Dear teacher,
Please find the both txtfiles you asked for:
ComboFix 08-06-20.4 - Suffer 2008-06-26 11:53:58.3 - NTFSx86
Gestart vanuit: C:\Documents and Settings\Suffer\Bureaublad\ComboFix.exe
Command switches used :: C:\Documents and Settings\Suffer\Bureaublad\CFScript.txt
* Nieuw herstelpunt werd aangemaakt
* Resident AV is active
.
(((((((((((((((((((( Bestanden Gemaakt van 2008-05-26 to 2008-06-26 ))))))))))))))))))))))))))))))
.
2008-06-25 12:16 . 2008-03-25 02:37 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-06-25 12:13 . 2008-06-25 12:13 <DIR> d-------- C:\Program Files\Common Files\Java
2008-06-23 11:26 . 2008-06-23 11:26 <DIR> d-------- C:\Program Files\Trend Micro
2008-06-22 15:57 . 2008-06-22 15:57 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-06-22 15:56 . 2008-06-22 15:56 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-06-22 15:56 . 2008-06-22 15:56 <DIR> d-------- C:\Documents and Settings\Suffer\Application Data\SUPERAntiSpyware.com
2008-06-22 15:54 . 2008-06-22 15:54 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-06-20 13:16 . 2008-06-20 13:22 2,698 --a------ C:\WINDOWS\system32\tmp.reg
2008-06-19 15:32 . 2008-06-20 12:34 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-19 15:32 . 2008-06-19 15:32 <DIR> d-------- C:\Documents and Settings\Suffer\Application Data\Malwarebytes
2008-06-19 15:32 . 2008-06-19 15:32 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-19 15:32 . 2008-06-19 17:48 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-06-19 15:32 . 2008-06-19 17:47 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-06-17 12:00 . 2008-06-26 08:39 <DIR> d-------- C:\Documents and Settings\Suffer\Application Data\skypePM
2008-06-17 12:00 . 2008-06-17 12:00 56 --ah----- C:\WINDOWS\system32\ezsidmv.dat
2008-06-17 11:57 . 2008-06-23 13:17 <DIR> d-------- C:\Documents and Settings\Suffer\Application Data\Skype
2008-06-17 11:53 . 2008-06-17 11:53 <DIR> d-------- C:\Program Files\Skype
2008-06-17 11:53 . 2008-06-17 11:53 <DIR> d-------- C:\Program Files\Common Files\Skype
2008-06-17 11:52 . 2008-06-17 11:53 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Skype
2008-06-11 14:11 . 2008-06-14 20:00 272,640 --------- C:\WINDOWS\system32\drivers\bthport.sys
2008-06-11 14:11 . 2008-06-14 20:00 272,640 --------- C:\WINDOWS\system32\dllcache\bthport.sys
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-26 09:47 --------- d-----w C:\Documents and Settings\Suffer\Application Data\MegauploadToolbar
2008-06-26 07:58 --------- d-----w C:\Program Files\Packard Bell Data Secure
2008-06-25 10:16 --------- d-----w C:\Program Files\Java
2008-06-23 16:34 --------- d-----w C:\Program Files\McAfee
2008-06-02 08:48 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-05-30 15:27 --------- d-----w C:\Program Files\SiteAdvisor
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\dllcache\rmcast.sys
2008-05-07 05:16 1,291,776 ----a-w C:\WINDOWS\system32\quartz.dll
2008-05-07 05:16 1,291,776 ----a-w C:\WINDOWS\system32\dllcache\quartz.dll
2008-04-27 17:43 --------- d-----w C:\Documents and Settings\Suffer\Application Data\SiteAdvisor
2008-04-23 20:22 3,591,680 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2008-04-22 07:42 70,656 ----a-w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2008-04-22 07:42 625,664 ----a-w C:\WINDOWS\system32\dllcache\iexplore.exe
2008-04-22 07:39 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-04-20 05:07 161,792 ----a-w C:\WINDOWS\system32\dllcache\ieakui.dll
2007-10-03 19:25 1,074 ----a-w C:\Documents and Settings\Suffer\Application Data\wklnhst.dat
2007-09-14 09:28 0 ----a-w C:\Documents and Settings\Suffer\Application Data\wklnhst.dat
2007-03-30 08:13 19,994,184 ----a-w C:\Program Files\QuickTimeInstaller.exe
2007-03-21 08:53 813,888 ----a-w C:\Program Files\megauploadtoolbarsetup.exe
2007-03-20 12:17 14,994,152 ----a-w C:\Program Files\GoogleEarthWin_EARV.exe
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 14:00 15360]
"Packard Bell Data Secure"="C:\Program Files\Packard Bell Data Secure\PBDataSecure.exe" [2006-06-20 15:15 2361856]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2008-06-03 15:08 21718312]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-05-28 10:33 1506544]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2004-07-02 04:02 155648]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2004-07-02 03:58 118784]
"SoundMan"="SOUNDMAN.EXE" [2004-08-30 13:48 69632 C:\WINDOWS\SOUNDMAN.EXE]
"AGRSMMSG"="AGRSMMSG.exe" [2004-02-21 07:00 88363 C:\WINDOWS\AGRSMMSG.exe]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2004-07-24 06:49 102400]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2004-07-24 06:49 684032]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 12:50 155648]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-08-12 09:52 1838592]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-02-16 10:54 282624]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-11-01 19:12 582992]
"SiteAdvisor"="C:\Program Files\SiteAdvisor\6253\SiteAdv.exe" [2007-08-24 23:57 36640]
"McENUI"="C:\PROGRA~1\McAfee\MHN\McENUI.exe" [2007-11-30 05:42 1164576]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 14:00 15360]
C:\Documents and Settings\Suffer\Menu Start\Programma's\Opstarten\
802.11g USB 2.0 WLan Utility.lnk - C:\Program Files\WLAN Technology Corporation\802.11g_Utility\ZDWlan.exe [2004-12-02 14:07:56 442368]
Turboveg for Windows - Auto Update.lnk - C:\Turbowin\UpdNedS.exe [2007-10-06 23:10:16 178405]
C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 20:05:56 65588]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{EDB0E980-90BD-11D4-8599-0008C7D3B6F8}"= C:\Program Files\Eudora5\EuShlExt.dll [2006-08-17 15:57 86016]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 10:13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\yayywxw]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
R3 PRISM_A00;PRISM 802.11 Driver;C:\WINDOWS\system32\DRIVERS\PRISMA00.sys [2004-07-20 21:16]
S3 TNET1130;TNET1130 WLAN Adapter;C:\WINDOWS\system32\DRIVERS\tnet1130.sys [2004-02-19 05:58]
S3 ZD1211U(WLAN);WLAN ZD1211 IEEE 802.11b+g Wireless LAN Driver (USB)(WLAN);C:\WINDOWS\system32\DRIVERS\zd1211u.sys [2004-11-30 02:53]
.
Inhoud van de 'Gedeelde Taken' map
"2008-06-19 16:57:03 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-04-14 10:36:11 C:\WINDOWS\Tasks\McDefragTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe'
"2008-06-19 09:51:48 C:\WINDOWS\Tasks\McQcTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe
"2008-06-26 06:37:33 C:\WINDOWS\Tasks\Packard Bell Data Secure for Jan Jansen.job"
- C:\APPS\DataSecure\PBBackup.exe
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2008-06-26 11:59:22
Windows 5.1.2600 Service Pack 2 NTFS
scannen van verborgen processen ...
scannen van verborgen autostart items ...
scannen van verborgen bestanden ...
Scan succesvol afgerond
verborgen bestanden: 0
**************************************************************************
.
--------------------- DLLs Geladen Onder Lopende Processen ---------------------
PROCESS: C:\WINDOWS\explorer.exe
-> C:\Program Files\SiteAdvisor\6253\saHook.dll
.
Voltooingstijd: 2008-06-26 12:07:07
ComboFix-quarantined-files.txt 2008-06-26 10:06:22
ComboFix2.txt 2008-06-26 07:28:49
Pre-Run: 9,253,445,632 bytes beschikbaar
Post-Run: 9,261,277,184 bytes beschikbaar
140 --- E O F --- 2008-06-20 14:14:49
--------------------------------------------------------
And here is the Kaspersky file:-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Thursday, June 26, 2008 4:10:08 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 26/06/2008
Kaspersky Anti-Virus database records: 884786
-------------------------------------------------------------------------------
Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true
Scan Target - My Computer:
C:\
D:\
Scan Statistics:
Total number of scanned objects: 78331
Number of viruses found: 5
Number of infected objects: 29
Number of suspicious objects: 52
Duration of the scan process: 03:12:53
Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\McAfee\EasyNet\MHNData Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\MNA\NAData Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\MSC\Logs\Events.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\MSC\Logs\{3015FF65-41AE-455A-85CF-F8BFC78FAABB}.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\MSC\Logs\{48A41BEA-D0F3-4481-A87B-54D9B0A2B34B}.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\MSC\McUsers.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\MSK\MSKWMDB.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\MSK\settingsdb.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Data\TFR2.tmp Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Logs\OAS.Log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\Suffer\Application Data\Skype\Suffer\call256.dbb Object is locked skipped
C:\Documents and Settings\Suffer\Application Data\Skype\Suffer\callmember256.dbb Object is locked skipped
C:\Documents and Settings\Suffer\Application Data\Skype\Suffer\contactgroup256.dbb Object is locked skipped
C:\Documents and Settings\Suffer\Application Data\Skype\Suffer\dyncontent\bundle.dat Object is locked skipped
C:\Documents and Settings\Suffer\Application Data\Skype\Suffer\index2.dat Object is locked skipped
C:\Documents and Settings\Suffer\Application Data\Skype\Suffer\profile256.dbb Object is locked skipped
C:\Documents and Settings\Suffer\Application Data\Skype\Suffer\user1024.dbb Object is locked skipped
C:\Documents and Settings\Suffer\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\AppLogs\SUPERANTISPYWARE-6-26-2008( 8-38-27 ).LOG Object is locked skipped
C:\Documents and Settings\Suffer\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Suffer\Local Settings\Application Data\Google\Google Desktop Search\dbc2e.ht1 Object is locked skipped
C:\Documents and Settings\Suffer\Local Settings\Application Data\Google\Google Desktop Search\dbdam Object is locked skipped
C:\Documents and Settings\Suffer\Local Settings\Application Data\Google\Google Desktop Search\dbdao Object is locked skipped
C:\Documents and Settings\Suffer\Local Settings\Application Data\Google\Google Desktop Search\dbeam Object is locked skipped
C:\Documents and Settings\Suffer\Local Settings\Application Data\Google\Google Desktop Search\dbeao Object is locked skipped
C:\Documents and Settings\Suffer\Local Settings\Application Data\Google\Google Desktop Search\dbm Object is locked skipped
C:\Documents and Settings\Suffer\Local Settings\Application Data\Google\Google Desktop Search\dbu2d.ht1 Object is locked skipped
C:\Documents and Settings\Suffer\Local Settings\Application Data\Google\Google Desktop Search\dbvm.cf1 Object is locked skipped
C:\Documents and Settings\Suffer\Local Settings\Application Data\Google\Google Desktop Search\dbvmh.ht1 Object is locked skipped
C:\Documents and Settings\Suffer\Local Settings\Application Data\Google\Google Desktop Search\fii.cf1 Object is locked skipped
C:\Documents and Settings\Suffer\Local Settings\Application Data\Google\Google Desktop Search\fiih.ht1 Object is locked skipped
C:\Documents and Settings\Suffer\Local Settings\Application Data\Google\Google Desktop Search\fim1i.cf1 Object is locked skipped
C:\Documents and Settings\Suffer\Local Settings\Application Data\Google\Google Desktop Search\fim1ih.ht1 Object is locked skipped
C:\Documents and Settings\Suffer\Local Settings\Application Data\Google\Google Desktop Search\fim2i.cf1 Object is locked skipped
C:\Documents and Settings\Suffer\Local Settings\Application Data\Google\Google Desktop Search\fim2ih.ht1 Object is locked skipped
C:\Documents and Settings\Suffer\Local Settings\Application Data\Google\Google Desktop Search\hp Object is locked skipped
C:\Documents and Settings\Suffer\Local Settings\Application Data\Google\Google Desktop Search\hpt2i.ht1 Object is locked skipped
C:\Documents and Settings\Suffer\Local Settings\Application Data\Google\Google Desktop Search\rpm.cf1 Object is locked skipped
C:\Documents and Settings\Suffer\Local Settings\Application Data\Google\Google Desktop Search\rpm1n.cf1 Object is locked skipped
C:\Documents and Settings\Suffer\Local Settings\Application Data\Google\Google Desktop Search\rpm1n1m.cf1 Object is locked skipped
C:\Documents and Settings\Suffer\Local Settings\Application Data\Google\Google Desktop Search\rpm1n1mh.ht1 Object is locked skipped
C:\Documents and Settings\Suffer\Local Settings\Application Data\Google\Google Desktop Search\rpm1nh.ht1 Object is locked skipped
C:\Documents and Settings\Suffer\Local Settings\Application Data\Google\Google Desktop Search\rpmh.ht1 Object is locked skipped
C:\Documents and Settings\Suffer\Local Settings\Application Data\Google\Google Desktop Search\safeweb\goog-black-enchashm.cf1 Object is locked skipped
C:\Documents and Settings\Suffer\Local Settings\Application Data\Google\Google Desktop Search\safeweb\goog-black-enchashmh.ht1 Object is locked skipped
C:\Documents and Settings\Suffer\Local Settings\Application Data\Google\Google Desktop Search\safeweb\goog-black-urlm.cf1 Object is locked skipped
C:\Documents and Settings\Suffer\Local Settings\Application Data\Google\Google Desktop Search\safeweb\goog-black-urlmh.ht1 Object is locked skipped
C:\Documents and Settings\Suffer\Local Settings\Application Data\Google\Google Desktop Search\safeweb\goog-malware-domainm.cf1 Object is locked skipped
C:\Documents and Settings\Suffer\Local Settings\Application Data\Google\Google Desktop Search\safeweb\goog-malware-domainmh.ht1 Object is locked skipped
C:\Documents and Settings\Suffer\Local Settings\Application Data\Google\Google Desktop Search\safeweb\goog-white-domainm.cf1 Object is locked skipped
C:\Documents and Settings\Suffer\Local Settings\Application Data\Google\Google Desktop Search\safeweb\goog-white-domainmh.ht1 Object is locked skipped
C:\Documents and Settings\Suffer\Local Settings\Application Data\Microsoft\Outlook\outlook.pst/Persoonlijke mappen/Postvak IN/08 Jul 2001 10:06 to undisclosed-recipients::AMO 31 mei 2001.eml/SYSMON.EXE Infected: Email-Worm.Win32.Magistr.a skipped
C:\Documents and Settings\Suffer\Local Settings\Application Data\Microsoft\Outlook\outlook.pst/Persoonlijke mappen/Postvak IN/08 Jul 2001 10:06 to undisclosed-recipients::AMO 31 mei 2001.eml Infected: Email-Worm.Win32.Magistr.a skipped
C:\Documents and Settings\Suffer\Local Settings\Application Data\Microsoft\Outlook\outlook.pst/Persoonlijke mappen/Postvak IN/03 Apr 2004 07:22 from
MAILER-DAEMON@ms06.t-net.net.ve:failure n.eml/[From
sufsufs@sci.kun.nl][Date Sat, 3 Apr 2004 08:22:19 +0100]/UNNAMED/message27264.zip/msg.eml .scr Infected: Email-Worm.Win32.NetSky.r skipped
C:\Documents and Settings\Suffer\Local Settings\Application Data\Microsoft\Outlook\outlook.pst/Persoonlijke mappen/Postvak IN/03 Apr 2004 07:22 from
MAILER-DAEMON@ms06.t-net.net.ve:failure n.eml/[From
sufsufs@sci.kun.nl][Date Sat, 3 Apr 2004 08:22:19 +0100]/UNNAMED/message27264.zip Infected: Email-Worm.Win32.NetSky.r skipped
C:\Documents and Settings\Suffer\Local Settings\Application Data\Microsoft\Outlook\outlook.pst/Persoonlijke mappen/Postvak IN/03 Apr 2004 07:22 from
MAILER-DAEMON@ms06.t-net.net.ve:failure n.eml/[From
sufsuf@sci.kun.nl][Date Sat, 3 Apr 2004 08:22:19 +0100]/UNNAMED Infected: Email-Worm.Win32.NetSky.r skipped
C:\Documents and Settings\Suffer\Local Settings\Application Data\Microsoft\Outlook\outlook.pst/Persoonlijke mappen/Postvak IN/03 Apr 2004 07:22 from
MAILER-DAEMON@ms06.t-net.net.ve:failure n.eml Infected: Email-Worm.Win32.NetSky.r skipped
C:\Documents and Settings\Suffer\Local Settings\Application Data\Microsoft\Outlook\outlook.pst/Persoonlijke mappen/Postvak IN/22 Apr 2004 19:31 from
MAILER-DAEMON@travinfo.net:failure notice.eml/[From
suf.suffen@sci.kun.nl][Date Thu, 22 Apr 2004 11:31:21 -0600]/UNNAMED/game.zip/document.txt .exe Infected: Email-Worm.Win32.NetSky.q skipped
C:\Documents and Settings\Suffer\Local Settings\Application Data\Microsoft\Outlook\outlook.pst/Persoonlijke mappen/Postvak IN/22 Apr 2004 19:31 from
MAILER-DAEMON@travinfo.net:failure notice.eml/[From
suf.suffen@sci.kun.nl][Date Thu, 22 Apr 2004 11:31:21 -0600]/UNNAMED/game.zip Infected: Email-Worm.Win32.NetSky.q skipped
C:\Documents and Settings\Suffer\Local Settings\Application Data\Microsoft\Outlook\outlook.pst/Persoonlijke mappen/Postvak IN/22 Apr 2004 19:31 from
MAILER-DAEMON@travinfo.net:failure notice.eml/[From
suf.suffen@sci.kun.nl][Date Thu, 22 Apr 2004 11:31:21 -0600]/UNNAMED Infected: Email-Worm.Win32.NetSky.q skipped
C:\Documents and Settings\Suffer\Local Settings\Application Data\Microsoft\Outlook\outlook.pst/Persoonlijke mappen/Postvak IN/22 Apr 2004 19:31 from
MAILER-DAEMON@travinfo.net:failure notice.eml Infected: Email-Worm.Win32.NetSky.q skipped
C:\Documents and Settings\Suffer\Local Settings\Application Data\Microsoft\Outlook\outlook.pst/Persoonlijke mappen/Postvak IN/12 Sep 2007 01:29 from PayPal:PayPal. Account Review Department.html Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
C:\Documents and Settings\Suffer\Local Settings\Application Data\Microsoft\Outlook\outlook.pst/Persoonlijke mappen/Postvak IN/06 Nov 2006 00:44 from PayPal:Account Compromised : Billing Info.html Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
C:\Documents and Settings\Suffer\Local Settings\Application Data\Microsoft\Outlook\outlook.pst/Persoonlijke mappen/Postvak IN/06 Nov 2006 05:42 from PayPal:Account Compromised : Billing Info.html Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
C:\Documents and Settings\Suffer\Local Settings\Application Data\Microsoft\Outlook\outlook.pst/Persoonlijke mappen/Postvak IN/16 Feb 2007 04:21 to
suf.suffen@sci.kun.nl:PayPal Security Measu.html Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
C:\Documents and Settings\Suffer\Local Settings\Application Data\Microsoft\Outlook\outlook.pst MailMSMaill: infected - 10, suspicious - 4 skipped
C:\Documents and Settings\Suffer\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Suffer\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Suffer\Local Settings\Geschiedenis\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Suffer\Local Settings\Temp\sqlite_3cKrGUj6r5cm8GS Object is locked skipped
C:\Documents and Settings\Suffer\Local Settings\Temp\sqlite_8SozPaLKjhpnWVs Object is locked skipped
C:\Documents and Settings\Suffer\Local Settings\Temp\~DF1D27.tmp Object is locked skipped
C:\Documents and Settings\Suffer\Local Settings\Temp\~DF597C.tmp Object is locked skipped
C:\Documents and Settings\Suffer\Local Settings\Temp\~DFE83C.tmp Object is locked skipped
C:\Documents and Settings\Suffer\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\Suffer\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Suffer\Mijn documenten\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\Jan Jansen\Mijn documenten\SmitfraudFix.exe/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\Suffer\Mijn documenten\SmitfraudFix.exe RAR: infected - 1 skipped
C:\Documents and Settings\Suffer\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Suffer\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Geschiedenis\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Eudora5\Mail\In.mbx/[From Floris Vanderhaeghe <Floris.Vanderhaeghe@rug.ac.be>][Date Sun, 24 Jun 2001 23:33:59 +0200 (MEST)]/UNNAMED/[From "floris vanderhaeghe" <Floris.Vanderhaeghe@rug.ac.be>][Date Mon, 25 Jun 2001 17:09:15 +0200]/text/[From "Carlos Gomes"<cpgomes@uevora.pt>][Date Sat, 7 Jul 2001 04:58:55 +0100]/UNNAMED/SYSMON.EXE Infected: Email-Worm.Win32.Magistr.a skipped
C:\Program Files\Eudora5\Mail\In.mbx/[From Floris Vanderhaeghe <Floris.Vanderhaeghe@rug.ac.be>][Date Sun, 24 Jun 2001 23:33:59 +0200 (MEST)]/UNNAMED/[From "floris vanderhaeghe" <Floris.Vanderhaeghe@rug.ac.be>][Date Mon, 25 Jun 2001 17:09:15 +0200]/text/[From "Carlos Gomes"<cpgomes@uevora.pt>][Date Sat, 7 Jul 2001 04:58:55 +0100]/UNNAMED Infected: Email-Worm.Win32.Magistr.a skipped
C:\Program Files\Eudora5\Mail\In.mbx/[From Floris Vanderhaeghe <Floris.Vanderhaeghe@rug.ac.be>][Date Sun, 24 Jun 2001 23:33:59 +0200 (MEST)]/UNNAMED/[From "floris vanderhaeghe" <Floris.Vanderhaeghe@rug.ac.be>][Date Mon, 25 Jun 2001 17:09:15 +0200]/text Infected: Email-Worm.Win32.Magistr.a skipped
C:\Program Files\Eudora5\Mail\In.mbx/[From Floris Vanderhaeghe <Floris.Vanderhaeghe@rug.ac.be>][Date Sun, 24 Jun 2001 23:33:59 +0200 (MEST)]/UNNAMED Infected: Email-Worm.Win32.Magistr.a skipped
C:\Program Files\Eudora5\Mail\In.mbx/[From "Frans van Erve" <fransvanerve@tele2.nl>][Date Thu, 8 Dec 2005 01:26:59 +0100]/UNNAMED/[From "PayPal"<update@paypal.com>][Date Sun, 5 Nov 2006 16:21:52 -0500]/UNNAMED Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
C:\Program Files\Eudora5\Mail\In.mbx/[From "Frans van Erve" <fransvanerve@tele2.nl>][Date Thu, 8 Dec 2005 01:26:59 +0100]/UNNAMED/[From Halifax Online Banking <securityservices@halifax.co.uk>][Date Mon, 24 Sep 2007 13:26:25 +0200 (MEST)]/html Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
C:\Program Files\Eudora5\Mail\In.mbx/[From "Frans van Erve" <fransvanerve@tele2.nl>][Date Thu, 8 Dec 2005 01:26:59 +0100]/UNNAMED/[From Lloyds Tsb Online Security <securityservices@lloydstsb.co.uk>][Date 25 Sep 2007 12:36:45 -0000]/html Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
C:\Program Files\Eudora5\Mail\In.mbx/[From "Frans van Erve" <fransvanerve@tele2.nl>][Date Thu, 8 Dec 2005 01:26:59 +0100]/UNNAMED Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
C:\Program Files\Eudora5\Mail\In.mbx MailBerkeleymboxx: infected - 4, suspicious - 4 skipped
C:\Program Files\Eudora5\Mail\In.mbx.001/[From Floris Vanderhaeghe <Floris.Vanderhaeghe@rug.ac.be>][Date Sun, 24 Jun 2001 23:33:59 +0200 (MEST)]/UNNAMED/[From "floris vanderhaeghe" <Floris.Vanderhaeghe@rug.ac.be>][Date Mon, 25 Jun 2001 17:09:15 +0200]/text/[From "Carlos Gomes"<cpgomes@uevora.pt>][Date Sat, 7 Jul 2001 04:58:55 +0100]/UNNAMED/SYSMON.EXE Infected: Email-Worm.Win32.Magistr.a skipped
C:\Program Files\Eudora5\Mail\In.mbx.001/[From Floris Vanderhaeghe <Floris.Vanderhaeghe@rug.ac.be>][Date Sun, 24 Jun 2001 23:33:59 +0200 (MEST)]/UNNAMED/[From "floris vanderhaeghe" <Floris.Vanderhaeghe@rug.ac.be>][Date Mon, 25 Jun 2001 17:09:15 +0200]/text/[From "Carlos Gomes"<cpgomes@uevora.pt>][Date Sat, 7 Jul 2001 04:58:55 +0100]/UNNAMED Infected: Email-Worm.Win32.Magistr.a skipped
C:\Program Files\Eudora5\Mail\In.mbx.001/[From Floris Vanderhaeghe <Floris.Vanderhaeghe@rug.ac.be>][Date Sun, 24 Jun 2001 23:33:59 +0200 (MEST)]/UNNAMED/[From "floris vanderhaeghe" <Floris.Vanderhaeghe@rug.ac.be>][Date Mon, 25 Jun 2001 17:09:15 +0200]/text Infected: Email-Worm.Win32.Magistr.a skipped
C:\Program Files\Eudora5\Mail\In.mbx.001/[From Floris Vanderhaeghe <Floris.Vanderhaeghe@rug.ac.be>][Date Sun, 24 Jun 2001 23:33:59 +0200 (MEST)]/UNNAMED Infected: Email-Worm.Win32.Magistr.a skipped
C:\Program Files\Eudora5\Mail\In.mbx.001/[From "Frans van Erve" <fransvanerve@tele2.nl>][Date Thu, 8 Dec 2005 01:26:59 +0100]/UNNAMED/[From "PayPal"<update@paypal.com>][Date Sun, 5 Nov 2006 16:21:52 -0500]/UNNAMED Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
C:\Program Files\Eudora5\Mail\In.mbx.001/[From "Frans van Erve" <fransvanerve@tele2.nl>][Date Thu, 8 Dec 2005 01:26:59 +0100]/UNNAMED/[From "eBay" <csteam.refo1369186vo.nf@ebay.com>][Date Mon, 23 Jul 2007 16:08:21 +0200 (MEST)]/UNNAMED/[From "eBay" <csteam.refo1369186vo.nf@ebay.com>]/UNNAMED/html Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
C:\Program Files\Eudora5\Mail\In.mbx.001/[From "Frans van Erve" <fransvanerve@tele2.nl>][Date Thu, 8 Dec 2005 01:26:59 +0100]/UNNAMED/[From "eBay" <csteam.refo1369186vo.nf@ebay.com>][Date Mon, 23 Jul 2007 16:08:21 +0200 (MEST)]/UNNAMED/[From "eBay" <csteam.refo1369186vo.nf@ebay.com>]/UNNAMED Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
C:\Program Files\Eudora5\Mail\In.mbx.001/[From "Frans van Erve" <fransvanerve@tele2.nl>][Date Thu, 8 Dec 2005 01:26:59 +0100]/UNNAMED/[From "eBay" <csteam.refo1369186vo.nf@ebay.com>][Date Mon, 23 Jul 2007 16:08:21 +0200 (MEST)]/UNNAMED Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
C:\Program Files\Eudora5\Mail\In.mbx.001/[From "Frans van Erve" <fransvanerve@tele2.nl>][Date Thu, 8 Dec 2005 01:26:59 +0100]/UNNAMED/[From "eBay" <customersupportteam.refd49814502710.nf@ebay.com>][Date Mon, 23 Jul 2007 16:19:48 +0200 (MEST)]/UNNAMED/[From "eBay" <customersupportteam.refd49814502710.nf@ebay.com>]/UNNAMED/html Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
C:\Program Files\Eudora5\Mail\In.mbx.001/[From "Frans van Erve" <fransvanerve@tele2.nl>][Date Thu, 8 Dec 2005 01:26:59 +0100]/UNNAMED/[From "eBay" <customersupportteam.refd49814502710.nf@ebay.com>][Date Mon, 23 Jul 2007 16:19:48 +0200 (MEST)]/UNNAMED/[From "eBay" <customersupportteam.refd49814502710.nf@ebay.com>]/UNNAMED Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
C:\Program Files\Eudora5\Mail\In.mbx.001/[From "Frans van Erve" <fransvanerve@tele2.nl>][Date Thu, 8 Dec 2005 01:26:59 +0100]/UNNAMED/[From "eBay" <customersupportteam.refd49814502710.nf@ebay.com>][Date Mon, 23 Jul 2007 16:19:48 +0200 (MEST)]/UNNAMED Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
C:\Program Files\Eudora5\Mail\In.mbx.001/[From "Frans van Erve" <fransvanerve@tele2.nl>][Date Thu, 8 Dec 2005 01:26:59 +0100]/UNNAMED/[From Lloyds TSB Bank plc <customer.relations@lloydstsb.com>][Date Tue, 24 Jul 2007 04:28:46 +0200 (CEST)]/UNNAMED Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
C:\Program Files\Eudora5\Mail\In.mbx.001/[From "Frans van Erve" <fransvanerve@tele2.nl>][Date Thu, 8 Dec 2005 01:26:59 +0100]/UNNAMED/[From Lloyds TSB Bank plc <customer.relations@lloydstsb.com>][Date Wed, 25 Jul 2007 14:59:55 +0200]/html Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
C:\Program Files\Eudora5\Mail\In.mbx.001/[From "Frans van Erve" <fransvanerve@tele2.nl>][Date Thu, 8 Dec 2005 01:26:59 +0100]/UNNAMED/[From LloydsTSB <customer.service@lloydstsb.com>][Date Thu, 26 Jul 2007 13:13:43 -0400]/UNNAMED Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
C:\Program Files\Eudora5\Mail\In.mbx.001/[From "Frans van Erve" <fransvanerve@tele2.nl>][Date Thu, 8 Dec 2005 01:26:59 +0100]/UNNAMED/[From "eBay" <csteam.ref23197452922373.nf@ebay.com>][Date Fri, 27 Jul 2007 01:43:03 +0200 (MEST)]/UNNAMED/[From "eBay" <csteam.ref23197452922373.nf@ebay.com>]/UNNAMED/html Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
C:\Program Files\Eudora5\Mail\In.mbx.001/[From "Frans van Erve" <fransvanerve@tele2.nl>][Date Thu, 8 Dec 2005 01:26:59 +0100]/UNNAMED/[From "eBay" <csteam.ref23197452922373.nf@ebay.com>][Date Fri, 27 Jul 2007 01:43:03 +0200 (MEST)]/UNNAMED/[From "eBay" <csteam.ref23197452922373.nf@ebay.com>]/UNNAMED Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
C:\Program Files\Eudora5\Mail\In.mbx.001/[From "Frans van Erve" <fransvanerve@tele2.nl>][Date Thu, 8 Dec 2005 01:26:59 +0100]/UNNAMED/[From "eBay" <csteam.ref23197452922373.nf@ebay.com>][Date Fri, 27 Jul 2007 01:43:03 +0200 (MEST)]/UNNAMED Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
C:\Program Files\Eudora5\Mail\In.mbx.001/[From "Frans van Erve" <fransvanerve@tele2.nl>][Date Thu, 8 Dec 2005 01:26:59 +0100]/UNNAMED/[From "Paypal"<service@paypal.com>][Date Fri, 27 Jul 2007 01:06:12 -0500]/UNNAMED Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
C:\Program Files\Eudora5\Mail\In.mbx.001/[From "Frans van Erve" <fransvanerve@tele2.nl>][Date Thu, 8 Dec 2005 01:26:59 +0100]/UNNAMED/[From "eBay" <customersupportteam.refsj29871776z.nf@ebay.com>][Date Mon, 30 Jul 2007 17:51:10 +0200 (MEST)]/UNNAMED/[From "eBay" <customersupportteam.refsj29871776z.nf@ebay.com>]/UNNAMED/html Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
C:\Program Files\Eudora5\Mail\In.mbx.001/[From "Frans van Erve" <fransvanerve@tele2.nl>][Date Thu, 8 Dec 2005 01:26:59 +0100]/UNNAMED/[From "eBay" <customersupportteam.refsj29871776z.nf@ebay.com>][Date Mon, 30 Jul 2007 17:51:10 +0200 (MEST)]/UNNAMED/[From "eBay" <customersupportteam.refsj29871776z.nf@ebay.com>]/UNNAMED Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
C:\Program Files\Eudora5\Mail\In.mbx.001/[From "Frans van Erve" <fransvanerve@tele2.nl>][Date Thu, 8 Dec 2005 01:26:59 +0100]/UNNAMED/[From "eBay" <customersupportteam.refsj29871776z.nf@ebay.com>][Date Mon, 30 Jul 2007 17:51:10 +0200 (MEST)]/UNNAMED Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
C:\Program Files\Eudora5\Mail\In.mbx.001/[From "Frans van Erve" <fransvanerve@tele2.nl>][Date Thu, 8 Dec 2005 01:26:59 +0100]/UNNAMED/[From "eBay" <customersupport.refnh3229174.nf@ebay.com>][Date Wed, 8 Aug 2007 02:46:46 +0200 (MEST)]/UNNAMED/[From "eBay" <customersupport.refnh3229174.nf@ebay.com>]/UNNAMED/html Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
C:\Program Files\Eudora5\Mail\In.mbx.001/[From "Frans van Erve" <fransvanerve@tele2.nl>][Date Thu, 8 Dec 2005 01:26:59 +0100]/UNNAMED/[From "eBay" <customersupport.refnh3229174.nf@ebay.com>][Date Wed, 8 Aug 2007 02:46:46 +0200 (MEST)]/UNNAMED/[From "eBay" <customersupport.refnh3229174.nf@ebay.com>]/UNNAMED Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
C:\Program Files\Eudora5\Mail\In.mbx.001/[From "Frans van Erve" <fransvanerve@tele2.nl>][Date Thu, 8 Dec 2005 01:26:59 +0100]/UNNAMED/[From "eBay" <customersupport.refnh3229174.nf@ebay.com>][Date Wed, 8 Aug 2007 02:46:46 +0200 (MEST)]/UNNAMED Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
C:\Program Files\Eudora5\Mail\In.mbx.001/[From "Frans van Erve" <fransvanerve@tele2.nl>][Date Thu, 8 Dec 2005 01:26:59 +0100]/UNNAMED/[From "PayPal Inc"<service@ws.com>][Date Tue, 4 Sep 2007 06:22:18 -1000]/UNNAMED Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
C:\Program Files\Eudora5\Mail\In.mbx.001/[From "Frans van Erve" <fransvanerve@tele2.nl>][Date Thu, 8 Dec 2005 01:26:59 +0100]/UNNAMED/[From "PayPal" <support@paypal.com>][Date Tue, 12 Sep 2006 19:39:53 -0300]/UNNAMED Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
C:\Program Files\Eudora5\Mail\In.mbx.001/[From "Frans van Erve" <fransvanerve@tele2.nl>][Date Thu, 8 Dec 2005 01:26:59 +0100]/UNNAMED Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
C:\Program Files\Eudora5\Mail\In.mbx.001 MailBerkeleymboxx: infected - 4, suspicious - 23 skipped
C:\Program Files\Eudora5\Mail\In.mbx.002/[From Floris Vanderhaeghe <Floris.Vanderhaeghe@rug.ac.be>][Date Sun, 24 Jun 2001 23:33:59 +0200 (MEST)]/UNNAMED/[From "floris vanderhaeghe" <Floris.Vanderhaeghe@rug.ac.be>][Date Mon, 25 Jun 2001 17:09:15 +0200]/text/[From "Carlos Gomes"<cpgomes@uevora.pt>][Date Sat, 7 Jul 2001 04:58:55 +0100]/UNNAMED/SYSMON.EXE Infected: Email-Worm.Win32.Magistr.a skipped
C:\Program Files\Eudora5\Mail\In.mbx.002/[From Floris Vanderhaeghe <Floris.Vanderhaeghe@rug.ac.be>][Date Sun, 24 Jun 2001 23:33:59 +0200 (MEST)]/UNNAMED/[From "floris vanderhaeghe" <Floris.Vanderhaeghe@rug.ac.be>][Date Mon, 25 Jun 2001 17:09:15 +0200]/text/[From "Carlos Gomes"<cpgomes@uevora.pt>][Date Sat, 7 Jul 2001 04:58:55 +0100]/UNNAMED Infected: Email-Worm.Win32.Magistr.a skipped
C:\Program Files\Eudora5\Mail\In.mbx.002/[From Floris Vanderhaeghe <Floris.Vanderhaeghe@rug.ac.be>][Date Sun, 24 Jun 2001 23:33:59 +0200 (MEST)]/UNNAMED/[From "floris vanderhaeghe" <Floris.Vanderhaeghe@rug.ac.be>][Date Mon, 25 Jun 2001 17:09:15 +0200]/text Infected: Email-Worm.Win32.Magistr.a skipped
C:\Program Files\Eudora5\Mail\In.mbx.002/[From Floris Vanderhaeghe <Floris.Vanderhaeghe@rug.ac.be>][Date Sun, 24 Jun 2001 23:33:59 +0200 (MEST)]/UNNAMED Infected: Email-Worm.Win32.Magistr.a skipped
C:\Program Files\Eudora5\Mail\In.mbx.002/[From "Frans van Erve" <fransvanerve@tele2.nl>][Date Thu, 8 Dec 2005 01:26:59 +0100]/UNNAMED/[From "PayPal"<update@paypal.com>][Date Sun, 5 Nov 2006 16:21:52 -0500]/UNNAMED Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
C:\Program Files\Eudora5\Mail\In.mbx.002/[From "Frans van Erve" <fransvanerve@tele2.nl>][Date Thu, 8 Dec 2005 01:26:59 +0100]/UNNAMED/[From "eBay" <csteam.refo1369186vo.nf@ebay.com>][Date Mon, 23 Jul 2007 16:08:21 +0200 (MEST)]/UNNAMED/[From "eBay" <csteam.refo1369186vo.nf@ebay.com>]/UNNAMED/html Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
C:\Program Files\Eudora5\Mail\In.mbx.002/[From "Frans van Erve" <fransvanerve@tele2.nl>][Date Thu, 8 Dec 2005 01:26:59 +0100]/UNNAMED/[From "eBay" <csteam.refo1369186vo.nf@ebay.com>][Date Mon, 23 Jul 2007 16:08:21 +0200 (MEST)]/UNNAMED/[From "eBay" <csteam.refo1369186vo.nf@ebay.com>]/UNNAMED Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
C:\Program Files\Eudora5\Mail\In.mbx.002/[From "Frans van Erve" <fransvanerve@tele2.nl>][Date Thu, 8 Dec 2005 01:26:59 +0100]/UNNAMED/[From "eBay" <csteam.refo1369186vo.nf@ebay.com>][Date Mon, 23 Jul 2007 16:08:21 +0200 (MEST)]/UNNAMED Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
C:\Program Files\Eudora5\Mail\In.mbx.002/[From "Frans van Erve" <fransvanerve@tele2.nl>][Date Thu, 8 Dec 2005 01:26:59 +0100]/UNNAMED/[From "eBay" <customersupportteam.refd49814502710.nf@ebay.com>][Date Mon, 23 Jul 2007 16:19:48 +0200 (MEST)]/UNNAMED/[From "eBay" <customersupportteam.refd49814502710.nf@ebay.com>]/UNNAMED/html Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
C:\Program Files\Eudora5\Mail\In.mbx.002/[From "Frans van Erve" <fransvanerve@tele2.nl>][Date Thu, 8 Dec 2005 01:26:59 +0100]/UNNAMED/[From "eBay" <customersupportteam.refd49814502710.nf@ebay.com>][Date Mon, 23 Jul 2007 16:19:48 +0200 (MEST)]/UNNAMED/[From "eBay" <customersupportteam.refd49814502710.nf@ebay.com>]/UNNAMED Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
C:\Program Files\Eudora5\Mail\In.mbx.002/[From "Frans van Erve" <fransvanerve@tele2.nl>][Date Thu, 8 Dec 2005 01:26:59 +0100]/UNNAMED/[From "eBay" <customersupportteam.refd49814502710.nf@ebay.com>][Date Mon, 23 Jul 2007 16:19:48 +0200 (MEST)]/UNNAMED Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
C:\Program Files\Eudora5\Mail\In.mbx.002/[From "Frans van Erve" <fransvanerve@tele2.nl>][Date Thu, 8 Dec 2005 01:26:59 +0100]/UNNAMED/[From Lloyds TSB Bank plc <customer.relations@lloydstsb.com>][Date Tue, 24 Jul 2007 04:28:46 +0200 (CEST)]/UNNAMED Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
C:\Program Files\Eudora5\Mail\In.mbx.002/[From "Frans van Erve" <fransvanerve@tele2.nl>][Date Thu, 8 Dec 2005 01:26:59 +0100]/UNNAMED/[From Lloyds TSB Bank plc <customer.relations@lloydstsb.com>][Date Wed, 25 Jul 2007 14:59:55 +0200]/html Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
C:\Program Files\Eudora5\Mail\In.mbx.002/[From "Frans van Erve" <fransvanerve@tele2.nl>][Date Thu, 8 Dec 2005 01:26:59 +0100]/UNNAMED/[From LloydsTSB <customer.service@lloydstsb.com>][Date Thu, 26 Jul 2007 13:13:43 -0400]/UNNAMED Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
C:\Program Files\Eudora5\Mail\In.mbx.002/[From "Frans van Erve" <fransvanerve@tele2.nl>][Date Thu, 8 Dec 2005 01:26:59 +0100]/UNNAMED/[From "eBay" <csteam.ref23197452922373.nf@ebay.com>][Date Fri, 27 Jul 2007 01:43:03 +0200 (MEST)]/UNNAMED/[From "eBay" <csteam.ref23197452922373.nf@ebay.com>]/UNNAMED/html Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
C:\Program Files\Eudora5\Mail\In.mbx.002/[From "Frans van Erve" <fransvanerve@tele2.nl>][Date Thu, 8 Dec 2005 01:26:59 +0100]/UNNAMED/[From "eBay" <csteam.ref23197452922373.nf@ebay.com>][Date Fri, 27 Jul 2007 01:43:03 +0200 (MEST)]/UNNAMED/[From "eBay" <csteam.ref23197452922373.nf@ebay.com>]/UNNAMED Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
C:\Program Files\Eudora5\Mail\In.mbx.002/[From "Frans van Erve" <fransvanerve@tele2.nl>][Date Thu, 8 Dec 2005 01:26:59 +0100]/UNNAMED/[From "eBay" <csteam.ref23197452922373.nf@ebay.com>][Date Fri, 27 Jul 2007 01:43:03 +0200 (MEST)]/UNNAMED Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
C:\Program Files\Eudora5\Mail\In.mbx.002/[From "Frans van Erve" <fransvanerve@tele2.nl>][Date Thu, 8 Dec 2005 01:26:59 +0100]/UNNAMED/[From "Paypal"<service@paypal.com>][Date Fri, 27 Jul 2007 01:06:12 -0500]/UNNAMED Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
C:\Program Files\Eudora5\Mail\In.mbx.002/[From "Frans van Erve" <fransvanerve@tele2.nl>][Date Thu, 8 Dec 2005 01:26:59 +0100]/UNNAMED/[From "eBay" <customersupportteam.refsj29871776z.nf@ebay.com>][Date Mon, 30 Jul 2007 17:51:10 +0200 (MEST)]/UNNAMED/[From "eBay" <customersupportteam.refsj29871776z.nf@ebay.com>]/UNNAMED/html Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
C:\Program Files\Eudora5\Mail\In.mbx.002/[From "Frans van Erve" <fransvanerve@tele2.nl>][Date Thu, 8 Dec 2005 01:26:59 +0100]/UNNAMED/[From "eBay" <customersupportteam.refsj29871776z.nf@ebay.com>][Date Mon, 30 Jul 2007 17:51:10 +0200 (MEST)]/UNNAMED/[From "eBay" <customersupportteam.refsj29871776z.nf@ebay.com>]/UNNAMED Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
C:\Program Files\Eudora5\Mail\In.mbx.002/[From "Frans van Erve" <fransvanerve@tele2.nl>][Date Thu, 8 Dec 2005 01:26:59 +0100]/UNNAMED/[From "eBay" <customersupportteam.refsj29871776z.nf@ebay.com>][Date Mon, 30 Jul 2007 17:51:10 +0200 (MEST)]/UNNAMED Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
C:\Program Files\Eudora5\Mail\In.mbx.002/[From "Frans van Erve" <fransvanerve@tele2.nl>][Date Thu, 8 Dec 2005 01:26:59 +0100]/UNNAMED/[From "eBay" <customersupport.refnh3229174.nf@ebay.com>][Date Wed, 8 Aug 2007 02:46:46 +0200 (MEST)]/UNNAMED/[From "eBay" <customersupport.refnh3229174.nf@ebay.com>]/UNNAMED/html Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
C:\Program Files\Eudora5\Mail\In.mbx.002/[From "Frans van Erve" <fransvanerve@tele2.nl>][Date Thu, 8 Dec 2005 01:26:59 +0100]/UNNAMED/[From "eBay" <customersupport.refnh3229174.nf@ebay.com>][Date Wed, 8 Aug 2007 02:46:46 +0200 (MEST)]/UNNAMED/[From "eBay" <customersupport.refnh3229174.nf@ebay.com>]/UNNAMED Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
C:\Program Files\Eudora5\Mail\In.mbx.002/[From "Frans van Erve" <fransvanerve@tele2.nl>][Date Thu, 8 Dec 2005 01:26:59 +0100]/UNNAMED/[From "eBay" <customersupport.refnh3229174.nf@ebay.com>][Date Wed, 8 Aug 2007 02:46:46 +0200 (MEST)]/UNNAMED Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
C:\Program Files\Eudora5\Mail\In.mbx.002/[From "Frans van Erve" <fransvanerve@tele2.nl>][Date Thu, 8 Dec 2005 01:26:59 +0100]/UNNAMED Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
C:\Program Files\Eudora5\Mail\In.mbx.002 MailBerkeleymboxx: infected - 4, suspicious - 21 skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{BA101CE7-9C9C-489B-830F-00C92A3D33D1}\RP554\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\Temp\mcmsc_DktD7afmFPAaD9S Object is locked skipped
C:\WINDOWS\Temp\mcmsc_jJseS18EGdWmxj7 Object is locked skipped
C:\WINDOWS\Temp\mcmsc_Nfe8XQeXyfj3B2E Object is locked skipped
C:\WINDOWS\Temp\mcmsc_qC5uhK2l8ChjAof Object is locked skipped
C:\WINDOWS\Temp\mcmsc_TxPrYwOaj2WisdA Object is locked skipped
C:\WINDOWS\Temp\sqlite_1X0H7Gd1VwqT5Iu Object is locked skipped
C:\WINDOWS\Temp\sqlite_lFVMUVC7sa44rre Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
Scan process completed.
----------------------------------
All the best,
Suffer