bonjour j'espere que vous aurez la solution a mon probleme!
avast m'indique que ce fichier est infecter
C:\WINDOWS\system32\MSWDNS32.exe , et il ne peut ni le mettre en quarantaine
ni le supprimer !
Je n'ai plus acces a internet je pense que ca vient de là !!! d'ailleur quand j'ouvre IE dans la
barre il y a "www.go.microsoft....... " et ce n'est pas ma page d'accueil!!
je vous poste un rapport Hijack: ( merci pour votre aide )
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 18:35:51, on 27/03/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Generic\USB Card Reader Driver v1.9e3\Disk_Monitor.exe
C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\rasman32.exe
C:\Program Files\Messenger\MSMSGS.EXE
C:\PROGRA~1\INCRED~1\bin\IMAPP.EXE
C:\WINDOWS\system32\MSWDNS32.exe
C:\WINDOWS\system32\MSWDNS32.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Hijackthis\HiJackThis_v2.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Disk Monitor] C:\Program Files\Generic\USB Card Reader Driver v1.9e3\Disk_Monitor.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [MS Domain Name System] MSWDNS32.exe
O4 - HKLM\..\Run: [rasman] C:\WINDOWS\system32\rasman32.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\RunServices: [MS Domain Name System] MSWDNS32.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [rasman] C:\WINDOWS\system32\rasman32.exe
O4 - HKCU\..\Run: [MS Domain Name System] MSWDNS32.exe
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://GLOBAL.ACER.COM/
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/window [...] 4326750531
O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\System32\imapi.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\System32\mnmsrvc.exe
O23 - Service: Network helper Service (MSDisk) - Unknown owner - C:\WINDOWS\System32\irdvxc.exe (file missing)
O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\System32\wbem\wmiapsrv.exe
--
End of file - 6340 bytes
Bonjour,
Télécharge Clean.zip (de Malekal),
Décompresse-le sur ton bureau (Clique-Droit/Extraire tout), tu dois obtenir un dossier Clean.
Ouvre le dossier clean, double-clique sur clean.cmd.
Choisis l'option 1 puis patiente. Poste ensuite le contenu du rapport.
Répondre à Angeldark
ok merci j'ai fait ca voila le rapport!
Rapport clean par Malekal_morte - http://www.malekal.com
Option 1, executee le 29/03/2007 a 14:35:44,54
*** Recherche de fichiers sur C:
*** Recherche des fichiers dans C:\WINDOWS\
*** Recherche des fichiers dans C:\WINDOWS\system32
C:\WINDOWS\system32\a.exe FOUND
*** Fin du rapport !
Re,
Poste un rapport Hijackthis avec l'ancienne version :
http://www.merijn.org/files/hijackthis.zip
Répondre à Angeldark
ok je v faire ca mais c'est pas mon ordi et je part pour le week end je posterai ca lundi soir merci de pas me laisser tomber
Pas de problème 
Répondre à Angeldark
bonjour voici un nouveau rapport Hijackthis avec l'ancienne version :
Logfile of HijackThis v1.99.1
Scan saved at 17:59:07, on 02/04/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Generic\USB Card Reader Driver v1.9e3\Disk_Monitor.exe
C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\rasman32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Messenger\MSMSGS.EXE
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\INCRED~1\bin\IMAPP.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Disk Monitor] C:\Program Files\Generic\USB Card Reader Driver v1.9e3\Disk_Monitor.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [MS Domain Name System] MSWDNS32.exe
O4 - HKLM\..\Run: [rasman] C:\WINDOWS\system32\rasman32.exe
O4 - HKLM\..\RunServices: [MS Domain Name System] MSWDNS32.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [rasman] C:\WINDOWS\system32\rasman32.exe
O4 - HKCU\..\Run: [MS Domain Name System] MSWDNS32.exe
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://GLOBAL.ACER.COM/
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/window [...] 4326750531
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: Network helper Service (MSDisk) - Unknown owner - C:\WINDOWS\System32\irdvxc.exe" /service (file missing)
merci de votre aide
Re,
Télécharge SDFix (créé par AndyManchesta) et sauvegarde le sur ton Bureau.
Double clique sur SDFix.exe et choisis Install pour l'extraire sur le Bureau.
Redémarre en mode sans échec
- Ouvre le dossier SDFix qui vient d'être créé à la racine de ton dique dur (C:) et double clique sur RunThis.bat pour lancer le script.
- Appuie sur Y pour commencer le processus de nettoyage.
- Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis te demandera d'appuyer sur une touche pour redémarrer.
- Appuie sur une touche pour redémarrer le PC.
- Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.
- Après le chargement du Bureau, l'outil terminera son travail et affichera Finished.
- Appuie sur une touche pour finir l'exécution du script et charger les icônes de ton Bureau.
- Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt.
- Enfin, copie/colle le contenu du fichier Report.txt dans ta prochaine réponse sur le forum, avec un nouveau log Hijackthis.
Répondre à Angeldark
merci de ces reponses rapide voici le rapport SDFIX :
SDFix: Version 1.76
Run by Administrateur - 02/04/2007 - 18:47:10,81
Microsoft Windows XP [version 5.1.2600]
Running From: C:\SDFix
Safe Mode:
Checking Services:
Name:
MSDisk
ImagePath:
"C:\WINDOWS\System32\irdvxc.exe" /service
MSDisk Deleted
Restoring Windows Registry Entries
Restoring Default Hosts File
Rebooting...
Normal Mode:
Checking Files:
Below files will be copied to Backups folder then removed:
C:\WINDOWS\system32\.exe - Deleted
C:\WINDOWS\system32\.exe - Deleted
C:\WINDOWS\system32\MSWDNS32.exe - Deleted
ADS Check:
C:\WINDOWS\system32
No streams found.
Final Check:
Remaining Services:
------------------
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\\WINDOWS\\System32\\MSWDNS32.exe"="C:\\WINDOWS\\system32\\MSWDNS32.exe:*:Enabled:MS Domain Name System"
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\IncrediMail\\bin\\IncMail.exe"="C:\\Program Files\\IncrediMail\\bin\\IncMail.exe:*:Enabled:IncrediMail"
"C:\\Program Files\\IncrediMail\\bin\\IMApp.exe"="C:\\Program Files\\IncrediMail\\bin\\IMApp.exe:*:Enabled:IncrediMail"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
Remaining Files:
---------------
Backups Folder: - C:\SDFix\backups\backups.zip
Checking For Files with Hidden Attributes :
C:\WINDOWS\system32\NTICDMK32.dll
Finished
et le nouveau Hijack :
Logfile of HijackThis v1.99.1
Scan saved at 18:58:58, on 02/04/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Generic\USB Card Reader Driver v1.9e3\Disk_Monitor.exe
C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\rasman32.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Messenger\MSMSGS.EXE
C:\PROGRA~1\INCRED~1\bin\IMAPP.EXE
C:\Program Files\Hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Disk Monitor] C:\Program Files\Generic\USB Card Reader Driver v1.9e3\Disk_Monitor.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [rasman] C:\WINDOWS\system32\rasman32.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [rasman] C:\WINDOWS\system32\rasman32.exe
O4 - HKCU\..\Run: [MS Domain Name System] MSWDNS32.exe
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://GLOBAL.ACER.COM/
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/window [...] 4326750531
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
merci
Re,
- Lance Hijackthis ->Do a system scan only
->Coche les lignes ci-dessous :
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [rasman] C:\WINDOWS\system32\rasman32.exe
O4 - HKCU\..\Run: [rasman] C:\WINDOWS\system32\rasman32.exe
O4 - HKCU\..\Run: [MS Domain Name System] MSWDNS32.exe
Clique sur Fix checked (en bas à gauche)
Télécharge OTMoveIt (d'OldTimer). Sauvegarde-le sur ton Bureau.
Sélectionne TOUS les emplacements en gras ci-dessous :
C:\WINDOWS\system32\rasman32.exe
C:\WINDOWS\system32\MSWDNS32.exe
---> Clique-droit puis Copier
Double-clique sur OTMoveIt.exe afin de le lancer.
Fais un Clique-droit sur le cadre de gauche puis choisis Coller.
Clique maintenant sur MoveIt!
! Si un fichier ou dossier ne peut être supprimé immédiatement, le logiciel te demandera de redémarrer. Accepte en cliquant sur YES !
Poste le rapport situé dans ce dossier : C:\_OTMoveIt\MovedFiles\
Le nom du rapport est la date de sa création.
Répondre à Angeldark
merci voici le rapport:
C:\WINDOWS\system32\rasman32.exe moved successfully.
File/Folder C:\WINDOWS\system32\MSWDNS32.exe not found.
Created on 04/02/2007 20:07:33
Reposte un rapport Hijackthis.
Répondre à Angeldark
voila:
Logfile of HijackThis v1.99.1
Scan saved at 21:15:58, on 02/04/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Generic\USB Card Reader Driver v1.9e3\Disk_Monitor.exe
C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Messenger\MSMSGS.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Disk Monitor] C:\Program Files\Generic\USB Card Reader Driver v1.9e3\Disk_Monitor.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://GLOBAL.ACER.COM/
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/window [...] 4326750531
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
Re,
- Fais un scan en ligne Kaspersky avec Internet Explorer :
- Clique sur
- Clique maintenant sur J'accepte.
- Valide l'installation d'un ou de plusieurs ActiveX si c'est nécessaire.
- Patiente pendant l'installation des Mises à jour.
- Choisis par la suite l'analyse du Poste de travail
- Sauvegarde puis colle le rapport généré en fin d'analyse.
AIDE : Tuto sur le scan en ligne
NOTE : Si tu reçois le message "La licence de Kaspersky On-line Scanner est périmée", va dans Ajout/Suppression de programmes puis désinstalle On-Line Scanner, reconnecte toi sur le site de Kaspersky pour retenter le scan en ligne.
Répondre à Angeldark
merci je vais essayer demain si mon probleme de connexion internet est resolue! car comme je le disais dans mon premier post depuis que j'ai ce vers je ne peut plus me connecter a internet!
merci de ton aide je posterai dès que j'ai du nouveau!
je compte sur ton aide bonne soirée!
bonjour , voila le rapport du scan en ligne , j'attend tes recommandations merci d'avance!
Statistiques de l'analyse
Total d'objets analysés 37113
Nombre de virus trouvés 4
Nombre d'objets infectés 69 / 0
Nombre d'objets suspects 0
Durée de l'analyse 00:21:25
Nom de l'objet infecté Nom du virus Dernière action
C:\WINDOWS\system32\config\system.LOG L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\software.LOG L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\default.LOG L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\SECURITY L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\SAM L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\SAM.LOG L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\SECURITY.LOG L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\4ZY3W7YN\dcv[1].jpg Infecté : Backdoor.Win32.VanBot.bs ignoré
C:\WINDOWS\system32\config\SYSTEM L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\SOFTWARE L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\DEFAULT L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\SysEvent.Evt L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\AppEvent.Evt L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\SecEvent.Evt L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\Antivirus.Evt L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\Internet.evt L'objet est verrouillé ignoré
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA L'objet est verrouillé ignoré
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR L'objet est verrouillé ignoré
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP L'objet est verrouillé ignoré
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP L'objet est verrouillé ignoré
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP L'objet est verrouillé ignoré
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER L'objet est verrouillé ignoré
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP L'objet est verrouillé ignoré
C:\WINDOWS\system32\CatRoot2\edb.log L'objet est verrouillé ignoré
C:\WINDOWS\system32\CatRoot2\tmp.edb L'objet est verrouillé ignoré
C:\WINDOWS\system32\a.exe Infecté : Backdoor.Win32.VanBot.bs ignoré
C:\WINDOWS\system32\h323log.txt L'objet est verrouillé ignoré
C:\WINDOWS\Temp\Perflib_Perfdata_d8.dat L'objet est verrouillé ignoré
C:\WINDOWS\Debug\PASSWD.LOG L'objet est verrouillé ignoré
C:\WINDOWS\Sti_Trace.log L'objet est verrouillé ignoré
C:\WINDOWS\wiaservc.log L'objet est verrouillé ignoré
C:\WINDOWS\wiadebug.log L'objet est verrouillé ignoré
C:\WINDOWS\SchedLgU.Txt L'objet est verrouillé ignoré
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log L'objet est verrouillé ignoré
C:\WINDOWS\SoftwareDistribution\EventCache\{68CEFACE-768F-4F5F-B728-BBC072E28167}.bin L'objet est verrouillé ignoré
C:\WINDOWS\WindowsUpdate.log L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat L'objet est verrouillé ignoré
C:\Documents and Settings\NetworkService\NTUSER.DAT L'objet est verrouillé ignoré
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré
C:\Documents and Settings\NetworkService\ntuser.dat.LOG L'objet est verrouillé ignoré
C:\Documents and Settings\LocalService\NTUSER.DAT L'objet est verrouillé ignoré
C:\Documents and Settings\LocalService\Local Settings\Historique\History.IE5\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré
C:\Documents and Settings\LocalService\Cookies\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\LocalService\ntuser.dat.LOG L'objet est verrouillé ignoré
C:\Documents and Settings\iltis laetitia\ntuser.dat.LOG L'objet est verrouillé ignoré
C:\Documents and Settings\iltis laetitia\NTUSER.DAT L'objet est verrouillé ignoré
C:\Documents and Settings\iltis laetitia\Local Settings\Historique\History.IE5\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\iltis laetitia\Local Settings\Historique\History.IE5\MSHist012007040420070405\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\iltis laetitia\Local Settings\Temporary Internet Files\Content.IE5\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\iltis laetitia\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat L'objet est verrouillé ignoré
C:\Documents and Settings\iltis laetitia\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré
C:\Documents and Settings\iltis laetitia\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré
C:\Documents and Settings\iltis laetitia\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\iltis laetitia\Local Settings\Application Data\IM\Identities\{8EC6D6E6-C75C-421A-8871-E2E94D431755}\Message Store\JunkMail.imm/[From "Magic Jackpot Casino" ][Date Mon, 05 Mar 2007 07:01:26 -0600]/html/[From "Ruben Marcum" ][Date Mon, 5 Mar 2007 17:08:53 +0200]/UNNAMED/[From Dick Blair ][Date Mon, 05 Mar 2007 19:11:18 +0300]/UNNAMED/[From "Marlis Olsen" ][Date Mon, 5 Mar 2007 18:09:08 -0060]/text/[From "Merle Prash ... /[Fr ... /[From "BB&T" ][Date Wed, 7 Mar 2007 03:24:50 +0100 (CET)]/html Infecté : Trojan-Spy.HTML.Bankfraud.ra ignoré
C:\Documents and Settings\iltis laetitia\Local Settings\Application Data\IM\Identities\{8EC6D6E6-C75C-421A-8871-E2E94D431755}\Message Store\JunkMail.imm/[From "Magic Jackpot Casino" ][Date Mon, 05 Mar 2007 07:01:26 -0600]/html/[From "Ruben Marcum" ][Date Mon, 5 Mar 2007 17:08:53 +0200]/UNNAMED/[From Dick Blair ][Date Mon, 05 Mar 2007 19:11:18 +0300]/UNNAMED/[From "Marlis Olsen" ][Date Mon, 5 Mar 2007 18:09:08 -0060]/text/[From "Merle Prash ... /[From "BB&T" ][Date Wed, 7 Mar 2007 03:24:50 +0100 (CET)]/baldpate.gif Infecté : Trojan-Spy.HTML.Bankfraud.ri ignoré
C:\Documents and Settings\iltis laetitia\Local Settings\Application Data\IM\Identities\{8EC6D6E6-C75C-421A-8871-E2E94D431755}\Message Store\JunkMail.imm/[From "Magic Jackpot Casino" ][Date Mon, 05 Mar 2007 07:01:26 -0600]/html/[From "Ruben Marcum" ][Date Mon, 5 Mar 2007 17:08:53 +0200]/UNNAMED/[From Dick Blair ][Date Mon, 05 Mar 2007 19:11:18 +0300]/UNNAMED/[From "Marlis Olsen" ][Date Mon, 5 Mar 2007 18:09:08 -0060]/text/[From "Merle Prash ... /[From " ... /[From "Pranesh Nunn" ][Date Tue, 6 Mar 2007 16:15:33 -0120]/text Infecté : Trojan-Spy.HTML.Bankfraud.ri ignoré
C:\Documents and Settings\iltis laetitia\Local Settings\Application Data\IM\Identities\{8EC6D6E6-C75C-421A-8871-E2E94D431755}\Message Store\JunkMail.imm/[From "Magic Jackpot Casino" ][Date Mon, 05 Mar 2007 07:01:26 -0600]/html/[From "Ruben Marcum" ][Date Mon, 5 Mar 2007 17:08:53 +0200]/UNNAMED/[From Dick Blair ][Date Mon, 05 Mar 2007 19:11:18 +0300]/UNNAMED/[From "Marlis Olsen" ][Date Mon, 5 Mar 2007 18:09:08 -0060]/text/[From "Merle Prash ... /[From "Katelyn Ratliff" ][Date Tue, 6 Mar 2007 23:56:07 +0900]/UNNAMED Infecté : Trojan-Spy.HTML.Bankfraud.ri ignoré
C:\Documents and Settings\iltis laetitia\Local Settings\Application Data\IM\Identities\{8EC6D6E6-C75C-421A-8871-E2E94D431755}\Message Store\JunkMail.imm/[From "Magic Jackpot Casino" ][Date Mon, 05 Mar 2007 07:01:26 -0600]/html/[From "Ruben Marcum" ][Date Mon, 5 Mar 2007 17:08:53 +0200]/UNNAMED/[From Dick Blair ][Date Mon, 05 Mar 2007 19:11:18 +0300]/UNNAMED/[From "Marlis Olsen" ][Date Mon, 5 Mar 2007 18:09:08 -0060]/text/[From "Merle Prashaw ... /[From ... /[From "Lucia Krueger" ][Date Tue, 6 Mar 2007 15:52:37 +0100]/UNNAMED Infecté : Trojan-Spy.HTML.Bankfraud.ri ignoré
C:\Documents and Settings\iltis laetitia\Local Settings\Application Data\IM\Identities\{8EC6D6E6-C75C-421A-8871-E2E94D431755}\Message Store\JunkMail.imm/[From "Magic Jackpot Casino" ][Date Mon, 05 Mar 2007 07:01:26 -0600]/html/[From "Ruben Marcum" ][Date Mon, 5 Mar 2007 17:08:53 +0200]/UNNAMED/[From Dick Blair ][Date Mon, 05 Mar 2007 19:11:18 +0300]/UNNAMED/[From "Marlis Olsen" ][Date Mon, 5 Mar 2007 18:09:08 -0060]/text/[From "Merle Prashaw ... /[From "Ofu Marlar" ][Date Tue, 6 Mar 2007 13:09:10 +0180]/text Infecté : Trojan-Spy.HTML.Bankfraud.ri ignoré
C:\Documents and Settings\iltis laetitia\Local Settings\Application Data\IM\Identities\{8EC6D6E6-C75C-421A-8871-E2E94D431755}\Message Store\JunkMail.imm/[From "Magic Jackpot Casino" ][Date Mon, 05 Mar 2007 07:01:26 -0600]/html/[From "Ruben Marcum" ][Date Mon, 5 Mar 2007 17:08:53 +0200]/UNNAMED/[From Dick Blair ][Date Mon, 05 Mar 2007 19:11:18 +0300]/UNNAMED/[From "Marlis Olsen" ][Date Mon, 5 Mar 2007 18:09:08 -0060]/text/[From "Merle Prashaw- ... / ... /[From "Shameka Torgerson" ][Date Tue, 6 Mar 2007 04:25:18 -0540]/text Infecté : Trojan-Spy.HTML.Bankfraud.ri ignoré
C:\Documents and Settings\iltis laetitia\Local Settings\Application Data\IM\Identities\{8EC6D6E6-C75C-421A-8871-E2E94D431755}\Message Store\JunkMail.imm/[From "Magic Jackpot Casino" ][Date Mon, 05 Mar 2007 07:01:26 -0600]/html/[From "Ruben Marcum" ][Date Mon, 5 Mar 2007 17:08:53 +0200]/UNNAMED/[From Dick Blair ][Date Mon, 05 Mar 2007 19:11:18 +0300]/UNNAMED/[From "Marlis Olsen" ][Date Mon, 5 Mar 2007 18:09:08 -0060]/text/[From "Merle Prashaw- ... /[From "Gases D. Glue" ][Date Mon, 05 Mar 2007 23:02:42 +0000]/UNNAMED Infecté : Trojan-Spy.HTML.Bankfraud.ri ignoré
C:\Documents and Settings\iltis laetitia\Local Settings\Application Data\IM\Identities\{8EC6D6E6-C75C-421A-8871-E2E94D431755}\Message Store\JunkMail.imm/[From "Magic Jackpot Casino" ][Date Mon, 05 Mar 2007 07:01:26 -0600]/html/[From "Ruben Marcum" ][Date Mon, 5 Mar 2007 17:08:53 +0200]/UNNAMED/[From Dick Blair ][Date Mon, 05 Mar 2007 19:11:18 +0300]/UNNAMED/[From "Marlis Olsen" ][Date Mon, 5 Mar 2007 18:09:08 -0060]/text/[From "Merle Prashaw-Pitts" ][Date Mon, 5 Mar 2007 20:23:53 -0060]/UNNAMED Infecté : Trojan-Spy.HTML.Bankfraud.ri ignoré
C:\Documents and Settings\iltis laetitia\Local Settings\Application Data\IM\Identities\{8EC6D6E6-C75C-421A-8871-E2E94D431755}\Message Store\JunkMail.imm/[From "Magic Jackpot Casino" ][Date Mon, 05 Mar 2007 07:01:26 -0600]/html/[From "Ruben Marcum" ][Date Mon, 5 Mar 2007 17:08:53 +0200]/UNNAMED/[From Dick Blair ][Date Mon, 05 Mar 2007 19:11:18 +0300]/UNNAMED/[From "Marlis Olsen" ][Date Mon, 5 Mar 2007 18:09:08 -0060]/text Infecté : Trojan-Spy.HTML.Bankfraud.ri ignoré
C:\Documents and Settings\iltis laetitia\Local Settings\Application Data\IM\Identities\{8EC6D6E6-C75C-421A-8871-E2E94D431755}\Message Store\JunkMail.imm/[From "Magic Jackpot Casino" ][Date Mon, 05 Mar 2007 07:01:26 -0600]/html/[From "Ruben Marcum" ][Date Mon, 5 Mar 2007 17:08:53 +0200]/UNNAMED/[From Dick Blair ][Date Mon, 05 Mar 2007 19:11:18 +0300]/UNNAMED Infecté : Trojan-Spy.HTML.Bankfraud.ri ignoré
C:\Documents and Settings\iltis laetitia\Local Settings\Application Data\IM\Identities\{8EC6D6E6-C75C-421A-8871-E2E94D431755}\Message Store\JunkMail.imm/[From "Magic Jackpot Casino" ][Date Mon, 05 Mar 2007 07:01:26 -0600]/html/[From "Ruben Marcum" ][Date Mon, 5 Mar 2007 17:08:53 +0200]/UNNAMED Infecté : Trojan-Spy.HTML.Bankfraud.ri ignoré
C:\Documents and Settings\iltis laetitia\Local Settings\Application Data\IM\Identities\{8EC6D6E6-C75C-421A-8871-E2E94D431755}\Message Store\JunkMail.imm/[From "Magic Jackpot Casino" ][Date Mon, 05 Mar 2007 07:01:26 -0600]/html/[From "internet" ][Date 7 Mar 2007 15:05:40 +0100]/UNNAMED/[From "Raj Staples" ][Date Wed, 7 Mar 2007 14:22:12 -0060]/text/[From "sporting honeyblond" ][Date 29 May 2001 08:13:52 -0 ... /[From "Branch Banking and Trust" ][Date Thu, 8 Mar 2007 16:14:09 +0100 (CET)]/html Infecté : Trojan-Spy.HTML.Bankfraud.ra ignoré
C:\Documents and Settings\iltis laetitia\Local Settings\Application Data\IM\Identities\{8EC6D6E6-C75C-421A-8871-E2E94D431755}\Message Store\JunkMail.imm/[From "Magic Jackpot Casino" ][Date Mon, 05 Mar 2007 07:01:26 -0600]/html/[From "internet" ][Date 7 Mar 2007 15:05:40 +0100]/UNNAMED/[From "Raj Staples" ][Date Wed, 7 Mar 2007 14:22:12 -0060]/text/[From "sporting honeyblond" ][Date 29 May 2001 08:1 ... /[From "Branch Banking and Trust" ][Date Thu, 8 Mar 2007 16:14:09 +0100 (CET)]/brittle.gif Infecté : Trojan-Spy.HTML.Bankfraud.ri ignoré
C:\Documents and Settings\iltis laetitia\Local Settings\Application Data\IM\Identities\{8EC6D6E6-C75C-421A-8871-E2E94D431755}\Message Store\JunkMail.imm/[From "Magic Jackpot Casino" ][Date Mon, 05 Mar 2007 07:01:26 -0600]/html/[From "internet" ][Date 7 Mar 2007 15:05:40 +0100]/UNNAMED/[From "Raj Staples" ][Date Wed, 7 Mar 2007 14:22:12 -0060]/text/[From "sporting honeyblond" ][Date 29 May 2001 08:13: ... /[From "Branch Banking and Trust" ][Date Sat, 10 Mar 2007 11:22:42 +0100 (CET)]/cattle.gif Infecté : Trojan-Spy.HTML.Bankfraud.ri ignoré
C:\Documents and Settings\iltis laetitia\Local Settings\Application Data\IM\Identities\{8EC6D6E6-C75C-421A-8871-E2E94D431755}\Message Store\JunkMail.imm/[From "Magic Jackpot Casino" ][Date Mon, 05 Mar 2007 07:01:26 -0600]/html/[From "internet" ][Date 7 Mar 2007 15:05:40 +0100]/UNNAMED/[From "Raj Staples" ][Date Wed, 7 Mar 2007 14:22:12 -0060]/text/[From "sporting honeyblond" ][Date 29 May 2001 08:13:52 ... /[From "Branch Banking and Trust" ][Date Sat, 10 Mar 2007 21:55:45 +0100 (CET ... /html Infecté : Trojan-Spy.HTML.Bankfraud.ra ignoré
C:\Documents and Settings\iltis laetitia\Local Settings\Application Data\IM\Identities\{8EC6D6E6-C75C-421A-8871-E2E94D431755}\Message Store\JunkMail.imm/[From "Magic Jackpot Casino" ][Date Mon, 05 Mar 2007 07:01:26 -0600]/html/[From "internet" ][Date 7 Mar 2007 15:05:40 +0100]/UNNAMED/[From "Raj Staples" ][Date Wed, 7 Mar 2007 14:22:12 -0060]/text/[From "sporting honeyblond" ][Date 29 May 2001 08:13:52 ... /[From "Branch Banking and Trust" ][Date Sat, 10 Mar 2007 21: ... /deoxyribonucleic.gif Infecté : Trojan-Spy.HTML.Bankfraud.ri ignoré
C:\Documents and Settings\iltis laetitia\Local Settings\Application Data\IM\Identities\{8EC6D6E6-C75C-421A-8871-E2E94D431755}\Message Store\JunkMail.imm/[From "Magic Jackpot Casino" ][Date Mon, 05 Mar 2007 07:01:26 -0600]/html/[From "internet" ][Date 7 Mar 2007 15:05:40 +0100]/UNNAMED/[From "Raj Staples" ][Date Wed, 7 Mar 2007 14:22:12 -0060]/text/[From "sporting honeyblond" ][Date 29 May 2001 08:13:52 ... /[From "Branch Banking and T ... /[From "Stacie Velez" ][Date Sat, 10 Mar 2007 22:22:50 +0000]/html Infecté : Trojan-Spy.HTML.Bankfraud.ra ignoré
C:\Documents and Settings\iltis laetitia\Local Settings\Application Data\IM\Identities\{8EC6D6E6-C75C-421A-8871-E2E94D431755}\Message Store\JunkMail.imm/[From "Magic Jackpot Casino" ][Date Mon, 05 Mar 2007 07:01:26 -0600]/html/[From "internet" ][Date 7 Mar 2007 15:05:40 +0100]/UNNAMED/[From "Raj Staples" ][Date Wed, 7 Mar 2007 14:22:12 -0060]/text/[From "sporting honeyblond" ][Date 29 May 2001 08:13:52 ... /[From "Bran ... /[From "Stacie Velez" ][Date Sat, 10 Mar 2007 22:22:50 +0000]/deoxyribonucleic.gif Infecté : Trojan-Spy.HTML.Bankfraud.ri ignoré
C:\Documents and Settings\iltis laetitia\Local Settings\Application Data\IM\Identities\{8EC6D6E6-C75C-421A-8871-E2E94D431755}\Message Store\JunkMail.imm/[From "Magic Jackpot Casino" ][Date Mon, 05 Mar 2007 07:01:26 -0600]/html/[From "internet" ][Date 7 Mar 2007 15:05:40 +0100]/UNNAMED/[From "Raj Staples" ][Date Wed, 7 Mar 2007 14:22:12 -0060]/text/[From "sporting honeyblond" ][Date 29 May 2001 08:13:52 ... /[From "Branch Banking and Trust" ][Date Sat, 10 Mar 2007 21:55:45 +0100 (CET)]/UNNAMED Infecté : Trojan-Spy.HTML.Bankfraud.ri ignoré
C:\Documents and Settings\iltis laetitia\Local Settings\Application Data\IM\Identities\{8EC6D6E6-C75C-421A-8871-E2E94D431755}\Message Store\JunkMail.imm/[From "Magic Jackpot Casino" ][Date Mon, 05 Mar 2007 07:01:26 -0600]/html/[From "internet" ][Date 7 Mar 2007 15:05:40 +0100]/UNNAMED/[From "Raj Staples" ][Date Wed, 7 Mar 2007 14:22:12 -0060]/text/[From "sporting honeyblond" ][Date 29 May 2001 08:13:52 -0300]/UNNAM ... / ... ... ... /[Fr ... /[From drain be ][Date Sat, 10 Mar 2007 17:28:56 +0100]/UNNAMED Infecté : Trojan-Spy.HTML.Bankfraud.ri ignoré
C:\Documents and Settings\iltis laetitia\Local Settings\Application Data\IM\Identities\{8EC6D6E6-C75C-421A-8871-E2E94D431755}\Message Store\JunkMail.imm/[From "Magic Jackpot Casino" ][Date Mon, 05 Mar 2007 07:01:26 -0600]/html/[From "internet" ][Date 7 Mar 2007 15:05:40 +0100]/UNNAMED/[From "Raj Staples" ][Date Wed, 7 Mar 2007 14:22:12 -0060]/text/[From "sporting honeyblond" ][Date 29 May 2001 08:13:52 -0300]/UNNAM ... / ... ... ... /[From "Access Hollywood" ][Date 10 Mar 2007 16:12:37 +0100]/UNNAMED Infecté : Trojan-Spy.HTML.Bankfraud.ri ignoré
C:\Documents and Settings\iltis laetitia\Local Settings\Application Data\IM\Identities\{8EC6D6E6-C75C-421A-8871-E2E94D431755}\Message Store\JunkMail.imm/[From "Magic Jackpot Casino" ][Date Mon, 05 Mar 2007 07:01:26 -0600]/html/[From "internet" ][Date 7 Mar 2007 15:05:40 +0100]/UNNAMED/[From "Raj Staples" ][Date Wed, 7 Mar 2007 14:22:12 -0060]/text/[From "sporting honeyblond" ][Date 29 May 2001 08:13:52 -0300]/UNNAM ... / ... ... /[From "Christine Wray" ][Date Sat, 10 Mar 2007 20:37:49 +0800]/UNNAMED Infecté : Trojan-Spy.HTML.Bankfraud.ri ignoré
C:\Documents and Settings\iltis laetitia\Local Settings\Application Data\IM\Identities\{8EC6D6E6-C75C-421A-8871-E2E94D431755}\Message Store\JunkMail.imm/[From "Magic Jackpot Casino" ][Date Mon, 05 Mar 2007 07:01:26 -0600]/html/[From "internet" ][Date 7 Mar 2007 15:05:40 +0100]/UNNAMED/[From "Raj Staples" ][Date Wed, 7 Mar 2007 14:22:12 -0060]/text/[From "sporting honeyblond" ][Date 29 May 2001 08:13:52 ... /[From "Branch Banking and Trust" ][Date Sat, 10 Mar 2007 11:22:42 +010 ... /cattle.gif Infecté : Trojan-Spy.HTML.Bankfraud.ri ignoré
C:\Documents and Settings\iltis laetitia\Local Settings\Application Data\IM\Identities\{8EC6D6E6-C75C-421A-8871-E2E94D431755}\Message Store\JunkMail.imm/[From "Magic Jackpot Casino" ][Date Mon, 05 Mar 2007 07:01:26 -0600]/html/[From "internet" ][Date 7 Mar 2007 15:05:40 +0100]/UNNAMED/[From "Raj Staples" ][Date Wed, 7 Mar 2007 14:22:12 -0060]/text/[From "sporting honeyblond" ][Date 29 May 2001 08:13:52 ... /[From "Branch Banking and Trust" ][Date Sat, 10 Mar 2007 11:22:42 +0100 (CET)]/UNNAMED Infecté : Trojan-Spy.HTML.Bankfraud.ri ignoré
C:\Documents and Settings\iltis laetitia\Local Settings\Application Data\IM\Identities\{8EC6D6E6-C75C-421A-8871-E2E94D431755}\Message Store\JunkMail.imm/[From "Magic Jackpot Casino" ][Date Mon, 05 Mar 2007 07:01:26 -0600]/html/[From "internet" ][Date 7 Mar 2007 15:05:40 +0100]/UNNAMED/[From "Raj Staples" ][Date Wed, 7 Mar 2007 14:22:12 -0060]/text/[From "sporting honeyblond" ][Date 29 May 2001 08:13:52 -0300]/UNNAM ... / ... /[From =?ISO-8859-1?Q?R=E ... /[From "Savannah Cannon" ][Date %M5DATE]/UNNAMED Infecté : Trojan-Spy.HTML.Bankfraud.ri ignoré
C:\Documents and Settings\iltis laetitia\Local Settings\Application Data\IM\Identities\{8EC6D6E6-C75C-421A-8871-E2E94D431755}\Message Store\JunkMail.imm/[From "Magic Jackpot Casino" ][Date Mon, 05 Mar 2007 07:01:26 -0600]/html/[From "internet" ][Date 7 Mar 2007 15:05:40 +0100]/UNNAMED/[From "Raj Staples" ][Date Wed, 7 Mar 2007 14:22:12 -0060]/text/[From "sporting honeyblond" ][Date 29 May 2001 08:13:52 -0300]/UNNAM ... / ... /[From =?ISO-8859-1?Q?R=E9my?= ][Date Sat, 10 Mar 2007 10:25:53 +0100]/UNNAMED Infecté : Trojan-Spy.HTML.Bankfraud.ri ignoré
C:\Documents and Settings\iltis laetitia\Local Settings\Application Data\IM\Identities\{8EC6D6E6-C75C-421A-8871-E2E94D431755}\Message Store\JunkMail.imm/[From "Magic Jackpot Casino" ][Date Mon, 05 Mar 2007 07:01:26 -0600]/html/[From "internet" ][Date 7 Mar 2007 15:05:40 +0100]/UNNAMED/[From "Raj Staples" ][Date Wed, 7 Mar 2007 14:22:12 -0060]/text/[From "sporting honeyblond" ][Date 29 May 2001 08:13:52 -0300]/UNNAM ... /[ ... /[Fr ... /[From Ade Carr ][Date Sat, 10 Mar 2007 12:09:43 +0300]/UNNAMED Infecté : Trojan-Spy.HTML.Bankfraud.ri ignoré
C:\Documents and Settings\iltis laetitia\Local Settings\Application Data\IM\Identities\{8EC6D6E6-C75C-421A-8871-E2E94D431755}\Message Store\JunkMail.imm/[From "Magic Jackpot Casino" ][Date Mon, 05 Mar 2007 07:01:26 -0600]/html/[From "internet" ][Date 7 Mar 2007 15:05:40 +0100]/UNNAMED/[From "Raj Staples" ][Date Wed, 7 Mar 2007 14:22:12 -0060]/text/[From "sporting honeyblond" ][Date 29 May 2001 08:13:52 -0300]/UNNAM ... /[ ... /[From "Selma Crowe" ][Date Sat, 10 Mar 2007 06:27:20 +0500]/UNNAMED Infecté : Trojan-Spy.HTML.Bankfraud.ri ignoré
C:\Documents and Settings\iltis laetitia\Local Settings\Application Data\IM\Identities\{8EC6D6E6-C75C-421A-8871-E2E94D431755}\Message Store\JunkMail.imm/[From "Magic Jackpot Casino" ][Date Mon, 05 Mar 2007 07:01:26 -0600]/html/[From "internet" ][Date 7 Mar 2007 15:05:40 +0100]/UNNAMED/[From "Raj Staples" ][Date Wed, 7 Mar 2007 14:22:12 -0060]/text/[From "sporting honeyblond" ][Date 29 May 2001 08:13:52 -0300]/UNNAM ... /[From "Gwendolyn Gilbert" ][Date Fri, 9 Mar 2007 23:40:40 -0300]/UNNAMED Infecté : Trojan-Spy.HTML.Bankfraud.ri ignoré
C:\Documents and Settings\iltis laetitia\Local Settings\Application Data\IM\Identities\{8EC6D6E6-C75C-421A-8871-E2E94D431755}\Message Store\JunkMail.imm/[From "Magic Jackpot Casino" ][Date Mon, 05 Mar 2007 07:01:26 -0600]/html/[From "internet" ][Date 7 Mar 2007 15:05:40 +0100]/UNNAMED/[From "Raj Staples" ][Date Wed, 7 Mar 2007 14:22:12 -0060]/text/[From "sporting honeyblond" ][Date 29 May 2001 08:13:52 -0300]/UNNAMED . ... /[From ... /[From "called READMETXT" ][Date 10 Mar 2007 00:24:54 +0100]/UNNAMED Infecté : Trojan-Spy.HTML.Bankfraud.ri ignoré
C:\Documents and Settings\iltis laetitia\Local Settings\Application Data\IM\Identities\{8EC6D6E6-C75C-421A-8871-E2E94D431755}\Message Store\JunkMail.imm/[From "Magic Jackpot Casino" ][Date Mon, 05 Mar 2007 07:01:26 -0600]/html/[From "internet" ][Date 7 Mar 2007 15:05:40 +0100]/UNNAMED/[From "Raj Staples" ][Date Wed, 7 Mar 2007 14:22:12 -0060]/text/[From "sporting honeyblond" ][Date 29 May 2001 08:13:52 -0300]/UNNAMED . ... /[From " .. ... /[Fr ... /[From "other" ][Date 9 Mar 2007 21:30:50 +0100]/UNNAMED Infecté : Trojan-Spy.HTML.Bankfraud.ri ignoré
C:\Documents and Settings\iltis laetitia\Local Settings\Application Data\IM\Identities\{8EC6D6E6-C75C-421A-8871-E2E94D431755}\Message Store\JunkMail.imm/[From "Magic Jackpot Casino" ][Date Mon, 05 Mar 2007 07:01:26 -0600]/html/[From "internet" ][Date 7 Mar 2007 15:05:40 +0100]/UNNAMED/[From "Raj Staples" ][Date Wed, 7 Mar 2007 14:22:12 -0060]/text/[From "sporting honeyblond" ][Date 29 May 2001 08:13:52 -0300]/UNNAMED . ... /[From " .. ... /[From "terms things" ][Date 9 Mar 2007 20:14:46 +0100]/UNNAMED Infecté : Trojan-Spy.HTML.Bankfraud.ri ignoré
C:\Documents and Settings\iltis laetitia\Local Settings\Application Data\IM\Identities\{8EC6D6E6-C75C-421A-8871-E2E94D431755}\Message Store\JunkMail.imm/[From "Magic Jackpot Casino" ][Date Mon, 05 Mar 2007 07:01:26 -0600]/html/[From "internet" ][Date 7 Mar 2007 15:05:40 +0100]/UNNAMED/[From "Raj Staples" ][Date Wed, 7 Mar 2007 14:22:12 -0060]/text/[From "sporting honeyblond" ][Date 29 May 2001 08:13:52 -0300]/UNNAMED . ... /[From " .. ... /[From "Jarno Jaw" ][Date 9 Mar 2007 19:37:59 +0100]/UNNAMED Infecté : Trojan-Spy.HTML.Bankfraud.ri ignoré
C:\Documents and Settings\iltis laetitia\Local Settings\Application Data\IM\Identities\{8EC6D6E6-C75C-421A-8871-E2E94D431755}\Message Store\JunkMail.imm/[From "Magic Jackpot Casino" ][Date Mon, 05 Mar 2007 07:01:26 -0600]/html/[From "internet" ][Date 7 Mar 2007 15:05:40 +0100]/UNNAMED/[From "Raj Staples" ][Date Wed, 7 Mar 2007 14:22:12 -0060]/text/[From "sporting honeyblond" ][Date 29 May 2001 08:13:52 -0300]/UNNAMED . ... /[From " ... /[From "Keegan Pilar" ][Date 9 Mar 2007 17:09:34 +0100]/UNNAMED Infecté : Trojan-Spy.HTML.Bankfraud.ri ignoré
C:\Documents and Settings\iltis laetitia\Local Settings\Application Data\IM\Identities\{8EC6D6E6-C75C-421A-8871-E2E94D431755}\Message Store\JunkMail.imm/[From "Magic Jackpot Casino" ][Date Mon, 05 Mar 2007 07:01:26 -0600]/html/[From "internet" ][Date 7 Mar 2007 15:05:40 +0100]/UNNAMED/[From "Raj Staples" ][Date Wed, 7 Mar 2007 14:22:12 -0060]/text/[From "sporting honeyblond" ][Date 29 May 2001 08:13:52 -0300]/UNNAMED . ... /[From "M ... ... /[From "Erwan thcentury" ][Date 9 Mar 2007 08:50:55 -0600]/UNNAMED Infecté : Trojan-Spy.HTML.Bankfraud.ri ignoré
C:\Documents and Settings\iltis laetitia\Local Settings\Application Data\IM\Identities\{8EC6D6E6-C75C-421A-8871-E2E94D431755}\Message Store\JunkMail.imm/[From "Magic Jackpot Casino" ][Date Mon, 05 Mar 2007 07:01:26 -0600]/html/[From "internet" ][Date 7 Mar 2007 15:05:40 +0100]/UNNAMED/[From "Raj Staples" ][Date Wed, 7 Mar 2007 14:22:12 -0060]/text/[From "sporting honeyblond" ][Date 29 May 2001 08:13:52 -0300]/UNNAMED . ... /[From "M ... /[From "Everette Britt" ][Date Fri, 9 Mar 2007 21:51:03 +0800]/UNNAMED Infecté : Trojan-Spy.HTML.Bankfraud.ri ignoré
C:\Documents and Settings\iltis laetitia\Local Settings\Application Data\IM\Identities\{8EC6D6E6-C75C-421A-8871-E2E94D431755}\Message Store\JunkMail.imm/[From "Magic Jackpot Casino" ][Date Mon, 05 Mar 2007 07:01:26 -0600]/html/[From "internet" ][Date 7 Mar 2007 15:05:40 +0100]/UNNAMED/[From "Raj Staples" ][Date Wed, 7 Mar 2007 14:22:12 -0060]/text/[From "sporting honeyblond" ][Date 29 May 2001 08:13:52 -0300]/UNNAMED . ... /[From "M6 Boutique fete ses19 ans" ][Date 09 Mar 2007 09:55:13 -0000]/UNNAMED Infecté : Trojan-Spy.HTML.Bankfraud.ri ignoré
C:\Documents and Settings\iltis laetitia\Local Settings\Application Data\IM\Identities\{8EC6D6E6-C75C-421A-8871-E2E94D431755}\Message Store\JunkMail.imm/[From "Magic Jackpot Casino" ][Date Mon, 05 Mar 2007 07:01:26 -0600]/html/[From "internet" ][Date 7 Mar 2007 15:05:40 +0100]/UNNAMED/[From "Raj Staples" ][Date Wed, 7 Mar 2007 14:22:12 -0060]/text/[From "sporting honeyblond" ][Date 29 May 2001 08:13:52 -0300]/UNNAMED ... /[From "Eula ... /[From "Rhea Trejop" ][Date Fri, 09 Mar 2007 15:14:55 +0800]/UNNAMED Infecté : Trojan-Spy.HTML.Bankfraud.ri ignoré
C:\Documents and Settings\iltis laetitia\Local Settings\Application Data\IM\Identities\{8EC6D6E6-C75C-421A-8871-E2E94D431755}\Message Store\JunkMail.imm/[From "Magic Jackpot Casino" ][Date Mon, 05 Mar 2007 07:01:26 -0600]/html/[From "internet" ][Date 7 Mar 2007 15:05:40 +0100]/UNNAMED/[From "Raj Staples" ][Date Wed, 7 Mar 2007 14:22:12 -0060]/text/[From "sporting honeyblond" ][Date 29 May 2001 08:13:52 -0300]/UNNAMED ... /[From "Eula Clements" ][Date Thu, 8 Mar 2007 20:34:54 +0480]/UNNAMED Infecté : Trojan-Spy.HTML.Bankfraud.ri ignoré
C:\Documents and Settings\iltis laetitia\Local Settings\Application Data\IM\Identities\{8EC6D6E6-C75C-421A-8871-E2E94D431755}\Message Store\JunkMail.imm/[From "Magic Jackpot Casino" ][Date Mon, 05 Mar 2007 07:01:26 -0600]/html/[From "internet" ][Date 7 Mar 2007 15:05:40 +0100]/UNNAMED/[From "Raj Staples" ][Date Wed, 7 Mar 2007 14:22:12 -0060]/text/[From "sporting honeyblond" ][Date 29 May 2001 08:13:52 ... /[From "Branch Banking and Trust" ][Date Thu, 8 Mar 2007 16:14:09 +0100 (CET ... /html Infecté : Trojan-Spy.HTML.Bankfraud.ra ignoré
C:\Documents and Settings\iltis laetitia\Local Settings\Application Data\IM\Identities\{8EC6D6E6-C75C-421A-8871-E2E94D431755}\Message Store\JunkMail.imm/[From "Magic Jackpot Casino" ][Date Mon, 05 Mar 2007 07:01:26 -0600]/html/[From "internet" ][Date 7 Mar 2007 15:05:40 +0100]/UNNAMED/[From "Raj Staples" ][Date Wed, 7 Mar 2007 14:22:12 -0060]/text/[From "sporting honeyblond" ][Date 29 May 2001 08:13:52 ... /[From "Branch Banking and Trust" ][Date Thu, 8 Mar 2007 16:14:09 +01 ... /brittle.gif Infecté : Trojan-Spy.HTML.Bankfraud.ri ignoré
C:\Documents and Settings\iltis laetitia\Local Settings\Application Data\IM\Identities\{8EC6D6E6-C75C-421A-8871-E2E94D431755}\Message Store\JunkMail.imm/[From "Magic Jackpot Casino" ][Date Mon, 05 Mar 2007 07:01:26 -0600]/html/[From "internet" ][Date 7 Mar 2007 15:05:40 +0100]/UNNAMED/[From "Raj Staples" ][Date Wed, 7 Mar 2007 14:22:12 -0060]/text/[From "sporting honeyblond" ][Date 29 May 2001 08:13:52 ... /[From "Branch Banking and Trust" ][Date Thu, 8 Mar 2007 16:14:09 +0100 (CET)]/UNNAMED Infecté : Trojan-Spy.HTML.Bankfraud.ri ignoré
C:\Documents and Settings\iltis laetitia\Local Settings\Application Data\IM\Identities\{8EC6D6E6-C75C-421A-8871-E2E94D431755}\Message Store\JunkMail.imm/[From "Magic Jackpot Casino" ][Date Mon, 05 Mar 2007 07:01:26 -0600]/html/[From "internet" ][Date 7 Mar 2007 15:05:40 +0100]/UNNAMED/[From "Raj Staples" ][Date Wed, 7 Mar 2007 14:22:12 -0060]/text/[From "sporting honeyblond" ][Date 29 May 2001 08:13:52 -0300]/UNNAMED/[ ... /[From "Ellie Puckett" ][Date Wed, 7 Mar 2007 21:39:16 -0200]/UNNAMED Infecté : Trojan-Spy.HTML.Bankfraud.ri ignoré
C:\Documents and Settings\iltis laetitia\Local Settings\Application Data\IM\Identities\{8EC6D6E6-C75C-421A-8871-E2E94D431755}\Message Store\JunkMail.imm/[From "Magic Jackpot Casino" ][Date Mon, 05 Mar 2007 07:01:26 -0600]/html/[From "internet" ][Date 7 Mar 2007 15:05:40 +0100]/UNNAMED/[From "Raj Staples" ][Date Wed, 7 Mar 2007 14:22:12 -0060]/text/[From "sporting honeyblond" ][Date 29 May 2001 08:13:52 -0300]/UNNAMED/[From Ermin Burton ][Date Wed, 07 Mar 2007 21:44:29 +0300]/UNNAMED Infecté : Trojan-Spy.HTML.Bankfraud.ri ignoré
C:\Documents and Settings\iltis laetitia\Local Settings\Application Data\IM\Identities\{8EC6D6E6-C75C-421A-8871-E2E94D431755}\Message Store\JunkMail.imm/[From "Magic Jackpot Casino" ][Date Mon, 05 Mar 2007 07:01:26 -0600]/html/[From "internet" ][Date 7 Mar 2007 15:05:40 +0100]/UNNAMED/[From "Raj Staples" ][Date Wed, 7 Mar 2007 14:22:12 -0060]/text/[From "sporting honeyblond" ][Date 29 May 2001 08:13:52 -0300]/UNNAMED Infecté : Trojan-Spy.HTML.Bankfraud.ri ignoré
C:\Documents and Settings\iltis laetitia\Local Settings\Application Data\IM\Identities\{8EC6D6E6-C75C-421A-8871-E2E94D431755}\Message Store\JunkMail.imm/[From "Magic Jackpot Casino" ][Date Mon, 05 Mar 2007 07:01:26 -0600]/html/[From "internet" ][Date 7 Mar 2007 15:05:40 +0100]/UNNAMED/[From "Raj Staples" ][Date Wed, 7 Mar 2007 14:22:12 -0060]/text Infecté : Trojan-Spy.HTML.Bankfraud.ri ignoré
C:\Documents and Settings\iltis laetitia\Local Settings\Application Data\IM\Identities\{8EC6D6E6-C75C-421A-8871-E2E94D431755}\Message Store\JunkMail.imm/[From "Magic Jackpot Casino" ][Date Mon, 05 Mar 2007 07:01:26 -0600]/html/[From "internet" ][Date 7 Mar 2007 15:05:40 +0100]/UNNAMED Infecté : Trojan-Spy.HTML.Bankfraud.ri ignoré
C:\Documents and Settings\iltis laetitia\Local Settings\Application Data\IM\Identities\{8EC6D6E6-C75C-421A-8871-E2E94D431755}\Message Store\JunkMail.imm/[From "Magic Jackpot Casino" ][Date Mon, 05 Mar 2007 07:01:26 -0600]/html/[From "Sonya Nolan" ][Date Wed, 7 Mar 2007 20:51:00 +0800]/UNNAMED/[From "BB&T" ][Date Wed, 7 Mar 2007 03:24:50 +0100 (CET)]/UNNAMED/html Infecté : Trojan-Spy.HTML.Bankfraud.ra ignoré
C:\Documents and Settings\iltis laetitia\Local Settings\Application Data\IM\Identities\{8EC6D6E6-C75C-421A-8871-E2E94D431755}\Message Store\JunkMail.imm/[From "Magic Jackpot Casino" ][Date Mon, 05 Mar 2007 07:01:26 -0600]/html/[From "Sonya Nolan" ][Date Wed, 7 Mar 2007 20:51:00 +0800]/UNNAMED/[From "BB&T" ][Date Wed, 7 Mar 2007 03:24:50 +0100 (CET)]/UNNAMED/baldpate.gif Infecté : Trojan-Spy.HTML.Bankfraud.ri ignoré
C:\Documents and Settings\iltis laetitia\Local Settings\Application Data\IM\Identities\{8EC6D6E6-C75C-421A-8871-E2E94D431755}\Message Store\JunkMail.imm/[From "Magic Jackpot Casino" ][Date Mon, 05 Mar 2007 07:01:26 -0600]/html/[From "Sonya Nolan" ][Date Wed, 7 Mar 2007 20:51:00 +0800]/UNNAMED/[From "BB&T" ][Date Wed, 7 Mar 2007 03:24:50 +0100 (CET)]/UNNAMED Infecté : Trojan-Spy.HTML.Bankfraud.ri ignoré
C:\Documents and Settings\iltis laetitia\Local Settings\Application Data\IM\Identities\{8EC6D6E6-C75C-421A-8871-E2E94D431755}\Message Store\JunkMail.imm/[From "Magic Jackpot Casino" ][Date Mon, 05 Mar 2007 07:01:26 -0600]/html/[From "Sonya Nolan" ][Date Wed, 7 Mar 2007 20:51:00 +0800]/UNNAMED Infecté : Trojan-Spy.HTML.Bankfraud.ri ignoré
C:\Documents and Settings\iltis laetitia\Local Settings\Application Data\IM\Identities\{8EC6D6E6-C75C-421A-8871-E2E94D431755}\Message Store\JunkMail.imm/[From "Magic Jackpot Casino" ][Date Mon, 05 Mar 2007 07:01:26 -0600]/html Infecté : Trojan-Spy.HTML.Bankfraud.ri ignoré
C:\Documents and Settings\iltis laetitia\Local Settings\Application Data\IM\Identities\{8EC6D6E6-C75C-421A-8871-E2E94D431755}\Message Store\JunkMail.imm/[From "marie cousy" ][Date Thu, 15 Mar 2007 19:41:10 +0000]/UNNAMED/[From "marie cousy" ][Date Thu, 15 Mar 2007 19:31:59 +0000]/UNNAMED/[From "marie cousy" ][Date Thu, 15 Mar 2007 19:23:44 +0000]/text/[From "Bedstead P. Tami" ][Date Mon, 19 Mar 2007 17:51:39 +0000]/UNNAMED/[From "G ... /[From "Branch Banking and Trust" ][Date Sun, 25 Mar 2007 14:05:20 +0200 (CEST)]/UNNAMED Infecté : Trojan-Spy.HTML.Bankfraud.ri ignoré
C:\Documents and Settings\iltis laetitia\Local Settings\Application Data\IM\Identities\{8EC6D6E6-C75C-421A-8871-E2E94D431755}\Message Store\JunkMail.imm/[From "marie cousy" ][Date Thu, 15 Mar 2007 19:41:10 +0000]/UNNAMED/[From "marie cousy" ][Date Thu, 15 Mar 2007 19:31:59 +0000]/UNNAMED/[From "marie cousy" ][Date Thu, 15 Mar 2007 19:23:44 +0000]/text/[From "Bedstead P. Tami" ][Date Mon, 19 Mar 2007 17:51:39 +0000]/UNNAMED/[From "Gail Mcclure" ][Date Sun, 25 Mar 2007 09:18:57 +0000]/UNNAMED Infecté : Trojan-Spy.HTML.Bankfraud.ri ignoré
C:\Documents and Settings\iltis laetitia\Local Settings\Application Data\IM\Identities\{8EC6D6E6-C75C-421A-8871-E2E94D431755}\Message Store\JunkMail.imm/[From "marie cousy" ][Date Thu, 15 Mar 2007 19:41:10 +0000]/UNNAMED/[From "marie cousy" ][Date Thu, 15 Mar 2007 19:31:59 +0000]/UNNAMED/[From "marie cousy" ][Date Thu, 15 Mar 2007 19:23:44 +0000]/text/[From "Bedstead P. Tami" ][Date Mon, 19 Mar 2007 17:51:39 +0000]/UNNAMED/[From "G ... /[From "Branch Banking and Trust" ][Date Sun, 25 Mar 2007 14:05:20 +0200 (C ... /UNNAMED Infecté : Trojan-Spy.HTML.Bankfraud.ri ignoré
C:\Documents and Settings\iltis laetitia\Local Settings\Application Data\IM\Identities\{8EC6D6E6-C75C-421A-8871-E2E94D431755}\Message Store\JunkMail.imm/[From "marie cousy" ][Date Thu, 15 Mar 2007 19:41:10 +0000]/UNNAMED/[From "marie cousy" ][Date Thu, 15 Mar 2007 19:31:59 +0000]/UNNAMED/[From "marie cousy" ][Date Thu, 15 Mar 2007 19:23:44 +0000]/text/[From "Bedstead P. Tami" ][Date Mon, 19 Mar 2007 17:51:39 +0000]/UNNAMED/[From "G ... /[From "Branch Banking and Trust" ][Date Sun, 25 Mar 2007 14:05:20 +0200 (CEST)]/UNNAMED Infecté : Trojan-Spy.HTML.Bankfraud.ri ignoré
C:\Documents and Settings\iltis laetitia\Local Settings\Application Data\IM\Identities\{8EC6D6E6-C75C-421A-8871-E2E94D431755}\Message Store\JunkMail.imm/[From "marie cousy" ][Date Thu, 15 Mar 2007 19:41:10 +0000]/UNNAMED/[From "marie cousy" ][Date Thu, 15 Mar 2007 19:31:59 +0000]/UNNAMED/[From "marie cousy" ][Date Thu, 15 Mar 2007 19:23:44 +0000]/text/[From "Bedstead P. Tami" ][Date Mon, 19 Mar 2007 17:51:39 +0000]/UNNAMED/[From "Gail Mcclure" ][Date 19 Mar 2007 13:50:01 -0100]/text Infecté : Trojan-Spy.HTML.Bankfraud.ri ignoré
C:\Documents and Settings\iltis laetitia\Local Settings\Application Data\IM\Identities\{8EC6D6E6-C75C-421A-8871-E2E94D431755}\Message Store\JunkMail.imm/[From "marie cousy" ][Date Thu, 15 Mar 2007 19:41:10 +0000]/UNNAMED/[From "marie cousy" ][Date Thu, 15 Mar 2007 19:31:59 +0000]/UNNAMED/[From "marie cousy" ][Date Thu, 15 Mar 2007 19:23:44 +0000]/text/[From "Bedstead P. Tami" ][Date Mon, 19 Mar 2007 17:51:39 +0000]/UNNAMED Infecté : Trojan-Spy.HTML.Bankfraud.ri ignoré
C:\Documents and Settings\iltis laetitia\Local Settings\Application Data\IM\Identities\{8EC6D6E6-C75C-421A-8871-E2E94D431755}\Message Store\JunkMail.imm/[From "marie cousy" ][Date Thu, 15 Mar 2007 19:41:10 +0000]/UNNAMED/[From "marie cousy" ][Date Thu, 15 Mar 2007 19:31:59 +0000]/UNNAMED/[From "marie cousy" ][Date Thu, 15 Mar 2007 19:23:44 +0000]/text Infecté : Trojan-Spy.HTML.Bankfraud.ri ignoré
C:\Documents and Settings\iltis laetitia\Local Settings\Application Data\IM\Identities\{8EC6D6E6-C75C-421A-8871-E2E94D431755}\Message Store\JunkMail.imm/[From "marie cousy" ][Date Thu, 15 Mar 2007 19:41:10 +0000]/UNNAMED/[From "marie cousy" ][Date Thu, 15 Mar 2007 19:31:59 +0000]/UNNAMED Infecté : Trojan-Spy.HTML.Bankfraud.ri ignoré
C:\Documents and Settings\iltis laetitia\Local Settings\Application Data\IM\Identities\{8EC6D6E6-C75C-421A-8871-E2E94D431755}\Message Store\JunkMail.imm/[From "marie cousy" ][Date Thu, 15 Mar 2007 19:41:10 +0000]/UNNAMED Infecté : Trojan-Spy.HTML.Bankfraud.ri ignoré
C:\Documents and Settings\iltis laetitia\Local Settings\Application Data\IM\Identities\{8EC6D6E6-C75C-421A-8871-E2E94D431755}\Message Store\JunkMail.imm Mail: infecté - 62 ignoré
C:\Documents and Settings\iltis laetitia\Cookies\index.dat L'objet est verrouillé ignoré
C:\Program Files\Alwil Software\Avast4\DATA\log\nshield.log L'objet est verrouillé ignoré
C:\Program Files\Alwil Software\Avast4\DATA\integ\avast.int L'objet est verrouillé ignoré
C:\Program Files\Alwil Software\Avast4\DATA\aswResp.dat L'objet est verrouillé ignoré
C:\Program Files\Alwil Software\Avast4\DATA\Avast4.db L'objet est verrouillé ignoré
C:\Program Files\Sunbelt Software\Personal Firewall\logs\debug.log L'objet est verrouillé ignoré
C:\Program Files\Sunbelt Software\Personal Firewall\logs\debug.log.idx L'objet est verrouillé ignoré
C:\Program Files\Sunbelt Software\Personal Firewall\logs\error.log L'objet est verrouillé ignoré
C:\Program Files\Sunbelt Software\Personal Firewall\logs\error.log.idx L'objet est verrouillé ignoré
C:\Program Files\Sunbelt Software\Personal Firewall\logs\hips.log L'objet est verrouillé ignoré
C:\Program Files\Sunbelt Software\Personal Firewall\logs\hips.log.idx L'objet est verrouillé ignoré
C:\Program Files\Sunbelt Software\Personal Firewall\logs\ids.log L'objet est verrouillé ignoré
C:\Program Files\Sunbelt Software\Personal Firewall\logs\ids.log.idx L'objet est verrouillé ignoré
C:\Program Files\Sunbelt Software\Personal Firewall\logs\network.log L'objet est verrouillé ignoré
C:\Program Files\Sunbelt Software\Personal Firewall\logs\network.log.idx L'objet est verrouillé ignoré
C:\Program Files\Sunbelt Software\Personal Firewall\logs\system.log L'objet est verrouillé ignoré
C:\Program Files\Sunbelt Software\Personal Firewall\logs\system.log.idx L'objet est verrouillé ignoré
C:\Program Files\Sunbelt Software\Personal Firewall\logs\warning.log L'objet est verrouillé ignoré
C:\Program Files\Sunbelt Software\Personal Firewall\logs\warning.log.idx L'objet est verrouillé ignoré
C:\Program Files\Sunbelt Software\Personal Firewall\logs\web.log L'objet est verrouillé ignoré
C:\Program Files\Sunbelt Software\Personal Firewall\logs\web.log.idx L'objet est verrouillé ignoré
C:\System Volume Information\_restore{E70BB6CF-2D07-4261-9C73-F790D1025700}\RP123\A0008118.EXE Infecté : Backdoor.Win32.VanBot.bs ignoré
C:\System Volume Information\_restore{E70BB6CF-2D07-4261-9C73-F790D1025700}\RP124\change.log L'objet est verrouillé ignoré
C:\SDFix\backups\backups.zip/backups/MSWDNS32.exe Infecté : Trojan.Win32.Delf.zw ignoré
C:\SDFix\backups\backups.zip ZIP: infecté - 1 ignoré
C:\_OTMoveIt\MovedFiles\WINDOWS\system32\rasman32.exe Infecté : Backdoor.Win32.VanBot.bs ignoré
Analyse terminée.
Re,
Fais le ménage dans tes mails : IncrediMail
Supprime ces dossiers :
C:\SDFix
C:\_OTMoveIt
Répondre à Angeldark
Il y a 1780 utilisateurs connus et inconnus. Pour voir la liste des connectés connus, cliquez ici.
