mail piraté

Aucune réponse

riri-13

10/02/2011 à 14:25

Bonjour,
mes contacts recoivent des mails de vente à partir de mon mail yahoo.
mon avg antivirus n'a rien trouvé, c cleaner effectué.
Que puis-je faire de plus ?

je vous donne l'analyse d'Hijack ci dessous.
merci de vos conseils.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:49:28, on 15/03/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\Dwm.exe
C:\WINDOWS\system32\taskeng.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\WindowsMobile\wmdc.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\MP4 Player\Mp4Player.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\WINDOWS\System32\mobsync.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.yahoo.com/search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: DgnWebIE - {2843DAC1-05EF-11D2-95BA-0060083493D6} - C:\Program Files\Dragon Systems\NaturallySpeaking\Program\web_ie.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\SBAudigy\Volume Panel\VolPanlu.exe" /r
O4 - HKLM\..\Run: [P17RunE] RunDll32 P17RunE.dll,RunDLLEntry
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\WINDOWS\ehome\ehTray.exe
O4 - HKCU\..\Run: [MP4 Player] "C:\Program Files\MP4 Player\mp4Player.exe" hmw
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [DocteurNet] C:\Program Files\Medsys\DocteurNetHprim\DocteurNet.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Nikon Monitor.lnk = C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O17 - HKLM\System\CCS\Services\Tcpip\..\{7B1A2EC6-EFEE-41E3-8812-28A7F928CFB8}: NameServer = 212.27.54.252,212.27.53.252
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvvsvc.exe
O23 - Service: SiSoftware Deployment Agent Service (SandraAgentSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2009.SP1b\RpcAgentSrv.exe

--
End of file - 6940 bytes

2 réponses

seza

10/02/2011 à 16:35

riri-13 a écrit le 10/02/2011 à 14h25 :

Bonjour,
mes contacts recoivent des mails de vente à partir de mon mail yahoo.
mon avg antivirus n'a rien trouvé, c cleaner effectué.
Que puis-je faire de plus ?

je vous donne l'analyse d'Hijack ci dessous.
merci de vos conseils.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:49:28, on 15/03/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:WINDOWSsystem32Dwm.exe
C:WINDOWSsystem32taskeng.exe
C:WINDOWSExplorer.EXE
C:Program FilesWindows DefenderMSASCui.exe
C:WINDOWSSystem32rundll32.exe
C:WINDOWSWindowsMobilewmdc.exe
C:Program FilesAVGAVG8avgtray.exe
C:WINDOWSSystem32rundll32.exe
C:Program FilesWindows Sidebarsidebar.exe
C:WINDOWSehomeehtray.exe
C:Program FilesMP4 PlayerMp4Player.exe
C:Windowsehomeehmsas.exe
C:Program FilesWindows Media Playerwmpnscfg.exe
C:WINDOWSSystem32mobsync.exe
C:Program FilesLogitechSetPointSetPoint.exe
C:Program FilesCommon FilesNikonMonitorNkMonitor.exe
C:Program FilesCommon FilesLogitechKHALKHALMNPR.EXE
C:WINDOWSsystem32wbemunsecapp.exe
C:Program FilesTrend MicroHijackThisHijackThis.exe

R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Bar =
http://www.yahoo.com/search/ie.html
R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page =
http://go.microsoft.com/fwlink/?LinkIdT896
R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page =
http://go.microsoft.com/fwlink/?LinkIdi157
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkIdi157
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkIdT896
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page =
http://go.microsoft.com/fwlink/?LinkIdT896
R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page =
http://go.microsoft.com/fwlink/?LinkIdi157
R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant =
R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,CustomizeSearch =
R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Local Page =
R1 - HKCUSoftwareMicrosoftWindowsCurrentVersionInternet
Settings,ProxyOverride = *.local
R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Aide pour le lien d'Adobe PDF Reader -
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:Program FilesCommon
FilesAdobeAcrobatActiveXAcroIEHelper.dll
O2 - BHO: DgnWebIE - {2843DAC1-05EF-11D2-95BA-0060083493D6} - C:Program
FilesDragon SystemsNaturallySpeakingProgramweb_ie.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer -
{3049C3E9-B461-4BC5-8870-4C09146192CA} - C:Program
FilesRealRealPlayerrpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter -
{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:Program FilesAVGAVG8avgssie.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
- C:Program FilesJavajre6binssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live -
{9030D464-4C02-4ABF-8ECC-5164760863C6} - C:Program FilesCommon
FilesMicrosoft SharedWindows LiveWindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} -
C:PROGRA~1AVGAVG8AVGTOO~1.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper -
{DBC80044-A445-435b-BC74-9C25C1C588A9} - C:Program
FilesJavajre6binjp2ssv.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} -
C:PROGRA~1AVGAVG8AVGTOO~1.DLL
O4 - HKLM..Run: [Windows Defender] %ProgramFiles%Windows
DefenderMSASCui.exe -hide
O4 - HKLM..Run: [NvCplDaemon] RUNDLL32.EXE
C:Windowssystem32NvCpl.dll,NvStartup
O4 - HKLM..Run: [NvMediaCenter] RUNDLL32.EXE
C:Windowssystem32NvMcTray.dll,NvTaskbarInit
O4 - HKLM..Run: [Windows Mobile Device Center]
%windir%WindowsMobilewmdc.exe
O4 - HKLM..Run: [AVG8_TRAY] C:PROGRA~1AVGAVG8avgtray.exe
O4 - HKLM..Run: [VolPanel] "C:Program FilesCreativeSBAudigyVolume
PanelVolPanlu.exe" /r
O4 - HKLM..Run: [P17RunE] RunDll32 P17RunE.dll,RunDLLEntry
O4 - HKLM..Run: [UpdReg] C:WINDOWSUpdReg.EXE
O4 - HKCU..Run: [Sidebar] C:Program FilesWindows Sidebarsidebar.exe
/autoRun
O4 - HKCU..Run: [ehTray.exe] C:WINDOWSehomeehTray.exe
O4 - HKCU..Run: [MP4 Player] "C:Program FilesMP4
Playermp4Player.exe" hmw
O4 - HKCU..Run: [WMPNSCFG] C:Program FilesWindows Media
PlayerWMPNSCFG.exe
O4 - HKCU..Run: [DocteurNet] C:Program
FilesMedsysDocteurNetHprimDocteurNet.exe
O4 - HKUSS-1-5-19..Run: [Sidebar] %ProgramFiles%Windows SidebarSidebar.exe
/detectMem (User 'SERVICE LOCAL')
O4 - HKUSS-1-5-19..Run: [WindowsWelcomeCenter] rundll32.exe
oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUSS-1-5-20..Run: [Sidebar] %ProgramFiles%Windows SidebarSidebar.exe
/detectMem (User 'SERVICE RÉSEAU')
O4 - Global Startup: Logitech SetPoint.lnk = C:Program
FilesLogitechSetPointSetPoint.exe
O4 - Global Startup: Nikon Monitor.lnk = C:Program FilesCommon
FilesNikonMonitorNkMonitor.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel -
res://C:PROGRA~1MICROS~2Office12EXCEL.EXE/3000
O9 - Extra button: @C:WindowsWindowsMobileINetRepl.dll,-222 -
{2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:WindowsWindowsMobileINetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} -
C:WindowsWindowsMobileINetRepl.dll
O9 - Extra 'Tools' menuitem: @C:WindowsWindowsMobileINetRepl.dll,-223 -
{2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:WindowsWindowsMobileINetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -
C:PROGRA~1MICROS~2Office12REFIEBAR.DLL
O13 - Gopher Prefix:
O17 - HKLMSystemCCSServicesTcpip..{7B1A2EC6-EFEE-41E3-8812-28A7F928CFB8}:
NameServer = 212.27.54.252,212.27.53.252
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -
C:Program FilesAVGAVG8avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:Program FilesCommon
FilesAppleMobile Device SupportbinAppleMobileDeviceService.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. -
C:PROGRA~1AVGAVG8avgwdsvc.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:Program
FilesBonjourmDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation
- C:Program FilesCommon FilesInstallShieldDriver11Intel 32IDriverT.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:Program
FilesiPodbiniPodService.exe
O23 - Service: NMSAccessU - Unknown owner - C:Program
FilesCDBurnerXPNMSAccessU.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation -
C:WINDOWSsystem32nvvsvc.exe
O23 - Service: SiSoftware Deployment Agent Service (SandraAgentSrv) -
SiSoftware - C:Program FilesSiSoftwareSiSoftware Sandra Lite
2009.SP1bRpcAgentSrv.exe

--
End of file - 6940 bytes

Bonjour,
essaie de changer ton mot de passe, ça ne vient peut-être pas de ton ordinateur mais d'un ordinateur qui à pirater ton e-mail et s'en sert pour envoyer des pubs

riri-13 a écrit le 10/02/2011 à 14h25 :

Bonjour,
mes contacts recoivent des mails de vente à partir de mon mail yahoo.
mon avg antivirus n'a rien trouvé, c cleaner effectué.
Que puis-je faire de plus ?

je vous donne l'analyse d'Hijack ci dessous.
merci de vos conseils.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:49:28, on 15/03/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:WINDOWSsystem32Dwm.exe
C:WINDOWSsystem32taskeng.exe
C:WINDOWSExplorer.EXE
C:Program FilesWindows DefenderMSASCui.exe
C:WINDOWSSystem32rundll32.exe
C:WINDOWSWindowsMobilewmdc.exe
C:Program FilesAVGAVG8avgtray.exe
C:WINDOWSSystem32rundll32.exe
C:Program FilesWindows Sidebarsidebar.exe
C:WINDOWSehomeehtray.exe
C:Program FilesMP4 PlayerMp4Player.exe
C:Windowsehomeehmsas.exe
C:Program FilesWindows Media Playerwmpnscfg.exe
C:WINDOWSSystem32mobsync.exe
C:Program FilesLogitechSetPointSetPoint.exe
C:Program FilesCommon FilesNikonMonitorNkMonitor.exe
C:Program FilesCommon FilesLogitechKHALKHALMNPR.EXE
C:WINDOWSsystem32wbemunsecapp.exe
C:Program FilesTrend MicroHijackThisHijackThis.exe

R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Bar =
http://www.yahoo.com/search/ie.html
R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page =
http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page =
http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant =
R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,CustomizeSearch =
R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Local Page =
R1 - HKCUSoftwareMicrosoftWindowsCurrentVersionInternet
Settings,ProxyOverride = *.local
R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Aide pour le lien d'Adobe PDF Reader -
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:Program FilesCommon
FilesAdobeAcrobatActiveXAcroIEHelper.dll
O2 - BHO: DgnWebIE - {2843DAC1-05EF-11D2-95BA-0060083493D6} - C:Program
FilesDragon SystemsNaturallySpeakingProgramweb_ie.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer -
{3049C3E9-B461-4BC5-8870-4C09146192CA} - C:Program
FilesRealRealPlayerrpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter -
{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:Program FilesAVGAVG8avgssie.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
- C:Program FilesJavajre6binssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live -
{9030D464-4C02-4ABF-8ECC-5164760863C6} - C:Program FilesCommon
FilesMicrosoft SharedWindows LiveWindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} -
C:PROGRA~1AVGAVG8AVGTOO~1.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper -
{DBC80044-A445-435b-BC74-9C25C1C588A9} - C:Program
FilesJavajre6binjp2ssv.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} -
C:PROGRA~1AVGAVG8AVGTOO~1.DLL
O4 - HKLM..Run: [Windows Defender] %ProgramFiles%Windows
DefenderMSASCui.exe -hide
O4 - HKLM..Run: [NvCplDaemon] RUNDLL32.EXE
C:Windowssystem32NvCpl.dll,NvStartup
O4 - HKLM..Run: [NvMediaCenter] RUNDLL32.EXE
C:Windowssystem32NvMcTray.dll,NvTaskbarInit
O4 - HKLM..Run: [Windows Mobile Device Center]
%windir%WindowsMobilewmdc.exe
O4 - HKLM..Run: [AVG8_TRAY] C:PROGRA~1AVGAVG8avgtray.exe
O4 - HKLM..Run: [VolPanel] "C:Program FilesCreativeSBAudigyVolume
PanelVolPanlu.exe" /r
O4 - HKLM..Run: [P17RunE] RunDll32 P17RunE.dll,RunDLLEntry
O4 - HKLM..Run: [UpdReg] C:WINDOWSUpdReg.EXE
O4 - HKCU..Run: [Sidebar] C:Program FilesWindows Sidebarsidebar.exe
/autoRun
O4 - HKCU..Run: [ehTray.exe] C:WINDOWSehomeehTray.exe
O4 - HKCU..Run: [MP4 Player] "C:Program FilesMP4
Playermp4Player.exe" hmw
O4 - HKCU..Run: [WMPNSCFG] C:Program FilesWindows Media
PlayerWMPNSCFG.exe
O4 - HKCU..Run: [DocteurNet] C:Program
FilesMedsysDocteurNetHprimDocteurNet.exe
O4 - HKUSS-1-5-19..Run: [Sidebar] %ProgramFiles%Windows SidebarSidebar.exe
/detectMem (User 'SERVICE LOCAL')
O4 - HKUSS-1-5-19..Run: [WindowsWelcomeCenter] rundll32.exe
oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUSS-1-5-20..Run: [Sidebar] %ProgramFiles%Windows SidebarSidebar.exe
/detectMem (User 'SERVICE RÉSEAU')
O4 - Global Startup: Logitech SetPoint.lnk = C:Program
FilesLogitechSetPointSetPoint.exe
O4 - Global Startup: Nikon Monitor.lnk = C:Program FilesCommon
FilesNikonMonitorNkMonitor.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel -
res://C:PROGRA~1MICROS~2Office12EXCEL.EXE/3000
O9 - Extra button: @C:WindowsWindowsMobileINetRepl.dll,-222 -
{2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:WindowsWindowsMobileINetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} -
C:WindowsWindowsMobileINetRepl.dll
O9 - Extra 'Tools' menuitem: @C:WindowsWindowsMobileINetRepl.dll,-223 -
{2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:WindowsWindowsMobileINetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -
C:PROGRA~1MICROS~2Office12REFIEBAR.DLL
O13 - Gopher Prefix:
O17 - HKLMSystemCCSServicesTcpip..{7B1A2EC6-EFEE-41E3-8812-28A7F928CFB8}:
NameServer = 212.27.54.252,212.27.53.252
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -
C:Program FilesAVGAVG8avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:Program FilesCommon
FilesAppleMobile Device SupportbinAppleMobileDeviceService.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. -
C:PROGRA~1AVGAVG8avgwdsvc.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:Program
FilesBonjourmDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation
- C:Program FilesCommon FilesInstallShieldDriver11Intel 32IDriverT.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:Program
FilesiPodbiniPodService.exe
O23 - Service: NMSAccessU - Unknown owner - C:Program
FilesCDBurnerXPNMSAccessU.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation -
C:WINDOWSsystem32nvvsvc.exe
O23 - Service: SiSoftware Deployment Agent Service (SandraAgentSrv) -
SiSoftware - C:Program FilesSiSoftwareSiSoftware Sandra Lite
2009.SP1bRpcAgentSrv.exe

--
End of file - 6940 bytes

Bonjour,
essaie de changer ton mot de passe, ça ne vient peut-être pas de ton ordinateur mais d'un ordinateur qui à pirater ton e-mail et s'en sert pour envoyer des pubs

Vous avez filtré cet utilisateur ! Consultez son message

riri-13 a écrit le 10/02/2011 à 14h25 :

Bonjour,
mes contacts recoivent des mails de vente à partir de mon mail yahoo.
mon avg antivirus n'a rien trouvé, c cleaner effectué.
Que puis-je faire de plus ?

je vous donne l'analyse d'Hijack ci dessous.
merci de vos conseils.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:49:28, on 15/03/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:WINDOWSsystem32Dwm.exe
C:WINDOWSsystem32taskeng.exe
C:WINDOWSExplorer.EXE
C:Program FilesWindows DefenderMSASCui.exe
C:WINDOWSSystem32rundll32.exe
C:WINDOWSWindowsMobilewmdc.exe
C:Program FilesAVGAVG8avgtray.exe
C:WINDOWSSystem32rundll32.exe
C:Program FilesWindows Sidebarsidebar.exe
C:WINDOWSehomeehtray.exe
C:Program FilesMP4 PlayerMp4Player.exe
C:Windowsehomeehmsas.exe
C:Program FilesWindows Media Playerwmpnscfg.exe
C:WINDOWSSystem32mobsync.exe
C:Program FilesLogitechSetPointSetPoint.exe
C:Program FilesCommon FilesNikonMonitorNkMonitor.exe
C:Program FilesCommon FilesLogitechKHALKHALMNPR.EXE
C:WINDOWSsystem32wbemunsecapp.exe
C:Program FilesTrend MicroHijackThisHijackThis.exe

R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Bar =
http://www.yahoo.com/search/ie.html
R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page =
http://go.microsoft.com/fwlink/?LinkIdT896
R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page =
http://go.microsoft.com/fwlink/?LinkIdi157
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkIdi157
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkIdT896
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page =
http://go.microsoft.com/fwlink/?LinkIdT896
R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page =
http://go.microsoft.com/fwlink/?LinkIdi157
R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant =
R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,CustomizeSearch =
R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Local Page =
R1 - HKCUSoftwareMicrosoftWindowsCurrentVersionInternet
Settings,ProxyOverride = *.local
R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Aide pour le lien d'Adobe PDF Reader -
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:Program FilesCommon
FilesAdobeAcrobatActiveXAcroIEHelper.dll
O2 - BHO: DgnWebIE - {2843DAC1-05EF-11D2-95BA-0060083493D6} - C:Program
FilesDragon SystemsNaturallySpeakingProgramweb_ie.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer -
{3049C3E9-B461-4BC5-8870-4C09146192CA} - C:Program
FilesRealRealPlayerrpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter -
{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:Program FilesAVGAVG8avgssie.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
- C:Program FilesJavajre6binssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live -
{9030D464-4C02-4ABF-8ECC-5164760863C6} - C:Program FilesCommon
FilesMicrosoft SharedWindows LiveWindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} -
C:PROGRA~1AVGAVG8AVGTOO~1.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper -
{DBC80044-A445-435b-BC74-9C25C1C588A9} - C:Program
FilesJavajre6binjp2ssv.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} -
C:PROGRA~1AVGAVG8AVGTOO~1.DLL
O4 - HKLM..Run: [Windows Defender] %ProgramFiles%Windows
DefenderMSASCui.exe -hide
O4 - HKLM..Run: [NvCplDaemon] RUNDLL32.EXE
C:Windowssystem32NvCpl.dll,NvStartup
O4 - HKLM..Run: [NvMediaCenter] RUNDLL32.EXE
C:Windowssystem32NvMcTray.dll,NvTaskbarInit
O4 - HKLM..Run: [Windows Mobile Device Center]
%windir%WindowsMobilewmdc.exe
O4 - HKLM..Run: [AVG8_TRAY] C:PROGRA~1AVGAVG8avgtray.exe
O4 - HKLM..Run: [VolPanel] "C:Program FilesCreativeSBAudigyVolume
PanelVolPanlu.exe" /r
O4 - HKLM..Run: [P17RunE] RunDll32 P17RunE.dll,RunDLLEntry
O4 - HKLM..Run: [UpdReg] C:WINDOWSUpdReg.EXE
O4 - HKCU..Run: [Sidebar] C:Program FilesWindows Sidebarsidebar.exe
/autoRun
O4 - HKCU..Run: [ehTray.exe] C:WINDOWSehomeehTray.exe
O4 - HKCU..Run: [MP4 Player] "C:Program FilesMP4
Playermp4Player.exe" hmw
O4 - HKCU..Run: [WMPNSCFG] C:Program FilesWindows Media
PlayerWMPNSCFG.exe
O4 - HKCU..Run: [DocteurNet] C:Program
FilesMedsysDocteurNetHprimDocteurNet.exe
O4 - HKUSS-1-5-19..Run: [Sidebar] %ProgramFiles%Windows SidebarSidebar.exe
/detectMem (User 'SERVICE LOCAL')
O4 - HKUSS-1-5-19..Run: [WindowsWelcomeCenter] rundll32.exe
oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUSS-1-5-20..Run: [Sidebar] %ProgramFiles%Windows SidebarSidebar.exe
/detectMem (User 'SERVICE RÉSEAU')
O4 - Global Startup: Logitech SetPoint.lnk = C:Program
FilesLogitechSetPointSetPoint.exe
O4 - Global Startup: Nikon Monitor.lnk = C:Program FilesCommon
FilesNikonMonitorNkMonitor.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel -
res://C:PROGRA~1MICROS~2Office12EXCEL.EXE/3000
O9 - Extra button: @C:WindowsWindowsMobileINetRepl.dll,-222 -
{2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:WindowsWindowsMobileINetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} -
C:WindowsWindowsMobileINetRepl.dll
O9 - Extra 'Tools' menuitem: @C:WindowsWindowsMobileINetRepl.dll,-223 -
{2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:WindowsWindowsMobileINetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -
C:PROGRA~1MICROS~2Office12REFIEBAR.DLL
O13 - Gopher Prefix:
O17 - HKLMSystemCCSServicesTcpip..{7B1A2EC6-EFEE-41E3-8812-28A7F928CFB8}:
NameServer = 212.27.54.252,212.27.53.252
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -
C:Program FilesAVGAVG8avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:Program FilesCommon
FilesAppleMobile Device SupportbinAppleMobileDeviceService.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. -
C:PROGRA~1AVGAVG8avgwdsvc.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:Program
FilesBonjourmDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation
- C:Program FilesCommon FilesInstallShieldDriver11Intel 32IDriverT.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:Program
FilesiPodbiniPodService.exe
O23 - Service: NMSAccessU - Unknown owner - C:Program
FilesCDBurnerXPNMSAccessU.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation -
C:WINDOWSsystem32nvvsvc.exe
O23 - Service: SiSoftware Deployment Agent Service (SandraAgentSrv) -
SiSoftware - C:Program FilesSiSoftwareSiSoftware Sandra Lite
2009.SP1bRpcAgentSrv.exe

--
End of file - 6940 bytes

Bonjour,
essaie de changer ton mot de passe, ça ne vient peut-être pas de ton ordinateur mais d'un ordinateur qui à pirater ton e-mail et s'en sert pour envoyer des pubs

riri-13

11/02/2011 à 14:24

seza a écrit le 10/02/2011 à 16h35 :

riri-13 a écrit le 10/02/2011 à 14h25 :
Bonjour,
mes contacts recoivent des mails de vente à partir de mon mail yahoo.
mon avg antivirus n'a rien trouvé, c cleaner effectué.
Que puis-je faire de plus ?

je vous donne l'analyse d'Hijack ci dessous.
merci de vos conseils.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:49:28, on 15/03/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:WINDOWSsystem32Dwm.exe
C:WINDOWSsystem32taskeng.exe
C:WINDOWSExplorer.EXE
C:Program FilesWindows DefenderMSASCui.exe
C:WINDOWSSystem32rundll32.exe
C:WINDOWSWindowsMobilewmdc.exe
C:Program FilesAVGAVG8avgtray.exe
C:WINDOWSSystem32rundll32.exe
C:Program FilesWindows Sidebarsidebar.exe
C:WINDOWSehomeehtray.exe
C:Program FilesMP4 PlayerMp4Player.exe
C:Windowsehomeehmsas.exe
C:Program FilesWindows Media Playerwmpnscfg.exe
C:WINDOWSSystem32mobsync.exe
C:Program FilesLogitechSetPointSetPoint.exe
C:Program FilesCommon FilesNikonMonitorNkMonitor.exe
C:Program FilesCommon FilesLogitechKHALKHALMNPR.EXE
C:WINDOWSsystem32wbemunsecapp.exe
C:Program FilesTrend MicroHijackThisHijackThis.exe

R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Bar =
http://www.yahoo.com/search/ie.html
R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page =
http://go.microsoft.com/fwlink/?LinkIdT896
R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page =
http://go.microsoft.com/fwlink/?LinkIdi157
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkIdi157
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkIdT896
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page =
http://go.microsoft.com/fwlink/?LinkIdT896
R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page =
http://go.microsoft.com/fwlink/?LinkIdi157
R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant =
R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,CustomizeSearch =
R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Local Page =
R1 - HKCUSoftwareMicrosoftWindowsCurrentVersionInternet
Settings,ProxyOverride = *.local
R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Aide pour le lien d'Adobe PDF Reader -
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:Program FilesCommon
FilesAdobeAcrobatActiveXAcroIEHelper.dll
O2 - BHO: DgnWebIE - {2843DAC1-05EF-11D2-95BA-0060083493D6} - C:Program
FilesDragon SystemsNaturallySpeakingProgramweb_ie.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer -
{3049C3E9-B461-4BC5-8870-4C09146192CA} - C:Program
FilesRealRealPlayerrpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter -
{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:Program FilesAVGAVG8avgssie.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
- C:Program FilesJavajre6binssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live -
{9030D464-4C02-4ABF-8ECC-5164760863C6} - C:Program FilesCommon
FilesMicrosoft SharedWindows LiveWindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} -
C:PROGRA~1AVGAVG8AVGTOO~1.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper -
{DBC80044-A445-435b-BC74-9C25C1C588A9} - C:Program
FilesJavajre6binjp2ssv.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} -
C:PROGRA~1AVGAVG8AVGTOO~1.DLL
O4 - HKLM..Run: [Windows Defender] %ProgramFiles%Windows
DefenderMSASCui.exe -hide
O4 - HKLM..Run: [NvCplDaemon] RUNDLL32.EXE
C:Windowssystem32NvCpl.dll,NvStartup
O4 - HKLM..Run: [NvMediaCenter] RUNDLL32.EXE
C:Windowssystem32NvMcTray.dll,NvTaskbarInit
O4 - HKLM..Run: [Windows Mobile Device Center]
%windir%WindowsMobilewmdc.exe
O4 - HKLM..Run: [AVG8_TRAY] C:PROGRA~1AVGAVG8avgtray.exe
O4 - HKLM..Run: [VolPanel] "C:Program FilesCreativeSBAudigyVolume
PanelVolPanlu.exe" /r
O4 - HKLM..Run: [P17RunE] RunDll32 P17RunE.dll,RunDLLEntry
O4 - HKLM..Run: [UpdReg] C:WINDOWSUpdReg.EXE
O4 - HKCU..Run: [Sidebar] C:Program FilesWindows Sidebarsidebar.exe
/autoRun
O4 - HKCU..Run: [ehTray.exe] C:WINDOWSehomeehTray.exe
O4 - HKCU..Run: [MP4 Player] "C:Program FilesMP4
Playermp4Player.exe" hmw
O4 - HKCU..Run: [WMPNSCFG] C:Program FilesWindows Media
PlayerWMPNSCFG.exe
O4 - HKCU..Run: [DocteurNet] C:Program
FilesMedsysDocteurNetHprimDocteurNet.exe
O4 - HKUSS-1-5-19..Run: [Sidebar] %ProgramFiles%Windows SidebarSidebar.exe
/detectMem (User 'SERVICE LOCAL')
O4 - HKUSS-1-5-19..Run: [WindowsWelcomeCenter] rundll32.exe
oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUSS-1-5-20..Run: [Sidebar] %ProgramFiles%Windows SidebarSidebar.exe
/detectMem (User 'SERVICE RÉSEAU')
O4 - Global Startup: Logitech SetPoint.lnk = C:Program
FilesLogitechSetPointSetPoint.exe
O4 - Global Startup: Nikon Monitor.lnk = C:Program FilesCommon
FilesNikonMonitorNkMonitor.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel -
res://C:PROGRA~1MICROS~2Office12EXCEL.EXE/3000
O9 - Extra button: @C:WindowsWindowsMobileINetRepl.dll,-222 -
{2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:WindowsWindowsMobileINetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} -
C:WindowsWindowsMobileINetRepl.dll
O9 - Extra 'Tools' menuitem: @C:WindowsWindowsMobileINetRepl.dll,-223 -
{2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:WindowsWindowsMobileINetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -
C:PROGRA~1MICROS~2Office12REFIEBAR.DLL
O13 - Gopher Prefix:
O17 - HKLMSystemCCSServicesTcpip..{7B1A2EC6-EFEE-41E3-8812-28A7F928CFB8}:
NameServer = 212.27.54.252,212.27.53.252
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -
C:Program FilesAVGAVG8avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:Program FilesCommon
FilesAppleMobile Device SupportbinAppleMobileDeviceService.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. -
C:PROGRA~1AVGAVG8avgwdsvc.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:Program
FilesBonjourmDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision
Corporation
- C:Program FilesCommon FilesInstallShieldDriver11Intel 32IDriverT.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:Program
FilesiPodbiniPodService.exe
O23 - Service: NMSAccessU - Unknown owner - C:Program
FilesCDBurnerXPNMSAccessU.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation -
C:WINDOWSsystem32nvvsvc.exe
O23 - Service: SiSoftware Deployment Agent Service (SandraAgentSrv) -
SiSoftware - C:Program FilesSiSoftwareSiSoftware Sandra Lite
2009.SP1bRpcAgentSrv.exe

--
End of file - 6940 bytes

Bonjour,
essaie de changer ton mot de passe, ça ne vient peut-être pas de
ton ordinateur mais d'un ordinateur qui à pirater ton e-mail et s'en
sert pour envoyer des pubs

bonjour
je ne vois pas ma réponse s'afficher alors je recommence.
Merci d'abord pour ta proposition que j'ai effectivement utilisé, je verrai s'il n'y a plus d'envoi intempestif. Sinon, quelqu'un peut-il me donner son avis sur le log d 'hijack de mon pc ?

merci

seza a écrit le 10/02/2011 à 16h35 :

riri-13 a écrit le 10/02/2011 à 14h25 :

Bonjour,
mes contacts recoivent des mails de vente à partir de mon mail yahoo.
mon avg antivirus n'a rien trouvé, c cleaner effectué.
Que puis-je faire de plus ?

je vous donne l'analyse d'Hijack ci dessous.
merci de vos conseils.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:49:28, on 15/03/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:WINDOWSsystem32Dwm.exe
C:WINDOWSsystem32taskeng.exe
C:WINDOWSExplorer.EXE
C:Program FilesWindows DefenderMSASCui.exe
C:WINDOWSSystem32rundll32.exe
C:WINDOWSWindowsMobilewmdc.exe
C:Program FilesAVGAVG8avgtray.exe
C:WINDOWSSystem32rundll32.exe
C:Program FilesWindows Sidebarsidebar.exe
C:WINDOWSehomeehtray.exe
C:Program FilesMP4 PlayerMp4Player.exe
C:Windowsehomeehmsas.exe
C:Program FilesWindows Media Playerwmpnscfg.exe
C:WINDOWSSystem32mobsync.exe
C:Program FilesLogitechSetPointSetPoint.exe
C:Program FilesCommon FilesNikonMonitorNkMonitor.exe
C:Program FilesCommon FilesLogitechKHALKHALMNPR.EXE
C:WINDOWSsystem32wbemunsecapp.exe
C:Program FilesTrend MicroHijackThisHijackThis.exe

R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Bar =
http://www.yahoo.com/search/ie.html
R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page =
http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page =
http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant =
R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,CustomizeSearch =
R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Local Page =
R1 - HKCUSoftwareMicrosoftWindowsCurrentVersionInternet
Settings,ProxyOverride = *.local
R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Aide pour le lien d'Adobe PDF Reader -
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:Program FilesCommon
FilesAdobeAcrobatActiveXAcroIEHelper.dll
O2 - BHO: DgnWebIE - {2843DAC1-05EF-11D2-95BA-0060083493D6} - C:Program
FilesDragon SystemsNaturallySpeakingProgramweb_ie.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer -
{3049C3E9-B461-4BC5-8870-4C09146192CA} - C:Program
FilesRealRealPlayerrpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter -
{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:Program FilesAVGAVG8avgssie.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
- C:Program FilesJavajre6binssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live -
{9030D464-4C02-4ABF-8ECC-5164760863C6} - C:Program FilesCommon
FilesMicrosoft SharedWindows LiveWindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} -
C:PROGRA~1AVGAVG8AVGTOO~1.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper -
{DBC80044-A445-435b-BC74-9C25C1C588A9} - C:Program
FilesJavajre6binjp2ssv.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} -
C:PROGRA~1AVGAVG8AVGTOO~1.DLL
O4 - HKLM..Run: [Windows Defender] %ProgramFiles%Windows
DefenderMSASCui.exe -hide
O4 - HKLM..Run: [NvCplDaemon] RUNDLL32.EXE
C:Windowssystem32NvCpl.dll,NvStartup
O4 - HKLM..Run: [NvMediaCenter] RUNDLL32.EXE
C:Windowssystem32NvMcTray.dll,NvTaskbarInit
O4 - HKLM..Run: [Windows Mobile Device Center]
%windir%WindowsMobilewmdc.exe
O4 - HKLM..Run: [AVG8_TRAY] C:PROGRA~1AVGAVG8avgtray.exe
O4 - HKLM..Run: [VolPanel] "C:Program FilesCreativeSBAudigyVolume
PanelVolPanlu.exe" /r
O4 - HKLM..Run: [P17RunE] RunDll32 P17RunE.dll,RunDLLEntry
O4 - HKLM..Run: [UpdReg] C:WINDOWSUpdReg.EXE
O4 - HKCU..Run: [Sidebar] C:Program FilesWindows Sidebarsidebar.exe
/autoRun
O4 - HKCU..Run: [ehTray.exe] C:WINDOWSehomeehTray.exe
O4 - HKCU..Run: [MP4 Player] "C:Program FilesMP4
Playermp4Player.exe" hmw
O4 - HKCU..Run: [WMPNSCFG] C:Program FilesWindows Media
PlayerWMPNSCFG.exe
O4 - HKCU..Run: [DocteurNet] C:Program
FilesMedsysDocteurNetHprimDocteurNet.exe
O4 - HKUSS-1-5-19..Run: [Sidebar] %ProgramFiles%Windows SidebarSidebar.exe
/detectMem (User 'SERVICE LOCAL')
O4 - HKUSS-1-5-19..Run: [WindowsWelcomeCenter] rundll32.exe
oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUSS-1-5-20..Run: [Sidebar] %ProgramFiles%Windows SidebarSidebar.exe
/detectMem (User 'SERVICE RÉSEAU')
O4 - Global Startup: Logitech SetPoint.lnk = C:Program
FilesLogitechSetPointSetPoint.exe
O4 - Global Startup: Nikon Monitor.lnk = C:Program FilesCommon
FilesNikonMonitorNkMonitor.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel -
res://C:PROGRA~1MICROS~2Office12EXCEL.EXE/3000
O9 - Extra button: @C:WindowsWindowsMobileINetRepl.dll,-222 -
{2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:WindowsWindowsMobileINetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} -
C:WindowsWindowsMobileINetRepl.dll
O9 - Extra 'Tools' menuitem: @C:WindowsWindowsMobileINetRepl.dll,-223 -
{2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:WindowsWindowsMobileINetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -
C:PROGRA~1MICROS~2Office12REFIEBAR.DLL
O13 - Gopher Prefix:
O17 - HKLMSystemCCSServicesTcpip..{7B1A2EC6-EFEE-41E3-8812-28A7F928CFB8}:
NameServer = 212.27.54.252,212.27.53.252
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -
C:Program FilesAVGAVG8avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:Program FilesCommon
FilesAppleMobile Device SupportbinAppleMobileDeviceService.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. -
C:PROGRA~1AVGAVG8avgwdsvc.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:Program
FilesBonjourmDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision
Corporation
- C:Program FilesCommon FilesInstallShieldDriver11Intel 32IDriverT.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:Program
FilesiPodbiniPodService.exe
O23 - Service: NMSAccessU - Unknown owner - C:Program
FilesCDBurnerXPNMSAccessU.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation -
C:WINDOWSsystem32nvvsvc.exe
O23 - Service: SiSoftware Deployment Agent Service (SandraAgentSrv) -
SiSoftware - C:Program FilesSiSoftwareSiSoftware Sandra Lite
2009.SP1bRpcAgentSrv.exe

--
End of file - 6940 bytes

Bonjour,
essaie de changer ton mot de passe, ça ne vient peut-être pas de
ton ordinateur mais d'un ordinateur qui à pirater ton e-mail et s'en
sert pour envoyer des pubs

Vous avez filtré cet utilisateur ! Consultez son message

seza a écrit le 10/02/2011 à 16h35 :

riri-13 a écrit le 10/02/2011 à 14h25 :
Bonjour,
mes contacts recoivent des mails de vente à partir de mon mail yahoo.
mon avg antivirus n'a rien trouvé, c cleaner effectué.
Que puis-je faire de plus ?

je vous donne l'analyse d'Hijack ci dessous.
merci de vos conseils.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:49:28, on 15/03/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:WINDOWSsystem32Dwm.exe
C:WINDOWSsystem32taskeng.exe
C:WINDOWSExplorer.EXE
C:Program FilesWindows DefenderMSASCui.exe
C:WINDOWSSystem32rundll32.exe
C:WINDOWSWindowsMobilewmdc.exe
C:Program FilesAVGAVG8avgtray.exe
C:WINDOWSSystem32rundll32.exe
C:Program FilesWindows Sidebarsidebar.exe
C:WINDOWSehomeehtray.exe
C:Program FilesMP4 PlayerMp4Player.exe
C:Windowsehomeehmsas.exe
C:Program FilesWindows Media Playerwmpnscfg.exe
C:WINDOWSSystem32mobsync.exe
C:Program FilesLogitechSetPointSetPoint.exe
C:Program FilesCommon FilesNikonMonitorNkMonitor.exe
C:Program FilesCommon FilesLogitechKHALKHALMNPR.EXE
C:WINDOWSsystem32wbemunsecapp.exe
C:Program FilesTrend MicroHijackThisHijackThis.exe

R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Bar =
http://www.yahoo.com/search/ie.html
R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page =
http://go.microsoft.com/fwlink/?LinkIdT896
R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page =
http://go.microsoft.com/fwlink/?LinkIdi157
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkIdi157
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkIdT896
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page =
http://go.microsoft.com/fwlink/?LinkIdT896
R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page =
http://go.microsoft.com/fwlink/?LinkIdi157
R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant =
R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,CustomizeSearch =
R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Local Page =
R1 - HKCUSoftwareMicrosoftWindowsCurrentVersionInternet
Settings,ProxyOverride = *.local
R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Aide pour le lien d'Adobe PDF Reader -
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:Program FilesCommon
FilesAdobeAcrobatActiveXAcroIEHelper.dll
O2 - BHO: DgnWebIE - {2843DAC1-05EF-11D2-95BA-0060083493D6} - C:Program
FilesDragon SystemsNaturallySpeakingProgramweb_ie.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer -
{3049C3E9-B461-4BC5-8870-4C09146192CA} - C:Program
FilesRealRealPlayerrpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter -
{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:Program FilesAVGAVG8avgssie.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
- C:Program FilesJavajre6binssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live -
{9030D464-4C02-4ABF-8ECC-5164760863C6} - C:Program FilesCommon
FilesMicrosoft SharedWindows LiveWindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} -
C:PROGRA~1AVGAVG8AVGTOO~1.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper -
{DBC80044-A445-435b-BC74-9C25C1C588A9} - C:Program
FilesJavajre6binjp2ssv.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} -
C:PROGRA~1AVGAVG8AVGTOO~1.DLL
O4 - HKLM..Run: [Windows Defender] %ProgramFiles%Windows
DefenderMSASCui.exe -hide
O4 - HKLM..Run: [NvCplDaemon] RUNDLL32.EXE
C:Windowssystem32NvCpl.dll,NvStartup
O4 - HKLM..Run: [NvMediaCenter] RUNDLL32.EXE
C:Windowssystem32NvMcTray.dll,NvTaskbarInit
O4 - HKLM..Run: [Windows Mobile Device Center]
%windir%WindowsMobilewmdc.exe
O4 - HKLM..Run: [AVG8_TRAY] C:PROGRA~1AVGAVG8avgtray.exe
O4 - HKLM..Run: [VolPanel] "C:Program FilesCreativeSBAudigyVolume
PanelVolPanlu.exe" /r
O4 - HKLM..Run: [P17RunE] RunDll32 P17RunE.dll,RunDLLEntry
O4 - HKLM..Run: [UpdReg] C:WINDOWSUpdReg.EXE
O4 - HKCU..Run: [Sidebar] C:Program FilesWindows Sidebarsidebar.exe
/autoRun
O4 - HKCU..Run: [ehTray.exe] C:WINDOWSehomeehTray.exe
O4 - HKCU..Run: [MP4 Player] "C:Program FilesMP4
Playermp4Player.exe" hmw
O4 - HKCU..Run: [WMPNSCFG] C:Program FilesWindows Media
PlayerWMPNSCFG.exe
O4 - HKCU..Run: [DocteurNet] C:Program
FilesMedsysDocteurNetHprimDocteurNet.exe
O4 - HKUSS-1-5-19..Run: [Sidebar] %ProgramFiles%Windows SidebarSidebar.exe
/detectMem (User 'SERVICE LOCAL')
O4 - HKUSS-1-5-19..Run: [WindowsWelcomeCenter] rundll32.exe
oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUSS-1-5-20..Run: [Sidebar] %ProgramFiles%Windows SidebarSidebar.exe
/detectMem (User 'SERVICE RÉSEAU')
O4 - Global Startup: Logitech SetPoint.lnk = C:Program
FilesLogitechSetPointSetPoint.exe
O4 - Global Startup: Nikon Monitor.lnk = C:Program FilesCommon
FilesNikonMonitorNkMonitor.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel -
res://C:PROGRA~1MICROS~2Office12EXCEL.EXE/3000
O9 - Extra button: @C:WindowsWindowsMobileINetRepl.dll,-222 -
{2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:WindowsWindowsMobileINetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} -
C:WindowsWindowsMobileINetRepl.dll
O9 - Extra 'Tools' menuitem: @C:WindowsWindowsMobileINetRepl.dll,-223 -
{2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:WindowsWindowsMobileINetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -
C:PROGRA~1MICROS~2Office12REFIEBAR.DLL
O13 - Gopher Prefix:
O17 - HKLMSystemCCSServicesTcpip..{7B1A2EC6-EFEE-41E3-8812-28A7F928CFB8}:
NameServer = 212.27.54.252,212.27.53.252
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -
C:Program FilesAVGAVG8avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:Program FilesCommon
FilesAppleMobile Device SupportbinAppleMobileDeviceService.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. -
C:PROGRA~1AVGAVG8avgwdsvc.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:Program
FilesBonjourmDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision
Corporation
- C:Program FilesCommon FilesInstallShieldDriver11Intel 32IDriverT.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:Program
FilesiPodbiniPodService.exe
O23 - Service: NMSAccessU - Unknown owner - C:Program
FilesCDBurnerXPNMSAccessU.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation -
C:WINDOWSsystem32nvvsvc.exe
O23 - Service: SiSoftware Deployment Agent Service (SandraAgentSrv) -
SiSoftware - C:Program FilesSiSoftwareSiSoftware Sandra Lite
2009.SP1bRpcAgentSrv.exe

--
End of file - 6940 bytes

Bonjour,
essaie de changer ton mot de passe, ça ne vient peut-être pas de
ton ordinateur mais d'un ordinateur qui à pirater ton e-mail et s'en
sert pour envoyer des pubs

mail piraté

2 réponses

Veuillez sélectionner un problème