 69.15.98.210 login.ccm.es
O1 - Hosts: 69.15.98.210 ww.unicaja.es
O1 - Hosts: 69.15.98.210 www5.bancopopular.es
O1 - Hosts: 69.15.98.210 ww3.bbvanet.com
O1 - Hosts: 69.15.98.210 ww.bayernlb.de
O1 - Hosts: 69.15.98.210 ww2.berliner-volksbank.de
O1 - Hosts: 69.15.98.210 ww7.homebanking-berlin.de
O1 - Hosts: 69.15.98.210 portal09.commerzbanking.de
O1 - Hosts: 69.15.98.210 www.meine.deutsche-bank.de
O1 - Hosts: 69.15.98.210 ww2.dresdner-privat.de
O1 - Hosts: 69.15.98.210 ww.e-banking.helaba.de
O1 - Hosts: 69.15.98.210 ww.hsh-nordbank.de
O1 - Hosts: 69.15.98.210 www.my.hypovereinsbank.de
O1 - Hosts: 69.15.98.210 ww3.homebanking-berlin.de
O1 - Hosts: 69.15.98.210 ww3.homebanking-berlin.de
O1 - Hosts: 69.15.98.210 www.banking.lbbw.de
O1 - Hosts: 69.15.98.210 lrp.sparkasse-banking.de
O1 - Hosts: 69.15.98.210 ww3.homebanking-niedersachsen.de
O1 - Hosts: 69.15.98.210 www.onlinebanking.norisbank.de
O1 - Hosts: 69.15.98.210 www.banking.postbank.de
O1 - Hosts: 69.15.98.210 wvw.internetbanking.gad.de
O1 - Hosts: 69.15.98.210 ww1.portal.izb.de
O1 - Hosts: 69.15.98.210 wvw.kunden-service.lbs.de
O1 - Hosts: 69.15.98.210 ibanking.seb.de
O1 - Hosts: 69.15.98.210 bw7.sparkasse-banking.de
O1 - Hosts: 69.15.98.210 ww2.homebanking-sparkasse.de
O1 - Hosts: 69.15.98.210 ww2.vr-networld-ebanking.de
O1 - Hosts: 69.15.98.210 ww.bics.fr
O1 - Hosts: 69.15.98.210 www.co.caixabank.fr
O1 - Hosts: 69.15.98.210 ww.creditmutuel.fr
O1 - Hosts: 69.15.98.210 internetbank.intesabci.it
O1 - Hosts: 69.15.98.210 ww.extensive.bancalombarda.it
O2 - BHO: BHObj Class - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - C:\WINDOWS\nem220.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SABHO - {21B4ACC4-8874-4AEC-AEAC-F567A249B4D4} - c:\program files\180searchassistant\salmhook.dll
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - c:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: Microsoft Update Proxy Class - {6E28339B-7A2A-47B6-AEB2-46BA53782375} - C:\WINDOWS\System32\dllcache\msupdprx.dll (file missing)
O2 - BHO: BHObj Class - {8F4E5661-F99E-4B3E-8D85-0EA71C0748E4} - C:\WINDOWS\wsem303.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Vue HP - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpdtlk02.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [HP Software Update] "c:\Program Files\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "c:\Program Files\Fichiers communs\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [*Winsock] wtyssock.exe
O4 - HKLM\..\Run: [Media Gateway] C:\Program Files\Media Gateway\MediaGateway.exe
O4 - HKLM\..\Run: [ms ownage] winPE.exe
O4 - HKLM\..\Run: [salm] c:\program files\180searchassistant\salm.exe
O4 - HKLM\..\Run: [apwt] C:\WINDOWS\apwt.exe
O4 - HKLM\..\Run: [i1vkruup] C:\WINDOWS\System32\i1vkruup.exe
O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Fichiers communs\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [Rikwcv] C:\Program Files\Rjoujch\Gtpqxa.exe
O4 - HKLM\..\RunServices: [*Winsock] wtyssock.exe
O4 - HKLM\..\RunServices: [ms ownage] winPE.exe
O4 - HKCU\..\Run: [BackupNotify] c:\Program Files\Hewlett-Packard\Digital Imaging\bin\backupnotify.exe
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MoneyAgent] "c:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Norton Personal Firewall.lnk = C:\Program Files\Norton Personal Firewall\nisfirst.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - c:\Program Files\Microsoft Money\System\mnyside.dll
O16 - DPF: {99410CDE-6F16-42ce-9D49-3807F78F0287} (ClientInstaller Class) - http://www.180searchassistant.com/180saax.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - c:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Proxy Service (ccPxySvc) - Symantec Corporation - c:\Program Files\Norton Personal Firewall\ccPxySvc.exe
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - c:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Net Functions Monitoring (Netmon) - Unknown owner - C:\WINDOWS\System32\Netmon.exe
O23 - Service: Norton Personal Firewall Accounts Manager (NISUM) - Symantec Corporation - c:\Program Files\Norton Personal Firewall\NISUM.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
Logfile of HijackThis v1.99.1
Scan saved at 20:38:16, on 10/08/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
c:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
c:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\Netmon.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\Program Files\HP\HP Software Update\HPWuSchd.exe
C:\WINDOWS\System32\hphmon05.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
C:\Program Files\Media Gateway\MediaGateway.exe
C:\program files\180searchassistant\salm.exe
C:\WINDOWS\System32\i1vkruup.exe
C:\Program Files\Internet Optimizer\optimize.exe
C:\Program Files\Rjoujch\Gtpqxa.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
c:\PROGRA~1\NORTON~1\navw32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Propriétaire\Local Settings\Temp\Répertoire temporaire 1 pour hijackthis.zip\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://fr9.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-fr9.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-fr9.hpwis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://runonce.msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-fr9.hpwis.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr9.hpwis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O1 - Hosts: 69.15.98.210 onlineaccounts2.abbeynational.co.uk
O1 - Hosts: 69.15.98.210 www3.aibgbonline.co.uk
O1 - Hosts: 69.15.98.210 www.bank.alliance-leicester.co.uk
O1 - Hosts: 69.15.98.210 login.iblogin.com
O1 - Hosts: 69.15.98.210 ww2.bankofscotlandhalifax-online.co.uk
O1 - Hosts: 69.15.98.210 inet.barclays.co.uk
O1 - Hosts: 69.15.98.210 iibank.barclays.co.uk
O1 - Hosts: 69.15.98.210 iibank.cahoot.com
O1 - Hosts: 69.15.98.210 www3.coventrybuildingsociety.co.uk
O1 - Hosts: 69.15.98.210 ww.hsbc.co.uk
O1 - Hosts: 69.15.98.210 login.ebank.offshore.hsbc.co.je
O1 - Hosts: 69.15.98.210 ww3.online-offshore.lloydstsb.com
O1 - Hosts: 69.15.98.210 ww3.online-business.lloydstsb.co.uk
O1 - Hosts: 69.15.98.210 ww3.online.lloydstsb.co.uk
O1 - Hosts: 69.15.98.210 ww3.online.lloydstsb.co.uk
O1 - Hosts: 69.15.98.210 ww3.online-business.lloydstsb.co.uk
O1 - Hosts: 69.15.98.210 ob2.nationet.com
O1 - Hosts: 69.15.98.210 ww3.onlinebanking.natwestoffshore.com
O1 - Hosts: 69.15.98.210 ww1.nwolb.com
O1 - Hosts: 69.15.98.210 ww1.onlinebanking.iombank.com
O1 - Hosts: 69.15.98.210 ww1.www.rbsdigital.com
O1 - Hosts: 69.15.98.210 welcome.smile.co.uk
O1 - Hosts: 69.15.98.210 login.365online.com
O1 - Hosts: 69.15.98.210 wvw.citizensbankonline.com
O1 - Hosts: 69.15.98.210 esecure.regionsnet.com
O1 - Hosts: 69.15.98.210 rollb.associatedbank.com
O1 - Hosts: 69.15.98.210 upb.unionplanters.com
O1 - Hosts: 69.15.98.210 www.onlinebanking.huntington.com
O1 - Hosts: 69.15.98.210 inet.southtrustonlinebanking.com
O1 - Hosts: 69.15.98.210 logon.personal.wamu.com
O1 - Hosts: 69.15.98.210 login.compassweb.com
O1 - Hosts: 69.15.98.210 logon.firstmeritib.com
O1 - Hosts: 69.15.98.210 login.ccfcuonline.org
O1 - Hosts: 69.15.98.210 ww3.etimebanker.bankofthewest.com
O1 - Hosts: 69.15.98.210 ww2.onlinebanking.lasallebank.com
O1 - Hosts: 69.15.98.210 wvw.totallyfreebanking.com
O1 - Hosts: 69.15.98.210 www.online.wellsfargo.com
O1 - Hosts: 69.15.98.210 www.onlinebanking.bankofoklahoma.com
O1 - Hosts: 69.15.98.210 accounts4.keybank.com
O1 - Hosts: 69.15.98.210 logon.bankone.com
O1 - Hosts: 69.15.98.210 www.secure.tdbanknorth.com
O1 - Hosts: 69.15.98.210 www.secure.mvnt4.com
O1 - Hosts: 69.15.98.210 ww.mynfbonline.com
O1 - Hosts: 69.15.98.210 login.forumcuonline.com
O1 - Hosts: 69.15.98.210 www.eds.usersonlnet.com
O1 - Hosts: 69.15.98.210 www.onlineid.bankofamerica.com
O1 - Hosts: 69.15.98.210 wvw.e-gold.com
O1 - Hosts: 69.15.98.210 pcbs.peoples.com
O1 - Hosts: 69.15.98.210 www.global1.onlinebank.com
O1 - Hosts: 69.15.98.210 ww2.mybranch.lafcu.com
O1 - Hosts: 69.15.98.210 login.webbanking.comerica.com
O1 - Hosts: 69.15.98.210 web.banking.firsttennessee.com
O1 - Hosts: 69.15.98.210 logon.members1st.org
O1 - Hosts: 69.15.98.210 www.cib.ibanking-services.com
O1 - Hosts: 69.15.98.210 www.miwebbusbank.ebanking-services.com
O1 - Hosts: 69.15.98.210 wvw.paypal.com
O1 - Hosts: 69.15.98.210 www.signin.ebay.com
O1 - Hosts: 69.15.98.210 wvw.etrade.com
O1 - Hosts: 69.15.98.210 ww4.fleethomelink.fleet.com
O1 - Hosts: 69.15.98.210 ww3.connect.skyfi.com
O1 - Hosts: 69.15.98.210 www6.usbank.com
O1 - Hosts: 69.15.98.210 www.bvi.bancodevalencia.es
O1 - Hosts: 69.15.98.210 extrant.banesto.es
O1 - Hosts: 69.15.98.210 banesnt.banesto.es
O1 - Hosts: 69.15.98.210 activia.caixagalicia.es
O1 - Hosts: 69.15.98.210 www.bancae.caixapenedes.com
O1 - Hosts: 69.15.98.210 login.caixasabadell.net
O1 - Hosts: 69.15.98.210 oii.cajamadrid.es
O1 - Hosts: 69.15.98.210 login.cajamar.es
O1 - Hosts: 69.15.98.210 login.ccm.es
O1 - Hosts: 69.15.98.210 ww.unicaja.es
O1 - Hosts: 69.15.98.210 www5.bancopopular.es
O1 - Hosts: 69.15.98.210 ww3.bbvanet.com
O1 - Hosts: 69.15.98.210 ww.bayernlb.de
O1 - Hosts: 69.15.98.210 ww2.berliner-volksbank.de
O1 - Hosts: 69.15.98.210 ww7.homebanking-berlin.de
O1 - Hosts: 69.15.98.210 portal09.commerzbanking.de
O1 - Hosts: 69.15.98.210 www.meine.deutsche-bank.de
O1 - Hosts: 69.15.98.210 ww2.dresdner-privat.de
O1 - Hosts: 69.15.98.210 ww.e-banking.helaba.de
O1 - Hosts: 69.15.98.210 ww.hsh-nordbank.de
O1 - Hosts: 69.15.98.210 www.my.hypovereinsbank.de
O1 - Hosts: 69.15.98.210 ww3.homebanking-berlin.de
O1 - Hosts: 69.15.98.210 ww3.homebanking-berlin.de
O1 - Hosts: 69.15.98.210 www.banking.lbbw.de
O1 - Hosts: 69.15.98.210 lrp.sparkasse-banking.de
O1 - Hosts: 69.15.98.210 ww3.homebanking-niedersachsen.de
O1 - Hosts: 69.15.98.210 www.onlinebanking.norisbank.de
O1 - Hosts: 69.15.98.210 www.banking.postbank.de
O1 - Hosts: 69.15.98.210 wvw.internetbanking.gad.de
O1 - Hosts: 69.15.98.210 ww1.portal.izb.de
O1 - Hosts: 69.15.98.210 wvw.kunden-service.lbs.de
O1 - Hosts: 69.15.98.210 ibanking.seb.de
O1 - Hosts: 69.15.98.210 bw7.sparkasse-banking.de
O1 - Hosts: 69.15.98.210 ww2.homebanking-sparkasse.de
O1 - Hosts: 69.15.98.210 ww2.vr-networld-ebanking.de
O1 - Hosts: 69.15.98.210 ww.bics.fr
O1 - Hosts: 69.15.98.210 www.co.caixabank.fr
O1 - Hosts: 69.15.98.210 ww.creditmutuel.fr
O1 - Hosts: 69.15.98.210 internetbank.intesabci.it
O1 - Hosts: 69.15.98.210 ww.extensive.bancalombarda.it
O2 - BHO: BHObj Class - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - C:\WINDOWS\nem220.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SABHO - {21B4ACC4-8874-4AEC-AEAC-F567A249B4D4} - c:\program files\180searchassistant\salmhook.dll
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - c:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: Microsoft Update Proxy Class - {6E28339B-7A2A-47B6-AEB2-46BA53782375} - C:\WINDOWS\System32\dllcache\msupdprx.dll (file missing)
O2 - BHO: BHObj Class - {8F4E5661-F99E-4B3E-8D85-0EA71C0748E4} - C:\WINDOWS\wsem303.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Vue HP - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpdtlk02.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [HP Software Update] "c:\Program Files\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "c:\Program Files\Fichiers communs\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [*Winsock] wtyssock.exe
O4 - HKLM\..\Run: [Media Gateway] C:\Program Files\Media Gateway\MediaGateway.exe
O4 - HKLM\..\Run: [ms ownage] winPE.exe
O4 - HKLM\..\Run: [salm] c:\program files\180searchassistant\salm.exe
O4 - HKLM\..\Run: [apwt] C:\WINDOWS\apwt.exe
O4 - HKLM\..\Run: [i1vkruup] C:\WINDOWS\System32\i1vkruup.exe
O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Fichiers communs\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [Rikwcv] C:\Program Files\Rjoujch\Gtpqxa.exe
O4 - HKLM\..\RunServices: [*Winsock] wtyssock.exe
O4 - HKLM\..\RunServices: [ms ownage] winPE.exe
O4 - HKCU\..\Run: [BackupNotify] c:\Program Files\Hewlett-Packard\Digital Imaging\bin\backupnotify.exe
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MoneyAgent] "c:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Norton Personal Firewall.lnk = C:\Program Files\Norton Personal Firewall\nisfirst.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - c:\Program Files\Microsoft Money\System\mnyside.dll
O16 - DPF: {99410CDE-6F16-42ce-9D49-3807F78F0287} (ClientInstaller Class) - http://www.180searchassistant.com/180saax.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - c:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Proxy Service (ccPxySvc) - Symantec Corporation - c:\Program Files\Norton Personal Firewall\ccPxySvc.exe
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - c:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Net Functions Monitoring (Netmon) - Unknown owner - C:\WINDOWS\System32\Netmon.exe
O23 - Service: Norton Personal Firewall Accounts Manager (NISUM) - Symantec Corporation - c:\Program Files\Norton Personal Firewall\NISUM.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
A voir également:
- [virus]w32.Toxbot
- Virus mcafee - Accueil - Piratage
- Virus facebook demande d'amis - Accueil - Facebook
- Virus informatique - Guide
- Panda anti virus gratuit - Télécharger - Antivirus & Antimalwares
- Faux message virus iphone ✓ - Forum Virus
1 réponse
Bonjour,
Méthode a suivre dans l'ordre...
----------------------------------------------------------------------------
¤Télécharge ces logiciels mais que tu n utilises pas tout de suite:
1/Spybot S&D 1.4 <<nouvelle version
http://www.safer-networking.org/fr/index.html
Démo d utilisation (merci a Balltrap34 pour cette réalisation)
http://pageperso.aol.fr/Balltrap34/demo%20spybot.htm
2/Ad-Aware SE 1.06 <<nouvelle version
http://www.lavasoftusa.com/software/adaware/
-Une aide:
http://www.tutopat.com/viewtopic.php?t=1191
- installe le patch français, tu pourra le trouver ici:
http://download.lavasoft.de.edgesuite.net/public/pllangs.exe
et une petite vidéo ici d'utilisation:(merci a Moe31 pour cette réalisation)
http://pageperso.aol.fr/balltrap34/adawrevid.asf
3/Clean Up 40:
http://pageperso.aol.fr/balltrap34/CleanUp40.exe
-aide en image:(merci a Balltrap34)
http://pageperso.aol.fr/balltrap34/democleanup.htm
----------------------------------------------------------------------------
¤Démarre en mode sans échec :
Pour cela, tu tapote la touche F8 des le début de l allumage du pc sans t arrêter
Une fenêtre va s’ouvrir tu te déplaces avec les flèches du clavier sur démarrer en mode sans échec puis tape entrée.
Une fois sur le bureau si il n y a pas toutes les couleurs et autres c est normal !
(Si F8 ne marche pas utilise la touche F5)
----------------------------------------------------------------------------
¤Désactive ta restauration système:
Clic droit sur poste de travail puis,
propriété, tu clique sur onglet restauration système
tu coche la case désactiver la restauration et applique
----------------------------------------------------------------------------
¤Affiche tous les fichiers et dossiers :
Clique sur démarrer/panneau de configuration/option des dossiers/affichage
Cocher afficher les dossiers cacher
Décoche la case "Masquer les fichiers protégés du système d'exploitation (recommandé)"
Décocher masquer les extensions dont le type est connu
Puis fais «Ok» pour valider les changements.
Et appliquer !
----------------------------------------------------------------------------
¤Vide tes fichiers temps et tempory internet file:
utilise ceci pour le faire (tu as télécharger avant)
http://pageperso.aol.fr/balltrap34/CleanUp40.exe
----------------------------------------------------------------------------
¤Relance Hijack This, coche les cases devant ces lignes et ensuite click sur fix checked :
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O1 - Hosts: 69.15.98.210 onlineaccounts2.abbeynational.co.uk
O1 - Hosts: 69.15.98.210 www3.aibgbonline.co.uk
O1 - Hosts: 69.15.98.210 www.bank.alliance-leicester.co.uk
O1 - Hosts: 69.15.98.210 login.iblogin.com
O1 - Hosts: 69.15.98.210 ww2.bankofscotlandhalifax-online.co.uk
O1 - Hosts: 69.15.98.210 inet.barclays.co.uk
O1 - Hosts: 69.15.98.210 iibank.barclays.co.uk
O1 - Hosts: 69.15.98.210 iibank.cahoot.com
O1 - Hosts: 69.15.98.210 www3.coventrybuildingsociety.co.uk
O1 - Hosts: 69.15.98.210 ww.hsbc.co.uk
O1 - Hosts: 69.15.98.210 login.ebank.offshore.hsbc.co.je
O1 - Hosts: 69.15.98.210 ww3.online-offshore.lloydstsb.com
O1 - Hosts: 69.15.98.210 ww3.online-business.lloydstsb.co.uk
O1 - Hosts: 69.15.98.210 ww3.online.lloydstsb.co.uk
O1 - Hosts: 69.15.98.210 ww3.online.lloydstsb.co.uk
O1 - Hosts: 69.15.98.210 ww3.online-business.lloydstsb.co.uk
O1 - Hosts: 69.15.98.210 ob2.nationet.com
O1 - Hosts: 69.15.98.210 ww3.onlinebanking.natwestoffshore.com
O1 - Hosts: 69.15.98.210 ww1.nwolb.com
O1 - Hosts: 69.15.98.210 ww1.onlinebanking.iombank.com
O1 - Hosts: 69.15.98.210 ww1.www.rbsdigital.com
O1 - Hosts: 69.15.98.210 welcome.smile.co.uk
O1 - Hosts: 69.15.98.210 login.365online.com
O1 - Hosts: 69.15.98.210 wvw.citizensbankonline.com
O1 - Hosts: 69.15.98.210 esecure.regionsnet.com
O1 - Hosts: 69.15.98.210 rollb.associatedbank.com
O1 - Hosts: 69.15.98.210 upb.unionplanters.com
O1 - Hosts: 69.15.98.210 www.onlinebanking.huntington.com
O1 - Hosts: 69.15.98.210 inet.southtrustonlinebanking.com
O1 - Hosts: 69.15.98.210 logon.personal.wamu.com
O1 - Hosts: 69.15.98.210 login.compassweb.com
O1 - Hosts: 69.15.98.210 logon.firstmeritib.com
O1 - Hosts: 69.15.98.210 login.ccfcuonline.org
O1 - Hosts: 69.15.98.210 ww3.etimebanker.bankofthewest.com
O1 - Hosts: 69.15.98.210 ww2.onlinebanking.lasallebank.com
O1 - Hosts: 69.15.98.210 wvw.totallyfreebanking.com
O1 - Hosts: 69.15.98.210 www.online.wellsfargo.com
O1 - Hosts: 69.15.98.210 www.onlinebanking.bankofoklahoma.com
O1 - Hosts: 69.15.98.210 accounts4.keybank.com
O1 - Hosts: 69.15.98.210 logon.bankone.com
O1 - Hosts: 69.15.98.210 www.secure.tdbanknorth.com
O1 - Hosts: 69.15.98.210 www.secure.mvnt4.com
O1 - Hosts: 69.15.98.210 ww.mynfbonline.com
O1 - Hosts: 69.15.98.210 login.forumcuonline.com
O1 - Hosts: 69.15.98.210 www.eds.usersonlnet.com
O1 - Hosts: 69.15.98.210 www.onlineid.bankofamerica.com
O1 - Hosts: 69.15.98.210 wvw.e-gold.com
O1 - Hosts: 69.15.98.210 pcbs.peoples.com
O1 - Hosts: 69.15.98.210 www.global1.onlinebank.com
O1 - Hosts: 69.15.98.210 ww2.mybranch.lafcu.com
O1 - Hosts: 69.15.98.210 login.webbanking.comerica.com
O1 - Hosts: 69.15.98.210 web.banking.firsttennessee.com
O1 - Hosts: 69.15.98.210 logon.members1st.org
O1 - Hosts: 69.15.98.210 www.cib.ibanking-services.com
O1 - Hosts: 69.15.98.210 www.miwebbusbank.ebanking-services.com
O1 - Hosts: 69.15.98.210 wvw.paypal.com
O1 - Hosts: 69.15.98.210 www.signin.ebay.com
O1 - Hosts: 69.15.98.210 wvw.etrade.com
O1 - Hosts: 69.15.98.210 ww4.fleethomelink.fleet.com
O1 - Hosts: 69.15.98.210 ww3.connect.skyfi.com
O1 - Hosts: 69.15.98.210 www6.usbank.com
O1 - Hosts: 69.15.98.210 www.bvi.bancodevalencia.es
O1 - Hosts: 69.15.98.210 extrant.banesto.es
O1 - Hosts: 69.15.98.210 banesnt.banesto.es
O1 - Hosts: 69.15.98.210 activia.caixagalicia.es
O1 - Hosts: 69.15.98.210 www.bancae.caixapenedes.com
O1 - Hosts: 69.15.98.210 login.caixasabadell.net
O1 - Hosts: 69.15.98.210 oii.cajamadrid.es
O1 - Hosts: 69.15.98.210 login.cajamar.es
O1 - Hosts: 69.15.98.210 login.ccm.es
O1 - Hosts: 69.15.98.210 ww.unicaja.es
O1 - Hosts: 69.15.98.210 www5.bancopopular.es
O1 - Hosts: 69.15.98.210 ww3.bbvanet.com
O1 - Hosts: 69.15.98.210 ww.bayernlb.de
O1 - Hosts: 69.15.98.210 ww2.berliner-volksbank.de
O1 - Hosts: 69.15.98.210 ww7.homebanking-berlin.de
O1 - Hosts: 69.15.98.210 portal09.commerzbanking.de
O1 - Hosts: 69.15.98.210 www.meine.deutsche-bank.de
O1 - Hosts: 69.15.98.210 ww2.dresdner-privat.de
O1 - Hosts: 69.15.98.210 ww.e-banking.helaba.de
O1 - Hosts: 69.15.98.210 ww.hsh-nordbank.de
O1 - Hosts: 69.15.98.210 www.my.hypovereinsbank.de
O1 - Hosts: 69.15.98.210 ww3.homebanking-berlin.de
O1 - Hosts: 69.15.98.210 ww3.homebanking-berlin.de
O1 - Hosts: 69.15.98.210 www.banking.lbbw.de
O1 - Hosts: 69.15.98.210 lrp.sparkasse-banking.de
O1 - Hosts: 69.15.98.210 ww3.homebanking-niedersachsen.de
O1 - Hosts: 69.15.98.210 www.onlinebanking.norisbank.de
O1 - Hosts: 69.15.98.210 www.banking.postbank.de
O1 - Hosts: 69.15.98.210 wvw.internetbanking.gad.de
O1 - Hosts: 69.15.98.210 ww1.portal.izb.de
O1 - Hosts: 69.15.98.210 wvw.kunden-service.lbs.de
O1 - Hosts: 69.15.98.210 ibanking.seb.de
O1 - Hosts: 69.15.98.210 bw7.sparkasse-banking.de
O1 - Hosts: 69.15.98.210 ww2.homebanking-sparkasse.de
O1 - Hosts: 69.15.98.210 ww2.vr-networld-ebanking.de
O1 - Hosts: 69.15.98.210 ww.bics.fr
O1 - Hosts: 69.15.98.210 www.co.caixabank.fr
O1 - Hosts: 69.15.98.210 ww.creditmutuel.fr
O1 - Hosts: 69.15.98.210 internetbank.intesabci.it
O1 - Hosts: 69.15.98.210 ww.extensive.bancalombarda.it
O2 - BHO: BHObj Class - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - C:\WINDOWS\nem220.dll
O2 - BHO: SABHO - {21B4ACC4-8874-4AEC-AEAC-F567A249B4D4} - c:\program files\180searchassistant\salmhook.dll
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [*Winsock] wtyssock.exe
O4 - HKLM\..\Run: [Media Gateway] C:\Program Files\Media Gateway\MediaGateway.exe
O4 - HKLM\..\Run: [ms ownage] winPE.exe
O4 - HKLM\..\Run: [salm] c:\program files\180searchassistant\salm.exe
O4 - HKLM\..\Run: [apwt] C:\WINDOWS\apwt.exe
O4 - HKLM\..\Run: [i1vkruup] C:\WINDOWS\System32\i1vkruup.exe
O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"
O4 - HKLM\..\Run: [Rikwcv] C:\Program Files\Rjoujch\Gtpqxa.exe
O4 - HKLM\..\RunServices: [*Winsock] wtyssock.exe
O4 - HKLM\..\RunServices: [ms ownage] winPE.exe
O16 - DPF: {99410CDE-6F16-42ce-9D49-3807F78F0287} (ClientInstaller Class) - http://www.180searchassistant.com/180saax.cab
O23 - Service: Net Functions Monitoring (Netmon) - Unknown owner - C:\WINDOWS\System32\Netmon.exe
----------------------------------------------------------------------------
¤Recherche et supprime ceci:
attention seulement les fichiers (si present)
c:\program files\180searchassistant
ALCXMNTR.EXE
wtyssock.exe
C:\Program Files\Media Gateway
winPE.exe
C:\WINDOWS\System32\i1vkruup.exe
C:\Program Files\Internet Optimizer
C:\Program Files\Rjoujch
C:\WINDOWS\System32\Netmon.exe
----------------------------------------------------------------------------
¤Arrete ces services :
Click sur Démarrer->exécuter->tape: services.msc
Double-clique: Service: Net Functions Monitoring
Règle-le sur "Arrêté" et "Désactivé".
----------------------------------------------------------------------------
¤ Passe adaware et vire tous se qu il trouve
----------------------------------------------------------------------------
¤ Passe spybot et vire tous se qu il trouve
----------------------------------------------------------------------------
> Tu vide ta poubelle et tu redémarre en mode normal et refait un Hijack
Précise tes soucis si il en restes....
Tiens moi au courant
a+
Méthode a suivre dans l'ordre...
----------------------------------------------------------------------------
¤Télécharge ces logiciels mais que tu n utilises pas tout de suite:
1/Spybot S&D 1.4 <<nouvelle version
http://www.safer-networking.org/fr/index.html
Démo d utilisation (merci a Balltrap34 pour cette réalisation)
http://pageperso.aol.fr/Balltrap34/demo%20spybot.htm
2/Ad-Aware SE 1.06 <<nouvelle version
http://www.lavasoftusa.com/software/adaware/
-Une aide:
http://www.tutopat.com/viewtopic.php?t=1191
- installe le patch français, tu pourra le trouver ici:
http://download.lavasoft.de.edgesuite.net/public/pllangs.exe
et une petite vidéo ici d'utilisation:(merci a Moe31 pour cette réalisation)
http://pageperso.aol.fr/balltrap34/adawrevid.asf
3/Clean Up 40:
http://pageperso.aol.fr/balltrap34/CleanUp40.exe
-aide en image:(merci a Balltrap34)
http://pageperso.aol.fr/balltrap34/democleanup.htm
----------------------------------------------------------------------------
¤Démarre en mode sans échec :
Pour cela, tu tapote la touche F8 des le début de l allumage du pc sans t arrêter
Une fenêtre va s’ouvrir tu te déplaces avec les flèches du clavier sur démarrer en mode sans échec puis tape entrée.
Une fois sur le bureau si il n y a pas toutes les couleurs et autres c est normal !
(Si F8 ne marche pas utilise la touche F5)
----------------------------------------------------------------------------
¤Désactive ta restauration système:
Clic droit sur poste de travail puis,
propriété, tu clique sur onglet restauration système
tu coche la case désactiver la restauration et applique
----------------------------------------------------------------------------
¤Affiche tous les fichiers et dossiers :
Clique sur démarrer/panneau de configuration/option des dossiers/affichage
Cocher afficher les dossiers cacher
Décoche la case "Masquer les fichiers protégés du système d'exploitation (recommandé)"
Décocher masquer les extensions dont le type est connu
Puis fais «Ok» pour valider les changements.
Et appliquer !
----------------------------------------------------------------------------
¤Vide tes fichiers temps et tempory internet file:
utilise ceci pour le faire (tu as télécharger avant)
http://pageperso.aol.fr/balltrap34/CleanUp40.exe
----------------------------------------------------------------------------
¤Relance Hijack This, coche les cases devant ces lignes et ensuite click sur fix checked :
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O1 - Hosts: 69.15.98.210 onlineaccounts2.abbeynational.co.uk
O1 - Hosts: 69.15.98.210 www3.aibgbonline.co.uk
O1 - Hosts: 69.15.98.210 www.bank.alliance-leicester.co.uk
O1 - Hosts: 69.15.98.210 login.iblogin.com
O1 - Hosts: 69.15.98.210 ww2.bankofscotlandhalifax-online.co.uk
O1 - Hosts: 69.15.98.210 inet.barclays.co.uk
O1 - Hosts: 69.15.98.210 iibank.barclays.co.uk
O1 - Hosts: 69.15.98.210 iibank.cahoot.com
O1 - Hosts: 69.15.98.210 www3.coventrybuildingsociety.co.uk
O1 - Hosts: 69.15.98.210 ww.hsbc.co.uk
O1 - Hosts: 69.15.98.210 login.ebank.offshore.hsbc.co.je
O1 - Hosts: 69.15.98.210 ww3.online-offshore.lloydstsb.com
O1 - Hosts: 69.15.98.210 ww3.online-business.lloydstsb.co.uk
O1 - Hosts: 69.15.98.210 ww3.online.lloydstsb.co.uk
O1 - Hosts: 69.15.98.210 ww3.online.lloydstsb.co.uk
O1 - Hosts: 69.15.98.210 ww3.online-business.lloydstsb.co.uk
O1 - Hosts: 69.15.98.210 ob2.nationet.com
O1 - Hosts: 69.15.98.210 ww3.onlinebanking.natwestoffshore.com
O1 - Hosts: 69.15.98.210 ww1.nwolb.com
O1 - Hosts: 69.15.98.210 ww1.onlinebanking.iombank.com
O1 - Hosts: 69.15.98.210 ww1.www.rbsdigital.com
O1 - Hosts: 69.15.98.210 welcome.smile.co.uk
O1 - Hosts: 69.15.98.210 login.365online.com
O1 - Hosts: 69.15.98.210 wvw.citizensbankonline.com
O1 - Hosts: 69.15.98.210 esecure.regionsnet.com
O1 - Hosts: 69.15.98.210 rollb.associatedbank.com
O1 - Hosts: 69.15.98.210 upb.unionplanters.com
O1 - Hosts: 69.15.98.210 www.onlinebanking.huntington.com
O1 - Hosts: 69.15.98.210 inet.southtrustonlinebanking.com
O1 - Hosts: 69.15.98.210 logon.personal.wamu.com
O1 - Hosts: 69.15.98.210 login.compassweb.com
O1 - Hosts: 69.15.98.210 logon.firstmeritib.com
O1 - Hosts: 69.15.98.210 login.ccfcuonline.org
O1 - Hosts: 69.15.98.210 ww3.etimebanker.bankofthewest.com
O1 - Hosts: 69.15.98.210 ww2.onlinebanking.lasallebank.com
O1 - Hosts: 69.15.98.210 wvw.totallyfreebanking.com
O1 - Hosts: 69.15.98.210 www.online.wellsfargo.com
O1 - Hosts: 69.15.98.210 www.onlinebanking.bankofoklahoma.com
O1 - Hosts: 69.15.98.210 accounts4.keybank.com
O1 - Hosts: 69.15.98.210 logon.bankone.com
O1 - Hosts: 69.15.98.210 www.secure.tdbanknorth.com
O1 - Hosts: 69.15.98.210 www.secure.mvnt4.com
O1 - Hosts: 69.15.98.210 ww.mynfbonline.com
O1 - Hosts: 69.15.98.210 login.forumcuonline.com
O1 - Hosts: 69.15.98.210 www.eds.usersonlnet.com
O1 - Hosts: 69.15.98.210 www.onlineid.bankofamerica.com
O1 - Hosts: 69.15.98.210 wvw.e-gold.com
O1 - Hosts: 69.15.98.210 pcbs.peoples.com
O1 - Hosts: 69.15.98.210 www.global1.onlinebank.com
O1 - Hosts: 69.15.98.210 ww2.mybranch.lafcu.com
O1 - Hosts: 69.15.98.210 login.webbanking.comerica.com
O1 - Hosts: 69.15.98.210 web.banking.firsttennessee.com
O1 - Hosts: 69.15.98.210 logon.members1st.org
O1 - Hosts: 69.15.98.210 www.cib.ibanking-services.com
O1 - Hosts: 69.15.98.210 www.miwebbusbank.ebanking-services.com
O1 - Hosts: 69.15.98.210 wvw.paypal.com
O1 - Hosts: 69.15.98.210 www.signin.ebay.com
O1 - Hosts: 69.15.98.210 wvw.etrade.com
O1 - Hosts: 69.15.98.210 ww4.fleethomelink.fleet.com
O1 - Hosts: 69.15.98.210 ww3.connect.skyfi.com
O1 - Hosts: 69.15.98.210 www6.usbank.com
O1 - Hosts: 69.15.98.210 www.bvi.bancodevalencia.es
O1 - Hosts: 69.15.98.210 extrant.banesto.es
O1 - Hosts: 69.15.98.210 banesnt.banesto.es
O1 - Hosts: 69.15.98.210 activia.caixagalicia.es
O1 - Hosts: 69.15.98.210 www.bancae.caixapenedes.com
O1 - Hosts: 69.15.98.210 login.caixasabadell.net
O1 - Hosts: 69.15.98.210 oii.cajamadrid.es
O1 - Hosts: 69.15.98.210 login.cajamar.es
O1 - Hosts: 69.15.98.210 login.ccm.es
O1 - Hosts: 69.15.98.210 ww.unicaja.es
O1 - Hosts: 69.15.98.210 www5.bancopopular.es
O1 - Hosts: 69.15.98.210 ww3.bbvanet.com
O1 - Hosts: 69.15.98.210 ww.bayernlb.de
O1 - Hosts: 69.15.98.210 ww2.berliner-volksbank.de
O1 - Hosts: 69.15.98.210 ww7.homebanking-berlin.de
O1 - Hosts: 69.15.98.210 portal09.commerzbanking.de
O1 - Hosts: 69.15.98.210 www.meine.deutsche-bank.de
O1 - Hosts: 69.15.98.210 ww2.dresdner-privat.de
O1 - Hosts: 69.15.98.210 ww.e-banking.helaba.de
O1 - Hosts: 69.15.98.210 ww.hsh-nordbank.de
O1 - Hosts: 69.15.98.210 www.my.hypovereinsbank.de
O1 - Hosts: 69.15.98.210 ww3.homebanking-berlin.de
O1 - Hosts: 69.15.98.210 ww3.homebanking-berlin.de
O1 - Hosts: 69.15.98.210 www.banking.lbbw.de
O1 - Hosts: 69.15.98.210 lrp.sparkasse-banking.de
O1 - Hosts: 69.15.98.210 ww3.homebanking-niedersachsen.de
O1 - Hosts: 69.15.98.210 www.onlinebanking.norisbank.de
O1 - Hosts: 69.15.98.210 www.banking.postbank.de
O1 - Hosts: 69.15.98.210 wvw.internetbanking.gad.de
O1 - Hosts: 69.15.98.210 ww1.portal.izb.de
O1 - Hosts: 69.15.98.210 wvw.kunden-service.lbs.de
O1 - Hosts: 69.15.98.210 ibanking.seb.de
O1 - Hosts: 69.15.98.210 bw7.sparkasse-banking.de
O1 - Hosts: 69.15.98.210 ww2.homebanking-sparkasse.de
O1 - Hosts: 69.15.98.210 ww2.vr-networld-ebanking.de
O1 - Hosts: 69.15.98.210 ww.bics.fr
O1 - Hosts: 69.15.98.210 www.co.caixabank.fr
O1 - Hosts: 69.15.98.210 ww.creditmutuel.fr
O1 - Hosts: 69.15.98.210 internetbank.intesabci.it
O1 - Hosts: 69.15.98.210 ww.extensive.bancalombarda.it
O2 - BHO: BHObj Class - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - C:\WINDOWS\nem220.dll
O2 - BHO: SABHO - {21B4ACC4-8874-4AEC-AEAC-F567A249B4D4} - c:\program files\180searchassistant\salmhook.dll
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [*Winsock] wtyssock.exe
O4 - HKLM\..\Run: [Media Gateway] C:\Program Files\Media Gateway\MediaGateway.exe
O4 - HKLM\..\Run: [ms ownage] winPE.exe
O4 - HKLM\..\Run: [salm] c:\program files\180searchassistant\salm.exe
O4 - HKLM\..\Run: [apwt] C:\WINDOWS\apwt.exe
O4 - HKLM\..\Run: [i1vkruup] C:\WINDOWS\System32\i1vkruup.exe
O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"
O4 - HKLM\..\Run: [Rikwcv] C:\Program Files\Rjoujch\Gtpqxa.exe
O4 - HKLM\..\RunServices: [*Winsock] wtyssock.exe
O4 - HKLM\..\RunServices: [ms ownage] winPE.exe
O16 - DPF: {99410CDE-6F16-42ce-9D49-3807F78F0287} (ClientInstaller Class) - http://www.180searchassistant.com/180saax.cab
O23 - Service: Net Functions Monitoring (Netmon) - Unknown owner - C:\WINDOWS\System32\Netmon.exe
----------------------------------------------------------------------------
¤Recherche et supprime ceci:
attention seulement les fichiers (si present)
c:\program files\180searchassistant
ALCXMNTR.EXE
wtyssock.exe
C:\Program Files\Media Gateway
winPE.exe
C:\WINDOWS\System32\i1vkruup.exe
C:\Program Files\Internet Optimizer
C:\Program Files\Rjoujch
C:\WINDOWS\System32\Netmon.exe
----------------------------------------------------------------------------
¤Arrete ces services :
Click sur Démarrer->exécuter->tape: services.msc
Double-clique: Service: Net Functions Monitoring
Règle-le sur "Arrêté" et "Désactivé".
----------------------------------------------------------------------------
¤ Passe adaware et vire tous se qu il trouve
----------------------------------------------------------------------------
¤ Passe spybot et vire tous se qu il trouve
----------------------------------------------------------------------------
> Tu vide ta poubelle et tu redémarre en mode normal et refait un Hijack
Précise tes soucis si il en restes....
Tiens moi au courant
a+
