Usamos cookies para medir audiência e melhorar sua experiência. Você pode aceitar ou recusar a qualquer momento. Veja sobre o iMasters.
Boa noite aos membros, administradores e analistas.
Utilizo o Windows XP em um PC que adquiri em 2006, já com o Norton Internet Security instalado. Ano passado, instalei o Norton IS 2008, mantendo conexão discada. Algumas ameaças (vírus, spywares) parecem ter sido removidas no momento da instalação,porém nos últimos meses uma série de problemas vêm acontecendo. Principalmente agora, que estou com conexão de banda larga. Alguns desses problemas:
1. Bloqueio de acesso ao site da Symantec ou qualquer outro fornecedor de antivírus. Mais precisamente, é solicitada conexão dial-up, com uma senha bem diferente da que eu vinha utilizando. O Live Update falha, e algumas vezes recebo a mensagem de que o produto está configurado para conexão discada.
2. O suporte técnico da Symantec encaminhou uma série de procedimentos (basicamente, remoção e reinstalação do NIS 2008, com update da versão 2009). Porém, não consigo mais instalar o produto no PC, nem fazer o download da tal atualização.3. Enquanto o NIS 2008 estava instalado, várias janelas entituladas "Symantec proxy" abriam enquanto eu navegava pela Internet. Pelo que entendi, "algo" na máquina estava enviando mensagens a MUITOS e-mails desconhecidos. Esse fato estava comprometendo o desempenho do PC.
4. O computador trava frequentemente no momento de desligar. Aparecem telas com mensagens "a estação de trabalho está sendo desligada". Iniciando o Windows, vêm aparecendo mensagens de erro como "Win32 Generic Host server", e outras.
Segue o log do HijackThis:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:00:27, on 27/4/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\afisicx.exe
C:\WINDOWS\dhcp\svchost.exe
C:\Arquivos de programas\Arquivos comuns\LightScribe\LSSrvc.exe
C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\sopidkc.exe
C:\WINDOWS\system32\tdctxte.exe
C:\WINDOWS\Explorer.EXE
C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpCtr.exe
C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpSvc.exe
C:\WINDOWS\pchealth\helpctr\binaries\HelpCtr.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Arquivos de programas\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\WISPTIS.EXE
C:\Hijack\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://login.yahoo.com/config/login_verify...=br&.src=ym
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Arquivos de programas\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Arquivos de programas\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [Windows Service help] C:\RECYCLER\S-1-5-21-6057772207-5458510898-973275790-8303\winservices.exe
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [svc] c:\program Files\ThunMail\testabd.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [reader_s] C:\Documents and Settings\Carlos\reader_s.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [VRTE0A] C:\WINDOWS\TEMP\VRTE0A.exe (User 'Default user')
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1131549136390
O20 - AppInit_DLLs: c:\progra~1\ThunMail\testabd.dll
O23 - Service: afisicx Service (afisicx) - 5.232.121.233 - C:\WINDOWS\system32\afisicx.exe
O23 - Service: Dhcp server (DhcpSrv) - Unknown owner - C:\WINDOWS\dhcp\svchost.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Arquivos de programas\Arquivos comuns\LightScribe\LSSrvc.exe
O23 - Service: sopidkc Service (sopidkc) - 5.232.121.233 - C:\WINDOWS\system32\sopidkc.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\ARQUIV~1\ARQUIV~1\SYMANT~1\CCPD-LC\symlcsvc.exe (file missing)
O23 - Service: tdctxte Service (tdctxte) - 5.232.121.233 - C:\WINDOWS\system32\tdctxte.exe
--
End of file - 4742 bytes
Peço desculpas pelo tamanho da descrição dos problemas, mas creio que esse é o melhor meio para que outros membros possam tirar suas dúvidas.
Desde já agradeço...
Boa noite, DigRam. Obrigado pelo auxílio!
Não consegui acessar o drweb-cureit ("a página não pode ser exibida")...
Eu poderia salvar esse programa, e o Kaspersky, em outro computador, e copiar (via pen-drive) para o meu PC? Isso pode comprometer a continuidade do processo de verificação?
Forte abraço.
Boa noite, DigRam. Obrigado pelo auxílio!
Não consegui acessar o drweb-cureit ("a página não pode ser exibida")...
Eu poderia salvar esse programa, e o Kaspersky, em outro computador, e copiar (via pen-drive) para o meu PC? Isso pode comprometer a continuidade do processo de verificação?
Forte abraço.
<><><><><><><><><>
Opa! Carlos SP
<!> Faça!
Abraços!
Boa noite, DigRam! Aí vão os posts requisitados... dividi os relatórios em quatro mensagens, ok?
- RELATÓRIO DrWEB:
issch.exe c:\arquivos de programas\arquivos comuns\installshield\updateservice Win32.Virut.56 Desinfectado.
isuspm.exe c:\arquivos de programas\arquivos comuns\installshield\updateservice Win32.Virut.56 Desinfectado.
lssrvc.exe c:\arquivos de programas\arquivos comuns\lightscribe Win32.Virut.56 Desinfectado.
hpqtra08.exe c:\arquivos de programas\hp\digital imaging\bin Win32.Virut.56 Desinfectado.
hpwuschd2.exe c:\arquivos de programas\hp\hp software update Win32.Virut.56 Desinfectado.
jusched.exe c:\arquivos de programas\java\jre1.5.0_06\bin Win32.Virut.56 Desinfectado.
msmsgs.exe c:\arquivos de programas\messenger Win32.Virut.56 Desinfectado.
bc40case.exe c:\arquivos de programas\textware\bookcase40 Win32.Virut.56 Desinfectado.
websvr.exe c:\documents and settings\carlos\configurações locais\dados de aplicativos Trojan.Click.25647
reader_s.exe c:\documents and settings\carlos Trojan.DownLoad.29459 Eliminado.
testabd.dll c:\program files\thunmail Trojan.PWS.Wow.1315 Eliminado.
testabd.exe c:\program files\thunmail Win32.Virut.56 Desinfectado.
testabd.exe c:\program files\thunmail Trojan.PWS.Wow.1315 Eliminado.
winservices.exe c:\recycler\s-1-5-21-4401291817-2159327192-588525911-9524 Win32.Virut.56 Desinfectado.
winservices.exe c:\recycler\s-1-5-21-4401291817-2159327192-588525911-9524 Win32.HLLW.Recycler.3 Eliminado.
winservices.exe c:\recycler\s-1-5-21-6057772207-5458510898-973275790-8303 Win32.Virut.56 Desinfectado.
winservices.exe c:\recycler\s-1-5-21-6057772207-5458510898-973275790-8303 Win32.HLLW.Recycler.3 Eliminado.
isl.exe c:\recycler\s-1-5-21-6299375358-1579059880-171803785-1409 Win32.Virut.56 Desinfectado.
isl.exe c:\recycler\s-1-5-21-6299375358-1579059880-171803785-1409 Win32.HLLW.Lime.3 Eliminado.
vshost.exe c:\ Win32.Virut.56 Desinfectado.
vshost.exe c:\ Win32.HLLW.Recycler.3 Eliminado.
svchost.exe c:\windows\dhcp Win32.Virut.56 Desinfectado.
svchost.exe c:\windows\dhcp BackDoor.BlackHole.3332 Eliminado.
explorer.exe c:\windows Win32.Virut.56 Desinfectado.
unregmp2.exe c:\windows\inf Win32.Virut.56 Desinfectado.
soundman.exe c:\windows Win32.Virut.56 Desinfectado.
svchost.exe c:\windows\system32\3361 Win32.Virut.56 Desinfectado.
svchost.exe c:\windows\system32\3361 Trojan.Ads.49 Eliminado.
afisicx.exe c:\windows\system32 Win32.Virut.56 Desinfectado.
afisicx.exe c:\windows\system32 Trojan.DownLoad.35111 Eliminado.
alg.exe c:\windows\system32 Win32.Virut.56 Desinfectado.
at1394.sys c:\windows\system32 Trojan.NtRootKit.2785 Eliminado.
cisvc.exe c:\windows\system32 Win32.Virut.56 Desinfectado.
clipsrv.exe c:\windows\system32 Win32.Virut.56 Desinfectado.
ctfmon.exe c:\windows\system32 Win32.Virut.56 Desinfectado.
dllhost.exe c:\windows\system32 Win32.Virut.56 Desinfectado.
dmadmin.exe c:\windows\system32 Win32.Virut.56 Desinfectado.
calling.com c:\windows\system32\drive Program.mIRC.603
iasv32.dll c:\windows\system32 Trojan.DownLoad.35600 Eliminado.
ie4uinit.exe c:\windows\system32 Win32.Virut.56 Desinfectado.
imapi.exe c:\windows\system32 Win32.Virut.56 Desinfectado.
locator.exe c:\windows\system32 Win32.Virut.56 Desinfectado.
logon.scr c:\windows\system32 Win32.Virut.56 Desinfectado.
logonui.exe c:\windows\system32 Win32.Virut.56 Desinfectado.
mnmsrvc.exe c:\windows\system32 Win32.Virut.56 Desinfectado.
msdtc.exe c:\windows\system32 Win32.Virut.56 Desinfectado.
msiexec.exe c:\windows\system32 Win32.Virut.56 Desinfectado.
netdde.exe c:\windows\system32 Win32.Virut.56 Desinfectado.
ntsd.exe c:\windows\system32 Win32.Virut.56 Desinfectado.
reader_s.exe c:\windows\system32 Trojan.DownLoad.29459 Eliminado.
regsvr32.exe c:\windows\system32 Win32.Virut.56 Desinfectado.
rsvp.exe c:\windows\system32 Win32.Virut.56 Desinfectado.
rundll32.exe c:\windows\system32 Win32.Virut.56 Desinfectado.
scardsvr.exe c:\windows\system32 Win32.Virut.56 Desinfectado.
sessmgr.exe c:\windows\system32 Win32.Virut.56 Desinfectado.
shmgrate.exe c:\windows\system32 Win32.Virut.56 Desinfectado.
smlogsvc.exe c:\windows\system32 Win32.Virut.56 Desinfectado.
sopidkc.exe c:\windows\system32 Win32.Virut.56 Desinfectado.
sopidkc.exe c:\windows\system32 Trojan.DownLoad.35111 Eliminado.
tdctxte.exe c:\windows\system32 Win32.Virut.56 Desinfectado.
tdctxte.exe c:\windows\system32 Trojan.DownLoad.35111 Eliminado.
ups.exe c:\windows\system32 Win32.Virut.56 Desinfectado.
userinit.exe c:\windows\system32 Win32.Virut.56 Desinfectado.
vssvc.exe c:\windows\system32 Win32.Virut.56 Desinfectado.
wmiapsrv.exe c:\windows\system32\wbem Win32.Virut.56 Desinfectado.
xnqpu.dll c:\windows\system32 Win32.HLLW.Autoruner.5555 Eliminado.
ata.exe C:\ Win32.HLLW.MyBot Eliminado.
ckc.exe/data002\data002 C:\ckc.exe/data002 Program.mIRC.603
ckc.exe/data002\data003 C:\ckc.exe/data002 Tool.Moo
ckc.exe/data002\data005 C:\ckc.exe/data002 Program.PrcView.3725
ckc.exe/data002\data006 C:\ckc.exe/data002 Tool.Dasniff
ckc.exe/data002\data007 C:\ckc.exe/data002 Trojan.Flood.22016
ckc.exe/data002\data008 C:\ckc.exe/data002 IRC.Flood
ckc.exe/data002\data009 C:\ckc.exe/data002 Tool.PassView
ckc.exe/data002\data010 C:\ckc.exe/data002 IRC.Generic.147
data002 C:\ O arquivo contém objectos infectados
ckc.exe C:\ A pasta contem objectos infectados
ddram.exe/data002\data010 C:\ddram.exe/data002 Tool.Moo
ddram.exe/data002\data012 C:\ddram.exe/data002 Program.PrcView.3725
ddram.exe/data002\data013 C:\ddram.exe/data002 Tool.Dasniff
ddram.exe/data002\data014 C:\ddram.exe/data002 Trojan.Flood.22016
ddram.exe/data002\data015 C:\ddram.exe/data002 IRC.Flood
ddram.exe/data002\data016 C:\ddram.exe/data002 Tool.PassView
ddram.exe/data002\data021 C:\ddram.exe/data002 BackDoor.IRC.based
ddram.exe/data002\data022 C:\ddram.exe/data002 IRC.Generic.147
data002 C:\ O arquivo contém objectos infectados
ddram.exe C:\ A pasta contem objectos infectados
drive C:\ Win32.HLLW.Autoruner.6307 Eliminado.
dyr.exe C:\ Win32.Virut.56 Desinfectado.
dyr.exe C:\ Win32.HLLW.Autoruner.6307 Eliminado.
hah.exe/data002\data002 C:\hah.exe/data002 Program.mIRC.603
hah.exe/data002\data003 C:\hah.exe/data002 Tool.Moo
hah.exe/data002\data005 C:\hah.exe/data002 Program.PrcView.3725
hah.exe/data002\data006 C:\hah.exe/data002 Tool.Dasniff
hah.exe/data002\data007 C:\hah.exe/data002 Trojan.Flood.22016
hah.exe/data002\data008 C:\hah.exe/data002 IRC.Flood
hah.exe/data002\data009 C:\hah.exe/data002 Tool.PassView
hah.exe/data002\data010 C:\hah.exe/data002 IRC.Generic.147
data002 C:\ O arquivo contém objectos infectados
hah.exe C:\ A pasta contem objectos infectados
kvcxcscl.exe C:\ Win32.Virut.56 Desinfectado.
kvcxcscl.exe C:\ Win32.Virut.56 Desinfectado.
nfhusmai.exe C:\ Win32.Virut.56 Desinfectado.
qp.exe C:\ Win32.Virut.56 Desinfectado.
qp.exe C:\ Trojan.Packed.469 Eliminado.
rq.exe/data002\data002 C:\rq.exe/data002 Program.mIRC.603
rq.exe/data002\data003 C:\rq.exe/data002 Tool.Moo
rq.exe/data002\data005 C:\rq.exe/data002 Program.PrcView.3725
rq.exe/data002\data006 C:\rq.exe/data002 Tool.Dasniff
rq.exe/data002\data007 C:\rq.exe/data002 Trojan.Flood.22016
rq.exe/data002\data008 C:\rq.exe/data002 IRC.Flood
rq.exe/data002\data009 C:\rq.exe/data002 Tool.PassView
rq.exe/data002\data010 C:\rq.exe/data002 IRC.Generic.147
data002 C:\ O arquivo contém objectos infectados
rq.exe C:\ A pasta contem objectos infectados
sdd.exe C:\ Win32.HLLW.Autoruner.848 Eliminado.
sys.exe C:\ Win32.Virut.56 Desinfectado.
sys.exe C:\ Win32.HLLW.Lime.4 Eliminado.
sysm.exe/data002\data010 C:\sysm.exe/data002 Tool.Moo
sysm.exe/data002\data012 C:\sysm.exe/data002 Program.PrcView.3725
sysm.exe/data002\data013 C:\sysm.exe/data002 Tool.Dasniff
sysm.exe/data002\data014 C:\sysm.exe/data002 Trojan.Flood.22016
sysm.exe/data002\data015 C:\sysm.exe/data002 IRC.Flood
data002 C:\ O arquivo contém objectos infectados
sysm.exe C:\ A pasta contem objectos infectados
tip.exe C:\ Win32.Virut.56 Desinfectado.
tip.exe C:\ BackDoor.IRC.Flood.8 Eliminado.
superinteressante.exe C:\Arquivos de programas\Abril\Superinteressante Win32.Virut.56 Desinfectado.
AcroRd32.exe C:\Arquivos de programas\Adobe\Acrobat 6.0\Reader Win32.Virut.56 Desinfectado.
IDriver.exe C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\9\Intel 32 Win32.Virut.56 Desinfectado.
agent.exe C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService Win32.Virut.56 Desinfectado.
msinfo32.exe C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\MSInfo Win32.Virut.56 Desinfectado.
game.exe C:\Arquivos de programas\Black Bean Games\Great Battles of WWII - Stalingrad (Demo) Win32.Virut.56 Desinfectado.
CoDMP.exe C:\Arquivos de programas\Call of Duty Win32.Virut.56 Desinfectado.
UNWISE.EXE C:\Arquivos de programas\Call of Duty\Uninstall Win32.Virut.56 Desinfectado.
DedicatedServer.exe C:\Arquivos de programas\EA GAMES\Battlefield 1942 Win32.Virut.56 Desinfectado.
Battlefield 1942_eReg.exe C:\Arquivos de programas\EA GAMES\Battlefield 1942\eReg Win32.Virut.56 Desinfectado.
Battlefield 1942_EZ.exe C:\Arquivos de programas\EA GAMES\Battlefield 1942\eReg Win32.Virut.56 Desinfectado.
prism.exe C:\Arquivos de programas\GraphPad\Prism 4 Win32.Virut.56 Desinfectado.
hpqdirec.exe C:\Arquivos de programas\HP\Digital Imaging\bin Win32.Virut.56 Desinfectado.
hpqpprop.exe C:\Arquivos de programas\HP\Digital Imaging\bin Win32.Virut.56 Desinfectado.
hpqste08.exe C:\Arquivos de programas\HP\Digital Imaging\bin Win32.Virut.56 Desinfectado.
hpqtbx01.exe C:\Arquivos de programas\HP\Digital Imaging\bin Win32.Virut.56 Desinfectado.
hpqusgl.exe C:\Arquivos de programas\HP\Digital Imaging\bin Win32.Virut.56 Desinfectado.
hpqwrg.exe C:\Arquivos de programas\HP\Digital Imaging\bin Win32.Virut.56 Desinfectado.
hprbui.exe C:\Arquivos de programas\HP\Digital Imaging\Product Assistant\bin Win32.Virut.56 Desinfectado.
HPWUCli.exe C:\Arquivos de programas\HP\HP Software Update Win32.Virut.56 Desinfectado.
HP_IZE.exe C:\Arquivos de programas\HP\Image Zone Express Win32.Virut.56 Desinfectado.
Player.exe C:\Arquivos de programas\HT NETWORKS\HT Player Win32.Virut.56 Desinfectado.
Setup.exe C:\Arquivos de programas\InstallShield Installation Information\{698D7E61-E4BF-4CA6-8A09-CF6BDBFDEF65} Win32.Virut.56 Desinfectado.
iedw.exe C:\Arquivos de programas\Internet Explorer Win32.Virut.56 Desinfectado.
IEXPLORE.EXE C:\Arquivos de programas\Internet Explorer Win32.Virut.56 Desinfectado.
icwconn1.exe C:\Arquivos de programas\Internet Explorer\Connection Wizard Win32.Virut.56 Desinfectado.
icwconn2.exe C:\Arquivos de programas\Internet Explorer\Connection Wizard Win32.Virut.56 Desinfectado.
icwrmind.exe C:\Arquivos de programas\Internet Explorer\Connection Wizard Win32.Virut.56 Desinfectado.
icwtutor.exe C:\Arquivos de programas\Internet Explorer\Connection Wizard Win32.Virut.56 Desinfectado.
inetwiz.exe C:\Arquivos de programas\Internet Explorer\Connection Wizard Win32.Virut.56 Desinfectado.
isignup.exe C:\Arquivos de programas\Internet Explorer\Connection Wizard Win32.Virut.56 Desinfectado.
javaws.exe C:\Arquivos de programas\Java\jre1.5.0_06\bin Win32.Virut.56 Desinfectado.
SC3.EXE C:\Arquivos de programas\Maxis\SimCity 3000\Game Win32.Virut.56 Desinfectado.
VBAPB10.CHM\html/pbproStartInNextTextBox.htm C:\Arquivos de programas\Microsoft Office\OFFICE11\1046\VBAPB10.CHM Modificação de Avispa.2048
VBAPB10.CHM C:\Arquivos de programas\Microsoft Office\OFFICE11\1046 A pasta contem objectos infectados
moviemk.exe C:\Arquivos de programas\Movie Maker Win32.Virut.56 Desinfectado.
bckgzm.exe C:\Arquivos de programas\MSN Gaming Zone\Windows Win32.Virut.56 Desinfectado.
chkrzm.exe C:\Arquivos de programas\MSN Gaming Zone\Windows Win32.Virut.56 Desinfectado.
hrtzzm.exe C:\Arquivos de programas\MSN Gaming Zone\Windows Win32.Virut.56 Desinfectado.
Rvsezm.exe C:\Arquivos de programas\MSN Gaming Zone\Windows Win32.Virut.56 Desinfectado.
shvlzm.exe C:\Arquivos de programas\MSN Gaming Zone\Windows Win32.Virut.56 Desinfectado.
conf.exe C:\Arquivos de programas\NetMeeting Win32.Virut.56 Desinfectado.
msimn.exe C:\Arquivos de programas\Outlook Express Win32.Virut.56 Desinfectado.
wab.exe C:\Arquivos de programas\Outlook Express Win32.Virut.56 Desinfectado.
Victoria.exe C:\Arquivos de programas\Paradox Entertainment\Victoria Win32.Virut.56 Desinfectado.
Victoria_Settings.exe C:\Arquivos de programas\Paradox Entertainment\Victoria Win32.Virut.56 Desinfectado.
PDFCreator.exe C:\Arquivos de programas\PDFCreator Win32.Virut.56 Desinfectado.
TransTool.exe C:\Arquivos de programas\PDFCreator\languages Win32.Virut.56 Desinfectado.
CinePlayer.exe C:\Arquivos de programas\Roxio\CinePlayer Win32.Virut.56 Desinfectado.
wmplayer.exe C:\Arquivos de programas\Windows Media Player Win32.Virut.56 Desinfectado.
hypertrm.exe C:\Arquivos de programas\Windows NT Win32.Virut.56 Desinfectado.
wordpad.exe C:\Arquivos de programas\Windows NT\Acessórios Win32.Virut.56 Desinfectado.
PINBALL.EXE C:\Arquivos de programas\Windows NT\Pinball Win32.Virut.56 Desinfectado.
WinRAR.exe C:\Arquivos de programas\WinRAR Win32.Virut.56 Desinfectado.
I_AM_EMO.gif---www.facebook.com C:\Documents and Settings\Administrador\Configurações locais\Temp Win32.HLLW.Recycler.3 Eliminado.
DFUDC.exe C:\Documents and Settings\Carlos Win32.Virut.56 Desinfectado.
DFUDC.exe C:\Documents and Settings\Carlos Win32.HLLW.Recycler.3 Eliminado.
DUJUJ.exe C:\Documents and Settings\Carlos Win32.HLLW.Recycler.3 Eliminado.
KRPTS.exe C:\Documents and Settings\Carlos Win32.HLLW.Recycler.3 Eliminado.
QYESO.exe C:\Documents and Settings\Carlos Win32.Virut.56 Desinfectado.
QYESO.exe C:\Documents and Settings\Carlos Win32.HLLW.Recycler.3 Eliminado.
TCNCN.exe C:\Documents and Settings\Carlos Win32.HLLW.Recycler.3 Eliminado.
TGIUI.exe C:\Documents and Settings\Carlos Win32.HLLW.Recycler.3 Eliminado.
TZNWJ.exe C:\Documents and Settings\Carlos Win32.Virut.56 Desinfectado.
TZNWJ.exe C:\Documents and Settings\Carlos Win32.HLLW.Recycler.3 Eliminado.
WMXNW.exe C:\Documents and Settings\Carlos Win32.Virut.56 Desinfectado.
WMXNW.exe C:\Documents and Settings\Carlos Win32.HLLW.Recycler.3 Eliminado.
WPWBD.exe C:\Documents and Settings\Carlos Win32.Virut.56 Desinfectado.
WPWBD.exe C:\Documents and Settings\Carlos Win32.HLLW.Recycler.3 Eliminado.
websvr.exe C:\Documents and Settings\Carlos\Configurações locais\Dados de aplicativos Trojan.Click.25647
ddsuper1[1].htm C:\Documents and Settings\Carlos\Configurações locais\Temporary Internet Files\Content.IE5\3ASVVPWL Win32.Virut.56 Desinfectado.
nload[1].exe C:\Documents and Settings\Carlos\Configurações locais\Temporary Internet Files\Content.IE5\85UJ016N Win32.Virut.56 Desinfectado.
rc[1].htm\Script.2 C:\Documents and Settings\Carlos\Configurações locais\Temporary Internet Files\Content.IE5\93R7H9GE\rc[1].htm Exploit.ActiveX.9
rc[1].htm C:\Documents and Settings\Carlos\Configurações locais\Temporary Internet Files\Content.IE5\93R7H9GE A pasta contem objectos infectados
rc[2].htm\Script.2 C:\Documents and Settings\Carlos\Configurações locais\Temporary Internet Files\Content.IE5\93R7H9GE\rc[2].htm Exploit.ActiveX.9
rc[2].htm C:\Documents and Settings\Carlos\Configurações locais\Temporary Internet Files\Content.IE5\93R7H9GE A pasta contem objectos infectados
rc[3].htm\Script.2 C:\Documents and Settings\Carlos\Configurações locais\Temporary Internet Files\Content.IE5\93R7H9GE\rc[3].htm Exploit.ActiveX.9
rc[3].htm C:\Documents and Settings\Carlos\Configurações locais\Temporary Internet Files\Content.IE5\93R7H9GE A pasta contem objectos infectados
rc[4].htm\Script.2 C:\Documents and Settings\Carlos\Configurações locais\Temporary Internet Files\Content.IE5\93R7H9GE\rc[4].htm Exploit.ActiveX.9
rc[4].htm C:\Documents and Settings\Carlos\Configurações locais\Temporary Internet Files\Content.IE5\93R7H9GE A pasta contem objectos infectados
nload[1].exe C:\Documents and Settings\Carlos\Configurações locais\Temporary Internet Files\Content.IE5\C1MB4L2N Win32.Virut.56 Desinfectado.
nload[1].exe C:\Documents and Settings\Carlos\Configurações locais\Temporary Internet Files\Content.IE5\CJ0J27MV Win32.Virut.56 Desinfectado.
cmd1[1].exe C:\Documents and Settings\Carlos\Configurações locais\Temporary Internet Files\Content.IE5\G5M7K5YR Win32.HLLW.Lime.3 Eliminado.
ddsuper2[1].htm C:\Documents and Settings\Carlos\Configurações locais\Temporary Internet Files\Content.IE5\IPLA7298 Trojan.DownLoad.29459 Eliminado.
nload[1].exe C:\Documents and Settings\Carlos\Configurações locais\Temporary Internet Files\Content.IE5\OR25WRMT Win32.Virut.56 Desinfectado.
pic[1].exe C:\Documents and Settings\Carlos\Configurações locais\Temporary Internet Files\Content.IE5\OR25WRMT Win32.HLLW.Lime.2 Eliminado.
nload[1].exe C:\Documents and Settings\Carlos\Configurações locais\Temporary Internet Files\Content.IE5\QHYR85GZ Win32.Virut.56 Desinfectado.
lvhost[1].exe C:\Documents and Settings\Carlos\Configurações locais\Temporary Internet Files\Content.IE5\RPG11Y7E Win32.HLLW.Recycler.3 Eliminado.
lvhost[1].exe C:\Documents and Settings\Carlos\Configurações locais\Temporary Internet Files\Content.IE5\S567M521 Win32.HLLW.Recycler.3 Eliminado.
tdl[1].exe C:\Documents and Settings\Carlos\Configurações locais\Temporary Internet Files\Content.IE5\S567M521 Win32.HLLW.Recycler.3 Eliminado.
ouqenbopzz[1].txt C:\Documents and Settings\Carlos\Configurações locais\Temporary Internet Files\Content.IE5\S9OBKRKB Trojan.Packed.2450 Eliminado.
ouqenbopzz[1].txt C:\Documents and Settings\Carlos\Configurações locais\Temporary Internet Files\Content.IE5\SFTB6MN1 Trojan.Packed.2450 Eliminado.
KaM_1024.exe C:\Documents and Settings\Carlos\Meus documentos\Knights AND Merchants RIP CLASS (Seeded By SnesHeaven.org)\Knights&Merchants Win32.Virut.56 Desinfectado.
w[2].bin C:\Documents and Settings\LocalService\Configurações locais\Temporary Internet Files\Content.IE5\0059PVX9 Trojan.DownLoad.35942 Eliminado.
inuninst.exe C:\Program Files\InterActual\InterActual Player Win32.Virut.56 Desinfectado.
iPlayer.exe C:\Program Files\InterActual\InterActual Player Win32.Virut.56 Desinfectado.
winservices.exe C:\RECYCLER\S-1-5-21-2294762216-9637911831-536108129-0741 Win32.Virut.56 Desinfectado.
winservices.exe C:\RECYCLER\S-1-5-21-2294762216-9637911831-536108129-0741 Win32.HLLW.Recycler.3 Eliminado.
isl.exe C:\RECYCLER\S-1-5-21-8783608433-9158052299-466083778-8539 Win32.HLLW.Autoruner.6307 Eliminado.
SETUP32.EXE C:\SIERRA Win32.Virut.56 Desinfectado.
SIGSPAT.EXE C:\SIERRA Win32.Virut.56 Desinfectado.
A0001060.exe C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1 Win32.HLLW.Lime.3 Eliminado.
A0001072.exe C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1 Win32.HLLW.Recycler.3 Eliminado.
A0001150.old C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1 Trojan.Click.25824 Eliminado.
A0002200.exe C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1 Win32.Virut.56 Desinfectado.
A0002200.exe C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1 BackDoor.BlackHole.3323 Eliminado.
A0004173.old C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1 Trojan.Click.25824 Eliminado.
A0004176.exe C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1 Win32.Virut.56 Desinfectado.
A0005184.sys C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1 Trojan.DownLoad.35604 Eliminado.
A0007207.exe C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1 Win32.Virut.56 Desinfectado.
A0007207.exe C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1 Trojan.DownLoad.35604 Eliminado.
A0007209.exe C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1 Trojan.DownLoad.29459 Eliminado.
A0007210.exe C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1 Trojan.DownLoad.29459 Eliminado.
A0007214.old C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1 Trojan.Siggen.2215 Eliminado.
A0008209.dll C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1 Trojan.PWS.Wsgame.11359 Eliminado.
A0008210.exe C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1 Win32.Virut.56 Desinfectado.
A0008210.exe C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1 Trojan.PWS.Wsgame.11359 Eliminado.
A0008212.exe C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1 Win32.Virut.56 Desinfectado.
A0008212.exe C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1 BackDoor.BlackHole.3324 Eliminado.
A0009211.old C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1 Trojan.Click.25715 Eliminado.
A0009214.exe C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1 Win32.Virut.56 Desinfectado.
A0010212.old C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1 Trojan.Siggen.2215 Eliminado.
A0010215.exe C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1 Win32.Virut.56 Desinfectado.
A0010236.dll C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1 Trojan.PWS.Wsgame.11359 Eliminado.
A0010237.exe C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1 Win32.Virut.56 Desinfectado.
A0010237.exe C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1 Trojan.PWS.Wsgame.11359 Eliminado.
A0010238.dll C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1 Trojan.DownLoad.35600 Eliminado.
A0010239.exe C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1 Win32.Virut.56 Desinfectado.
A0010239.exe C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1 BackDoor.BlackHole.3333 Eliminado.
A0011224.exe C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1 Win32.Virut.56 Desinfectado.
A0011228.exe C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1 Win32.Virut.56 Desinfectado.
A0011235.old C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1 Trojan.Click.25824 Eliminado.
A0011236.dll C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1 Trojan.DownLoad.35945 Eliminado.
A0013300.exe C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1 Win32.HLLW.Lime.4 Eliminado.
A0013301.exe C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1 Win32.HLLW.Autoruner.848 Eliminado.
A0013302.exe C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1 Trojan.Packed.469 Eliminado.
A0013303.exe C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1 Win32.HLLW.Autoruner.6307 Eliminado.
A0013304.exe C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1 Win32.HLLW.MyBot Eliminado.
A0013315.exe C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1 Win32.HLLW.Recycler.3 Eliminado.
A0013319.exe C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1 Win32.Virut.56 Desinfectado.
A0013319.exe C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1 Win32.HLLW.Recycler.3 Eliminado.
A0013320.exe C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1 Win32.Virut.56 Desinfectado.
A0013320.exe C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1 Win32.Virut.56 Desinfectado.
A0013321.exe C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1 Win32.Virut.56 Desinfectado.
A0013321.exe C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1 Win32.HLLW.Recycler.3 Eliminado.
A0013322.exe C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1 Win32.Virut.56 Desinfectado.
A0013322.exe C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1 Win32.Virut.56 Desinfectado.
A0013325.exe C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1 Win32.Virut.56 Desinfectado.
A0013326.exe C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1 Win32.Virut.56 Desinfectado.
A0013326.exe C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1 Win32.HLLW.Recycler.3 Eliminado.
A0013327.exe C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1 Win32.Virut.56 Desinfectado.
A0013327.exe C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1 Win32.HLLW.Recycler.3 Eliminado.
A0013328.exe C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1 Win32.Virut.56 Desinfectado.
A0013329.exe C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1 Win32.Virut.56 Desinfectado.
A0013329.exe C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1 Win32.HLLW.Recycler.3 Eliminado.
A0013333.exe C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1 Win32.Virut.56 Desinfectado.
A0013333.exe C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1 Win32.HLLW.Recycler.3 Eliminado.
A0013334.exe C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1 Win32.Virut.56 Desinfectado.
A0013334.exe C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1 Win32.HLLW.Recycler.3 Eliminado.
A0013335.exe C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1 Win32.Virut.56 Desinfectado.
A0013335.exe C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1 Win32.Virut.56 Desinfectado.
A0013337.exe C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1 Win32.Virut.56 Desinfectado.
A0013337.exe C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1 Win32.HLLW.Lime.2 Eliminado.
A0013341.exe C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1 Win32.Virut.56 Desinfectado.
A0013341.exe C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1 Win32.HLLW.Recycler.3 Eliminado.
A0013343.exe C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1 Win32.Virut.56 Desinfectado.
A0013343.exe C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1 Win32.Virut.56 Desinfectado.
A0013346.exe C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1 Win32.Virut.56 Desinfectado.
A0013346.exe C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1 Win32.HLLW.Lime.3 Eliminado.
A0013347.exe C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1 FDOS.Atomix.origin
A0013349.exe C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1 Win32.Virut.56 Desinfectado.
A0013349.exe C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1 Win32.HLLW.Recycler.3 Eliminado.
A0013351.exe C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1 Win32.Virut.56 Desinfectado.
A0013351.exe C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1 Win32.HLLW.Recycler.3 Eliminado.
A0013352.exe C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1 Win32.HLLW.Recycler.3 Eliminado.
A0013353.exe C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1 Win32.Virut.56 Desinfectado.
A0013353.exe C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1 Win32.HLLW.Recycler.3 Eliminado.
A0013356.exe C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1 Win32.Virut.56 Desinfectado.
A0013356.exe C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1 Win32.Virut.56 Desinfectado.
A0013357.exe C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1 Win32.Virut.56 Desinfectado.
A0013358.exe C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1 Win32.Virut.56 Desinfectado.
A0013358.exe C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1 Win32.Virut.56 Desinfectado.
A0013360.exe C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1 Win32.Virut.56 Desinfectado.
A0013360.exe C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1 Win32.HLLW.Recycler.3 Eliminado.
A0013361.exe C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1 Win32.HLLW.Recycler.3 Eliminado.
A0013363.exe C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1 FDOS.Atomix.origin
A0013366.exe C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1 Win32.Virut.56 Desinfectado.
A0013366.exe C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1 Win32.HLLW.Recycler.3 Eliminado.
A0013367.exe C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1 Win32.Virut.56 Desinfectado.
A0013367.exe C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1 Win32.HLLW.Recycler.3 Eliminado.
A0013368.exe C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1 Win32.Virut.56 Desinfectado.
A0013370.exe C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1 Win32.Virut.56 Desinfectado.
A0013370.exe C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1 Win32.HLLW.Recycler.3 Eliminado.
A0013374.exe C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1 Win32.Virut.56 Desinfectado.
A0013374.exe C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1 Win32.Virut.56 Desinfectado.
A0013376.exe C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1 Win32.Virut.56 Desinfectado.
A0013376.exe C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1 Win32.Virut.56 Desinfectado.
A0013382.com C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1 Win32.HLLW.Recycler.3 Eliminado.
A0013385.exe C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1 Win32.Virut.56 Desinfectado.
A0013385.exe C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1 Dialer.Siggen.121 Eliminado.
A0013386.com C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1 Win32.HLLW.Recycler.3 Eliminado.
A0013388.exe C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1 Win32.Virut.56 Desinfectado.
A0013392.pif C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1 Win32.HLLW.Recycler.3 Eliminado.
A0013484.exe C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1 Win32.Virut.56 Desinfectado.
A0013915.exe C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1 Win32.Virut.56 Desinfectado.
A0013919.exe C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1 Win32.Virut.56 Desinfectado.
A0014207.exe C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1 Win32.HLLW.Recycler.3 Eliminado.
A0014209.exe C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1 Win32.HLLW.MyBot Eliminado.
A0014213.com C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1 Win32.HLLW.Recycler.3 Eliminado.
A0014446.exe C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1 Win32.HLLW.MyBot Eliminado.
A0014448.exe C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1 BackDoor.IRC.Flood.8 Eliminado.
A0014455.exe C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1 Win32.Virut.56 Desinfectado.
A0014484.exe C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1 Win32.Virut.56 Desinfectado.
A0014489.exe C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1 Trojan.DownLoad.29459 Eliminado.
A0014490.exe C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1 Trojan.DownLoad.29459 Eliminado.
A0014492.exe C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1 Win32.Virut.56 Desinfectado.
A0014497.sys C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1 Trojan.DownLoad.35942 Eliminado.
A0014498.exe C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1 Win32.Virut.56 Desinfectado.
A0014523.exe C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1 Win32.Virut.56 Desinfectado.
A0014523.exe C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1 Trojan.PWS.Wow.1315 Eliminado.
A0014532.exe C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1 Win32.Virut.56 Desinfectado.
A0014532.exe C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1 Trojan.PWS.Wow.1315 Eliminado.
A0014540.exe C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1 Win32.HLLW.MyBot Eliminado.
A0014543.exe C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1 Win32.Virut.56 Desinfectado.
A0014544.exe C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1 Win32.Virut.56 Desinfectado.
A0014545.exe C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1 Win32.Virut.56 Desinfectado.
A0014546.exe C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1 Win32.Virut.56 Desinfectado.
A0014547.exe C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1 Win32.Virut.56 Desinfectado.
A0014548.exe C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1 Win32.Virut.56 Desinfectado.
A0014549.exe C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1 Win32.Virut.56 Desinfectado.
A0014550.exe C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1 Win32.Virut.56 Desinfectado.
A0014551.exe C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1 Trojan.DownLoad.29459 Eliminado.
A0014552.dll C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1 Trojan.PWS.Wow.1315 Eliminado.
A0014553.exe C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1 Win32.Virut.56 Desinfectado.
A0014553.exe C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1 Trojan.PWS.Wow.1315 Eliminado.
A0014554.exe C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1 Win32.Virut.56 Desinfectado.
A0014554.exe C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1 Win32.HLLW.Recycler.3 Eliminado.
A0014555.exe C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1 Win32.Virut.56 Desinfectado.
A0014555.exe C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1 Win32.HLLW.Lime.3 Eliminado.
A0014556.exe C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1 Win32.Virut.56 Desinfectado.
A0014556.exe C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1 Win32.HLLW.Recycler.3 Eliminado.
A0014557.exe C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1 Win32.Virut.56 Desinfectado.
A0014557.exe C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1 BackDoor.BlackHole.3332 Eliminado.
A0014558.exe C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1 Win32.Virut.56 Desinfectado.
A0014559.exe C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1 Win32.Virut.56 Desinfectado.
A0014560.EXE C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1 Win32.Virut.56 Desinfectado.
A0014561.EXE C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1 Win32.Virut.56 Desinfectado.
A0014561.EXE C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1 Trojan.Ads.49 Eliminado.
A0014562.exe C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1 Win32.Virut.56 Desinfectado.
A0014562.exe C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1 Trojan.DownLoad.35111 Eliminado.
A0014563.exe C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1 Win32.Virut.56 Desinfectado.
A0014564.sys C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1 Trojan.NtRootKit.2785 Eliminado.
A0014565.exe C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1 Win32.Virut.56 Desinfectado.
A0014566.exe C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1 Win32.Virut.56 Desinfectado.
A0014567.exe C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1 Win32.Virut.56 Desinfectado.
A0014568.exe C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1 Win32.Virut.56 Desinfectado.
A0014569.exe C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1 Win32.Virut.56 Desinfectado.
A0014570.dll C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1 Trojan.DownLoad.35600 Eliminado.
A0014571.exe C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1 Win32.Virut.56 Desinfectado.
A0014572.exe C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1 Win32.Virut.56 Desinfectado.
A0014573.exe C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1 Win32.Virut.56 Desinfectado.
A0014574.scr C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1 Win32.Virut.56 Desinfectado.
A0014575.exe C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1 Win32.Virut.56 Desinfectado.
A0014576.exe C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1 Win32.Virut.56 Desinfectado.
A0014577.exe C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1 Win32.Virut.56 Desinfectado.
A0014578.exe C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1 Win32.Virut.56 Desinfectado.
A0014579.exe C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1 Win32.Virut.56 Desinfectado.
A0014580.exe C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1 Win32.Virut.56 Desinfectado.
A0014581.exe C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1 Trojan.DownLoad.29459 Eliminado.
A0014582.exe C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1 Win32.Virut.56 Desinfectado.
A0014583.exe C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1 Win32.Virut.56 Desinfectado.
A0014584.exe C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1 Win32.Virut.56 Desinfectado.
A0014585.exe C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1 Win32.Virut.56 Desinfectado.
A0014586.exe C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1 Win32.Virut.56 Desinfectado.
A0014587.exe C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1 Win32.Virut.56 Desinfectado.
A0014588.exe C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1 Win32.Virut.56 Desinfectado.
A0014589.exe C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1 Win32.Virut.56 Desinfectado.
A0014589.exe C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1 Trojan.DownLoad.35111 Eliminado.
A0014590.exe C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1 Win32.Virut.56 Desinfectado.
A0014590.exe C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1 Trojan.DownLoad.35111 Eliminado.
A0014591.exe C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1 Win32.Virut.56 Desinfectado.
A0014592.exe C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1 Win32.Virut.56 Desinfectado.
A0014593.exe C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1 Win32.Virut.56 Desinfectado.
A0014594.exe C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1 Win32.Virut.56 Desinfectado.
dla.exe C:\WINDOWS Win32.Virut.56 Desinfectado.
hh.exe C:\WINDOWS Win32.Virut.56 Desinfectado.
InstFunc.exe C:\WINDOWS Win32.Virut.56 Desinfectado.
IsUn0416.exe C:\WINDOWS Win32.Virut.56 Desinfectado.
IsUninst.exe C:\WINDOWS Win32.Virut.56 Desinfectado.
NOTEPAD.EXE C:\WINDOWS Win32.Virut.56 Desinfectado.
regedit.exe C:\WINDOWS Win32.Virut.56 Desinfectado.
setdebug.exe C:\WINDOWS Win32.Virut.56 Desinfectado.
sm56hlpr.exe C:\WINDOWS Win32.Virut.56 Desinfectado.
TASKMAN.EXE C:\WINDOWS Win32.Virut.56 Desinfectado.
twunk_32.exe C:\WINDOWS Win32.Virut.56 Desinfectado.
unin0416.exe C:\WINDOWS Win32.Virut.56 Desinfectado.
winhlp32.exe C:\WINDOWS Win32.Virut.56 Desinfectado.
msiexec.exe C:\WINDOWS\$MSI31Uninstall_KB893803v2$ Win32.Virut.56 Desinfectado.
msmsgs.exe C:\WINDOWS\$NtUninstallKB887472$ Win32.Virut.56 Desinfectado.
hh.exe C:\WINDOWS\$NtUninstallKB896358$ Win32.Virut.56 Desinfectado.
spoolsv.exe C:\WINDOWS\$NtUninstallKB896423$ Win32.Virut.56 Desinfectado.
telnet.exe C:\WINDOWS\$NtUninstallKB896428$ Win32.Virut.56 Desinfectado.
iedw.exe C:\WINDOWS\$NtUninstallKB896688$ Win32.Virut.56 Desinfectado.
migregdb.exe C:\WINDOWS\$NtUninstallKB902400$ Win32.Virut.56 Desinfectado.
iedw.exe C:\WINDOWS\$NtUninstallKB905915$ Win32.Virut.56 Desinfectado.
iedw.exe C:\WINDOWS\$NtUninstallKB912945$ Win32.Virut.56 Desinfectado.
agentsvr.exe C:\WINDOWS\$NtUninstallKB920213$ Win32.Virut.56 Desinfectado.
fltmc.exe C:\WINDOWS\$NtUninstallKB922582$ Win32.Virut.56 Desinfectado.
tzchange.exe C:\WINDOWS\$NtUninstallKB933360$ Win32.Virut.56 Desinfectado.
explorer.exe C:\WINDOWS\$NtUninstallKB938828$ Win32.Virut.56 Desinfectado.
tzchange.exe C:\WINDOWS\$NtUninstallKB942763$ Win32.Virut.56 Desinfectado.
iedw.exe C:\WINDOWS\$NtUninstallKB950759$ Win32.Virut.56 Desinfectado.
tzchange.exe C:\WINDOWS\$NtUninstallKB951072-v2$ Win32.Virut.56 Desinfectado.
tzchange.exe C:\WINDOWS\$NtUninstallKB955839$ Win32.Virut.56 Desinfectado.
dwusplay.exe C:\WINDOWS\Downloaded Program Files Win32.Virut.56 Desinfectado.
NewShortcut11_0AD604BD75F940F88EFF81C9FDAF2FA2.exe C:\WINDOWS\Installer\{0AD604BD-75F9-40F8-8EFF-81C9FDAF2FA2} Win32.Virut.56 Desinfectado.
NewShortcut1_0AD604BD75F940F88EFF81C9FDAF2FA2.exe C:\WINDOWS\Installer\{0AD604BD-75F9-40F8-8EFF-81C9FDAF2FA2} Win32.Virut.56 Desinfectado.
HPSUShortcut2_936C42D08CEE4BDFB8CEC4BDC93C6CF8_1.exe C:\WINDOWS\Installer\{15EE79F4-4ED1-4267-9B0F-351009325D7D} Win32.Virut.56 Desinfectado.
NewShortcut1.A6CC6977_F7B4_4C0B_9510_BCD847D4BDB2.exe C:\WINDOWS\Installer\{30C19FF2-7FBA-4d09-B9DE-1659977F64F6} Win32.Virut.56 Desinfectado.
accicons.exe C:\WINDOWS\Installer\{90110416-6000-11D3-8CFE-0150048383C9} Win32.Virut.56 Desinfectado.
inficon.exe C:\WINDOWS\Installer\{90110416-6000-11D3-8CFE-0150048383C9} Win32.Virut.56 Desinfectado.
misc.exe C:\WINDOWS\Installer\{90110416-6000-11D3-8CFE-0150048383C9} Win32.Virut.56 Desinfectado.
outicon.exe C:\WINDOWS\Installer\{90110416-6000-11D3-8CFE-0150048383C9} Win32.Virut.56 Desinfectado.
pptico.exe C:\WINDOWS\Installer\{90110416-6000-11D3-8CFE-0150048383C9} Win32.Virut.56 Desinfectado.
pubs.exe C:\WINDOWS\Installer\{90110416-6000-11D3-8CFE-0150048383C9} Win32.Virut.56 Desinfectado.
wordicon.exe C:\WINDOWS\Installer\{90110416-6000-11D3-8CFE-0150048383C9} Win32.Virut.56 Desinfectado.
xlicons.exe C:\WINDOWS\Installer\{90110416-6000-11D3-8CFE-0150048383C9} Win32.Virut.56 Desinfectado.
fpicon.exe C:\WINDOWS\Installer\{90170416-6000-11D3-8CFE-0150048383C9} Win32.Virut.56 Desinfectado.
misc.exe C:\WINDOWS\Installer\{90170416-6000-11D3-8CFE-0150048383C9} Win32.Virut.56 Desinfectado.
agentsvr.exe C:\WINDOWS\msagent Win32.Virut.56 Desinfectado.
HelpCtr.exe C:\WINDOWS\pchealth\helpctr\binaries Win32.Virut.56 Desinfectado.
HelpSvc.exe C:\WINDOWS\pchealth\helpctr\binaries Win32.Virut.56 Desinfectado.
msconfig.exe C:\WINDOWS\pchealth\helpctr\binaries Win32.Virut.56 Desinfectado.
6to4v32.dll C:\WINDOWS\system32 Trojan.DownLoad.35600 Eliminado.
accwiz.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.
actmovie.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.
ahui.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.
Apiload.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.
arp.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.
at.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.
atmadm.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.
attrib.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.
auditusr.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.
blastcln.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.
bootok.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.
bootvrfy.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.
cacls.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.
calc.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.
charmap.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.
chkdsk.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.
chkntfs.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.
cidaemon.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.
ckcnv.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.
cleanmgr.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.
cliconfg.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.
clipbrd.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.
clspack.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.
cmd.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.
cmdl32.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.
cmmon32.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.
cmstp.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.
comp.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.
compact.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.
conime.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.
control.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.
convert.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.
cscript.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.
dcomcnfg.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.
ddeshare.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.
defrag.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.
dfrgfat.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.
dfrgntfs.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.
diantz.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.
diskpart.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.
diskperf.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.
dllhst3g.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.
dmremote.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.
dncyool64.sys C:\WINDOWS\system32 Trojan.Click.25824 Eliminado.
doskey.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.
dpcxool64.sys C:\WINDOWS\system32 Trojan.Siggen.2215 Eliminado.
dplaysvr.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.
dpnsvr.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.
dpvsetup.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.
drwtsn32.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.
dumprep.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.
dvdplay.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.
dvdupgrd.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.
dwwin.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.
dxdiag.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.
esentutl.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.
eudcedit.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.
eventvwr.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.
expand.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.
extrac32.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.
fc.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.
find.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.
findstr.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.
finger.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.
fixmapi.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.
fltmc.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.
fontview.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.
forcedos.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.
freecell.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.
fsquirt.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.
fsutil.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.
ftp.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.
grpconv.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.
help.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.
hostname.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.
iexpress.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.
ipconfig.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.
ipsec6.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.
ipv6.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.
ipxroute.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.
java.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.
javaw.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.
javaws.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.
jdbgmgr.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.
JETCOMP.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.
jview.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.
label.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.
lights.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.
lnkstub.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.
lodctr.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.
logagent.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.
logman.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.
logoff.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.
lpq.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.
lpr.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.
magnify.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.
makecab.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.
migpwd.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.
mmc.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.
mobsync.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.
mountvol.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.
mplay32.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.
mpnotify.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.
mrinfo.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.
msg.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.
mshearts.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.
mshta.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.
msncache.dll.877023 C:\WINDOWS\system32 Trojan.DownLoad.35945 Eliminado.
mspaint.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.
msswchx.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.
mstinit.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.
mstsc.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.
narrator.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.
nbtstat.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.
nddeapir.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.
net.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.
net1.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.
netsetup.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.
netsh.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.
netstat.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.
notepad.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.
nslookup.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.
ntvdm.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.
odbcad32.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.
odbcconf.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.
osk.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.
osuninst.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.
packager.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.
pathping.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.
pentnt.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.
perfmon.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.
ping.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.
ping6.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.
powercfg.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.
print.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.
progman.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.
proquota.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.
proxycfg.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.
qappsrv.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.
qprocess.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.
qwinsta.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.
rasautou.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.
rasdial.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.
rasphone.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.
rcimlby.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.
rcp.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.
rdpclip.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.
rdsaddin.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.
rdshost.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.
recover.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.
reg.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.
regedt32.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.
regini.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.
regwiz.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.
replace.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.
reset.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.
rexec.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.
route.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.
routemon.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.
rsh.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.
rsm.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.
rsmsink.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.
rsmui.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.
rtcshare.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.
RTLCPL.EXE C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.
runas.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.
runonce.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.
rwinsta.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.
savedump.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.
sc.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.
scrnsave.scr C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.
sdbinst.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.
sethc.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.
setup.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.
sfc.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.
shadow.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.
shrpubw.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.
shutdown.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.
sigverif.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.
skeys.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.
smbinst.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.
sndrec32.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.
sndvol32.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.
sol.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.
sort.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.
spider.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.
spnpinst.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.
ss3dfo.scr C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.
ssbezier.scr C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.
ssflwbox.scr C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.
ssmarque.scr C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.
ssmypics.scr C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.
ssmyst.scr C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.
sspipes.scr C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.
ssstars.scr C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.
sstext3d.scr C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.
stimon.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.
subst.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.
syncapp.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.
syskey.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.
sysocmgr.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.
systray.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.
t1p0_598990259786.b1k C:\WINDOWS\system32 Trojan.Click.25770 Eliminado.
taskman.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.
taskmgr.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.
tcmsetup.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.
tcpsvcs.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.
telnet.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.
tftp.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.
tourstart.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.
tpsaxyd.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.
tracert.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.
tracert6.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.
tscon.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.
tscupgrd.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.
tsdiscon.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.
tskill.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.
tsshutdn.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.
tzchange.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.
uha.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.
unlodctr.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.
upnpcont.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.
usrmlnka.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.
usrprbda.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.
usrshuta.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.
utilman.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.
verifier.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.
vssadmin.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.
w.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.
w.exe C:\WINDOWS\system32 Trojan.DownLoad.35733 Eliminado.
w32tm.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.
wextract.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.
wiaacmgr.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.
winhlp32.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.
winmine.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.
winmsd.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.
winver.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.
WISPTIS.EXE C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.
wjview.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.
wpabaln.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.
wpnpinst.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.
write.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.
wscntfy.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.
wscript.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.
wtukd32.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.
wupdmgr.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.
XC3SUNIN.EXE C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.
xcopy.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.
d.dll C:\WINDOWS\system32\dk Tool.Moo
lam1.exe C:\WINDOWS\system32\dk Program.PrcView.3725
lam2.exe C:\WINDOWS\system32\dk Tool.Dasniff
lmz.exe C:\WINDOWS\system32\dk IRC.Generic.147 Eliminado.
27296716.INS C:\WINDOWS\system32\drive Program.mIRC.603
31861617.INS C:\WINDOWS\system32\drive Program.mIRC.603
37224256.INS C:\WINDOWS\system32\drive Program.mIRC.603
7058408.INS C:\WINDOWS\system32\drive Program.mIRC.603
8204747.INS C:\WINDOWS\system32\drive Program.mIRC.603
86102025.INS C:\WINDOWS\system32\drive Program.mIRC.603
calling.com C:\WINDOWS\system32\drive Program.mIRC.603
d.dll C:\WINDOWS\system32\drive Tool.Moo
lam1.exe C:\WINDOWS\system32\drive Program.PrcView.3725
lam2.exe C:\WINDOWS\system32\drive Tool.Dasniff
lmz.exe C:\WINDOWS\system32\drive IRC.Generic.147 Eliminado.
rstrui.exe C:\WINDOWS\system32\Restore Win32.Virut.56 Desinfectado.
migwiz.exe C:\WINDOWS\system32\usmt Win32.Virut.56 Desinfectado.
wmiprvse.exe C:\WINDOWS\system32\wbem Win32.Virut.56 Desinfectado.
nncdndfdfg48.exe\dpcxool64.sys C:\WINDOWS\Temp\nncdndfdfg48.exe Trojan.Siggen.2215
nncdndfdfg48.exe C:\WINDOWS\Temp O arquivo contém objectos infectados
VRT3.tmp C:\WINDOWS\Temp Trojan.DownLoad.35934 Eliminado.
----------------------------------------------------------------------------------
No scan do Kaspersky, verifiquei inicialmente (por acidente) apenas as três primeiras opções do menu. Em seguida realizei o scan com todos os itens. Coloquei aqui os dois relatórios, ok?
Scan
----
Scanned: 1400
Detected: 2
Untreated: 0
Start time: 29/4/2009 15:54:20
Duration: 00:02:28
Finish time: 29/4/2009 15:56:48
Detected
--------
Status Object
------ ------
deleted: Trojan program Rootkit.Win32.Agent.jbb File: c:\windows\system32\drivers\fngkvbb.sys
deleted: Trojan program Backdoor.Win32.IRCBot.dsh File: c:\windows\system32\drive\calling.com
Events
------
Time Name Status Reason
---- ---- ------ ------
29/4/2009 15:54:54 File: c:\windows\system32\drive\calling.com detected Trojan program 'Backdoor.Win32.IRCBot.dsh'
29/4/2009 15:54:55 File: c:\windows\system32\drive\calling.com not disinfected postponed
29/4/2009 15:55:28 File: c:\windows\system32\drivers\fngkvbb.sys detected Trojan program 'Rootkit.Win32.Agent.jbb'
29/4/2009 15:55:28 File: c:\windows\system32\drivers\fngkvbb.sys not disinfected postponed
29/4/2009 15:56:02 File: c:\windows\system32\drive\calling.com detected Trojan program 'Backdoor.Win32.IRCBot.dsh'
29/4/2009 15:56:37 Startup object: HKEY_LOCAL_MACHINE\Software\Classes\ChatFile\shell\open\command\ disinfected Trojan program 'Backdoor.Win32.IRCBot.dsh'
29/4/2009 15:56:38 Startup object: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\winreg disinfected Trojan program 'Backdoor.Win32.IRCBot.dsh'
29/4/2009 15:56:38 Startup object: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\msennger disinfected Trojan program 'Backdoor.Win32.IRCBot.dsh'
29/4/2009 15:56:38 Startup object: HKEY_USERS\S-1-5-21-3748263854-567553014-1295907222-1007\Software\Microsoft\Windows\CurrentVersion\Run\hohohhaha disinfected Trojan program 'Backdoor.Win32.IRCBot.dsh'
29/4/2009 15:56:39 File: c:\windows\system32\drive\calling.com deleted
29/4/2009 15:56:39 File: c:\windows\system32\drivers\fngkvbb.sys detected Trojan program 'Rootkit.Win32.Agent.jbb'
29/4/2009 15:56:47 Startup object: HKLM\System\ControlSet001\Services\yqcwdncn\yqcwdncn deleted
29/4/2009 15:56:47 Startup object: HKLM\System\ControlSet003\Services\yqcwdncn\yqcwdncn deleted
29/4/2009 15:56:48 File: c:\windows\system32\drivers\fngkvbb.sys deleted
Statistics
----------
Object Scanned Detected Untreated Deleted Moved to Quarantine Archives Packed files Password protected Corrupted
------ ------- -------- --------- ------- ------------------- -------- ------------ ------------------ ---------
Settings
--------
Parameter Value
--------- -----
Security Level Recommended
Action Prompt for action when the scan is complete
Run mode Manually
File types Scan all files
Scan only new and changed files No
Scan archives All
Scan embedded OLE objects All
Skip if object is larger than No
Skip if scan takes longer than No
Parse email formats No
Scan password-protected archives No
Enable iChecker technology No
Enable iSwift technology No
Show detected threats on "Detected" tab Yes
Rootkits search Yes
Deep rootkits search No
Use heuristic analyzer Yes
Quarantine
----------
Status Object Size Added
------ ------ ---- -----
Backup
------
Status Object Size
------ -----------------
RELATÓRIO KASPERSKY PARTE 2 (TODOS OS ITENS DO MENU):
Scan
----
Scanned: 425485
Detected: 139
Untreated: 0
Start time: 29/4/2009 16:00:50
Duration: 02:49:38
Finish time: 29/4/2009 18:50:28
Detected
--------
Status Object
------ ------
disinfected: Trojan program Trojan-Clicker.HTML.IFrame.aga File: C:\Documents and Settings\Carlos\Meus documentos\Diet Calculator, Body Fat Calculator.htm
deleted: Trojan program Backdoor.Win32.IRCBot.dsh File: C:\ckc.exe//calling.com
deleted: Trojan program Backdoor.IRC.Zapchast.zwqy File: C:\ckc.exe//lmz.exe
deleted: Trojan program Backdoor.IRC.Zapchast.zwqz File: C:\ckc.exe//lmz1.bmp
deleted: Trojan program Backdoor.IRC.Zapchast.zwra File: C:\ckc.exe//lmz2.bmp
deleted: Trojan program Backdoor.IRC.Zapchast.zwrb File: C:\ckc.exe//lmz3.bmp
deleted: Trojan program Backdoor.IRC.Zapchast.zwrb File: C:\ddram.exe//lmz3.bmp
deleted: Trojan program Backdoor.IRC.Zapchast.zwqz File: C:\ddram.exe//lmz1.bmp
deleted: Trojan program Backdoor.IRC.Zapchast.zwra File: C:\ddram.exe//lmz2.bmp
deleted: Trojan program Backdoor.IRC.Zapchast.zwqy File: C:\ddram.exe//lmz.exe
deleted: Trojan program Backdoor.IRC.Zapchast.zwrb File: C:\hah.exe
deleted: Trojan program Trojan.Win32.Agent2.hoc File: C:\nfhusmai.exe
deleted: Trojan program Backdoor.IRC.Zapchast.zwrb File: C:\rq.exe
deleted: Trojan program Backdoor.IRC.Zapchast.zwrb File: C:\sysm.exe//lmz3.bmp
disinfected: Trojan program Trojan-Clicker.HTML.IFrame.aga File: C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\pm.html
disinfected: Trojan program Trojan-Clicker.HTML.IFrame.aga File: C:\Arquivos de programas\HP\Digital Imaging\hp deskjet 3900 series\data\readme.html
disinfected: Trojan program Trojan-Clicker.HTML.IFrame.aga File: C:\Arquivos de programas\HT NETWORKS\HT Player\Pomoc.html
deleted: Trojan program Trojan-Spy.Win32.AutoIt.c File: C:\Documents and Settings\Carlos\Configurações locais\Dados de aplicativos\websvr.exe
disinfected: Trojan program Trojan-Clicker.HTML.IFrame.aga File: C:\Documents and Settings\Carlos\Configurações locais\Temp\Temporary Internet Files\Content.IE5\STUJ8LAN\iframe[1].htm
disinfected: Trojan program Trojan-Clicker.HTML.IFrame.aga File: C:\Documents and Settings\Carlos\Configurações locais\Temporary Internet Files\Content.IE5\3ASVVPWL\069[1].htm
disinfected: Trojan program Trojan-Clicker.HTML.IFrame.aga File: C:\Documents and Settings\Carlos\Configurações locais\Temporary Internet Files\Content.IE5\3ASVVPWL\184[1].htm
deleted: Trojan program Trojan.Win32.Agent2.hoc File: C:\Documents and Settings\Carlos\Configurações locais\Temporary Internet Files\Content.IE5\93R7H9GE\bqwkgherb[1].htm
deleted: Trojan program Trojan-Downloader.JS.Plif.a File: C:\Documents and Settings\Carlos\Configurações locais\Temporary Internet Files\Content.IE5\93R7H9GE\rc[1].htm
deleted: Trojan program Trojan-Downloader.JS.Plif.a File: C:\Documents and Settings\Carlos\Configurações locais\Temporary Internet Files\Content.IE5\93R7H9GE\rc[2].htm
deleted: Trojan program Trojan-Downloader.JS.Plif.a File: C:\Documents and Settings\Carlos\Configurações locais\Temporary Internet Files\Content.IE5\93R7H9GE\rc[3].htm
deleted: Trojan program Trojan-Downloader.JS.Plif.a File: C:\Documents and Settings\Carlos\Configurações locais\Temporary Internet Files\Content.IE5\93R7H9GE\rc[4].htm
deleted: Trojan program Trojan.Win32.Agent2.hoc File: C:\Documents and Settings\Carlos\Configurações locais\Temporary Internet Files\Content.IE5\C1MB4L2N\ddsuper3[1].htm
disinfected: Trojan program Trojan-Clicker.HTML.IFrame.aga File: C:\Documents and Settings\Carlos\Configurações locais\Temporary Internet Files\Content.IE5\C1MB4L2N\index[1].htm
disinfected: Trojan program Trojan-Clicker.HTML.IFrame.aga File: C:\Documents and Settings\Carlos\Configurações locais\Temporary Internet Files\Content.IE5\CJ0J27MV\poliovirus[1].htm
deleted: Trojan program Trojan.Win32.Agent2.hoc File: C:\Documents and Settings\Carlos\Configurações locais\Temporary Internet Files\Content.IE5\F650ZKLP\iolvvift[1].htm
disinfected: Trojan program Trojan-Clicker.HTML.IFrame.aga File: C:\Documents and Settings\Carlos\Configurações locais\Temporary Internet Files\Content.IE5\F650ZKLP\redirect[1].htm
deleted: Trojan program Trojan.Win32.Agent2.hoc File: C:\Documents and Settings\Carlos\Configurações locais\Temporary Internet Files\Content.IE5\G5M7K5YR\hnwtu[1].htm
disinfected: Trojan program Trojan-Clicker.HTML.IFrame.aga File: C:\Documents and Settings\Carlos\Configurações locais\Temporary Internet Files\Content.IE5\KL2N0D6R\042[1].htm
disinfected: Trojan program Trojan-Clicker.HTML.IFrame.aga File: C:\Documents and Settings\Carlos\Configurações locais\Temporary Internet Files\Content.IE5\KL2N0D6R\ListarMinhasInscricoes8d41d5b8[1].htm
disinfected: Trojan program Trojan-Clicker.HTML.IFrame.aga File: C:\Documents and Settings\Carlos\Configurações locais\Temporary Internet Files\Content.IE5\KXAXSJQZ\horaciocorral.tudoteca.com[1].htm
deleted: Trojan program Trojan.Win32.Agent2.hoc File: C:\Documents and Settings\Carlos\Configurações locais\Temporary Internet Files\Content.IE5\OR25WRMT\ahurebocmi[1].htm
deleted: Trojan program Trojan.Win32.Pakes.nju File: C:\Documents and Settings\Carlos\Configurações locais\Temporary Internet Files\Content.IE5\OR25WRMT\ddsuper0[1].htm
disinfected: Trojan program Trojan-Clicker.HTML.IFrame.aga File: C:\Documents and Settings\Carlos\Configurações locais\Temporary Internet Files\Content.IE5\OR25WRMT\Informacoes[1].htm
disinfected: Trojan program Trojan-Clicker.HTML.IFrame.aga File: C:\Documents and Settings\Carlos\Configurações locais\Temporary Internet Files\Content.IE5\RPG11Y7E\Index[2].htm
deleted: Trojan program Trojan.Win32.Agent2.hoc File: C:\Documents and Settings\Carlos\Configurações locais\Temporary Internet Files\Content.IE5\SBLP5O15\pifccpdnab[1].htm
deleted: Trojan program Trojan.Win32.Agent2.hoc File: C:\Documents and Settings\Carlos\Configurações locais\Temporary Internet Files\Content.IE5\SN6R49Q3\djspmz[1].htm
disinfected: Trojan program Trojan-Clicker.HTML.IFrame.aga File: C:\Documents and Settings\Carlos\Configurações locais\Temporary Internet Files\Content.IE5\W1QV4927\FaleConosco[1].htm
disinfected: Trojan program Trojan-Clicker.HTML.IFrame.aga File: C:\Documents and Settings\Carlos\Desktop\Blackwell Synergy - Scand J Immunol, Volume 66 Issue 2-3 Page 106-112, August-September 2007 (Full Text).htm
disinfected: Trojan program Trojan-Clicker.HTML.IFrame.aga File: C:\Documents and Settings\Carlos\Desktop\How to Start Jogging.htm
disinfected: Trojan program Trojan-Clicker.HTML.IFrame.aga File: C:\Documents and Settings\Carlos\Desktop\Radiofarmácia - IPEN\Potenciais orientadores.htm
deleted: Trojan program Backdoor.Win32.IRCBot.dsh File: C:\Documents and Settings\Carlos\DoctorWeb\Quarantine\ckc.exe//calling.com
deleted: Trojan program Backdoor.IRC.Zapchast.zwqy File: C:\Documents and Settings\Carlos\DoctorWeb\Quarantine\ckc.exe//lmz.exe
deleted: Trojan program Backdoor.IRC.Zapchast.zwqz File: C:\Documents and Settings\Carlos\DoctorWeb\Quarantine\ckc.exe//lmz1.bmp
deleted: Trojan program Backdoor.IRC.Zapchast.zwra File: C:\Documents and Settings\Carlos\DoctorWeb\Quarantine\ckc.exe//lmz2.bmp
deleted: Trojan program Backdoor.IRC.Zapchast.zwrb File: C:\Documents and Settings\Carlos\DoctorWeb\Quarantine\ckc.exe//lmz3.bmp
deleted: Trojan program Backdoor.IRC.Zapchast.zwrb File: C:\Documents and Settings\Carlos\DoctorWeb\Quarantine\ddram.exe//lmz3.bmp
deleted: Trojan program Backdoor.IRC.Zapchast.zwqz File: C:\Documents and Settings\Carlos\DoctorWeb\Quarantine\ddram.exe//lmz1.bmp
deleted: Trojan program Backdoor.IRC.Zapchast.zwra File: C:\Documents and Settings\Carlos\DoctorWeb\Quarantine\ddram.exe//lmz2.bmp
deleted: Trojan program Backdoor.IRC.Zapchast.zwqy File: C:\Documents and Settings\Carlos\DoctorWeb\Quarantine\ddram.exe//lmz.exe
deleted: Trojan program Backdoor.IRC.Zapchast.zwrb File: C:\Documents and Settings\Carlos\DoctorWeb\Quarantine\hah.exe
deleted: Trojan program Trojan.Win32.VB.obn File: C:\Documents and Settings\Carlos\DoctorWeb\Quarantine\nncdndfdfg48.exe/dpcxool64.sys
deleted: Trojan program Trojan-Downloader.JS.Plif.a File: C:\Documents and Settings\Carlos\DoctorWeb\Quarantine\rc[1].htm
deleted: Trojan program Trojan-Downloader.JS.Plif.a File: C:\Documents and Settings\Carlos\DoctorWeb\Quarantine\rc[2].htm
deleted: Trojan program Trojan-Downloader.JS.Plif.a File: C:\Documents and Settings\Carlos\DoctorWeb\Quarantine\rc[3].htm
deleted: Trojan program Trojan-Downloader.JS.Plif.a File: C:\Documents and Settings\Carlos\DoctorWeb\Quarantine\rc[4].htm
deleted: Trojan program Backdoor.IRC.Zapchast.zwrb File: C:\Documents and Settings\Carlos\DoctorWeb\Quarantine\rq.exe
deleted: Trojan program Backdoor.IRC.Zapchast.zwrb File: C:\Documents and Settings\Carlos\DoctorWeb\Quarantine\sysm.exe//lmz3.bmp
deleted: Trojan program Trojan-Spy.Win32.AutoIt.c File: C:\Documents and Settings\Carlos\DoctorWeb\Quarantine\websvr.exe
deleted: Trojan program Trojan-Spy.Win32.AutoIt.c File: C:\Documents and Settings\Carlos\DoctorWeb\Quarantine\websvr_0.exe
disinfected: Trojan program Trojan-Clicker.HTML.IFrame.aga File: C:\Program Files\Activision\Rome - Total War\Docs\Help\Readme\readme.htm
deleted: Trojan program Trojan-GameThief.Win32.WOW.ihf File: C:\Program Files\ThunMail\testabd.ex_
deleted: Trojan program Trojan-Downloader.Win32.Agent.brzt File: C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1\A0001103.sys
deleted: Trojan program Trojan-GameThief.Win32.WOW.ihf File: C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1\A0001121.exe
deleted: Trojan program Trojan.Win32.Agent2.iho File: C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1\A0002198.dll
deleted: Trojan program Trojan-Downloader.Win32.Delf.tka File: C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1\A0004169.sys
deleted: Trojan program Trojan-Downloader.Win32.Delf.tlp File: C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1\A0007213.sys
deleted: Trojan program Trojan.Win32.Obfuscated.aeob File: C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1\A0008211.dll//PE_Patch.UPX//UPX
deleted: Trojan program Rootkit.Win32.Pakes.pf File: C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1\A0008214.sys
deleted: Trojan program Trojan-Downloader.Win32.Delf.tlq File: C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1\A0009210.sys
deleted: Trojan program Trojan-Downloader.Win32.Delf.tlq File: C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1\A0009214.exe
deleted: Trojan program Trojan.Win32.Agent.cdah File: C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1\A0010211.sys
deleted: Trojan program Trojan.Win32.Agent.cdah File: C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1\A0010215.exe
deleted: Trojan program Rootkit.Win32.Small.hz File: C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1\A0011223.sys
deleted: Trojan program Rootkit.Win32.Small.hz File: C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1\A0014453.sys
deleted: Trojan program Backdoor.Win32.IEbooot.bwg File: C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1\A0014456.sys
deleted: Trojan program Trojan.Win32.Agent2.ipp File: C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1\A0014491.dll
deleted: Trojan program Trojan.Win32.VB.nzr File: C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1\A0014500.old
deleted: Trojan program Backdoor.Win32.IRCBot.dsh File: C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1\A0014609.com
deleted: Trojan program Rootkit.Win32.Agent.jbb File: C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1\A0014610.sys
deleted: Trojan program Backdoor.Win32.IRCBot.dsh File: C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1\A0014612.exe//calling.com
deleted: Trojan program Backdoor.IRC.Zapchast.zwqy File: C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1\A0014612.exe//lmz.exe
deleted: Trojan program Backdoor.IRC.Zapchast.zwqz File: C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1\A0014612.exe//lmz1.bmp
deleted: Trojan program Backdoor.IRC.Zapchast.zwra File: C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1\A0014612.exe//lmz2.bmp
deleted: Trojan program Backdoor.IRC.Zapchast.zwrb File: C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1\A0014612.exe//lmz3.bmp
deleted: Trojan program Backdoor.IRC.Zapchast.zwrb File: C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1\A0014613.exe//lmz3.bmp
deleted: Trojan program Backdoor.IRC.Zapchast.zwqz File: C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1\A0014613.exe//lmz1.bmp
deleted: Trojan program Backdoor.IRC.Zapchast.zwra File: C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1\A0014613.exe//lmz2.bmp
deleted: Trojan program Backdoor.IRC.Zapchast.zwqy File: C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1\A0014613.exe//lmz.exe
deleted: Trojan program Trojan.Win32.Agent2.hoc File: C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1\A0014614.exe
deleted: Trojan program Backdoor.IRC.Zapchast.zwrb File: C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1\A0014615.exe//lmz3.bmp
deleted: Trojan program Trojan-Spy.Win32.AutoIt.c File: C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1\A0014616.exe
deleted: Trojan program Backdoor.IRC.Zapchast.zwrb File: C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1\A0014617.exe
deleted: Trojan program Backdoor.IRC.Zapchast.zwqy File: C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1\A0014618.exe
deleted: Trojan program Trojan.Win32.VB.obn File: C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1\A0014619.exe/dpcxool64.sys
deleted: Trojan program not-a-virus:RiskTool.Win32.HideWindows File: C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1\A0014620.exe
deleted: Trojan program Trojan-Spy.Win32.AutoIt.c File: C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1\A0014621.exe
deleted: Trojan program Trojan-Spy.Win32.AutoIt.c File: C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1\A0014622.exe
disinfected: Trojan program Trojan-Clicker.HTML.IFrame.aga File: C:\WINDOWS\Help\ciadmin.htm
disinfected: Trojan program Trojan-Clicker.HTML.IFrame.aga File: C:\WINDOWS\Help\migwiz.htm
disinfected: Trojan program Trojan-Clicker.HTML.IFrame.aga File: C:\WINDOWS\Help\migwiz2.htm
disinfected: Trojan program Trojan-Clicker.HTML.IFrame.aga File: C:\WINDOWS\pchealth\helpctr\System\blurbs\searchtips.htm
disinfected: Trojan program Trojan-Clicker.HTML.IFrame.aga File: C:\WINDOWS\pchealth\helpctr\System\errors\connection.htm
disinfected: Trojan program Trojan-Clicker.HTML.IFrame.aga File: C:\WINDOWS\system32\config\systemprofile\Configurações locais\Temporary Internet Files\Content.IE5\WPMN4XI7\ToastMini[1].htm
deleted: Trojan program Backdoor.IRC.Zapchast.zwqz File: C:\WINDOWS\system32\dk\lmz1.bmp
deleted: Trojan program Backdoor.Win32.IRCBot.dsh File: C:\WINDOWS\system32\drive\27296716.INS
deleted: Trojan program Backdoor.Win32.IRCBot.dsh File: C:\WINDOWS\system32\drive\31861617.INS
deleted: Trojan program Backdoor.Win32.IRCBot.dsh File: C:\WINDOWS\system32\drive\37224256.INS
deleted: Trojan program Backdoor.Win32.IRCBot.dsh File: C:\WINDOWS\system32\drive\7058408.INS
deleted: Trojan program Backdoor.Win32.IRCBot.dsh File: C:\WINDOWS\system32\drive\8204747.INS
deleted: Trojan program Backdoor.Win32.IRCBot.dsh File: C:\WINDOWS\system32\drive\86102025.INS
deleted: Trojan program Backdoor.IRC.Zapchast.zwqz File: C:\WINDOWS\system32\drive\lmz1.bmp
deleted: Trojan program Trojan-Downloader.Win32.FraudLoad.vqzq File: C:\WINDOWS\Temp\BN13.tmp
deleted: Trojan program Trojan-Downloader.Win32.FraudLoad.vqzq File: C:\WINDOWS\Temp\BN14.tmp
deleted: Trojan program Trojan-Downloader.Win32.FraudLoad.vqzq File: C:\WINDOWS\Temp\BN15.tmp
deleted: Trojan program Trojan-Downloader.Win32.FraudLoad.vqzq File: C:\WINDOWS\Temp\BN27.tmp
deleted: Trojan program Trojan-Downloader.Win32.FraudLoad.vqzq File: C:\WINDOWS\Temp\BNC.tmp
deleted: Trojan program Trojan.Win32.VB.obn File: C:\WINDOWS\Temp\nncdndfdfg48.exe/dpcxool64.sys
deleted: Trojan program Trojan.Win32.Agent2.iqq File: C:\WINDOWS\Temp\VRT4.tmp
deleted: Trojan program Trojan.Win32.Agent2.iqq File: C:\WINDOWS\Temp\VRT7.tmp
disinfected: Trojan program Trojan-Clicker.HTML.IFrame.aga File: C:\WINDOWS\Web\tip.htm
deleted: Trojan program Backdoor.Win32.IRCBot.dsh File: C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1\A0014623.INS
deleted: Trojan program Backdoor.Win32.IRCBot.dsh File: C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1\A0014624.INS
deleted: Trojan program Backdoor.Win32.IRCBot.dsh File: C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1\A0014625.INS
deleted: Trojan program Backdoor.Win32.IRCBot.dsh File: C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1\A0014626.INS
deleted: Trojan program Backdoor.Win32.IRCBot.dsh File: C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1\A0014627.INS
deleted: Trojan program Backdoor.Win32.IRCBot.dsh File: C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1\A0014628.INS
deleted: Trojan program Backdoor.IRC.Zapchast.zwrb File: C:\Documents and Settings\Carlos\DoctorWeb\Quarantine\ckc.exe
deleted: Trojan program Backdoor.IRC.Zapchast.zwqy File: C:\Documents and Settings\Carlos\DoctorWeb\Quarantine\ddram.exe
deleted: Trojan program not-a-virus:RiskTool.Win32.HideWindows File: C:\Documents and Settings\Carlos\DoctorWeb\Quarantine\sysm.exe
deleted: Trojan program Backdoor.IRC.Zapchast.zwrb File: C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1\A0014612.exe
deleted: Trojan program Backdoor.IRC.Zapchast.zwqy File: C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1\A0014613.exe
deleted: Trojan program not-a-virus:RiskTool.Win32.HideWindows File: C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1\A0014615.exe
deleted: Trojan program Trojan.Win32.VB.obn File: c:\system volume information\_restore{d0518e27-9216-4643-bef1-64c323f10013}\rp1\a0014619.exe
deleted: Trojan program Trojan.Win32.VB.obn File: c:\windows\temp\nncdndfdfg48.exe
Events
------
Time Name Status Reason
---- ---- ------ ------
29/4/2009 16:03:17 File: C:\Documents and Settings\Carlos\Meus documentos\Diet Calculator, Body Fat Calculator.htm detected Trojan program 'Trojan-Clicker.HTML.IFrame.aga'
29/4/2009 16:03:17 File: C:\Documents and Settings\Carlos\Meus documentos\Diet Calculator, Body Fat Calculator.htm not disinfected postponed
29/4/2009 16:05:21 File: C:\ckc.exe//calling.com detected Trojan program 'Backdoor.Win32.IRCBot.dsh'
29/4/2009 16:05:22 File: C:\ckc.exe//calling.com not disinfected postponed
29/4/2009 16:05:23 File: C:\ckc.exe//lmz.exe detected Trojan program 'Backdoor.IRC.Zapchast.zwqy'
29/4/2009 16:05:23 File: C:\ckc.exe//lmz1.bmp detected Trojan program 'Backdoor.IRC.Zapchast.zwqz'
29/4/2009 16:05:23 File: C:\ckc.exe//lmz2.bmp detected Trojan program 'Backdoor.IRC.Zapchast.zwra'
29/4/2009 16:05:23 File: C:\ckc.exe//lmz3.bmp detected Trojan program 'Backdoor.IRC.Zapchast.zwrb'
29/4/2009 16:05:24 File: C:\ddram.exe//lmz3.bmp detected Trojan program 'Backdoor.IRC.Zapchast.zwrb'
29/4/2009 16:05:24 File: C:\ddram.exe//lmz3.bmp not disinfected postponed
29/4/2009 16:05:26 File: C:\ddram.exe//lmz1.bmp detected Trojan program 'Backdoor.IRC.Zapchast.zwqz'
29/4/2009 16:05:26 File: C:\ddram.exe//lmz2.bmp detected Trojan program 'Backdoor.IRC.Zapchast.zwra'
29/4/2009 16:05:28 File: C:\ddram.exe//lmz.exe detected Trojan program 'Backdoor.IRC.Zapchast.zwqy'
29/4/2009 16:05:29 File: C:\hah.exe detected Trojan program 'Backdoor.IRC.Zapchast.zwrb' by hash
29/4/2009 16:05:29 File: C:\nfhusmai.exe detected Trojan program 'Trojan.Win32.Agent2.hoc'
29/4/2009 16:05:29 File: C:\nfhusmai.exe not disinfected postponed
29/4/2009 16:05:29 File: C:\rq.exe detected Trojan program 'Backdoor.IRC.Zapchast.zwrb' by hash
29/4/2009 16:05:30 File: C:\sysm.exe//lmz3.bmp detected Trojan program 'Backdoor.IRC.Zapchast.zwrb'
29/4/2009 16:05:30 File: C:\sysm.exe//lmz3.bmp not disinfected postponed
29/4/2009 16:06:45 File: C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\pm.html detected Trojan program 'Trojan-Clicker.HTML.IFrame.aga'
29/4/2009 16:06:45 File: C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\pm.html not disinfected postponed
29/4/2009 16:22:26 File: C:\Arquivos de programas\HP\Digital Imaging\hp deskjet 3900 series\data\readme.html detected Trojan program 'Trojan-Clicker.HTML.IFrame.aga'
29/4/2009 16:22:26 File: C:\Arquivos de programas\HP\Digital Imaging\hp deskjet 3900 series\data\readme.html not disinfected postponed
29/4/2009 16:22:48 File: C:\Arquivos de programas\HT NETWORKS\HT Player\Pomoc.html detected Trojan program 'Trojan-Clicker.HTML.IFrame.aga'
29/4/2009 16:22:48 File: C:\Arquivos de programas\HT NETWORKS\HT Player\Pomoc.html not disinfected postponed
29/4/2009 16:39:11 File: C:\Documents and Settings\Carlos\Configurações locais\Dados de aplicativos\websvr.exe detected Trojan program 'Trojan-Spy.Win32.AutoIt.c'
29/4/2009 16:39:12 File: C:\Documents and Settings\Carlos\Configurações locais\Dados de aplicativos\websvr.exe not disinfected postponed
29/4/2009 16:40:33 File: C:\Documents and Settings\Carlos\Configurações locais\Temp\Temporary Internet Files\Content.IE5\STUJ8LAN\iframe[1].htm detected Trojan program 'Trojan-Clicker.HTML.IFrame.aga'
29/4/2009 16:40:33 File: C:\Documents and Settings\Carlos\Configurações locais\Temp\Temporary Internet Files\Content.IE5\STUJ8LAN\iframe[1].htm not disinfected postponed
29/4/2009 16:41:15 File: C:\Documents and Settings\Carlos\Configurações locais\Temporary Internet Files\Content.IE5\3ASVVPWL\069[1].htm detected Trojan program 'Trojan-Clicker.HTML.IFrame.aga'
29/4/2009 16:41:15 File: C:\Documents and Settings\Carlos\Configurações locais\Temporary Internet Files\Content.IE5\3ASVVPWL\069[1].htm not disinfected postponed
29/4/2009 16:41:15 File: C:\Documents and Settings\Carlos\Configurações locais\Temporary Internet Files\Content.IE5\3ASVVPWL\184[1].htm detected Trojan program 'Trojan-Clicker.HTML.IFrame.aga'
29/4/2009 16:41:15 File: C:\Documents and Settings\Carlos\Configurações locais\Temporary Internet Files\Content.IE5\3ASVVPWL\184[1].htm not disinfected postponed
29/4/2009 16:42:13 File: C:\Documents and Settings\Carlos\Configurações locais\Temporary Internet Files\Content.IE5\93R7H9GE\bqwkgherb[1].htm detected Trojan program 'Trojan.Win32.Agent2.hoc'
29/4/2009 16:42:13 File: C:\Documents and Settings\Carlos\Configurações locais\Temporary Internet Files\Content.IE5\93R7H9GE\bqwkgherb[1].htm not disinfected postponed
29/4/2009 16:42:29 File: C:\Documents and Settings\Carlos\Configurações locais\Temporary Internet Files\Content.IE5\93R7H9GE\rc[1].htm detected Trojan program 'Trojan-Downloader.JS.Plif.a'
29/4/2009 16:42:29 File: C:\Documents and Settings\Carlos\Configurações locais\Temporary Internet Files\Content.IE5\93R7H9GE\rc[1].htm not disinfected postponed
29/4/2009 16:42:29 File: C:\Documents and Settings\Carlos\Configurações locais\Temporary Internet Files\Content.IE5\93R7H9GE\rc[2].htm detected Trojan program 'Trojan-Downloader.JS.Plif.a'
29/4/2009 16:42:29 File: C:\Documents and Settings\Carlos\Configurações locais\Temporary Internet Files\Content.IE5\93R7H9GE\rc[2].htm not disinfected postponed
29/4/2009 16:42:29 File: C:\Documents and Settings\Carlos\Configurações locais\Temporary Internet Files\Content.IE5\93R7H9GE\rc[3].htm detected Trojan program 'Trojan-Downloader.JS.Plif.a'
29/4/2009 16:42:29 File: C:\Documents and Settings\Carlos\Configurações locais\Temporary Internet Files\Content.IE5\93R7H9GE\rc[3].htm not disinfected postponed
29/4/2009 16:42:29 File: C:\Documents and Settings\Carlos\Configurações locais\Temporary Internet Files\Content.IE5\93R7H9GE\rc[4].htm detected Trojan program 'Trojan-Downloader.JS.Plif.a'
29/4/2009 16:42:29 File: C:\Documents and Settings\Carlos\Configurações locais\Temporary Internet Files\Content.IE5\93R7H9GE\rc[4].htm not disinfected postponed
29/4/2009 16:42:45 File: C:\Documents and Settings\Carlos\Configurações locais\Temporary Internet Files\Content.IE5\C1MB4L2N\ddsuper3[1].htm detected Trojan program 'Trojan.Win32.Agent2.hoc'
29/4/2009 16:42:45 File: C:\Documents and Settings\Carlos\Configurações locais\Temporary Internet Files\Content.IE5\C1MB4L2N\ddsuper3[1].htm not disinfected postponed
29/4/2009 16:42:49 File: C:\Documents and Settings\Carlos\Configurações locais\Temporary Internet Files\Content.IE5\C1MB4L2N\index[1].htm detected Trojan program 'Trojan-Clicker.HTML.IFrame.aga'
29/4/2009 16:42:49 File: C:\Documents and Settings\Carlos\Configurações locais\Temporary Internet Files\Content.IE5\C1MB4L2N\index[1].htm not disinfected postponed
29/4/2009 16:43:13 File: C:\Documents and Settings\Carlos\Configurações locais\Temporary Internet Files\Content.IE5\CJ0J27MV\poliovirus[1].htm detected Trojan program 'Trojan-Clicker.HTML.IFrame.aga'
29/4/2009 16:43:13 File: C:\Documents and Settings\Carlos\Configurações locais\Temporary Internet Files\Content.IE5\CJ0J27MV\poliovirus[1].htm not disinfected postponed
29/4/2009 16:43:37 File: C:\Documents and Settings\Carlos\Configurações locais\Temporary Internet Files\Content.IE5\F650ZKLP\iolvvift[1].htm detected Trojan program 'Trojan.Win32.Agent2.hoc'
29/4/2009 16:43:37 File: C:\Documents and Settings\Carlos\Configurações locais\Temporary Internet Files\Content.IE5\F650ZKLP\iolvvift[1].htm not disinfected postponed
29/4/2009 16:43:40 File: C:\Documents and Settings\Carlos\Configurações locais\Temporary Internet Files\Content.IE5\F650ZKLP\redirect[1].htm detected Trojan program 'Trojan-Clicker.HTML.IFrame.aga'
29/4/2009 16:43:40 File: C:\Documents and Settings\Carlos\Configurações locais\Temporary Internet Files\Content.IE5\F650ZKLP\redirect[1].htm not disinfected postponed
29/4/2009 16:43:56 File: C:\Documents and Settings\Carlos\Configurações locais\Temporary Internet Files\Content.IE5\G5M7K5YR\hnwtu[1].htm detected Trojan program 'Trojan.Win32.Agent2.hoc'
29/4/2009 16:43:56 File: C:\Documents and Settings\Carlos\Configurações locais\Temporary Internet Files\Content.IE5\G5M7K5YR\hnwtu[1].htm not disinfected postponed
29/4/2009 16:44:28 File: C:\Documents and Settings\Carlos\Configurações locais\Temporary Internet Files\Content.IE5\KL2N0D6R\042[1].htm detected Trojan program 'Trojan-Clicker.HTML.IFrame.aga'
29/4/2009 16:44:28 File: C:\Documents and Settings\Carlos\Configurações locais\Temporary Internet Files\Content.IE5\KL2N0D6R\042[1].htm not disinfected postponed
29/4/2009 16:44:40 File: C:\Documents and Settings\Carlos\Configurações locais\Temporary Internet Files\Content.IE5\KL2N0D6R\ListarMinhasInscricoes8d41d5b8[1].htm detected Trojan program 'Trojan-Clicker.HTML.IFrame.aga'
29/4/2009 16:44:40 File: C:\Documents and Settings\Carlos\Configurações locais\Temporary Internet Files\Content.IE5\KL2N0D6R\ListarMinhasInscricoes8d41d5b8[1].htm not disinfected postponed
29/4/2009 16:45:01 File: C:\Documents and Settings\Carlos\Configurações locais\Temporary Internet Files\Content.IE5\KXAXSJQZ\horaciocorral.tudoteca.com[1].htm detected Trojan program 'Trojan-Clicker.HTML.IFrame.aga'
29/4/2009 16:45:01 File: C:\Documents and Settings\Carlos\Configurações locais\Temporary Internet Files\Content.IE5\KXAXSJQZ\horaciocorral.tudoteca.com[1].htm not disinfected postponed
29/4/2009 16:45:16 File: C:\Documents and Settings\Carlos\Configurações locais\Temporary Internet Files\Content.IE5\OR25WRMT\ahurebocmi[1].htm detected Trojan program 'Trojan.Win32.Agent2.hoc'
29/4/2009 16:45:16 File: C:\Documents and Settings\Carlos\Configurações locais\Temporary Internet Files\Content.IE5\OR25WRMT\ahurebocmi[1].htm not disinfected postponed
29/4/2009 16:45:21 File: C:\Documents and Settings\Carlos\Configurações locais\Temporary Internet Files\Content.IE5\OR25WRMT\ddsuper0[1].htm detected Trojan program 'Trojan.Win32.Pakes.nju'
29/4/2009 16:45:21 File: C:\Documents and Settings\Carlos\Configurações locais\Temporary Internet Files\Content.IE5\OR25WRMT\ddsuper0[1].htm not disinfected postponed
29/4/2009 16:45:24 File: C:\Documents and Settings\Carlos\Configurações locais\Temporary Internet Files\Content.IE5\OR25WRMT\Informacoes[1].htm detected Trojan program 'Trojan-Clicker.HTML.IFrame.aga'
29/4/2009 16:45:24 File: C:\Documents and Settings\Carlos\Configurações locais\Temporary Internet Files\Content.IE5\OR25WRMT\Informacoes[1].htm not disinfected postponed
29/4/2009 16:46:05 File: C:\Documents and Settings\Carlos\Configurações locais\Temporary Internet Files\Content.IE5\RPG11Y7E\Index[2].htm detected Trojan program 'Trojan-Clicker.HTML.IFrame.aga'
29/4/2009 16:46:05 File: C:\Documents and Settings\Carlos\Configurações locais\Temporary Internet Files\Content.IE5\RPG11Y7E\Index[2].htm not disinfected postponed
29/4/2009 16:47:10 File: C:\Documents and Settings\Carlos\Configurações locais\Temporary Internet Files\Content.IE5\SBLP5O15\pifccpdnab[1].htm detected Trojan program 'Trojan.Win32.Agent2.hoc'
29/4/2009 16:47:10 File: C:\Documents and Settings\Carlos\Configurações locais\Temporary Internet Files\Content.IE5\SBLP5O15\pifccpdnab[1].htm not disinfected postponed
29/4/2009 16:47:45 File: C:\Documents and Settings\Carlos\Configurações locais\Temporary Internet Files\Content.IE5\SN6R49Q3\djspmz[1].htm detected Trojan program 'Trojan.Win32.Agent2.hoc'
29/4/2009 16:47:45 File: C:\Documents and Settings\Carlos\Configurações locais\Temporary Internet Files\Content.IE5\SN6R49Q3\djspmz[1].htm not disinfected postponed
29/4/2009 16:48:05 File: C:\Documents and Settings\Carlos\Configurações locais\Temporary Internet Files\Content.IE5\W1QV4927\FaleConosco[1].htm detected Trojan program 'Trojan-Clicker.HTML.IFrame.aga'
29/4/2009 16:48:05 File: C:\Documents and Settings\Carlos\Configurações locais\Temporary Internet Files\Content.IE5\W1QV4927\FaleConosco[1].htm not disinfected postponed
29/4/2009 16:48:28 File: C:\Documents and Settings\Carlos\Desktop\Blackwell Synergy - Scand J Immunol, Volume 66 Issue 2-3 Page 106-112, August-September 2007 (Full Text).htm detected Trojan program 'Trojan-Clicker.HTML.IFrame.aga'
29/4/2009 16:48:28 File: C:\Documents and Settings\Carlos\Desktop\Blackwell Synergy - Scand J Immunol, Volume 66 Issue 2-3 Page 106-112, August-September 2007 (Full Text).htm not disinfected postponed
29/4/2009 16:48:39 File: C:\Documents and Settings\Carlos\Desktop\How to Start Jogging.htm detected Trojan program 'Trojan-Clicker.HTML.IFrame.aga'
29/4/2009 16:48:39 File: C:\Documents and Settings\Carlos\Desktop\How to Start Jogging.htm not disinfected postponed
29/4/2009 16:49:40 File: C:\Documents and Settings\Carlos\Desktop\Radiofarmácia - IPEN\Potenciais orientadores.htm detected Trojan program 'Trojan-Clicker.HTML.IFrame.aga'
29/4/2009 16:49:40 File: C:\Documents and Settings\Carlos\Desktop\Radiofarmácia - IPEN\Potenciais orientadores.htm not disinfected postponed
29/4/2009 16:50:03 File: C:\Documents and Settings\Carlos\DoctorWeb\Quarantine\ckc.exe//calling.com detected Trojan program 'Backdoor.Win32.IRCBot.dsh'
29/4/2009 16:50:03 File: C:\Documents and Settings\Carlos\DoctorWeb\Quarantine\ckc.exe//calling.com not disinfected postponed
29/4/2009 16:50:05 File: C:\Documents and Settings\Carlos\DoctorWeb\Quarantine\ckc.exe//lmz.exe detected Trojan program 'Backdoor.IRC.Zapchast.zwqy'
29/4/2009 16:50:05 File: C:\Documents and Settings\Carlos\DoctorWeb\Quarantine\ckc.exe//lmz1.bmp detected Trojan program 'Backdoor.IRC.Zapchast.zwqz'
29/4/2009 16:50:05 File: C:\Documents and Settings\Carlos\DoctorWeb\Quarantine\ckc.exe//lmz2.bmp detected Trojan program 'Backdoor.IRC.Zapchast.zwra'
29/4/2009 16:50:05 File: C:\Documents and Settings\Carlos\DoctorWeb\Quarantine\ckc.exe//lmz3.bmp detected Trojan program 'Backdoor.IRC.Zapchast.zwrb'
29/4/2009 16:50:06 File: C:\Documents and Settings\Carlos\DoctorWeb\Quarantine\ddram.exe//lmz3.bmp detected Trojan program 'Backdoor.IRC.Zapchast.zwrb'
29/4/2009 16:50:07 File: C:\Documents and Settings\Carlos\DoctorWeb\Quarantine\ddram.exe//lmz3.bmp not disinfected postponed
29/4/2009 16:50:09 File: C:\Documents and Settings\Carlos\DoctorWeb\Quarantine\ddram.exe//lmz1.bmp detected Trojan program 'Backdoor.IRC.Zapchast.zwqz'
29/4/2009 16:50:09 File: C:\Documents and Settings\Carlos\DoctorWeb\Quarantine\ddram.exe//lmz2.bmp detected Trojan program 'Backdoor.IRC.Zapchast.zwra'
29/4/2009 16:50:11 File: C:\Documents and Settings\Carlos\DoctorWeb\Quarantine\ddram.exe//lmz.exe detected Trojan program 'Backdoor.IRC.Zapchast.zwqy'
29/4/2009 16:50:11 File: C:\Documents and Settings\Carlos\DoctorWeb\Quarantine\hah.exe detected Trojan program 'Backdoor.IRC.Zapchast.zwrb' by hash
29/4/2009 16:50:11 File: C:\Documents and Settings\Carlos\DoctorWeb\Quarantine\nncdndfdfg48.exe/dpcxool64.sys detected Trojan program 'Trojan.Win32.VB.obn'
29/4/2009 16:50:12 File: C:\Documents and Settings\Carlos\DoctorWeb\Quarantine\nncdndfdfg48.exe/dpcxool64.sys not disinfected postponed
29/4/2009 16:50:12 File: C:\Documents and Settings\Carlos\DoctorWeb\Quarantine\rc[1].htm detected Trojan program 'Trojan-Downloader.JS.Plif.a'
29/4/2009 16:50:12 File: C:\Documents and Settings\Carlos\DoctorWeb\Quarantine\rc[1].htm not disinfected postponed
29/4/2009 16:50:12 File: C:\Documents and Settings\Carlos\DoctorWeb\Quarantine\rc[2].htm detected Trojan program 'Trojan-Downloader.JS.Plif.a'
29/4/2009 16:50:12 File: C:\Documents and Settings\Carlos\DoctorWeb\Quarantine\rc[2].htm not disinfected postponed
29/4/2009 16:50:12 File: C:\Documents and Settings\Carlos\DoctorWeb\Quarantine\rc[3].htm detected Trojan program 'Trojan-Downloader.JS.Plif.a'
29/4/2009 16:50:12 File: C:\Documents and Settings\Carlos\DoctorWeb\Quarantine\rc[3].htm not disinfected postponed
29/4/2009 16:50:12 File: C:\Documents and Settings\Carlos\DoctorWeb\Quarantine\rc[4].htm detected Trojan program 'Trojan-Downloader.JS.Plif.a'
29/4/2009 16:50:12 File: C:\Documents and Settings\Carlos\DoctorWeb\Quarantine\rc[4].htm not disinfected postponed
29/4/2009 16:50:13 File: C:\Documents and Settings\Carlos\DoctorWeb\Quarantine\rq.exe detected Trojan program 'Backdoor.IRC.Zapchast.zwrb' by hash
29/4/2009 16:50:13 File: C:\Documents and Settings\Carlos\DoctorWeb\Quarantine\sysm.exe//lmz3.bmp detected Trojan program 'Backdoor.IRC.Zapchast.zwrb'
29/4/2009 16:50:13 File: C:\Documents and Settings\Carlos\DoctorWeb\Quarantine\sysm.exe//lmz3.bmp not disinfected postponed
29/4/2009 16:50:29 File: C:\Documents and Settings\Carlos\DoctorWeb\Quarantine\websvr.exe detected Trojan program 'Trojan-Spy.Win32.AutoIt.c'
29/4/2009 16:50:29 File: C:\Documents and Settings\Carlos\DoctorWeb\Quarantine\websvr.exe not disinfected postponed
29/4/2009 16:50:29 File: C:\Documents and Settings\Carlos\DoctorWeb\Quarantine\websvr_0.exe detected Trojan program 'Trojan-Spy.Win32.AutoIt.c'
29/4/2009 16:50:30 File: C:\Documents and Settings\Carlos\DoctorWeb\Quarantine\websvr_0.exe not disinfected postponed
29/4/2009 16:50:32 File: C:\Documents and Settings\Carlos\Meus documentos\Diet Calculator, Body Fat Calculator.htm detected Trojan program 'Trojan-Clicker.HTML.IFrame.aga'
29/4/2009 16:50:32 File: C:\Documents and Settings\Carlos\Meus documentos\Diet Calculator, Body Fat Calculator.htm not disinfected postponed
29/4/2009 16:56:06 File: C:\Program Files\Activision\Rome - Total War\Docs\Help\Readme\readme.htm detected Trojan program 'Trojan-Clicker.HTML.IFrame.aga'
29/4/2009 16:56:06 File: C:\Program Files\Activision\Rome - Total War\Docs\Help\Readme\readme.htm not disinfected postponed
29/4/2009 16:56:14 File: C:\Program Files\ThunMail\testabd.ex_ detected Trojan program 'Trojan-GameThief.Win32.WOW.ihf'
29/4/2009 16:56:14 File: C:\Program Files\ThunMail\testabd.ex_ not disinfected postponed
29/4/2009 16:57:12 File: C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1\A0001103.sys detected Trojan program 'Trojan-Downloader.Win32.Agent.brzt'
29/4/2009 16:57:12 File: C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1\A0001103.sys not disinfected postponed
29/4/2009 16:57:15 File: C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1\A0001121.exe detected Trojan program 'Trojan-GameThief.Win32.WOW.ihf'
29/4/2009 16:57:15 File: C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1\A0001121.exe not disinfected postponed
29/4/2009 16:57:25 File: C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1\A0002198.dll detected Trojan program 'Trojan.Win32.Agent2.iho'
29/4/2009 16:57:25 File: C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1\A0002198.dll not disinfected postponed
29/4/2009 16:57:26 File: C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1\A0004169.sys detected Trojan program 'Trojan-Downloader.Win32.Delf.tka'
29/4/2009 16:57:26 File: C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1\A0004169.sys not disinfected postponed
29/4/2009 16:57:36 File: C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1\A0007213.sys detected Trojan program 'Trojan-Downloader.Win32.Delf.tlp'
29/4/2009 16:57:36 File: C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1\A0007213.sys not disinfected postponed
29/4/2009 16:57:38 File: C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1\A0008211.dll//PE_Patch.UPX//UPX detected Trojan program 'Trojan.Win32.Obfuscated.aeob'
29/4/2009 16:57:38 File: C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1\A0008211.dll//PE_Patch.UPX//UPX not disinfected postponed
29/4/2009 16:57:39 File: C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1\A0008214.sys detected Trojan program 'Rootkit.Win32.Pakes.pf'
29/4/2009 16:57:39 File: C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1\A0008214.sys not disinfected postponed
29/4/2009 16:57:40 File: C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1\A0009210.sys detected Trojan program 'Trojan-Downloader.Win32.Delf.tlq'
29/4/2009 16:57:40 File: C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1\A0009210.sys not disinfected postponed
29/4/2009 16:57:42 File: C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1\A0009214.exe detected Trojan program 'Trojan-Downloader.Win32.Delf.tlq'
29/4/2009 16:57:42 File: C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1\A0009214.exe not disinfected postponed
29/4/2009 16:57:43 File: C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1\A0010211.sys detected Trojan program 'Trojan.Win32.Agent.cdah'
29/4/2009 16:57:43 File: C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1\A0010211.sys not disinfected postponed
29/4/2009 16:57:45 File: C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1\A0010215.exe detected Trojan program 'Trojan.Win32.Agent.cdah'
29/4/2009 16:57:45 File: C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1\A0010215.exe not disinfected postponed
29/4/2009 16:57:45 File: C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1\A0011223.sys detected Trojan program 'Rootkit.Win32.Small.hz'
29/4/2009 16:57:45 File: C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1\A0011223.sys not disinfected postponed
29/4/2009 17:00:38 File: C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1\A0014453.sys detected Trojan program 'Rootkit.Win32.Small.hz'
29/4/2009 17:00:38 File: C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1\A0014453.sys not disinfected postponed
29/4/2009 17:00:39 File: C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1\A0014456.sys detected Trojan program 'Backdoor.Win32.IEbooot.bwg'
29/4/2009 17:00:39 File: C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1\A0014456.sys not disinfected postponed
29/4/2009 17:00:41 File: C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1\A0014491.dll detected Trojan program 'Trojan.Win32.Agent2.ipp'
29/4/2009 17:00:41 File: C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1\A0014491.dll not disinfected postponed
29/4/2009 17:00:42 File: C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1\A0014500.old detected Trojan program 'Trojan.Win32.VB.nzr'
29/4/2009 17:00:42 File: C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1\A0014500.old not disinfected postponed
29/4/2009 17:00:50 File: C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1\A0014609.com detected Trojan program 'Backdoor.Win32.IRCBot.dsh'
29/4/2009 17:00:50 File: C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1\A0014609.com not disinfected postponed
29/4/2009 17:00:51 File: C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1\A0014610.sys detected Trojan program 'Rootkit.Win32.Agent.jbb'
29/4/2009 17:00:51 File: C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1\A0014610.sys not disinfected postponed
29/4/2009 17:00:51 File: C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1\A0014612.exe//calling.com detected Trojan program 'Backdoor.Win32.IRCBot.dsh'
29/4/2009 17:00:51 File: C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1\A0014612.exe//calling.com not disinfected postponed
29/4/2009 17:00:53 File: C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1\A0014612.exe//lmz.exe detected Trojan program 'Backdoor.IRC.Zapchast.zwqy'
29/4/2009 17:00:53 File: C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1\A0014612.exe//lmz1.bmp detected Trojan program 'Backdoor.IRC.Zapchast.zwqz'
29/4/2009 17:00:53 File: C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1\A0014612.exe//lmz2.bmp detected Trojan program 'Backdoor.IRC.Zapchast.zwra'
29/4/2009 17:00:53 File: C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1\A0014612.exe//lmz3.bmp detected Trojan program 'Backdoor.IRC.Zapchast.zwrb'
29/4/2009 17:00:53 File: C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1\A0014613.exe//lmz3.bmp detected Trojan program 'Backdoor.IRC.Zapchast.zwrb'
29/4/2009 17:00:53 File: C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1\A0014613.exe//lmz3.bmp not disinfected postponed
29/4/2009 17:00:55 File: C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1\A0014613.exe//lmz1.bmp detected Trojan program 'Backdoor.IRC.Zapchast.zwqz'
29/4/2009 17:00:55 File: C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1\A0014613.exe//lmz2.bmp detected Trojan program 'Backdoor.IRC.Zapchast.zwra'
29/4/2009 17:00:57 File: C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1\A0014613.exe//lmz.exe detected Trojan program 'Backdoor.IRC.Zapchast.zwqy'
29/4/2009 17:00:57 File: C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1\A0014614.exe detected Trojan program 'Trojan.Win32.Agent2.hoc'
29/4/2009 17:00:57 File: C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1\A0014614.exe not disinfected postponed
29/4/2009 17:00:58 File: C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1\A0014615.exe//lmz3.bmp detected Trojan program 'Backdoor.IRC.Zapchast.zwrb'
29/4/2009 17:00:58 File: C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1\A0014615.exe//lmz3.bmp not disinfected postponed
29/4/2009 17:00:59 File: C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1\A0014616.exe detected Trojan program 'Trojan-Spy.Win32.AutoIt.c'
29/4/2009 17:00:59 File: C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1\A0014616.exe not disinfected postponed
29/4/2009 17:01:00 File: C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1\A0014617.exe detected Trojan program 'Backdoor.IRC.Zapchast.zwrb' by hash
29/4/2009 17:01:00 File: C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1\A0014618.exe detected Trojan program 'Backdoor.IRC.Zapchast.zwqy' by hash
29/4/2009 17:01:00 File: C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1\A0014619.exe/dpcxool64.sys detected Trojan program 'Trojan.Win32.VB.obn'
29/4/2009 17:01:00 File: C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1\A0014619.exe/dpcxool64.sys not disinfected postponed
29/4/2009 17:01:01 File: C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1\A0014620.exe detected Trojan program 'not-a-virus:RiskTool.Win32.HideWindows' by hash
29/4/2009 17:01:01 File: C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1\A0014621.exe detected Trojan program 'Trojan-Spy.Win32.AutoIt.c'
29/4/2009 17:01:01 File: C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1\A0014621.exe not disinfected postponed
29/4/2009 17:01:01 File: C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1\A0014622.exe detected Trojan program 'Trojan-Spy.Win32.AutoIt.c'
29/4/2009 17:01:01 File: C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1\A0014622.exe not disinfected postponed
29/4/2009 17:14:44 File: C:\WINDOWS\Help\ciadmin.htm detected Trojan program 'Trojan-Clicker.HTML.IFrame.aga'
29/4/2009 17:14:44 File: C:\WINDOWS\Help\ciadmin.htm not disinfected postponed
29/4/2009 17:15:09 File: C:\WINDOWS\Help\migwiz.htm detected Trojan program 'Trojan-Clicker.HTML.IFrame.aga'
29/4/2009 17:15:09 File: C:\WINDOWS\Help\migwiz.htm not disinfected postponed
29/4/2009 17:15:09 File: C:\WINDOWS\Help\migwiz2.htm detected Trojan program 'Trojan-Clicker.HTML.IFrame.aga'
29/4/2009 17:15:09 File: C:\WINDOWS\Help\migwiz2.htm not disinfected postponed
29/4/2009 17:18:01 File: C:\WINDOWS\pchealth\helpctr\System\blurbs\searchtips.htm detected Trojan program 'Trojan-Clicker.HTML.IFrame.aga'
29/4/2009 17:18:01 File: C:\WINDOWS\pchealth\helpctr\System\blurbs\searchtips.htm not disinfected postponed
29/4/2009 17:18:02 File: C:\WINDOWS\pchealth\helpctr\System\errors\connection.htm detected Trojan program 'Trojan-Clicker.HTML.IFrame.aga'
29/4/2009 17:18:02 File: C:\WINDOWS\pchealth\helpctr\System\errors\connection.htm not disinfected postponed
29/4/2009 17:22:30 File: C:\WINDOWS\system32\config\systemprofile\Configurações locais\Temporary Internet Files\Content.IE5\WPMN4XI7\ToastMini[1].htm detected Trojan program 'Trojan-Clicker.HTML.IFrame.aga'
29/4/2009 17:22:30 File: C:\WINDOWS\system32\config\systemprofile\Configurações locais\Temporary Internet Files\Content.IE5\WPMN4XI7\ToastMini[1].htm not disinfected postponed
29/4/2009 17:22:47 File: C:\WINDOWS\system32\dk\lmz1.bmp detected Trojan program 'Backdoor.IRC.Zapchast.zwqz'
29/4/2009 17:22:47 File: C:\WINDOWS\system32\dk\lmz1.bmp not disinfected postponed
29/4/2009 17:25:11 File: C:\WINDOWS\system32\drive\27296716.INS detected Trojan program 'Backdoor.Win32.IRCBot.dsh'
29/4/2009 17:25:12 File: C:\WINDOWS\system32\drive\27296716.INS not disinfected postponed
29/4/2009 17:25:12 File: C:\WINDOWS\system32\drive\31861617.INS detected Trojan program 'Backdoor.Win32.IRCBot.dsh'
29/4/2009 17:25:13 File: C:\WINDOWS\system32\drive\31861617.INS not disinfected postponed
29/4/2009 17:25:13 File: C:\WINDOWS\system32\drive\37224256.INS detected Trojan program 'Backdoor.Win32.IRCBot.dsh'
29/4/2009 17:25:13 File: C:\WINDOWS\system32\drive\37224256.INS not disinfected postponed
29/4/2009 17:25:14 File: C:\WINDOWS\system32\drive\7058408.INS detected Trojan program 'Backdoor.Win32.IRCBot.dsh'
29/4/2009 17:25:14 File: C:\WINDOWS\system32\drive\7058408.INS not disinfected postponed
29/4/2009 17:25:15 File: C:\WINDOWS\system32\drive\8204747.INS detected Trojan program 'Backdoor.Win32.IRCBot.dsh'
29/4/2009 17:25:15 File: C:\WINDOWS\system32\drive\8204747.INS not disinfected postponed
29/4/2009 17:25:15 File: C:\WINDOWS\system32\drive\86102025.INS detected Trojan program 'Backdoor.Win32.IRCBot.dsh'
29/4/2009 17:25:16 File: C:\WINDOWS\system32\drive\86102025.INS not disinfected postponed
29/4/2009 17:25:17 File: C:\WINDOWS\system32\drive\lmz1.bmp detected Trojan program 'Backdoor.IRC.Zapchast.zwqz'
29/4/2009 17:25:17 File: C:\WINDOWS\system32\drive\lmz1.bmp not disinfected postponed
29/4/2009 17:26:24 File: C:\WINDOWS\Temp\BN13.tmp detected Trojan program 'Trojan-Downloader.Win32.FraudLoad.vqzq'
29/4/2009 17:26:24 File: C:\WINDOWS\Temp\BN13.tmp not disinfected postponed
29/4/2009 17:26:24 File: C:\WINDOWS\Temp\BN14.tmp detected Trojan program 'Trojan-Downloader.Win32.FraudLoad.vqzq'
29/4/2009 17:26:24 File: C:\WINDOWS\Temp\BN14.tmp not disinfected postponed
29/4/2009 17:26:24 File: C:\WINDOWS\Temp\BN15.tmp detected Trojan program 'Trojan-Downloader.Win32.FraudLoad.vqzq'
29/4/2009 17:26:24 File: C:\WINDOWS\Temp\BN15.tmp not disinfected postponed
29/4/2009 17:26:24 File: C:\WINDOWS\Temp\BN27.tmp detected Trojan program 'Trojan-Downloader.Win32.FraudLoad.vqzq'
29/4/2009 17:26:24 File: C:\WINDOWS\Temp\BN27.tmp not disinfected postponed
29/4/2009 17:26:24 File: C:\WINDOWS\Temp\BNC.tmp detected Trojan program 'Trojan-Downloader.Win32.FraudLoad.vqzq'
29/4/2009 17:26:24 File: C:\WINDOWS\Temp\BNC.tmp not disinfected postponed
29/4/2009 17:26:26 File: C:\WINDOWS\Temp\nncdndfdfg48.exe/dpcxool64.sys detected Trojan program 'Trojan.Win32.VB.obn'
29/4/2009 17:26:26 File: C:\WINDOWS\Temp\nncdndfdfg48.exe/dpcxool64.sys not disinfected postponed
29/4/2009 17:26:27 File: C:\WINDOWS\Temp\VRT4.tmp detected Trojan program 'Trojan.Win32.Agent2.iqq'
29/4/2009 17:26:27 File: C:\WINDOWS\Temp\VRT4.tmp not disinfected postponed
29/4/2009 17:26:27 File: C:\WINDOWS\Temp\VRT7.tmp detected Trojan program 'Trojan.Win32.Agent2.iqq'
29/4/2009 17:26:27 File: C:\WINDOWS\Temp\VRT7.tmp not disinfected postponed
29/4/2009 17:26:28 File: C:\WINDOWS\Web\tip.htm detected Trojan program 'Trojan-Clicker.HTML.IFrame.aga'
29/4/2009 17:26:28 File: C:\WINDOWS\Web\tip.htm not disinfected postponed
29/4/2009 17:26:40 File: C:\ckc.exe//calling.com detected Trojan program 'Backdoor.Win32.IRCBot.dsh'
29/4/2009 17:26:40 File: C:\ckc.exe//calling.com not disinfected postponed
29/4/2009 17:26:42 File: C:\ckc.exe//lmz.exe detected Trojan program 'Backdoor.IRC.Zapchast.zwqy'
29/4/2009 17:26:42 File: C:\ckc.exe//lmz1.bmp detected Trojan program 'Backdoor.IRC.Zapchast.zwqz'
29/4/2009 17:26:42 File: C:\ckc.exe//lmz2.bmp detected Trojan program 'Backdoor.IRC.Zapchast.zwra'
29/4/2009 17:26:42 File: C:\ckc.exe//lmz3.bmp detected Trojan program 'Backdoor.IRC.Zapchast.zwrb'
29/4/2009 17:26:43 File: C:\ddram.exe//lmz3.bmp detected Trojan program 'Backdoor.IRC.Zapchast.zwrb'
29/4/2009 17:26:43 File: C:\ddram.exe//lmz3.bmp not disinfected postponed
29/4/2009 17:26:44 File: C:\ddram.exe//lmz1.bmp detected Trojan program 'Backdoor.IRC.Zapchast.zwqz'
29/4/2009 17:26:44 File: C:\ddram.exe//lmz2.bmp detected Trojan program 'Backdoor.IRC.Zapchast.zwra'
29/4/2009 17:26:47 File: C:\ddram.exe//lmz.exe detected Trojan program 'Backdoor.IRC.Zapchast.zwqy'
29/4/2009 17:26:47 File: C:\hah.exe detected Trojan program 'Backdoor.IRC.Zapchast.zwrb' by hash
29/4/2009 17:26:47 File: C:\nfhusmai.exe detected Trojan program 'Trojan.Win32.Agent2.hoc'
29/4/2009 17:26:47 File: C:\nfhusmai.exe not disinfected postponed
29/4/2009 17:26:48 File: C:\rq.exe detected Trojan program 'Backdoor.IRC.Zapchast.zwrb' by hash
29/4/2009 17:26:48 File: C:\sysm.exe//lmz3.bmp detected Trojan program 'Backdoor.IRC.Zapchast.zwrb'
29/4/2009 17:26:48 File: C:\sysm.exe//lmz3.bmp not disinfected postponed
29/4/2009 17:28:00 File: C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\pm.html detected Trojan program 'Trojan-Clicker.HTML.IFrame.aga'
29/4/2009 17:28:00 File: C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\pm.html not disinfected postponed
29/4/2009 17:43:35 File: C:\Arquivos de programas\HP\Digital Imaging\hp deskjet 3900 series\data\readme.html detected Trojan program 'Trojan-Clicker.HTML.IFrame.aga'
29/4/2009 17:43:35 File: C:\Arquivos de programas\HP\Digital Imaging\hp deskjet 3900 series\data\readme.html not disinfected postponed
29/4/2009 17:43:56 File: C:\Arquivos de programas\HT NETWORKS\HT Player\Pomoc.html detected Trojan program 'Trojan-Clicker.HTML.IFrame.aga'
29/4/2009 17:43:56 File: C:\Arquivos de programas\HT NETWORKS\HT Player\Pomoc.html not disinfected postponed
29/4/2009 18:00:25 File: C:\Documents and Settings\Carlos\Configurações locais\Dados de aplicativos\websvr.exe detected Trojan program 'Trojan-Spy.Win32.AutoIt.c'
29/4/2009 18:00:25 File: C:\Documents and Settings\Carlos\Configurações locais\Dados de aplicativos\websvr.exe not disinfected postponed
29/4/2009 18:01:50 File: C:\Documents and Settings\Carlos\Configurações locais\Temp\Temporary Internet Files\Content.IE5\STUJ8LAN\iframe[1].htm detected Trojan program 'Trojan-Clicker.HTML.IFrame.aga'
29/4/2009 18:01:50 File: C:\Documents and Settings\Carlos\Configurações locais\Temp\Temporary Internet Files\Content.IE5\STUJ8LAN\iframe[1].htm not disinfected postponed
29/4/2009 18:02:36 File: C:\Documents and Settings\Carlos\Configurações locais\Temporary Internet Files\Content.IE5\3ASVVPWL\069[1].htm detected Trojan program 'Trojan-Clicker.HTML.IFrame.aga'
29/4/2009 18:02:36 File: C:\Documents and Settings\Carlos\Configurações locais\Temporary Internet Files\Content.IE5\3ASVVPWL\069[1].htm not disinfected postponed
29/4/2009 18:02:37 File: C:\Documents and Settings\Carlos\Configurações locais\Temporary Internet Files\Content.IE5\3ASVVPWL\184[1].htm detected Trojan program 'Trojan-Clicker.HTML.IFrame.aga'
29/4/2009 18:02:37 File: C:\Documents and Settings\Carlos\Configurações locais\Temporary Internet Files\Content.IE5\3ASVVPWL\184[1].htm not disinfected postponed
29/4/2009 18:03:34 File: C:\Documents and Settings\Carlos\Configurações locais\Temporary Internet Files\Content.IE5\93R7H9GE\bqwkgherb[1].htm detected Trojan program 'Trojan.Win32.Agent2.hoc'
29/4/2009 18:03:34 File: C:\Documents and Settings\Carlos\Configurações locais\Temporary Internet Files\Content.IE5\93R7H9GE\bqwkgherb[1].htm not disinfected postponed
29/4/2009 18:03:50 File: C:\Documents and Settings\Carlos\Configurações locais\Temporary Internet Files\Content.IE5\93R7H9GE\rc[1].htm detected Trojan program 'Trojan-Downloader.JS.Plif.a'
29/4/2009 18:03:50 File: C:\Documents and Settings\Carlos\Configurações locais\Temporary Internet Files\Content.IE5\93R7H9GE\rc[1].htm not disinfected postponed
29/4/2009 18:03:51 File: C:\Documents and Settings\Carlos\Configurações locais\Temporary Internet Files\Content.IE5\93R7H9GE\rc[2].htm detected Trojan program 'Trojan-Downloader.JS.Plif.a'
29/4/2009 18:03:51 File: C:\Documents and Settings\Carlos\Configurações locais\Temporary Internet Files\Content.IE5\93R7H9GE\rc[2].htm not disinfected postponed
29/4/2009 18:03:51 File: C:\Documents and Settings\Carlos\Configurações locais\Temporary Internet Files\Content.IE5\93R7H9GE\rc[3].htm detected Trojan program 'Trojan-Downloader.JS.Plif.a'
29/4/2009 18:03:51 File: C:\Documents and Settings\Carlos\Configurações locais\Temporary Internet Files\Content.IE5\93R7H9GE\rc[3].htm not disinfected postponed
29/4/2009 18:03:51 File: C:\Documents and Settings\Carlos\Configurações locais\Temporary Internet Files\Content.IE5\93R7H9GE\rc[4].htm detected Trojan program 'Trojan-Downloader.JS.Plif.a'
29/4/2009 18:03:51 File: C:\Documents and Settings\Carlos\Configurações locais\Temporary Internet Files\Content.IE5\93R7H9GE\rc[4].htm not disinfected postponed
29/4/2009 18:04:06 File: C:\Documents and Settings\Carlos\Configurações locais\Temporary Internet Files\Content.IE5\C1MB4L2N\ddsuper3[1].htm detected Trojan program 'Trojan.Win32.Agent2.hoc'
29/4/2009 18:04:06 File: C:\Documents and Settings\Carlos\Configurações locais\Temporary Internet Files\Content.IE5\C1MB4L2N\ddsuper3[1].htm not disinfected postponed
29/4/2009 18:04:10 File: C:\Documents and Settings\Carlos\Configurações locais\Temporary Internet Files\Content.IE5\C1MB4L2N\index[1].htm detected Trojan program 'Trojan-Clicker.HTML.IFrame.aga'
29/4/2009 18:04:10 File: C:\Documents and Settings\Carlos\Configurações locais\Temporary Internet Files\Content.IE5\C1MB4L2N\index[1].htm not disinfected postponed
29/4/2009 18:04:34 File: C:\Documents and Settings\Carlos\Configurações locais\Temporary Internet Files\Content.IE5\CJ0J27MV\poliovirus[1].htm detected Trojan program 'Trojan-Clicker.HTML.IFrame.aga'
29/4/2009 18:04:34 File: C:\Documents and Settings\Carlos\Configurações locais\Temporary Internet Files\Content.IE5\CJ0J27MV\poliovirus[1].htm not disinfected postponed
29/4/2009 18:04:58 File: C:\Documents and Settings\Carlos\Configurações locais\Temporary Internet Files\Content.IE5\F650ZKLP\iolvvift[1].htm detected Trojan program 'Trojan.Win32.Agent2.hoc'
29/4/2009 18:04:58 File: C:\Documents and Settings\Carlos\Configurações locais\Temporary Internet Files\Content.IE5\F650ZKLP\iolvvift[1].htm not disinfected postponed
29/4/2009 18:05:01 File: C:\Documents and Settings\Carlos\Configurações locais\Temporary Internet Files\Content.IE5\F650ZKLP\redirect[1].htm detected Trojan program 'Trojan-Clicker.HTML.IFrame.aga'
29/4/2009 18:05:01 File: C:\Documents and Settings\Carlos\Configurações locais\Temporary Internet Files\Content.IE5\F650ZKLP\redirect[1].htm not disinfected postponed
29/4/2009 18:05:17 File: C:\Documents and Settings\Carlos\Configurações locais\Temporary Internet Files\Content.IE5\G5M7K5YR\hnwtu[1].htm detected Trojan program 'Trojan.Win32.Agent2.hoc'
29/4/2009 18:05:17 File: C:\Documents and Settings\Carlos\Configurações locais\Temporary Internet Files\Content.IE5\G5M7K5YR\hnwtu[1].htm not disinfected postponed
29/4/2009 18:05:48 File: C:\Documents and Settings\Carlos\Configurações locais\Temporary Internet Files\Content.IE5\KL2N0D6R\042[1].htm detected Trojan program 'Trojan-Clicker.HTML.IFrame.aga'
29/4/2009 18:05:48 File: C:\Documents and Settings\Carlos\Configurações locais\Temporary Internet Files\Content.IE5\KL2N0D6R\042[1].htm not disinfected postponed
29/4/2009 18:06:00 File: C:\Documents and Settings\Carlos\Configurações locais\Temporary Internet Files\Content.IE5\KL2N0D6R\ListarMinhasInscricoes8d41d5b8[1].htm detected Trojan program 'Trojan-Clicker.HTML.IFrame.aga'
29/4/2009 18:06:00 File: C:\Documents and Settings\Carlos\Configurações locais\Temporary Internet Files\Content.IE5\KL2N0D6R\ListarMinhasInscricoes8d41d5b8[1].htm not disinfected postponed
29/4/2009 18:06:21 File: C:\Documents and Settings\Carlos\Configurações locais\Temporary Internet Files\Content.IE5\KXAXSJQZ\horaciocorral.tudoteca.com[1].htm detected Trojan program 'Trojan-Clicker.HTML.IFrame.aga'
29/4/2009 18:06:21 File: C:\Documents and Settings\Carlos\Configurações locais\Temporary Internet Files\Content.IE5\KXAXSJQZ\horaciocorral.tudoteca.com[1].htm not disinfected postponed
29/4/2009 18:06:36 File: C:\Documents and Settings\Carlos\Configurações locais\Temporary Internet Files\Content.IE5\OR25WRMT\ahurebocmi[1].htm detected Trojan program 'Trojan.Win32.Agent2.hoc'
29/4/2009 18:06:36 File: C:\Documents and Settings\Carlos\Configurações locais\Temporary Internet Files\Content.IE5\OR25WRMT\ahurebocmi[1].htm not disinfected postponed
29/4/2009 18:06:41 File: C:\Documents and Settings\Carlos\Configurações locais\Temporary Internet Files\Content.IE5\OR25WRMT\ddsuper0[1].htm detected Trojan program 'Trojan.Win32.Pakes.nju'
29/4/2009 18:06:41 File: C:\Documents and Settings\Carlos\Configurações locais\Temporary Internet Files\Content.IE5\OR25WRMT\ddsuper0[1].htm not disinfected postponed
29/4/2009 18:06:44 File: C:\Documents and Settings\Carlos\Configurações locais\Temporary Internet Files\Content.IE5\OR25WRMT\Informacoes[1].htm detected Trojan program 'Trojan-Clicker.HTML.IFrame.aga'
29/4/2009 18:06:44 File: C:\Documents and Settings\Carlos\Configurações locais\Temporary Internet Files\Content.IE5\OR25WRMT\Informacoes[1].htm not disinfected postponed
29/4/2009 18:07:25 File: C:\Documents and Settings\Carlos\Configurações locais\Temporary Internet Files\Content.IE5\RPG11Y7E\Index[2].htm detected Trojan program 'Trojan-Clicker.HTML.IFrame.aga'
29/4/2009 18:07:25 File: C:\Documents and Settings\Carlos\Configurações locais\Temporary Internet Files\Content.IE5\RPG11Y7E\Index[2].htm not disinfected postponed
29/4/2009 18:08:30 File: C:\Documents and Settings\Carlos\Configurações locais\Temporary Internet Files\Content.IE5\SBLP5O15\pifccpdnab[1].htm detected Trojan program 'Trojan.Win32.Agent2.hoc'
29/4/2009 18:08:30 File: C:\Documents and Settings\Carlos\Configurações locais\Temporary Internet Files\Content.IE5\SBLP5O15\pifccpdnab[1].htm not disinfected postponed
29/4/2009 18:09:04 File: C:\Documents and Settings\Carlos\Configurações locais\Temporary Internet Files\Content.IE5\SN6R49Q3\djspmz[1].htm detected Trojan program 'Trojan.Win32.Agent2.hoc'
29/4/2009 18:09:04 File: C:\Documents and Settings\Carlos\Configurações locais\Temporary Internet Files\Content.IE5\SN6R49Q3\djspmz[1].htm not disinfected postponed
29/4/2009 18:09:24 File: C:\Documents and Settings\Carlos\Configurações locais\Temporary Internet Files\Content.IE5\W1QV4927\FaleConosco[1].htm detected Trojan program 'Trojan-Clicker.HTML.IFrame.aga'
29/4/2009 18:09:24 File: C:\Documents and Settings\Carlos\Configurações locais\Temporary Internet Files\Content.IE5\W1QV4927\FaleConosco[1].htm not disinfected postponed
29/4/2009 18:09:47 File: C:\Documents and Settings\Carlos\Desktop\Blackwell Synergy - Scand J Immunol, Volume 66 Issue 2-3 Page 106-112, August-September 2007 (Full Text).htm detected Trojan program 'Trojan-Clicker.HTML.IFrame.aga'
29/4/2009 18:09:47 File: C:\Documents and Settings\Carlos\Desktop\Blackwell Synergy - Scand J Immunol, Volume 66 Issue 2-3 Page 106-112, August-September 2007 (Full Text).htm not disinfected postponed
29/4/2009 18:09:58 File: C:\Documents and Settings\Carlos\Desktop\How to Start Jogging.htm detected Trojan program 'Trojan-Clicker.HTML.IFrame.aga'
29/4/2009 18:09:58 File: C:\Documents and Settings\Carlos\Desktop\How to Start Jogging.htm not disinfected postponed
29/4/2009 18:10:59 File: C:\Documents and Settings\Carlos\Desktop\Radiofarmácia - IPEN\Potenciais orientadores.htm detected Trojan program 'Trojan-Clicker.HTML.IFrame.aga'
29/4/2009 18:10:59 File: C:\Documents and Settings\Carlos\Desktop\Radiofarmácia - IPEN\Potenciais orientadores.htm not disinfected postponed
29/4/2009 18:11:22 File: C:\Documents and Settings\Carlos\DoctorWeb\Quarantine\ckc.exe//calling.com detected Trojan program 'Backdoor.Win32.IRCBot.dsh'
29/4/2009 18:11:22 File: C:\Documents and Settings\Carlos\DoctorWeb\Quarantine\ckc.exe//calling.com not disinfected postponed
29/4/2009 18:11:24 File: C:\Documents and Settings\Carlos\DoctorWeb\Quarantine\ckc.exe//lmz.exe detected Trojan program 'Backdoor.IRC.Zapchast.zwqy'
29/4/2009 18:11:24 File: C:\Documents and Settings\Carlos\DoctorWeb\Quarantine\ckc.exe//lmz1.bmp detected Trojan program 'Backdoor.IRC.Zapchast.zwqz'
29/4/2009 18:11:24 File: C:\Documents and Settings\Carlos\DoctorWeb\Quarantine\ckc.exe//lmz2.bmp detected Trojan program 'Backdoor.IRC.Zapchast.zwra'
29/4/2009 18:11:24 File: C:\Documents and Settings\Carlos\DoctorWeb\Quarantine\ckc.exe//lmz3.bmp detected Trojan program 'Backdoor.IRC.Zapchast.zwrb'
29/4/2009 18:11:25 File: C:\Documents and Settings\Carlos\DoctorWeb\Quarantine\ddram.exe//lmz3.bmp detected Trojan program 'Backdoor.IRC.Zapchast.zwrb'
29/4/2009 18:11:25 File: C:\Documents and Settings\Carlos\DoctorWeb\Quarantine\ddram.exe//lmz3.bmp not disinfected postponed
29/4/2009 18:11:27 File: C:\Documents and Settings\Carlos\DoctorWeb\Quarantine\ddram.exe//lmz1.bmp detected Trojan program 'Backdoor.IRC.Zapchast.zwqz'
29/4/2009 18:11:27 File: C:\Documents and Settings\Carlos\DoctorWeb\Quarantine\ddram.exe//lmz2.bmp detected Trojan program 'Backdoor.IRC.Zapchast.zwra'
29/4/2009 18:11:29 File: C:\Documents and Settings\Carlos\DoctorWeb\Quarantine\ddram.exe//lmz.exe detected Trojan program 'Backdoor.IRC.Zapchast.zwqy'
29/4/2009 18:11:30 File: C:\Documents and Settings\Carlos\DoctorWeb\Quarantine\hah.exe detected Trojan program 'Backdoor.IRC.Zapchast.zwrb' by hash
29/4/2009 18:11:30 File: C:\Documents and Settings\Carlos\DoctorWeb\Quarantine\nncdndfdfg48.exe/dpcxool64.sys detected Trojan program 'Trojan.Win32.VB.obn'
29/4/2009 18:11:30 File: C:\Documents and Settings\Carlos\DoctorWeb\Quarantine\nncdndfdfg48.exe/dpcxool64.sys not disinfected postponed
29/4/2009 18:11:31 File: C:\Documents and Settings\Carlos\DoctorWeb\Quarantine\rc[1].htm detected Trojan program 'Trojan-Downloader.JS.Plif.a'
29/4/2009 18:11:31 File: C:\Documents and Settings\Carlos\DoctorWeb\Quarantine\rc[1].htm not disinfected postponed
29/4/2009 18:11:31 File: C:\Documents and Settings\Carlos\DoctorWeb\Quarantine\rc[2].htm detected Trojan program 'Trojan-Downloader.JS.Plif.a'
29/4/2009 18:11:31 File: C:\Documents and Settings\Carlos\DoctorWeb\Quarantine\rc[2].htm not disinfected postponed
29/4/2009 18:11:31 File: C:\Documents and Settings\Carlos\DoctorWeb\Quarantine\rc[3].htm detected Trojan program 'Trojan-Downloader.JS.Plif.a'
29/4/2009 18:11:31 File: C:\Documents and Settings\Carlos\DoctorWeb\Quarantine\rc[3].htm not disinfected postponed
29/4/2009 18:11:31 File: C:\Documents and Settings\Carlos\DoctorWeb\Quarantine\rc[4].htm detected Trojan program 'Trojan-Downloader.JS.Plif.a'
29/4/2009 18:11:31 File: C:\Documents and Settings\Carlos\DoctorWeb\Quarantine\rc[4].htm not disinfected postponed
29/4/2009 18:11:31 File: C:\Documents and Settings\Carlos\DoctorWeb\Quarantine\rq.exe detected Trojan program 'Backdoor.IRC.Zapchast.zwrb' by hash
29/4/2009 18:11:32 File: C:\Documents and Settings\Carlos\DoctorWeb\Quarantine\sysm.exe//lmz3.bmp detected Trojan program 'Backdoor.IRC.Zapchast.zwrb'
29/4/2009 18:11:32 File: C:\Documents and Settings\Carlos\DoctorWeb\Quarantine\sysm.exe//lmz3.bmp not disinfected postponed
29/4/2009 18:11:47 File: C:\Documents and Settings\Carlos\DoctorWeb\Quarantine\websvr.exe detected Trojan program 'Trojan-Spy.Win32.AutoIt.c'
29/4/2009 18:11:47 File: C:\Documents and Settings\Carlos\DoctorWeb\Quarantine\websvr.exe not disinfected postponed
29/4/2009 18:11:47 File: C:\Documents and Settings\Carlos\DoctorWeb\Quarantine\websvr_0.exe detected Trojan program 'Trojan-Spy.Win32.AutoIt.c'
29/4/2009 18:11:47 File: C:\Documents and Settings\Carlos\DoctorWeb\Quarantine\websvr_0.exe not disinfected postponed
29/4/2009 18:11:50 File: C:\Documents and Settings\Carlos\Meus documentos\Diet Calculator, Body Fat Calculator.htm detected Trojan program 'Trojan-Clicker.HTML.IFrame.aga'
29/4/2009 18:11:50 File: C:\Documents and Settings\Carlos\Meus documentos\Diet Calculator, Body Fat Calculator.htm not disinfected postponed
29/4/2009 18:17:57 File: C:\Program Files\Activision\Rome - Total War\Docs\Help\Readme\readme.htm detected Trojan program 'Trojan-Clicker.HTML.IFrame.aga'
29/4/2009 18:17:57 File: C:\Program Files\Activision\Rome - Total War\Docs\Help\Readme\readme.htm not disinfected postponed
29/4/2009 18:18:07 File: C:\Program Files\ThunMail\testabd.ex_ detected Trojan program 'Trojan-GameThief.Win32.WOW.ihf'
29/4/2009 18:18:07 File: C:\Program Files\ThunMail\testabd.ex_ not disinfected postponed
29/4/2009 18:19:06 File: C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1\A0001103.sys detected Trojan program 'Trojan-Downloader.Win32.Agent.brzt'
29/4/2009 18:19:06 File: C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1\A0001103.sys not disinfected postponed
29/4/2009 18:19:10 File: C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1\A0001121.exe detected Trojan program 'Trojan-GameThief.Win32.WOW.ihf'
29/4/2009 18:19:10 File: C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1\A0001121.exe not disinfected postponed
29/4/2009 18:19:21 File: C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1\A0002198.dll detected Trojan program 'Trojan.Win32.Agent2.iho'
29/4/2009 18:19:21 File: C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1\A0002198.dll not disinfected postponed
29/4/2009 18:19:22 File: C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1\A0004169.sys detected Trojan program 'Trojan-Downloader.Win32.Delf.tka'
29/4/2009 18:19:22 File: C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1\A0004169.sys not disinfected postponed
29/4/2009 18:19:32 File: C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1\A0007213.sys detected Trojan program 'Trojan-Downloader.Win32.Delf.tlp'
29/4/2009 18:19:32 File: C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1\A0007213.sys not disinfected postponed
29/4/2009 18:19:34 File: C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1\A0008211.dll//PE_Patch.UPX//UPX detected Trojan program 'Trojan.Win32.Obfuscated.aeob'
29/4/2009 18:19:34 File: C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1\A0008211.dll//PE_Patch.UPX//UPX not disinfected postponed
29/4/2009 18:19:35 File: C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1\A0008214.sys detected Trojan program 'Rootkit.Win32.Pakes.pf'
29/4/2009 18:19:35 File: C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1\A0008214.sys not disinfected postponed
29/4/2009 18:19:37 File: C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1\A0009210.sys detected Trojan program 'Trojan-Downloader.Win32.Delf.tlq'
29/4/2009 18:19:37 File: C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1\A0009210.sys not disinfected postponed
29/4/2009 18:19:39 File: C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1\A0009214.exe detected Trojan program 'Trojan-Downloader.Win32.Delf.tlq'
29/4/2009 18:19:39 File: C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1\A0009214.exe not disinfected postponed
29/4/2009 18:19:39 File: C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1\A0010211.sys detected Trojan program 'Trojan.Win32.Agent.cdah'
29/4/2009 18:19:39 File: C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1\A0010211.sys not disinfected postponed
29/4/2009 18:19:41 File: C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1\A0010215.exe detected Trojan program 'Trojan.Win32.Agent.cdah'
29/4/2009 18:19:41 File: C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1\A0010215.exe not disinfected postponed
29/4/2009 18:19:42 File: C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1\A0011223.sys detected Trojan program 'Rootkit.Win32.Small.hz'
29/4/2009 18:19:42 File: C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1\A0011223.sys not disinfected postponed
29/4/2009 18:22:48 File: C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1\A0014453.sys detected Trojan program 'Rootkit.Win32.Small.hz'
29/4/2009 18:22:48 File: C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1\A0014453.sys not disinfected postponed
29/4/2009 18:22:49 File: C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1\A0014456.sys detected Trojan program 'Backdoor.Win32.IEbooot.bwg'
29/4/2009 18:22:49 File: C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1\A0014456.sys not disinfected postponed
29/4/2009 18:22:51 File: C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1\A0014491.dll detected Trojan program 'Trojan.Win32.Agent2.ipp'
29/4/2009 18:22:51 File: C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1\A0014491.dll not disinfected postponed
29/4/2009 18:22:52 File: C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1\A0014500.old detected Trojan program 'Trojan.Win32.VB.nzr'
29/4/2009 18:22:52 File: C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1\A0014500.old not disinfected postponed
29/4/2009 18:23:01 File: C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1\A0014609.com detected Trojan program 'Backdoor.Win32.IRCBot.dsh'
29/4/2009 18:23:01 File: C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1\A0014609.com not disinfected postponed
29/4/2009 18:23:01 File: C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1\A0014610.sys detected Trojan program 'Rootkit.Win32.Agent.jbb'
29/4/2009 18:23:01 File: C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1\A0014610.sys not disinfected postponed
29/4/2009 18:23:02 File: C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1\A0014612.exe//calling.com detected Trojan program 'Backdoor.Win32.IRCBot.dsh'
29/4/2009 18:23:02 File: C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1\A0014612.exe//calling.com not disinfected postponed
29/4/2009 18:23:03 File: C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1\A0014612.exe//lmz.exe detected Trojan program 'Backdoor.IRC.Zapchast.zwqy'
29/4/2009 18:23:03 File: C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1\A0014612.exe//lmz1.bmp detected Trojan program 'Backdoor.IRC.Zapchast.zwqz'
29/4/2009 18:23:03 File: C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1\A0014612.exe//lmz2.bmp detected Trojan program 'Backdoor.IRC.Zapchast.zwra'
29/4/2009 18:23:03 File: C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1\A0014612.exe//lmz3.bmp detected Trojan program 'Backdoor.IRC.Zapchast.zwrb'
29/4/2009 18:23:04 File: C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1\A0014613.exe//lmz3.bmp detected Trojan program 'Backdoor.IRC.Zapchast.zwrb'
29/4/2009 18:23:04 File: C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1\A0014613.exe//lmz3.bmp not disinfected postponed
29/4/2009 18:23:06 File: C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1\A0014613.exe//lmz1.bmp detected Trojan program 'Backdoor.IRC.Zapchast.zwqz'
29/4/2009 18:23:06 File: C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1\A0014613.exe//lmz2.bmp detected Trojan program 'Backdoor.IRC.Zapchast.zwra'
29/4/2009 18:23:08 File: C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1\A0014613.exe//lmz.exe detected Trojan program 'Backdoor.IRC.Zapchast.zwqy'
29/4/2009 18:23:08 File: C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1\A0014614.exe detected Trojan program 'Trojan.Win32.Agent2.hoc'
29/4/2009 18:23:08 File: C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1\A0014614.exe not disinfected postponed
29/4/2009 18:23:08 File: C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1\A0014615.exe//lmz3.bmp detected Trojan program 'Backdoor.IRC.Zapchast.zwrb'
29/4/2009 18:23:08 File: C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1\A0014615.exe//lmz3.bmp not disinfected postponed
29/4/2009 18:23:10 File: C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1\A0014616.exe detected Trojan program 'Trojan-Spy.Win32.AutoIt.c'
29/4/2009 18:23:10 File: C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1\A0014616.exe not disinfected postponed
29/4/2009 18:23:10 File: C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1\A0014617.exe detected Trojan program 'Backdoor.IRC.Zapchast.zwrb' by hash
29/4/2009 18:23:11 File: C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1\A0014618.exe detected Trojan program 'Backdoor.IRC.Zapchast.zwqy' by hash
29/4/2009 18:23:11 File: C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1\A0014619.exe/dpcxool64.sys detected Trojan program 'Trojan.Win32.VB.obn'
29/4/2009 18:23:11 File: C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1\A0014619.exe/dpcxool64.sys not disinfected postponed
29/4/2009 18:23:11 File: C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1\A0014620.exe detected Trojan program 'not-a-virus:RiskTool.Win32.HideWindows' by hash
29/4/2009 18:23:11 File: C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1\A0014621.exe detected Trojan program 'Trojan-Spy.Win32.AutoIt.c'
29/4/2009 18:23:11 File: C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1\A0014621.exe not disinfected postponed
29/4/2009 18:23:12 File: C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1\A0014622.exe detected Trojan program 'Trojan-Spy.Win32.AutoIt.c'
29/4/2009 18:23:12 File: C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1\A0014622.exe not disinfected postponed
29/4/2009 18:23:12 File: C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1\A0014623.INS detected Trojan program 'Backdoor.Win32.IRCBot.dsh'
29/4/2009 18:23:12 File: C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1\A0014623.INS not disinfected postponed
29/4/2009 18:23:12 File: C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1\A0014624.INS detected Trojan program 'Backdoor.Win32.IRCBot.dsh'
29/4/2009 18:23:12 File: C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1\A0014624.INS not disinfected postponed
29/4/2009 18:23:12 File: C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1\A0014625.INS detected Trojan program 'Backdoor.Win32.IRCBot.dsh'
29/4/2009 18:23:12 File: C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1\A0014625.INS not disinfected postponed
29/4/2009 18:23:12 File: C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1\A0014626.INS detected Trojan program 'Backdoor.Win32.IRCBot.dsh'
29/4/2009 18:23:12 File: C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1\A0014626.INS not disinfected postponed
29/4/2009 18:23:12 File: C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1\A0014627.INS detected Trojan program 'Backdoor.Win32.IRCBot.dsh'
29/4/2009 18:23:12 File: C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1\A0014627.INS not disinfected postponed
29/4/2009 18:23:12 File: C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1\A0014628.INS detected Trojan program 'Backdoor.Win32.IRCBot.dsh'
29/4/2009 18:23:12 File: C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1\A0014628.INS not disinfected postponed
29/4/2009 18:37:00 File: C:\WINDOWS\Help\ciadmin.htm detected Trojan program 'Trojan-Clicker.HTML.IFrame.aga'
29/4/2009 18:37:00 File: C:\WINDOWS\Help\ciadmin.htm not disinfected postponed
29/4/2009 18:37:26 File: C:\WINDOWS\Help\migwiz.htm detected Trojan program 'Trojan-Clicker.HTML.IFrame.aga'
29/4/2009 18:37:26 File: C:\WINDOWS\Help\migwiz.htm not disinfected postponed
29/4/2009 18:37:26 File: C:\WINDOWS\Help\migwiz2.htm detected Trojan program 'Trojan-Clicker.HTML.IFrame.aga'
29/4/2009 18:37:26 File: C:\WINDOWS\Help\migwiz2.htm not disinfected postponed
29/4/2009 18:40:17 File: C:\WINDOWS\pchealth\helpctr\System\blurbs\searchtips.htm detected Trojan program 'Trojan-Clicker.HTML.IFrame.aga'
29/4/2009 18:40:17 File: C:\WINDOWS\pchealth\helpctr\System\blurbs\searchtips.htm not disinfected postponed
29/4/2009 18:40:19 File: C:\WINDOWS\pchealth\helpctr\System\errors\connection.htm detected Trojan program 'Trojan-Clicker.HTML.IFrame.aga'
29/4/2009 18:40:19 File: C:\WINDOWS\pchealth\helpctr\System\errors\connection.htm not disinfected postponed
29/4/2009 18:44:47 File: C:\WINDOWS\system32\config\systemprofile\Configurações locais\Temporary Internet Files\Content.IE5\WPMN4XI7\ToastMini[1].htm detected Trojan program 'Trojan-Clicker.HTML.IFrame.aga'
(continua no próximo post...)
(continuação do post anterior)
29/4/2009 18:44:47 File: C:\WINDOWS\system32\config\systemprofile\Configurações locais\Temporary Internet Files\Content.IE5\WPMN4XI7\ToastMini[1].htm not disinfected postponed
29/4/2009 18:45:05 File: C:\WINDOWS\system32\dk\lmz1.bmp detected Trojan program 'Backdoor.IRC.Zapchast.zwqz'
29/4/2009 18:45:05 File: C:\WINDOWS\system32\dk\lmz1.bmp not disinfected postponed
29/4/2009 18:47:29 File: C:\WINDOWS\system32\drive\27296716.INS detected Trojan program 'Backdoor.Win32.IRCBot.dsh'
29/4/2009 18:47:29 File: C:\WINDOWS\system32\drive\27296716.INS not disinfected postponed
29/4/2009 18:47:29 File: C:\WINDOWS\system32\drive\31861617.INS detected Trojan program 'Backdoor.Win32.IRCBot.dsh'
29/4/2009 18:47:29 File: C:\WINDOWS\system32\drive\31861617.INS not disinfected postponed
29/4/2009 18:47:29 File: C:\WINDOWS\system32\drive\37224256.INS detected Trojan program 'Backdoor.Win32.IRCBot.dsh'
29/4/2009 18:47:29 File: C:\WINDOWS\system32\drive\37224256.INS not disinfected postponed
29/4/2009 18:47:30 File: C:\WINDOWS\system32\drive\7058408.INS detected Trojan program 'Backdoor.Win32.IRCBot.dsh'
29/4/2009 18:47:30 File: C:\WINDOWS\system32\drive\7058408.INS not disinfected postponed
29/4/2009 18:47:30 File: C:\WINDOWS\system32\drive\8204747.INS detected Trojan program 'Backdoor.Win32.IRCBot.dsh'
29/4/2009 18:47:30 File: C:\WINDOWS\system32\drive\8204747.INS not disinfected postponed
29/4/2009 18:47:30 File: C:\WINDOWS\system32\drive\86102025.INS detected Trojan program 'Backdoor.Win32.IRCBot.dsh'
29/4/2009 18:47:30 File: C:\WINDOWS\system32\drive\86102025.INS not disinfected postponed
29/4/2009 18:47:31 File: C:\WINDOWS\system32\drive\lmz1.bmp detected Trojan program 'Backdoor.IRC.Zapchast.zwqz'
29/4/2009 18:47:31 File: C:\WINDOWS\system32\drive\lmz1.bmp not disinfected postponed
29/4/2009 18:48:36 File: C:\WINDOWS\Temp\BN13.tmp detected Trojan program 'Trojan-Downloader.Win32.FraudLoad.vqzq'
29/4/2009 18:48:36 File: C:\WINDOWS\Temp\BN13.tmp not disinfected postponed
29/4/2009 18:48:36 File: C:\WINDOWS\Temp\BN14.tmp detected Trojan program 'Trojan-Downloader.Win32.FraudLoad.vqzq'
29/4/2009 18:48:36 File: C:\WINDOWS\Temp\BN14.tmp not disinfected postponed
29/4/2009 18:48:36 File: C:\WINDOWS\Temp\BN15.tmp detected Trojan program 'Trojan-Downloader.Win32.FraudLoad.vqzq'
29/4/2009 18:48:36 File: C:\WINDOWS\Temp\BN15.tmp not disinfected postponed
29/4/2009 18:48:36 File: C:\WINDOWS\Temp\BN27.tmp detected Trojan program 'Trojan-Downloader.Win32.FraudLoad.vqzq'
29/4/2009 18:48:36 File: C:\WINDOWS\Temp\BN27.tmp not disinfected postponed
29/4/2009 18:48:36 File: C:\WINDOWS\Temp\BNC.tmp detected Trojan program 'Trojan-Downloader.Win32.FraudLoad.vqzq'
29/4/2009 18:48:36 File: C:\WINDOWS\Temp\BNC.tmp not disinfected postponed
29/4/2009 18:48:38 File: C:\WINDOWS\Temp\nncdndfdfg48.exe/dpcxool64.sys detected Trojan program 'Trojan.Win32.VB.obn'
29/4/2009 18:48:38 File: C:\WINDOWS\Temp\nncdndfdfg48.exe/dpcxool64.sys not disinfected postponed
29/4/2009 18:48:39 File: C:\WINDOWS\Temp\VRT4.tmp detected Trojan program 'Trojan.Win32.Agent2.iqq'
29/4/2009 18:48:39 File: C:\WINDOWS\Temp\VRT4.tmp not disinfected postponed
29/4/2009 18:48:39 File: C:\WINDOWS\Temp\VRT7.tmp detected Trojan program 'Trojan.Win32.Agent2.iqq'
29/4/2009 18:48:39 File: C:\WINDOWS\Temp\VRT7.tmp not disinfected postponed
29/4/2009 18:48:40 File: C:\WINDOWS\Web\tip.htm detected Trojan program 'Trojan-Clicker.HTML.IFrame.aga'
29/4/2009 18:48:40 File: C:\WINDOWS\Web\tip.htm not disinfected postponed
29/4/2009 18:48:50 File: c:\documents and settings\carlos\meus documentos\diet calculator, body fat calculator.htm detected Trojan program 'Trojan-Clicker.HTML.IFrame.aga'
29/4/2009 18:49:15 File: c:\documents and settings\carlos\meus documentos\diet calculator, body fat calculator.htm disinfected Trojan program 'Trojan-Clicker.HTML.IFrame.aga'
29/4/2009 18:49:15 File: c:\documents and settings\carlos\meus documentos\diet calculator, body fat calculator.htm detected Trojan program 'Trojan-Clicker.HTML.IFrame.aga'
29/4/2009 18:49:15 File: c:\documents and settings\carlos\meus documentos\diet calculator, body fat calculator.htm disinfected Trojan program 'Trojan-Clicker.HTML.IFrame.aga'
29/4/2009 18:49:15 File: c:\documents and settings\carlos\meus documentos\diet calculator, body fat calculator.htm detected Trojan program 'Trojan-Clicker.HTML.IFrame.aga'
29/4/2009 18:49:15 File: c:\documents and settings\carlos\meus documentos\diet calculator, body fat calculator.htm disinfected Trojan program 'Trojan-Clicker.HTML.IFrame.aga'
29/4/2009 18:49:15 File: c:\documents and settings\carlos\meus documentos\diet calculator, body fat calculator.htm detected Trojan program 'Trojan-Clicker.HTML.IFrame.aga'
29/4/2009 18:49:15 File: c:\documents and settings\carlos\meus documentos\diet calculator, body fat calculator.htm disinfected Trojan program 'Trojan-Clicker.HTML.IFrame.aga'
29/4/2009 18:49:15 File: c:\documents and settings\carlos\meus documentos\diet calculator, body fat calculator.htm detected Trojan program 'Trojan-Clicker.HTML.IFrame.aga'
29/4/2009 18:49:15 File: c:\documents and settings\carlos\meus documentos\diet calculator, body fat calculator.htm disinfected Trojan program 'Trojan-Clicker.HTML.IFrame.aga'
29/4/2009 18:49:15 File: c:\documents and settings\carlos\meus documentos\diet calculator, body fat calculator.htm detected Trojan program 'Trojan-Clicker.HTML.IFrame.aga'
29/4/2009 18:49:15 File: c:\documents and settings\carlos\meus documentos\diet calculator, body fat calculator.htm disinfected Trojan program 'Trojan-Clicker.HTML.IFrame.aga'
29/4/2009 18:49:15 File: c:\documents and settings\carlos\meus documentos\diet calculator, body fat calculator.htm detected Trojan program 'Trojan-Clicker.HTML.IFrame.aga'
29/4/2009 18:49:15 File: c:\documents and settings\carlos\meus documentos\diet calculator, body fat calculator.htm disinfected Trojan program 'Trojan-Clicker.HTML.IFrame.aga'
29/4/2009 18:49:15 File: c:\documents and settings\carlos\meus documentos\diet calculator, body fat calculator.htm detected Trojan program 'Trojan-Clicker.HTML.IFrame.aga'
29/4/2009 18:49:15 File: c:\documents and settings\carlos\meus documentos\diet calculator, body fat calculator.htm disinfected Trojan program 'Trojan-Clicker.HTML.IFrame.aga'
29/4/2009 18:49:15 File: c:\documents and settings\carlos\meus documentos\diet calculator, body fat calculator.htm detected Trojan program 'Trojan-Clicker.HTML.IFrame.aga'
29/4/2009 18:49:15 File: c:\documents and settings\carlos\meus documentos\diet calculator, body fat calculator.htm disinfected Trojan program 'Trojan-Clicker.HTML.IFrame.aga'
29/4/2009 18:49:15 File: c:\documents and settings\carlos\meus documentos\diet calculator, body fat calculator.htm detected Trojan program 'Trojan-Clicker.HTML.IFrame.aga'
29/4/2009 18:49:15 File: c:\documents and settings\carlos\meus documentos\diet calculator, body fat calculator.htm disinfected Trojan program 'Trojan-Clicker.HTML.IFrame.aga'
29/4/2009 18:49:15 File: c:\documents and settings\carlos\meus documentos\diet calculator, body fat calculator.htm detected Trojan program 'Trojan-Clicker.HTML.IFrame.aga'
29/4/2009 18:49:15 File: c:\documents and settings\carlos\meus documentos\diet calculator, body fat calculator.htm disinfected Trojan program 'Trojan-Clicker.HTML.IFrame.aga'
29/4/2009 18:49:16 File: c:\ckc.exe//calling.com detected Trojan program 'Backdoor.Win32.IRCBot.dsh'
29/4/2009 18:49:32 File: c:\ckc.exe//lmz.exe detected Trojan program 'Backdoor.IRC.Zapchast.zwqy'
29/4/2009 18:49:32 File: c:\ckc.exe//lmz1.bmp detected Trojan program 'Backdoor.IRC.Zapchast.zwqz'
29/4/2009 18:49:32 File: c:\ckc.exe//lmz2.bmp detected Trojan program 'Backdoor.IRC.Zapchast.zwra'
29/4/2009 18:49:32 File: c:\ckc.exe//lmz3.bmp detected Trojan program 'Backdoor.IRC.Zapchast.zwrb'
29/4/2009 18:49:32 File: c:\ckc.exe deleted
29/4/2009 18:49:33 File: c:\ddram.exe//lmz3.bmp detected Trojan program 'Backdoor.IRC.Zapchast.zwrb'
29/4/2009 18:49:40 File: c:\ddram.exe//lmz1.bmp detected Trojan program 'Backdoor.IRC.Zapchast.zwqz'
29/4/2009 18:49:40 File: c:\ddram.exe//lmz2.bmp detected Trojan program 'Backdoor.IRC.Zapchast.zwra'
29/4/2009 18:49:43 File: c:\ddram.exe//lmz.exe detected Trojan program 'Backdoor.IRC.Zapchast.zwqy'
29/4/2009 18:49:43 File: c:\ddram.exe deleted
29/4/2009 18:49:43 File: c:\hah.exe detected Trojan program 'Backdoor.IRC.Zapchast.zwrb' by hash
29/4/2009 18:49:44 File: c:\hah.exe deleted
29/4/2009 18:49:44 File: c:\nfhusmai.exe detected Trojan program 'Trojan.Win32.Agent2.hoc'
29/4/2009 18:49:44 File: c:\nfhusmai.exe deleted
29/4/2009 18:49:44 File: c:\rq.exe detected Trojan program 'Backdoor.IRC.Zapchast.zwrb' by hash
29/4/2009 18:49:45 File: c:\rq.exe deleted
29/4/2009 18:49:46 File: c:\sysm.exe//lmz3.bmp detected Trojan program 'Backdoor.IRC.Zapchast.zwrb'
29/4/2009 18:49:48 File: c:\sysm.exe deleted
29/4/2009 18:49:48 File: c:\arquivos de programas\arquivos comuns\installshield\updateservice\pm.html detected Trojan program 'Trojan-Clicker.HTML.IFrame.aga'
29/4/2009 18:49:52 File: c:\arquivos de programas\arquivos comuns\installshield\updateservice\pm.html disinfected Trojan program 'Trojan-Clicker.HTML.IFrame.aga'
29/4/2009 18:49:52 File: c:\arquivos de programas\arquivos comuns\installshield\updateservice\pm.html detected Trojan program 'Trojan-Clicker.HTML.IFrame.aga'
29/4/2009 18:49:52 File: c:\arquivos de programas\arquivos comuns\installshield\updateservice\pm.html disinfected Trojan program 'Trojan-Clicker.HTML.IFrame.aga'
29/4/2009 18:49:52 File: c:\arquivos de programas\arquivos comuns\installshield\updateservice\pm.html detected Trojan program 'Trojan-Clicker.HTML.IFrame.aga'
29/4/2009 18:49:52 File: c:\arquivos de programas\arquivos comuns\installshield\updateservice\pm.html disinfected Trojan program 'Trojan-Clicker.HTML.IFrame.aga'
29/4/2009 18:49:52 File: c:\arquivos de programas\arquivos comuns\installshield\updateservice\pm.html detected Trojan program 'Trojan-Clicker.HTML.IFrame.aga'
29/4/2009 18:49:52 File: c:\arquivos de programas\arquivos comuns\installshield\updateservice\pm.html disinfected Trojan program 'Trojan-Clicker.HTML.IFrame.aga'
29/4/2009 18:49:52 File: c:\arquivos de programas\arquivos comuns\installshield\updateservice\pm.html detected Trojan program 'Trojan-Clicker.HTML.IFrame.aga'
29/4/2009 18:49:52 File: c:\arquivos de programas\arquivos comuns\installshield\updateservice\pm.html disinfected Trojan program 'Trojan-Clicker.HTML.IFrame.aga'
29/4/2009 18:49:52 File: c:\arquivos de programas\arquivos comuns\installshield\updateservice\pm.html detected Trojan program 'Trojan-Clicker.HTML.IFrame.aga'
29/4/2009 18:49:52 File: c:\arquivos de programas\arquivos comuns\installshield\updateservice\pm.html disinfected Trojan program 'Trojan-Clicker.HTML.IFrame.aga'
29/4/2009 18:49:52 File: c:\arquivos de programas\hp\digital imaging\hp deskjet 3900 series\data\readme.html detected Trojan program 'Trojan-Clicker.HTML.IFrame.aga'
29/4/2009 18:49:52 File: c:\arquivos de programas\hp\digital imaging\hp deskjet 3900 series\data\readme.html disinfected Trojan program 'Trojan-Clicker.HTML.IFrame.aga'
29/4/2009 18:49:52 File: c:\arquivos de programas\hp\digital imaging\hp deskjet 3900 series\data\readme.html detected Trojan program 'Trojan-Clicker.HTML.IFrame.aga'
29/4/2009 18:49:52 File: c:\arquivos de programas\hp\digital imaging\hp deskjet 3900 series\data\readme.html disinfected Trojan program 'Trojan-Clicker.HTML.IFrame.aga'
29/4/2009 18:49:52 File: c:\arquivos de programas\hp\digital imaging\hp deskjet 3900 series\data\readme.html detected Trojan program 'Trojan-Clicker.HTML.IFrame.aga'
29/4/2009 18:49:52 File: c:\arquivos de programas\hp\digital imaging\hp deskjet 3900 series\data\readme.html disinfected Trojan program 'Trojan-Clicker.HTML.IFrame.aga'
29/4/2009 18:49:52 File: c:\arquivos de programas\hp\digital imaging\hp deskjet 3900 series\data\readme.html detected Trojan program 'Trojan-Clicker.HTML.IFrame.aga'
29/4/2009 18:49:52 File: c:\arquivos de programas\hp\digital imaging\hp deskjet 3900 series\data\readme.html disinfected Trojan program 'Trojan-Clicker.HTML.IFrame.aga'
29/4/2009 18:49:52 File: c:\arquivos de programas\hp\digital imaging\hp deskjet 3900 series\data\readme.html detected Trojan program 'Trojan-Clicker.HTML.IFrame.aga'
29/4/2009 18:49:52 File: c:\arquivos de programas\hp\digital imaging\hp deskjet 3900 series\data\readme.html disinfected Trojan program 'Trojan-Clicker.HTML.IFrame.aga'
29/4/2009 18:49:52 File: c:\arquivos de programas\hp\digital imaging\hp deskjet 3900 series\data\readme.html detected Trojan program 'Trojan-Clicker.HTML.IFrame.aga'
29/4/2009 18:49:52 File: c:\arquivos de programas\hp\digital imaging\hp deskjet 3900 series\data\readme.html disinfected Trojan program 'Trojan-Clicker.HTML.IFrame.aga'
29/4/2009 18:49:52 File: c:\arquivos de programas\hp\digital imaging\hp deskjet 3900 series\data\readme.html detected Trojan program 'Trojan-Clicker.HTML.IFrame.aga'
29/4/2009 18:49:52 File: c:\arquivos de programas\hp\digital imaging\hp deskjet 3900 series\data\readme.html disinfected Trojan program 'Trojan-Clicker.HTML.IFrame.aga'
29/4/2009 18:49:52 File: c:\arquivos de programas\hp\digital imaging\hp deskjet 3900 series\data\readme.html detected Trojan program 'Trojan-Clicker.HTML.IFrame.aga'
29/4/2009 18:49:52 File: c:\arquivos de programas\hp\digital imaging\hp deskjet 3900 series\data\readme.html disinfected Trojan program 'Trojan-Clicker.HTML.IFrame.aga'
29/4/2009 18:49:53 File: c:\arquivos de programas\ht networks\ht player\pomoc.html detected Trojan program 'Trojan-Clicker.HTML.IFrame.aga'
29/4/2009 18:49:53 File: c:\arquivos de programas\ht networks\ht player\pomoc.html disinfected Trojan program 'Trojan-Clicker.HTML.IFrame.aga'
29/4/2009 18:49:53 File: c:\documents and settings\carlos\configurações locais\dados de aplicativos\websvr.exe detected Trojan program 'Trojan-Spy.Win32.AutoIt.c'
29/4/2009 18:49:53 File: c:\documents and settings\carlos\configurações locais\dados de aplicativos\websvr.exe deleted
29/4/2009 18:49:53 File: c:\documents and settings\carlos\configurações locais\temp\temporary internet files\content.ie5\stuj8lan\iframe[1].htm detected Trojan program 'Trojan-Clicker.HTML.IFrame.aga'
29/4/2009 18:49:53 File: c:\documents and settings\carlos\configurações locais\temp\temporary internet files\content.ie5\stuj8lan\iframe[1].htm disinfected Trojan program 'Trojan-Clicker.HTML.IFrame.aga'
29/4/2009 18:49:53 File: c:\documents and settings\carlos\configurações locais\temporary internet files\content.ie5\3asvvpwl\069[1].htm detected Trojan program 'Trojan-Clicker.HTML.IFrame.aga'
29/4/2009 18:49:53 File: c:\documents and settings\carlos\configurações locais\temporary internet files\content.ie5\3asvvpwl\069[1].htm disinfected Trojan program 'Trojan-Clicker.HTML.IFrame.aga'
29/4/2009 18:49:54 File: c:\documents and settings\carlos\configurações locais\temporary internet files\content.ie5\3asvvpwl\184[1].htm detected Trojan program 'Trojan-Clicker.HTML.IFrame.aga'
29/4/2009 18:49:54 File: c:\documents and settings\carlos\configurações locais\temporary internet files\content.ie5\3asvvpwl\184[1].htm disinfected Trojan program 'Trojan-Clicker.HTML.IFrame.aga'
29/4/2009 18:49:54 File: c:\documents and settings\carlos\configurações locais\temporary internet files\content.ie5\93r7h9ge\bqwkgherb[1].htm detected Trojan program 'Trojan.Win32.Agent2.hoc'
29/4/2009 18:49:54 File: c:\documents and settings\carlos\configurações locais\temporary internet files\content.ie5\93r7h9ge\bqwkgherb[1].htm deleted
29/4/2009 18:49:54 File: c:\documents and settings\carlos\configurações locais\temporary internet files\content.ie5\93r7h9ge\rc[1].htm detected Trojan program 'Trojan-Downloader.JS.Plif.a'
29/4/2009 18:49:54 File: c:\documents and settings\carlos\configurações locais\temporary internet files\content.ie5\93r7h9ge\rc[1].htm deleted
29/4/2009 18:49:54 File: c:\documents and settings\carlos\configurações locais\temporary internet files\content.ie5\93r7h9ge\rc[2].htm detected Trojan program 'Trojan-Downloader.JS.Plif.a'
29/4/2009 18:49:54 File: c:\documents and settings\carlos\configurações locais\temporary internet files\content.ie5\93r7h9ge\rc[2].htm deleted
29/4/2009 18:49:54 File: c:\documents and settings\carlos\configurações locais\temporary internet files\content.ie5\93r7h9ge\rc[3].htm detected Trojan program 'Trojan-Downloader.JS.Plif.a'
29/4/2009 18:49:54 File: c:\documents and settings\carlos\configurações locais\temporary internet files\content.ie5\93r7h9ge\rc[3].htm deleted
29/4/2009 18:49:54 File: c:\documents and settings\carlos\configurações locais\temporary internet files\content.ie5\93r7h9ge\rc[4].htm detected Trojan program 'Trojan-Downloader.JS.Plif.a'
29/4/2009 18:49:54 File: c:\documents and settings\carlos\configurações locais\temporary internet files\content.ie5\93r7h9ge\rc[4].htm deleted
29/4/2009 18:49:54 File: c:\documents and settings\carlos\configurações locais\temporary internet files\content.ie5\c1mb4l2n\ddsuper3[1].htm detected Trojan program 'Trojan.Win32.Agent2.hoc'
29/4/2009 18:49:54 File: c:\documents and settings\carlos\configurações locais\temporary internet files\content.ie5\c1mb4l2n\ddsuper3[1].htm deleted
29/4/2009 18:49:54 File: c:\documents and settings\carlos\configurações locais\temporary internet files\content.ie5\c1mb4l2n\index[1].htm detected Trojan program 'Trojan-Clicker.HTML.IFrame.aga'
29/4/2009 18:49:54 File: c:\documents and settings\carlos\configurações locais\temporary internet files\content.ie5\c1mb4l2n\index[1].htm disinfected Trojan program 'Trojan-Clicker.HTML.IFrame.aga'
29/4/2009 18:49:54 File: c:\documents and settings\carlos\configurações locais\temporary internet files\content.ie5\c1mb4l2n\index[1].htm detected Trojan program 'Trojan-Clicker.HTML.IFrame.aga'
29/4/2009 18:49:54 File: c:\documents and settings\carlos\configurações locais\temporary internet files\content.ie5\c1mb4l2n\index[1].htm disinfected Trojan program 'Trojan-Clicker.HTML.IFrame.aga'
29/4/2009 18:49:55 File: c:\documents and settings\carlos\configurações locais\temporary internet files\content.ie5\cj0j27mv\poliovirus[1].htm detected Trojan program 'Trojan-Clicker.HTML.IFrame.aga'
29/4/2009 18:49:55 File: c:\documents and settings\carlos\configurações locais\temporary internet files\content.ie5\cj0j27mv\poliovirus[1].htm disinfected Trojan program 'Trojan-Clicker.HTML.IFrame.aga'
29/4/2009 18:49:55 File: c:\documents and settings\carlos\configurações locais\temporary internet files\content.ie5\f650zklp\iolvvift[1].htm detected Trojan program 'Trojan.Win32.Agent2.hoc'
29/4/2009 18:49:55 File: c:\documents and settings\carlos\configurações locais\temporary internet files\content.ie5\f650zklp\iolvvift[1].htm deleted
29/4/2009 18:49:55 File: c:\documents and settings\carlos\configurações locais\temporary internet files\content.ie5\f650zklp\redirect[1].htm detected Trojan program 'Trojan-Clicker.HTML.IFrame.aga'
29/4/2009 18:49:55 File: c:\documents and settings\carlos\configurações locais\temporary internet files\content.ie5\f650zklp\redirect[1].htm disinfected Trojan program 'Trojan-Clicker.HTML.IFrame.aga'
29/4/2009 18:49:55 File: c:\documents and settings\carlos\configurações locais\temporary internet files\content.ie5\g5m7k5yr\hnwtu[1].htm detected Trojan program 'Trojan.Win32.Agent2.hoc'
29/4/2009 18:49:55 File: c:\documents and settings\carlos\configurações locais\temporary internet files\content.ie5\g5m7k5yr\hnwtu[1].htm deleted
29/4/2009 18:49:55 File: c:\documents and settings\carlos\configurações locais\temporary internet files\content.ie5\kl2n0d6r\042[1].htm detected Trojan program 'Trojan-Clicker.HTML.IFrame.aga'
29/4/2009 18:49:55 File: c:\documents and settings\carlos\configurações locais\temporary internet files\content.ie5\kl2n0d6r\042[1].htm disinfected Trojan program 'Trojan-Clicker.HTML.IFrame.aga'
29/4/2009 18:49:55 File: c:\documents and settings\carlos\configurações locais\temporary internet files\content.ie5\kl2n0d6r\listarminhasinscricoes8d41d5b8[1].htm detected Trojan program 'Trojan-Clicker.HTML.IFrame.aga'
29/4/2009 18:49:55 File: c:\documents and settings\carlos\configurações locais\temporary internet files\content.ie5\kl2n0d6r\listarminhasinscricoes8d41d5b8[1].htm disinfected Trojan program 'Trojan-Clicker.HTML.IFrame.aga'
29/4/2009 18:49:56 File: c:\documents and settings\carlos\configurações locais\temporary internet files\content.ie5\kxaxsjqz\horaciocorral.tudoteca.com[1].htm detected Trojan program 'Trojan-Clicker.HTML.IFrame.aga'
29/4/2009 18:49:56 File: c:\documents and settings\carlos\configurações locais\temporary internet files\content.ie5\kxaxsjqz\horaciocorral.tudoteca.com[1].htm disinfected Trojan program 'Trojan-Clicker.HTML.IFrame.aga'
29/4/2009 18:49:56 File: c:\documents and settings\carlos\configurações locais\temporary internet files\content.ie5\kxaxsjqz\horaciocorral.tudoteca.com[1].htm detected Trojan program 'Trojan-Clicker.HTML.IFrame.aga'
29/4/2009 18:49:56 File: c:\documents and settings\carlos\configurações locais\temporary internet files\content.ie5\kxaxsjqz\horaciocorral.tudoteca.com[1].htm disinfected Trojan program 'Trojan-Clicker.HTML.IFrame.aga'
29/4/2009 18:49:56 File: c:\documents and settings\carlos\configurações locais\temporary internet files\content.ie5\kxaxsjqz\horaciocorral.tudoteca.com[1].htm detected Trojan program 'Trojan-Clicker.HTML.IFrame.aga'
29/4/2009 18:49:56 File: c:\documents and settings\carlos\configurações locais\temporary internet files\content.ie5\kxaxsjqz\horaciocorral.tudoteca.com[1].htm disinfected Trojan program 'Trojan-Clicker.HTML.IFrame.aga'
29/4/2009 18:49:56 File: c:\documents and settings\carlos\configurações locais\temporary internet files\content.ie5\kxaxsjqz\horaciocorral.tudoteca.com[1].htm detected Trojan program 'Trojan-Clicker.HTML.IFrame.aga'
29/4/2009 18:49:56 File: c:\documents and settings\carlos\configurações locais\temporary internet files\content.ie5\kxaxsjqz\horaciocorral.tudoteca.com[1].htm disinfected Trojan program 'Trojan-Clicker.HTML.IFrame.aga'
29/4/2009 18:49:56 File: c:\documents and settings\carlos\configurações locais\temporary internet files\content.ie5\kxaxsjqz\horaciocorral.tudoteca.com[1].htm detected Trojan program 'Trojan-Clicker.HTML.IFrame.aga'
29/4/2009 18:49:56 File: c:\documents and settings\carlos\configurações locais\temporary internet files\content.ie5\kxaxsjqz\horaciocorral.tudoteca.com[1].htm disinfected Trojan program 'Trojan-Clicker.HTML.IFrame.aga'
29/4/2009 18:49:56 File: c:\documents and settings\carlos\configurações locais\temporary internet files\content.ie5\kxaxsjqz\horaciocorral.tudoteca.com[1].htm detected Trojan program 'Trojan-Clicker.HTML.IFrame.aga'
29/4/2009 18:49:56 File: c:\documents and settings\carlos\configurações locais\temporary internet files\content.ie5\kxaxsjqz\horaciocorral.tudoteca.com[1].htm disinfected Trojan program 'Trojan-Clicker.HTML.IFrame.aga'
29/4/2009 18:49:56 File: c:\documents and settings\carlos\configurações locais\temporary internet files\content.ie5\kxaxsjqz\horaciocorral.tudoteca.com[1].htm detected Trojan program 'Trojan-Clicker.HTML.IFrame.aga'
29/4/2009 18:49:56 File: c:\documents and settings\carlos\configurações locais\temporary internet files\content.ie5\kxaxsjqz\horaciocorral.tudoteca.com[1].htm disinfected Trojan program 'Trojan-Clicker.HTML.IFrame.aga'
29/4/2009 18:49:56 File: c:\documents and settings\carlos\configurações locais\temporary internet files\content.ie5\kxaxsjqz\horaciocorral.tudoteca.com[1].htm detected Trojan program 'Trojan-Clicker.HTML.IFrame.aga'
29/4/2009 18:49:56 File: c:\documents and settings\carlos\configurações locais\temporary internet files\content.ie5\kxaxsjqz\horaciocorral.tudoteca.com[1].htm disinfected Trojan program 'Trojan-Clicker.HTML.IFrame.aga'
29/4/2009 18:49:56 File: c:\documents and settings\carlos\configurações locais\temporary internet files\content.ie5\kxaxsjqz\horaciocorral.tudoteca.com[1].htm detected Trojan program 'Trojan-Clicker.HTML.IFrame.aga'
29/4/2009 18:49:56 File: c:\documents and settings\carlos\configurações locais\temporary internet files\content.ie5\kxaxsjqz\horaciocorral.tudoteca.com[1].htm disinfected Trojan program 'Trojan-Clicker.HTML.IFrame.aga'
29/4/2009 18:49:56 File: c:\documents and settings\carlos\configurações locais\temporary internet files\content.ie5\kxaxsjqz\horaciocorral.tudoteca.com[1].htm detected Trojan program 'Trojan-Clicker.HTML.IFrame.aga'
29/4/2009 18:49:56 File: c:\documents and settings\carlos\configurações locais\temporary internet files\content.ie5\kxaxsjqz\horaciocorral.tudoteca.com[1].htm disinfected Trojan program 'Trojan-Clicker.HTML.IFrame.aga'
29/4/2009 18:49:56 File: c:\documents and settings\carlos\configurações locais\temporary internet files\content.ie5\kxaxsjqz\horaciocorral.tudoteca.com[1].htm detected Trojan program 'Trojan-Clicker.HTML.IFrame.aga'
29/4/2009 18:49:56 File: c:\documents and settings\carlos\configurações locais\temporary internet files\content.ie5\kxaxsjqz\horaciocorral.tudoteca.com[1].htm disinfected Trojan program 'Trojan-Clicker.HTML.IFrame.aga'
29/4/2009 18:49:57 File: c:\documents and settings\carlos\configurações locais\temporary internet files\content.ie5\or25wrmt\ahurebocmi[1].htm detected Trojan program 'Trojan.Win32.Agent2.hoc'
29/4/2009 18:49:57 File: c:\documents and settings\carlos\configurações locais\temporary internet files\content.ie5\or25wrmt\ahurebocmi[1].htm deleted
29/4/2009 18:49:57 File: c:\documents and settings\carlos\configurações locais\temporary internet files\content.ie5\or25wrmt\ddsuper0[1].htm detected Trojan program 'Trojan.Win32.Pakes.nju'
29/4/2009 18:49:57 File: c:\documents and settings\carlos\configurações locais\temporary internet files\content.ie5\or25wrmt\ddsuper0[1].htm deleted
29/4/2009 18:49:57 File: c:\documents and settings\carlos\configurações locais\temporary internet files\content.ie5\or25wrmt\informacoes[1].htm detected Trojan program 'Trojan-Clicker.HTML.IFrame.aga'
29/4/2009 18:49:57 File: c:\documents and settings\carlos\configurações locais\temporary internet files\content.ie5\or25wrmt\informacoes[1].htm disinfected Trojan program 'Trojan-Clicker.HTML.IFrame.aga'
29/4/2009 18:49:57 File: c:\documents and settings\carlos\configurações locais\temporary internet files\content.ie5\rpg11y7e\index[2].htm detected Trojan program 'Trojan-Clicker.HTML.IFrame.aga'
29/4/2009 18:49:57 File: c:\documents and settings\carlos\configurações locais\temporary internet files\content.ie5\rpg11y7e\index[2].htm disinfected Trojan program 'Trojan-Clicker.HTML.IFrame.aga'
29/4/2009 18:49:57 File: c:\documents and settings\carlos\configurações locais\temporary internet files\content.ie5\sblp5o15\pifccpdnab[1].htm detected Trojan program 'Trojan.Win32.Agent2.hoc'
29/4/2009 18:49:57 File: c:\documents and settings\carlos\configurações locais\temporary internet files\content.ie5\sblp5o15\pifccpdnab[1].htm deleted
29/4/2009 18:49:57 File: c:\documents and settings\carlos\configurações locais\temporary internet files\content.ie5\sn6r49q3\djspmz[1].htm detected Trojan program 'Trojan.Win32.Agent2.hoc'
29/4/2009 18:49:57 File: c:\documents and settings\carlos\configurações locais\temporary internet files\content.ie5\sn6r49q3\djspmz[1].htm deleted
29/4/2009 18:49:57 File: c:\documents and settings\carlos\configurações locais\temporary internet files\content.ie5\w1qv4927\faleconosco[1].htm detected Trojan program 'Trojan-Clicker.HTML.IFrame.aga'
29/4/2009 18:49:57 File: c:\documents and settings\carlos\configurações locais\temporary internet files\content.ie5\w1qv4927\faleconosco[1].htm disinfected Trojan program 'Trojan-Clicker.HTML.IFrame.aga'
29/4/2009 18:49:58 File: c:\documents and settings\carlos\desktop\blackwell synergy - scand j immunol, volume 66 issue 2-3 page 106-112, august-september 2007 (full text).htm detected Trojan program 'Trojan-Clicker.HTML.IFrame.aga'
29/4/2009 18:49:58 File: c:\documents and settings\carlos\desktop\blackwell synergy - scand j immunol, volume 66 issue 2-3 page 106-112, august-september 2007 (full text).htm disinfected Trojan program 'Trojan-Clicker.HTML.IFrame.aga'
29/4/2009 18:49:58 File: c:\documents and settings\carlos\desktop\blackwell synergy - scand j immunol, volume 66 issue 2-3 page 106-112, august-september 2007 (full text).htm detected Trojan program 'Trojan-Clicker.HTML.IFrame.aga'
29/4/2009 18:49:58 File: c:\documents and settings\carlos\desktop\blackwell synergy - scand j immunol, volume 66 issue 2-3 page 106-112, august-september 2007 (full text).htm disinfected Trojan program 'Trojan-Clicker.HTML.IFrame.aga'
29/4/2009 18:49:58 File: c:\documents and settings\carlos\desktop\blackwell synergy - scand j immunol, volume 66 issue 2-3 page 106-112, august-september 2007 (full text).htm detected Trojan program 'Trojan-Clicker.HTML.IFrame.aga'
29/4/2009 18:49:58 File: c:\documents and settings\carlos\desktop\blackwell synergy - scand j immunol, volume 66 issue 2-3 page 106-112, august-september 2007 (full text).htm disinfected Trojan program 'Trojan-Clicker.HTML.IFrame.aga'
29/4/2009 18:49:58 File: c:\documents and settings\carlos\desktop\blackwell synergy - scand j immunol, volume 66 issue 2-3 page 106-112, august-september 2007 (full text).htm detected Trojan program 'Trojan-Clicker.HTML.IFrame.aga'
29/4/2009 18:49:58 File: c:\documents and settings\carlos\desktop\blackwell synergy - scand j immunol, volume 66 issue 2-3 page 106-112, august-september 2007 (full text).htm disinfected Trojan program 'Trojan-Clicker.HTML.IFrame.aga'
29/4/2009 18:49:58 File: c:\documents and settings\carlos\desktop\blackwell synergy - scand j immunol, volume 66 issue 2-3 page 106-112, august-september 2007 (full text).htm detected Trojan program 'Trojan-Clicker.HTML.IFrame.aga'
29/4/2009 18:49:58 File: c:\documents and settings\carlos\desktop\blackwell synergy - scand j immunol, volume 66 issue 2-3 page 106-112, august-september 2007 (full text).htm disinfected Trojan program 'Trojan-Clicker.HTML.IFrame.aga'
29/4/2009 18:49:58 File: c:\documents and settings\carlos\desktop\blackwell synergy - scand j immunol, volume 66 issue 2-3 page 106-112, august-september 2007 (full text).htm detected Trojan program 'Trojan-Clicker.HTML.IFrame.aga'
29/4/2009 18:49:58 File: c:\documents and settings\carlos\desktop\blackwell synergy - scand j immunol, volume 66 issue 2-3 page 106-112, august-september 2007 (full text).htm disinfected Trojan program 'Trojan-Clicker.HTML.IFrame.aga'
29/4/2009 18:49:58 File: c:\documents and settings\carlos\desktop\blackwell synergy - scand j immunol, volume 66 issue 2-3 page 106-112, august-september 2007 (full text).htm detected Trojan program 'Trojan-Clicker.HTML.IFrame.aga'
29/4/2009 18:49:58 File: c:\documents and settings\carlos\desktop\blackwell synergy - scand j immunol, volume 66 issue 2-3 page 106-112, august-september 2007 (full text).htm disinfected Trojan program 'Trojan-Clicker.HTML.IFrame.aga'
29/4/2009 18:49:58 File: c:\documents and settings\carlos\desktop\blackwell synergy - scand j immunol, volume 66 issue 2-3 page 106-112, august-september 2007 (full text).htm detected Trojan program 'Trojan-Clicker.HTML.IFrame.aga'
29/4/2009 18:49:58 File: c:\documents and settings\carlos\desktop\blackwell synergy - scand j immunol, volume 66 issue 2-3 page 106-112, august-september 2007 (full text).htm disinfected Trojan program 'Trojan-Clicker.HTML.IFrame.aga'
29/4/2009 18:49:58 File: c:\documents and settings\carlos\desktop\blackwell synergy - scand j immunol, volume 66 issue 2-3 page 106-112, august-september 2007 (full text).htm detected Trojan program 'Trojan-Clicker.HTML.IFrame.aga'
29/4/2009 18:49:58 File: c:\documents and settings\carlos\desktop\blackwell synergy - scand j immunol, volume 66 issue 2-3 page 106-112, august-september 2007 (full text).htm disinfected Trojan program 'Trojan-Clicker.HTML.IFrame.aga'
29/4/2009 18:49:58 File: c:\documents and settings\carlos\desktop\blackwell synergy - scand j immunol, volume 66 issue 2-3 page 106-112, august-september 2007 (full text).htm detected Trojan program 'Trojan-Clicker.HTML.IFrame.aga'
29/4/2009 18:49:58 File: c:\documents and settings\carlos\desktop\blackwell synergy - scand j immunol, volume 66 issue 2-3 page 106-112, august-september 2007 (full text).htm disinfected Trojan program 'Trojan-Clicker.HTML.IFrame.aga'
29/4/2009 18:49:58 File: c:\documents and settings\carlos\desktop\blackwell synergy - scand j immunol, volume 66 issue 2-3 page 106-112, august-september 2007 (full text).htm detected Trojan program 'Trojan-Clicker.HTML.IFrame.aga'
29/4/2009 18:49:58 File: c:\documents and settings\carlos\desktop\blackwell synergy - scand j immunol, volume 66 issue 2-3 page 106-112, august-september 2007 (full text).htm disinfected Trojan program 'Trojan-Clicker.HTML.IFrame.aga'
29/4/2009 18:49:58 File: c:\documents and settings\carlos\desktop\blackwell synergy - scand j immunol, volume 66 issue 2-3 page 106-112, august-september 2007 (full text).htm detected Trojan program 'Trojan-Clicker.HTML.IFrame.aga'
29/4/2009 18:49:58 File: c:\documents and settings\carlos\desktop\blackwell synergy - scand j immunol, volume 66 issue 2-3 page 106-112, august-september 2007 (full text).htm disinfected Trojan program 'Trojan-Clicker.HTML.IFrame.aga'
29/4/2009 18:49:58 File: c:\documents and settings\carlos\desktop\blackwell synergy - scand j immunol, volume 66 issue 2-3 page 106-112, august-september 2007 (full text).htm detected Trojan program 'Trojan-Clicker.HTML.IFrame.aga'
29/4/2009 18:49:58 File: c:\documents and settings\carlos\desktop\blackwell synergy - scand j immunol, volume 66 issue 2-3 page 106-112, august-september 2007 (full text).htm disinfected Trojan program 'Trojan-Clicker.HTML.IFrame.aga'
29/4/2009 18:49:58 File: c:\documents and settings\carlos\desktop\blackwell synergy - scand j immunol, volume 66 issue 2-3 page 106-112, august-september 2007 (full text).htm detected Trojan program 'Trojan-Clicker.HTML.IFrame.aga'
29/4/2009 18:49:58 File: c:\documents and settings\carlos\desktop\blackwell synergy - scand j immunol, volume 66 issue 2-3 page 106-112, august-september 2007 (full text).htm disinfected Trojan program 'Trojan-Clicker.HTML.IFrame.aga'
29/4/2009 18:49:58 File: c:\documents and settings\carlos\desktop\blackwell synergy - scand j immunol, volume 66 issue 2-3 page 106-112, august-september 2007 (full text).htm detected Trojan program 'Trojan-Clicker.HTML.IFrame.aga'
29/4/2009 18:49:58 File: c:\documents and settings\carlos\desktop\blackwell synergy - scand j immunol, volume 66 issue 2-3 page 106-112, august-september 2007 (full text).htm disinfected Trojan program 'Trojan-Clicker.HTML.IFrame.aga'
29/4/2009 18:49:58 File: c:\documents and settings\carlos\desktop\blackwell synergy - scand j immunol, volume 66 issue 2-3 page 106-112, august-september 2007 (full text).htm detected Trojan program 'Trojan-Clicker.HTML.IFrame.aga'
29/4/2009 18:49:58 File: c:\documents and settings\carlos\desktop\blackwell synergy - scand j immunol, volume 66 issue 2-3 page 106-112, august-september 2007 (full text).htm disinfected Trojan program 'Trojan-Clicker.HTML.IFrame.aga'
29/4/2009 18:49:58 File: c:\documents and settings\carlos\desktop\blackwell synergy - scand j immunol, volume 66 issue 2-3 page 106-112, august-september 2007 (full text).htm detected Trojan program 'Trojan-Clicker.HTML.IFrame.aga'
29/4/2009 18:49:58 File: c:\documents and settings\carlos\desktop\blackwell synergy - scand j immunol, volume 66 issue 2-3 page 106-112, august-september 2007 (full text).htm disinfected Trojan program 'Trojan-Clicker.HTML.IFrame.aga'
29/4/2009 18:49:59 File: c:\documents and settings\carlos\desktop\blackwell synergy - scand j immunol, volume 66 issue 2-3 page 106-112, august-september 2007 (full text).htm detected Trojan program 'Trojan-Clicker.HTML.IFrame.aga'
29/4/2009 18:49:59 File: c:\documents and settings\carlos\desktop\blackwell synergy - scand j immunol, volume 66 issue 2-3 page 106-112, august-september 2007 (full text).htm disinfected Trojan program 'Trojan-Clicker.HTML.IFrame.aga'
29/4/2009 18:49:59 File: c:\documents and settings\carlos\desktop\blackwell synergy - scand j immunol, volume 66 issue 2-3 page 106-112, august-september 2007 (full text).htm detected Trojan program 'Trojan-Clicker.HTML.IFrame.aga'
29/4/2009 18:49:59 File: c:\documents and settings\carlos\desktop\blackwell synergy - scand j immunol, volume 66 issue 2-3 page 106-112, august-september 2007 (full text).htm disinfected Trojan program 'Trojan-Clicker.HTML.IFrame.aga'
29/4/2009 18:49:59 File: c:\documents and settings\carlos\desktop\blackwell synergy - scand j immunol, volume 66 issue 2-3 page 106-112, august-september 2007 (full text).htm detected Trojan program 'Trojan-Clicker.HTML.IFrame.aga'
29/4/2009 18:49:59 File: c:\documents and settings\carlos\desktop\blackwell synergy - scand j immunol, volume 66 issue 2-3 page 106-112, august-september 2007 (full text).htm disinfected Trojan program 'Trojan-Clicker.HTML.IFrame.aga'
29/4/2009 18:49:59 File: c:\documents and settings\carlos\desktop\blackwell synergy - scand j immunol, volume 66 issue 2-3 page 106-112, august-september 2007 (full text).htm detected Trojan program 'Trojan-Clicker.HTML.IFrame.aga'
29/4/2009 18:49:59 File: c:\documents and settings\carlos\desktop\blackwell synergy - scand j immunol, volume 66 issue 2-3 page 106-112, august-september 2007 (full text).htm disinfected Trojan program 'Trojan-Clicker.HTML.IFrame.aga'
29/4/2009 18:49:59 File: c:\documents and settings\carlos\desktop\blackwell synergy - scand j immunol, volume 66 issue 2-3 page 106-112, august-september 2007 (full text).htm detected Trojan program 'Trojan-Clicker.HTML.IFrame.aga'
29/4/2009 18:49:59 File: c:\documents and settings\carlos\desktop\blackwell synergy - scand j immunol, volume 66 issue 2-3 page 106-112, august-september 2007 (full text).htm disinfected Trojan program 'Trojan-Clicker.HTML.IFrame.aga'
29/4/2009 18:49:59 File: c:\documents and settings\carlos\desktop\blackwell synergy - scand j immunol, volume 66 issue 2-3 page 106-112, august-september 2007 (full text).htm detected Trojan program 'Trojan-Clicker.HTML.IFrame.aga'
29/4/2009 18:49:59 File: c:\documents and settings\carlos\desktop\blackwell synergy - scand j immunol, volume 66 issue 2-3 page 106-112, august-september 2007 (full text).htm disinfected Trojan program 'Trojan-Clicker.HTML.IFrame.aga'
29/4/2009 18:49:59 File: c:\documents and settings\carlos\desktop\blackwell synergy - scand j immunol, volume 66 issue 2-3 page 106-112, august-september 2007 (full text).htm detected Trojan program 'Trojan-Clicker.HTML.IFrame.aga'
29/4/2009 18:49:59 File: c:\documents and settings\carlos\desktop\blackwell synergy - scand j immunol, volume 66 issue 2-3 page 106-112, august-september 2007 (full text).htm disinfected Trojan program 'Trojan-Clicker.HTML.IFrame.aga'
29/4/2009 18:49:59 File: c:\documents and settings\carlos\desktop\blackwell synergy - scand j immunol, volume 66 issue 2-3 page 106-112, august-september 2007 (full text).htm detected Trojan program 'Trojan-Clicker.HTML.IFrame.aga'
29/4/2009 18:49:59 File: c:\documents and settings\carlos\desktop\blackwell synergy - scand j immunol, volume 66 issue 2-3 page 106-112, august-september 2007 (full text).htm disinfected Trojan program 'Trojan-Clicker.HTML.IFrame.aga'
29/4/2009 18:49:59 File: c:\documents and settings\carlos\desktop\blackwell synergy - scand j immunol, volume 66 issue 2-3 page 106-112, august-september 2007 (full text).htm detected Trojan program 'Trojan-Clicker.HTML.IFrame.aga'
29/4/2009 18:49:59 File: c:\documents and settings\carlos\desktop\blackwell synergy - scand j immunol, volume 66 issue 2-3 page 106-112, august-september 2007 (full text).htm disinfected Trojan program 'Trojan-Clicker.HTML.IFrame.aga'
29/4/2009 18:49:59 File: c:\documents and settings\carlos\desktop\blackwell synergy - scand j immunol, volume 66 issue 2-3 page 106-112, august-september 2007 (full text).htm detected Trojan program 'Trojan-Clicker.HTML.IFrame.aga'
29/4/2009 18:49:59 File: c:\documents and settings\carlos\desktop\blackwell synergy - scand j immunol, volume 66 issue 2-3 page 106-112, august-september 2007 (full text).htm disinfected Trojan program 'Trojan-Clicker.HTML.IFrame.aga'
29/4/2009 18:49:59 File: c:\documents and settings\carlos\desktop\blackwell synergy - scand j immunol, volume 66 issue 2-3 page 106-112, august-september 2007 (full text).htm detected Trojan program 'Trojan-Clicker.HTML.IFrame.aga'
29/4/2009 18:49:59 File: c:\documents and settings\carlos\desktop\blackwell synergy - scand j immunol, volume 66 issue 2-3 page 106-112, august-september 2007 (full text).htm disinfected Trojan program 'Trojan-Clicker.HTML.IFrame.aga'
29/4/2009 18:49:59 File: c:\documents and settings\carlos\desktop\blackwell synergy - scand j immunol, volume 66 issue 2-3 page 106-112, august-september 2007 (full text).htm detected Trojan program 'Trojan-Clicker.HTML.IFrame.aga'
29/4/2009 18:49:59 File: c:\documents and settings\carlos\desktop\blackwell synergy - scand j immunol, volume 66 issue 2-3 page 106-112, august-september 2007 (full text).htm disinfected Trojan program 'Trojan-Clicker.HTML.IFrame.aga'
29/4/2009 18:49:59 File: c:\documents and settings\carlos\desktop\blackwell synergy - scand j immunol, volume 66 issue 2-3 page 106-112, august-september 2007 (full text).htm detected Trojan program 'Trojan-Clicker.HTML.IFrame.aga'
29/4/2009 18:49:59 File: c:\documents and settings\carlos\desktop\blackwell synergy - scand j immunol, volume 66 issue 2-3 page 106-112, august-september 2007 (full text).htm disinfected Trojan program 'Trojan-Clicker.HTML.IFrame.aga'
29/4/2009 18:49:59 File: c:\documents and settings\carlos\desktop\blackwell synergy - scand j immunol, volume 66 issue 2-3 page 106-112, august-september 2007 (full text).htm detected Trojan program 'Trojan-Clicker.HTML.IFrame.aga'
29/4/2009 18:49:59 File: c:\documents and settings\carlos\desktop\blackwell synergy - scand j immunol, volume 66 issue 2-3 page 106-112, august-september 2007 (full text).htm disinfected Trojan program 'Trojan-Clicker.HTML.IFrame.aga'
29/4/2009 18:49:59 File: c:\documents and settings\carlos\desktop\blackwell synergy - scand j immunol, volume 66 issue 2-3 page 106-112, august-september 2007 (full text).htm detected Trojan program 'Trojan-Clicker.HTML.IFrame.aga'
29/4/2009 18:49:59 File: c:\documents and settings\carlos\desktop\blackwell synergy - scand j immunol, volume 66 issue 2-3 page 106-112, august-september 2007 (full text).htm disinfected Trojan program 'Trojan-Clicker.HTML.IFrame.aga'
29/4/2009 18:49:59 File: c:\documents and settings\carlos\desktop\blackwell synergy - scand j immunol, volume 66 issue 2-3 page 106-112, august-september 2007 (full text).htm detected Trojan program 'Trojan-Clicker.HTML.IFrame.aga'
29/4/2009 18:49:59 File: c:\documents and settings\carlos\desktop\blackwell synergy - scand j immunol, volume 66 issue 2-3 page 106-112, august-september 2007 (full text).htm disinfected Trojan program 'Trojan-Clicker.HTML.IFrame.aga'
29/4/2009 18:49:59 File: c:\documents and settings\carlos\desktop\blackwell synergy - scand j immunol, volume 66 issue 2-3 page 106-112, august-september 2007 (full text).htm detected Trojan program 'Trojan-Clicker.HTML.IFrame.aga'
29/4/2009 18:49:59 File: c:\documents and settings\carlos\desktop\blackwell synergy - scand j immunol, volume 66 issue 2-3 page 106-112, august-september 2007 (full text).htm disinfected Trojan program 'Trojan-Clicker.HTML.IFrame.aga'
29/4/2009 18:49:59 File: c:\documents and settings\carlos\desktop\blackwell synergy - scand j immunol, volume 66 issue 2-3 page 106-112, august-september 2007 (full text).htm detected Trojan program 'Trojan-Clicker.HTML.IFrame.aga'
29/4/2009 18:49:59 File: c:\documents and settings\carlos\desktop\blackwell synergy - scand j immunol, volume 66 issue 2-3 page 106-112, august-september 2007 (full text).htm disinfected Trojan program 'Trojan-Clicker.HTML.IFrame.aga'
29/4/2009 18:49:59 File: c:\documents and settings\carlos\desktop\blackwell synergy - scand j immunol, volume 66 issue 2-3 page 106-112, august-september 2007 (full text).htm detected Trojan program 'Trojan-Clicker.HTML.IFrame.aga'
29/4/2009 18:49:59 File: c:\documents and settings\carlos\desktop\blackwell synergy - scand j immunol, volume 66 issue 2-3 page 106-112, august-september 2007 (full text).htm disinfected Trojan program 'Trojan-Clicker.HTML.IFrame.aga'
29/4/2009 18:50:00 File: c:\documents and settings\carlos\desktop\blackwell synergy - scand j immunol, volume 66 issue 2-3 page 106-112, august-september 2007 (full text).htm detected Trojan program 'Trojan-Clicker.HTML.IFrame.aga'
29/4/2009 18:50:00 File: c:\documents and settings\carlos\desktop\blackwell synergy - scand j immunol, volume 66 issue 2-3 page 106-112, august-september 2007 (full text).htm disinfected Trojan program 'Trojan-Clicker.HTML.IFrame.aga'
29/4/2009 18:50:00 File: c:\documents and settings\carlos\desktop\blackwell synergy - scand j immunol, volume 66 issue 2-3 page 106-112, august-september 2007 (full text).htm detected Trojan program 'Trojan-Clicker.HTML.IFrame.aga'
29/4/2009 18:50:00 File: c:\documents and settings\carlos\desktop\blackwell synergy - scand j immunol, volume 66 issue 2-3 page 106-112, august-september 2007 (full text).htm disinfected Trojan program 'Trojan-Clicker.HTML.IFrame.aga'
29/4/2009 18:50:00 File: c:\documents and settings\carlos\desktop\blackwell synergy - scand j immunol, volume 66 issue 2-3 page 106-112, august-september 2007 (full text).htm detected Trojan program 'Trojan-Clicker.HTML.IFrame.aga'
29/4/2009 18:50:00 File: c:\documents and settings\carlos\desktop\blackwell synergy - scand j immunol, volume 66 issue 2-3 page 106-112, august-september 2007 (full text).htm disinfected Trojan program 'Trojan-Clicker.HTML.IFrame.aga'
29/4/2009 18:50:00 File: c:\documents and settings\carlos\desktop\blackwell synergy - scand j immunol, volume 66 issue 2-3 page 106-112, august-september 2007 (full text).htm detected Trojan program 'Trojan-Clicker.HTML.IFrame.aga'
29/4/2009 18:50:00 File: c:\documents and settings\carlos\desktop\blackwell synergy - scand j immunol, volume 66 issue 2-3 page 106-112, august-september 2007 (full text).htm disinfected Trojan program 'Trojan-Clicker.HTML.IFrame.aga'
29/4/2009 18:50:00 File: c:\documents and settings\carlos\desktop\blackwell synergy - scand j immunol, volume 66 issue 2-3 page 106-112, august-september 2007 (full text).htm detected Trojan program 'Trojan-Clicker.HTML.IFrame.aga'
29/4/2009 18:50:00 File: c:\documents and settings\carlos\desktop\blackwell synergy - scand j immunol, volume 66 issue 2-3 page 106-112, august-september 2007 (full text).htm disinfected Trojan program 'Trojan-Clicker.HTML.IFrame.aga'
29/4/2009 18:50:00 File: c:\documents and settings\carlos\desktop\blackwell synergy - scand j immunol, volume 66 issue 2-3 page 106-112, august-september 2007 (full text).htm detected Trojan program 'Trojan-Clicker.HTML.IFrame.aga'
29/4/2009 18:50:00 File: c:\documents and settings\carlos\desktop\blackwell synergy - scand j immunol, volume 66 issue 2-3 page 106-112, august-september 2007 (full text).htm disinfected Trojan program 'Trojan-Clicker.HTML.IFrame.aga'
29/4/2009 18:50:00 File: c:\documents and settings\carlos\desktop\how to start jogging.htm detected Trojan program 'Trojan-Clicker.HTML.IFrame.aga'
29/4/2009 18:50:00 File: c:\documents and settings\carlos\desktop\how to start jogging.htm disinfected Trojan program 'Trojan-Clicker.HTML.IFrame.aga'
29/4/2009 18:50:00 File: c:\documents and settings\carlos\desktop\how to start jogging.htm detected Trojan program 'Trojan-Clicker.HTML.IFrame.aga'
29/4/2009 18:50:00 File: c:\documents and settings\carlos\desktop\how to start jogging.htm disinfected Trojan program 'Trojan-Clicker.HTML.IFrame.aga'
29/4/2009 18:50:00 File: c:\documents and settings\carlos\desktop\how to start jogging.htm detected Trojan program 'Trojan-Clicker.HTML.IFrame.aga'
29/4/2009 18:50:00 File: c:\documents and settings\carlos\desktop\how to start jogging.htm disinfected Trojan program 'Trojan-Clicker.HTML.IFrame.aga'
29/4/2009 18:50:00 File: c:\documents and settings\carlos\desktop\how to start jogging.htm detected Trojan program 'Trojan-Clicker.HTML.IFrame.aga'
29/4/2009 18:50:00 File: c:\documents and settings\carlos\desktop\how to start jogging.htm disinfected Trojan program 'Trojan-Clicker.HTML.IFrame.aga'
29/4/2009 18:50:00 File: c:\documents and settings\carlos\desktop\how to start jogging.htm detected Trojan program 'Trojan-Clicker.HTML.IFrame.aga'
29/4/2009 18:50:00 File: c:\documents and settings\carlos\desktop\how to start jogging.htm disinfected Trojan program 'Trojan-Clicker.HTML.IFrame.aga'
29/4/2009 18:50:00 File: c:\documents and settings\carlos\desktop\how to start jogging.htm detected Trojan program 'Trojan-Clicker.HTML.IFrame.aga'
29/4/2009 18:50:00 File: c:\documents and settings\carlos\desktop\how to start jogging.htm disinfected Trojan program 'Trojan-Clicker.HTML.IFrame.aga'
29/4/2009 18:50:00 File: c:\documents and settings\carlos\desktop\how to start jogging.htm detected Trojan program 'Trojan-Clicker.HTML.IFrame.aga'
29/4/2009 18:50:00 File: c:\documents and settings\carlos\desktop\how to start jogging.htm disinfected Trojan program 'Trojan-Clicker.HTML.IFrame.aga'
29/4/2009 18:50:00 File: c:\documents and settings\carlos\desktop\how to start jogging.htm detected Trojan program 'Trojan-Clicker.HTML.IFrame.aga'
29/4/2009 18:50:00 File: c:\documents and settings\carlos\desktop\how to start jogging.htm disinfected Trojan program 'Trojan-Clicker.HTML.IFrame.aga'
29/4/2009 18:50:00 File: c:\documents and settings\carlos\desktop\how to start jogging.htm detected Trojan program 'Trojan-Clicker.HTML.IFrame.aga'
29/4/2009 18:50:00 File: c:\documents and settings\carlos\desktop\how to start jogging.htm disinfected Trojan program 'Trojan-Clicker.HTML.IFrame.aga'
29/4/2009 18:50:00 File: c:\documents and settings\carlos\desktop\how to start jogging.htm detected Trojan program 'Trojan-Clicker.HTML.IFrame.aga'
29/4/2009 18:50:00 File: c:\documents and settings\carlos\desktop\how to start jogging.htm disinfected Trojan program 'Trojan-Clicker.HTML.IFrame.aga'
29/4/2009 18:50:00 File: c:\documents and settings\carlos\desktop\how to start jogging.htm detected Trojan program 'Trojan-Clicker.HTML.IFrame.aga'
29/4/2009 18:50:00 File: c:\documents and settings\carlos\desktop\how to start jogging.htm disinfected Trojan program 'Trojan-Clicker.HTML.IFrame.aga'
29/4/2009 18:50:00 File: c:\documents and settings\carlos\desktop\how to start jogging.htm detected Trojan program 'Trojan-Clicker.HTML.IFrame.aga'
29/4/2009 18:50:00 File: c:\documents and settings\carlos\desktop\how to start jogging.htm disinfected Trojan program 'Trojan-Clicker.HTML.IFrame.aga'
29/4/2009 18:50:00 File: c:\documents and settings\carlos\desktop\how to start jogging.htm detected Trojan program 'Trojan-Clicker.HTML.IFrame.aga'
29/4/2009 18:50:00 File: c:\documents and settings\carlos\desktop\how to start jogging.htm disinfected Trojan program 'Trojan-Clicker.HTML.IFrame.aga'
29/4/2009 18:50:00 File: c:\documents and settings\carlos\desktop\how to start jogging.htm detected Trojan program 'Trojan-Clicker.HTML.IFrame.aga'
29/4/2009 18:50:00 File: c:\documents and settings\carlos\desktop\how to start jogging.htm disinfected Trojan program 'Trojan-Clicker.HTML.IFrame.aga'
29/4/2009 18:50:01 File: c:\documents and settings\carlos\desktop\radiofarmácia - ipen\potenciais orientadores.htm detected Trojan program 'Trojan-Clicker.HTML.IFrame.aga'
29/4/2009 18:50:01 File: c:\documents and settings\carlos\desktop\radiofarmácia - ipen\potenciais orientadores.htm disinfected Trojan program 'Trojan-Clicker.HTML.IFrame.aga'
29/4/2009 18:50:01 File: c:\documents and settings\carlos\doctorweb\quarantine\ckc.exe detected Trojan program 'Backdoor.IRC.Zapchast.zwrb' by hash
29/4/2009 18:50:02 File: c:\documents and settings\carlos\doctorweb\quarantine\ckc.exe deleted
29/4/2009 18:50:02 File: c:\documents and settings\carlos\doctorweb\quarantine\ddram.exe detected Trojan program 'Backdoor.IRC.Zapchast.zwqy' by hash
29/4/2009 18:50:03 File: c:\documents and settings\carlos\doctorweb\quarantine\ddram.exe deleted
29/4/2009 18:50:03 File: c:\documents and settings\carlos\doctorweb\quarantine\hah.exe detected Trojan program 'Backdoor.IRC.Zapchast.zwrb' by hash
29/4/2009 18:50:05 File: c:\documents and settings\carlos\doctorweb\quarantine\hah.exe deleted
29/4/2009 18:50:06 File: c:\documents and settings\carlos\doctorweb\quarantine\nncdndfdfg48.exe/dpcxool64.sys detected Trojan program 'Trojan.Win32.VB.obn'
29/4/2009 18:50:07 File: c:\documents and settings\carlos\doctorweb\quarantine\nncdndfdfg48.exe deleted
29/4/2009 18:50:07 File: c:\documents and settings\carlos\doctorweb\quarantine\rc[1].htm detected Trojan program 'Trojan-Downloader.JS.Plif.a'
29/4/2009 18:50:07 File: c:\documents and settings\carlos\doctorweb\quarantine\rc[1].htm deleted
29/4/2009 18:50:07 File: c:\documents and settings\carlos\doctorweb\quarantine\rc[2].htm detected Trojan program 'Trojan-Downloader.JS.Plif.a'
29/4/2009 18:50:07 File: c:\documents and settings\carlos\doctorweb\quarantine\rc[2].htm deleted
29/4/2009 18:50:07 File: c:\documents and settings\carlos\doctorweb\quarantine\rc[3].htm detected Trojan program 'Trojan-Downloader.JS.Plif.a'
29/4/2009 18:50:08 File: c:\documents and settings\carlos\doctorweb\quarantine\rc[3].htm deleted
29/4/2009 18:50:08 File: c:\documents and settings\carlos\doctorweb\quarantine\rc[4].htm detected Trojan program 'Trojan-Downloader.JS.Plif.a'
29/4/2009 18:50:08 File: c:\documents and settings\carlos\doctorweb\quarantine\rc[4].htm deleted
29/4/2009 18:50:08 File: c:\documents and settings\carlos\doctorweb\quarantine\rq.exe detected Trojan program 'Backdoor.IRC.Zapchast.zwrb' by hash
29/4/2009 18:50:09 File: c:\documents and settings\carlos\doctorweb\quarantine\rq.exe deleted
29/4/2009 18:50:10 File: c:\documents and settings\carlos\doctorweb\quarantine\sysm.exe detected Trojan program 'not-a-virus:RiskTool.Win32.HideWindows' by hash
29/4/2009 18:50:10 File: c:\documents and settings\carlos\doctorweb\quarantine\sysm.exe deleted
29/4/2009 18:50:10 File: c:\documents and settings\carlos\doctorweb\quarantine\websvr.exe detected Trojan program 'Trojan-Spy.Win32.AutoIt.c'
29/4/2009 18:50:10 File: c:\documents and settings\carlos\doctorweb\quarantine\websvr.exe deleted
29/4/2009 18:50:11 File: c:\documents and settings\carlos\doctorweb\quarantine\websvr_0.exe detected Trojan program 'Trojan-Spy.Win32.AutoIt.c'
29/4/2009 18:50:11 File: c:\documents and settings\carlos\doctorweb\quarantine\websvr_0.exe deleted
29/4/2009 18:50:11 File: c:\program files\activision\rome - total war\docs\help\readme\readme.htm detected Trojan program 'Trojan-Clicker.HTML.IFrame.aga'
29/4/2009 18:50:11 File: c:\program files\activision\rome - total war\docs\help\readme\readme.htm disinfected Trojan program 'Trojan-Clicker.HTML.IFrame.aga'
29/4/2009 18:50:11 File: c:\program files\activision\rome - total war\docs\help\readme\readme.htm detected Trojan program 'Trojan-Clicker.HTML.IFrame.aga'
29/4/2009 18:50:11 File: c:\program files\activision\rome - total war\docs\help\readme\readme.htm disinfected Trojan program 'Trojan-Clicker.HTML.IFrame.aga'
29/4/2009 18:50:11 File: c:\program files\activision\rome - total war\docs\help\readme\readme.htm detected Trojan program 'Trojan-Clicker.HTML.IFrame.aga'
29/4/2009 18:50:11 File: c:\program files\activision\rome - total war\docs\help\readme\readme.htm disinfected Trojan program 'Trojan-Clicker.HTML.IFrame.aga'
29/4/2009 18:50:11 File: c:\program files\activision\rome - total war\docs\help\readme\readme.htm detected Trojan program 'Trojan-Clicker.HTML.IFrame.aga'
29/4/2009 18:50:11 File: c:\program files\activision\rome - total war\docs\help\readme\readme.htm disinfected Trojan program 'Trojan-Clicker.HTML.IFrame.aga'
29/4/2009 18:50:11 File: c:\program files\activision\rome - total war\docs\help\readme\readme.htm detected Trojan program 'Trojan-Clicker.HTML.IFrame.aga'
29/4/2009 18:50:11 File: c:\program files\activision\rome - total war\docs\help\readme\readme.htm disinfected Trojan program 'Trojan-Clicker.HTML.IFrame.aga'
29/4/2009 18:50:11 File: c:\program files\activision\rome - total war\docs\help\readme\readme.htm detected Trojan program 'Trojan-Clicker.HTML.IFrame.aga'
29/4/2009 18:50:11 File: c:\program files\activision\rome - total war\docs\help\readme\readme.htm disinfected Trojan program 'Trojan-Clicker.HTML.IFrame.aga'
29/4/2009 18:50:11 File: c:\program files\thunmail\testabd.ex_ detected Trojan program 'Trojan-GameThief.Win32.WOW.ihf'
29/4/2009 18:50:11 File: c:\program files\thunmail\testabd.ex_ deleted
29/4/2009 18:50:11 File: c:\system volume information\_restore{d0518e27-9216-4643-bef1-64c323f10013}\rp1\a0001103.sys detected Trojan program 'Trojan-Downloader.Win32.Agent.brzt'
29/4/2009 18:50:11 File: c:\system volume information\_restore{d0518e27-9216-4643-bef1-64c323f10013}\rp1\a0001103.sys deleted
29/4/2009 18:50:12 File: c:\system volume information\_restore{d0518e27-9216-4643-bef1-64c323f10013}\rp1\a0001121.exe detected Trojan program 'Trojan-GameThief.Win32.WOW.ihf'
29/4/2009 18:50:12 File: c:\system volume information\_restore{d0518e27-9216-4643-bef1-64c323f10013}\rp1\a0001121.exe deleted
29/4/2009 18:50:12 File: c:\system volume information\_restore{d0518e27-9216-4643-bef1-64c323f10013}\rp1\a0002198.dll detected Trojan program 'Trojan.Win32.Agent2.iho'
29/4/2009 18:50:12 File: c:\system volume information\_restore{d0518e27-9216-4643-bef1-64c323f10013}\rp1\a0002198.dll deleted
29/4/2009 18:50:12 File: c:\system volume information\_restore{d0518e27-9216-4643-bef1-64c323f10013}\rp1\a0004169.sys detected Trojan program 'Trojan-Downloader.Win32.Delf.tka'
29/4/2009 18:50:12 File: c:\system volume information\_restore{d0518e27-9216-4643-bef1-64c323f10013}\rp1\a0004169.sys deleted
29/4/2009 18:50:12 File: c:\system volume information\_restore{d0518e27-9216-4643-bef1-64c323f10013}\rp1\a0007213.sys detected Trojan program 'Trojan-Downloader.Win32.Delf.tlp'
29/4/2009 18:50:12 File: c:\system volume information\_restore{d0518e27-9216-4643-bef1-64c323f10013}\rp1\a0007213.sys deleted
29/4/2009 18:50:12 File: c:\system volume information\_restore{d0518e27-9216-4643-bef1-64c323f10013}\rp1\a0008211.dll//PE_Patch.UPX//UPX detected Trojan program 'Trojan.Win32.Obfuscated.aeob'
29/4/2009 18:50:12 File: c:\system volume information\_restore{d0518e27-9216-4643-bef1-64c323f10013}\rp1\a0008211.dll deleted
29/4/2009 18:50:12 File: c:\system volume information\_restore{d0518e27-9216-4643-bef1-64c323f10013}\rp1\a0008214.sys detected Trojan program 'Rootkit.Win32.Pakes.pf'
29/4/2009 18:50:12 File: c:\system volume information\_restore{d0518e27-9216-4643-bef1-64c323f10013}\rp1\a0008214.sys deleted
29/4/2009 18:50:12 File: c:\system volume information\_restore{d0518e27-9216-4643-bef1-64c323f10013}\rp1\a0009210.sys detected Trojan program 'Trojan-Downloader.Win32.Delf.tlq'
29/4/2009 18:50:12 File: c:\system volume information\_restore{d0518e27-9216-4643-bef1-64c323f10013}\rp1\a0009210.sys deleted
29/4/2009 18:50:12 File: c:\system volume information\_restore{d0518e27-9216-4643-bef1-64c323f10013}\rp1\a0009214.exe detected Trojan program 'Trojan-Downloader.Win32.Delf.tlq'
29/4/2009 18:50:13 File: c:\system volume information\_restore{d0518e27-9216-4643-bef1-64c323f10013}\rp1\a0009214.exe deleted
29/4/2009 18:50:13 File: c:\system volume information\_restore{d0518e27-9216-4643-bef1-64c323f10013}\rp1\a0010211.sys detected Trojan program 'Trojan.Win32.Agent.cdah'
29/4/2009 18:50:13 File: c:\system volume information\_restore{d0518e27-9216-4643-bef1-64c323f10013}\rp1\a0010211.sys deleted
29/4/2009 18:50:13 File: c:\system volume information\_restore{d0518e27-9216-4643-bef1-64c323f10013}\rp1\a0010215.exe detected Trojan program 'Trojan.Win32.Agent.cdah'
29/4/2009 18:50:13 File: c:\system volume information\_restore{d0518e27-9216-4643-bef1-64c323f10013}\rp1\a0010215.exe deleted
29/4/2009 18:50:13 File: c:\system volume information\_restore{d0518e27-9216-4643-bef1-64c323f10013}\rp1\a0011223.sys detected Trojan program 'Rootkit.Win32.Small.hz'
29/4/2009 18:50:13 File: c:\system volume information\_restore{d0518e27-9216-4643-bef1-64c323f10013}\rp1\a0011223.sys deleted
29/4/2009 18:50:13 File: c:\system volume information\_restore{d0518e27-9216-4643-bef1-64c323f10013}\rp1\a0014453.sys detected Trojan program 'Rootkit.Win32.Small.hz'
29/4/2009 18:50:13 File: c:\system volume information\_restore{d0518e27-9216-4643-bef1-64c323f10013}\rp1\a0014453.sys deleted
29/4/2009 18:50:13 File: c:\system volume information\_restore{d0518e27-9216-4643-bef1-64c323f10013}\rp1\a0014456.sys detected Trojan program 'Backdoor.Win32.IEbooot.bwg'
29/4/2009 18:50:13 File: c:\system volume information\_restore{d0518e27-9216-4643-bef1-64c323f10013}\rp1\a0014456.sys deleted
29/4/2009 18:50:13 File: c:\system volume information\_restore{d0518e27-9216-4643-bef1-64c323f10013}\rp1\a0014491.dll detected Trojan program 'Trojan.Win32.Agent2.ipp'
29/4/2009 18:50:13 File: c:\system volume information\_restore{d0518e27-9216-4643-bef1-64c323f10013}\rp1\a0014491.dll deleted
29/4/2009 18:50:13 File: c:\system volume information\_restore{d0518e27-9216-4643-bef1-64c323f10013}\rp1\a0014500.old detected Trojan program 'Trojan.Win32.VB.nzr'
29/4/2009 18:50:13 File: c:\system volume information\_restore{d0518e27-9216-4643-bef1-64c323f10013}\rp1\a0014500.old deleted
29/4/2009 18:50:13 File: c:\system volume information\_restore{d0518e27-9216-4643-bef1-64c323f10013}\rp1\a0014609.com detected Trojan program 'Backdoor.Win32.IRCBot.dsh'
29/4/2009 18:50:14 File: c:\system volume information\_restore{d0518e27-9216-4643-bef1-64c323f10013}\rp1\a0014609.com deleted
29/4/2009 18:50:14 File: c:\system volume information\_restore{d0518e27-9216-4643-bef1-64c323f10013}\rp1\a0014610.sys detected Trojan program 'Rootkit.Win32.Agent.jbb'
29/4/2009 18:50:14 File: c:\system volume information\_restore{d0518e27-9216-4643-bef1-64c323f10013}\rp1\a0014610.sys deleted
29/4/2009 18:50:14 File: c:\system volume information\_restore{d0518e27-9216-4643-bef1-64c323f10013}\rp1\a0014612.exe detected Trojan program 'Backdoor.IRC.Zapchast.zwrb' by hash
29/4/2009 18:50:15 File: c:\system volume information\_restore{d0518e27-9216-4643-bef1-64c323f10013}\rp1\a0014612.exe deleted
29/4/2009 18:50:15 File: c:\system volume information\_restore{d0518e27-9216-4643-bef1-64c323f10013}\rp1\a0014613.exe detected Trojan program 'Backdoor.IRC.Zapchast.zwqy' by hash
29/4/2009 18:50:16 File: c:\system volume information\_restore{d0518e27-9216-4643-bef1-64c323f10013}\rp1\a0014613.exe deleted
29/4/2009 18:50:16 File: c:\system volume information\_restore{d0518e27-9216-4643-bef1-64c323f10013}\rp1\a0014614.exe detected Trojan program 'Trojan.Win32.Agent2.hoc'
29/4/2009 18:50:16 File: c:\system volume information\_restore{d0518e27-9216-4643-bef1-64c323f10013}\rp1\a0014614.exe deleted
29/4/2009 18:50:16 File: c:\system volume information\_restore{d0518e27-9216-4643-bef1-64c323f10013}\rp1\a0014615.exe detected Trojan program 'not-a-virus:RiskTool.Win32.HideWindows' by hash
29/4/2009 18:50:16 File: c:\system volume information\_restore{d0518e27-9216-4643-bef1-64c323f10013}\rp1\a0014615.exe deleted
29/4/2009 18:50:16 File: c:\system volume information\_restore{d0518e27-9216-4643-bef1-64c323f10013}\rp1\a0014616.exe detected Trojan program 'Trojan-Spy.Win32.AutoIt.c'
29/4/2009 18:50:17 File: c:\system volume information\_restore{d0518e27-9216-4643-bef1-64c323f10013}\rp1\a0014616.exe deleted
29/4/2009 18:50:17 File: c:\system volume information\_restore{d0518e27-9216-4643-bef1-64c323f10013}\rp1\a0014617.exe detected Trojan program 'Backdoor.IRC.Zapchast.zwrb' by hash
29/4/2009 18:50:18 File: c:\system volume information\_restore{d0518e27-9216-4643-bef1-64c323f10013}\rp1\a0014617.exe deleted
29/4/2009 18:50:18 File: c:\system volume information\_restore{d0518e27-9216-4643-bef1-64c323f10013}\rp1\a0014618.exe detected Trojan program 'Backdoor.IRC.Zapchast.zwqy' by hash
29/4/2009 18:50:19 File: c:\system volume information\_restore{d0518e27-9216-4643-bef1-64c323f10013}\rp1\a0014618.exe deleted
29/4/2009 18:50:19 File: c:\system volume information\_restore{d0518e27-9216-4643-bef1-64c323f10013}\rp1\a0014619.exe detected Trojan program 'Trojan.Win32.VB.obn' by hash
29/4/2009 18:50:19 File: c:\system volume information\_restore{d0518e27-9216-4643-bef1-64c323f10013}\rp1\a0014619.exe deleted
29/4/2009 18:50:19 File: c:\system volume information\_restore{d0518e27-9216-4643-bef1-64c323f10013}\rp1\a0014620.exe detected Trojan program 'not-a-virus:RiskTool.Win32.HideWindows' by hash
29/4/2009 18:50:19 File: c:\system volume information\_restore{d0518e27-9216-4643-bef1-64c323f10013}\rp1\a0014620.exe deleted
29/4/2009 18:50:20 File: c:\system volume information\_restore{d0518e27-9216-4643-bef1-64c323f10013}\rp1\a0014621.exe detected Trojan program 'Trojan-Spy.Win32.AutoIt.c'
29/4/2009 18:50:20 File: c:\system volume information\_restore{d0518e27-9216-4643-bef1-64c323f10013}\rp1\a0014621.exe deleted
29/4/2009 18:50:20 File: c:\system volume information\_restore{d0518e27-9216-4643-bef1-64c323f10013}\rp1\a0014622.exe detected Trojan program 'Trojan-Spy.Win32.AutoIt.c'
29/4/2009 18:50:20 File: c:\system volume information\_restore{d0518e27-9216-4643-bef1-64c323f10013}\rp1\a0014622.exe deleted
29/4/2009 18:50:20 File: c:\windows\help\ciadmin.htm detected Trojan program 'Trojan-Clicker.HTML.IFrame.aga'
29/4/2009 18:50:20 File: c:\windows\help\ciadmin.htm disinfected Trojan program 'Trojan-Clicker.HTML.IFrame.aga'
29/4/2009 18:50:20 File: c:\windows\help\ciadmin.htm detected Trojan program 'Trojan-Clicker.HTML.IFrame.aga'
29/4/2009 18:50:20 File: c:\windows\help\ciadmin.htm disinfected Trojan program 'Trojan-Clicker.HTML.IFrame.aga'
29/4/2009 18:50:20 File: c:\windows\help\migwiz.htm detected Trojan program 'Trojan-Clicker.HTML.IFrame.aga'
29/4/2009 18:50:20 File: c:\windows\help\migwiz.htm disinfected Trojan program 'Trojan-Clicker.HTML.IFrame.aga'
29/4/2009 18:50:20 File: c:\windows\help\migwiz.htm detected Trojan program 'Trojan-Clicker.HTML.IFrame.aga'
29/4/2009 18:50:20 File: c:\windows\help\migwiz.htm disinfected Trojan program 'Trojan-Clicker.HTML.IFrame.aga'
29/4/2009 18:50:20 File: c:\windows\help\migwiz2.htm detected Trojan program 'Trojan-Clicker.HTML.IFrame.aga'
29/4/2009 18:50:20 File: c:\windows\help\migwiz2.htm disinfected Trojan program 'Trojan-Clicker.HTML.IFrame.aga'
29/4/2009 18:50:20 File: c:\windows\help\migwiz2.htm detected Trojan program 'Trojan-Clicker.HTML.IFrame.aga'
29/4/2009 18:50:20 File: c:\windows\help\migwiz2.htm disinfected Trojan program 'Trojan-Clicker.HTML.IFrame.aga'
29/4/2009 18:50:21 File: c:\windows\pchealth\helpctr\system\blurbs\searchtips.htm detected Trojan program 'Trojan-Clicker.HTML.IFrame.aga'
29/4/2009 18:50:21 File: c:\windows\pchealth\helpctr\system\blurbs\searchtips.htm disinfected Trojan program 'Trojan-Clicker.HTML.IFrame.aga'
29/4/2009 18:50:21 File: c:\windows\pchealth\helpctr\system\blurbs\searchtips.htm detected Trojan program 'Trojan-Clicker.HTML.IFrame.aga'
29/4/2009 18:50:21 File: c:\windows\pchealth\helpctr\system\blurbs\searchtips.htm disinfected Trojan program 'Trojan-Clicker.HTML.IFrame.aga'
29/4/2009 18:50:21 File: c:\windows\pchealth\helpctr\system\blurbs\searchtips.htm detected Trojan program 'Trojan-Clicker.HTML.IFrame.aga'
29/4/2009 18:50:21 File: c:\windows\pchealth\helpctr\system\blurbs\searchtips.htm disinfected Trojan program 'Trojan-Clicker.HTML.IFrame.aga'
29/4/2009 18:50:21 File: c:\windows\pchealth\helpctr\system\blurbs\searchtips.htm detected Trojan program 'Trojan-Clicker.HTML.IFrame.aga'
29/4/2009 18:50:21 File: c:\windows\pchealth\helpctr\system\blurbs\searchtips.htm disinfected Trojan program 'Trojan-Clicker.HTML.IFrame.aga'
29/4/2009 18:50:21 File: c:\windows\pchealth\helpctr\system\blurbs\searchtips.htm detected Trojan program 'Trojan-Clicker.HTML.IFrame.aga'
29/4/2009 18:50:21 File: c:\windows\pchealth\helpctr\system\blurbs\searchtips.htm disinfected Trojan program 'Trojan-Clicker.HTML.IFrame.aga'
29/4/2009 18:50:21 File: c:\windows\pchealth\helpctr\system\blurbs\searchtips.htm detected Trojan program 'Trojan-Clicker.HTML.IFrame.aga'
29/4/2009 18:50:21 File: c:\windows\pchealth\helpctr\system\blurbs\searchtips.htm disinfected Trojan program 'Trojan-Clicker.HTML.IFrame.aga'
29/4/2009 18:50:21 File: c:\windows\pchealth\helpctr\system\blurbs\searchtips.htm detected Trojan program 'Trojan-Clicker.HTML.IFrame.aga'
29/4/2009 18:50:21 File: c:\windows\pchealth\helpctr\system\blurbs\searchtips.htm disinfected Trojan program 'Trojan-Clicker.HTML.IFrame.aga'
29/4/2009 18:50:21 File: c:\windows\pchealth\helpctr\system\blurbs\searchtips.htm detected Trojan program 'Trojan-Clicker.HTML.IFrame.aga'
29/4/2009 18:50:21 File: c:\windows\pchealth\helpctr\system\blurbs\searchtips.htm disinfected Trojan program 'Trojan-Clicker.HTML.IFrame.aga'
29/4/2009 18:50:21 File: c:\windows\pchealth\helpctr\system\blurbs\searchtips.htm detected Trojan program 'Trojan-Clicker.HTML.IFrame.aga'
29/4/2009 18:50:21 File: c:\windows\pchealth\helpctr\system\blurbs\searchtips.htm disinfected Trojan program 'Trojan-Clicker.HTML.IFrame.aga'
29/4/2009 18:50:21 File: c:\windows\pchealth\helpctr\system\blurbs\searchtips.htm detected Trojan program 'Trojan-Clicker.HTML.IFrame.aga'
29/4/2009 18:50:21 File: c:\windows\pchealth\helpctr\system\blurbs\searchtips.htm disinfected Trojan program 'Trojan-Clicker.HTML.IFrame.aga'
29/4/2009 18:50:21 File: c:\windows\pchealth\helpctr\system\blurbs\searchtips.htm detected Trojan program 'Trojan-Clicker.HTML.IFrame.aga'
29/4/2009 18:50:21 File: c:\windows\pchealth\helpctr\system\blurbs\searchtips.htm disinfected Trojan program 'Trojan-Clicker.HTML.IFrame.aga'
29/4/2009 18:50:21 File: c:\windows\pchealth\helpctr\system\blurbs\searchtips.htm detected Trojan program 'Trojan-Clicker.HTML.IFrame.aga'
29/4/2009 18:50:21 File: c:\windows\pchealth\helpctr\system\blurbs\searchtips.htm disinfected Trojan program 'Trojan-Clicker.HTML.IFrame.aga'
29/4/2009 18:50:21 File: c:\windows\pchealth\helpctr\system\blurbs\searchtips.htm detected Trojan program 'Trojan-Clicker.HTML.IFrame.aga'
29/4/2009 18:50:21 File: c:\windows\pchealth\helpctr\system\blurbs\searchtips.htm disinfected Trojan program 'Trojan-Clicker.HTML.IFrame.aga'
29/4/2009 18:50:21 File: c:\windows\pchealth\helpctr\system\blurbs\searchtips.htm detected Trojan program 'Trojan-Clicker.HTML.IFrame.aga'
29/4/2009 18:50:21 File: c:\windows\pchealth\helpctr\system\blurbs\searchtips.htm disinfected Trojan program 'Trojan-Clicker.HTML.IFrame.aga'
29/4/2009 18:50:21 File: c:\windows\pchealth\helpctr\system\blurbs\searchtips.htm detected Trojan program 'Trojan-Clicker.HTML.IFrame.aga'
29/4/2009 18:50:21 File: c:\windows\pchealth\helpctr\system\blurbs\searchtips.htm disinfected Trojan program 'Trojan-Clicker.HTML.IFrame.aga'
29/4/2009 18:50:21 File: c:\windows\pchealth\helpctr\system\blurbs\searchtips.htm detected Trojan program 'Trojan-Clicker.HTML.IFrame.aga'
29/4/2009 18:50:21 File: c:\windows\pchealth\helpctr\system\blurbs\searchtips.htm disinfected Trojan program 'Trojan-Clicker.HTML.IFrame.aga'
29/4/2009 18:50:21 File: c:\windows\pchealth\helpctr\system\errors\connection.htm detected Trojan program 'Trojan-Clicker.HTML.IFrame.aga'
29/4/2009 18:50:21 File: c:\windows\pchealth\helpctr\system\errors\connection.htm disinfected Trojan program 'Trojan-Clicker.HTML.IFrame.aga'
29/4/2009 18:50:21 File: c:\windows\pchealth\helpctr\system\errors\connection.htm detected Trojan program 'Trojan-Clicker.HTML.IFrame.aga'
29/4/2009 18:50:21 File: c:\windows\pchealth\helpctr\system\errors\connection.htm disinfected Trojan program 'Trojan-Clicker.HTML.IFrame.aga'
29/4/2009 18:50:21 File: c:\windows\pchealth\helpctr\system\errors\connection.htm detected Trojan program 'Trojan-Clicker.HTML.IFrame.aga'
29/4/2009 18:50:21 File: c:\windows\pchealth\helpctr\system\errors\connection.htm disinfected Trojan program 'Trojan-Clicker.HTML.IFrame.aga'
29/4/2009 18:50:21 File: c:\windows\pchealth\helpctr\system\errors\connection.htm detected Trojan program 'Trojan-Clicker.HTML.IFrame.aga'
29/4/2009 18:50:21 File: c:\windows\pchealth\helpctr\system\errors\connection.htm disinfected Trojan program 'Trojan-Clicker.HTML.IFrame.aga'
29/4/2009 18:50:21 File: c:\windows\pchealth\helpctr\system\errors\connection.htm detected Trojan program 'Trojan-Clicker.HTML.IFrame.aga'
29/4/2009 18:50:21 File: c:\windows\pchealth\helpctr\system\errors\connection.htm disinfected Trojan program 'Trojan-Clicker.HTML.IFrame.aga'
29/4/2009 18:50:21 File: c:\windows\pchealth\helpctr\system\errors\connection.htm detected Trojan program 'Trojan-Clicker.HTML.IFrame.aga'
29/4/2009 18:50:21 File: c:\windows\pchealth\helpctr\system\errors\connection.htm disinfected Trojan program 'Trojan-Clicker.HTML.IFrame.aga'
29/4/2009 18:50:21 File: c:\windows\pchealth\helpctr\system\errors\connection.htm detected Trojan program 'Trojan-Clicker.HTML.IFrame.aga'
29/4/2009 18:50:21 File: c:\windows\pchealth\helpctr\system\errors\connection.htm disinfected Trojan program 'Trojan-Clicker.HTML.IFrame.aga'
29/4/2009 18:50:21 File: c:\windows\pchealth\helpctr\system\errors\connection.htm detected Trojan program 'Trojan-Clicker.HTML.IFrame.aga'
29/4/2009 18:50:21 File: c:\windows\pchealth\helpctr\system\errors\connection.htm disinfected Trojan program 'Trojan-Clicker.HTML.IFrame.aga'
29/4/2009 18:50:21 File: c:\windows\pchealth\helpctr\system\errors\connection.htm detected Trojan program 'Trojan-Clicker.HTML.IFrame.aga'
29/4/2009 18:50:21 File: c:\windows\pchealth\helpctr\system\errors\connection.htm disinfected Trojan program 'Trojan-Clicker.HTML.IFrame.aga'
29/4/2009 18:50:21 File: c:\windows\pchealth\helpctr\system\errors\connection.htm detected Trojan program 'Trojan-Clicker.HTML.IFrame.aga'
29/4/2009 18:50:21 File: c:\windows\pchealth\helpctr\system\errors\connection.htm disinfected Trojan program 'Trojan-Clicker.HTML.IFrame.aga'
29/4/2009 18:50:21 File: c:\windows\pchealth\helpctr\system\errors\connection.htm detected Trojan program 'Trojan-Clicker.HTML.IFrame.aga'
29/4/2009 18:50:21 File: c:\windows\pchealth\helpctr\system\errors\connection.htm disinfected Trojan program 'Trojan-Clicker.HTML.IFrame.aga'
29/4/2009 18:50:21 File: c:\windows\pchealth\helpctr\system\errors\connection.htm detected Trojan program 'Trojan-Clicker.HTML.IFrame.aga'
29/4/2009 18:50:21 File: c:\windows\pchealth\helpctr\system\errors\connection.htm disinfected Trojan program 'Trojan-Clicker.HTML.IFrame.aga'
29/4/2009 18:50:21 File: c:\windows\pchealth\helpctr\system\errors\connection.htm detected Trojan program 'Trojan-Clicker.HTML.IFrame.aga'
29/4/2009 18:50:21 File: c:\windows\pchealth\helpctr\system\errors\connection.htm disinfected Trojan program 'Trojan-Clicker.HTML.IFrame.aga'
29/4/2009 18:50:21 File: c:\windows\pchealth\helpctr\system\errors\connection.htm detected Trojan program 'Trojan-Clicker.HTML.IFrame.aga'
29/4/2009 18:50:21 File: c:\windows\pchealth\helpctr\system\errors\connection.htm disinfected Trojan program 'Trojan-Clicker.HTML.IFrame.aga'
29/4/2009 18:50:21 File: c:\windows\pchealth\helpctr\system\errors\connection.htm detected Trojan program 'Trojan-Clicker.HTML.IFrame.aga'
29/4/2009 18:50:21 File: c:\windows\pchealth\helpctr\system\errors\connection.htm disinfected Trojan program 'Trojan-Clicker.HTML.IFrame.aga'
29/4/2009 18:50:21 File: c:\windows\pchealth\helpctr\system\errors\connection.htm detected Trojan program 'Trojan-Clicker.HTML.IFrame.aga'
29/4/2009 18:50:21 File: c:\windows\pchealth\helpctr\system\errors\connection.htm disinfected Trojan program 'Trojan-Clicker.HTML.IFrame.aga'
29/4/2009 18:50:22 File: c:\windows\system32\config\systemprofile\configurações locais\temporary internet files\content.ie5\wpmn4xi7\toastmini[1].htm detected Trojan program 'Trojan-Clicker.HTML.IFrame.aga'
29/4/2009 18:50:22 File: c:\windows\system32\config\systemprofile\configurações locais\temporary internet files\content.ie5\wpmn4xi7\toastmini[1].htm disinfected Trojan program 'Trojan-Clicker.HTML.IFrame.aga'
29/4/2009 18:50:22 File: c:\windows\system32\dk\lmz1.bmp detected Trojan program 'Backdoor.IRC.Zapchast.zwqz'
29/4/2009 18:50:22 File: c:\windows\system32\dk\lmz1.bmp deleted
29/4/2009 18:50:22 File: c:\windows\system32\drive\27296716.ins detected Trojan program 'Backdoor.Win32.IRCBot.dsh'
29/4/2009 18:50:22 File: c:\windows\system32\drive\27296716.ins deleted
29/4/2009 18:50:22 File: c:\windows\system32\drive\31861617.ins detected Trojan program 'Backdoor.Win32.IRCBot.dsh'
29/4/2009 18:50:23 File: c:\windows\system32\drive\31861617.ins deleted
29/4/2009 18:50:23 File: c:\windows\system32\drive\37224256.ins detected Trojan program 'Backdoor.Win32.IRCBot.dsh'
29/4/2009 18:50:23 File: c:\windows\system32\drive\37224256.ins deleted
29/4/2009 18:50:23 File: c:\windows\system32\drive\7058408.ins detected Trojan program 'Backdoor.Win32.IRCBot.dsh'
29/4/2009 18:50:24 File: c:\windows\system32\drive\7058408.ins deleted
29/4/2009 18:50:24 File: c:\windows\system32\drive\8204747.ins detected Trojan program 'Backdoor.Win32.IRCBot.dsh'
29/4/2009 18:50:24 File: c:\windows\system32\drive\8204747.ins deleted
29/4/2009 18:50:24 File: c:\windows\system32\drive\86102025.ins detected Trojan program 'Backdoor.Win32.IRCBot.dsh'
29/4/2009 18:50:25 File: c:\windows\system32\drive\86102025.ins deleted
29/4/2009 18:50:25 File: c:\windows\system32\drive\lmz1.bmp detected Trojan program 'Backdoor.IRC.Zapchast.zwqz'
29/4/2009 18:50:25 File: c:\windows\system32\drive\lmz1.bmp deleted
29/4/2009 18:50:25 File: c:\windows\temp\bn13.tmp detected Trojan program 'Trojan-Downloader.Win32.FraudLoad.vqzq'
29/4/2009 18:50:25 File: c:\windows\temp\bn13.tmp deleted
29/4/2009 18:50:25 File: c:\windows\temp\bn14.tmp detected Trojan program 'Trojan-Downloader.Win32.FraudLoad.vqzq'
29/4/2009 18:50:25 File: c:\windows\temp\bn14.tmp deleted
29/4/2009 18:50:25 File: c:\windows\temp\bn15.tmp detected Trojan program 'Trojan-Downloader.Win32.FraudLoad.vqzq'
29/4/2009 18:50:25 File: c:\windows\temp\bn15.tmp deleted
29/4/2009 18:50:25 File: c:\windows\temp\bn27.tmp detected Trojan program 'Trojan-Downloader.Win32.FraudLoad.vqzq'
29/4/2009 18:50:25 File: c:\windows\temp\bn27.tmp deleted
29/4/2009 18:50:25 File: c:\windows\temp\bnc.tmp detected Trojan program 'Trojan-Downloader.Win32.FraudLoad.vqzq'
29/4/2009 18:50:25 File: c:\windows\temp\bnc.tmp deleted
29/4/2009 18:50:25 File: c:\windows\temp\nncdndfdfg48.exe detected Trojan program 'Trojan.Win32.VB.obn' by hash
29/4/2009 18:50:25 File: c:\windows\temp\nncdndfdfg48.exe deleted
29/4/2009 18:50:25 File: c:\windows\temp\vrt4.tmp detected Trojan program 'Trojan.Win32.Agent2.iqq'
29/4/2009 18:50:25 File: c:\windows\temp\vrt4.tmp deleted
29/4/2009 18:50:25 File: c:\windows\temp\vrt7.tmp detected Trojan program 'Trojan.Win32.Agent2.iqq'
29/4/2009 18:50:25 File: c:\windows\temp\vrt7.tmp deleted
29/4/2009 18:50:25 File: c:\windows\web\tip.htm detected Trojan program 'Trojan-Clicker.HTML.IFrame.aga'
29/4/2009 18:50:25 File: c:\windows\web\tip.htm disinfected Trojan program 'Trojan-Clicker.HTML.IFrame.aga'
29/4/2009 18:50:25 File: c:\windows\web\tip.htm detected Trojan program 'Trojan-Clicker.HTML.IFrame.aga'
29/4/2009 18:50:25 File: c:\windows\web\tip.htm disinfected Trojan program 'Trojan-Clicker.HTML.IFrame.aga'
29/4/2009 18:50:25 File: c:\system volume information\_restore{d0518e27-9216-4643-bef1-64c323f10013}\rp1\a0014623.ins detected Trojan program 'Backdoor.Win32.IRCBot.dsh'
29/4/2009 18:50:26 File: c:\system volume information\_restore{d0518e27-9216-4643-bef1-64c323f10013}\rp1\a0014623.ins deleted
29/4/2009 18:50:26 File: c:\system volume information\_restore{d0518e27-9216-4643-bef1-64c323f10013}\rp1\a0014624.ins detected Trojan program 'Backdoor.Win32.IRCBot.dsh'
29/4/2009 18:50:26 File: c:\system volume information\_restore{d0518e27-9216-4643-bef1-64c323f10013}\rp1\a0014624.ins deleted
29/4/2009 18:50:27 File: c:\system volume information\_restore{d0518e27-9216-4643-bef1-64c323f10013}\rp1\a0014625.ins detected Trojan program 'Backdoor.Win32.IRCBot.dsh'
29/4/2009 18:50:27 File: c:\system volume information\_restore{d0518e27-9216-4643-bef1-64c323f10013}\rp1\a0014625.ins deleted
29/4/2009 18:50:27 File: c:\system volume information\_restore{d0518e27-9216-4643-bef1-64c323f10013}\rp1\a0014626.ins detected Trojan program 'Backdoor.Win32.IRCBot.dsh'
29/4/2009 18:50:27 File: c:\system volume information\_restore{d0518e27-9216-4643-bef1-64c323f10013}\rp1\a0014626.ins deleted
29/4/2009 18:50:28 File: c:\system volume information\_restore{d0518e27-9216-4643-bef1-64c323f10013}\rp1\a0014627.ins detected Trojan program 'Backdoor.Win32.IRCBot.dsh'
29/4/2009 18:50:28 File: c:\system volume information\_restore{d0518e27-9216-4643-bef1-64c323f10013}\rp1\a0014627.ins deleted
29/4/2009 18:50:28 File: c:\system volume information\_restore{d0518e27-9216-4643-bef1-64c323f10013}\rp1\a0014628.ins detected Trojan program 'Backdoor.Win32.IRCBot.dsh'
29/4/2009 18:50:28 File: c:\system volume information\_restore{d0518e27-9216-4643-bef1-64c323f10013}\rp1\a0014628.ins deleted
Statistics
----------
Object Scanned Detected Untreated Deleted Moved to Quarantine Archives Packed files Password protected Corrupted
------ ------- -------- --------- ------- ------------------- -------- ------------ ------------------ ---------
Settings
--------
Parameter Value
--------- -----
Security Level Recommended
Action Prompt for action when the scan is complete
Run mode Manually
File types Scan all files
Scan only new and changed files No
Scan archives All
Scan embedded OLE objects All
Skip if object is larger than No
Skip if scan takes longer than No
Parse email formats No
Scan password-protected archives No
Enable iChecker technology No
Enable iSwift technology No
Show detected threats on "Detected" tab Yes
Rootkits search Yes
Deep rootkits search No
Use heuristic analyzer Yes
Quarantine
----------
Status Object Size Added
------ ------ ---- -----
Backup
------
Status Object Size
------ ------ ----
Infected: Trojan program Backdoor.Win32.IRCBot.dsh c:\windows\system32\drive\calling.com 736,5 KB
Infected: Trojan program Rootkit.Win32.Agent.jbb c:\windows\system32\drivers\fngkvbb.sys 30,1 KB
---------------------------------------------------------------------------------------------------------------------
HIJACK ATUALIZADO:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:57:22, on 29/4/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Arquivos de programas\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe
C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe
C:\Arquivos de programas\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Arquivos de programas\TEXTware\BOOKcase40\BC40CASE.exe
C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe
C:\Arquivos de programas\Arquivos comuns\LightScribe\LSSrvc.exe
C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\Arquivos de programas\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Hijack\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://login.yahoo.com/config/login_verify...=br&.src=ym
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Arquivos de programas\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Arquivos de programas\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
O4 - HKLM\..\Run: [sunjavaupdatesched] C:\Arquivos de programas\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [soundman] SOUNDMAN.EXE
O4 - HKLM\..\Run: [sispower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [oscheck] "C:\Arquivos de programas\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [msn] C:\Windows\svrse.exe
O4 - HKLM\..\Run: [isusscheduler] "C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [isuspm startup] C:\ARQUIV~1\ARQUIV~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [hp software update] C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exeO4 - HKLM\..\Run: [ccapp] "C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccApp.exe"
O4 - HKCU\..\Run: [msmsgs] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [VRTE0A] C:\WINDOWS\TEMP\VRTE0A.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: BOOKcase 4.0.lnk = C:\Arquivos de programas\TEXTware\BOOKcase40\BC40CASE.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1131549136390
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Arquivos de programas\Arquivos comuns\LightScribe\LSSrvc.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\ARQUIV~1\ARQUIV~1\SYMANT~1\CCPD-LC\symlcsvc.exe (file missing)
--
End...
-----------------------------------------------
Na verdade, foram 5 posts :assobiando:
No aguardo, um abraço!
Boa Noite! Carlos SP
<@> A infecção,é devido a um worm polifórmico,denominado: < Worm Kido > ou < Conficker Kido Downadup >
<@> Maiores informações: < Conficker Worm >
<@> Baixe:
<1> < Kaspersky Kido Killer 3.4.3 >
<2> < F-Downadup Removal Tool > ( ...by F-Secure )
<3> < Removal Tool for Win32.Worm.Downadup.Gen >
<4> < W32.Downadup Removal Tool > ( ...by Symantec )
<5> < MSRT by Microsoft - Malicious Software Removal Tool (KB890830) >
<6> < ssconftool_10_sfx.exe > ( 771,55kb )
<@> Ps: Antes de utilizar as ferramentas,procure instalar esta correção:
< MS08-067 >
<@> Desabilite:
<1> Qualquer conecção com a internet,ou rede.
<2> Auto-executar.
<@> Vá em Iniciar --> Executar --> Digite: gpedit.msc<@> Diretiva Computador Local --> Configurações do Computador --> Modelos Administrativos --> Sistema.
<@> No Painel direito,dê um duplo-clique em Desativar Auto-Executar.
<@> Marque: Ativado --> Selecione: Todas as unidades --> Ok.
<@> Assim,você não será infectado ao conectar o drive infectado.
<@> Recomendo a formatação de suas mídias removíveis.
<3> Restauração do Sistema:
<@> Clique com o direito do mouse,em cima de Meu Computador --> Propriedades --> Restauração do Sistema.<@> Marque: Desativar Restauração do Sistema --> Aplicar --> Aguarde! --> Ok.
<@> Depois,desmarque novamente! --> Aplicar --> Aguarde! --> Ok.
<@> Para maiores detalhes,leia o Tutorial: < Link >
<@> Ps: Rode as ferramentas,tendo atributos administrativos.
<@> Retire-as do zip,ao executá-las!
<><><><><><><><><><><>
<@> Baixe: < a-squared Free 4.0 >
<@> Salve-o em Arquivos de programas.
<@> Abra o programa e clique em: Atualizar agora --> Aguarde!
<@> Terminando,clique em: "Scan PC"
<@> Escolha a opção: "A fundo" --> Clique,à seguir,em "Analisar".
<@> Terminando,marque as caixinhas dos ítens encontrados e clique em "Enviar marcados à Quarentena".
<@> Salve e poste o relatório desta verificação. ( a2scan_xxyy09-xxxxxx.txt )
<@> Poste,também,os relatórios das ferramentas antidownadup.
Abraços!
Boa noite, DigRam!
Tenho duas dúvidas:
1. No download da correção < MS08-067 >, não consegui finalizar a instalação - aparece uma janela afirmando que o setup não pode ser executado porque a linguagem dp sistema é diferente da do update. Testei Inglês, Português Brasil, Port. Portugal, sem resultado. Há alguma maneira de descobrir qual é essa linguagem do sistema? Ou há outra maneira de resolver a questão?
2. No procedimento para desativar o auto-executar, não encontrei o "gpedit.msc" em Executar. O nome do arquivo é esse mesmo?
Outra coisa: estou utilizando pen-drive para trazer as ferramentas de outro computador (continuo não conseguindo acessar os links das ferramentas 1 a 5). Posso desativar o auto-executar antes de transferir as ferramentas para o meu computador?
Obrigado!
Bom Dia! Carlos SP
1. No download da correção < MS08-067 >, não consegui finalizar a instalação - aparece uma janela afirmando que o setup não pode ser executado porque a linguagem dp sistema é diferente da do update. Testei Inglês, Português Brasil, Port. Portugal, sem resultado. Há alguma maneira de descobrir qual é essa linguagem do sistema? Ou há outra maneira de resolver a questão?
<!> Se o seu SO é Português Brasil e utiliza o SP2,baixe a atualização:
< WindowsXP-KB958644-x86-PTB >
2. No procedimento para desativar o auto-executar, não encontrei o "gpedit.msc" em Executar. O nome do arquivo é esse mesmo?
<!> Tente por esta instrução,logo abaixo.
<><><><><><><><><><>
<@> Vá em Iniciar --> Executar --> Digite: gpedit.msc
<@> Diretiva Computador Local --> Configurações do Computador --> Modelos Administrativos --> Sistema.
<@> No Painel direito,dê um duplo-clique em Desativar Auto-Executar.
<@> Marque: Ativado --> Selecione: Todas as unidades --> Ok.
<@> Assim,você não será infectado ao conectar o drive infectado.
<@> Recomendo a formatação de suas mídias removíveis.
<><><><><><><><><><>
Outra coisa: estou utilizando pen-drive para trazer as ferramentas de outro computador (continuo não conseguindo acessar os links das ferramentas 1 a 5). Posso desativar o auto-executar antes de transferir as ferramentas para o meu computador?
<!> Pode! Pois ao acessar sua unidade ( F,G,....),execute-a diretamente.
Abraços!
Olá, DigRam!
Tentei acessar as ferramentas 1 a 5 em outros dois computadores, mas em todos eles a página aparece como indisponível/inexistente/removida. Você poderia passar esses links novamente?
Abraço.
Olá, DigRam!
Tentei acessar as ferramentas 1 a 5 em outros dois computadores, mas em todos eles a página aparece como indisponível/inexistente/removida. Você poderia passar esses links novamente?
Abraço.
<><><><><><><><>
Opa! Carlos SP
<!> Execute,apenas,as que estiverem disponíveis. Em um outro momento,poderão ser requisitadas.
Abraços!
Boa noite, DigRam!
Ainda não consegui encotrar/executar gpedit.msc. Como alternativa para desativar o auto-executar, baixei o Panda Research USB Vaccine antes de desabilitar a restauração do sistema e executar as ferramentas. Essa "vacina" é equivalente a desabilitar o auto-executar, mesmo?
A seguir, o relatório das ferramentas:
<2> < F-Downadup Removal Tool >
Não foram verificadas infecções.
<3> < Removal Tool for Win32.Worm.Downadup.Gen >
Your computer is not infected.
<5> < MSRT by Microsoft - Malicious Software Removal Tool (KB890830) >
Códigos mal-intencionados:
Backdoor:WinNT/Rustock.E – parcialmente removido, reinicialização necessária
Vírus:Win32/Cutwail.F – removido, reinicialização necessária.
<6> < ssconftool_10_sfx.exe >
Conficker was not detected.
--------------------------------
Forte abraço!
Relatório do < a-squared Free 4.0 >:
a-squared Free - Versão 4.0
Última atualização 1/5/2009 16:20:13
Configurações da análise:
Objetos: Memória, Rastros, Cookies, C:\
Análise de arquivos: Ligado
Heurística: Desligado
Análise de ADS: Ligado
Início da análise: 1/5/2009 16:21:19
[1344] C:\WINDOWS\system32\sopidkc.exe detectado: Trojan-Dropper.Delf!IK
[1464] C:\WINDOWS\System32\alg.exe detectado: Virus.Win32.Virut!IK
[1952] C:\WINDOWS\Explorer.EXE detectado: Trojan.Win32.Patched!IK
[220] C:\WINDOWS\SOUNDMAN.EXE detectado: Virus.Win32.Virut!IK
C:\Documents and Settings\Carlos\Cookies\carlos@adserver.dialhost.com[1].txt detectado: Trace.TrackingCookie.adserv!A2
C:\Documents and Settings\Carlos\Cookies\carlos@atdmt[2].txt detectado: Trace.TrackingCookie.atdmt!A2
C:\Documents and Settings\Carlos\Cookies\carlos@bravenet[1].txt detectado: Trace.TrackingCookie.bravenet!A2
C:\Documents and Settings\Carlos\Cookies\carlos@bs.serving-sys[1].txt detectado: Trace.TrackingCookie.bs.serving-sys!A2
C:\Documents and Settings\Carlos\Cookies\carlos@com[1].txt detectado: Trace.TrackingCookie.com!A2
C:\Documents and Settings\Carlos\Cookies\carlos@doubleclick[1].txt detectado: Trace.TrackingCookie.doubleclick!A2
C:\Documents and Settings\Carlos\Cookies\carlos@google.com[1].txt detectado: Trace.TrackingCookie.google.com!A2
C:\Documents and Settings\Carlos\Cookies\carlos@ig.com[1].txt detectado: Trace.TrackingCookie.ig.com!A2
C:\Documents and Settings\Carlos\Cookies\carlos@serving-sys[1].txt detectado: Trace.TrackingCookie.serving-sys!A2
C:\Documents and Settings\Carlos\Cookies\carlos@specificclick[2].txt detectado: Trace.TrackingCookie.specificclick!A2
C:\Documents and Settings\Carlos\Cookies\carlos@statcounter[2].txt detectado: Trace.TrackingCookie.statcounter!A2
C:\Documents and Settings\Carlos\Cookies\carlos@zedo[2].txt detectado: Trace.TrackingCookie.zedo!A2
C:\Arquivos de programas\CursoMontagem\montagem.exe detectado: Virus.Win32.Agent.VVO!IK
C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE detectado: Trojan.Win32.Banker!IK
C:\Arquivos de programas\Movie Maker\moviemk.exe detectado: Trojan-Downloader.Win32.Banload!IK
C:\Arquivos de programas\MSN Gaming Zone\Windows\hrtzzm.exe detectado: Trojan-Downloader.Win32.Dadobra!IK
C:\Arquivos de programas\MSN Gaming Zone\Windows\Rvsezm.exe detectado: Trojan-Downloader.Win32.Devsog.04!IK
C:\Arquivos de programas\Windows Media Player\wmplayer.exe detectado: Virus.Win32.Virut!IK
C:\Arquivos de programas\Windows NT\Acessórios\wordpad.exe detectado: Virus.Win32.Radja!IK
C:\Arquivos de programas\Windows NT\hypertrm.exe detectado: Hoax.Win32.RolCardGen!IK
C:\Arquivos de programas\Windows NT\Pinball\PINBALL.EXE detectado: Virus.Win32.Virut.n!IK
C:\Documents and Settings\Carlos\Meus documentos\Knights AND Merchants RIP CLASS (Seeded By SnesHeaven.org)\Knights&Merchants\CLASS.EXE detectado: Trojan.Generic!IK
C:\Documents and Settings\LocalService\Configurações locais\Temporary Internet Files\Content.IE5\0059PVX9\w[1].bin detectado: AdWare.Coolezweb!IK
C:\Documents and Settings\LocalService\Configurações locais\Temporary Internet Files\Content.IE5\L2X7YBU8\w[1].bin detectado: AdWare.Coolezweb!IK
C:\Documents and Settings\LocalService\Configurações locais\Temporary Internet Files\Content.IE5\TI3ZUO5R\d[1].bin detectado: Trojan.Win32.VB!IK
C:\Documents and Settings\LocalService\Configurações locais\Temporary Internet Files\Content.IE5\TI3ZUO5R\w[1].bin detectado: AdWare.Coolezweb!IK
C:\WINDOWS\$MSI31Uninstall_KB893803v2$\msiexec.exe detectado: Virus.Win32.Virtob!IK
C:\WINDOWS\$NtUninstallKB920213$\agentsvr.exe detectado: Virus.Win32.Virut!IK
C:\WINDOWS\$NtUninstallKB938828$\explorer.exe detectado: Virus.Win32.Virut.q!IK
C:\WINDOWS\explorer.exe detectado: Trojan.Win32.Patched!IK
C:\WINDOWS\msagent\agentsvr.exe detectado: Virus.Win32.Virut!IK
C:\WINDOWS\NOTEPAD.EXE detectado: Virus.Win32.Hupigon!IK
C:\WINDOWS\SOUNDMAN.EXE detectado: Virus.Win32.Virut!IK
C:\WINDOWS\system32\alg.exe detectado: Virus.Win32.Virut!IK
C:\WINDOWS\system32\charmap.exe detectado: Virus.Win32.Radja!IK
C:\WINDOWS\system32\chkntfs.exe detectado: Virus.Win32.Virut.q!IK
C:\WINDOWS\system32\cidaemon.exe detectado: Virus.Win32.Virut.q!IK
C:\WINDOWS\system32\clipsrv.exe detectado: Virus.Win32.Virut.q!IK
C:\WINDOWS\system32\convert.exe detectado: Virus.Win32.Virut.q!IK
C:\WINDOWS\system32\dk\d.dll detectado: Backdoor.IRC.Lambot.G!IK
C:\WINDOWS\system32\dk\dbqp.fon detectado: Backdoor.IRC.Cloner!IK
C:\WINDOWS\system32\dk\lam2.exe detectado: Riskware.NetTool.Win32.Sniffer.c!IK
C:\WINDOWS\system32\dk\msn.dll detectado: Win32.SuspectCrc!IK
C:\WINDOWS\system32\dk\qaz detectado: Backdoor.IRC.Zapchast!IK
C:\WINDOWS\system32\dk\Refix.ocx detectado: Backdoor.IRC.Zapchast!IK
C:\WINDOWS\system32\dk\winreg.oce detectado: Backdoor.IRC.Zapchast!IK
C:\WINDOWS\system32\dk\wsx detectado: Backdoor.IRC.Zapchast!IK
C:\WINDOWS\system32\dllcache\ndis.sys detectado: Rkit!IK
C:\WINDOWS\system32\dncyool64.sys detectado: Trojan.Win32.VB!IK
C:\WINDOWS\system32\drive\d.dll detectado: Backdoor.IRC.Lambot.G!IK
C:\WINDOWS\system32\drive\dbqp.fon detectado: Backdoor.IRC.Flood!IK
C:\WINDOWS\system32\drive\lam2.exe detectado: Riskware.NetTool.Win32.Sniffer.c!IK
C:\WINDOWS\system32\drive\mirc.ini detectado: Backdoor.IRC.Cloner!IK
C:\WINDOWS\system32\drive\msn.dll detectado: Win32.SuspectCrc!IK
C:\WINDOWS\system32\drive\qaz detectado: Backdoor.IRC.Zapchast!IK
C:\WINDOWS\system32\drive\Refix.ocx detectado: Backdoor.IRC.Zapchast!IK
C:\WINDOWS\system32\drive\winreg.oce detectado: Backdoor.IRC.Zapchast!IK
C:\WINDOWS\system32\drive\wsx detectado: Backdoor.IRC.Zapchast!IK
C:\WINDOWS\system32\logon.scr detectado: Virus.Win32.Virut.q!IK
C:\WINDOWS\system32\magnify.exe detectado: Virus.Win32.Virut!IK
C:\WINDOWS\system32\mmc.exe detectado: Virus.Win32.Virut!IK
C:\WINDOWS\system32\mnmsrvc.exe detectado: Virus.Win32.Virut.n!IK
C:\WINDOWS\system32\msiexec.exe detectado: Virus.Win32.Virtob!IK
C:\WINDOWS\system32\msncache.dll.521366 detectado: Trojan.Agent!IK
C:\WINDOWS\system32\msncache.dll.574059 detectado: Trojan.Agent!IK
C:\WINDOWS\system32\narrator.exe detectado: Virus.Win32.Radja!IK
C:\WINDOWS\system32\net.exe detectado: Virus.Win32.Virut!IK
C:\WINDOWS\system32\notepad.exe detectado: Virus.Win32.Hupigon!IK
C:\WINDOWS\system32\osk.exe detectado: Virus.Win32.Radja!IK
C:\WINDOWS\system32\powercfg.exe detectado: Virus.Win32.Socks.BA!IK
C:\WINDOWS\system32\rsmui.exe detectado: Virus.Win32.Virut!IK
C:\WINDOWS\system32\scrnsave.scr detectado: Virus.Win32.Virut!IK
C:\WINDOWS\system32\sessmgr.exe detectado: Virus.Win32.Virut.q!IK
C:\WINDOWS\system32\sndrec32.exe detectado: Virus.Win32.DeadCode!IK
C:\WINDOWS\system32\sopidkc.exe detectado: Trojan-Dropper.Delf!IK
C:\WINDOWS\system32\ss3dfo.scr detectado: Virus.Win32.Virut!IK
C:\WINDOWS\system32\ssbezier.scr detectado: Win32.Virtob!IK
C:\WINDOWS\system32\ssflwbox.scr detectado: Virus.Win32.Virut!IK
C:\WINDOWS\system32\ssmarque.scr detectado: Virus.Win32.Virut.q!IK
C:\WINDOWS\system32\ssmyst.scr detectado: Virus.Win32.Virut.q!IK
C:\WINDOWS\system32\sspipes.scr detectado: Virus.Win32.Virut!IK
C:\WINDOWS\system32\ssstars.scr detectado: Win32.Virtob!IK
C:\WINDOWS\system32\sstext3d.scr detectado: Virus.Win32.Virut!IK
C:\WINDOWS\system32\tpszxyd.sys detectado: AdWare.Coolezweb!IK
C:\WINDOWS\system32\ups.exe detectado: Virus.Win32.Virut!IK
C:\WINDOWS\system32\vssvc.exe detectado: Virus.Win32.Virut.q!IK
C:\WINDOWS\system32\wbem\wmiprvse.exe detectado: Virus.Win32.Virut.q!IK
C:\WINDOWS\system32\wiaacmgr.exe detectado: Trojan-Downloader.Win32.Banload!IK
C:\WINDOWS\Temp\BN16.tmp detectado: Trojan.Kobcka!IK
C:\WINDOWS\Temp\BN17.tmp detectado: Trojan.Kobcka!IK
C:\WINDOWS\Temp\BN1A.tmp detectado: Trojan.Kobcka!IK
C:\WINDOWS\Temp\BN1B.tmp detectado: Trojan.Kobcka!IK
C:\WINDOWS\Temp\BN1E.tmp detectado: Trojan.Kobcka!IK
C:\WINDOWS\Temp\BN28.tmp detectado: Trojan.Kobcka!IK
C:\WINDOWS\Temp\BN2C.tmp detectado: Trojan.Kobcka!IK
Analisado
Arquivos: 117084
Objetos: 492318
Cookies: 86
Processos: 28
Encontrado
Arquivos: 83
Objetos: 0
Cookies: 13
Processos: 4
Chaves do registro: 0
Fim da análise: 1/5/2009 17:02:44
Duração da análise: 0:41:25
C:\WINDOWS\Temp\BN16.tmp Em quarentena Trojan.Kobcka!IK
C:\WINDOWS\Temp\BN17.tmp Em quarentena Trojan.Kobcka!IK
C:\WINDOWS\Temp\BN1A.tmp Em quarentena Trojan.Kobcka!IK
C:\WINDOWS\Temp\BN1B.tmp Em quarentena Trojan.Kobcka!IK
C:\WINDOWS\Temp\BN1E.tmp Em quarentena Trojan.Kobcka!IK
C:\WINDOWS\Temp\BN28.tmp Em quarentena Trojan.Kobcka!IK
C:\WINDOWS\Temp\BN2C.tmp Em quarentena Trojan.Kobcka!IK
C:\WINDOWS\system32\ssbezier.scr Em quarentena Win32.Virtob!IK
C:\WINDOWS\system32\ssstars.scr Em quarentena Win32.Virtob!IK
C:\WINDOWS\system32\sndrec32.exe Em quarentena Virus.Win32.DeadCode!IK
C:\WINDOWS\system32\powercfg.exe Em quarentena Virus.Win32.Socks.BA!IK
C:\WINDOWS\system32\msncache.dll.521366 Em quarentena Trojan.Agent!IK
C:\WINDOWS\system32\msncache.dll.574059 Em quarentena Trojan.Agent!IK
C:\WINDOWS\system32\drive\dbqp.fon Em quarentena Backdoor.IRC.Flood!IK
C:\WINDOWS\system32\dllcache\ndis.sys Em quarentena Rkit!IK
C:\WINDOWS\system32\dk\qaz Em quarentena Backdoor.IRC.Zapchast!IK
C:\WINDOWS\system32\dk\Refix.ocx Em quarentena Backdoor.IRC.Zapchast!IK
C:\WINDOWS\system32\dk\winreg.oce Em quarentena Backdoor.IRC.Zapchast!IK
C:\WINDOWS\system32\dk\wsx Em quarentena Backdoor.IRC.Zapchast!IK
C:\WINDOWS\system32\drive\qaz Em quarentena Backdoor.IRC.Zapchast!IK
C:\WINDOWS\system32\drive\Refix.ocx Em quarentena Backdoor.IRC.Zapchast!IK
C:\WINDOWS\system32\drive\winreg.oce Em quarentena Backdoor.IRC.Zapchast!IK
C:\WINDOWS\system32\drive\wsx Em quarentena Backdoor.IRC.Zapchast!IK
C:\WINDOWS\system32\dk\msn.dll Em quarentena Win32.SuspectCrc!IK
C:\WINDOWS\system32\drive\msn.dll Em quarentena Win32.SuspectCrc!IK
C:\WINDOWS\system32\dk\lam2.exe Em quarentena Riskware.NetTool.Win32.Sniffer.c!IK
C:\WINDOWS\system32\drive\lam2.exe Em quarentena Riskware.NetTool.Win32.Sniffer.c!IK
C:\WINDOWS\system32\dk\dbqp.fon Em quarentena Backdoor.IRC.Cloner!IK
C:\WINDOWS\system32\drive\mirc.ini Em quarentena Backdoor.IRC.Cloner!IK
C:\WINDOWS\system32\dk\d.dll Em quarentena Backdoor.IRC.Lambot.G!IK
C:\WINDOWS\system32\drive\d.dll Em quarentena Backdoor.IRC.Lambot.G!IK
C:\WINDOWS\NOTEPAD.EXE Em quarentena Virus.Win32.Hupigon!IK
C:\WINDOWS\system32\notepad.exe Em quarentena Virus.Win32.Hupigon!IK
C:\WINDOWS\$NtUninstallKB938828$\explorer.exe Em quarentena Virus.Win32.Virut.q!IK
C:\WINDOWS\system32\chkntfs.exe Em quarentena Virus.Win32.Virut.q!IK
C:\WINDOWS\system32\cidaemon.exe Em quarentena Virus.Win32.Virut.q!IK
C:\WINDOWS\system32\clipsrv.exe Em quarentena Virus.Win32.Virut.q!IK
C:\WINDOWS\system32\convert.exe Em quarentena Virus.Win32.Virut.q!IK
C:\WINDOWS\system32\logon.scr Em quarentena Virus.Win32.Virut.q!IK
C:\WINDOWS\system32\sessmgr.exe Em quarentena Virus.Win32.Virut.q!IK
C:\WINDOWS\system32\ssmarque.scr Em quarentena Virus.Win32.Virut.q!IK
C:\WINDOWS\system32\ssmyst.scr Em quarentena Virus.Win32.Virut.q!IK
C:\WINDOWS\system32\vssvc.exe Em quarentena Virus.Win32.Virut.q!IK
C:\WINDOWS\system32\wbem\wmiprvse.exe Em quarentena Virus.Win32.Virut.q!IK
C:\WINDOWS\$MSI31Uninstall_KB893803v2$\msiexec.exe Em quarentena Virus.Win32.Virtob!IK
C:\WINDOWS\system32\msiexec.exe Em quarentena Virus.Win32.Virtob!IK
C:\Documents and Settings\LocalService\Configurações locais\Temporary Internet Files\Content.IE5\TI3ZUO5R\d[1].bin Em quarentena Trojan.Win32.VB!IK
C:\WINDOWS\system32\dncyool64.sys Em quarentena Trojan.Win32.VB!IK
C:\Documents and Settings\LocalService\Configurações locais\Temporary Internet Files\Content.IE5\0059PVX9\w[1].bin Em quarentena AdWare.Coolezweb!IK
C:\Documents and Settings\LocalService\Configurações locais\Temporary Internet Files\Content.IE5\L2X7YBU8\w[1].bin Em quarentena AdWare.Coolezweb!IK
C:\Documents and Settings\LocalService\Configurações locais\Temporary Internet Files\Content.IE5\TI3ZUO5R\w[1].bin Em quarentena AdWare.Coolezweb!IK
C:\WINDOWS\system32\tpszxyd.sys Em quarentena AdWare.Coolezweb!IK
C:\Documents and Settings\Carlos\Meus documentos\Knights AND Merchants RIP CLASS (Seeded By SnesHeaven.org)\Knights&Merchants\CLASS.EXE Em quarentena Trojan.Generic!IK
C:\Arquivos de programas\Windows NT\Pinball\PINBALL.EXE Em quarentena Virus.Win32.Virut.n!IK
C:\WINDOWS\system32\mnmsrvc.exe Em quarentena Virus.Win32.Virut.n!IK
C:\Arquivos de programas\Windows NT\hypertrm.exe Em quarentena Hoax.Win32.RolCardGen!IK
C:\Arquivos de programas\Windows NT\Acessórios\wordpad.exe Em quarentena Virus.Win32.Radja!IK
C:\WINDOWS\system32\charmap.exe Em quarentena Virus.Win32.Radja!IK
C:\WINDOWS\system32\narrator.exe Em quarentena Virus.Win32.Radja!IK
C:\WINDOWS\system32\osk.exe Em quarentena Virus.Win32.Radja!IK
C:\Arquivos de programas\MSN Gaming Zone\Windows\Rvsezm.exe Em quarentena Trojan-Downloader.Win32.Devsog.04!IK
C:\Arquivos de programas\MSN Gaming Zone\Windows\hrtzzm.exe Em quarentena Trojan-Downloader.Win32.Dadobra!IK
C:\Arquivos de programas\Movie Maker\moviemk.exe Em quarentena Trojan-Downloader.Win32.Banload!IK
C:\WINDOWS\system32\wiaacmgr.exe Em quarentena Trojan-Downloader.Win32.Banload!IK
C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE Em quarentena Trojan.Win32.Banker!IK
C:\Arquivos de programas\CursoMontagem\montagem.exe Em quarentena Virus.Win32.Agent.VVO!IK
C:\Documents and Settings\Carlos\Cookies\carlos@zedo[2].txt Em quarentena Trace.TrackingCookie.zedo!A2
C:\Documents and Settings\Carlos\Cookies\carlos@statcounter[2].txt Em quarentena Trace.TrackingCookie.statcounter!A2
C:\Documents and Settings\Carlos\Cookies\carlos@specificclick[2].txt Em quarentena Trace.TrackingCookie.specificclick!A2
C:\Documents and Settings\Carlos\Cookies\carlos@serving-sys[1].txt Em quarentena Trace.TrackingCookie.serving-sys!A2
C:\Documents and Settings\Carlos\Cookies\carlos@ig.com[1].txt Em quarentena Trace.TrackingCookie.ig.com!A2
C:\Documents and Settings\Carlos\Cookies\carlos@google.com[1].txt Em quarentena Trace.TrackingCookie.google.com!A2
C:\Documents and Settings\Carlos\Cookies\carlos@doubleclick[1].txt Em quarentena Trace.TrackingCookie.doubleclick!A2
C:\Documents and Settings\Carlos\Cookies\carlos@com[1].txt Em quarentena Trace.TrackingCookie.com!A2
C:\Documents and Settings\Carlos\Cookies\carlos@bs.serving-sys[1].txt Em quarentena Trace.TrackingCookie.bs.serving-sys!A2
C:\Documents and Settings\Carlos\Cookies\carlos@bravenet[1].txt Em quarentena Trace.TrackingCookie.bravenet!A2
C:\Documents and Settings\Carlos\Cookies\carlos@atdmt[2].txt Em quarentena Trace.TrackingCookie.atdmt!A2
C:\Documents and Settings\Carlos\Cookies\carlos@adserver.dialhost.com[1].txt Em quarentena Trace.TrackingCookie.adserv!A2
[1952] C:\WINDOWS\Explorer.EXE Em quarentena Trojan.Win32.Patched!IK
C:\WINDOWS\explorer.exe Em quarentena Trojan.Win32.Patched!IK
[1464] C:\WINDOWS\System32\alg.exe Em quarentena Virus.Win32.Virut!IK
[220] C:\WINDOWS\SOUNDMAN.EXE Em quarentena Virus.Win32.Virut!IK
C:\Arquivos de programas\Windows Media Player\wmplayer.exe Em quarentena Virus.Win32.Virut!IK
C:\WINDOWS\$NtUninstallKB920213$\agentsvr.exe Em quarentena Virus.Win32.Virut!IK
C:\WINDOWS\msagent\agentsvr.exe Em quarentena Virus.Win32.Virut!IK
C:\WINDOWS\SOUNDMAN.EXE Em quarentena Virus.Win32.Virut!IK
C:\WINDOWS\system32\alg.exe Em quarentena Virus.Win32.Virut!IK
C:\WINDOWS\system32\magnify.exe Em quarentena Virus.Win32.Virut!IK
C:\WINDOWS\system32\mmc.exe Em quarentena Virus.Win32.Virut!IK
C:\WINDOWS\system32\net.exe Em quarentena Virus.Win32.Virut!IK
C:\WINDOWS\system32\rsmui.exe Em quarentena Virus.Win32.Virut!IK
C:\WINDOWS\system32\scrnsave.scr Em quarentena Virus.Win32.Virut!IK
C:\WINDOWS\system32\ss3dfo.scr Em quarentena Virus.Win32.Virut!IK
C:\WINDOWS\system32\ssflwbox.scr Em quarentena Virus.Win32.Virut!IK
C:\WINDOWS\system32\sspipes.scr Em quarentena Virus.Win32.Virut!IK
C:\WINDOWS\system32\sstext3d.scr Em quarentena Virus.Win32.Virut!IK
C:\WINDOWS\system32\ups.exe Em quarentena Virus.Win32.Virut!IK
[1344] C:\WINDOWS\system32\sopidkc.exe Em quarentena Trojan-Dropper.Delf!IK
C:\WINDOWS\system32\sopidkc.exe Em quarentena Trojan-Dropper.Delf!IK
[1952] C:\WINDOWS\Explorer.EXE Em quarentena Trojan.Win32.Patched!IK
C:\WINDOWS\explorer.exe Em quarentena Trojan.Win32.Patched!IK
[1952] C:\WINDOWS\Explorer.EXE Em quarentena Trojan.Win32.Patched!IK
C:\WINDOWS\explorer.exe Em quarentena Trojan.Win32.Patched!IK
[1952] C:\WINDOWS\Explorer.EXE Em quarentena Trojan.Win32.Patched!IK
C:\WINDOWS\explorer.exe Em quarentena Trojan.Win32.Patched!IK
Em quarentena
Arquivos: 86
Objetos: 0
Cookies: 12
Boa Noite! Carlos SP
Ainda não consegui encotrar/executar gpedit.msc. Como alternativa para desativar o auto-executar, baixei o Panda Research USB Vaccine antes de desabilitar a restauração do sistema e executar as ferramentas. Essa "vacina" é equivalente a desabilitar o auto-executar, mesmo?
<!> Sim! Foi correto utilizar o Panda Research USB Vaccine,na desabilitação do auto-executar.
<><><><><><><><><><><><>
<@> Baixe:
< rmvirut.exe >
< rmvirut.nt >
<!> Ps: Salve-os em uma mesma pasta,por exemplo: C:\Virut
<@> Reinicie o computador em Modo de segurança.
<@> Vá até Iniciar --> Executar -> Digite: C:\Virut\rmvirut.exe C: --> Clique em OK.
<!> OBS: Caso possua outras unidades de disco,adicione-as ao comando,da seguinte forma:
C:\Virut\rmvirut.exe C: D:
<@> Aguarde a conclusão! --> Aperte Enter.
<@> O computador será reiniciado!
<@> Faça uma verificação,com o seu antivírus,na detecção do Win32.Virut.
<@> Delete tudo o que encontrar!
<><><><><><><><><><><><>
<@> Baixe: < Norman Malware Cleaner >
<@> Salve-o no desktop.
<@> Abra o arquivo e clique em Executar --> Accept.
<@> Clique em Add,para adicionar ou Remove,para remover unidades/setores à serem escaneados. ( **C:\.,D:\.,E:\*.***,etc... )
<@> Clique em "Start scan" --> Aguarde!
<@> Terminando,poste o relatório,que estará no desktop. ( NFix_2009-xx-xx_yy-yy-yy.log ) <--
<@> Poste,também,HijackThis atualizado.
Abraços!
Bom dia, DigRam!
- Relatório Norman Malware Cleaner:
Norman Malware Cleaner
Copyright © 1990 - 2009, Norman ASA. Built 2009/04/30 06:27:40
Norman Scanner Engine Version: 6.01.05
Nvcbin.def Version: 6.01.00, Date: 2009/04/30 06:27:40, Variants: 3141364
Scan started: 02/05/2009 11:07:18
Running pre-scan cleanup routine:
Operating System: Microsoft Windows XP Home 5.1.2600 Service Pack 2
Logged on user: HP-AF5E76A48CD1\Carlos
Failed to change service configuration (0x00000005) for "wuauserv" to 0x00000002 and 0xFFFFFFFF
Failed to change service configuration (0x00000005) for "BITS" to 0x00000003 and 0xFFFFFFFF
Scanning running processes and process memory...
C:\WINDOWS\System32\drivers\c26d0c32.sys (Error opening file: Not found)
Number of processes/threads found: 1305
Number of processes/threads scanned: 1304
Number of processes/threads not scanned: 1
Number of infected processes/threads terminated: 0
Total scanning time: 35s
Scanning file system...
Scanning: C:\.
C:\Documents and Settings\Carlos\Configurações locais\Temporary Internet Files\Content.IE5\3ASVVPWL\enavweb[1].cab/unknown13 (Error whilst scanning file: I/O Error (0x00220005))
C:\Documents and Settings\Carlos\Configurações locais\Temporary Internet Files\Content.IE5\3ASVVPWL\enavweb[1].cab/unknown14 (Error whilst scanning file: I/O Error (0x00220005))
C:\Documents and Settings\Carlos\Configurações locais\Temporary Internet Files\Content.IE5\3ASVVPWL\enavweb[1].cab/unknown15 (Error whilst scanning file: I/O Error (0x00220005))
C:\Documents and Settings\Carlos\Configurações locais\Temporary Internet Files\Content.IE5\3ASVVPWL\enavweb[1].cab/unknown16 (Error whilst scanning file: I/O Error (0x00220005))
C:\Documents and Settings\Carlos\Configurações locais\Temporary Internet Files\Content.IE5\3ASVVPWL\enavweb[1].cab/unknown17 (Error whilst scanning file: I/O Error (0x00220005))
C:\Documents and Settings\Carlos\Configurações locais\Temporary Internet Files\Content.IE5\3ASVVPWL\enavweb[1].cab/unknown18 (Error whilst scanning file: I/O Error (0x00220005))
C:\Documents and Settings\Carlos\Configurações locais\Temporary Internet Files\Content.IE5\3ASVVPWL\enavweb[1].cab/unknown19 (Error whilst scanning file: I/O Error (0x00220005))
C:\Documents and Settings\Carlos\Configurações locais\Temporary Internet Files\Content.IE5\3ASVVPWL\enavweb[1].cab/unknown20 (Error whilst scanning file: I/O Error (0x00220005))
C:\Documents and Settings\Carlos\Configurações locais\Temporary Internet Files\Content.IE5\3ASVVPWL\enavweb[1].cab/unknown21 (Error whilst scanning file: I/O Error (0x00220005))
C:\Documents and Settings\Carlos\Configurações locais\Temporary Internet Files\Content.IE5\3ASVVPWL\enavweb[1].cab/unknown22 (Error whilst scanning file: I/O Error (0x00220005))
C:\Documents and Settings\Carlos\Configurações locais\Temporary Internet Files\Content.IE5\3ASVVPWL\enavweb[1].cab/unknown23 (Error whilst scanning file: I/O Error (0x00220005))
C:\Documents and Settings\Carlos\Configurações locais\Temporary Internet Files\Content.IE5\3ASVVPWL\enavweb[1].cab/unknown24 (Error whilst scanning file: I/O Error (0x00220005))
C:\Documents and Settings\Carlos\Configurações locais\Temporary Internet Files\Content.IE5\3ASVVPWL\enavweb[1].cab/unknown25 (Error whilst scanning file: I/O Error (0x00220005))
C:\Documents and Settings\Carlos\Configurações locais\Temporary Internet Files\Content.IE5\3ASVVPWL\enavweb[1].cab/unknown26 (Error whilst scanning file: I/O Error (0x00220005))
C:\Documents and Settings\Carlos\Configurações locais\Temporary Internet Files\Content.IE5\3ASVVPWL\enavweb[1].cab/unknown27 (Error whilst scanning file: I/O Error (0x00220005))
C:\Documents and Settings\Carlos\Configurações locais\Temporary Internet Files\Content.IE5\3ASVVPWL\enavweb[1].cab/unknown28 (Error whilst scanning file: I/O Error (0x00220005))
C:\Documents and Settings\Carlos\Configurações locais\Temporary Internet Files\Content.IE5\3ASVVPWL\enavweb[1].cab/unknown29 (Error whilst scanning file: I/O Error (0x00220005))
C:\Documents and Settings\Carlos\Configurações locais\Temporary Internet Files\Content.IE5\3ASVVPWL\enavweb[1].cab/unknown30 (Error whilst scanning file: I/O Error (0x00220005))
C:\Documents and Settings\Carlos\Configurações locais\Temporary Internet Files\Content.IE5\3ASVVPWL\enavweb[1].cab/unknown31 (Error whilst scanning file: I/O Error (0x00220005))
C:\Documents and Settings\Carlos\Configurações locais\Temporary Internet Files\Content.IE5\85UJ016N\PPPrimary[1].js/unknown0 (Error whilst scanning file: I/O Error (0x00220005))
C:\Documents and Settings\Carlos\Configurações locais\Temporary Internet Files\Content.IE5\93R7H9GE\space[1].js/unknown0 (Error whilst scanning file: I/O Error (0x00220005))
C:\Documents and Settings\Carlos\Configurações locais\Temporary Internet Files\Content.IE5\KL2N0D6R\4279243607-widgets[1].js/unknown0 (Error whilst scanning file: I/O Error (0x00220005))
C:\Documents and Settings\Carlos\Configurações locais\Temporary Internet Files\Content.IE5\QHYR85GZ\br.yahoo[1]/unknown0 (Error whilst scanning file: I/O Error (0x00220005))
C:\Documents and Settings\Carlos\Configurações locais\Temporary Internet Files\Content.IE5\QHYR85GZ\core_0.1.235[1].js/unknown0 (Error whilst scanning file: I/O Error (0x00220005))
C:\Documents and Settings\Carlos\Configurações locais\Temporary Internet Files\Content.IE5\SFTB6MN1\CAGHUXZ8.aspx/unknown0 (Error whilst scanning file: I/O Error (0x00220005))
C:\Documents and Settings\Carlos\Desktop\ssconftool_10_sfx.exe (Infected with Malware.GDEP)
Deleted file
C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP3\A0015040.exe (Infected with Malware.GDEP)
Deleted file
C:\WINDOWS\system32\dk\lam1.exe (Infected with W32/Agent.MATM)
Deleted file
C:\WINDOWS\system32\drive\lam1.exe (Infected with W32/Agent.MATM)
Deleted file
C:\WINDOWS\system32\drivers\c26d0c32.sys (Error opening file: Not found)
Scanning: A:\.
Scanning: D:\.
Scanning: H:\.
H:\AUTORUN.INF (Error opening file: Access denied)
Scanning: c:\System Volume Information\.
c:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP3\A0015041.exe (Infected with W32/Agent.MATM)
Deleted file
c:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP3\A0015042.exe (Infected with W32/Agent.MATM)
Deleted file
Running post-scan cleanup routine:
Failed to change service configuration (0x00000005) for "wuauserv" to 0x00000002 and 0xFFFFFFFF
Failed to change service configuration (0x00000005) for "BITS" to 0x00000003 and 0xFFFFFFFF
Number of files found: 132602
Number of archives unpacked: 336
Number of files scanned: 132557
Number of files not scanned: 45
Number of files skipped due to exclude list: 0
Number of infected files found: 6
Number of infected files repaired/deleted: 6
Number of infections removed: 6
Total scanning time: 24m 59s
---------------------------------
-Relatório HijackThis:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:41:38, on 2/5/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Arquivos de programas\a-squared Free\a2service.exe
C:\Arquivos de programas\Arquivos comuns\LightScribe\LSSrvc.exe
C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\Explorer.EXE
C:\Arquivos de programas\Java\jre1.5.0_06\bin\jusched.exe
C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe
C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe
C:\Arquivos de programas\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Arquivos de programas\TEXTware\BOOKcase40\BC40CASE.exe
C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe
C:\Arquivos de programas\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Arquivos de programas\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Hijack\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://login.yahoo.com/config/login_verify...=br&.src=ym
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Arquivos de programas\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Arquivos de programas\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
O4 - HKLM\..\Run: [sunjavaupdatesched] C:\Arquivos de programas\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [soundman] SOUNDMAN.EXE
O4 - HKLM\..\Run: [sispower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [oscheck] "C:\Arquivos de programas\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [msn] C:\Windows\svrse.exe
O4 - HKLM\..\Run: [isusscheduler] "C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [isuspm startup] C:\ARQUIV~1\ARQUIV~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [hp software update] C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exeO4 - HKLM\..\Run: [ccapp] "C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccApp.exe"
O4 - HKCU\..\Run: [msmsgs] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [VRTE0A] C:\WINDOWS\TEMP\VRTE0A.exe (User 'Default user')
O4 - Global Startup: BOOKcase 4.0.lnk = C:\Arquivos de programas\TEXTware\BOOKcase40\BC40CASE.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1131549136390
O16 - DPF: {644e432f-49d3-41a1-8dd5-e099162eeec5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Arquivos de programas\a-squared Free\a2service.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Arquivos de programas\Arquivos comuns\LightScribe\LSSrvc.exe
O23 - Service: sopidkc Service (sopidkc) - Unknown owner - C:\WINDOWS\system32\sopidkc.exe (file missing)
O23 - Service: Symantec Core LC - Unknown owner - C:\ARQUIV~1\ARQUIV~1\SYMANT~1\CCPD-LC\symlcsvc.exe (file missing)
--
End of file - 5413 bytes
------------------------------
Abraços.
Boa Tarde! Carlos SP
<@> Vá a este link,e baixe: < Malwarebytes >
<@> Atualize o programa!
<@> Escolha o escaneamento Completo!
<@> Desabilite programas de proteção,ao executar o malwarebytes.
<@> Procure enviar os ítens detectados para a quarentena,clicando em Remover itens.
<@> Para maiores detalhes: < Link >
<@> Poste,os relatórios: mbam-log-2009-xx-xx (00-00-00).txt <--
<><><><><><><><><><><><>
<@> Baixe: < /applications/core/interface/imageproxy/imageproxy.php?img=http://billy-oneal.com/Canned%2520Speeches/speechimages/combofix/desktopicon.png&key=c972c7524cf2a0d4771101cc561140ae5696a3aad55bcf64c111bf1861d92e85" alt="desktopicon.png" /> > ( ...by sUBs )
<@> Salve-o no desktop!
<@> Desabilite as proteções residente de: antivírus,antispywares e firewall. ( Menos o do Windows! )
<@> Feche todas as janelas e execute a ferramenta!
<@> Na solicitação: "Negação de garantia de software" --> Clique em Sim!
<@> Não possuindo o "Console de Recuperação",aceite optar pela instalação do mesmo!
<!> Caso aconteça a notificação de: Aplicativo Win32 inválido,delete a ferramenta e faça,novamente,o download.<!> Salve-a no desktop,renomeada como: Kombo.exe
<!> Ps: Nomeie durante o salvamento,e não após salvá-la!
<!> Ps: Surgindo alguma mensagem de erro,rode o ComboFix.exe em "Modo de Segurança". <-- Link!
<!> Ps: Para completar as remoções,talvez haja necessidade da ferramenta reiniciar o computador. <-- Aguarde!
<!> Ps: Evite executar,voluntariamente,esta ferramenta!
<!> Ps: Para evitar problemas,siga todas as recomendações propostas.
<!> Ps: *O **ComboFix é uma ferramenta que pode danificar o sistema. Utilize-o,somente,sob supervisão** profissional.*
<@> Abrir-se-á a janela Auto Scan. --> Aguarde!
<@> Àfim de completar as remoções,o ComboFix poderá reiniciar o computador.
<@> Se houver necessidade,digite a opção para continuar! --> ( 1 ) --> Aperte Enter! --> Aguarde a conclusão!
<@> Durante o scan,evite manusear o mouse ou teclado! <-- Importante!
<@> Para parar ou sair do ComboFix,tecle "N" ou "2" --> Aperte Enter!
<><><><><><><><><><><><>
<@> Terminando,poste os relatórios: C:\ComboFix.txt + HijackThis,atualizado.
Abraços!
Boa noite, DigRam! Seguem os relatórios solicitados:
- Relatório Malwarebytes:
Malwarebytes' Anti-Malware 1.36
Versão do banco de dados: 2069
Windows 5.1.2600 Service Pack 2
3/5/2009 00:06:49
mbam-log-2009-05-03 (00-06-49).txt
Tipo de Verificação: Completa (A:\|C:\|D:\|H:\|)
Objetos verificados: 144482
Tempo decorrido: 23 minute(s), 24 second(s)
Processos da Memória infectados: 1
Módulos de Memória Infectados: 1
Chaves do Registro infectadas: 9
Valores do Registro infectados: 0
Ítens do Registro infectados: 2
Pastas infectadas: 1
Arquivos infectados: 28
Processos da Memória infectados:
C:\WINDOWS\system32\sopidkc.exe (Backdoor.Bot) -> Unloaded process successfully.
Módulos de Memória Infectados:
c:\WINDOWS\system32\msncache.dll (Trojan.Agent) -> Delete on reboot.
Chaves do Registro infectadas:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\msncache (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\synsend (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\msncache (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\msncache (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\restore (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sopidkc (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sopidkc (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sopidkc (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\AGprotect (Malware.Trace) -> Quarantined and deleted successfully.
Valores do Registro infectados:
(Nenhum ítem malicioso foi detectado)
Ítens do Registro infectados:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
Pastas infectadas:
C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013 (Trojan.Agent) -> Quarantined and deleted successfully.
Arquivos infectados:
C:\Documents and Settings\LocalService\Configurações locais\Temporary Internet Files\Content.IE5\0059PVX9\w[1].bin (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Configurações locais\Temporary Internet Files\Content.IE5\L2X7YBU8\w[1].bin (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Configurações locais\Temporary Internet Files\Content.IE5\OV40OYCS\w[1].bin (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Configurações locais\Temporary Internet Files\Content.IE5\TI3ZUO5R\w[1].bin (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP3\A0014848.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP3\A0014983.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP3\A0015057.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP3\A0015073.sys (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP3\A0015074.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\tpsaxyd.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\tpszxyd.sys (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wtukd32.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dk\systemac.dll (Trojan.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drive\5008216.INS (Trojan.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drive\55752060.INS (Trojan.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drive\67612956.INS (Trojan.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drive\77047081.INS (Trojan.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drive\8272202.INS (Trojan.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drive\95546440.INS (Trojan.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drive\systemac.dll (Trojan.Bot) -> Quarantined and deleted successfully.
C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\Desktop.ini (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\msncache.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\comsa32.sys (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dncyool64.sys (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\5.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\FInstall.sys (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sopidkc.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\MSAGNT32.DLL (Trojan.Downloader) -> Quarantined and deleted successfully.
------------------------------------
- Relatório ComboFix:
ComboFix 09-05-02.4 - Carlos 03/05/2009 0:21.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.55.1046.18.479.225 [GMT -3:00]
Executando de: c:\documents and settings\Carlos\Desktop\ComboFix.exe
* Criado um novo ponto de restauro
.
((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\IE4 Error Log.txt
c:\windows\winhelp.ini
.
((((((((((((((((((((((((((((((((((((((( Drivers/Serviços )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_AFISICX
-------\Legacy_AT1394
-------\Legacy_DHCPSRV
-------\Legacy_IAS
-------\Legacy_SOPIDKC
-------\Legacy_SYNSEND
-------\Legacy_TDCTXTE
(((((((((((((((( Arquivos/Ficheiros criados de 2009-04-03 to 2009-05-03 ))))))))))))))))))))))))))))
.
2009-05-03 02:37 . 2009-05-03 02:37 -------- d-----w c:\documents and settings\Carlos\Dados de aplicativos\Malwarebytes
2009-05-03 02:37 . 2009-04-06 18:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-05-03 02:37 . 2009-04-06 18:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-03 02:37 . 2009-05-03 02:37 -------- d-----w c:\documents and settings\All Users\Dados de aplicativos\Malwarebytes
2009-05-03 02:36 . 2009-05-03 02:37 -------- d-----w c:\arquivos de programas\Malwarebytes' Anti-Malware
2009-05-02 01:16 . 2009-05-02 01:23 -------- d-----w C:\Virut
2009-05-01 19:11 . 2009-05-01 20:02 -------- d-----w c:\arquivos de programas\a-squared Free
2009-05-01 17:06 . 2009-05-01 17:11 -------- d-----w c:\windows\system32\NtmsData
2009-05-01 00:53 . 2009-05-01 00:53 49148496 ----a-w c:\arquivos de programas\a2FreeSetup.exe
2009-04-29 21:54 . 2009-04-29 21:55 71712 --sha-w c:\windows\system32\drivers\fidbox.dat
2009-04-29 18:46 . 2009-04-29 15:08 38473448 ----a-w c:\arquivos de programas\setup_7.0.0.290_29.04.2009_16-50.exe
2009-04-29 16:35 . 2009-04-29 16:37 -------- d-----w c:\documents and settings\Carlos\DoctorWeb
2009-04-28 01:56 . 2009-05-02 14:41 -------- d-----w C:\Hijack
2009-04-28 01:00 . 2009-04-28 01:00 -------- d-----w c:\documents and settings\All Users\Dados de aplicativos\Symantec
2009-04-27 20:50 . 2009-05-03 03:25 89596 ----a-w c:\windows\system32\drivers\c26d0c32.sys
2009-04-27 20:50 . 2009-04-29 16:43 2560 ----a-w C:\kvcxcscl.exe
2009-04-21 21:16 . 2009-04-21 21:16 -------- d-----w c:\arquivos de programas\HT NETWORKS
2009-04-21 15:00 . 2009-04-29 16:37 -------- d-----w c:\windows\system32\3361
2009-04-21 14:59 . 2009-04-29 16:37 -------- d-----w c:\windows\dhcp
.
((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-03 03:24 . 2006-04-08 15:33 6 ---ha-w c:\windows\Tasks\SA.DAT
2009-04-29 21:55 . 2009-04-29 21:54 1916 --sha-w c:\windows\system32\drivers\fidbox.idx
2009-04-29 18:32 . 2008-01-28 00:57 114688 ----a-w c:\windows\system32\uha.exe
2009-04-29 18:31 . 2004-08-04 09:00 79360 ----a-w c:\windows\system32\nslookup.exe
2009-04-29 18:30 . 2004-08-04 09:00 9728 ----a-w c:\windows\system32\label.exe
2009-04-29 18:29 . 2004-08-04 09:00 7680 ----a-w c:\windows\system32\ckcnv.exe
2009-04-29 18:26 . 2004-08-04 09:00 159744 ----a-w c:\windows\pchealth\helpctr\binaries\msconfig.exe
2009-04-29 18:26 . 2004-08-04 09:00 743936 ----a-w c:\windows\pchealth\helpctr\binaries\HelpSvc.exe
2009-04-29 18:26 . 2004-08-04 09:00 768512 ----a-w c:\windows\pchealth\helpctr\binaries\HelpCtr.exe
2009-04-29 18:11 . 2004-08-04 09:00 287744 ----a-w c:\windows\winhlp32.exe
2009-04-29 18:11 . 2008-01-21 19:43 302592 ----a-w c:\windows\unin0416.exe
2009-04-29 18:11 . 2004-08-04 09:00 25600 ----a-w c:\windows\twunk_32.exe
2009-04-29 18:11 . 2004-08-04 09:00 15360 ----a-w c:\windows\TASKMAN.EXE
2009-04-29 18:11 . 2006-01-31 21:14 544768 ----a-w c:\windows\sm56hlpr.exe
2009-04-29 18:11 . 2006-11-25 21:53 46080 ----a-w c:\windows\setdebug.exe
2009-04-29 18:11 . 2004-08-04 09:00 150528 ----a-w c:\windows\regedit.exe
2009-04-29 18:11 . 2008-08-18 20:49 306688 ----a-w c:\windows\IsUninst.exe
2009-04-29 18:11 . 2007-12-27 21:53 40960 ----a-w c:\windows\InstFunc.exe
2009-04-29 18:11 . 2006-11-25 23:29 327168 ----a-w c:\windows\IsUn0416.exe
2009-04-29 18:11 . 2005-05-26 20:22 10752 ----a-w c:\windows\hh.exe
2009-04-29 18:11 . 2005-02-25 04:33 98304 ----a-w c:\windows\dla.exe
2009-04-29 16:37 . 2004-08-04 09:00 225280 ----a-w c:\windows\system32\dmadmin.exe
2009-04-29 16:37 . 2004-08-04 09:00 15360 ----a-w c:\windows\system32\ctfmon.exe
2009-04-29 16:37 . 2004-08-04 09:00 5632 ----a-w c:\windows\system32\cisvc.exe
2009-04-28 00:56 . 2008-08-07 20:14 805 ----a-w c:\windows\system32\drivers\SYMEVENT.INF
2009-04-28 00:56 . 2008-08-07 20:14 10563 ----a-w c:\windows\system32\drivers\SYMEVENT.CAT
2009-04-22 12:53 . 2004-08-04 09:00 182912 ----a-w c:\windows\system32\drivers\ndis.sys
2009-03-12 21:56 . 2007-05-29 22:12 -------- d-----w c:\arquivos de programas\Call of Duty
2009-02-15 19:11 . 2006-04-07 17:31 49586 ----a-w c:\windows\system32\perfc016.dat
2009-02-15 19:11 . 2006-04-07 17:31 347294 ----a-w c:\windows\system32\perfh016.dat
2009-02-09 14:17 . 2005-10-06 00:08 1846400 ----a-w c:\windows\system32\win32k.sys
.
------- Sigcheck -------
[-] 2009-04-29 16:37 15360 3DBFE7FF56149AEA6D452ED4F7140C48 c:\windows\system32\ctfmon.exe
[7] 2004-08-04 09:00 15360 F40BC97996B8E53799EEF1D63996674B c:\windows\system32\dllcache\ctfmon.exe
[-] 2009-04-29 16:38 24576 B57A7C16E7B27602252F543FC34D9B7F c:\windows\system32\userinit.exe
[7] 2004-08-04 09:00 24576 4CA695EC1EE4C7CF2144DFA00EA0E1F7 c:\windows\system32\dllcache\userinit.exe
.
(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))
.
.
Nota entradas vazias e legítimas por defeito não são mostradas.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msmsgs"="c:\arquivos de programas\Messenger\msmsgs.exe" [2009-04-29 1694208]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2009-04-29 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"sunjavaupdatesched"="c:\arquivos de programas\Java\jre1.5.0_06\bin\jusched.exe" [2009-04-29 36864]
"isusscheduler"="c:\arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe" [2009-04-29 81920]
"isuspm startup"="c:\arquiv~1\ARQUIV~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2009-04-29 221184]
"hp software update"="c:\arquivos de programas\HP\HP Software Update\HPWuSchd2.exe" [2009-04-29 49152]"sispower"="SiSPower.dll" - c:\windows\system32\SiSPower.dll [2006-01-09 49152]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2009-04-29 15360]
c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\
BOOKcase 4.0.lnk - c:\arquivos de programas\TEXTware\BOOKcase40\BC40CASE.exe [2008-8-18 421888]
HP Digital Imaging Monitor.lnk - c:\arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe [2005-5-11 282624]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Taskman"=""
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32
"wave1"= serwvdrv.dll
"wave2"= serwvdrv.dll
"wave3"= serwvdrv.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Arquivos de programas\\Messenger\\msmsgs.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"6329:TCP"= 6329:TCP:lxsjoyv
R1 bqrc6bf;bqrc6bf; [x]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv; [x]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
msncache
gluyjwm
.
HKLM-Run-oscheck - c:\arquivos de programas\Norton Internet Security\osCheck.exe
HKLM-Run-ccapp - c:\arquivos de programas\Arquivos comuns\Symantec Shared\ccApp.exe
HKLM-Run-wmp - (no file)
HKLM-Run-soundman - SOUNDMAN.EXE
HKU-Default-Run-VRTE0A - c:\windows\TEMP\VRTE0A.exe
.
------- Scan Suplementar -------
.
uStart Page = https://login.yahoo.com/config/login_verify...=br&.src=ym
IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-03 00:25
Windows 5.1.2600 Service Pack 2 NTFS
Procurando processos ocultos ...
Procurando entradas auto inicializáveis ocultas ...
Procurando ficheiros/arquivos ocultos ...
Varredura completada com sucesso
arquivos/ficheiros ocultos: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\s-1-5-21-3748263854-567553014-1295907222-1007\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
[HKEY_USERS\s-1-5-21-3748263854-567553014-1295907222-1007\Software\Policies\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (S-1-5-21-3748263854-567553014-1295907222-1007)
@Allowed: (Read) (S-1-5-21-3748263854-567553014-1295907222-1007)
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
------------------------ Outros Processos em Execução ------------------------
.
c:\arquivos de programas\a-squared Free\a2service.exe
c:\arquivos de programas\Arquivos comuns\LightScribe\LSSrvc.exe
c:\arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\wscntfy.exe
c:\arquivos de programas\HP\Digital Imaging\bin\hpqste08.exe
.
**************************************************************************
.
Tempo para conclusão: 2009-05-03 0:28 - Máquina reiniciou
ComboFix-quarantined-files.txt 2009-05-03 03:28
Pré-execução: 19 pasta(s) 61.974.368.256 bytes disponíveis
Pós execução: 18 pasta(s) 62.308.470.784 bytes disponíveis
WindowsXP-KB310994-SP2-Home-BootDisk-PTB.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
180 --- E O F --- 2009-03-21 16:05
----------------------------------------------
- HijackThis atualizado:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:32:55, on 3/5/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Arquivos de programas\a-squared Free\a2service.exe
C:\Arquivos de programas\Arquivos comuns\LightScribe\LSSrvc.exe
C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Arquivos de programas\Java\jre1.5.0_06\bin\jusched.exe
C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe
C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe
C:\Arquivos de programas\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Arquivos de programas\TEXTware\BOOKcase40\BC40CASE.exe
C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe
C:\Arquivos de programas\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\explorer.exe
C:\Hijack\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://login.yahoo.com/config/login_verify...=br&.src=ym
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Arquivos de programas\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Arquivos de programas\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
O4 - HKLM\..\Run: [sunjavaupdatesched] C:\Arquivos de programas\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [sispower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [isusscheduler] "C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [isuspm startup] C:\ARQUIV~1\ARQUIV~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [hp software update] C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exeO4 - HKCU\..\Run: [msmsgs] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: BOOKcase 4.0.lnk = C:\Arquivos de programas\TEXTware\BOOKcase40\BC40CASE.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1131549136390
O16 - DPF: {644e432f-49d3-41a1-8dd5-e099162eeec5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Arquivos de programas\a-squared Free\a2service.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Arquivos de programas\Arquivos comuns\LightScribe\LSSrvc.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\ARQUIV~1\ARQUIV~1\SYMANT~1\CCPD-LC\symlcsvc.exe (file missing)
--
End of file - 5136 bytes
---------------------------
Abraço!
Bom Dia! Carlos SP
<!> Ps: Voçê ainda tem o Norton,plenamente instalado?
<><><><><><><><><><>
<@> Selecione e copie,todo o conteúdo que está na área do QUOTE,para o Bloco de Notas.
<@> Salve-o,no Desktop,com o nome: CFScript.txt
>
File::C:\kvcxcscl.exe
Regnull::
[HKEY_USERS\s-1-5-21-3748263854-567553014-1295907222-1007\Software\Microsoft\SystemCertificates\AddressBook*]
[HKEY_USERS\s-1-5-21-3748263854-567553014-1295907222-1007\Software\Policies\Microsoft\SystemCertificates\AddressBook*]
Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000000
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000000
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000000
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 1 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"6329:TCP"=-
Rootkit::
c:\windows\system32\drivers\c26d0c32.sys
Driver::
"EraserUtilRebootDrv"
"c26d0c32"
"bqrc6bf"
"msncache"
"gluyjwm"
Netsvc::
"msncache"
"gluyjwm"
<@> Ps: Não utilizem este script em outra máquina!
<@> Arraste,o CFScript.txt para o ícone/interior do ComboFix.
<@> Veja a demonstração!
/applications/core/interface/imageproxy/imageproxy.php?img=http://farm4.static.flickr.com/3028/2872959479_997d4500c4_o.gif&key=5df91a69abacb5902724f70d14994f3bf5ba8d87bf300cea4c6fd8c885940cf0" alt="2872959479_997d4500c4_o.gif" />
<@> Atenda à solicitação,que deverá surgir,para rodar o ComboFix.
<@> Ps: Faça o arraste,até surgir essa solicitação! ( janela )
<@> Terminando,poste os relatórios: C:\ComboFix.txt + HijackThis,atualizado.
Abraços!
Boa noite, DigRam!
<!> Ps: Voçê ainda tem o Norton,plenamente instalado?
Não. Tentei reinstalá-lo ontem, mas houve alguma falha que terminou o processo. A primeira desinstalação eu fiz sob orientação do pessoal da Symantec, mas depois disso não foi mais possível instalar o produto. A propósito, você poderia indicar algum programa antivírus (gratuito, de preferência)? No momento, estou meio desprotegido...
- Relatório ComboFix:
ComboFix 09-05-02.4 - Carlos 03/05/2009 23:48.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.55.1046.18.479.232 [GMT -3:00]
Executando de: c:\documents and settings\Carlos\Desktop\ComboFix.exe
Comandos utilizados :: c:\documents and settings\Carlos\Desktop\CFScript.txt
FILE ::
C:\kvcxcscl.exe
.
((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\kvcxcscl.exe
c:\windows\system32\drivers\c26d0c32.sys
.
((((((((((((((((((((((((((((((((((((((( Drivers/Serviços )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_bqrc6bf
-------\Legacy_ERASERUTILREBOOTDRV
-------\Legacy_GLUYJWM
-------\Legacy_msncache
-------\Service_bqrc6bf
-------\Service_c26d0c32
-------\Service_EraserUtilRebootDrv
(((((((((((((((( Arquivos/Ficheiros criados de 2009-04-04 to 2009-05-04 ))))))))))))))))))))))))))))
.
2009-05-03 04:15 . 2009-05-03 05:53 -------- d-----w c:\documents and settings\All Users\Dados de aplicativos\Symantec
2009-05-03 02:37 . 2009-05-03 02:37 -------- d-----w c:\documents and settings\Carlos\Dados de aplicativos\Malwarebytes
2009-05-03 02:37 . 2009-04-06 18:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-05-03 02:37 . 2009-04-06 18:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-03 02:37 . 2009-05-03 02:37 -------- d-----w c:\documents and settings\All Users\Dados de aplicativos\Malwarebytes
2009-05-03 02:36 . 2009-05-03 02:37 -------- d-----w c:\arquivos de programas\Malwarebytes' Anti-Malware
2009-05-02 01:16 . 2009-05-02 01:23 -------- d-----w C:\Virut
2009-05-01 19:11 . 2009-05-01 20:02 -------- d-----w c:\arquivos de programas\a-squared Free
2009-05-01 17:06 . 2009-05-01 17:11 -------- d-----w c:\windows\system32\NtmsData
2009-05-01 00:53 . 2009-05-01 00:53 49148496 ----a-w c:\arquivos de programas\a2FreeSetup.exe
2009-04-29 21:54 . 2009-04-29 21:55 71712 --sha-w c:\windows\system32\drivers\fidbox.dat
2009-04-29 18:46 . 2009-04-29 15:08 38473448 ----a-w c:\arquivos de programas\setup_7.0.0.290_29.04.2009_16-50.exe
2009-04-29 16:35 . 2009-04-29 16:37 -------- d-----w c:\documents and settings\Carlos\DoctorWeb
2009-04-28 01:56 . 2009-05-03 03:32 -------- d-----w C:\Hijack
2009-04-21 21:16 . 2009-04-21 21:16 -------- d-----w c:\arquivos de programas\HT NETWORKS
2009-04-21 15:00 . 2009-04-29 16:37 -------- d-----w c:\windows\system32\3361
2009-04-21 14:59 . 2009-04-29 16:37 -------- d-----w c:\windows\dhcp
.
((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-04 02:52 . 2006-04-08 15:33 6 ---ha-w c:\windows\Tasks\SA.DAT
2009-05-03 05:50 . 2008-08-07 20:14 805 ----a-w c:\windows\system32\drivers\SYMEVENT.INF
2009-05-03 05:50 . 2008-08-07 20:14 10563 ----a-w c:\windows\system32\drivers\SYMEVENT.CAT
2009-04-29 21:55 . 2009-04-29 21:54 1916 --sha-w c:\windows\system32\drivers\fidbox.idx
2009-04-29 18:32 . 2008-01-28 00:57 114688 ----a-w c:\windows\system32\uha.exe
2009-04-29 18:31 . 2004-08-04 09:00 79360 ----a-w c:\windows\system32\nslookup.exe
2009-04-29 18:30 . 2004-08-04 09:00 9728 ----a-w c:\windows\system32\label.exe
2009-04-29 18:29 . 2004-08-04 09:00 7680 ----a-w c:\windows\system32\ckcnv.exe
2009-04-29 18:26 . 2004-08-04 09:00 159744 ----a-w c:\windows\pchealth\helpctr\binaries\msconfig.exe
2009-04-29 18:26 . 2004-08-04 09:00 743936 ----a-w c:\windows\pchealth\helpctr\binaries\HelpSvc.exe
2009-04-29 18:26 . 2004-08-04 09:00 768512 ----a-w c:\windows\pchealth\helpctr\binaries\HelpCtr.exe
2009-04-29 18:11 . 2004-08-04 09:00 287744 ----a-w c:\windows\winhlp32.exe
2009-04-29 18:11 . 2008-01-21 19:43 302592 ----a-w c:\windows\unin0416.exe
2009-04-29 18:11 . 2004-08-04 09:00 25600 ----a-w c:\windows\twunk_32.exe
2009-04-29 18:11 . 2004-08-04 09:00 15360 ----a-w c:\windows\TASKMAN.EXE
2009-04-29 18:11 . 2006-01-31 21:14 544768 ----a-w c:\windows\sm56hlpr.exe
2009-04-29 18:11 . 2006-11-25 21:53 46080 ----a-w c:\windows\setdebug.exe
2009-04-29 18:11 . 2004-08-04 09:00 150528 ----a-w c:\windows\regedit.exe
2009-04-29 18:11 . 2008-08-18 20:49 306688 ----a-w c:\windows\IsUninst.exe
2009-04-29 18:11 . 2007-12-27 21:53 40960 ----a-w c:\windows\InstFunc.exe
2009-04-29 18:11 . 2006-11-25 23:29 327168 ----a-w c:\windows\IsUn0416.exe
2009-04-29 18:11 . 2005-05-26 20:22 10752 ----a-w c:\windows\hh.exe
2009-04-29 18:11 . 2005-02-25 04:33 98304 ----a-w c:\windows\dla.exe
2009-04-29 16:37 . 2004-08-04 09:00 225280 ----a-w c:\windows\system32\dmadmin.exe
2009-04-29 16:37 . 2004-08-04 09:00 15360 ----a-w c:\windows\system32\ctfmon.exe
2009-04-29 16:37 . 2004-08-04 09:00 5632 ----a-w c:\windows\system32\cisvc.exe
2009-04-22 12:53 . 2004-08-04 09:00 182912 ----a-w c:\windows\system32\drivers\ndis.sys
2009-03-12 21:56 . 2007-05-29 22:12 -------- d-----w c:\arquivos de programas\Call of Duty
2009-02-15 19:11 . 2006-04-07 17:31 49586 ----a-w c:\windows\system32\perfc016.dat
2009-02-15 19:11 . 2006-04-07 17:31 347294 ----a-w c:\windows\system32\perfh016.dat
2009-02-09 14:17 . 2005-10-06 00:08 1846400 ----a-w c:\windows\system32\win32k.sys
.
------- Sigcheck -------
[-] 2009-04-29 16:37 15360 3DBFE7FF56149AEA6D452ED4F7140C48 c:\windows\system32\ctfmon.exe
[7] 2004-08-04 09:00 15360 F40BC97996B8E53799EEF1D63996674B c:\windows\system32\dllcache\ctfmon.exe
[-] 2009-04-29 16:38 24576 B57A7C16E7B27602252F543FC34D9B7F c:\windows\system32\userinit.exe
[7] 2004-08-04 09:00 24576 4CA695EC1EE4C7CF2144DFA00EA0E1F7 c:\windows\system32\dllcache\userinit.exe
.
(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))
.
.
Nota entradas vazias e legítimas por defeito não são mostradas.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msmsgs"="c:\arquivos de programas\Messenger\msmsgs.exe" [2009-04-29 1694208]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2009-04-29 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"sunjavaupdatesched"="c:\arquivos de programas\Java\jre1.5.0_06\bin\jusched.exe" [2009-04-29 36864]
"isusscheduler"="c:\arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe" [2009-04-29 81920]
"isuspm startup"="c:\arquiv~1\ARQUIV~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2009-04-29 221184]
"hp software update"="c:\arquivos de programas\HP\HP Software Update\HPWuSchd2.exe" [2009-04-29 49152]"sispower"="SiSPower.dll" - c:\windows\system32\SiSPower.dll [2006-01-09 49152]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2009-04-29 15360]
c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\
BOOKcase 4.0.lnk - c:\arquivos de programas\TEXTware\BOOKcase40\BC40CASE.exe [2008-8-18 421888]
HP Digital Imaging Monitor.lnk - c:\arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe [2005-5-11 282624]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Taskman"=""
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32
"wave1"= serwvdrv.dll
"wave2"= serwvdrv.dll
"wave3"= serwvdrv.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Arquivos de programas\\Messenger\\msmsgs.exe"=
.
.
------- Scan Suplementar -------
.
uStart Page = https://login.yahoo.com/config/login_verify...=br&.src=ym
IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-03 23:52
Windows 5.1.2600 Service Pack 2 NTFS
Procurando processos ocultos ...
Procurando entradas auto inicializáveis ocultas ...
Procurando ficheiros/arquivos ocultos ...
Varredura completada com sucesso
arquivos/ficheiros ocultos: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-3748263854-567553014-1295907222-1007\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
[HKEY_USERS\S-1-5-21-3748263854-567553014-1295907222-1007\Software\Policies\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (S-1-5-21-3748263854-567553014-1295907222-1007)
@Allowed: (Read) (S-1-5-21-3748263854-567553014-1295907222-1007)
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
------------------------ Outros Processos em Execução ------------------------
.
c:\arquivos de programas\a-squared Free\a2service.exe
c:\arquivos de programas\Arquivos comuns\LightScribe\LSSrvc.exe
c:\arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\wscntfy.exe
c:\arquivos de programas\HP\Digital Imaging\bin\hpqste08.exe
.
*****************************************************
.
Tempo para conclusão: 2009-05-04 23:54 - Máquina reiniciou
ComboFix-quarantined-files.txt 2009-05-04 02:53
ComboFix2.txt 2009-05-03 03:28
Pré-execução: 19 pasta(s) 62.230.134.784 bytes disponíveis
Pós execução: 18 pasta(s) 62.316.531.712 bytes disponíveis
153 --- E O F --- 2009-03-21 16:05
-------------------------------------------------------------------------
- Relatório HijackThis atualizado:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:57:25, on 3/5/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Arquivos de programas\a-squared Free\a2service.exe
C:\Arquivos de programas\Arquivos comuns\LightScribe\LSSrvc.exe
C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Arquivos de programas\Java\jre1.5.0_06\bin\jusched.exe
C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe
C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe
C:\Arquivos de programas\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Arquivos de programas\TEXTware\BOOKcase40\BC40CASE.exe
C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe
C:\Arquivos de programas\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\explorer.exe
C:\Hijack\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://login.yahoo.com/config/login_verify...=br&.src=ym
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Arquivos de programas\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Arquivos de programas\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
O4 - HKLM\..\Run: [sunjavaupdatesched] C:\Arquivos de programas\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [sispower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [isusscheduler] "C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [isuspm startup] C:\ARQUIV~1\ARQUIV~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [hp software update] C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exeO4 - HKCU\..\Run: [msmsgs] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: BOOKcase 4.0.lnk = C:\Arquivos de programas\TEXTware\BOOKcase40\BC40CASE.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1131549136390
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Arquivos de programas\a-squared Free\a2service.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Arquivos de programas\Arquivos comuns\LightScribe\LSSrvc.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\ARQUIV~1\ARQUIV~1\SYMANT~1\CCPD-LC\symlcsvc.exe (file missing)
--
End of file - 5070 bytes
----------------------------
Forte abraço!
Bom Dia! Carlos SP
<@> Vá em Iniciar --> Executar --> Digite ou cole: combofix.exe /u --> Clique OK.
<@> Abrir-se-á,a seguinte janela: ( Abrir arquivo - Aviso de Segurança )
<@> Clique em Executar --> Aguarde!
<@> Surgirá,finalmente,a mensagem: "ComboFix está desinstalado" --> Clique OK.
<@> Caso encontre,apague: C:\ComboFix <-- A pasta! + C:\ComboFix.txt <-- Relatório!
A propósito, você poderia indicar algum programa antivírus (gratuito, de preferência)? No momento, estou meio desprotegido...
<@> Baixe: < Avira >
<@> Instale o programa --> Atualize-o! --> Configure-o --> Mas...não execute-o ainda.
<><><><><><><><><><><>
<@> Baixe: < /applications/core/interface/imageproxy/imageproxy.php?img=http://img.bleepingcomputer.com/swr-guides/sdfix/icon.gif&key=9834a52910b397a0f9aac77c3581fa248fa5a8f3aebf9017bf723e66d3a713f6" alt="icon.gif" /> > ( ...by andymanchesta )
<@> Salve-o no Disco Local-C e,descompacte-o aí mesmo.
<@> Reinicie o computador em Modo de Segurança. <-- Link!
<@> Dê um duplo clique em: < runThis.bat >
<!> Caso uma janela abra e feche,repentinamente!<!> Vá em Iniciar --> Executar --> Digite ou cole: %systemdrive%\SDFix\apps\FixPath.exe /Q --> OK!
<!> Reinicie o computador e execute,novamente,o SDFix.
<!> Caso não funcione,verifique a variável %comspec%.
<!> Clique direito do mouse,em Meu Computador --> Propriedades --> Avançadas.
<!> Em Variáveis do Ambiente,verifique se a variável ComSpec,tem o seguinte valor para o cmd.exe:
<!> Valor: %SystemRoot%\system32\cmd.exe
<@> Aperte o Y.
<@> Aguarde a conclusão!
<@> Terminando,aperte Enter. ( *Ou,**qualquer** tecla!*)
<@> O computador será reiniciado!
<@> Aguarde,ainda,a conclusão da limpeza.
<@> Poste os relatórios: Report.txt + HijackThis,atualizado.
<><><><><><><><><><><>
<@> Baixe: < Norton Removal Tool >
<@> Execute esta Tool,mais o Avira. <-- Poste seu relatório!
Abraços!
Boa tarde, DigRam!
Relatórios:
- SDFix:
SDFix: Version 1.240
Run by Carlos on seg 04/05/2009 at 12:22
Microsoft Windows XP [versão 5.1.2600]
Running From: C:\SDFix
Checking Services :
Restoring Default Security Values
Restoring Default Hosts File
Rebooting
Checking Files :
Trojan Files Found:
C:\201044~1 - Deleted
Removing Temp Files
ADS Check :
Final Check :
catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-04 12:26:22
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:cb,81,1f,64,0e,0b,17,f1,86,b4,b6,e1,84,b5,3a,75,2f,d6,49,68,ae,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:cb,81,1f,64,0e,0b,17,f1,86,b4,b6,e1,84,b5,3a,75,2f,d6,49,68,ae,..
scanning hidden registry entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
Remaining Services :
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Arquivos de programas\\Messenger\\msmsgs.exe"="C:\\Arquivos de programas\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
Remaining Files :
File Backups: - C:\SDFix\backups\backups.zip
Files with Hidden Attributes :
Thu 23 Apr 2009 753 ...HR --- "C:\WINDOWS\system32\drivers\etc\Hosts.bak"
Finished!
----------------------------------------------------------------------
- Relatório HijackThis atualizado (antes de executar Norton Removal Tool e Avira):
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:29:28, on 4/5/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe
C:\Arquivos de programas\a-squared Free\a2service.exe
C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe
C:\Arquivos de programas\Arquivos comuns\LightScribe\LSSrvc.exe
C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Arquivos de programas\Java\jre1.5.0_06\bin\jusched.exe
C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe
C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe
C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe
C:\Arquivos de programas\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Arquivos de programas\TEXTware\BOOKcase40\BC40CASE.exe
C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe
C:\Arquivos de programas\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Hijack\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://login.yahoo.com/config/login_verify...=br&.src=ym
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Arquivos de programas\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Arquivos de programas\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
O4 - HKLM\..\Run: [sunjavaupdatesched] C:\Arquivos de programas\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [sispower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [isusscheduler] "C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [isuspm startup] C:\ARQUIV~1\ARQUIV~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [hp software update] C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exeO4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [msmsgs] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: BOOKcase 4.0.lnk = C:\Arquivos de programas\TEXTware\BOOKcase40\BC40CASE.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1131549136390
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Arquivos de programas\a-squared Free\a2service.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Arquivos de programas\Arquivos comuns\LightScribe\LSSrvc.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\ARQUIV~1\ARQUIV~1\SYMANT~1\CCPD-LC\symlcsvc.exe (file missing)
--
End of file - 5602 bytes
-----------------------------------------------------------------
- Relatório Avira:
vira AntiVir Personal
Report file date: segunda-feira, 4 de maio de 2009 12:51
Scanning for 1376877 virus strains and unwanted programs.
Licensee : Avira AntiVir Personal - FREE Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows XP
Windows version : (Service Pack 2) [5.1.2600]
Boot mode : Normally booted
Username : SYSTEM
Computer name : HP-AF5E76A48CD1
Version information:
BUILD.DAT : 9.0.0.394 17962 Bytes 17/4/2009 11:20:00
AVSCAN.EXE : 9.0.3.5 466689 Bytes 4/5/2009 15:07:43
AVSCAN.DLL : 9.0.3.0 40705 Bytes 27/2/2009 13:58:24
LUKE.DLL : 9.0.3.2 209665 Bytes 20/2/2009 14:35:49
LUKERES.DLL : 9.0.2.0 12033 Bytes 27/2/2009 13:58:52
ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 27/10/2008 15:30:36
ANTIVIR1.VDF : 7.1.2.12 3336192 Bytes 11/2/2009 23:33:26
ANTIVIR2.VDF : 7.1.3.137 1810944 Bytes 30/4/2009 15:07:42
ANTIVIR3.VDF : 7.1.3.149 61440 Bytes 4/5/2009 15:07:42
Engineversion : 8.2.0.160
AEVDF.DLL : 8.1.1.1 106868 Bytes 4/5/2009 15:07:42
AESCRIPT.DLL : 8.1.1.79 385403 Bytes 4/5/2009 15:07:42
AESCN.DLL : 8.1.1.10 127348 Bytes 4/5/2009 15:07:42
AERDL.DLL : 8.1.1.3 438645 Bytes 29/10/2008 21:24:41
AEPACK.DLL : 8.1.3.14 397685 Bytes 4/5/2009 15:07:42
AEOFFICE.DLL : 8.1.0.36 196987 Bytes 26/2/2009 23:01:56
AEHEUR.DLL : 8.1.0.122 1737080 Bytes 4/5/2009 15:07:42
AEHELP.DLL : 8.1.2.2 119158 Bytes 26/2/2009 23:01:56
AEGEN.DLL : 8.1.1.39 348532 Bytes 4/5/2009 15:07:42
AEEMU.DLL : 8.1.0.9 393588 Bytes 9/10/2008 17:32:40
AECORE.DLL : 8.1.6.9 176500 Bytes 4/5/2009 15:07:42
AEBB.DLL : 8.1.0.3 53618 Bytes 9/10/2008 17:32:40
AVWINLL.DLL : 9.0.0.3 18177 Bytes 12/12/2008 11:47:59
AVPREF.DLL : 9.0.0.1 43777 Bytes 5/12/2008 13:32:15
AVREP.DLL : 8.0.0.3 155905 Bytes 20/1/2009 17:34:28
AVREG.DLL : 9.0.0.0 36609 Bytes 5/12/2008 13:32:09
AVARKT.DLL : 9.0.0.3 292609 Bytes 4/5/2009 15:07:42
AVEVTLOG.DLL : 9.0.0.7 167169 Bytes 30/1/2009 13:37:08
SQLITE3.DLL : 3.6.1.0 326401 Bytes 28/1/2009 18:03:49
SMTPLIB.DLL : 9.2.0.25 28417 Bytes 2/2/2009 11:21:33
NETNT.DLL : 9.0.0.0 11521 Bytes 5/12/2008 13:32:10
RCIMAGE.DLL : 9.0.0.21 2438401 Bytes 9/2/2009 14:45:45
RCTEXT.DLL : 9.0.37.0 86785 Bytes 4/5/2009 15:07:42
Configuration settings for the scan:
Jobname.............................: Complete system scan
Configuration file..................: c:\arquivos de programas\avira\antivir desktop\sysscan.avp
Logging.............................: low
Primary action......................: interactive
Secondary action....................: ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:,
Process scan........................: on
Scan registry.......................: on
Search for rootkits.................: on
Integrity checking of system files..: off
Scan all files......................: All files
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: medium
Deviating risk categories...........: +APPL,+GAME,+JOKE,+PCK,+SPR,
Start of the scan: segunda-feira, 4 de maio de 2009 12:51
Starting search for hidden objects.
'31168' objects were checked, '0' hidden objects were found.
The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'hpqste08.exe' - '1' Module(s) have been scanned
Scan process 'hpqtra08.exe' - '1' Module(s) have been scanned
Scan process 'BC40CASE.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'msmsgs.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'hpwuSchd2.exe' - '1' Module(s) have been scanned
Scan process 'issch.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'wmiprvse.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'wscntfy.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'MDM.EXE' - '1' Module(s) have been scanned
Scan process 'LSSrvc.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'a2service.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
31 processes with 31 modules were scanned
Starting master boot sector scan:
Master boot sector HD0
[iNFO] No virus was found!
Start scanning boot sectors:
Boot sector 'C:\'
[iNFO] No virus was found!
Starting to scan executable files (registry).
The registry was scanned ( '49' files ).
Starting the file scan:
Begin scan in 'C:\'
C:\hiberfil.sys
[WARNING] The file could not be opened!
[NOTE] This file is a Windows system file.
[NOTE] This file cannot be opened for scanning.
C:\pagefile.sys
[WARNING] The file could not be opened!
[NOTE] This file is a Windows system file.
[NOTE] This file cannot be opened for scanning.
C:\Documents and Settings\Carlos\Desktop\Flash_Disinfector.exe
[0] Archive type: RAR SFX (self extracting)
--> nircmd.exe
[DETECTION] Contains recognition pattern of the APPL/NirCmd.2 application
C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP5\A0015443.exe
[DETECTION] Contains recognition pattern of the WORM/Bacteraloh.BN worm
C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP5\A0015444.exe
[DETECTION] Contains recognition pattern of the WORM/Bacteraloh.V worm
C:\WINDOWS\system32\netsetup.exe
[DETECTION] Is the TR/Dropper.Gen Trojan
Beginning disinfection:
C:\Documents and Settings\Carlos\Desktop\Flash_Disinfector.exe
[NOTE] The file was moved to '4a6014e5.qua'!
C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP5\A0015443.exe
[DETECTION] Contains recognition pattern of the WORM/Bacteraloh.BN worm
[NOTE] The file was moved to '4a2f14a9.qua'!
C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP5\A0015444.exe
[DETECTION] Contains recognition pattern of the WORM/Bacteraloh.V worm
[NOTE] The file was moved to '4baa285a.qua'!
C:\WINDOWS\system32\netsetup.exe
[DETECTION] Is the TR/Dropper.Gen Trojan
[NOTE] The file was moved to '4a7314de.qua'!
End of the scan: segunda-feira, 4 de maio de 2009 13:14
Used time: 19:54 Minute(s)
The scan has been done completely.
3519 Scanned directories
200623 Files were scanned
4 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 files were deleted
0 Viruses and unwanted programs were repaired
4 Files were moved to quarantine
0 Files were renamed
2 Files cannot be scanned
200617 Files not concerned
868 Archives were scanned
2 Warnings
6 Notes
31168 Objects were scanned with rootkit scan
0 Hidden objects were found
--------------------------------------------------------------
Abraços!
Boa Tarde! Carlos SP
<@> Baixe: < /applications/core/interface/imageproxy/imageproxy.php?img=http://billy-oneal.com/Canned%2520Speeches/speechimages/allclean/otcleanitdesktopicon.png&key=56ff9e63f25265f937e950876d7ce8b88bb6adc18edb9e381d6ad49415ab4b77" alt="otcleanitdesktopicon.png" /> > ( ...by Old Timer Tools )
<@> Salve-o no desktop! --> Reinicie em Modo de Segurança.
<@> Execute a ferramenta --> Clique em "CleanUp" --> Confirme o reboot.
<><><><><><><><><><>
<@> Baixe: < /applications/core/interface/imageproxy/imageproxy.php?img=http://www.geekstogo.com/misc/guide_icons/ATF.gif&key=51f9da928153be89d6c4027548f1e6e749a4235dfd1ec769e6ff1a37c1182d6a" alt="ATF.gif" /> > ( ...by Atribune )
<@> Salve-o no Desktop!
<@> Reinicie o computador,em Modo de Segurança!
<@> Clique em ATF-Cleaner.exe
<@> Em "Select Files To Delete",marque Select All.
<@> Clique em Empty Selected.
<@> Na janela Done Cleaning,dê o OK --> Exit
<@> Atenção: Se utiliza o Firefox:
*** No topo,clique em Firefox e escolha: Select All --> Clique em Empty Selected**.
<@> Atenção: Se utiliza o Opera:
*** No topo,clique em Opera e escolha: Select All --> Clique em Empty Selected**.
<@> Reinicie,normalmente,o computador!
<><><><><><><><><><>
<@> Atualize o Java.
<@> Versões antigas têm vulnerabilidades que,malwares,podem usar para infectar seu sistema.
<><><><><><><><><><>
<@> Faça download da última versão do Java Runtime Environment (JRE) 6u13.
<@> Localize: "Java Runtime Environment (JRE) 6 Update 13"
<@> Clique no botão Download.
<@> Marque a opção que diz: "Accept License Agreement"
<@> A página será atualizada!
<@> Clique no link,para download do Windows Offline Installation --> Salve-o no desktop!
<@> Feche o IE ou Firefox + Programas que estejam sendo executados.
<@> Vá em Iniciar --> Painel de Controle.
<@> Em Adicionar ou Remover Programas;remova todas as antigas versões do Java.
<><><><><><><><><><>
<@> Exemplos de antigas versões:
< /applications/core/interface/imageproxy/imageproxy.php?img=http://users.telenet.be/bluepatchy/miekiemoes/images/javaicon.jpg&key=d8be8e2aecc8e929697f31ffb2ead69c8ebdae3b8ab32097b3d78fb2a0b192bc" alt="javaicon.jpg" /> > Java 2 Runtime Environment, SE v1.4.2
< /applications/core/interface/imageproxy/imageproxy.php?img=http://users.telenet.be/bluepatchy/miekiemoes/images/javaicon.jpg&key=d8be8e2aecc8e929697f31ffb2ead69c8ebdae3b8ab32097b3d78fb2a0b192bc" alt="javaicon.jpg" /> > J2SE Runtime Environment 5.0
< /applications/core/interface/imageproxy/imageproxy.php?img=http://users.telenet.be/bluepatchy/miekiemoes/images/javaicon.jpg&key=d8be8e2aecc8e929697f31ffb2ead69c8ebdae3b8ab32097b3d78fb2a0b192bc" alt="javaicon.jpg" /> > J2SE Runtime Environment 5.0 Update 6
<@> Selecione qualquer item com nome: Java Runtime Environment (JRE ou J2SE)
<@> Clique no botão Remover ou Alterar/Remover.
<@> Repita quantas vezes for necessária,para remover cada versão do Java.
<@> Concluindo,reinicie o computador!
<@> Instale a nova versão,com um duplo clique em jre-6u13-windows-i586-p.exe.
<><><><><><><><><><>
<!> O log está limpo! :thumbsup:
<!> Tudo Ok?
Abraços!
Boa noite, DigRam!
Restam três questões:
1) Não estou conseguindo habilitar as Atualizações Automáticas do Windows; mesmo aplicando a atualização automática em Painel de Controle>Propriedades do Sistema, o alerta de segurança do Windows continua vermelho...
2) De todas as ferramentas que precisei baixar durante a remoção, quais deveria manter no PC?
3) Para prevenir futuras infecções - embora eu saiba que isso não é 100% garantido -, você recomenda mais algum programa além do Avira?
Forte abraço!
Bom Dia! Carlos SP
<@> Baixe: < DrWebCureIt >
<@> Salve-o no desktop!
<@> Reinicie o computador em Modo de Segurança.
<@> Inicie a instalação/execução,com um duplo-clique em drweb-cureit.
<@> Na janela que abrir,clique em Iniciar --> OK.
<@> Será dado início a "Verificação rápida" --> Feche a janela de propaganda!
<@> Terminando,marque a caixa de "Verificação Completa".
<@> Click em "Options" --> Em Change settings,desmarque a "Heuristic analysis".
>
Neste modo são verificados os seguintes objectos:
***** Sectores de Arranque de Todos os Discos. <--
***** Todas as Unidades Removíveis. <--
***** Todos os Discos Locais. <--
<@> Clique em "Iniciar verificação" --> Aguarde!
<@> Surgindo mensagens para mover ou desinfectar arquivos,clique em Sim.
<@> Terminando,clique em "Ficheiro" --> "Guardar lista de relatórios".
<@> Procure salvá-lo em um local adequado. ( DrWeb.csv ) <-- Texto!
<@> Poste: DrWeb.csv <--
<><><><><><><><><><><><>
<@> Baixe: < Kaspersky Virus Removal Tool >
<@> Salve-o em Arquivos de Programas,e instale-o aí mesmo!
<@> Reinicie o computador,em Modo de Segurança! <-- Importante!
<@> Dê início ao exame,clicando em "Scan".
<@> A verificação é muito demorada. <-- Aguarde!
<@> Caso seja encontrada infecções,clique em "disinfect".
<@> Terminando,clique na aba Events.
<@> Desmarque a caixa de seleção "Show all events".
<@> Clique em "Save to file".
<@> Nomeie-o e salve-o no desktop! <-- Relatório para postagem!
<@> Poste,também,HijackThis atualizado.
Abraços!