Probleme de mails intempestifs ( envoi/reception) • page 2

alceus · le 07 Déc 2010 13:34

Ok merci beaucoup !

danakil · le 07 Déc 2010 17:58

> Télécharge ComboFix de sUBs sur ton Bureau et pas ailleurs!

/!\ Déconnecte-toi du net et désactives toutes les défenses de ton PC (antivirus, antispyware, ...) /!\

> Double-clique sur ComboFix.exe présent sur ton Bureau.
(Vista & Seven > clic droit dessus > Exécuter en tant qu'Administrateur).
Un "pop-up" va apparaître qui dit que ComboFix est utilisé à vos risques et avec aucune garantie... Clique sur oui pour accepter.

Si la console de récupération est proposée, accepte!
(Vista & Seven > pas de proposition).

> Mets-le en langue française F
Tape sur la touche 1 (Yes) pour démarrer le scan.

Durant le scan, ne touche à rien (souris, clavier) tant que celui-ci n'est pas terminé.

En fin de scan, il est possible que ComboFix ait besoin de redémarrer le PC pour finaliser la désinfection, laisse-le faire.

Une fois le scan achevé, un rapport va s'afficher : Poste son contenu.

/!\ Réactive la protection en temps réel de ton antivirus et de ton antispyware avant de te reconnecter à Internet. /!\

Note : Le rapport se trouve également là : C:\ComboFix.txt

alceus · le 07 Déc 2010 20:07

Ok, j'ai tout fait, apr cotnro combofix s'est mis en francais tout seul et a fait le scan sans que je lui dise rien lol. Voila le rapport !

Code: Tout sélectionner: ComboFix 10-12-06.04 - Utilisateur 07/12/2010 19:58:10.1.2 - x86 Microsoft Windows 7 Édition Familiale Premium 6.1.7600.0.1252.33.1036.18.2972.2038 [GMT 1:00] Lancé depuis: c:\users\Utilisateur\Desktop\ComboFix.exe . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . C:\Thumbs.db . ((((((((((((((((((((((((((((( Fichiers créés du 2010-11-07 au 2010-12-07 )))))))))))))))))))))))))))))))))))) . 2010-12-07 03:14 . 2010-11-10 04:33 6273872 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{7CBFCD21-DCFB-4AA8-A77B-7E127FB5437B}\mpengine.dll 2010-12-06 19:18 . 2010-12-06 19:18 -------- d-----w- c:\users\Utilisateur\AppData\Roaming\Malwarebytes 2010-12-06 19:18 . 2010-11-29 16:42 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-12-06 19:18 . 2010-12-06 19:18 -------- d-----w- c:\programdata\Malwarebytes 2010-12-06 19:18 . 2010-12-06 19:18 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-12-06 19:18 . 2010-11-29 16:42 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-12-06 17:19 . 2010-12-06 17:19 -------- d-----w- C:\_OTL 2010-11-23 20:23 . 2010-10-19 08:10 7680 ----a-w- c:\program files\Internet Explorer\iecompat.dll 2010-11-13 12:09 . 2010-11-13 12:09 -------- d-----w- C:\MSNCleaner 2010-11-10 18:30 . 2010-11-10 18:30 -------- d-----w- c:\windows\system32\Adobe . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2010-11-10 04:33 . 2010-08-12 17:31 6273872 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2010-10-27 12:28 . 2010-10-27 12:28 11320 ----a-w- c:\windows\help\OEM\Scripts\HPSARedirectorLauncher.exe 2010-10-26 19:47 . 2010-10-26 19:47 214312 ----a-w- c:\windows\system32\SynCtrl.dll 2010-10-26 19:47 . 2010-10-26 19:47 173352 ----a-w- c:\windows\system32\SynCOM.dll 2010-10-26 19:47 . 2010-10-26 19:47 165160 ----a-w- c:\windows\system32\SynTPAPI.dll 2010-10-26 19:47 . 2010-10-26 19:47 1303728 ----a-w- c:\windows\system32\drivers\SynTP.sys 2010-10-26 19:47 . 2010-10-26 19:47 120104 ----a-w- c:\windows\system32\SynTPCo4.dll 2010-10-19 20:51 . 2010-08-10 06:56 222080 ------w- c:\windows\system32\MpSigStub.exe 2010-09-25 20:14 . 2010-09-25 20:14 10920 ----a-w- C:\aolconnfix.exe 2010-09-22 23:47 . 2010-09-22 23:47 49016 ----a-w- c:\windows\system32\sirenacm.dll 2010-09-21 13:03 . 2010-09-21 13:03 208768 ----a-w- c:\windows\system32\LIVESSP.DLL 2010-09-19 14:34 . 2010-09-19 14:34 102400 ----a-r- c:\users\Utilisateur\AppData\Roaming\Microsoft\Installer\{6084C211-01A1-464E-97A0-09772E122B50}\NewShortcut6_206049A8CD534D8B87D5F66190F05AB3.exe 2010-09-19 14:34 . 2010-09-19 14:34 102400 ----a-r- c:\users\Utilisateur\AppData\Roaming\Microsoft\Installer\{6084C211-01A1-464E-97A0-09772E122B50}\NewShortcut5_F4EE65F1A6CD4124B059E9FA9A98EBF7.exe 2010-09-19 14:34 . 2010-09-19 14:34 102400 ----a-r- c:\users\Utilisateur\AppData\Roaming\Microsoft\Installer\{6084C211-01A1-464E-97A0-09772E122B50}\NewShortcut3_BCB4A930B9F04A2480525A437423D92B.exe 2010-09-19 14:34 . 2010-09-19 14:34 102400 ----a-r- c:\users\Utilisateur\AppData\Roaming\Microsoft\Installer\{6084C211-01A1-464E-97A0-09772E122B50}\NewShortcut2_B4703F8364D440ADB60E472AD5422128.exe 2010-09-15 02:50 . 2010-08-10 09:00 472808 ----a-w- c:\windows\system32\deployJava1.dll . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ISUSPM"="c:\programdata\FLEXnet\Connect\11\ISUSPM.exe" [2009-05-05 222496] "LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2010-01-22 2363392] "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-09-22 4240760] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "QLBController"="c:\program files\Hewlett-Packard\HP HotKey Support\QLBController.exe" [2010-01-28 256056] "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2010-01-08 186904] "PDF Complete"="c:\program files\PDF Complete\pdfsty.exe" [2010-01-12 563736] "WirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2009-09-01 499768] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-03-12 141848] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-03-12 175640] "Persistence"="c:\windows\system32\igfxpers.exe" [2010-03-12 166936] "SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2010-01-29 495708] "PDFHook"="c:\program files\Nuance\PDF Professional 6\pdfpro6hook.exe" [2009-11-13 1277952] "PDF6 Registry Controller"="c:\program files\Nuance\PDF Professional 6\RegistryController.exe" [2009-11-03 110880] "Nuance PDF Reader-reminder"="c:\program files\Nuance\PDF Reader\Ereg\Ereg.exe" [2008-11-03 328992] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552] "MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2010-09-15 1094224] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-09-08 421888] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-09-24 421160] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288] "Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-11-29 963976] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "mixer"=wdmaud.drv [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R3 RoxMediaDB10;RoxMediaDB10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2009-11-23 1120752] R3 WatAdminSvc;Service Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [2010-08-10 1343400] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128] S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9b219d80a8843bf8\aestsrv.exe [2009-03-03 81920] S2 hpHotkeyMonitor;HP Hotkey Monitor;c:\program files\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe [2010-01-28 265272] S2 pdfcDispatcher;PDF Document Manager;c:\program files\PDF Complete\pdfsvc.exe [2010-01-12 635416] S2 PDFProFiltSrv;PDFProFiltSrv;c:\program files\Nuance\PDF Professional 6\PDFProFiltSrv.exe [2009-11-03 134944] S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2009-07-09 122880] S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2010-03-25 42368] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2010-01-12 257568] S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys [2010-01-20 996896] [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] 2010-01-22 18:06 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe . Contenu du dossier 'Tâches planifiées' 2010-12-01 c:\windows\Tasks\HPCeeScheduleForUtilisateur.job - c:\program files\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-01-05 10:53] . . ------- Examen supplémentaire ------- . uStart Page = hxxp://www.aol.com uInternet Settings,ProxyOverride = local;*.local IE: Ajouter le contenu des liens sélectionnés à un fichier PDF existant - c:\program files\Nuance\PDF Professional 6\Bin\ZeonIEFavClient.dll/ZeonIEAppendSelLinks.HTML IE: Ajouter le contenu du lien à un fichier PDF existant - c:\program files\Nuance\PDF Professional 6\Bin\ZeonIEFavClient.dll/ZeonIEAppend.HTML IE: Ajouter à un fichier PDF existant - c:\program files\Nuance\PDF Professional 6\Bin\ZeonIEFavClient.dll/ZeonIEAppend.HTML IE: Créer des fichiers PDF à partir des liens sélectionnés - c:\program files\Nuance\PDF Professional 6\Bin\ZeonIEFavClient.dll/ZeonIECaptureSelLinks.HTML IE: Créer un fichier PDF - c:\program files\Nuance\PDF Professional 6\Bin\ZeonIEFavClient.dll/ZeonIECapture.HTML IE: Créer un fichier PDF depuis le contenu du lien - c:\program files\Nuance\PDF Professional 6\Bin\ZeonIEFavClient.dll/ZeonIECapture.HTML IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 IE: Ouvrir avec Nuance PDF Converter 6.0 - c:\program files\Nuance\PDF Professional 6\cnvres_fre.dll /100 IE: Ouvrir avec PDF Professional 6 - c:\program files\Nuance\PDF Professional 6\Bin\PlusIEContextMenu.dll/PlusIEContextMenu.htm Trusted Zone: //about.htm/ Trusted Zone: //Exclude.htm/ Trusted Zone: //FWEvent.htm/ Trusted Zone: //LanguageSelection.htm/ Trusted Zone: //Message.htm/ Trusted Zone: //MyAgttryCmd.htm/ Trusted Zone: //MyAgttryNag.htm/ Trusted Zone: //MyNotification.htm/ Trusted Zone: //NOCLessUpdate.htm/ Trusted Zone: //quarantine.htm/ Trusted Zone: //ScanNow.htm/ Trusted Zone: //strings.vbs/ Trusted Zone: //Template.htm/ Trusted Zone: //Update.htm/ Trusted Zone: //VirFound.htm/ Trusted Zone: mcafee.com\* Trusted Zone: mcafeeasap.com\betavscan Trusted Zone: mcafeeasap.com\vs Trusted Zone: mcafeeasap.com\www FF - ProfilePath - c:\users\Utilisateur\AppData\Roaming\Mozilla\Firefox\Profiles\5p19wq28.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.lequipe.fr/|http://www.google.com/firefox?client=firefox-a&rls=org.mozilla:fr:official FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npdnupdater2.dll FF - plugin: c:\program files\Nuance\PDF Professional 6\Bin\nppdf.dll FF - plugin: c:\program files\Nuance\PDF Reader\Bin\nppdf.dll FF - plugin: c:\program files\Nuance\PDF Reader\bin\nppdf.dll FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Extension: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} FF - Extension: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} FF - Extension: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - c:\users\Utilisateur\AppData\Roaming\Mozilla\Firefox\Profiles\5p19wq28.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} . - - - - ORPHELINS SUPPRIMES - - - - HKLM-Run-SynTPEnh - %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe AddRemove-AOL Emergency Connect Utility 1.0 - c:\program files\Common Files\AOL\ECU\uninst.exe AddRemove-LSI Soft Modem - c:\windows\agrsmdel AddRemove-Usbfix - c:\usbfix\Un-UsbFix.exe AddRemove-{B60DCA15-56A3-4D2D-8747-22CF7D7B588B} - c:\program files\InstallShield Installation Information\{B60DCA15-56A3-4D2D-8747-22CF7D7B588B}\setup.exe [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\pdfcDispatcher] "ImagePath"="c:\program files\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService" . --------------------- CLES DE REGISTRE BLOQUEES --------------------- [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 "MSCurrentCountry"=dword:000000b5 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Heure de fin: 2010-12-07 20:05:30 ComboFix-quarantined-files.txt 2010-12-07 19:05 Avant-CF: 243 347 279 872 octets libres Après-CF: 243 566 084 096 octets libres - - End Of File - - 67DD51EE486CC5C77854D496551A122B

Merci !

danakil · le 07 Déc 2010 21:48

On change de direction!

Fait ceci :

1/
• Télécharge HijackThis sur ton Bureau.
• Double cliques sur l'icône présente sur le Bureau pour le lancer.
Si tu es sous Vista ou Seven, clic droit dessus et "Exécuter en tant qu'Administrateur
• Sélectionne le bouton "Do a system scan and save a logfile
A la fin du scan copie et colle ici en réponse le contenu du rapport crée.

2/
Précise moi ton Anti-Virus.

alceus · le 07 Déc 2010 22:45

Re. Voila re rapport HJT :

Code: Tout sélectionner: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 22:44:04, on 07/12/2010 Platform: Unknown Windows (WinNT 6.01.3504) MSIE: Internet Explorer v8.00 (8.00.7600.16671) Boot mode: Normal Running processes: C:\windows\system32\taskhost.exe C:\windows\system32\Dwm.exe C:\Program Files\Hewlett-Packard\HP HotKey Support\QLBController.exe C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe C:\Program Files\IDT\WDM\sttray.exe C:\Program Files\Nuance\PDF Professional 6\PdfPro6Hook.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Microsoft Security Essentials\msseces.exe C:\Program Files\iTunes\iTunesHelper.exe C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Program Files\Hewlett-Packard\Shared\hpqToaster.exe C:\Program Files\Hewlett-Packard\Shared\hpCaslNotification.exe C:\windows\system32\notepad.exe C:\windows\explorer.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\plugin-container.exe C:\windows\system32\SearchFilterHost.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\windows\system32\DllHost.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.uk.msn.com/HPCOM/9 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local;*.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: PlusIEEventHelper Class - {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Program Files\Nuance\PDF Professional 6\Bin\PlusIEContextMenu.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: ZeonIEEventHelper Class - {DA986D7D-CCAF-47B2-84FE-BFA1549BEBF9} - C:\Program Files\Nuance\PDF Professional 6\Bin\ZeonIEFavClient.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: Nuance PDF - {E3286BF1-E654-42FF-B4A6-5E111731DF6B} - C:\Program Files\Nuance\PDF Professional 6\Bin\ZeonIEFavClient.dll O4 - HKLM\..\Run: [QLBController] C:\Program Files\Hewlett-Packard\HP HotKey Support\QLBController.exe /start O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe O4 - HKLM\..\Run: [PDF Complete] C:\Program Files\PDF Complete\pdfsty.exe O4 - HKLM\..\Run: [WirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe O4 - HKLM\..\Run: [IgfxTray] C:\windows\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\windows\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\windows\system32\igfxpers.exe O4 - HKLM\..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe O4 - HKLM\..\Run: [PDFHook] C:\Program Files\Nuance\PDF Professional 6\pdfpro6hook.exe O4 - HKLM\..\Run: [PDF6 Registry Controller] C:\Program Files\Nuance\PDF Professional 6\RegistryController.exe O4 - HKLM\..\Run: [Nuance PDF Reader-reminder] "C:\Program Files\Nuance\PDF Reader\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\PDF Reader\Ereg\Ereg.ini" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [MSSE] "c:\Program Files\Microsoft Security Essentials\msseces.exe" -hide -runkey O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKCU\..\Run: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O8 - Extra context menu item: Ajouter le contenu des liens sélectionnés à un fichier PDF existant - res://C:\Program Files\Nuance\PDF Professional 6\Bin\ZeonIEFavClient.dll/ZeonIEAppendSelLinks.HTML O8 - Extra context menu item: Ajouter le contenu du lien à un fichier PDF existant - res://C:\Program Files\Nuance\PDF Professional 6\Bin\ZeonIEFavClient.dll/ZeonIEAppend.HTML O8 - Extra context menu item: Ajouter à un fichier PDF existant - res://C:\Program Files\Nuance\PDF Professional 6\Bin\ZeonIEFavClient.dll/ZeonIEAppend.HTML O8 - Extra context menu item: Créer des fichiers PDF à partir des liens sélectionnés - res://C:\Program Files\Nuance\PDF Professional 6\Bin\ZeonIEFavClient.dll/ZeonIECaptureSelLinks.HTML O8 - Extra context menu item: Créer un fichier PDF - res://C:\Program Files\Nuance\PDF Professional 6\Bin\ZeonIEFavClient.dll/ZeonIECapture.HTML O8 - Extra context menu item: Créer un fichier PDF depuis le contenu du lien - res://C:\Program Files\Nuance\PDF Professional 6\Bin\ZeonIEFavClient.dll/ZeonIECapture.HTML O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Ouvrir avec Nuance PDF Converter 6.0 - res://C:\Program Files\Nuance\PDF Professional 6\cnvres_fre.dll /100 O8 - Extra context menu item: Ouvrir avec PDF Professional 6 - res://C:\Program Files\Nuance\PDF Professional 6\Bin\PlusIEContextMenu.dll/PlusIEContextMenu.htm O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll O15 - Trusted Zone: http://*.mcafee.com (HKLM) O15 - Trusted Zone: http://betavscan.mcafeeasap.com (HKLM) O15 - Trusted Zone: http://vs.mcafeeasap.com (HKLM) O15 - Trusted Zone: http://www.mcafeeasap.com (HKLM) O15 - ESC Trusted Zone: http://*.mcafee.com (HKLM) O15 - ESC Trusted Zone: http://betavscan.mcafeeasap.com (HKLM) O15 - ESC Trusted Zone: http://vs.mcafeeasap.com (HKLM) O15 - ESC Trusted Zone: http://www.mcafeeasap.com (HKLM) O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9b219d80a8843bf8\aestsrv.exe O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - LSI Corporation - C:\Program Files\LSI SoftModem\agrsmsvc.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe O23 - Service: HP Hotkey Monitor (hpHotkeyMonitor) - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe O23 - Service: hpqwmiex - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: PDF Document Manager (pdfcDispatcher) - PDF Complete Inc - C:\Program Files\PDF Complete\pdfsvc.exe O23 - Service: PDFProFiltSrv - Nuance Communications, Inc. - C:\Program Files\Nuance\PDF Professional 6\PDFProFiltSrv.exe O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe O23 - Service: RoxMediaDB10 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9b219d80a8843bf8\STacSV.exe O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe -- End of file - 9361 bytes

Sinon je tourne sour windows seven et comme antivirus Windows essencials qui apparemment est pas trop mal !

danakil · le 08 Déc 2010 18:29

Salut!

Relance HijackThis > Do a system scan Only > coche cette case dans l'affichage :

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local;*.local

Clique ensuite sur FixCheked > Valide par OK et referme tout.
Redémarre le PC ...

... le problème persiste?

alceus · le 08 Déc 2010 19:21

Ok c'est fait ! J'attends demain pour voir si je recois encore les mails et je te tiens au courant ! merci !

alceus · le 09 Déc 2010 00:45

Re. Bon bah pas la peine d'attendre demain ,je viens de recevoir 24 mails ! :sssss Ca finira jamaaaaais ! En tout cas merci pour ton aide

danakil · le 09 Déc 2010 06:14

Salut!

Avec un autre compte mail, tu as les mêmes problèmes de spams?

alceus · le 09 Déc 2010 23:21

Re ! desolé du retard, mais j'ai pas pu me connecter avant !

Ben en fait, j'ai un autre compte hotmail, mais celui la n'envoie pas de spams comme ca, par contre dessus je recois les spams de mon autre compte.
Et sinon j'ai une adresse mail affectée a mon université mais la aucun problème, elle est nickel, elle est bien protegée et j'ai jamaiss rien dessus.

danakil · le 10 Déc 2010 03:42

Re,

Le problème est que tu t'es fait identifier par un IRCBot sur une adresse mail donnée quelque part. C'est un robot qui enregistre ton adresse et ensuite l'utilise pour diffuser via ta liste de contacts ses spams. Il est trés difficile de s'en défaire!
Mettre des exclusions en utilisant ton AntiVirus n'empêcheront pas à ce "machin" d'utiliser ta liste et diffuser puis contaminer tes contacts ...
Si nous arrivons à identifier ce robot nous pourrons alors aider toute ta liste de contact mail.

Effectue un scan en ligne de ton PC :

> Désactive ton AntiVirus avant de te connecter sur le lien ci-dessous.
Fais un scan en ligne avec Eset-Nod32

Il faut utiliser Internet Explorer pour pouvoir le lancer (Contrôles ActiveX).
Coche la case: Yes, I accept the Terms of use puis clique sur Start.

> Installe les Contrôles ActiveX proposés.

Sélectionne cette action de nettoyage :

Signaler et supprimer les menaces

Aide en images

> A la fin du scan et après avoir réactivé ton AntiVirus copie\colle ce rapport ici en réponse.
Tu pourras également le retrouver ici : C:\Program Files\EsetOnlineScanner\log.txt

alceus · le 10 Déc 2010 19:13

Bon bah ca a rien donné !!

Code: Tout sélectionner: ESETSmartInstaller@High as downloader log: all ok

J'espère qu'il y a un moyen d'éleminer ce robot !!

danakil · le 11 Déc 2010 00:22

On va chercher plus loin dans le PC.

Connecte toi ici --> VirusTotal
> Clique sur la fenêtre Parcourir et recherche dans la fenêtre de ton Windows ce dossier en gras :

C:\windows\System32\HdmiCoin.dll

(il se situe sur ta partition C:\windows\System32 et tu le trouveras dans la fenêtre de droite)
> Sélectionne-le et clique ensuite sur Ouvrir dans la même fenêtre.
(Automatiquement cette ligne apparaîtra dans la fenêtre Parcourir)
> Clique enfin sur le bouton Send file et laisse le scan en ligne s'effectuer.
> En fin de scan (qui peut prendre plusieurs minutes) tu obtiendras un rapport.
> Copie ce rapport sur ton Bureau > connecte toi ici et poste le moi.

Fait la même chose pour les ces dll :

C:\windows\System32\iglhsip32.dll
C:\windows\System32\iglhcp32.dll
C:\windows\LPRES.DLL

Les procédures sont longues mais patience! :wink:

alceus · le 11 Déc 2010 02:55

oki, voila dans l'ordre que tu m'as mis :

Code: Tout sélectionner: 0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is goodware. 0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is malware. File name: HdmiCoin.dll Submission date: 2010-12-11 01:58:16 (UTC) Current status: queued (#11) queued analysing finished Result: 0/ 43 (0.0%) VT Community [code]0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is goodware. 0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is malware. File name: LPRES.DLL Submission date: 2010-12-11 01:52:59 (UTC) Current status: queued (#10) queued (#10) analysing finished Result: 0/ 43 (0.0%) VT Community not reviewed Safety score: - Compact Print results Antivirus Version Last Update Result AhnLab-V3 2010.12.11.00 2010.12.10 - AntiVir 7.10.14.255 2010.12.10 - Antiy-AVL 2.0.3.7 2010.12.11 - Avast 4.8.1351.0 2010.12.10 - Avast5 5.0.677.0 2010.12.10 - AVG 9.0.0.851 2010.12.11 - BitDefender 7.2 2010.12.11 - CAT-QuickHeal 11.00 2010.12.10 - ClamAV 0.96.4.0 2010.12.10 - Command 5.2.11.5 2010.12.11 - Comodo 7018 2010.12.11 - DrWeb 5.0.2.03300 2010.12.11 - Emsisoft 5.1.0.1 2010.12.10 - eSafe 7.0.17.0 2010.12.09 - eTrust-Vet 36.1.8034 2010.12.10 - F-Prot 4.6.2.117 2010.12.11 - F-Secure 9.0.16160.0 2010.12.11 - Fortinet 4.2.254.0 2010.12.10 - GData 21 2010.12.11 - Ikarus T3.1.1.90.0 2010.12.10 - Jiangmin 13.0.900 2010.12.10 - K7AntiVirus 9.71.3211 2010.12.10 - Kaspersky 7.0.0.125 2010.12.11 - McAfee 5.400.0.1158 2010.12.11 - McAfee-GW-Edition 2010.1C 2010.12.11 - Microsoft 1.6402 2010.12.10 - NOD32 5693 2010.12.10 - Norman 6.06.12 2010.12.10 - nProtect 2010-12-10.01 2010.12.10 - Panda 10.0.2.7 2010.12.10 - PCTools 7.0.3.5 2010.12.11 - Prevx 3.0 2010.12.11 - Rising 22.77.04.00 2010.12.11 - Sophos 4.60.0 2010.12.11 - SUPERAntiSpyware 4.40.0.1006 2010.12.11 - Symantec 20101.3.0.103 2010.12.11 - TheHacker 6.7.0.1.098 2010.12.11 - TrendMicro 9.120.0.1004 2010.12.10 - TrendMicro-HouseCall 9.120.0.1004 2010.12.11 - VBA32 3.12.14.2 2010.12.10 - VIPRE 7597 2010.12.11 - ViRobot 2010.12.10.4194 2010.12.10 - VirusBuster 13.6.86.0 2010.12.10 - Additional information Show all MD5 : 2c3b6ebb05284c3d11942df7ec6396b2 SHA1 : fcbcde67f91398385099415071d6e447d455b8f2 SHA256: 6b7444801ce821147eea27d8dde6b4ae54189ebca9b2fabf5b48581b7bb8aa09 ssdeep: 192:dhnVTKTgTyThmTaFTST+T/QTRT5TfTSTgTJTPTETFyThmTnTaFTbETkT+ThTpTXQ:D1t File size : 12800 bytes First seen: 2010-06-15 01:29:29 Last seen : 2010-12-11 01:52:59 TrID: Generic Win/DOS Executable (49.9%) DOS Executable Generic (49.8%) Autodesk FLIC Image File (extensions: flc, fli, cel) (0.1%) sigcheck: publisher....: n/a copyright....: n/a product......: n/a description..: n/a original name: n/a internal name: n/a file version.: n/a comments.....: n/a signers......: - signing date.: - verified.....: Unsigned PEInfo: PE structure information [[ basic data ]] entrypointaddress: 0x0 timedatestamp....: 0x4B7220C3 (Wed Feb 10 02:58:11 2010) machinetype......: 0x14c (I386) [[ 2 section(s) ]] name, viradd, virsiz, rawdsiz, ntropy, md5 .rdata, 0x1000, 0x64, 0x200, 1.45, c22cc996c25e1694d48389778f51d60f .rsrc, 0x2000, 0x2DD0, 0x2E00, 3.55, 5f07fabc0ad79be77b9d208206153956 ExifTool: file metadata CodeSize: 0 EntryPoint: 0x0000 FileSize: 12 kB FileType: Win32 DLL ImageVersion: 0.0 InitializedDataSize: 12288 LinkerVersion: 9.0 MIMEType: application/octet-stream MachineType: Intel 386 or later, and compatibles OSVersion: 5.0 PEType: PE32 Subsystem: Windows GUI SubsystemVersion: 5.0 TimeStamp: 2010:02:10 03:58:11+01:00 UninitializedDataSize: 0 VT Community[/code] not reviewed Safety score: - Compact Print results Antivirus Version Last Update Result AhnLab-V3 2010.12.11.00 2010.12.10 - AntiVir 7.10.14.255 2010.12.10 - Antiy-AVL 2.0.3.7 2010.12.11 - Avast 4.8.1351.0 2010.12.10 - Avast5 5.0.677.0 2010.12.10 - AVG 9.0.0.851 2010.12.11 - BitDefender 7.2 2010.12.11 - CAT-QuickHeal 11.00 2010.12.10 - ClamAV 0.96.4.0 2010.12.10 - Command 5.2.11.5 2010.12.11 - Comodo 7018 2010.12.11 - DrWeb 5.0.2.03300 2010.12.11 - Emsisoft 5.1.0.1 2010.12.10 - eSafe 7.0.17.0 2010.12.09 - eTrust-Vet 36.1.8034 2010.12.10 - F-Prot 4.6.2.117 2010.12.11 - F-Secure 9.0.16160.0 2010.12.11 - Fortinet 4.2.254.0 2010.12.10 - GData 21 2010.12.11 - Ikarus T3.1.1.90.0 2010.12.10 - Jiangmin 13.0.900 2010.12.10 - K7AntiVirus 9.71.3211 2010.12.10 - Kaspersky 7.0.0.125 2010.12.11 - McAfee 5.400.0.1158 2010.12.11 - McAfee-GW-Edition 2010.1C 2010.12.11 - Microsoft 1.6402 2010.12.10 - NOD32 5693 2010.12.10 - Norman 6.06.12 2010.12.10 - nProtect 2010-12-10.01 2010.12.10 - Panda 10.0.2.7 2010.12.10 - PCTools 7.0.3.5 2010.12.11 - Prevx 3.0 2010.12.11 - Rising 22.77.04.00 2010.12.11 - Sophos 4.60.0 2010.12.11 - SUPERAntiSpyware 4.40.0.1006 2010.12.11 - Symantec 20101.3.0.103 2010.12.11 - TheHacker 6.7.0.1.098 2010.12.11 - TrendMicro 9.120.0.1004 2010.12.10 - TrendMicro-HouseCall 9.120.0.1004 2010.12.11 - VBA32 3.12.14.2 2010.12.10 - VIPRE 7597 2010.12.11 - ViRobot 2010.12.10.4194 2010.12.10 - VirusBuster 13.6.86.0 2010.12.10 - Additional information Show all MD5 : e634f6e51ecbc0138f5501481d1b5e8c SHA1 : c70043acc312a10eb9c3ec2e89f104cc5dd87b56 SHA256: 1cba933815f55d6342d058f86804aa30e72f9bac634d8a1619f908d593d32a0f ssdeep: 96:4JYV9cZenmcHJ74WudxKJqlA++Gx/Gi2G2:CYurcHJ74WcKJAA0sa File size : 4608 bytes First seen: 2009-09-05 16:59:21 Last seen : 2010-12-11 01:58:16 TrID: Win32 Executable Generic (42.3%) Win32 Dynamic Link Library (generic) (37.6%) Generic Win/DOS Executable (9.9%) DOS Executable Generic (9.9%) Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%) sigcheck: publisher....: n/a copyright....: n/a product......: n/a description..: n/a original name: n/a internal name: n/a file version.: n/a comments.....: n/a signers......: - signing date.: - verified.....: Unsigned PEInfo: PE structure information [[ basic data ]] entrypointaddress: 0x11B5 timedatestamp....: 0x4A5745C6 (Fri Jul 10 13:44:38 2009) machinetype......: 0x14c (I386) [[ 4 section(s) ]] name, viradd, virsiz, rawdsiz, ntropy, md5 .text, 0x1000, 0x631, 0x800, 4.48, e75e716170bfbe465963f9165c4d34d3 .data, 0x2000, 0x4, 0x0, 0.00, d41d8cd98f00b204e9800998ecf8427e .rsrc, 0x3000, 0x350, 0x400, 3.28, df619c6406b1c252c12bef36196dcec1 .reloc, 0x4000, 0x5E, 0x200, 0.88, 5bf9bc7fb3d9665d5f25950963154069 [[ 3 import(s) ]] KERNEL32.dll: GetLastError, ExitProcess, GetSystemDefaultLCID USER32.dll: LoadStringW ADVAPI32.dll: RegSetValueExW, RegOpenKeyExW [[ 2 export(s) ]] DllMain, HdmiCoInstaller ExifTool: file metadata CodeSize: 2048 EntryPoint: 0x11b5 FileSize: 4.5 kB FileType: Win32 DLL ImageVersion: 6.0 InitializedDataSize: 2048 LinkerVersion: 8.0 MIMEType: application/octet-stream MachineType: Intel 386 or later, and compatibles OSVersion: 6.0 PEType: PE32 Subsystem: Windows command line SubsystemVersion: 6.0 TimeStamp: 2009:07:10 15:44:38+02:00 UninitializedDataSize: 0 VT Community

Code: Tout sélectionner: 0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is goodware. 0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is malware. File name: iglhsip32.dll Submission date: 2010-12-11 01:59:48 (UTC) Current status: queued (#16) queued analysing finished Result: 0/ 43 (0.0%) VT Community not reviewed Safety score: - Compact Print results Antivirus Version Last Update Result AhnLab-V3 2010.12.11.00 2010.12.10 - AntiVir 7.10.14.255 2010.12.10 - Antiy-AVL 2.0.3.7 2010.12.11 - Avast 4.8.1351.0 2010.12.10 - Avast5 5.0.677.0 2010.12.10 - AVG 9.0.0.851 2010.12.11 - BitDefender 7.2 2010.12.11 - CAT-QuickHeal 11.00 2010.12.10 - ClamAV 0.96.4.0 2010.12.10 - Command 5.2.11.5 2010.12.11 - Comodo 7018 2010.12.11 - DrWeb 5.0.2.03300 2010.12.11 - Emsisoft 5.1.0.1 2010.12.10 - eSafe 7.0.17.0 2010.12.09 - eTrust-Vet 36.1.8034 2010.12.10 - F-Prot 4.6.2.117 2010.12.11 - F-Secure 9.0.16160.0 2010.12.11 - Fortinet 4.2.254.0 2010.12.10 - GData 21 2010.12.11 - Ikarus T3.1.1.90.0 2010.12.10 - Jiangmin 13.0.900 2010.12.10 - K7AntiVirus 9.71.3211 2010.12.10 - Kaspersky 7.0.0.125 2010.12.11 - McAfee 5.400.0.1158 2010.12.11 - McAfee-GW-Edition 2010.1C 2010.12.11 - Microsoft 1.6402 2010.12.10 - NOD32 5693 2010.12.10 - Norman 6.06.12 2010.12.10 - nProtect 2010-12-10.01 2010.12.10 - Panda 10.0.2.7 2010.12.10 - PCTools 7.0.3.5 2010.12.11 - Prevx 3.0 2010.12.11 - Rising 22.77.04.00 2010.12.11 - Sophos 4.60.0 2010.12.11 - SUPERAntiSpyware 4.40.0.1006 2010.12.11 - Symantec 20101.3.0.103 2010.12.11 - TheHacker 6.7.0.1.098 2010.12.11 - TrendMicro 9.120.0.1004 2010.12.10 - TrendMicro-HouseCall 9.120.0.1004 2010.12.11 - VBA32 3.12.14.2 2010.12.10 - VIPRE 7598 2010.12.11 - ViRobot 2010.12.10.4194 2010.12.10 - VirusBuster 13.6.86.0 2010.12.10 - Additional information Show all MD5 : 91706163801ab8f3a3ece7d59b758396 SHA1 : 3b3ce4aa09100e4b7ad435b613f65580f6ae45f9 SHA256: a5bfc887cb312436b103437d6c0bf38e7cb1ba2559f56d5dd436ce3671a8e98b ssdeep: 3072:pPnlJEMtMu9RlzV49hcJeUmsGCBtupnsdpyqOL85OtIgkt5BhgoTRmId:dlAu9nzFbNBtL dfOL3ctzH File size : 208896 bytes First seen: 2010-01-09 06:43:10 Last seen : 2010-12-11 01:59:48 TrID: Win32 EXE PECompact compressed (generic) (41.8%) Win32 Executable MS Visual C++ (generic) (37.9%) Win32 Executable Generic (8.5%) Win32 Dynamic Link Library (generic) (7.6%) Generic Win/DOS Executable (2.0%) sigcheck: publisher....: n/a copyright....: n/a product......: n/a description..: n/a original name: n/a internal name: n/a file version.: n/a comments.....: n/a signers......: - signing date.: - verified.....: Unsigned PEInfo: PE structure information [[ basic data ]] entrypointaddress: 0x152C timedatestamp....: 0x4AF29941 (Thu Nov 05 09:22:09 2009) machinetype......: 0x14c (I386) [[ 5 section(s) ]] name, viradd, virsiz, rawdsiz, ntropy, md5 .text, 0x1000, 0x6504, 0x7000, 6.25, c5c6139088519cba217e11fe8af48bfa .rdata, 0x8000, 0x1BB8, 0x2000, 5.05, 0d4be8d2875edb8578f6381f96f9dbbe .data, 0xA000, 0x185C, 0x1000, 2.09, 889abb9db8069c8c5c661af12123c69e .rsrc, 0xC000, 0x26A18, 0x27000, 7.94, 4682ab41401aba24a0bef62004a5a744 .reloc, 0x33000, 0xE20, 0x1000, 3.81, ce8c81ea49fb5a98740aae53465541b5 [[ 1 import(s) ]] KERNEL32.dll: FindResourceW, LoadResource, SizeofResource, LockResource, GetCurrentThreadId, GetCommandLineA, HeapFree, GetVersionExA, HeapAlloc, GetProcessHeap, TerminateProcess, GetCurrentProcess, UnhandledExceptionFilter, SetUnhandledExceptionFilter, IsDebuggerPresent, GetProcAddress, GetModuleHandleA, ExitProcess, TlsGetValue, TlsAlloc, TlsSetValue, TlsFree, InterlockedIncrement, SetLastError, GetLastError, InterlockedDecrement, Sleep, SetHandleCount, GetStdHandle, GetFileType, GetStartupInfoA, DeleteCriticalSection, GetModuleFileNameA, FreeEnvironmentStringsA, GetEnvironmentStrings, FreeEnvironmentStringsW, WideCharToMultiByte, GetEnvironmentStringsW, HeapDestroy, HeapCreate, VirtualFree, QueryPerformanceCounter, GetTickCount, GetCurrentProcessId, GetSystemTimeAsFileTime, WriteFile, LeaveCriticalSection, EnterCriticalSection, LoadLibraryA, InitializeCriticalSection, GetCPInfo, GetACP, GetOEMCP, VirtualAlloc, HeapReAlloc, RtlUnwind, HeapSize, MultiByteToWideChar, GetLocaleInfoA, GetStringTypeA, GetStringTypeW, LCMapStringA, LCMapStringW [[ 1 export(s) ]] DoProvisioning ExifTool: file metadata CodeSize: 28672 EntryPoint: 0x152c FileSize: 204 kB FileType: Win32 DLL ImageVersion: 0.0 InitializedDataSize: 180224 LinkerVersion: 8.0 MIMEType: application/octet-stream MachineType: Intel 386 or later, and compatibles OSVersion: 4.0 PEType: PE32 Subsystem: Windows GUI SubsystemVersion: 4.0 TimeStamp: 2009:11:05 10:22:09+01:00 UninitializedDataSize: 0 VT Community

Code: Tout sélectionner: 0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is goodware. 0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is malware. File name: iglhcp32.dll Submission date: 2010-12-11 02:00:22 (UTC) Current status: queued queued analysing finished Result: 0/ 43 (0.0%) VT Community not reviewed Safety score: - Compact Print results Antivirus Version Last Update Result AhnLab-V3 2010.12.11.00 2010.12.10 - AntiVir 7.10.14.255 2010.12.10 - Antiy-AVL 2.0.3.7 2010.12.11 - Avast 4.8.1351.0 2010.12.10 - Avast5 5.0.677.0 2010.12.10 - AVG 9.0.0.851 2010.12.11 - BitDefender 7.2 2010.12.11 - CAT-QuickHeal 11.00 2010.12.10 - ClamAV 0.96.4.0 2010.12.10 - Command 5.2.11.5 2010.12.11 - Comodo 7018 2010.12.11 - DrWeb 5.0.2.03300 2010.12.11 - Emsisoft 5.1.0.1 2010.12.10 - eSafe 7.0.17.0 2010.12.09 - eTrust-Vet 36.1.8034 2010.12.10 - F-Prot 4.6.2.117 2010.12.11 - F-Secure 9.0.16160.0 2010.12.11 - Fortinet 4.2.254.0 2010.12.10 - GData 21 2010.12.11 - Ikarus T3.1.1.90.0 2010.12.10 - Jiangmin 13.0.900 2010.12.10 - K7AntiVirus 9.71.3211 2010.12.10 - Kaspersky 7.0.0.125 2010.12.11 - McAfee 5.400.0.1158 2010.12.11 - McAfee-GW-Edition 2010.1C 2010.12.11 - Microsoft 1.6402 2010.12.10 - NOD32 5693 2010.12.10 - Norman 6.06.12 2010.12.10 - nProtect 2010-12-10.01 2010.12.10 - Panda 10.0.2.7 2010.12.10 - PCTools 7.0.3.5 2010.12.11 - Prevx 3.0 2010.12.11 - Rising 22.77.04.00 2010.12.11 - Sophos 4.60.0 2010.12.11 - SUPERAntiSpyware 4.40.0.1006 2010.12.11 - Symantec 20101.3.0.103 2010.12.11 - TheHacker 6.7.0.1.098 2010.12.11 - TrendMicro 9.120.0.1004 2010.12.10 - TrendMicro-HouseCall 9.120.0.1004 2010.12.11 - VBA32 3.12.14.2 2010.12.10 - VIPRE 7598 2010.12.11 - ViRobot 2010.12.10.4194 2010.12.10 - VirusBuster 13.6.86.0 2010.12.10 - Additional information Show all MD5 : b5fa6f410658a8e914cfcbcfaa9f0aae SHA1 : 4160137e9dda4b8a175567ebdb9a7832a858c137 SHA256: 2f3adf0c0b3d4579da404f6b34271771996e08969c1c1cd26becb728af5cb0ff ssdeep: 1536:Vmzf1Hb8kOf/MDJCRkjsBLWw1rTWeOjlExtdmA3IzqaV5/6jCzuhBwB0u2F:VmzKkAjHNp 1xxvp3IzJzCCzwBwB0u2F File size : 143360 bytes First seen: 2010-01-08 17:41:40 Last seen : 2010-12-11 02:00:22 TrID: Win32 Executable MS Visual C++ (generic) (65.2%) Win32 Executable Generic (14.7%) Win32 Dynamic Link Library (generic) (13.1%) Generic Win/DOS Executable (3.4%) DOS Executable Generic (3.4%) sigcheck: publisher....: n/a copyright....: n/a product......: n/a description..: n/a original name: n/a internal name: n/a file version.: n/a comments.....: n/a signers......: - signing date.: - verified.....: Unsigned PEInfo: PE structure information [[ basic data ]] entrypointaddress: 0x701C timedatestamp....: 0x4AF29960 (Thu Nov 05 09:22:40 2009) machinetype......: 0x14c (I386) [[ 4 section(s) ]] name, viradd, virsiz, rawdsiz, ntropy, md5 .text, 0x1000, 0x178B2, 0x18000, 6.67, e2dfe09938a88632766d64dab984bd2e .rdata, 0x19000, 0x4B80, 0x5000, 5.04, ee2d3a9c5a65e6b3e378a22e58cf01fb .data, 0x1E000, 0x35D8, 0x2000, 3.18, 6f36ba099be737c9e55a79a010673cc6 .reloc, 0x22000, 0x2084, 0x3000, 3.77, b97efe5c8a63906b1a9ef97a7f753864 [[ 3 import(s) ]] KERNEL32.dll: FreeLibrary, LoadLibraryW, GetProcAddress, GetCurrentProcess, GetProcessId, FlushFileBuffers, CloseHandle, CreateFileA, LCMapStringW, LCMapStringA, WriteConsoleW, GetConsoleOutputCP, WriteConsoleA, SetStdHandle, InterlockedExchange, GetLocaleInfoW, LoadLibraryA, GetLastError, HeapFree, TerminateProcess, UnhandledExceptionFilter, SetUnhandledExceptionFilter, IsDebuggerPresent, GetCurrentThreadId, GetCommandLineA, GetVersionExA, HeapAlloc, GetProcessHeap, HeapDestroy, HeapCreate, VirtualFree, DeleteCriticalSection, LeaveCriticalSection, EnterCriticalSection, VirtualAlloc, HeapReAlloc, InterlockedIncrement, InterlockedDecrement, GetModuleHandleA, TlsGetValue, TlsAlloc, TlsSetValue, TlsFree, SetLastError, RaiseException, WriteFile, GetStdHandle, GetModuleFileNameA, Sleep, HeapSize, ExitProcess, SetHandleCount, GetFileType, GetStartupInfoA, FreeEnvironmentStringsA, GetEnvironmentStrings, FreeEnvironmentStringsW, WideCharToMultiByte, GetEnvironmentStringsW, QueryPerformanceCounter, GetTickCount, GetCurrentProcessId, GetSystemTimeAsFileTime, SetFilePointer, GetConsoleCP, GetConsoleMode, GetCPInfo, GetACP, GetOEMCP, InitializeCriticalSection, RtlUnwind, GetUserDefaultLCID, GetLocaleInfoA, EnumSystemLocalesA, IsValidLocale, IsValidCodePage, GetStringTypeA, MultiByteToWideChar, GetStringTypeW ole32.dll: CoUninitialize, CoSetProxyBlanket, CoCreateInstance, CoInitialize OLEAUT32.dll: -, -, -, -, -, -, -, -, -, -, - [[ 3 export(s) ]] PavpCleanup, PavpInit, StartIo ExifTool: file metadata CodeSize: 98304 EntryPoint: 0x701c FileSize: 140 kB FileType: Win32 DLL ImageVersion: 0.0 InitializedDataSize: 49152 LinkerVersion: 8.0 MIMEType: application/octet-stream MachineType: Intel 386 or later, and compatibles OSVersion: 4.0 PEType: PE32 Subsystem: Windows GUI SubsystemVersion: 4.0 TimeStamp: 2009:11:05 10:22:40+01:00 UninitializedDataSize: 0 VT Community [code]0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is goodware. 0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is malware. File name: LPRES.DLL Submission date: 2010-12-11 01:52:59 (UTC) Current status: queued (#10) queued (#10) analysing finished Result: 0/ 43 (0.0%) VT Community not reviewed Safety score: - Compact Print results Antivirus Version Last Update Result AhnLab-V3 2010.12.11.00 2010.12.10 - AntiVir 7.10.14.255 2010.12.10 - Antiy-AVL 2.0.3.7 2010.12.11 - Avast 4.8.1351.0 2010.12.10 - Avast5 5.0.677.0 2010.12.10 - AVG 9.0.0.851 2010.12.11 - BitDefender 7.2 2010.12.11 - CAT-QuickHeal 11.00 2010.12.10 - ClamAV 0.96.4.0 2010.12.10 - Command 5.2.11.5 2010.12.11 - Comodo 7018 2010.12.11 - DrWeb 5.0.2.03300 2010.12.11 - Emsisoft 5.1.0.1 2010.12.10 - eSafe 7.0.17.0 2010.12.09 - eTrust-Vet 36.1.8034 2010.12.10 - F-Prot 4.6.2.117 2010.12.11 - F-Secure 9.0.16160.0 2010.12.11 - Fortinet 4.2.254.0 2010.12.10 - GData 21 2010.12.11 - Ikarus T3.1.1.90.0 2010.12.10 - Jiangmin 13.0.900 2010.12.10 - K7AntiVirus 9.71.3211 2010.12.10 - Kaspersky 7.0.0.125 2010.12.11 - McAfee 5.400.0.1158 2010.12.11 - McAfee-GW-Edition 2010.1C 2010.12.11 - Microsoft 1.6402 2010.12.10 - NOD32 5693 2010.12.10 - Norman 6.06.12 2010.12.10 - nProtect 2010-12-10.01 2010.12.10 - Panda 10.0.2.7 2010.12.10 - PCTools 7.0.3.5 2010.12.11 - Prevx 3.0 2010.12.11 - Rising 22.77.04.00 2010.12.11 - Sophos 4.60.0 2010.12.11 - SUPERAntiSpyware 4.40.0.1006 2010.12.11 - Symantec 20101.3.0.103 2010.12.11 - TheHacker 6.7.0.1.098 2010.12.11 - TrendMicro 9.120.0.1004 2010.12.10 - TrendMicro-HouseCall 9.120.0.1004 2010.12.11 - VBA32 3.12.14.2 2010.12.10 - VIPRE 7597 2010.12.11 - ViRobot 2010.12.10.4194 2010.12.10 - VirusBuster 13.6.86.0 2010.12.10 - Additional information Show all MD5 : 2c3b6ebb05284c3d11942df7ec6396b2 SHA1 : fcbcde67f91398385099415071d6e447d455b8f2 SHA256: 6b7444801ce821147eea27d8dde6b4ae54189ebca9b2fabf5b48581b7bb8aa09 ssdeep: 192:dhnVTKTgTyThmTaFTST+T/QTRT5TfTSTgTJTPTETFyThmTnTaFTbETkT+ThTpTXQ:D1t File size : 12800 bytes First seen: 2010-06-15 01:29:29 Last seen : 2010-12-11 01:52:59 TrID: Generic Win/DOS Executable (49.9%) DOS Executable Generic (49.8%) Autodesk FLIC Image File (extensions: flc, fli, cel) (0.1%) sigcheck: publisher....: n/a copyright....: n/a product......: n/a description..: n/a original name: n/a internal name: n/a file version.: n/a comments.....: n/a signers......: - signing date.: - verified.....: Unsigned PEInfo: PE structure information [[ basic data ]] entrypointaddress: 0x0 timedatestamp....: 0x4B7220C3 (Wed Feb 10 02:58:11 2010) machinetype......: 0x14c (I386) [[ 2 section(s) ]] name, viradd, virsiz, rawdsiz, ntropy, md5 .rdata, 0x1000, 0x64, 0x200, 1.45, c22cc996c25e1694d48389778f51d60f .rsrc, 0x2000, 0x2DD0, 0x2E00, 3.55, 5f07fabc0ad79be77b9d208206153956 ExifTool: file metadata CodeSize: 0 EntryPoint: 0x0000 FileSize: 12 kB FileType: Win32 DLL ImageVersion: 0.0 InitializedDataSize: 12288 LinkerVersion: 9.0 MIMEType: application/octet-stream MachineType: Intel 386 or later, and compatibles OSVersion: 5.0 PEType: PE32 Subsystem: Windows GUI SubsystemVersion: 5.0 TimeStamp: 2010:02:10 03:58:11+01:00 UninitializedDataSize: 0 VT Community

alceus · le 11 Déc 2010 03:06

et le dernier !! :

Code: Tout sélectionner: 0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is goodware. 0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is malware. File name: LPRES.DLL Submission date: 2010-12-11 01:52:59 (UTC) Current status: queued (#10) queued (#10) analysing finished Result: 0/ 43 (0.0%) VT Community not reviewed Safety score: - Compact Print results Antivirus Version Last Update Result AhnLab-V3 2010.12.11.00 2010.12.10 - AntiVir 7.10.14.255 2010.12.10 - Antiy-AVL 2.0.3.7 2010.12.11 - Avast 4.8.1351.0 2010.12.10 - Avast5 5.0.677.0 2010.12.10 - AVG 9.0.0.851 2010.12.11 - BitDefender 7.2 2010.12.11 - CAT-QuickHeal 11.00 2010.12.10 - ClamAV 0.96.4.0 2010.12.10 - Command 5.2.11.5 2010.12.11 - Comodo 7018 2010.12.11 - DrWeb 5.0.2.03300 2010.12.11 - Emsisoft 5.1.0.1 2010.12.10 - eSafe 7.0.17.0 2010.12.09 - eTrust-Vet 36.1.8034 2010.12.10 - F-Prot 4.6.2.117 2010.12.11 - F-Secure 9.0.16160.0 2010.12.11 - Fortinet 4.2.254.0 2010.12.10 - GData 21 2010.12.11 - Ikarus T3.1.1.90.0 2010.12.10 - Jiangmin 13.0.900 2010.12.10 - K7AntiVirus 9.71.3211 2010.12.10 - Kaspersky 7.0.0.125 2010.12.11 - McAfee 5.400.0.1158 2010.12.11 - McAfee-GW-Edition 2010.1C 2010.12.11 - Microsoft 1.6402 2010.12.10 - NOD32 5693 2010.12.10 - Norman 6.06.12 2010.12.10 - nProtect 2010-12-10.01 2010.12.10 - Panda 10.0.2.7 2010.12.10 - PCTools 7.0.3.5 2010.12.11 - Prevx 3.0 2010.12.11 - Rising 22.77.04.00 2010.12.11 - Sophos 4.60.0 2010.12.11 - SUPERAntiSpyware 4.40.0.1006 2010.12.11 - Symantec 20101.3.0.103 2010.12.11 - TheHacker 6.7.0.1.098 2010.12.11 - TrendMicro 9.120.0.1004 2010.12.10 - TrendMicro-HouseCall 9.120.0.1004 2010.12.11 - VBA32 3.12.14.2 2010.12.10 - VIPRE 7597 2010.12.11 - ViRobot 2010.12.10.4194 2010.12.10 - VirusBuster 13.6.86.0 2010.12.10 - Additional information Show all MD5 : 2c3b6ebb05284c3d11942df7ec6396b2 SHA1 : fcbcde67f91398385099415071d6e447d455b8f2 SHA256: 6b7444801ce821147eea27d8dde6b4ae54189ebca9b2fabf5b48581b7bb8aa09 ssdeep: 192:dhnVTKTgTyThmTaFTST+T/QTRT5TfTSTgTJTPTETFyThmTnTaFTbETkT+ThTpTXQ:D1t File size : 12800 bytes First seen: 2010-06-15 01:29:29 Last seen : 2010-12-11 01:52:59 TrID: Generic Win/DOS Executable (49.9%) DOS Executable Generic (49.8%) Autodesk FLIC Image File (extensions: flc, fli, cel) (0.1%) sigcheck: publisher....: n/a copyright....: n/a product......: n/a description..: n/a original name: n/a internal name: n/a file version.: n/a comments.....: n/a signers......: - signing date.: - verified.....: Unsigned PEInfo: PE structure information [[ basic data ]] entrypointaddress: 0x0 timedatestamp....: 0x4B7220C3 (Wed Feb 10 02:58:11 2010) machinetype......: 0x14c (I386) [[ 2 section(s) ]] name, viradd, virsiz, rawdsiz, ntropy, md5 .rdata, 0x1000, 0x64, 0x200, 1.45, c22cc996c25e1694d48389778f51d60f .rsrc, 0x2000, 0x2DD0, 0x2E00, 3.55, 5f07fabc0ad79be77b9d208206153956 ExifTool: file metadata CodeSize: 0 EntryPoint: 0x0000 FileSize: 12 kB FileType: Win32 DLL ImageVersion: 0.0 InitializedDataSize: 12288 LinkerVersion: 9.0 MIMEType: application/octet-stream MachineType: Intel 386 or later, and compatibles OSVersion: 5.0 PEType: PE32 Subsystem: Windows GUI SubsystemVersion: 5.0 TimeStamp: 2010:02:10 03:58:11+01:00 UninitializedDataSize: 0 VT Community

Probleme de mails intempestifs ( envoi/reception) • page 2

Re: Probleme de mails intempestifs ( envoi/reception)

Re: Probleme de mails intempestifs ( envoi/reception)

Re: Probleme de mails intempestifs ( envoi/reception)

Re: Probleme de mails intempestifs ( envoi/reception)

Re: Probleme de mails intempestifs ( envoi/reception)

Re: Probleme de mails intempestifs ( envoi/reception)

Re: Probleme de mails intempestifs ( envoi/reception)

Re: Probleme de mails intempestifs ( envoi/reception)

Re: Probleme de mails intempestifs ( envoi/reception)

Re: Probleme de mails intempestifs ( envoi/reception)

Re: Probleme de mails intempestifs ( envoi/reception)

Re: Probleme de mails intempestifs ( envoi/reception)

Re: Probleme de mails intempestifs ( envoi/reception)

Re: Probleme de mails intempestifs ( envoi/reception)

Re: Probleme de mails intempestifs ( envoi/reception)

Sujets similaires

Qui est en ligne