Trojan virtumonde
kephas
Messages postés
647
Statut
Membre
-
Kristopher Messages postés 3752 Statut Contributeur -
Kristopher Messages postés 3752 Statut Contributeur -
--Bonjour,
J'ai un probléme de virus qui devient récurent à chaque fois que je me connecte à internet.
Je viens de faire une analyse avec hijackthis et voici le rapport qu'il m'a donné :
Logfile of HijackThis v1.99.1
Scan saved at 12:22:36, on 21/06/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\lkcitdl.exe
C:\WINDOWS\system32\lkads.exe
C:\WINDOWS\system32\lktsrv.exe
C:\WINDOWS\system32\RTProxy.exe
C:\WINDOWS\system32\niSvcLoc.exe
C:\WINDOWS\System32\oodag.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\nipalsm.exe
C:\WINDOWS\system32\nipalsm.exe
C:\WINDOWS\system32\nipalsm.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\D-Tools\daemon.exe
C:\PROGRA~1\MESSAG~1\Demon.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\WINDOWS\VM_STI.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\Wanadoo\CnxMon.exe
C:\PROGRA~1\Wanadoo\TaskbarIcon.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Wanadoo\EspaceWanadoo.exe
C:\Program Files\Wallpaper\Wallpaper.exe
C:\WINDOWS\System32\msconfigures.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\Wanadoo\ComComp.exe
C:\Program Files\Wanadoo\Watch.exe
C:\Program Files\Mozilla Thunderbird\thunderbird.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {30FD4848-2ADA-4A67-95B3-550604B62569} - C:\WINDOWS\System32\pmnnm.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: (no name) - {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - C:\WINDOWS\System32\efcaaya.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O2 - BHO: (no name) - {E0301416-5938-41D1-B2AD-2D466257B603} - C:\WINDOWS\System32\mljji.dll (file missing)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [Demon] C:\PROGRA~1\MESSAG~1\Demon.exe
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE Philips SPC 200NC PC Camera
O4 - HKLM\..\Run: [IMAQBoot] C:\Program Files\National Instruments\NI-IMAQ\bin\ImaqBoot.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\Wanadoo\CnxMon.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\TaskbarIcon.exe
O4 - HKLM\..\Run: [WinDLL (wchshield.exe)] rundll32.exe C:\WINDOWS\System32\wchshield.exe,start
O4 - HKLM\..\Run: [Microsoft Configure] msconfigures.exe
O4 - HKLM\..\Run: [{277084CD-1302-2015-0504-000504060002}] C:\WINDOWS\System32\mshelp32.com
O4 - HKLM\..\Run: [{2F71DEBD-185E-171C-0106-020400070604}] C:\WINDOWS\System32\mshelp32.com
O4 - HKLM\..\Run: [{2D4E9059-1E38-0926-0500-020808030507}] C:\WINDOWS\System32\mshelp32.com
O4 - HKLM\..\Run: [Microsoft Help System] C:\WINDOWS\System32\mshelp32.com
O4 - HKLM\..\RunServices: [Microsoft Configure] msconfigures.exe
O4 - HKCU\..\Run: [Wallpaper] "C:\Program Files\Wallpaper\Wallpaper.exe" Starter
O4 - HKCU\..\Run: [Microsoft Configure] msconfigures.exe
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [{277084CD-1302-2015-0504-000504060002}] C:\WINDOWS\System32\mshelp32.com
O4 - HKCU\..\Run: [{2F71DEBD-185E-171C-0106-020400070604}] C:\WINDOWS\System32\mshelp32.com
O4 - HKCU\..\Run: [{2D4E9059-1E38-0926-0500-020808030507}] C:\WINDOWS\System32\mshelp32.com
O4 - HKCU\..\Run: [Microsoft Help System] C:\WINDOWS\System32\mshelp32.com
O4 - HKCU\..\RunServices: [Microsoft Configure] msconfigures.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://drivers1.free.fr/telecharger.php?id=2&version=
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{B2029964-2B7A-41AE-A692-6ACC9B74C42B}: NameServer = 80.10.246.130 80.10.246.3
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: efcaaya - C:\WINDOWS\SYSTEM32\efcaaya.dll
O20 - Winlogon Notify: pmnnm - C:\WINDOWS\System32\pmnnm.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Lookout Citadel Server (LkCitadelServer) - National Instruments, Inc. - C:\WINDOWS\system32\lkcitdl.exe
O23 - Service: Lookout Classified Ads (LkClassAds) - National Instruments, Inc. - C:\WINDOWS\system32\lkads.exe
O23 - Service: Lookout Time Synchronization (LkTimeSync) - National Instruments, Inc. - C:\WINDOWS\system32\lktsrv.exe
O23 - Service: nidevldu - National Instruments Corporation - C:\WINDOWS\system32\nipalsm.exe
O23 - Service: NILM License manager - Macrovision Corporation - C:\Program Files\National Instruments\Shared\License Manager\Bin\lmgrd.exe
O23 - Service: nimildru - National Instruments Corporation - C:\WINDOWS\system32\nipalsm.exe
O23 - Service: nipxirmu - National Instruments Corporation - C:\WINDOWS\system32\nipalsm.exe
O23 - Service: niRTProxy - National Instruments - C:\WINDOWS\system32\RTProxy.exe
O23 - Service: NI Service Locator (niSvcLoc) - National Instruments - C:\WINDOWS\system32\niSvcLoc.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\System32\oodag.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Onduleur (UPS) - Unknown owner - C:\WINDOWS\System32\ups.exe (file missing)
J'ai également fais une analyse à l'aide de Ad aware ou il m'a trouvé une infection par le virus virtumonde. ci dessous le rapport :
Name:Virtumonde
Category:Data Miner
Object Type:Regkey
Size:0 Bytes
Location:clsid\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c}\
Last Activity:21-06-2006
Relevance:Low
TAC index:10
Quelqu'un pourrait-il m'aider à retirer ce virus ?
Merci d'avance
KEPHAS
Le mieux est l'ennemi du bien...
J'ai un probléme de virus qui devient récurent à chaque fois que je me connecte à internet.
Je viens de faire une analyse avec hijackthis et voici le rapport qu'il m'a donné :
Logfile of HijackThis v1.99.1
Scan saved at 12:22:36, on 21/06/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\lkcitdl.exe
C:\WINDOWS\system32\lkads.exe
C:\WINDOWS\system32\lktsrv.exe
C:\WINDOWS\system32\RTProxy.exe
C:\WINDOWS\system32\niSvcLoc.exe
C:\WINDOWS\System32\oodag.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\nipalsm.exe
C:\WINDOWS\system32\nipalsm.exe
C:\WINDOWS\system32\nipalsm.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\D-Tools\daemon.exe
C:\PROGRA~1\MESSAG~1\Demon.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\WINDOWS\VM_STI.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\Wanadoo\CnxMon.exe
C:\PROGRA~1\Wanadoo\TaskbarIcon.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Wanadoo\EspaceWanadoo.exe
C:\Program Files\Wallpaper\Wallpaper.exe
C:\WINDOWS\System32\msconfigures.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\Wanadoo\ComComp.exe
C:\Program Files\Wanadoo\Watch.exe
C:\Program Files\Mozilla Thunderbird\thunderbird.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {30FD4848-2ADA-4A67-95B3-550604B62569} - C:\WINDOWS\System32\pmnnm.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: (no name) - {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - C:\WINDOWS\System32\efcaaya.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O2 - BHO: (no name) - {E0301416-5938-41D1-B2AD-2D466257B603} - C:\WINDOWS\System32\mljji.dll (file missing)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [Demon] C:\PROGRA~1\MESSAG~1\Demon.exe
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE Philips SPC 200NC PC Camera
O4 - HKLM\..\Run: [IMAQBoot] C:\Program Files\National Instruments\NI-IMAQ\bin\ImaqBoot.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\Wanadoo\CnxMon.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\TaskbarIcon.exe
O4 - HKLM\..\Run: [WinDLL (wchshield.exe)] rundll32.exe C:\WINDOWS\System32\wchshield.exe,start
O4 - HKLM\..\Run: [Microsoft Configure] msconfigures.exe
O4 - HKLM\..\Run: [{277084CD-1302-2015-0504-000504060002}] C:\WINDOWS\System32\mshelp32.com
O4 - HKLM\..\Run: [{2F71DEBD-185E-171C-0106-020400070604}] C:\WINDOWS\System32\mshelp32.com
O4 - HKLM\..\Run: [{2D4E9059-1E38-0926-0500-020808030507}] C:\WINDOWS\System32\mshelp32.com
O4 - HKLM\..\Run: [Microsoft Help System] C:\WINDOWS\System32\mshelp32.com
O4 - HKLM\..\RunServices: [Microsoft Configure] msconfigures.exe
O4 - HKCU\..\Run: [Wallpaper] "C:\Program Files\Wallpaper\Wallpaper.exe" Starter
O4 - HKCU\..\Run: [Microsoft Configure] msconfigures.exe
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [{277084CD-1302-2015-0504-000504060002}] C:\WINDOWS\System32\mshelp32.com
O4 - HKCU\..\Run: [{2F71DEBD-185E-171C-0106-020400070604}] C:\WINDOWS\System32\mshelp32.com
O4 - HKCU\..\Run: [{2D4E9059-1E38-0926-0500-020808030507}] C:\WINDOWS\System32\mshelp32.com
O4 - HKCU\..\Run: [Microsoft Help System] C:\WINDOWS\System32\mshelp32.com
O4 - HKCU\..\RunServices: [Microsoft Configure] msconfigures.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://drivers1.free.fr/telecharger.php?id=2&version=
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{B2029964-2B7A-41AE-A692-6ACC9B74C42B}: NameServer = 80.10.246.130 80.10.246.3
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: efcaaya - C:\WINDOWS\SYSTEM32\efcaaya.dll
O20 - Winlogon Notify: pmnnm - C:\WINDOWS\System32\pmnnm.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Lookout Citadel Server (LkCitadelServer) - National Instruments, Inc. - C:\WINDOWS\system32\lkcitdl.exe
O23 - Service: Lookout Classified Ads (LkClassAds) - National Instruments, Inc. - C:\WINDOWS\system32\lkads.exe
O23 - Service: Lookout Time Synchronization (LkTimeSync) - National Instruments, Inc. - C:\WINDOWS\system32\lktsrv.exe
O23 - Service: nidevldu - National Instruments Corporation - C:\WINDOWS\system32\nipalsm.exe
O23 - Service: NILM License manager - Macrovision Corporation - C:\Program Files\National Instruments\Shared\License Manager\Bin\lmgrd.exe
O23 - Service: nimildru - National Instruments Corporation - C:\WINDOWS\system32\nipalsm.exe
O23 - Service: nipxirmu - National Instruments Corporation - C:\WINDOWS\system32\nipalsm.exe
O23 - Service: niRTProxy - National Instruments - C:\WINDOWS\system32\RTProxy.exe
O23 - Service: NI Service Locator (niSvcLoc) - National Instruments - C:\WINDOWS\system32\niSvcLoc.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\System32\oodag.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Onduleur (UPS) - Unknown owner - C:\WINDOWS\System32\ups.exe (file missing)
J'ai également fais une analyse à l'aide de Ad aware ou il m'a trouvé une infection par le virus virtumonde. ci dessous le rapport :
Name:Virtumonde
Category:Data Miner
Object Type:Regkey
Size:0 Bytes
Location:clsid\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c}\
Last Activity:21-06-2006
Relevance:Low
TAC index:10
Quelqu'un pourrait-il m'aider à retirer ce virus ?
Merci d'avance
KEPHAS
Le mieux est l'ennemi du bien...
A voir également:
- Trojan virtumonde
- Trojan remover - Télécharger - Antivirus & Antimalwares
- Anti trojan - Télécharger - Antivirus & Antimalwares
- Trojan b901 system32 win config 34 ✓ - Forum Virus
- Csrss.exe trojan fr ✓ - Forum Virus
- Trojan win32 - Forum Virus
8 réponses
Bonjour kephas,
Télécharge VundoFix sur ton Bureau.
https://www.majorgeeks.com/downloadget.php?id=4954&file=13&evp=441f76946860196bd11870d8d721ed46
. Double-clique VundoFix.exe.
. Coche la case "Run VundoFix as a "task".
-> Attends le redémarrage de Vundofix
. Clique sur le bouton "Scan for Vundo".
. Puis clique sur le bouton "Remove Vundo".
. Ensuite sur "yes" pour confirmer
. Après avoir cliqué "Yes", le Bureau disparaîtra un moment lors de la suppression des fichiers.
. Tu verras une invite qui t'annonce que ton PC va s'éteindre ("shutdown"), clique sur "OK"
. Démarre ton PC à nouveau.
. Colle le rapport situé dans C:\vundofix.txt ici.
Courage, Kristopher
Télécharge VundoFix sur ton Bureau.
https://www.majorgeeks.com/downloadget.php?id=4954&file=13&evp=441f76946860196bd11870d8d721ed46
. Double-clique VundoFix.exe.
. Coche la case "Run VundoFix as a "task".
-> Attends le redémarrage de Vundofix
. Clique sur le bouton "Scan for Vundo".
. Puis clique sur le bouton "Remove Vundo".
. Ensuite sur "yes" pour confirmer
. Après avoir cliqué "Yes", le Bureau disparaîtra un moment lors de la suppression des fichiers.
. Tu verras une invite qui t'annonce que ton PC va s'éteindre ("shutdown"), clique sur "OK"
. Démarre ton PC à nouveau.
. Colle le rapport situé dans C:\vundofix.txt ici.
Courage, Kristopher
--Bonjour,
Voici le rapport que m'a retourné Vundofix.
VundoFix V4.2.22
Scan started at 14:12:52 21/06/2006
Listing files found while scanning....
C:\WINDOWS\system32\ijjlm.bak1
C:\WINDOWS\system32\ijjlm.bak2
C:\WINDOWS\system32\ijjlm.tmp
C:\WINDOWS\system32\ijjlm.ini
C:\WINDOWS\system32\ijjlm.ini2
C:\WINDOWS\system32\mnnmp.bak1
C:\WINDOWS\system32\mnnmp.bak2
C:\WINDOWS\system32\mnnmp.ini
C:\WINDOWS\system32\pmnnm.dll
C:\WINDOWS\system32\ijjlm.ini2
C:\WINDOWS\system32\ijjlm.bak2
C:\WINDOWS\system32\ijjlm.tmp
C:\WINDOWS\system32\ijjlm.ini
C:\WINDOWS\system32\ijjlm.ini2
Attempting to delete C:\WINDOWS\system32\ijjlm.bak1
C:\WINDOWS\system32\ijjlm.bak1 Has been deleted!
Attempting to delete C:\WINDOWS\system32\ijjlm.bak2
C:\WINDOWS\system32\ijjlm.bak2 Has been deleted!
Attempting to delete C:\WINDOWS\system32\ijjlm.tmp
C:\WINDOWS\system32\ijjlm.tmp Has been deleted!
Attempting to delete C:\WINDOWS\system32\ijjlm.ini
C:\WINDOWS\system32\ijjlm.ini Has been deleted!
Attempting to delete C:\WINDOWS\system32\ijjlm.ini2
C:\WINDOWS\system32\ijjlm.ini2 Has been deleted!
Attempting to delete C:\WINDOWS\system32\mnnmp.bak1
C:\WINDOWS\system32\mnnmp.bak1 Has been deleted!
Attempting to delete C:\WINDOWS\system32\mnnmp.bak2
C:\WINDOWS\system32\mnnmp.bak2 Has been deleted!
Attempting to delete C:\WINDOWS\system32\mnnmp.ini
C:\WINDOWS\system32\mnnmp.ini Has been deleted!
Attempting to delete C:\WINDOWS\system32\pmnnm.dll
C:\WINDOWS\system32\pmnnm.dll Could not be deleted.
Performing Repairs to the registry.
Done!
merci,
KEPHAS
Le mieux est l'ennemi du bien...
Voici le rapport que m'a retourné Vundofix.
VundoFix V4.2.22
Scan started at 14:12:52 21/06/2006
Listing files found while scanning....
C:\WINDOWS\system32\ijjlm.bak1
C:\WINDOWS\system32\ijjlm.bak2
C:\WINDOWS\system32\ijjlm.tmp
C:\WINDOWS\system32\ijjlm.ini
C:\WINDOWS\system32\ijjlm.ini2
C:\WINDOWS\system32\mnnmp.bak1
C:\WINDOWS\system32\mnnmp.bak2
C:\WINDOWS\system32\mnnmp.ini
C:\WINDOWS\system32\pmnnm.dll
C:\WINDOWS\system32\ijjlm.ini2
C:\WINDOWS\system32\ijjlm.bak2
C:\WINDOWS\system32\ijjlm.tmp
C:\WINDOWS\system32\ijjlm.ini
C:\WINDOWS\system32\ijjlm.ini2
Attempting to delete C:\WINDOWS\system32\ijjlm.bak1
C:\WINDOWS\system32\ijjlm.bak1 Has been deleted!
Attempting to delete C:\WINDOWS\system32\ijjlm.bak2
C:\WINDOWS\system32\ijjlm.bak2 Has been deleted!
Attempting to delete C:\WINDOWS\system32\ijjlm.tmp
C:\WINDOWS\system32\ijjlm.tmp Has been deleted!
Attempting to delete C:\WINDOWS\system32\ijjlm.ini
C:\WINDOWS\system32\ijjlm.ini Has been deleted!
Attempting to delete C:\WINDOWS\system32\ijjlm.ini2
C:\WINDOWS\system32\ijjlm.ini2 Has been deleted!
Attempting to delete C:\WINDOWS\system32\mnnmp.bak1
C:\WINDOWS\system32\mnnmp.bak1 Has been deleted!
Attempting to delete C:\WINDOWS\system32\mnnmp.bak2
C:\WINDOWS\system32\mnnmp.bak2 Has been deleted!
Attempting to delete C:\WINDOWS\system32\mnnmp.ini
C:\WINDOWS\system32\mnnmp.ini Has been deleted!
Attempting to delete C:\WINDOWS\system32\pmnnm.dll
C:\WINDOWS\system32\pmnnm.dll Could not be deleted.
Performing Repairs to the registry.
Done!
merci,
KEPHAS
Le mieux est l'ennemi du bien...
--Quand je refais l'analyse avec Vundofix, il ne retrouve rien de particulier, mais quand je refais l'analyse avec adaware, il me retrouve toujours le méme cheval de troie (virtumonde).
est-ce normal?
merci
@+
KEPHAS
Le mieux est l'ennemi du bien...
est-ce normal?
merci
@+
KEPHAS
Le mieux est l'ennemi du bien...
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
Re,
Si tu dis que ton nouveau log est clean, OK (je ne reviendrai donc plus sur ce point, même si tu te trompes).
Ton PC est très infecté, rends Toi maintenant sur cette page :
virus methode preliminaire de desinfection version fr
Prends bien le soin de tout lire et n'oublie pas les 3 rapports à la fin.
Courage, Kristopher
Si tu dis que ton nouveau log est clean, OK (je ne reviendrai donc plus sur ce point, même si tu te trompes).
Ton PC est très infecté, rends Toi maintenant sur cette page :
virus methode preliminaire de desinfection version fr
Prends bien le soin de tout lire et n'oublie pas les 3 rapports à la fin.
Courage, Kristopher
en fait, quand je dis que le log est clean, c'est à dire que quand je lance Vundofix, il me dit qu'il ne trouve plus rien...
par contre, quand je lance spydoctor, il me retrouve 15 truc qu'il me nettoie et demande à redemarrer...
mais il les retrouve au démarrage suivant!!!!
alors je vais essayer ce que tu me dis et je te tiens au courant!
merci d'vance!
par contre, quand je lance spydoctor, il me retrouve 15 truc qu'il me nettoie et demande à redemarrer...
mais il les retrouve au démarrage suivant!!!!
alors je vais essayer ce que tu me dis et je te tiens au courant!
merci d'vance!
--Voici les trois rapport :
ewido :
---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------
+ Created at: 10:05:33 22/06/2006
+ Scan result:
C:\WINDOWS\system32\wchshield.exe -> Backdoor.Cloner : No action taken.
C:\WINDOWS\system32\msconfigures.exe -> Backdoor.Rbot.bbw : No action taken.
[1124] C:\WINDOWS\System32\msconfigures.exe -> Backdoor.SdBot.yx : No action taken.
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\1R4JKSDT\drsmartload278a[1].exe -> Downloader.Adload.bo : No action taken.
C:\WINDOWS\system32\mrexe.exe -> Downloader.Adload.bo : No action taken.
D:\Divers\pierre\PDF\ScanSoft PDF Converter.v1.crack .zip/PDFConverter_kg/shkpc10.exe -> Downloader.Delf.amo : No action taken.
D:\Divers\pierre\MsgPlus-301.exe/sponsor.exe -> Downloader.Swizzor.ag : No action taken.
:mozilla.30:C:\Documents and Settings\Gilles\Application Data\Mozilla\Firefox\Profiles\i9teuf4e.default\cookies.txt -> TrackingCookie.247realmedia : No action taken.
:mozilla.32:C:\Documents and Settings\Gilles\Application Data\Mozilla\Firefox\Profiles\i9teuf4e.default\cookies.txt -> TrackingCookie.247realmedia : No action taken.
:mozilla.33:C:\Documents and Settings\Gilles\Application Data\Mozilla\Firefox\Profiles\i9teuf4e.default\cookies.txt -> TrackingCookie.247realmedia : No action taken.
:mozilla.34:C:\Documents and Settings\Gilles\Application Data\Mozilla\Firefox\Profiles\i9teuf4e.default\cookies.txt -> TrackingCookie.247realmedia : No action taken.
:mozilla.9:C:\Documents and Settings\Gilles\Application Data\Mozilla\Firefox\Profiles\i9teuf4e.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.29:C:\Documents and Settings\Gilles\Application Data\Mozilla\Firefox\Profiles\i9teuf4e.default\cookies.txt -> TrackingCookie.Bluestreak : No action taken.
:mozilla.21:C:\Documents and Settings\Gilles\Application Data\Mozilla\Firefox\Profiles\i9teuf4e.default\cookies.txt -> TrackingCookie.Doubleclick : No action taken.
:mozilla.22:C:\Documents and Settings\Gilles\Application Data\Mozilla\Firefox\Profiles\i9teuf4e.default\cookies.txt -> TrackingCookie.Smartadserver : No action taken.
:mozilla.24:C:\Documents and Settings\Gilles\Application Data\Mozilla\Firefox\Profiles\i9teuf4e.default\cookies.txt -> TrackingCookie.Smartadserver : No action taken.
:mozilla.25:C:\Documents and Settings\Gilles\Application Data\Mozilla\Firefox\Profiles\i9teuf4e.default\cookies.txt -> TrackingCookie.Smartadserver : No action taken.
:mozilla.26:C:\Documents and Settings\Gilles\Application Data\Mozilla\Firefox\Profiles\i9teuf4e.default\cookies.txt -> TrackingCookie.Weborama : No action taken.
:mozilla.27:C:\Documents and Settings\Gilles\Application Data\Mozilla\Firefox\Profiles\i9teuf4e.default\cookies.txt -> TrackingCookie.Weborama : No action taken.
:mozilla.10:C:\Documents and Settings\Gilles\Application Data\Mozilla\Firefox\Profiles\i9teuf4e.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.11:C:\Documents and Settings\Gilles\Application Data\Mozilla\Firefox\Profiles\i9teuf4e.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.18:C:\Documents and Settings\Gilles\Application Data\Mozilla\Firefox\Profiles\i9teuf4e.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.19:C:\Documents and Settings\Gilles\Application Data\Mozilla\Firefox\Profiles\i9teuf4e.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
C:\Documents and Settings\Gilles\Local Settings\Temp\RTTemp1.exe -> Trojan.Delf.uo : No action taken.
::Report end
bitdefender :
--Voici les trois rapport :
ewido :
---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------
+ Created at: 10:05:33 22/06/2006
+ Scan result:
C:\WINDOWS\system32\wchshield.exe -> Backdoor.Cloner : No action taken.
C:\WINDOWS\system32\msconfigures.exe -> Backdoor.Rbot.bbw : No action taken.
[1124] C:\WINDOWS\System32\msconfigures.exe -> Backdoor.SdBot.yx : No action taken.
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\1R4JKSDT\drsmartload278a[1].exe -> Downloader.Adload.bo : No action taken.
C:\WINDOWS\system32\mrexe.exe -> Downloader.Adload.bo : No action taken.
D:\Divers\pierre\PDF\ScanSoft PDF Converter.v1.crack .zip/PDFConverter_kg/shkpc10.exe -> Downloader.Delf.amo : No action taken.
D:\Divers\pierre\MsgPlus-301.exe/sponsor.exe -> Downloader.Swizzor.ag : No action taken.
:mozilla.30:C:\Documents and Settings\Gilles\Application Data\Mozilla\Firefox\Profiles\i9teuf4e.default\cookies.txt -> TrackingCookie.247realmedia : No action taken.
:mozilla.32:C:\Documents and Settings\Gilles\Application Data\Mozilla\Firefox\Profiles\i9teuf4e.default\cookies.txt -> TrackingCookie.247realmedia : No action taken.
:mozilla.33:C:\Documents and Settings\Gilles\Application Data\Mozilla\Firefox\Profiles\i9teuf4e.default\cookies.txt -> TrackingCookie.247realmedia : No action taken.
:mozilla.34:C:\Documents and Settings\Gilles\Application Data\Mozilla\Firefox\Profiles\i9teuf4e.default\cookies.txt -> TrackingCookie.247realmedia : No action taken.
:mozilla.9:C:\Documents and Settings\Gilles\Application Data\Mozilla\Firefox\Profiles\i9teuf4e.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.29:C:\Documents and Settings\Gilles\Application Data\Mozilla\Firefox\Profiles\i9teuf4e.default\cookies.txt -> TrackingCookie.Bluestreak : No action taken.
:mozilla.21:C:\Documents and Settings\Gilles\Application Data\Mozilla\Firefox\Profiles\i9teuf4e.default\cookies.txt -> TrackingCookie.Doubleclick : No action taken.
:mozilla.22:C:\Documents and Settings\Gilles\Application Data\Mozilla\Firefox\Profiles\i9teuf4e.default\cookies.txt -> TrackingCookie.Smartadserver : No action taken.
:mozilla.24:C:\Documents and Settings\Gilles\Application Data\Mozilla\Firefox\Profiles\i9teuf4e.default\cookies.txt -> TrackingCookie.Smartadserver : No action taken.
:mozilla.25:C:\Documents and Settings\Gilles\Application Data\Mozilla\Firefox\Profiles\i9teuf4e.default\cookies.txt -> TrackingCookie.Smartadserver : No action taken.
:mozilla.26:C:\Documents and Settings\Gilles\Application Data\Mozilla\Firefox\Profiles\i9teuf4e.default\cookies.txt -> TrackingCookie.Weborama : No action taken.
:mozilla.27:C:\Documents and Settings\Gilles\Application Data\Mozilla\Firefox\Profiles\i9teuf4e.default\cookies.txt -> TrackingCookie.Weborama : No action taken.
:mozilla.10:C:\Documents and Settings\Gilles\Application Data\Mozilla\Firefox\Profiles\i9teuf4e.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.11:C:\Documents and Settings\Gilles\Application Data\Mozilla\Firefox\Profiles\i9teuf4e.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.18:C:\Documents and Settings\Gilles\Application Data\Mozilla\Firefox\Profiles\i9teuf4e.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.19:C:\Documents and Settings\Gilles\Application Data\Mozilla\Firefox\Profiles\i9teuf4e.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
C:\Documents and Settings\Gilles\Local Settings\Temp\RTTemp1.exe -> Trojan.Delf.uo : No action taken.
::Report end
bitdefender :
--Voici les trois rapport :
ewido :
---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------
+ Created at: 10:05:33 22/06/2006
+ Scan result:
C:\WINDOWS\system32\wchshield.exe -> Backdoor.Cloner : No action taken.
C:\WINDOWS\system32\msconfigures.exe -> Backdoor.Rbot.bbw : No action taken.
[1124] C:\WINDOWS\System32\msconfigures.exe -> Backdoor.SdBot.yx : No action taken.
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\1R4JKSDT\drsmartload278a[1].exe -> Downloader.Adload.bo : No action taken.
C:\WINDOWS\system32\mrexe.exe -> Downloader.Adload.bo : No action taken.
D:\Divers\pierre\PDF\ScanSoft PDF Converter.v1.crack .zip/PDFConverter_kg/shkpc10.exe -> Downloader.Delf.amo : No action taken.
D:\Divers\pierre\MsgPlus-301.exe/sponsor.exe -> Downloader.Swizzor.ag : No action taken.
:mozilla.30:C:\Documents and Settings\Gilles\Application Data\Mozilla\Firefox\Profiles\i9teuf4e.default\cookies.txt -> TrackingCookie.247realmedia : No action taken.
:mozilla.32:C:\Documents and Settings\Gilles\Application Data\Mozilla\Firefox\Profiles\i9teuf4e.default\cookies.txt -> TrackingCookie.247realmedia : No action taken.
:mozilla.33:C:\Documents and Settings\Gilles\Application Data\Mozilla\Firefox\Profiles\i9teuf4e.default\cookies.txt -> TrackingCookie.247realmedia : No action taken.
:mozilla.34:C:\Documents and Settings\Gilles\Application Data\Mozilla\Firefox\Profiles\i9teuf4e.default\cookies.txt -> TrackingCookie.247realmedia : No action taken.
:mozilla.9:C:\Documents and Settings\Gilles\Application Data\Mozilla\Firefox\Profiles\i9teuf4e.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.29:C:\Documents and Settings\Gilles\Application Data\Mozilla\Firefox\Profiles\i9teuf4e.default\cookies.txt -> TrackingCookie.Bluestreak : No action taken.
:mozilla.21:C:\Documents and Settings\Gilles\Application Data\Mozilla\Firefox\Profiles\i9teuf4e.default\cookies.txt -> TrackingCookie.Doubleclick : No action taken.
:mozilla.22:C:\Documents and Settings\Gilles\Application Data\Mozilla\Firefox\Profiles\i9teuf4e.default\cookies.txt -> TrackingCookie.Smartadserver : No action taken.
:mozilla.24:C:\Documents and Settings\Gilles\Application Data\Mozilla\Firefox\Profiles\i9teuf4e.default\cookies.txt -> TrackingCookie.Smartadserver : No action taken.
:mozilla.25:C:\Documents and Settings\Gilles\Application Data\Mozilla\Firefox\Profiles\i9teuf4e.default\cookies.txt -> TrackingCookie.Smartadserver : No action taken.
:mozilla.26:C:\Documents and Settings\Gilles\Application Data\Mozilla\Firefox\Profiles\i9teuf4e.default\cookies.txt -> TrackingCookie.Weborama : No action taken.
:mozilla.27:C:\Documents and Settings\Gilles\Application Data\Mozilla\Firefox\Profiles\i9teuf4e.default\cookies.txt -> TrackingCookie.Weborama : No action taken.
:mozilla.10:C:\Documents and Settings\Gilles\Application Data\Mozilla\Firefox\Profiles\i9teuf4e.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.11:C:\Documents and Settings\Gilles\Application Data\Mozilla\Firefox\Profiles\i9teuf4e.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.18:C:\Documents and Settings\Gilles\Application Data\Mozilla\Firefox\Profiles\i9teuf4e.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.19:C:\Documents and Settings\Gilles\Application Data\Mozilla\Firefox\Profiles\i9teuf4e.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
C:\Documents and Settings\Gilles\Local Settings\Temp\RTTemp1.exe -> Trojan.Delf.uo : No action taken.
::Report end
bitdefender :
--Voici les trois rapport :
ewido :
---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------
+ Created at: 10:05:33 22/06/2006
+ Scan result:
C:\WINDOWS\system32\wchshield.exe -> Backdoor.Cloner : No action taken.
C:\WINDOWS\system32\msconfigures.exe -> Backdoor.Rbot.bbw : No action taken.
[1124] C:\WINDOWS\System32\msconfigures.exe -> Backdoor.SdBot.yx : No action taken.
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\1R4JKSDT\drsmartload278a[1].exe -> Downloader.Adload.bo : No action taken.
C:\WINDOWS\system32\mrexe.exe -> Downloader.Adload.bo : No action taken.
D:\Divers\pierre\PDF\ScanSoft PDF Converter.v1.crack .zip/PDFConverter_kg/shkpc10.exe -> Downloader.Delf.amo : No action taken.
D:\Divers\pierre\MsgPlus-301.exe/sponsor.exe -> Downloader.Swizzor.ag : No action taken.
:mozilla.30:C:\Documents and Settings\Gilles\Application Data\Mozilla\Firefox\Profiles\i9teuf4e.default\cookies.txt -> TrackingCookie.247realmedia : No action taken.
:mozilla.32:C:\Documents and Settings\Gilles\Application Data\Mozilla\Firefox\Profiles\i9teuf4e.default\cookies.txt -> TrackingCookie.247realmedia : No action taken.
:mozilla.33:C:\Documents and Settings\Gilles\Application Data\Mozilla\Firefox\Profiles\i9teuf4e.default\cookies.txt -> TrackingCookie.247realmedia : No action taken.
:mozilla.34:C:\Documents and Settings\Gilles\Application Data\Mozilla\Firefox\Profiles\i9teuf4e.default\cookies.txt -> TrackingCookie.247realmedia : No action taken.
:mozilla.9:C:\Documents and Settings\Gilles\Application Data\Mozilla\Firefox\Profiles\i9teuf4e.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.29:C:\Documents and Settings\Gilles\Application Data\Mozilla\Firefox\Profiles\i9teuf4e.default\cookies.txt -> TrackingCookie.Bluestreak : No action taken.
:mozilla.21:C:\Documents and Settings\Gilles\Application Data\Mozilla\Firefox\Profiles\i9teuf4e.default\cookies.txt -> TrackingCookie.Doubleclick : No action taken.
:mozilla.22:C:\Documents and Settings\Gilles\Application Data\Mozilla\Firefox\Profiles\i9teuf4e.default\cookies.txt -> TrackingCookie.Smartadserver : No action taken.
:mozilla.24:C:\Documents and Settings\Gilles\Application Data\Mozilla\Firefox\Profiles\i9teuf4e.default\cookies.txt -> TrackingCookie.Smartadserver : No action taken.
:mozilla.25:C:\Documents and Settings\Gilles\Application Data\Mozilla\Firefox\Profiles\i9teuf4e.default\cookies.txt -> TrackingCookie.Smartadserver : No action taken.
:mozilla.26:C:\Documents and Settings\Gilles\Application Data\Mozilla\Firefox\Profiles\i9teuf4e.default\cookies.txt -> TrackingCookie.Weborama : No action taken.
:mozilla.27:C:\Documents and Settings\Gilles\Application Data\Mozilla\Firefox\Profiles\i9teuf4e.default\cookies.txt -> TrackingCookie.Weborama : No action taken.
:mozilla.10:C:\Documents and Settings\Gilles\Application Data\Mozilla\Firefox\Profiles\i9teuf4e.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.11:C:\Documents and Settings\Gilles\Application Data\Mozilla\Firefox\Profiles\i9teuf4e.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.18:C:\Documents and Settings\Gilles\Application Data\Mozilla\Firefox\Profiles\i9teuf4e.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.19:C:\Documents and Settings\Gilles\Application Data\Mozilla\Firefox\Profiles\i9teuf4e.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
C:\Documents and Settings\Gilles\Local Settings\Temp\RTTemp1.exe -> Trojan.Delf.uo : No action taken.
::Report end
bitdefender :
<HTML>
<HEAD>
<TITLE>BitDefender Online Scanner -Scan Report</TITLE>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1">
<meta name="generator" content="Namo WebEditor v5.0(Trial)">
</HEAD>
<BODY BGCOLOR=#FFFFFF leftmargin="10" marginwidth="0" topmargin="20" marginheight="0" >
<table align="center" border="0" cellpadding="0" cellspacing="0" width="90%">
<tr>
<td width="458">
<p><font face="Arial" color=red><span style="font-size:14pt;"><b>BitDefender
Online Scanner</b></span></font></p>
</td>
<td width="40%">
<p> </p>
</td>
<td width="10%">
<p> </p>
</td>
</tr>
<tr>
<td colspan="3" width="912">
<p><font face="Arial"><span style="font-size:11pt;"><B>Scan report generated
at: Thu, Jun 22, 2006 - 12:33:38</b></span></font></p>
</td>
</tr>
<tr>
<td width="458">
<p><font face="Arial"><span style="font-size:11pt;"><B> </b></span></font></p>
</td>
<td width="40%">
<p> </p>
</td>
<td width="10%">
<p> </p>
</td>
</tr>
<tr>
<td width="458">
<p><font face="Arial"><span style="font-size:11pt;"><B>Scan
path: </b></span><span style="font-size:10pt;">A:\;B:\;C:\;D:\;E:\;F:\;G:\;H:\;I:\;</span></font></p>
</td>
<td width="40%">
<p> </p>
</td>
<td width="10%">
<p> </p>
</td>
</tr>
<tr>
<td width="458">
<p><font face="Arial"><span style="font-size:11pt;"><B> </b></span></font></p>
</td>
<td width="40%">
<p> </p>
</td>
<td width="10%">
<p> </p>
</td>
</tr>
<tr>
<td width="458">
<table border="1" cellspacing="0" bordercolordark="white" bordercolorlight="black" width="100%">
<tr>
<td width="451" colspan="2" bgcolor="#CCCCCC">
<p><font face="Arial" size="2"><B>Statistics</b></font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Time</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">01:19:55</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Files</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">615952</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Folders</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">4082</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Boot Sectors</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">6</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Archives</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">20027</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Packed Files</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">52549</font></p>
</td>
</tr>
</table>
</td>
<td width="40%">
<p> </p>
</td>
<td width="10%">
<p> </p>
</td>
</tr>
<tr>
<td width="458">
<table border="1" cellspacing="0" bordercolordark="white" bordercolorlight="black" width="100%">
<tr>
<td width="451" colspan="2" bgcolor="#CCCCCC">
<p><font face="Arial" size="2"><B>Results</b></font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Identified Viruses </font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">4</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Infected Files </font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">4</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Suspect Files </font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">6</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Warnings</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">0</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Disinfected</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">0</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Deleted Files</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">10</font></p>
</td>
</tr>
</table>
</td>
<td width="40%">
<p> </p>
</td>
<td width="10%">
<p> </p>
</td>
</tr>
<tr>
<td width="458">
<table border="1" cellspacing="0" bordercolordark="white" bordercolorlight="black" width="100%">
<tr>
<td width="451" colspan="2" bgcolor="#CCCCCC">
<p><font face="Arial" size="2"><B>Engines Info</b></font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Virus Definitions</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">389012</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Engine build</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">AVCORE v1.0 (build 2310) (i386) (Apr 17 2006 16:24:38)</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Scan plugins</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">13</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Archive plugins</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">39</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Unpack plugins</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">5</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">E-mail plugins</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">6</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">System plugins</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">1</font></p>
</td>
</tr>
</table>
</td>
<td width="40%">
<p> </p>
</td>
<td width="10%">
<p> </p>
</td>
</tr>
<tr>
<td width="458">
<table border="1" cellspacing="0" bordercolordark="white" bordercolorlight="black" width="100%">
<tr>
<td width="451" colspan="2" bgcolor="#CCCCCC">
<p><font face="Arial" size="2"><B>Scan Settings</b></font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">First Action</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">Disinfect</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Second Action</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">Delete</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Heuristics</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">Yes</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Enable Warnings</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">Yes</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Scanned Extensions</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">*;</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Exclude Extensions</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2"> </font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Scan Emails</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">Yes</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Scan Archives</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">Yes</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Scan Packed</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">Yes</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Scan Files</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">Yes</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Scan Boot</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">Yes</font></p>
</td>
</tr>
</table>
</td>
<td width="40%">
<p> </p>
</td>
<td width="10%">
<p> </p>
</td>
</tr>
<tr>
<td colspan=2>
<table border="1" cellspacing="0" bordercolordark="white" bordercolorlight="black" width="100%">
<tr>
<td width="252" bgcolor="#CCCCCC">
<p><font face="Arial" size="2"><B>Scanned File</b></font></p>
</td>
<td width="195" bgcolor="#CCCCCC" align="right">
<p align="left"><b><font size="2" face="Arial"> Status</font></b></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">C:\WINDOWS\system32\mrexe.exe</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Infected with: Trojan.Downloader.Adload.BK</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\WINDOWS\system32\mrexe.exe</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Disinfection failed</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\WINDOWS\system32\mrexe.exe</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Deleted</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\WINDOWS\system32\msconfigures.exe</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Infected with: Backdoor.RBot.88922F6C</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\WINDOWS\system32\msconfigures.exe</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Deleted</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">D:\Mail\Mail\Local Folders\Inbox.sbd\Wanadoo=>(message 41)=>[Subject: ][Date: Wed, 21 Sep 2005 08:27:42 +0800]=>(MIME part)=>new_price.zip=>06.exe</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Infected with: Win32.Bagle.JL@mm</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">D:\Mail\Mail\Local Folders\Inbox.sbd\Wanadoo=>(message 41)=>[Subject: ][Date: Wed, 21 Sep 2005 08:27:42 +0800]=>(MIME part)=>new_price.zip=>06.exe</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Disinfection failed</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">D:\Mail\Mail\Local Folders\Inbox.sbd\Wanadoo=>(message 41)=>[Subject: ][Date: Wed, 21 Sep 2005 08:27:42 +0800]=>(MIME part)=>new_price.zip=>06.exe</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Deleted</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">D:\Mail\Mail\Local Folders\Inbox.sbd\Wanadoo=>(message 41)=>[Subject: ][Date: Wed, 21 Sep 2005 08:27:42 +0800]=>(MIME part)=>new_price.zip</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Updated</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">D:\Mail\Mail\Local Folders\Inbox.sbd\Wanadoo=>(message 41)=>[Subject: ][Date: Wed, 21 Sep 2005 08:27:42 +0800]=>(MIME part)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Updated</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">D:\Mail\Mail\Local Folders\Inbox.sbd\Wanadoo=>(message 41)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Updated</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">D:\Mail\Mail\Local Folders\Inbox.sbd\Wanadoo</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Updated</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">D:\Mail\Mail\Local Folders\Inbox.sbd\Wanadoo=>(message 115)=>[Subject: ][Date: Tue, 01 Nov 2005 14:33:59 -0800]=>(MIME part)=>text_sms.zip=>text.exe</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Infected with: Trojan.Glieder.I</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">D:\Mail\Mail\Local Folders\Inbox.sbd\Wanadoo=>(message 115)=>[Subject: ][Date: Tue, 01 Nov 2005 14:33:59 -0800]=>(MIME part)=>text_sms.zip=>text.exe</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Disinfection failed</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">D:\Mail\Mail\Local Folders\Inbox.sbd\Wanadoo=>(message 115)=>[Subject: ][Date: Tue, 01 Nov 2005 14:33:59 -0800]=>(MIME part)=>text_sms.zip=>text.exe</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Deleted</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">D:\Mail\Mail\Local Folders\Inbox.sbd\Wanadoo=>(message 115)=>[Subject: ][Date: Tue, 01 Nov 2005 14:33:59 -0800]=>(MIME part)=>text_sms.zip</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Updated</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">D:\Mail\Mail\Local Folders\Inbox.sbd\Wanadoo=>(message 115)=>[Subject: ][Date: Tue, 01 Nov 2005 14:33:59 -0800]=>(MIME part)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Updated</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">D:\Mail\Mail\Local Folders\Inbox.sbd\Wanadoo=>(message 115)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Updated</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">D:\Mail\Mail\Local Folders\Inbox.sbd\Wanadoo</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Updated</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">D:\Mail\Mail\Local Folders\Inbox.sbd\yahoo=>(message 567)=>[Subject: [avast! - INFECTED] Mail Delivery (f][Date: Fri, 2 Jun 2006 19:03:57 -0300]=>(MIME part)=>(MIME part)=>(message body)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Suspected of: Exploit.Iframe.Vulnerability</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">D:\Mail\Mail\Local Folders\Inbox.sbd\yahoo=>(message 567)=>[Subject: [avast! - INFECTED] Mail Delivery (f][Date: Fri, 2 Jun 2006 19:03:57 -0300]=>(MIME part)=>(MIME part)=>(message body)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Disinfection failed</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">D:\Mail\Mail\Local Folders\Inbox.sbd\yahoo=>(message 567)=>[Subject: [avast! - INFECTED] Mail Delivery (f][Date: Fri, 2 Jun 2006 19:03:57 -0300]=>(MIME part)=>(MIME part)=>(message body)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Deleted</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">D:\Mail\Mail\Local Folders\Inbox.sbd\yahoo=>(message 567)=>[Subject: [avast! - INFECTED] Mail Delivery (f][Date: Fri, 2 Jun 2006 19:03:57 -0300]=>(MIME part)=>(MIME part)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Updated</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">D:\Mail\Mail\Local Folders\Inbox.sbd\yahoo=>(message 567)=>[Subject: [avast! - INFECTED] Mail Delivery (f][Date: Fri, 2 Jun 2006 19:03:57 -0300]=>(MIME part)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Updated</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">D:\Mail\Mail\Local Folders\Inbox.sbd\yahoo=>(message 567)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Updated</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">D:\Mail\Mail\Local Folders\Inbox.sbd\yahoo</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Updated</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">D:\Mail\Mail\Local Folders\Inbox.sbd\yahoo=>(message 599)=>[Subject: [avast! - INFECTED] Mail Delivery (f][Date: Wed, 7 Jun 2006 20:55:43 -0300]=>(MIME part)=>(MIME part)=>(message body)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Suspected of: Exploit.Iframe.Vulnerability</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">D:\Mail\Mail\Local Folders\Inbox.sbd\yahoo=>(message 599)=>[Subject: [avast! - INFECTED] Mail Delivery (f][Date: Wed, 7 Jun 2006 20:55:43 -0300]=>(MIME part)=>(MIME part)=>(message body)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Disinfection failed</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">D:\Mail\Mail\Local Folders\Inbox.sbd\yahoo=>(message 599)=>[Subject: [avast! - INFECTED] Mail Delivery (f][Date: Wed, 7 Jun 2006 20:55:43 -0300]=>(MIME part)=>(MIME part)=>(message body)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Deleted</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">D:\Mail\Mail\Local Folders\Inbox.sbd\yahoo=>(message 599)=>[Subject: [avast! - INFECTED] Mail Delivery (f][Date: Wed, 7 Jun 2006 20:55:43 -0300]=>(MIME part)=>(MIME part)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Updated</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">D:\Mail\Mail\Local Folders\Inbox.sbd\yahoo=>(message 599)=>[Subject: [avast! - INFECTED] Mail Delivery (f][Date: Wed, 7 Jun 2006 20:55:43 -0300]=>(MIME part)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Updated</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">D:\Mail\Mail\Local Folders\Inbox.sbd\yahoo=>(message 599)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Updated</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">D:\Mail\Mail\Local Folders\Inbox.sbd\yahoo</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Updated</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">D:\Mail\Mail\Local Folders\Junk=>(message 1293)=>[Subject: [avast! - INFECTED] Mail Delivery (f][Date: Fri, 2 Jun 2006 19:03:57 -0300]=>(MIME part)=>(MIME part)=>(message body)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Suspected of: Exploit.Iframe.Vulnerability</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">D:\Mail\Mail\Local Folders\Junk=>(message 1293)=>[Subject: [avast! - INFECTED] Mail Delivery (f][Date: Fri, 2 Jun 2006 19:03:57 -0300]=>(MIME part)=>(MIME part)=>(message body)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Disinfection failed</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">D:\Mail\Mail\Local Folders\Junk=>(message 1293)=>[Subject: [avast! - INFECTED] Mail Delivery (f][Date: Fri, 2 Jun 2006 19:03:57 -0300]=>(MIME part)=>(MIME part)=>(message body)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Deleted</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">D:\Mail\Mail\Local Folders\Junk=>(message 1293)=>[Subject: [avast! - INFECTED] Mail Delivery (f][Date: Fri, 2 Jun 2006 19:03:57 -0300]=>(MIME part)=>(MIME part)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Updated</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">D:\Mail\Mail\Local Folders\Junk=>(message 1293)=>[Subject: [avast! - INFECTED] Mail Delivery (f][Date: Fri, 2 Jun 2006 19:03:57 -0300]=>(MIME part)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Updated</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">D:\Mail\Mail\Local Folders\Junk=>(message 1293)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Updated</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">D:\Mail\Mail\Local Folders\Junk</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Updated</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">D:\Mail\Mail\Local Folders\Junk=>(message 1359)=>[Subject: [avast! - INFECTED] Mail Delivery (f][Date: Wed, 7 Jun 2006 20:55:43 -0300]=>(MIME part)=>(MIME part)=>(message body)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Suspected of: Exploit.Iframe.Vulnerability</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">D:\Mail\Mail\Local Folders\Junk=>(message 1359)=>[Subject: [avast! - INFECTED] Mail Delivery (f][Date: Wed, 7 Jun 2006 20:55:43 -0300]=>(MIME part)=>(MIME part)=>(message body)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Disinfection failed</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">D:\Mail\Mail\Local Folders\Junk=>(message 1359)=>[Subject: [avast! - INFECTED] Mail Delivery (f][Date: Wed, 7 Jun 2006 20:55:43 -0300]=>(MIME part)=>(MIME part)=>(message body)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Deleted</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">D:\Mail\Mail\Local Folders\Junk=>(message 1359)=>[Subject: [avast! - INFECTED] Mail Delivery (f][Date: Wed, 7 Jun 2006 20:55:43 -0300]=>(MIME part)=>(MIME part)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Updated</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">D:\Mail\Mail\Local Folders\Junk=>(message 1359)=>[Subject: [avast! - INFECTED] Mail Delivery (f][Date: Wed, 7 Jun 2006 20:55:43 -0300]=>(MIME part)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Updated</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">D:\Mail\Mail\Local Folders\Junk=>(message 1359)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Updated</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">D:\Mail\Mail\Local Folders\Junk</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Updated</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">D:\Mail\Mail\Local Folders\Trash=>(message 297)=>[Subject: [avast! - INFECTED] Mail Delivery (f][Date: Fri, 2 Jun 2006 19:03:57 -0300]=>(MIME part)=>(MIME part)=>(message body)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Suspected of: Exploit.Iframe.Vulnerability</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">D:\Mail\Mail\Local Folders\Trash=>(message 297)=>[Subject: [avast! - INFECTED] Mail Delivery (f][Date: Fri, 2 Jun 2006 19:03:57 -0300]=>(MIME part)=>(MIME part)=>(message body)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Disinfection failed</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">D:\Mail\Mail\Local Folders\Trash=>(message 297)=>[Subject: [avast! - INFECTED] Mail Delivery (f][Date: Fri, 2 Jun 2006 19:03:57 -0300]=>(MIME part)=>(MIME part)=>(message body)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Deleted</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">D:\Mail\Mail\Local Folders\Trash=>(message 297)=>[Subject: [avast! - INFECTED] Mail Delivery (f][Date: Fri, 2 Jun 2006 19:03:57 -0300]=>(MIME part)=>(MIME part)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Updated</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">D:\Mail\Mail\Local Folders\Trash=>(message 297)=>[Subject: [avast! - INFECTED] Mail Delivery (f][Date: Fri, 2 Jun 2006 19:03:57 -0300]=>(MIME part)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial&
ewido :
---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------
+ Created at: 10:05:33 22/06/2006
+ Scan result:
C:\WINDOWS\system32\wchshield.exe -> Backdoor.Cloner : No action taken.
C:\WINDOWS\system32\msconfigures.exe -> Backdoor.Rbot.bbw : No action taken.
[1124] C:\WINDOWS\System32\msconfigures.exe -> Backdoor.SdBot.yx : No action taken.
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\1R4JKSDT\drsmartload278a[1].exe -> Downloader.Adload.bo : No action taken.
C:\WINDOWS\system32\mrexe.exe -> Downloader.Adload.bo : No action taken.
D:\Divers\pierre\PDF\ScanSoft PDF Converter.v1.crack .zip/PDFConverter_kg/shkpc10.exe -> Downloader.Delf.amo : No action taken.
D:\Divers\pierre\MsgPlus-301.exe/sponsor.exe -> Downloader.Swizzor.ag : No action taken.
:mozilla.30:C:\Documents and Settings\Gilles\Application Data\Mozilla\Firefox\Profiles\i9teuf4e.default\cookies.txt -> TrackingCookie.247realmedia : No action taken.
:mozilla.32:C:\Documents and Settings\Gilles\Application Data\Mozilla\Firefox\Profiles\i9teuf4e.default\cookies.txt -> TrackingCookie.247realmedia : No action taken.
:mozilla.33:C:\Documents and Settings\Gilles\Application Data\Mozilla\Firefox\Profiles\i9teuf4e.default\cookies.txt -> TrackingCookie.247realmedia : No action taken.
:mozilla.34:C:\Documents and Settings\Gilles\Application Data\Mozilla\Firefox\Profiles\i9teuf4e.default\cookies.txt -> TrackingCookie.247realmedia : No action taken.
:mozilla.9:C:\Documents and Settings\Gilles\Application Data\Mozilla\Firefox\Profiles\i9teuf4e.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.29:C:\Documents and Settings\Gilles\Application Data\Mozilla\Firefox\Profiles\i9teuf4e.default\cookies.txt -> TrackingCookie.Bluestreak : No action taken.
:mozilla.21:C:\Documents and Settings\Gilles\Application Data\Mozilla\Firefox\Profiles\i9teuf4e.default\cookies.txt -> TrackingCookie.Doubleclick : No action taken.
:mozilla.22:C:\Documents and Settings\Gilles\Application Data\Mozilla\Firefox\Profiles\i9teuf4e.default\cookies.txt -> TrackingCookie.Smartadserver : No action taken.
:mozilla.24:C:\Documents and Settings\Gilles\Application Data\Mozilla\Firefox\Profiles\i9teuf4e.default\cookies.txt -> TrackingCookie.Smartadserver : No action taken.
:mozilla.25:C:\Documents and Settings\Gilles\Application Data\Mozilla\Firefox\Profiles\i9teuf4e.default\cookies.txt -> TrackingCookie.Smartadserver : No action taken.
:mozilla.26:C:\Documents and Settings\Gilles\Application Data\Mozilla\Firefox\Profiles\i9teuf4e.default\cookies.txt -> TrackingCookie.Weborama : No action taken.
:mozilla.27:C:\Documents and Settings\Gilles\Application Data\Mozilla\Firefox\Profiles\i9teuf4e.default\cookies.txt -> TrackingCookie.Weborama : No action taken.
:mozilla.10:C:\Documents and Settings\Gilles\Application Data\Mozilla\Firefox\Profiles\i9teuf4e.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.11:C:\Documents and Settings\Gilles\Application Data\Mozilla\Firefox\Profiles\i9teuf4e.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.18:C:\Documents and Settings\Gilles\Application Data\Mozilla\Firefox\Profiles\i9teuf4e.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.19:C:\Documents and Settings\Gilles\Application Data\Mozilla\Firefox\Profiles\i9teuf4e.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
C:\Documents and Settings\Gilles\Local Settings\Temp\RTTemp1.exe -> Trojan.Delf.uo : No action taken.
::Report end
bitdefender :
--Voici les trois rapport :
ewido :
---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------
+ Created at: 10:05:33 22/06/2006
+ Scan result:
C:\WINDOWS\system32\wchshield.exe -> Backdoor.Cloner : No action taken.
C:\WINDOWS\system32\msconfigures.exe -> Backdoor.Rbot.bbw : No action taken.
[1124] C:\WINDOWS\System32\msconfigures.exe -> Backdoor.SdBot.yx : No action taken.
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\1R4JKSDT\drsmartload278a[1].exe -> Downloader.Adload.bo : No action taken.
C:\WINDOWS\system32\mrexe.exe -> Downloader.Adload.bo : No action taken.
D:\Divers\pierre\PDF\ScanSoft PDF Converter.v1.crack .zip/PDFConverter_kg/shkpc10.exe -> Downloader.Delf.amo : No action taken.
D:\Divers\pierre\MsgPlus-301.exe/sponsor.exe -> Downloader.Swizzor.ag : No action taken.
:mozilla.30:C:\Documents and Settings\Gilles\Application Data\Mozilla\Firefox\Profiles\i9teuf4e.default\cookies.txt -> TrackingCookie.247realmedia : No action taken.
:mozilla.32:C:\Documents and Settings\Gilles\Application Data\Mozilla\Firefox\Profiles\i9teuf4e.default\cookies.txt -> TrackingCookie.247realmedia : No action taken.
:mozilla.33:C:\Documents and Settings\Gilles\Application Data\Mozilla\Firefox\Profiles\i9teuf4e.default\cookies.txt -> TrackingCookie.247realmedia : No action taken.
:mozilla.34:C:\Documents and Settings\Gilles\Application Data\Mozilla\Firefox\Profiles\i9teuf4e.default\cookies.txt -> TrackingCookie.247realmedia : No action taken.
:mozilla.9:C:\Documents and Settings\Gilles\Application Data\Mozilla\Firefox\Profiles\i9teuf4e.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.29:C:\Documents and Settings\Gilles\Application Data\Mozilla\Firefox\Profiles\i9teuf4e.default\cookies.txt -> TrackingCookie.Bluestreak : No action taken.
:mozilla.21:C:\Documents and Settings\Gilles\Application Data\Mozilla\Firefox\Profiles\i9teuf4e.default\cookies.txt -> TrackingCookie.Doubleclick : No action taken.
:mozilla.22:C:\Documents and Settings\Gilles\Application Data\Mozilla\Firefox\Profiles\i9teuf4e.default\cookies.txt -> TrackingCookie.Smartadserver : No action taken.
:mozilla.24:C:\Documents and Settings\Gilles\Application Data\Mozilla\Firefox\Profiles\i9teuf4e.default\cookies.txt -> TrackingCookie.Smartadserver : No action taken.
:mozilla.25:C:\Documents and Settings\Gilles\Application Data\Mozilla\Firefox\Profiles\i9teuf4e.default\cookies.txt -> TrackingCookie.Smartadserver : No action taken.
:mozilla.26:C:\Documents and Settings\Gilles\Application Data\Mozilla\Firefox\Profiles\i9teuf4e.default\cookies.txt -> TrackingCookie.Weborama : No action taken.
:mozilla.27:C:\Documents and Settings\Gilles\Application Data\Mozilla\Firefox\Profiles\i9teuf4e.default\cookies.txt -> TrackingCookie.Weborama : No action taken.
:mozilla.10:C:\Documents and Settings\Gilles\Application Data\Mozilla\Firefox\Profiles\i9teuf4e.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.11:C:\Documents and Settings\Gilles\Application Data\Mozilla\Firefox\Profiles\i9teuf4e.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.18:C:\Documents and Settings\Gilles\Application Data\Mozilla\Firefox\Profiles\i9teuf4e.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.19:C:\Documents and Settings\Gilles\Application Data\Mozilla\Firefox\Profiles\i9teuf4e.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
C:\Documents and Settings\Gilles\Local Settings\Temp\RTTemp1.exe -> Trojan.Delf.uo : No action taken.
::Report end
bitdefender :
--Voici les trois rapport :
ewido :
---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------
+ Created at: 10:05:33 22/06/2006
+ Scan result:
C:\WINDOWS\system32\wchshield.exe -> Backdoor.Cloner : No action taken.
C:\WINDOWS\system32\msconfigures.exe -> Backdoor.Rbot.bbw : No action taken.
[1124] C:\WINDOWS\System32\msconfigures.exe -> Backdoor.SdBot.yx : No action taken.
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\1R4JKSDT\drsmartload278a[1].exe -> Downloader.Adload.bo : No action taken.
C:\WINDOWS\system32\mrexe.exe -> Downloader.Adload.bo : No action taken.
D:\Divers\pierre\PDF\ScanSoft PDF Converter.v1.crack .zip/PDFConverter_kg/shkpc10.exe -> Downloader.Delf.amo : No action taken.
D:\Divers\pierre\MsgPlus-301.exe/sponsor.exe -> Downloader.Swizzor.ag : No action taken.
:mozilla.30:C:\Documents and Settings\Gilles\Application Data\Mozilla\Firefox\Profiles\i9teuf4e.default\cookies.txt -> TrackingCookie.247realmedia : No action taken.
:mozilla.32:C:\Documents and Settings\Gilles\Application Data\Mozilla\Firefox\Profiles\i9teuf4e.default\cookies.txt -> TrackingCookie.247realmedia : No action taken.
:mozilla.33:C:\Documents and Settings\Gilles\Application Data\Mozilla\Firefox\Profiles\i9teuf4e.default\cookies.txt -> TrackingCookie.247realmedia : No action taken.
:mozilla.34:C:\Documents and Settings\Gilles\Application Data\Mozilla\Firefox\Profiles\i9teuf4e.default\cookies.txt -> TrackingCookie.247realmedia : No action taken.
:mozilla.9:C:\Documents and Settings\Gilles\Application Data\Mozilla\Firefox\Profiles\i9teuf4e.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.29:C:\Documents and Settings\Gilles\Application Data\Mozilla\Firefox\Profiles\i9teuf4e.default\cookies.txt -> TrackingCookie.Bluestreak : No action taken.
:mozilla.21:C:\Documents and Settings\Gilles\Application Data\Mozilla\Firefox\Profiles\i9teuf4e.default\cookies.txt -> TrackingCookie.Doubleclick : No action taken.
:mozilla.22:C:\Documents and Settings\Gilles\Application Data\Mozilla\Firefox\Profiles\i9teuf4e.default\cookies.txt -> TrackingCookie.Smartadserver : No action taken.
:mozilla.24:C:\Documents and Settings\Gilles\Application Data\Mozilla\Firefox\Profiles\i9teuf4e.default\cookies.txt -> TrackingCookie.Smartadserver : No action taken.
:mozilla.25:C:\Documents and Settings\Gilles\Application Data\Mozilla\Firefox\Profiles\i9teuf4e.default\cookies.txt -> TrackingCookie.Smartadserver : No action taken.
:mozilla.26:C:\Documents and Settings\Gilles\Application Data\Mozilla\Firefox\Profiles\i9teuf4e.default\cookies.txt -> TrackingCookie.Weborama : No action taken.
:mozilla.27:C:\Documents and Settings\Gilles\Application Data\Mozilla\Firefox\Profiles\i9teuf4e.default\cookies.txt -> TrackingCookie.Weborama : No action taken.
:mozilla.10:C:\Documents and Settings\Gilles\Application Data\Mozilla\Firefox\Profiles\i9teuf4e.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.11:C:\Documents and Settings\Gilles\Application Data\Mozilla\Firefox\Profiles\i9teuf4e.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.18:C:\Documents and Settings\Gilles\Application Data\Mozilla\Firefox\Profiles\i9teuf4e.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.19:C:\Documents and Settings\Gilles\Application Data\Mozilla\Firefox\Profiles\i9teuf4e.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
C:\Documents and Settings\Gilles\Local Settings\Temp\RTTemp1.exe -> Trojan.Delf.uo : No action taken.
::Report end
bitdefender :
--Voici les trois rapport :
ewido :
---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------
+ Created at: 10:05:33 22/06/2006
+ Scan result:
C:\WINDOWS\system32\wchshield.exe -> Backdoor.Cloner : No action taken.
C:\WINDOWS\system32\msconfigures.exe -> Backdoor.Rbot.bbw : No action taken.
[1124] C:\WINDOWS\System32\msconfigures.exe -> Backdoor.SdBot.yx : No action taken.
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\1R4JKSDT\drsmartload278a[1].exe -> Downloader.Adload.bo : No action taken.
C:\WINDOWS\system32\mrexe.exe -> Downloader.Adload.bo : No action taken.
D:\Divers\pierre\PDF\ScanSoft PDF Converter.v1.crack .zip/PDFConverter_kg/shkpc10.exe -> Downloader.Delf.amo : No action taken.
D:\Divers\pierre\MsgPlus-301.exe/sponsor.exe -> Downloader.Swizzor.ag : No action taken.
:mozilla.30:C:\Documents and Settings\Gilles\Application Data\Mozilla\Firefox\Profiles\i9teuf4e.default\cookies.txt -> TrackingCookie.247realmedia : No action taken.
:mozilla.32:C:\Documents and Settings\Gilles\Application Data\Mozilla\Firefox\Profiles\i9teuf4e.default\cookies.txt -> TrackingCookie.247realmedia : No action taken.
:mozilla.33:C:\Documents and Settings\Gilles\Application Data\Mozilla\Firefox\Profiles\i9teuf4e.default\cookies.txt -> TrackingCookie.247realmedia : No action taken.
:mozilla.34:C:\Documents and Settings\Gilles\Application Data\Mozilla\Firefox\Profiles\i9teuf4e.default\cookies.txt -> TrackingCookie.247realmedia : No action taken.
:mozilla.9:C:\Documents and Settings\Gilles\Application Data\Mozilla\Firefox\Profiles\i9teuf4e.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.29:C:\Documents and Settings\Gilles\Application Data\Mozilla\Firefox\Profiles\i9teuf4e.default\cookies.txt -> TrackingCookie.Bluestreak : No action taken.
:mozilla.21:C:\Documents and Settings\Gilles\Application Data\Mozilla\Firefox\Profiles\i9teuf4e.default\cookies.txt -> TrackingCookie.Doubleclick : No action taken.
:mozilla.22:C:\Documents and Settings\Gilles\Application Data\Mozilla\Firefox\Profiles\i9teuf4e.default\cookies.txt -> TrackingCookie.Smartadserver : No action taken.
:mozilla.24:C:\Documents and Settings\Gilles\Application Data\Mozilla\Firefox\Profiles\i9teuf4e.default\cookies.txt -> TrackingCookie.Smartadserver : No action taken.
:mozilla.25:C:\Documents and Settings\Gilles\Application Data\Mozilla\Firefox\Profiles\i9teuf4e.default\cookies.txt -> TrackingCookie.Smartadserver : No action taken.
:mozilla.26:C:\Documents and Settings\Gilles\Application Data\Mozilla\Firefox\Profiles\i9teuf4e.default\cookies.txt -> TrackingCookie.Weborama : No action taken.
:mozilla.27:C:\Documents and Settings\Gilles\Application Data\Mozilla\Firefox\Profiles\i9teuf4e.default\cookies.txt -> TrackingCookie.Weborama : No action taken.
:mozilla.10:C:\Documents and Settings\Gilles\Application Data\Mozilla\Firefox\Profiles\i9teuf4e.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.11:C:\Documents and Settings\Gilles\Application Data\Mozilla\Firefox\Profiles\i9teuf4e.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.18:C:\Documents and Settings\Gilles\Application Data\Mozilla\Firefox\Profiles\i9teuf4e.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.19:C:\Documents and Settings\Gilles\Application Data\Mozilla\Firefox\Profiles\i9teuf4e.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
C:\Documents and Settings\Gilles\Local Settings\Temp\RTTemp1.exe -> Trojan.Delf.uo : No action taken.
::Report end
bitdefender :
<HTML>
<HEAD>
<TITLE>BitDefender Online Scanner -Scan Report</TITLE>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1">
<meta name="generator" content="Namo WebEditor v5.0(Trial)">
</HEAD>
<BODY BGCOLOR=#FFFFFF leftmargin="10" marginwidth="0" topmargin="20" marginheight="0" >
<table align="center" border="0" cellpadding="0" cellspacing="0" width="90%">
<tr>
<td width="458">
<p><font face="Arial" color=red><span style="font-size:14pt;"><b>BitDefender
Online Scanner</b></span></font></p>
</td>
<td width="40%">
<p> </p>
</td>
<td width="10%">
<p> </p>
</td>
</tr>
<tr>
<td colspan="3" width="912">
<p><font face="Arial"><span style="font-size:11pt;"><B>Scan report generated
at: Thu, Jun 22, 2006 - 12:33:38</b></span></font></p>
</td>
</tr>
<tr>
<td width="458">
<p><font face="Arial"><span style="font-size:11pt;"><B> </b></span></font></p>
</td>
<td width="40%">
<p> </p>
</td>
<td width="10%">
<p> </p>
</td>
</tr>
<tr>
<td width="458">
<p><font face="Arial"><span style="font-size:11pt;"><B>Scan
path: </b></span><span style="font-size:10pt;">A:\;B:\;C:\;D:\;E:\;F:\;G:\;H:\;I:\;</span></font></p>
</td>
<td width="40%">
<p> </p>
</td>
<td width="10%">
<p> </p>
</td>
</tr>
<tr>
<td width="458">
<p><font face="Arial"><span style="font-size:11pt;"><B> </b></span></font></p>
</td>
<td width="40%">
<p> </p>
</td>
<td width="10%">
<p> </p>
</td>
</tr>
<tr>
<td width="458">
<table border="1" cellspacing="0" bordercolordark="white" bordercolorlight="black" width="100%">
<tr>
<td width="451" colspan="2" bgcolor="#CCCCCC">
<p><font face="Arial" size="2"><B>Statistics</b></font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Time</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">01:19:55</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Files</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">615952</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Folders</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">4082</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Boot Sectors</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">6</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Archives</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">20027</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Packed Files</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">52549</font></p>
</td>
</tr>
</table>
</td>
<td width="40%">
<p> </p>
</td>
<td width="10%">
<p> </p>
</td>
</tr>
<tr>
<td width="458">
<table border="1" cellspacing="0" bordercolordark="white" bordercolorlight="black" width="100%">
<tr>
<td width="451" colspan="2" bgcolor="#CCCCCC">
<p><font face="Arial" size="2"><B>Results</b></font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Identified Viruses </font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">4</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Infected Files </font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">4</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Suspect Files </font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">6</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Warnings</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">0</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Disinfected</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">0</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Deleted Files</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">10</font></p>
</td>
</tr>
</table>
</td>
<td width="40%">
<p> </p>
</td>
<td width="10%">
<p> </p>
</td>
</tr>
<tr>
<td width="458">
<table border="1" cellspacing="0" bordercolordark="white" bordercolorlight="black" width="100%">
<tr>
<td width="451" colspan="2" bgcolor="#CCCCCC">
<p><font face="Arial" size="2"><B>Engines Info</b></font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Virus Definitions</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">389012</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Engine build</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">AVCORE v1.0 (build 2310) (i386) (Apr 17 2006 16:24:38)</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Scan plugins</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">13</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Archive plugins</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">39</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Unpack plugins</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">5</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">E-mail plugins</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">6</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">System plugins</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">1</font></p>
</td>
</tr>
</table>
</td>
<td width="40%">
<p> </p>
</td>
<td width="10%">
<p> </p>
</td>
</tr>
<tr>
<td width="458">
<table border="1" cellspacing="0" bordercolordark="white" bordercolorlight="black" width="100%">
<tr>
<td width="451" colspan="2" bgcolor="#CCCCCC">
<p><font face="Arial" size="2"><B>Scan Settings</b></font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">First Action</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">Disinfect</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Second Action</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">Delete</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Heuristics</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">Yes</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Enable Warnings</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">Yes</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Scanned Extensions</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">*;</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Exclude Extensions</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2"> </font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Scan Emails</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">Yes</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Scan Archives</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">Yes</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Scan Packed</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">Yes</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Scan Files</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">Yes</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Scan Boot</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">Yes</font></p>
</td>
</tr>
</table>
</td>
<td width="40%">
<p> </p>
</td>
<td width="10%">
<p> </p>
</td>
</tr>
<tr>
<td colspan=2>
<table border="1" cellspacing="0" bordercolordark="white" bordercolorlight="black" width="100%">
<tr>
<td width="252" bgcolor="#CCCCCC">
<p><font face="Arial" size="2"><B>Scanned File</b></font></p>
</td>
<td width="195" bgcolor="#CCCCCC" align="right">
<p align="left"><b><font size="2" face="Arial"> Status</font></b></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">C:\WINDOWS\system32\mrexe.exe</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Infected with: Trojan.Downloader.Adload.BK</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\WINDOWS\system32\mrexe.exe</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Disinfection failed</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\WINDOWS\system32\mrexe.exe</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Deleted</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\WINDOWS\system32\msconfigures.exe</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Infected with: Backdoor.RBot.88922F6C</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\WINDOWS\system32\msconfigures.exe</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Deleted</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">D:\Mail\Mail\Local Folders\Inbox.sbd\Wanadoo=>(message 41)=>[Subject: ][Date: Wed, 21 Sep 2005 08:27:42 +0800]=>(MIME part)=>new_price.zip=>06.exe</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Infected with: Win32.Bagle.JL@mm</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">D:\Mail\Mail\Local Folders\Inbox.sbd\Wanadoo=>(message 41)=>[Subject: ][Date: Wed, 21 Sep 2005 08:27:42 +0800]=>(MIME part)=>new_price.zip=>06.exe</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Disinfection failed</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">D:\Mail\Mail\Local Folders\Inbox.sbd\Wanadoo=>(message 41)=>[Subject: ][Date: Wed, 21 Sep 2005 08:27:42 +0800]=>(MIME part)=>new_price.zip=>06.exe</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Deleted</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">D:\Mail\Mail\Local Folders\Inbox.sbd\Wanadoo=>(message 41)=>[Subject: ][Date: Wed, 21 Sep 2005 08:27:42 +0800]=>(MIME part)=>new_price.zip</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Updated</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">D:\Mail\Mail\Local Folders\Inbox.sbd\Wanadoo=>(message 41)=>[Subject: ][Date: Wed, 21 Sep 2005 08:27:42 +0800]=>(MIME part)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Updated</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">D:\Mail\Mail\Local Folders\Inbox.sbd\Wanadoo=>(message 41)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Updated</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">D:\Mail\Mail\Local Folders\Inbox.sbd\Wanadoo</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Updated</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">D:\Mail\Mail\Local Folders\Inbox.sbd\Wanadoo=>(message 115)=>[Subject: ][Date: Tue, 01 Nov 2005 14:33:59 -0800]=>(MIME part)=>text_sms.zip=>text.exe</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Infected with: Trojan.Glieder.I</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">D:\Mail\Mail\Local Folders\Inbox.sbd\Wanadoo=>(message 115)=>[Subject: ][Date: Tue, 01 Nov 2005 14:33:59 -0800]=>(MIME part)=>text_sms.zip=>text.exe</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Disinfection failed</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">D:\Mail\Mail\Local Folders\Inbox.sbd\Wanadoo=>(message 115)=>[Subject: ][Date: Tue, 01 Nov 2005 14:33:59 -0800]=>(MIME part)=>text_sms.zip=>text.exe</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Deleted</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">D:\Mail\Mail\Local Folders\Inbox.sbd\Wanadoo=>(message 115)=>[Subject: ][Date: Tue, 01 Nov 2005 14:33:59 -0800]=>(MIME part)=>text_sms.zip</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Updated</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">D:\Mail\Mail\Local Folders\Inbox.sbd\Wanadoo=>(message 115)=>[Subject: ][Date: Tue, 01 Nov 2005 14:33:59 -0800]=>(MIME part)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Updated</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">D:\Mail\Mail\Local Folders\Inbox.sbd\Wanadoo=>(message 115)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Updated</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">D:\Mail\Mail\Local Folders\Inbox.sbd\Wanadoo</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Updated</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">D:\Mail\Mail\Local Folders\Inbox.sbd\yahoo=>(message 567)=>[Subject: [avast! - INFECTED] Mail Delivery (f][Date: Fri, 2 Jun 2006 19:03:57 -0300]=>(MIME part)=>(MIME part)=>(message body)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Suspected of: Exploit.Iframe.Vulnerability</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">D:\Mail\Mail\Local Folders\Inbox.sbd\yahoo=>(message 567)=>[Subject: [avast! - INFECTED] Mail Delivery (f][Date: Fri, 2 Jun 2006 19:03:57 -0300]=>(MIME part)=>(MIME part)=>(message body)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Disinfection failed</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">D:\Mail\Mail\Local Folders\Inbox.sbd\yahoo=>(message 567)=>[Subject: [avast! - INFECTED] Mail Delivery (f][Date: Fri, 2 Jun 2006 19:03:57 -0300]=>(MIME part)=>(MIME part)=>(message body)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Deleted</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">D:\Mail\Mail\Local Folders\Inbox.sbd\yahoo=>(message 567)=>[Subject: [avast! - INFECTED] Mail Delivery (f][Date: Fri, 2 Jun 2006 19:03:57 -0300]=>(MIME part)=>(MIME part)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Updated</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">D:\Mail\Mail\Local Folders\Inbox.sbd\yahoo=>(message 567)=>[Subject: [avast! - INFECTED] Mail Delivery (f][Date: Fri, 2 Jun 2006 19:03:57 -0300]=>(MIME part)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Updated</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">D:\Mail\Mail\Local Folders\Inbox.sbd\yahoo=>(message 567)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Updated</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">D:\Mail\Mail\Local Folders\Inbox.sbd\yahoo</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Updated</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">D:\Mail\Mail\Local Folders\Inbox.sbd\yahoo=>(message 599)=>[Subject: [avast! - INFECTED] Mail Delivery (f][Date: Wed, 7 Jun 2006 20:55:43 -0300]=>(MIME part)=>(MIME part)=>(message body)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Suspected of: Exploit.Iframe.Vulnerability</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">D:\Mail\Mail\Local Folders\Inbox.sbd\yahoo=>(message 599)=>[Subject: [avast! - INFECTED] Mail Delivery (f][Date: Wed, 7 Jun 2006 20:55:43 -0300]=>(MIME part)=>(MIME part)=>(message body)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Disinfection failed</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">D:\Mail\Mail\Local Folders\Inbox.sbd\yahoo=>(message 599)=>[Subject: [avast! - INFECTED] Mail Delivery (f][Date: Wed, 7 Jun 2006 20:55:43 -0300]=>(MIME part)=>(MIME part)=>(message body)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Deleted</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">D:\Mail\Mail\Local Folders\Inbox.sbd\yahoo=>(message 599)=>[Subject: [avast! - INFECTED] Mail Delivery (f][Date: Wed, 7 Jun 2006 20:55:43 -0300]=>(MIME part)=>(MIME part)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Updated</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">D:\Mail\Mail\Local Folders\Inbox.sbd\yahoo=>(message 599)=>[Subject: [avast! - INFECTED] Mail Delivery (f][Date: Wed, 7 Jun 2006 20:55:43 -0300]=>(MIME part)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Updated</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">D:\Mail\Mail\Local Folders\Inbox.sbd\yahoo=>(message 599)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Updated</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">D:\Mail\Mail\Local Folders\Inbox.sbd\yahoo</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Updated</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">D:\Mail\Mail\Local Folders\Junk=>(message 1293)=>[Subject: [avast! - INFECTED] Mail Delivery (f][Date: Fri, 2 Jun 2006 19:03:57 -0300]=>(MIME part)=>(MIME part)=>(message body)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Suspected of: Exploit.Iframe.Vulnerability</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">D:\Mail\Mail\Local Folders\Junk=>(message 1293)=>[Subject: [avast! - INFECTED] Mail Delivery (f][Date: Fri, 2 Jun 2006 19:03:57 -0300]=>(MIME part)=>(MIME part)=>(message body)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Disinfection failed</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">D:\Mail\Mail\Local Folders\Junk=>(message 1293)=>[Subject: [avast! - INFECTED] Mail Delivery (f][Date: Fri, 2 Jun 2006 19:03:57 -0300]=>(MIME part)=>(MIME part)=>(message body)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Deleted</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">D:\Mail\Mail\Local Folders\Junk=>(message 1293)=>[Subject: [avast! - INFECTED] Mail Delivery (f][Date: Fri, 2 Jun 2006 19:03:57 -0300]=>(MIME part)=>(MIME part)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Updated</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">D:\Mail\Mail\Local Folders\Junk=>(message 1293)=>[Subject: [avast! - INFECTED] Mail Delivery (f][Date: Fri, 2 Jun 2006 19:03:57 -0300]=>(MIME part)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Updated</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">D:\Mail\Mail\Local Folders\Junk=>(message 1293)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Updated</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">D:\Mail\Mail\Local Folders\Junk</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Updated</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">D:\Mail\Mail\Local Folders\Junk=>(message 1359)=>[Subject: [avast! - INFECTED] Mail Delivery (f][Date: Wed, 7 Jun 2006 20:55:43 -0300]=>(MIME part)=>(MIME part)=>(message body)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Suspected of: Exploit.Iframe.Vulnerability</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">D:\Mail\Mail\Local Folders\Junk=>(message 1359)=>[Subject: [avast! - INFECTED] Mail Delivery (f][Date: Wed, 7 Jun 2006 20:55:43 -0300]=>(MIME part)=>(MIME part)=>(message body)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Disinfection failed</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">D:\Mail\Mail\Local Folders\Junk=>(message 1359)=>[Subject: [avast! - INFECTED] Mail Delivery (f][Date: Wed, 7 Jun 2006 20:55:43 -0300]=>(MIME part)=>(MIME part)=>(message body)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Deleted</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">D:\Mail\Mail\Local Folders\Junk=>(message 1359)=>[Subject: [avast! - INFECTED] Mail Delivery (f][Date: Wed, 7 Jun 2006 20:55:43 -0300]=>(MIME part)=>(MIME part)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Updated</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">D:\Mail\Mail\Local Folders\Junk=>(message 1359)=>[Subject: [avast! - INFECTED] Mail Delivery (f][Date: Wed, 7 Jun 2006 20:55:43 -0300]=>(MIME part)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Updated</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">D:\Mail\Mail\Local Folders\Junk=>(message 1359)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Updated</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">D:\Mail\Mail\Local Folders\Junk</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Updated</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">D:\Mail\Mail\Local Folders\Trash=>(message 297)=>[Subject: [avast! - INFECTED] Mail Delivery (f][Date: Fri, 2 Jun 2006 19:03:57 -0300]=>(MIME part)=>(MIME part)=>(message body)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Suspected of: Exploit.Iframe.Vulnerability</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">D:\Mail\Mail\Local Folders\Trash=>(message 297)=>[Subject: [avast! - INFECTED] Mail Delivery (f][Date: Fri, 2 Jun 2006 19:03:57 -0300]=>(MIME part)=>(MIME part)=>(message body)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Disinfection failed</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">D:\Mail\Mail\Local Folders\Trash=>(message 297)=>[Subject: [avast! - INFECTED] Mail Delivery (f][Date: Fri, 2 Jun 2006 19:03:57 -0300]=>(MIME part)=>(MIME part)=>(message body)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Deleted</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">D:\Mail\Mail\Local Folders\Trash=>(message 297)=>[Subject: [avast! - INFECTED] Mail Delivery (f][Date: Fri, 2 Jun 2006 19:03:57 -0300]=>(MIME part)=>(MIME part)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Updated</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">D:\Mail\Mail\Local Folders\Trash=>(message 297)=>[Subject: [avast! - INFECTED] Mail Delivery (f][Date: Fri, 2 Jun 2006 19:03:57 -0300]=>(MIME part)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial&
