Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

mail piraté

6 views
Skip to first unread message

riri-13

unread,
Feb 10, 2011, 8:25:38 AM2/10/11
to
Bonjour,
mes contacts recoivent des mails de vente � partir de mon mail yahoo.
mon avg antivirus n'a rien trouv�, c cleaner effectu�.
Que puis-je faire de plus ?

je vous donne l'analyse d'Hijack ci dessous.
merci de vos conseils.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:49:28, on 15/03/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\Dwm.exe
C:\WINDOWS\system32\taskeng.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\WindowsMobile\wmdc.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\MP4 Player\Mp4Player.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\WINDOWS\System32\mobsync.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://www.yahoo.com/search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet
Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Aide pour le lien d'Adobe PDF Reader -
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common
Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: DgnWebIE - {2843DAC1-05EF-11D2-95BA-0060083493D6} - C:\Program
Files\Dragon Systems\NaturallySpeaking\Program\web_ie.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer -
{3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program
Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter -
{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
- C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live -
{9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft
Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} -
C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper -
{DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program
Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} -
C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows
Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE
C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE
C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Windows Mobile Device Center]
%windir%\WindowsMobile\wmdc.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\SBAudigy\Volume
Panel\VolPanlu.exe" /r
O4 - HKLM\..\Run: [P17RunE] RunDll32 P17RunE.dll,RunDLLEntry
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe
/autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\WINDOWS\ehome\ehTray.exe
O4 - HKCU\..\Run: [MP4 Player] "C:\Program Files\MP4 Player\mp4Player.exe" hmw
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media
Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [DocteurNet] C:\Program
Files\Medsys\DocteurNetHprim\DocteurNet.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe
/detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe
oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe
/detectMem (User 'SERVICE R�SEAU')
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program
Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Nikon Monitor.lnk = C:\Program Files\Common
Files\Nikon\Monitor\NkMonitor.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel -
res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 -
{2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} -
C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 -
{2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -
C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O17 - HKLM\System\CCS\Services\Tcpip\..\{7B1A2EC6-EFEE-41E3-8812-28A7F928CFB8}:
NameServer = 212.27.54.252,212.27.53.252
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -
C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common
Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. -
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program
Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation
- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l�iPod (iPod Service) - Apple Inc. - C:\Program
Files\iPod\bin\iPodService.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program
Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation -
C:\WINDOWS\system32\nvvsvc.exe
O23 - Service: SiSoftware Deployment Agent Service (SandraAgentSrv) -
SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite
2009.SP1b\RpcAgentSrv.exe

--
End of file - 6940 bytes

seza

unread,
Feb 10, 2011, 10:35:33 AM2/10/11
to
riri-13 a écrit le 10/02/2011 à 14h25 :
> Bonjour,
> mes contacts recoivent des mails de vente à partir de mon mail yahoo.
> mon avg antivirus n'a rien trouvé, c cleaner effectué.

> Que puis-je faire de plus ?
>
> je vous donne l'analyse d'Hijack ci dessous.
> merci de vos conseils.
>
> Logfile of Trend Micro HijackThis v2.0.2
> Scan saved at 10:49:28, on 15/03/2009
> Platform: Windows Vista SP1 (WinNT 6.00.1905)
> MSIE: Internet Explorer v7.00 (7.00.6001.18000)
> Boot mode: Normal
>
> Running processes:
> C:WINDOWSsystem32Dwm.exe
> C:WINDOWSsystem32taskeng.exe
> C:WINDOWSExplorer.EXE
> C:Program FilesWindows DefenderMSASCui.exe
> C:WINDOWSSystem32rundll32.exe
> C:WINDOWSWindowsMobilewmdc.exe
> C:Program FilesAVGAVG8avgtray.exe
> C:WINDOWSSystem32rundll32.exe
> C:Program FilesWindows Sidebarsidebar.exe
> C:WINDOWSehomeehtray.exe
> C:Program FilesMP4 PlayerMp4Player.exe
> C:Windowsehomeehmsas.exe
> C:Program FilesWindows Media Playerwmpnscfg.exe
> C:WINDOWSSystem32mobsync.exe
> C:Program FilesLogitechSetPointSetPoint.exe
> C:Program FilesCommon FilesNikonMonitorNkMonitor.exe
> C:Program FilesCommon FilesLogitechKHALKHALMNPR.EXE
> C:WINDOWSsystem32wbemunsecapp.exe
> C:Program FilesTrend MicroHijackThisHijackThis.exe
>
> R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Bar =
> http://www.yahoo.com/search/ie.html
> R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page =
> http://go.microsoft.com/fwlink/?LinkId=54896
> R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page =
> http://go.microsoft.com/fwlink/?LinkId=69157
> R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL =
> http://go.microsoft.com/fwlink/?LinkId=69157
> R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL =
> http://go.microsoft.com/fwlink/?LinkId=54896
> R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page =
> http://go.microsoft.com/fwlink/?LinkId=54896
> R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page =
> http://go.microsoft.com/fwlink/?LinkId=69157
> R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant =
> R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,CustomizeSearch =
> R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Local Page =
> R1 - HKCUSoftwareMicrosoftWindowsCurrentVersionInternet
> Settings,ProxyOverride = *.local
> R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName =
> O1 - Hosts: ::1 localhost
> O2 - BHO: Aide pour le lien d'Adobe PDF Reader -
> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:Program FilesCommon
> FilesAdobeAcrobatActiveXAcroIEHelper.dll

> O2 - BHO: DgnWebIE - {2843DAC1-05EF-11D2-95BA-0060083493D6} - C:Program
> FilesDragon SystemsNaturallySpeakingProgramweb_ie.dll

> O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer -
> {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:Program
> FilesRealRealPlayerrpbrowserrecordplugin.dll

> O2 - BHO: WormRadar.com IESiteBlocker.NavFilter -
> {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:Program FilesAVGAVG8avgssie.dll

> O2 - BHO: Java(tm) Plug-In SSV Helper -
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
> - C:Program FilesJavajre6binssv.dll

> O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live -
> {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:Program FilesCommon
> FilesMicrosoft SharedWindows LiveWindowsLiveLogin.dll

> O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} -
> C:PROGRA~1AVGAVG8AVGTOO~1.DLL

> O2 - BHO: Java(tm) Plug-In 2 SSV Helper -
> {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:Program
> FilesJavajre6binjp2ssv.dll

> O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E}
-
> C:PROGRA~1AVGAVG8AVGTOO~1.DLL
> O4 - HKLM..Run: [Windows Defender] %ProgramFiles%Windows
> DefenderMSASCui.exe -hide
> O4 - HKLM..Run: [NvCplDaemon] RUNDLL32.EXE
> C:Windowssystem32NvCpl.dll,NvStartup
> O4 - HKLM..Run: [NvMediaCenter] RUNDLL32.EXE
> C:Windowssystem32NvMcTray.dll,NvTaskbarInit
> O4 - HKLM..Run: [Windows Mobile Device Center]
> %windir%WindowsMobilewmdc.exe
> O4 - HKLM..Run: [AVG8_TRAY] C:PROGRA~1AVGAVG8avgtray.exe
> O4 - HKLM..Run: [VolPanel] "C:Program FilesCreativeSBAudigyVolume
> PanelVolPanlu.exe" /r
> O4 - HKLM..Run: [P17RunE] RunDll32 P17RunE.dll,RunDLLEntry
> O4 - HKLM..Run: [UpdReg] C:WINDOWSUpdReg.EXE
> O4 - HKCU..Run: [Sidebar] C:Program FilesWindows Sidebarsidebar.exe
> /autoRun
> O4 - HKCU..Run: [ehTray.exe] C:WINDOWSehomeehTray.exe
> O4 - HKCU..Run: [MP4 Player] "C:Program FilesMP4
> Playermp4Player.exe" hmw
> O4 - HKCU..Run: [WMPNSCFG] C:Program FilesWindows Media
> PlayerWMPNSCFG.exe
> O4 - HKCU..Run: [DocteurNet] C:Program
> FilesMedsysDocteurNetHprimDocteurNet.exe
> O4 - HKUSS-1-5-19..Run: [Sidebar] %ProgramFiles%Windows SidebarSidebar.exe

> /detectMem (User 'SERVICE LOCAL')
> O4 - HKUSS-1-5-19..Run: [WindowsWelcomeCenter] rundll32.exe

> oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
> O4 - HKUSS-1-5-20..Run: [Sidebar] %ProgramFiles%Windows SidebarSidebar.exe
> /detectMem (User 'SERVICE RÉSEAU')

> O4 - Global Startup: Logitech SetPoint.lnk = C:Program
> FilesLogitechSetPointSetPoint.exe
> O4 - Global Startup: Nikon Monitor.lnk = C:Program FilesCommon
> FilesNikonMonitorNkMonitor.exe

> O8 - Extra context menu item: E&xporter vers Microsoft Excel -
> res://C:PROGRA~1MICROS~2Office12EXCEL.EXE/3000
> O9 - Extra button: @C:WindowsWindowsMobileINetRepl.dll,-222 -
> {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:WindowsWindowsMobileINetRepl.dll

> O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} -
> C:WindowsWindowsMobileINetRepl.dll
> O9 - Extra 'Tools' menuitem: @C:WindowsWindowsMobileINetRepl.dll,-223 -
> {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:WindowsWindowsMobileINetRepl.dll

> O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -
> C:PROGRA~1MICROS~2Office12REFIEBAR.DLL
> O13 - Gopher Prefix:
> O17 - HKLMSystemCCSServicesTcpip..{7B1A2EC6-EFEE-41E3-8812-28A7F928CFB8}:

> NameServer = 212.27.54.252,212.27.53.252
> O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -
> C:Program FilesAVGAVG8avgpp.dll
> O20 - AppInit_DLLs: avgrsstx.dll
> O23 - Service: Apple Mobile Device - Apple Inc. - C:Program FilesCommon
> FilesAppleMobile Device SupportbinAppleMobileDeviceService.exe

> O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. -
> C:PROGRA~1AVGAVG8avgwdsvc.exe

> O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:Program
> FilesBonjourmDNSResponder.exe

> O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision
Corporation
> - C:Program FilesCommon FilesInstallShieldDriver11Intel 32IDriverT.exe
> O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:Program
> FilesiPodbiniPodService.exe

> O23 - Service: NMSAccessU - Unknown owner - C:Program
> FilesCDBurnerXPNMSAccessU.exe

> O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation -
> C:WINDOWSsystem32nvvsvc.exe

> O23 - Service: SiSoftware Deployment Agent Service (SandraAgentSrv) -
> SiSoftware - C:Program FilesSiSoftwareSiSoftware Sandra Lite
> 2009.SP1bRpcAgentSrv.exe

>
> --
> End of file - 6940 bytes
Bonjour,
essaie de changer ton mot de passe, ça ne vient peut-être pas de ton ordinateur
mais d'un ordinateur qui à pirater ton e-mail et s'en sert pour envoyer des pubs

riri-13

unread,
Feb 11, 2011, 8:24:30 AM2/11/11
to
seza a écrit le 10/02/2011 à 16h35 :
> riri-13 a écrit le 10/02/2011 à 14h25 :
>> Bonjour,
>> mes contacts recoivent des mails de vente à partir de mon mail yahoo.
>> mon avg antivirus n'a rien trouvé, c cleaner effectué.

>> Que puis-je faire de plus ?
>>
>> je vous donne l'analyse d'Hijack ci dessous.
>> merci de vos conseils.
>>
>> Logfile of Trend Micro HijackThis v2.0.2
>> Scan saved at 10:49:28, on 15/03/2009
>> Platform: Windows Vista SP1 (WinNT 6.00.1905)
>> MSIE: Internet Explorer v7.00 (7.00.6001.18000)
>> Boot mode: Normal
>>
>> Running processes:
>> C:WINDOWSsystem32Dwm.exe
>> C:WINDOWSsystem32taskeng.exe
>> C:WINDOWSExplorer.EXE
>> C:Program FilesWindows DefenderMSASCui.exe
>> C:WINDOWSSystem32rundll32.exe
>> C:WINDOWSWindowsMobilewmdc.exe
>> C:Program FilesAVGAVG8avgtray.exe
>> C:WINDOWSSystem32rundll32.exe
>> C:Program FilesWindows Sidebarsidebar.exe
>> C:WINDOWSehomeehtray.exe
>> C:Program FilesMP4 PlayerMp4Player.exe
>> C:Windowsehomeehmsas.exe
>> C:Program FilesWindows Media Playerwmpnscfg.exe
>> C:WINDOWSSystem32mobsync.exe
>> C:Program FilesLogitechSetPointSetPoint.exe
>> C:Program FilesCommon FilesNikonMonitorNkMonitor.exe
>> C:Program FilesCommon FilesLogitechKHALKHALMNPR.EXE
>> C:WINDOWSsystem32wbemunsecapp.exe
>> C:Program FilesTrend MicroHijackThisHijackThis.exe
>>
>> R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Bar =
>> http://www.yahoo.com/search/ie.html
>> R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page =
>> http://go.microsoft.com/fwlink/?LinkId=54896
>> R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page =
>> http://go.microsoft.com/fwlink/?LinkId=69157
>> R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL =
>> http://go.microsoft.com/fwlink/?LinkId=69157
>> R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL =
>> http://go.microsoft.com/fwlink/?LinkId=54896
>> R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page =
>> http://go.microsoft.com/fwlink/?LinkId=54896
>> R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page =
>> http://go.microsoft.com/fwlink/?LinkId=69157

>> R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant =
>> R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,CustomizeSearch =
>> R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Local Page =
>> R1 - HKCUSoftwareMicrosoftWindowsCurrentVersionInternet
>> Settings,ProxyOverride = *.local
>> R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName =

>> O1 - Hosts: ::1 localhost
>> O2 - BHO: Aide pour le lien d'Adobe PDF Reader -
>> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:Program FilesCommon
>> FilesAdobeAcrobatActiveXAcroIEHelper.dll

>> O2 - BHO: DgnWebIE - {2843DAC1-05EF-11D2-95BA-0060083493D6} - C:Program
>> FilesDragon SystemsNaturallySpeakingProgramweb_ie.dll

>> O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer -
>> {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:Program
>> FilesRealRealPlayerrpbrowserrecordplugin.dll

>> O2 - BHO: WormRadar.com IESiteBlocker.NavFilter -
>> {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:Program FilesAVGAVG8avgssie.dll

>> O2 - BHO: Java(tm) Plug-In SSV Helper -
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
>> - C:Program FilesJavajre6binssv.dll

>> O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live -
>> {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:Program FilesCommon
>> FilesMicrosoft SharedWindows LiveWindowsLiveLogin.dll

>> O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} -
>> C:PROGRA~1AVGAVG8AVGTOO~1.DLL

>> O2 - BHO: Java(tm) Plug-In 2 SSV Helper -
>> {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:Program
>> FilesJavajre6binjp2ssv.dll

>> O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E}
-
>> C:PROGRA~1AVGAVG8AVGTOO~1.DLL
>> O4 - HKLM..Run: [Windows Defender] %ProgramFiles%Windows
>> DefenderMSASCui.exe -hide
>> O4 - HKLM..Run: [NvCplDaemon] RUNDLL32.EXE
>> C:Windowssystem32NvCpl.dll,NvStartup
>> O4 - HKLM..Run: [NvMediaCenter] RUNDLL32.EXE
>> C:Windowssystem32NvMcTray.dll,NvTaskbarInit
>> O4 - HKLM..Run: [Windows Mobile Device Center]
>> %windir%WindowsMobilewmdc.exe
>> O4 - HKLM..Run: [AVG8_TRAY] C:PROGRA~1AVGAVG8avgtray.exe
>> O4 - HKLM..Run: [VolPanel] "C:Program FilesCreativeSBAudigyVolume
>> PanelVolPanlu.exe" /r
>> O4 - HKLM..Run: [P17RunE] RunDll32 P17RunE.dll,RunDLLEntry
>> O4 - HKLM..Run: [UpdReg] C:WINDOWSUpdReg.EXE
>> O4 - HKCU..Run: [Sidebar] C:Program FilesWindows Sidebarsidebar.exe
>> /autoRun
>> O4 - HKCU..Run: [ehTray.exe] C:WINDOWSehomeehTray.exe
>> O4 - HKCU..Run: [MP4 Player] "C:Program FilesMP4
>> Playermp4Player.exe" hmw
>> O4 - HKCU..Run: [WMPNSCFG] C:Program FilesWindows Media
>> PlayerWMPNSCFG.exe
>> O4 - HKCU..Run: [DocteurNet] C:Program
>> FilesMedsysDocteurNetHprimDocteurNet.exe
>> O4 - HKUSS-1-5-19..Run: [Sidebar] %ProgramFiles%Windows SidebarSidebar.exe
>> /detectMem (User 'SERVICE LOCAL')
>> O4 - HKUSS-1-5-19..Run: [WindowsWelcomeCenter] rundll32.exe

>> oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
>> O4 - HKUSS-1-5-20..Run: [Sidebar] %ProgramFiles%Windows SidebarSidebar.exe
>> /detectMem (User 'SERVICE RÉSEAU')

>> O4 - Global Startup: Logitech SetPoint.lnk = C:Program
>> FilesLogitechSetPointSetPoint.exe
>> O4 - Global Startup: Nikon Monitor.lnk = C:Program FilesCommon
>> FilesNikonMonitorNkMonitor.exe

>> O8 - Extra context menu item: E&xporter vers Microsoft Excel -
>> res://C:PROGRA~1MICROS~2Office12EXCEL.EXE/3000
>> O9 - Extra button: @C:WindowsWindowsMobileINetRepl.dll,-222 -
>> {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:WindowsWindowsMobileINetRepl.dll
>> O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} -
>> C:WindowsWindowsMobileINetRepl.dll
>> O9 - Extra 'Tools' menuitem: @C:WindowsWindowsMobileINetRepl.dll,-223 -
>> {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:WindowsWindowsMobileINetRepl.dll
>> O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -
>> C:PROGRA~1MICROS~2Office12REFIEBAR.DLL
>> O13 - Gopher Prefix:
>> O17 - HKLMSystemCCSServicesTcpip..{7B1A2EC6-EFEE-41E3-8812-28A7F928CFB8}:

>> NameServer = 212.27.54.252,212.27.53.252
>> O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -
>> C:Program FilesAVGAVG8avgpp.dll
>> O20 - AppInit_DLLs: avgrsstx.dll
>> O23 - Service: Apple Mobile Device - Apple Inc. - C:Program FilesCommon
>> FilesAppleMobile Device SupportbinAppleMobileDeviceService.exe

>> O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. -
>> C:PROGRA~1AVGAVG8avgwdsvc.exe

>> O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:Program
>> FilesBonjourmDNSResponder.exe

>> O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision
>> Corporation
>> - C:Program FilesCommon FilesInstallShieldDriver11Intel 32IDriverT.exe
>> O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:Program
>> FilesiPodbiniPodService.exe

>> O23 - Service: NMSAccessU - Unknown owner - C:Program
>> FilesCDBurnerXPNMSAccessU.exe

>> O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation -
>> C:WINDOWSsystem32nvvsvc.exe

>> O23 - Service: SiSoftware Deployment Agent Service (SandraAgentSrv) -
>> SiSoftware - C:Program FilesSiSoftwareSiSoftware Sandra Lite
>> 2009.SP1bRpcAgentSrv.exe

>>
>> --
>> End of file - 6940 bytes
>>
> Bonjour,
> essaie de changer ton mot de passe, ça ne vient peut-être pas de
> ton ordinateur mais d'un ordinateur qui à pirater ton e-mail et s'en
> sert pour envoyer des pubs
bonjour
je ne vois pas ma réponse s'afficher alors je recommence.
Merci d'abord pour ta proposition que j'ai effectivement utilisé, je verrai
s'il n'y a plus d'envoi intempestif. Sinon, quelqu'un peut-il me donner son avis
sur le log d 'hijack de mon pc ?

merci

mediumfinangnon

unread,
Oct 10, 2016, 7:54:16 AM10/10/16
to
Le jeudi 10 Février 2011 à 14:25 par riri-13 :
> Bonjour,
> mes contacts recoivent des mails de vente à partir de mon mail yahoo.
> mon avg antivirus n'a rien trouvé, c cleaner effectué.
> /detectMem (User 'SERVICE RÉSEAU')
> O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program
> Files\iPod\bin\iPodService.exe
> O23 - Service: NMSAccessU - Unknown owner - C:\Program
> Files\CDBurnerXP\NMSAccessU.exe
> O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation -
> C:\WINDOWS\system32\nvvsvc.exe
> O23 - Service: SiSoftware Deployment Agent Service (SandraAgentSrv) -
> SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite
> 2009.SP1b\RpcAgentSrv.exe
>
> --
> End of file - 6940 bytes
Rituel pour améliorer sa situation professionnelle.

Vous travaillez dans une entreprise ou société et depuis vous êtes resté au même
poste c'est à dire sans promotion!
Vous êtes à un poste et vous souhaitez atteindre un niveau supérieur!
Vous voulez changez votre statut professionnel!
Plus de soucis à vous faire, car grâce à ce rituel, vous y parviendrez.
C'est un rituel qui n'a aucun effet secondaire parce que c'est ni la magie, ni
la sorcellerie.C'est juste la combinaison de certaines pratiques et arts
divinatoires.
Alors si vous rêvez gagner de bons postes; vous désirez aller à un niveau
vraiment supérieur, essayez simplement ce rituel qui ne vous coûtera rien.
Vous n'avez rien à perdre; je vous demande d'essayer et verrez vous même le
résultat.
Ce rituel a fait changé des agents des postes les plus bas d'une entreprise aux
postes les plus élévés; par exemples:du planton, accédez au poste de Directeur.
Ce n'est pas de la plaisanterie.
Grand Voyant Marabout FINANGNON
CONTACTS:
Site web; http://maitrefinangnon.canalblog.com/
tél: 00229 9887 7246
email: mediumf...@gmail.com
0 new messages