[Resolvido!]Erro no iExplorer e num dll suspeito

[Igor_Filipe 0]

Olá, dpois de muito tempo distante do forum voltei! E de PC novo!! Só que eu tenho um irmão mais novo muito curioso -_-" e qndo fui mexer hoj na net dpois de um tempo o IExplorer deu um problema e teve q ser finalizado e deu tb um erro num dll suspeito qndo ohei no gerenciador de tarefas notei q o "dll" estava com o meu nome de usuário n o system! não me lembro qual era o dll mas fiquei muito bolado com isso e estou postando aqui. Dapra resolver isso? Agradeço desde ja!

 

Logfile of HijackThis v1.99.1

Scan saved at 11:32:57, on 4/3/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.5730.0013)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\WINDOWS\WinLogT.exe

C:\DOCUME~1\IGORFI~1\CONFIG~1\Temp\svchost.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Registry Clean Expert\RCHelper.exe

C:\Arquivos de programas\DAEMON Tools\daemon.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\Arquivos de programas\Winamp\Winamp.exe

C:\WINDOWS\system32\drwtsn32.exe

C:\WINDOWS\system32\drwtsn32.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

D:\Igor\Programas\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [WinLogT] C:\WINDOWS\WinLogT.exe

O4 - HKLM\..\Run: [service Host] C:\DOCUME~1\IGORFI~1\CONFIG~1\Temp\svchost.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [RegClean Expert Scheduler] "C:\Arquivos de programas\Registry Clean Expert\RCHelper.exe" /startup

O4 - HKCU\..\Run: [DAEMON Tools] "C:\Arquivos de programas\DAEMON Tools\daemon.exe" -lang 1033

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O11 - Options group: [iNTERNATIONAL] International*

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1204385061890

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{3B8AB0F1-9991-4304-840F-4D2F58AFC6A1}: NameServer = 200.165.132.155 200.149.55.142

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)

O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

 

 

O nome do dll é:

 

drwtsn32.exe

 

Tinha agora 4 q eu vi no gerenciador de tarefas!

[DigRam 144]

Boa Noite Igor_Filipe!

 

<!> Arquivo suspeito,é legítimo: Ferramenta de depuração de erro de programa Dr.Watson.

_________________________

 

>@< Faça o download do ComboFix.

>@< Baixe-o para o Desktop!

>@< Feche todas as janelas e execute a ferramenta!

>@< Abrirá a janela Auto Scan. Aguarde!

>@< Digite a opção para continuar e < Enter >

>@< Aguarde a conclusão! Durante o scan,evite tocar no mouse ou teclado!

_________________________

 

>@< Poste o relatório: C:\ComboFix.txt,na sua resposta + Log do HJT,atualizado.

 

Abraços!

[Igor_Filipe 0]

Bom dia DigRam!

 

Muito obrigado! consertou o problema do autorun da unidade D e outros +! so q o iexplorer está pesando 200.000K como eu posso resolver este problema?

Log:

 

ComboFix 08-03-07.4 - Igor Filipe 2008-03-08 11:56:08.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.1574 [GMT -3:00]

Executando de: C:\Documents and Settings\Igor Filipe\Desktop\ComboFix.exe

* Criado um novo ponto de restauro

 

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

D:\autorun.bat

D:\Autorun.inf

 

.

((((((((((((((((((((((( Ficheiros criados de 2008-02-08 to 2008-03-08 ))))))))))))))))))))))))))))))))

.

 

2008-03-07 14:56 . 2008-03-07 14:56 <DIR> d-------- C:\Arquivos de programas\FireFly Studios

2008-03-07 12:55 . 2008-03-07 12:55 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\nView_Profiles

2008-03-06 02:10 . 2008-03-06 02:10 <DIR> d-------- C:\Arquivos de programas\Studio 3

2008-03-06 01:57 . 1998-01-23 12:22 304,128 --a------ C:\WINDOWS\IsUninst.exe

2008-03-06 01:56 . 2008-03-06 01:56 <DIR> d-------- C:\Documents and Settings\Igor Filipe\WINDOWS

2008-03-06 01:44 . 2008-03-06 01:44 <DIR> d-------- C:\Arquivos de programas\OpenAL

2008-03-06 01:44 . 2008-03-06 01:44 409,600 --a------ C:\WINDOWS\system32\wrap_oal.dll

2008-03-06 01:44 . 2008-03-06 01:44 114,688 --a------ C:\WINDOWS\system32\OpenAL32.dll

2008-03-05 20:31 . 2008-03-07 14:55 69 --a------ C:\WINDOWS\NeroDigital.ini

2008-03-05 16:40 . 2008-03-05 16:40 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\NVIDIA

2008-03-05 16:37 . 2008-03-05 16:38 <DIR> d-------- C:\WINDOWS\nview

2008-03-05 16:37 . 2006-10-22 12:22 208,896 --a------ C:\WINDOWS\system32\nvudisp.exe

2008-03-05 16:37 . 2008-03-07 15:17 88,566 --a------ C:\WINDOWS\system32\nvapps.xml

2008-03-05 16:37 . 2006-10-22 12:22 17,056 --a------ C:\WINDOWS\system32\nvdisp.nvu

2008-03-05 13:40 . 2008-03-05 13:40 <DIR> d-------- C:\Documents and Settings\Igor Filipe\Dados de aplicativos\Nero

2008-03-05 13:38 . 2008-03-05 13:38 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Nero

2008-03-05 13:38 . 2008-03-05 13:38 <DIR> d-------- C:\Arquivos de programas\Nero

2008-03-05 13:38 . 2008-03-05 13:39 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Nero

2008-03-04 23:48 . 2008-03-05 16:45 <DIR> d-------- C:\Documents and Settings\Igor Filipe\Dados de aplicativos\fretsonfire

2008-03-04 13:16 . 2008-03-04 13:16 107,888 --a------ C:\WINDOWS\system32\CmdLineExt.dll

2008-03-04 12:00 . 2007-01-18 09:00 3,968 --a------ C:\WINDOWS\system32\drivers\AvgArCln.sys

2008-03-04 11:58 . 2008-03-04 12:33 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy

2008-03-04 11:58 . 2008-03-04 11:58 <DIR> d-------- C:\Arquivos de programas\Spybot - Search & Destroy

2008-03-03 02:28 . 2008-03-06 17:16 <DIR> d-------- C:\Arquivos de programas\EA GAMES

2008-03-03 02:28 . 2004-08-18 05:34 442,368 -ra------ C:\WINDOWS\system32\vp6vfw.dll

2008-03-03 00:21 . 2008-03-03 00:21 <DIR> d-------- C:\Arquivos de programas\ffdshow

2008-03-03 00:21 . 2007-02-12 19:21 499,712 --a------ C:\WINDOWS\system32\msvcp71.dll

2008-03-03 00:21 . 2007-02-12 19:21 348,160 --a------ C:\WINDOWS\system32\msvcr71.dll

2008-03-03 00:21 . 2007-02-12 19:21 10,752 --a------ C:\WINDOWS\system32\ff_vfw.dll

2008-03-03 00:21 . 2007-02-12 19:21 6,144 --a------ C:\WINDOWS\system32\ff_acm.acm

2008-03-03 00:21 . 2007-02-12 19:21 547 --a------ C:\WINDOWS\system32\ff_vfw.dll.manifest

2008-03-02 21:30 . 2008-03-02 21:30 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\WLInstaller

2008-03-02 21:30 . 2008-03-02 21:30 <DIR> d--hsc--- C:\Arquivos de programas\Arquivos comuns\WindowsLiveInstaller

2008-03-02 11:02 . 2008-03-02 11:02 <DIR> d-------- C:\Arquivos de programas\Asprate

2008-03-02 10:56 . 2008-03-02 10:56 <DIR> d-------- C:\Documents and Settings\Igor Filipe\Dados de aplicativos\Tibia

2008-03-02 10:45 . 2008-03-02 10:45 <DIR> d-------- C:\Arquivos de programas\Tibia

2008-03-01 22:58 . 2005-01-22 16:12 679,936 --a------ C:\WINDOWS\system32\D3DX81ab.dll

2008-03-01 22:50 . 2008-03-01 22:50 <DIR> d-------- C:\Arquivos de programas\WinPcap

2008-03-01 22:50 . 2008-03-01 23:18 <DIR> d-------- C:\Arquivos de programas\WC3Banlist

2008-03-01 22:43 . 2008-03-01 22:43 <DIR> d-------- C:\Arquivos de programas\DAEMON Tools

2008-03-01 22:43 . 2004-08-03 23:08 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys

2008-03-01 22:43 . 2004-08-03 23:08 31,616 --a--c--- C:\WINDOWS\system32\dllcache\usbccgp.sys

2008-03-01 22:41 . 2008-03-01 22:41 682,232 --a------ C:\WINDOWS\system32\drivers\sptd.sys

2008-03-01 22:40 . 2008-03-01 22:47 139,264 --a------ C:\WINDOWS\War3Unin.exe

2008-03-01 22:40 . 2008-03-01 22:47 84,912 --a------ C:\WINDOWS\War3Unin.dat

2008-03-01 22:40 . 2008-03-01 22:47 2,829 --a------ C:\WINDOWS\War3Unin.pif

2008-03-01 22:37 . 2008-03-07 12:51 <DIR> d-------- C:\Arquivos de programas\Warcraft III

2008-03-01 13:54 . 2003-06-19 01:31 17,920 --a------ C:\WINDOWS\system32\mdimon.dll

2008-03-01 13:54 . 2008-03-01 13:54 421 --a------ C:\WINDOWS\ODBC.INI

2008-03-01 13:52 . 2008-03-01 13:53 <DIR> d-------- C:\WINDOWS\SHELLNEW

2008-03-01 13:52 . 2008-03-01 13:52 <DIR> d-------- C:\Arquivos de programas\Microsoft.NET

2008-03-01 13:50 . 2008-03-01 13:50 <DIR> dr-h----- C:\MSOCache

2008-03-01 12:56 . 2008-03-01 12:56 <DIR> d-------- C:\Documents and Settings\Igor Filipe\Dados de aplicativos\Nexon

2008-03-01 12:55 . 2008-03-01 12:55 <DIR> d-------- C:\Program Files

2008-03-01 12:55 . 2003-07-20 15:17 5,174 --a------ C:\WINDOWS\system32\nppt9x.vxd

2008-03-01 12:55 . 2005-01-04 06:43 4,682 --a------ C:\WINDOWS\system32\npptNT2.sys

2008-03-01 12:49 . 2008-03-01 12:49 <DIR> d-------- C:\Nexon

2008-03-01 12:26 . 2007-07-30 19:19 43,352 --a------ C:\WINDOWS\system32\wups2.dll

2008-03-01 12:26 . 2007-07-30 19:18 34,136 --a------ C:\WINDOWS\system32\wucltui.dll.mui

2008-03-01 12:26 . 2007-07-30 19:20 30,040 --a------ C:\WINDOWS\system32\wuaucpl.cpl.mui

2008-03-01 12:26 . 2007-07-30 19:20 30,040 --a------ C:\WINDOWS\system32\wuapi.dll.mui

2008-03-01 12:26 . 2007-07-30 19:18 20,824 --a------ C:\WINDOWS\system32\wuaueng.dll.mui

2008-03-01 03:44 . 2008-03-01 03:44 <DIR> d-------- C:\Documents and Settings\Igor Filipe\.narya

2008-03-01 03:19 . 2008-03-01 03:19 <DIR> d-------- C:\Arquivos de programas\Three Rings Design

2008-03-01 02:50 . 2008-03-01 02:50 <DIR> d-------- C:\Documents and Settings\Igor Filipe\Dados de aplicativos\TileRacer

2008-03-01 01:15 . 2008-03-01 01:15 1,190 --a------ C:\WINDOWS\mozver.dat

2008-03-01 01:07 . 2008-03-01 01:07 0 --a------ C:\WINDOWS\nsreg.dat

2008-03-01 01:01 . 2008-03-08 11:40 <DIR> d-------- C:\Documents and Settings\Igor Filipe\Dados de aplicativos\uTorrent

2008-03-01 01:01 . 2008-03-01 01:03 <DIR> d-------- C:\Arquivos de programas\uTorrent

2008-03-01 00:51 . 2008-03-07 15:17 <DIR> d-a------ C:\Documents and Settings\All Users\Dados de aplicativos\TEMP

2008-02-29 18:18 . 2008-03-01 00:13 <DIR> d-------- C:\Documents and Settings\Igor Filipe\Contacts

2008-02-29 18:17 . 2008-02-29 18:17 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Messenger Plus!

2008-02-29 18:16 . 2008-03-02 21:30 <DIR> d-------- C:\Arquivos de programas\Windows Live

2008-02-29 18:16 . 2008-02-29 18:16 <DIR> d-------- C:\Arquivos de programas\Messenger Plus! Live

2008-02-29 18:15 . 2008-03-02 21:31 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE

2008-02-29 18:15 . 2008-03-02 21:31 <DIR> d-------- C:\Arquivos de programas\MSN Messenger

2008-02-29 18:15 . 2008-02-29 18:15 268 --ah----- C:\sqmdata00.sqm

2008-02-29 18:15 . 2008-02-29 18:15 244 --ah----- C:\sqmnoopt00.sqm

2008-02-29 17:47 . 2004-08-03 23:08 26,496 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys

2008-02-29 17:44 . 2008-02-29 17:44 <DIR> d-------- C:\Documents and Settings\Igor Filipe\Dados de aplicativos\TVU networks

2008-02-29 17:44 . 2008-02-29 17:44 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\TVU networks

2008-02-29 17:43 . 2008-02-29 17:43 <DIR> d-------- C:\Arquivos de programas\SopCast

2008-02-29 17:40 . 2008-02-29 17:40 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\DFX

2008-02-29 17:35 . 2008-02-29 17:40 <DIR> d-------- C:\Arquivos de programas\DFX

2008-02-29 17:33 . 2008-02-29 17:39 <DIR> d-------- C:\Documents and Settings\Igor Filipe\Dados de aplicativos\Winamp

2008-02-29 17:33 . 2008-03-04 11:20 <DIR> d-------- C:\Arquivos de programas\Winamp

2008-02-29 17:28 . 2008-03-05 11:40 <DIR> d-------- C:\Arquivos de programas\Registry Clean Expert

2008-02-29 17:25 . 2008-02-29 17:25 307,968 --a------ C:\WINDOWS\system32\TuneUpDefragService.exe

2008-02-29 17:25 . 2008-02-27 13:15 28,416 --a------ C:\WINDOWS\system32\uxtuneup.dll

2008-02-29 17:24 . 2008-02-29 17:24 <DIR> d-------- C:\Documents and Settings\Igor Filipe\Dados de aplicativos\TuneUp Software

2008-02-29 17:23 . 2008-02-29 17:23 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\TuneUp Software

2008-02-29 17:23 . 2008-02-29 17:25 <DIR> d-------- C:\Arquivos de programas\TuneUp Utilities 2008

2008-02-29 17:23 . 2008-02-29 17:40 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Wise Installation Wizard

2008-02-29 17:18 . 2008-02-29 17:18 <DIR> d-------- C:\WINDOWS\system32\LogFiles

2008-02-29 17:17 . 2008-02-29 17:18 <DIR> d-------- C:\WINDOWS\system32\drivers\umdf

2008-02-29 17:16 . 2008-02-29 17:16 <DIR> d-------- C:\WINDOWS\system32\pt-br

2008-02-29 17:14 . 2008-02-29 17:14 <DIR> d--h----- C:\WINDOWS\$hf_mig$

2008-02-29 17:14 . 2006-05-17 18:58 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-03-07 17:56 --------- d--h--w C:\Arquivos de programas\InstallShield Installation Information

2008-03-07 17:56 --------- d-----w C:\Arquivos de programas\Arquivos comuns\InstallShield

2008-03-05 19:42 2,383,210 ----a-w C:\WINDOWS\system32\SET2F.tmp

2008-03-05 19:42 2,383,210 ----a-w C:\WINDOWS\system32\SET2E.tmp

2008-03-05 19:42 2,383,210 ----a-w C:\WINDOWS\system32\SET2D.tmp

2008-02-29 20:01 --------- d-----w C:\Arquivos de programas\Velox

2008-02-29 19:53 --------- d-----w C:\Arquivos de programas\Realtek AC97

2008-02-29 19:45 --------- d-----w C:\Arquivos de programas\microsoft frontpage

2008-02-29 19:43 --------- d-----w C:\Arquivos de programas\Serviços on-line

2008-02-29 19:42 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Serviços

2007-12-13 22:09 972,072 ----a-w C:\WINDOWS\UNNeroMediaHome.exe

.

 

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Nota* entradas vazias & legítimas por defeito não são mostradas.

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:45 15360]

"RegClean Expert Scheduler"="C:\Arquivos de programas\Registry Clean Expert\RCHelper.exe" [2008-01-11 18:51 601848]

"DAEMON Tools"="C:\Arquivos de programas\DAEMON Tools\daemon.exe" [2007-04-03 19:29 165784]

"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexStoreSvr.exe" [2007-12-13 19:10 1688872]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SoundMan"="SOUNDMAN.EXE" [2006-11-17 05:42 577536 C:\WINDOWS\soundman.exe]

"WinLogT"="C:\WINDOWS\WinLogT.exe" [2006-03-30 15:45 500224]

"NeroFilterCheck"="C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NeroCheck.exe" [2007-03-01 14:57 153136]

"NBKeyScan"="C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-12-03 14:21 2213160]

"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-10-22 12:22 7700480]

"nwiz"="nwiz.exe" [2006-10-22 12:22 1622016 C:\WINDOWS\system32\nwiz.exe]

"NvMediaCenter"="NvMCTray.dll" [2006-10-22 12:22 86016 C:\WINDOWS\system32\nvmctray.dll]

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusDisableNotify"=dword:00000001

"UpdatesDisableNotify"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Arquivos de programas\\uTorrent\\uTorrent.exe"=

"C:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"C:\\Arquivos de programas\\Windows Live\\Messenger\\livecall.exe"=

 

R2 UxTuneUp;TuneUp Theme Extension;C:\WINDOWS\System32\svchost.exe [2004-08-04 00:45]

R3 RMSPPPOE;WAN Miniport (PPP over Ethernet Protocol);C:\WINDOWS\system32\DRIVERS\RMSPPPOE.SYS [2002-06-10 00:09]

S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [2008-02-29 17:25]

 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

UxTuneUp

 

*Newly Created Service* - TUNEUP.DEFRAG

.

Conteúdo da pasta 'Tarefas Agendadas'

"2008-03-08 14:00:00 C:\WINDOWS\Tasks\Mantenimiento con 1 clic.job"

- C:\Arquivos de programas\TuneUp Utilities 2008\OneClickStarter.exe

.

**************************************************************************

 

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-03-08 11:57:25

Windows 5.1.2600 Service Pack 2 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros ocultos ...

 

Varredura completada com sucesso

Ficheiros ocultos: 0

 

**************************************************************************

.

Tempo para conclusão: 2008-03-08 11:57:57

ComboFix-quarantined-files.txt 2008-03-08 14:57:49

[DigRam 144]

Boa Noite Igor_Filipe!

 

>@< Faça um escaneamento de desinfecção em < BitDefender > e poste o relatório.

>@< Clique em BitDefender ( Scan OnLine ).

 

<!> Maiores detalhes,leia este Tutorial.

 

>@< Abrirá a página: < BitDefender OnLine Scanner >

>@< Clique em I Agree.

>@< Aguarde!Permita a instalação do ActiveX,para que possa ocorrer o scan.

__________________________

 

>@< Poste,então: Relatório do BitDefender + Log do HijackThis,atualizado.

>@< Ps: O relatório do BitDefender,estará em: C\Windows\BDOSCAN8\bdoscan.txt

 

Abraços!

[Igor_Filipe 0]

Olá DigRam,

 

Aqui vão os logs:

 

[General]

App = "BitDefender Online Scanner v8"

Date = 11:03:2008

Time = 02:24:31

Scan Path = C:\;D:\;E:\;F:\;I:\;

 

[Engines Info]

Virus Definitions = 986564

Engine build = "AVCORE v1.0 (build 2422) (i386) (Sep 25 2007 08:26:36)"

Scan plugins = 16

Archive plugins = 41

Unpack plugins = 7

E-mail plugins = 6

System plugins = 5

 

[scan Statistics]

Folders = 5278

Files = 205073

Archives = 4427

Packed files = 13623

Identified viruses = 11

Infected files = 115

Warnings = 0

Suspect files = 0

Disinfected files = 0

Deleted files = 115

Copied files = 0

Moved files = 0

Renamed files = 0

I/O Errors = 29

 

[scan Settings]

SecondAction = Delete

FirstAction = Disinfect

Heuristics = 1

Enable Warnings = 1

Exclude Ext =

Extensions = *;

Scan Emails = 1

Scan Archives = 1

Scan Packed = 1

Scan Files = 1

Scan Boot = 1

Verify Memory = 0

 

[scan Results]

Line00000291 = "C:\QooBox\Quarantine\D\autorun.bat.vir Infected with: Trojan.BAT.Autorun.A"

Line00000290 = "C:\QooBox\Quarantine\D\autorun.bat.vir Disinfection failed"

Line00000289 = "C:\QooBox\Quarantine\D\autorun.bat.vir Deleted"

Line00000288 = "C:\QooBox\Quarantine\D\Autorun.inf.vir Infected with: VBS.Small.Q"

Line00000287 = "C:\QooBox\Quarantine\D\Autorun.inf.vir Deleted"

Line00000286 = "D:\autorun.reg Infected with: Trojan.Regger.Q"

Line00000285 = "D:\autorun.reg Deleted"

Line00000284 = "D:\Felipe2\ADSTechnologyInstall.exe=>(NSIS o)=>zlib_nsis0002=>(NSIS o)=>zlib_nsis0002 Detected with: Adware.BHO.WQB"

Line00000283 = "D:\Felipe2\ADSTechnologyInstall.exe=>(NSIS o)=>zlib_nsis0002=>(NSIS o)=>zlib_nsis0002 Disinfection failed"

Line00000282 = "D:\Felipe2\ADSTechnologyInstall.exe=>(NSIS o)=>zlib_nsis0002=>(NSIS o)=>zlib_nsis0002 Deleted"

Line00000281 = "D:\Felipe2\ADSTechnologyInstall.exe=>(NSIS o)=>zlib_nsis0002=>(NSIS o) Update failed"

Line00000280 = "D:\Igor\Jogos\sim_city_3_br[www.gamevicio.com.br].exe Infected with: Backdoor.Irc.Flood.CI"

Line00000279 = "D:\Igor\Jogos\sim_city_3_br[www.gamevicio.com.br].exe Deleted"

Line00000278 = "D:\Igor\Jogos\Warcraft III The Frozen Throne.nrg=>crack/dev-ft-keygen.exe Infected with: Trojan.Dropper.PT"

Line00000277 = "D:\Igor\Jogos\Warcraft III The Frozen Throne.nrg=>crack/dev-ft-keygen.exe Deleted"

Line00000276 = "D:\Igor\Jogos\Warcraft III The Frozen Throne.nrg Update failed"

Line00000275 = "D:\Igor\Programas\keyfinder.exe Detected with: Application.Findkeyxp.G"

Line00000274 = "D:\Igor\Programas\keyfinder.exe Disinfection failed"

Line00000273 = "D:\Igor\Programas\keyfinder.exe Deleted"

Line00000272 = "D:\Igor\Programas\keyfinder.rar=>keyfinder.exe Detected with: Application.Findkeyxp.G"

Line00000271 = "D:\Igor\Programas\keyfinder.rar=>keyfinder.exe Disinfection failed"

Line00000270 = "D:\Igor\Programas\keyfinder.rar=>keyfinder.exe Deleted"

Line00000269 = "D:\Igor\Programas\keyfinder.rar Update failed"

Line00000268 = "D:\Igor\Programas\Nero-7.9.6.0_PTB.rar=>Nero.rar=>Nero\nero_keygen.exe Detected with: Application.Keygen.Nero.A"

Line00000267 = "D:\Igor\Programas\Nero-7.9.6.0_PTB.rar=>Nero.rar=>Nero\nero_keygen.exe Disinfection failed"

Line00000266 = "D:\Igor\Programas\Nero-7.9.6.0_PTB.rar=>Nero.rar=>Nero\nero_keygen.exe Deleted"

Line00000265 = "D:\Igor\Programas\Nero-7.9.6.0_PTB.rar=>Nero.rar Update failed"

Line00000264 = "D:\System Volume Information\_restore{E1E3AAFE-AA41-420A-BDF3-29C5CEFAFBFD}\RP107\A0028820.bat Infected with: Trojan.BAT.Autorun.A"

Line00000263 = "D:\System Volume Information\_restore{E1E3AAFE-AA41-420A-BDF3-29C5CEFAFBFD}\RP107\A0028820.bat Disinfection failed"

Line00000262 = "D:\System Volume Information\_restore{E1E3AAFE-AA41-420A-BDF3-29C5CEFAFBFD}\RP107\A0028820.bat Deleted"

Line00000261 = "D:\System Volume Information\_restore{E1E3AAFE-AA41-420A-BDF3-29C5CEFAFBFD}\RP107\A0028821.inf Infected with: VBS.Small.Q"

Line00000260 = "D:\System Volume Information\_restore{E1E3AAFE-AA41-420A-BDF3-29C5CEFAFBFD}\RP107\A0028821.inf Deleted"

Line00000259 = "D:\System Volume Information\_restore{E1E3AAFE-AA41-420A-BDF3-29C5CEFAFBFD}\RP107\A0028822.reg Infected with: Trojan.Regger.Q"

Line00000258 = "D:\System Volume Information\_restore{E1E3AAFE-AA41-420A-BDF3-29C5CEFAFBFD}\RP107\A0028822.reg Deleted"

Line00000257 = "D:\System Volume Information\_restore{E1E3AAFE-AA41-420A-BDF3-29C5CEFAFBFD}\RP107\A0028823.vbs Infected with: VBS.Small.P"

Line00000256 = "D:\System Volume Information\_restore{E1E3AAFE-AA41-420A-BDF3-29C5CEFAFBFD}\RP107\A0028823.vbs Disinfection failed"

Line00000255 = "D:\System Volume Information\_restore{E1E3AAFE-AA41-420A-BDF3-29C5CEFAFBFD}\RP107\A0028823.vbs Deleted"

Line00000254 = "D:\System Volume Information\_restore{E1E3AAFE-AA41-420A-BDF3-29C5CEFAFBFD}\RP107\A0028853.bat Infected with: Trojan.BAT.Autorun.A"

Line00000253 = "D:\System Volume Information\_restore{E1E3AAFE-AA41-420A-BDF3-29C5CEFAFBFD}\RP107\A0028853.bat Disinfection failed"

Line00000252 = "D:\System Volume Information\_restore{E1E3AAFE-AA41-420A-BDF3-29C5CEFAFBFD}\RP107\A0028853.bat Deleted"

Line00000251 = "D:\System Volume Information\_restore{E1E3AAFE-AA41-420A-BDF3-29C5CEFAFBFD}\RP107\A0028854.inf Infected with: VBS.Small.Q"

Line00000250 = "D:\System Volume Information\_restore{E1E3AAFE-AA41-420A-BDF3-29C5CEFAFBFD}\RP107\A0028854.inf Deleted"

Line00000249 = "D:\System Volume Information\_restore{E1E3AAFE-AA41-420A-BDF3-29C5CEFAFBFD}\RP107\A0028855.reg Infected with: Trojan.Regger.Q"

Line00000248 = "D:\System Volume Information\_restore{E1E3AAFE-AA41-420A-BDF3-29C5CEFAFBFD}\RP107\A0028855.reg Deleted"

Line00000247 = "D:\System Volume Information\_restore{E1E3AAFE-AA41-420A-BDF3-29C5CEFAFBFD}\RP107\A0028856.vbs Infected with: VBS.Small.P"

Line00000246 = "D:\System Volume Information\_restore{E1E3AAFE-AA41-420A-BDF3-29C5CEFAFBFD}\RP107\A0028856.vbs Disinfection failed"

Line00000245 = "D:\System Volume Information\_restore{E1E3AAFE-AA41-420A-BDF3-29C5CEFAFBFD}\RP107\A0028856.vbs Deleted"

Line00000244 = "D:\System Volume Information\_restore{E1E3AAFE-AA41-420A-BDF3-29C5CEFAFBFD}\RP107\A0028877.bat Infected with: Trojan.BAT.Autorun.A"

Line00000243 = "D:\System Volume Information\_restore{E1E3AAFE-AA41-420A-BDF3-29C5CEFAFBFD}\RP107\A0028877.bat Disinfection failed"

Line00000242 = "D:\System Volume Information\_restore{E1E3AAFE-AA41-420A-BDF3-29C5CEFAFBFD}\RP107\A0028877.bat Deleted"

Line00000241 = "D:\System Volume Information\_restore{E1E3AAFE-AA41-420A-BDF3-29C5CEFAFBFD}\RP107\A0028878.inf Infected with: VBS.Small.Q"

Line00000240 = "D:\System Volume Information\_restore{E1E3AAFE-AA41-420A-BDF3-29C5CEFAFBFD}\RP107\A0028878.inf Deleted"

Line00000239 = "D:\System Volume Information\_restore{E1E3AAFE-AA41-420A-BDF3-29C5CEFAFBFD}\RP107\A0028879.reg Infected with: Trojan.Regger.Q"

Line00000238 = "D:\System Volume Information\_restore{E1E3AAFE-AA41-420A-BDF3-29C5CEFAFBFD}\RP107\A0028879.reg Deleted"

Line00000237 = "D:\System Volume Information\_restore{E1E3AAFE-AA41-420A-BDF3-29C5CEFAFBFD}\RP107\A0028880.vbs Infected with: VBS.Small.P"

Line00000236 = "D:\System Volume Information\_restore{E1E3AAFE-AA41-420A-BDF3-29C5CEFAFBFD}\RP107\A0028880.vbs Disinfection failed"

Line00000235 = "D:\System Volume Information\_restore{E1E3AAFE-AA41-420A-BDF3-29C5CEFAFBFD}\RP107\A0028880.vbs Deleted"

Line00000234 = "D:\System Volume Information\_restore{E1E3AAFE-AA41-420A-BDF3-29C5CEFAFBFD}\RP107\A0029877.bat Infected with: Trojan.BAT.Autorun.A"

Line00000233 = "D:\System Volume Information\_restore{E1E3AAFE-AA41-420A-BDF3-29C5CEFAFBFD}\RP107\A0029877.bat Disinfection failed"

Line00000232 = "D:\System Volume Information\_restore{E1E3AAFE-AA41-420A-BDF3-29C5CEFAFBFD}\RP107\A0029877.bat Deleted"

Line00000231 = "D:\System Volume Information\_restore{E1E3AAFE-AA41-420A-BDF3-29C5CEFAFBFD}\RP107\A0029878.inf Infected with: VBS.Small.Q"

Line00000230 = "D:\System Volume Information\_restore{E1E3AAFE-AA41-420A-BDF3-29C5CEFAFBFD}\RP107\A0029878.inf Deleted"

Line00000229 = "D:\System Volume Information\_restore{E1E3AAFE-AA41-420A-BDF3-29C5CEFAFBFD}\RP107\A0029879.reg Infected with: Trojan.Regger.Q"

Line00000228 = "D:\System Volume Information\_restore{E1E3AAFE-AA41-420A-BDF3-29C5CEFAFBFD}\RP107\A0029879.reg Deleted"

Line00000227 = "D:\System Volume Information\_restore{E1E3AAFE-AA41-420A-BDF3-29C5CEFAFBFD}\RP107\A0029880.vbs Infected with: VBS.Small.P"

Line00000226 = "D:\System Volume Information\_restore{E1E3AAFE-AA41-420A-BDF3-29C5CEFAFBFD}\RP107\A0029880.vbs Disinfection failed"

Line00000225 = "D:\System Volume Information\_restore{E1E3AAFE-AA41-420A-BDF3-29C5CEFAFBFD}\RP107\A0029880.vbs Deleted"

Line00000224 = "D:\System Volume Information\_restore{E1E3AAFE-AA41-420A-BDF3-29C5CEFAFBFD}\RP107\A0030877.bat Infected with: Trojan.BAT.Autorun.A"

Line00000223 = "D:\System Volume Information\_restore{E1E3AAFE-AA41-420A-BDF3-29C5CEFAFBFD}\RP107\A0030877.bat Disinfection failed"

Line00000222 = "D:\System Volume Information\_restore{E1E3AAFE-AA41-420A-BDF3-29C5CEFAFBFD}\RP107\A0030877.bat Deleted"

Line00000221 = "D:\System Volume Information\_restore{E1E3AAFE-AA41-420A-BDF3-29C5CEFAFBFD}\RP107\A0030878.inf Infected with: VBS.Small.Q"

Line00000220 = "D:\System Volume Information\_restore{E1E3AAFE-AA41-420A-BDF3-29C5CEFAFBFD}\RP107\A0030878.inf Deleted"

Line00000219 = "D:\System Volume Information\_restore{E1E3AAFE-AA41-420A-BDF3-29C5CEFAFBFD}\RP107\A0030879.reg Infected with: Trojan.Regger.Q"

Line00000218 = "D:\System Volume Information\_restore{E1E3AAFE-AA41-420A-BDF3-29C5CEFAFBFD}\RP107\A0030879.reg Deleted"

Line00000217 = "D:\System Volume Information\_restore{E1E3AAFE-AA41-420A-BDF3-29C5CEFAFBFD}\RP107\A0030880.vbs Infected with: VBS.Small.P"

Line00000216 = "D:\System Volume Information\_restore{E1E3AAFE-AA41-420A-BDF3-29C5CEFAFBFD}\RP107\A0030880.vbs Disinfection failed"

Line00000215 = "D:\System Volume Information\_restore{E1E3AAFE-AA41-420A-BDF3-29C5CEFAFBFD}\RP107\A0030880.vbs Deleted"

Line00000214 = "D:\System Volume Information\_restore{E1E3AAFE-AA41-420A-BDF3-29C5CEFAFBFD}\RP107\A0030893.bat Infected with: Trojan.BAT.Autorun.A"

Line00000213 = "D:\System Volume Information\_restore{E1E3AAFE-AA41-420A-BDF3-29C5CEFAFBFD}\RP107\A0030893.bat Disinfection failed"

Line00000212 = "D:\System Volume Information\_restore{E1E3AAFE-AA41-420A-BDF3-29C5CEFAFBFD}\RP107\A0030893.bat Deleted"

Line00000211 = "D:\System Volume Information\_restore{E1E3AAFE-AA41-420A-BDF3-29C5CEFAFBFD}\RP107\A0030894.inf Infected with: VBS.Small.Q"

Line00000210 = "D:\System Volume Information\_restore{E1E3AAFE-AA41-420A-BDF3-29C5CEFAFBFD}\RP107\A0030894.inf Deleted"

Line00000209 = "D:\System Volume Information\_restore{E1E3AAFE-AA41-420A-BDF3-29C5CEFAFBFD}\RP107\A0030895.reg Infected with: Trojan.Regger.Q"

Line00000208 = "D:\System Volume Information\_restore{E1E3AAFE-AA41-420A-BDF3-29C5CEFAFBFD}\RP107\A0030895.reg Deleted"

Line00000207 = "D:\System Volume Information\_restore{E1E3AAFE-AA41-420A-BDF3-29C5CEFAFBFD}\RP107\A0030896.vbs Infected with: VBS.Small.P"

Line00000206 = "D:\System Volume Information\_restore{E1E3AAFE-AA41-420A-BDF3-29C5CEFAFBFD}\RP107\A0030896.vbs Disinfection failed"

Line00000205 = "D:\System Volume Information\_restore{E1E3AAFE-AA41-420A-BDF3-29C5CEFAFBFD}\RP107\A0030896.vbs Deleted"

Line00000204 = "D:\System Volume Information\_restore{E1E3AAFE-AA41-420A-BDF3-29C5CEFAFBFD}\RP108\A0030910.bat Infected with: Trojan.BAT.Autorun.A"

Line00000203 = "D:\System Volume Information\_restore{E1E3AAFE-AA41-420A-BDF3-29C5CEFAFBFD}\RP108\A0030910.bat Disinfection failed"

Line00000202 = "D:\System Volume Information\_restore{E1E3AAFE-AA41-420A-BDF3-29C5CEFAFBFD}\RP108\A0030910.bat Deleted"

Line00000201 = "D:\System Volume Information\_restore{E1E3AAFE-AA41-420A-BDF3-29C5CEFAFBFD}\RP108\A0030911.inf Infected with: VBS.Small.Q"

Line00000200 = "D:\System Volume Information\_restore{E1E3AAFE-AA41-420A-BDF3-29C5CEFAFBFD}\RP108\A0030911.inf Deleted"

Line00000199 = "D:\System Volume Information\_restore{E1E3AAFE-AA41-420A-BDF3-29C5CEFAFBFD}\RP108\A0030912.reg Infected with: Trojan.Regger.Q"

Line00000198 = "D:\System Volume Information\_restore{E1E3AAFE-AA41-420A-BDF3-29C5CEFAFBFD}\RP108\A0030912.reg Deleted"

Line00000197 = "D:\System Volume Information\_restore{E1E3AAFE-AA41-420A-BDF3-29C5CEFAFBFD}\RP108\A0030913.vbs Infected with: VBS.Small.P"

Line00000196 = "D:\System Volume Information\_restore{E1E3AAFE-AA41-420A-BDF3-29C5CEFAFBFD}\RP108\A0030913.vbs Disinfection failed"

Line00000195 = "D:\System Volume Information\_restore{E1E3AAFE-AA41-420A-BDF3-29C5CEFAFBFD}\RP108\A0030913.vbs Deleted"

Line00000194 = "D:\System Volume Information\_restore{E1E3AAFE-AA41-420A-BDF3-29C5CEFAFBFD}\RP108\A0030932.bat Infected with: Trojan.BAT.Autorun.A"

Line00000193 = "D:\System Volume Information\_restore{E1E3AAFE-AA41-420A-BDF3-29C5CEFAFBFD}\RP108\A0030932.bat Disinfection failed"

Line00000192 = "D:\System Volume Information\_restore{E1E3AAFE-AA41-420A-BDF3-29C5CEFAFBFD}\RP108\A0030932.bat Deleted"

Line00000191 = "D:\System Volume Information\_restore{E1E3AAFE-AA41-420A-BDF3-29C5CEFAFBFD}\RP108\A0030933.inf Infected with: VBS.Small.Q"

Line00000190 = "D:\System Volume Information\_restore{E1E3AAFE-AA41-420A-BDF3-29C5CEFAFBFD}\RP108\A0030933.inf Deleted"

Line00000189 = "D:\System Volume Information\_restore{E1E3AAFE-AA41-420A-BDF3-29C5CEFAFBFD}\RP108\A0030934.reg Infected with: Trojan.Regger.Q"

Line00000188 = "D:\System Volume Information\_restore{E1E3AAFE-AA41-420A-BDF3-29C5CEFAFBFD}\RP108\A0030934.reg Deleted"

Line00000187 = "D:\System Volume Information\_restore{E1E3AAFE-AA41-420A-BDF3-29C5CEFAFBFD}\RP108\A0030935.vbs Infected with: VBS.Small.P"

Line00000186 = "D:\System Volume Information\_restore{E1E3AAFE-AA41-420A-BDF3-29C5CEFAFBFD}\RP108\A0030935.vbs Disinfection failed"

Line00000185 = "D:\System Volume Information\_restore{E1E3AAFE-AA41-420A-BDF3-29C5CEFAFBFD}\RP108\A0030935.vbs Deleted"

Line00000184 = "D:\System Volume Information\_restore{E1E3AAFE-AA41-420A-BDF3-29C5CEFAFBFD}\RP108\A0030945.bat Infected with: Trojan.BAT.Autorun.A"

Line00000183 = "D:\System Volume Information\_restore{E1E3AAFE-AA41-420A-BDF3-29C5CEFAFBFD}\RP108\A0030945.bat Disinfection failed"

Line00000182 = "D:\System Volume Information\_restore{E1E3AAFE-AA41-420A-BDF3-29C5CEFAFBFD}\RP108\A0030945.bat Deleted"

Line00000181 = "D:\System Volume Information\_restore{E1E3AAFE-AA41-420A-BDF3-29C5CEFAFBFD}\RP108\A0030946.inf Infected with: VBS.Small.Q"

Line00000180 = "D:\System Volume Information\_restore{E1E3AAFE-AA41-420A-BDF3-29C5CEFAFBFD}\RP108\A0030946.inf Deleted"

Line00000179 = "D:\System Volume Information\_restore{E1E3AAFE-AA41-420A-BDF3-29C5CEFAFBFD}\RP108\A0030947.reg Infected with: Trojan.Regger.Q"

Line00000178 = "D:\System Volume Information\_restore{E1E3AAFE-AA41-420A-BDF3-29C5CEFAFBFD}\RP108\A0030947.reg Deleted"

Line00000177 = "D:\System Volume Information\_restore{E1E3AAFE-AA41-420A-BDF3-29C5CEFAFBFD}\RP108\A0030948.vbs Infected with: VBS.Small.P"

Line00000176 = "D:\System Volume Information\_restore{E1E3AAFE-AA41-420A-BDF3-29C5CEFAFBFD}\RP108\A0030948.vbs Disinfection failed"

Line00000175 = "D:\System Volume Information\_restore{E1E3AAFE-AA41-420A-BDF3-29C5CEFAFBFD}\RP108\A0030948.vbs Deleted"

Line00000174 = "D:\System Volume Information\_restore{E1E3AAFE-AA41-420A-BDF3-29C5CEFAFBFD}\RP108\A0030957.bat Infected with: Trojan.BAT.Autorun.A"

Line00000173 = "D:\System Volume Information\_restore{E1E3AAFE-AA41-420A-BDF3-29C5CEFAFBFD}\RP108\A0030957.bat Disinfection failed"

Line00000172 = "D:\System Volume Information\_restore{E1E3AAFE-AA41-420A-BDF3-29C5CEFAFBFD}\RP108\A0030957.bat Deleted"

Line00000171 = "D:\System Volume Information\_restore{E1E3AAFE-AA41-420A-BDF3-29C5CEFAFBFD}\RP108\A0030958.inf Infected with: VBS.Small.Q"

Line00000170 = "D:\System Volume Information\_restore{E1E3AAFE-AA41-420A-BDF3-29C5CEFAFBFD}\RP108\A0030958.inf Deleted"

Line00000169 = "D:\System Volume Information\_restore{E1E3AAFE-AA41-420A-BDF3-29C5CEFAFBFD}\RP108\A0030959.reg Infected with: Trojan.Regger.Q"

Line00000168 = "D:\System Volume Information\_restore{E1E3AAFE-AA41-420A-BDF3-29C5CEFAFBFD}\RP108\A0030959.reg Deleted"

Line00000167 = "D:\System Volume Information\_restore{E1E3AAFE-AA41-420A-BDF3-29C5CEFAFBFD}\RP108\A0030960.vbs Infected with: VBS.Small.P"

Line00000166 = "D:\System Volume Information\_restore{E1E3AAFE-AA41-420A-BDF3-29C5CEFAFBFD}\RP108\A0030960.vbs Disinfection failed"

Line00000165 = "D:\System Volume Information\_restore{E1E3AAFE-AA41-420A-BDF3-29C5CEFAFBFD}\RP108\A0030960.vbs Deleted"

Line00000164 = "D:\System Volume Information\_restore{E1E3AAFE-AA41-420A-BDF3-29C5CEFAFBFD}\RP108\A0031015.bat Infected with: Trojan.BAT.Autorun.A"

Line00000163 = "D:\System Volume Information\_restore{E1E3AAFE-AA41-420A-BDF3-29C5CEFAFBFD}\RP108\A0031015.bat Disinfection failed"

Line00000162 = "D:\System Volume Information\_restore{E1E3AAFE-AA41-420A-BDF3-29C5CEFAFBFD}\RP108\A0031015.bat Deleted"

Line00000161 = "D:\System Volume Information\_restore{E1E3AAFE-AA41-420A-BDF3-29C5CEFAFBFD}\RP108\A0031016.inf Infected with: VBS.Small.Q"

Line00000160 = "D:\System Volume Information\_restore{E1E3AAFE-AA41-420A-BDF3-29C5CEFAFBFD}\RP108\A0031016.inf Deleted"

Line00000159 = "D:\System Volume Information\_restore{E1E3AAFE-AA41-420A-BDF3-29C5CEFAFBFD}\RP108\A0031017.reg Infected with: Trojan.Regger.Q"

Line00000158 = "D:\System Volume Information\_restore{E1E3AAFE-AA41-420A-BDF3-29C5CEFAFBFD}\RP108\A0031017.reg Deleted"

Line00000157 = "D:\System Volume Information\_restore{E1E3AAFE-AA41-420A-BDF3-29C5CEFAFBFD}\RP108\A0031018.vbs Infected with: VBS.Small.P"

Line00000156 = "D:\System Volume Information\_restore{E1E3AAFE-AA41-420A-BDF3-29C5CEFAFBFD}\RP108\A0031018.vbs Disinfection failed"

Line00000155 = "D:\System Volume Information\_restore{E1E3AAFE-AA41-420A-BDF3-29C5CEFAFBFD}\RP108\A0031018.vbs Deleted"

Line00000154 = "D:\System Volume Information\_restore{E1E3AAFE-AA41-420A-BDF3-29C5CEFAFBFD}\RP108\A0031057.bat Infected with: Trojan.BAT.Autorun.A"

Line00000153 = "D:\System Volume Information\_restore{E1E3AAFE-AA41-420A-BDF3-29C5CEFAFBFD}\RP108\A0031057.bat Disinfection failed"

Line00000152 = "D:\System Volume Information\_restore{E1E3AAFE-AA41-420A-BDF3-29C5CEFAFBFD}\RP108\A0031057.bat Deleted"

Line00000151 = "D:\System Volume Information\_restore{E1E3AAFE-AA41-420A-BDF3-29C5CEFAFBFD}\RP108\A0031058.inf Infected with: VBS.Small.Q"

Line00000150 = "D:\System Volume Information\_restore{E1E3AAFE-AA41-420A-BDF3-29C5CEFAFBFD}\RP108\A0031058.inf Deleted"

Line00000149 = "D:\System Volume Information\_restore{E1E3AAFE-AA41-420A-BDF3-29C5CEFAFBFD}\RP108\A0031059.reg Infected with: Trojan.Regger.Q"

Line00000148 = "D:\System Volume Information\_restore{E1E3AAFE-AA41-420A-BDF3-29C5CEFAFBFD}\RP108\A0031059.reg Deleted"

Line00000147 = "D:\System Volume Information\_restore{E1E3AAFE-AA41-420A-BDF3-29C5CEFAFBFD}\RP108\A0031060.vbs Infected with: VBS.Small.P"

Line00000146 = "D:\System Volume Information\_restore{E1E3AAFE-AA41-420A-BDF3-29C5CEFAFBFD}\RP108\A0031060.vbs Disinfection failed"

Line00000145 = "D:\System Volume Information\_restore{E1E3AAFE-AA41-420A-BDF3-29C5CEFAFBFD}\RP108\A0031060.vbs Deleted"

Line00000144 = "D:\System Volume Information\_restore{E1E3AAFE-AA41-420A-BDF3-29C5CEFAFBFD}\RP109\A0031075.bat Infected with: Trojan.BAT.Autorun.A"

Line00000143 = "D:\System Volume Information\_restore{E1E3AAFE-AA41-420A-BDF3-29C5CEFAFBFD}\RP109\A0031075.bat Disinfection failed"

Line00000142 = "D:\System Volume Information\_restore{E1E3AAFE-AA41-420A-BDF3-29C5CEFAFBFD}\RP109\A0031075.bat Deleted"

Line00000141 = "D:\System Volume Information\_restore{E1E3AAFE-AA41-420A-BDF3-29C5CEFAFBFD}\RP109\A0031076.inf Infected with: VBS.Small.Q"

Line00000140 = "D:\System Volume Information\_restore{E1E3AAFE-AA41-420A-BDF3-29C5CEFAFBFD}\RP109\A0031076.inf Deleted"

Line00000139 = "D:\System Volume Information\_restore{E1E3AAFE-AA41-420A-BDF3-29C5CEFAFBFD}\RP109\A0031077.reg Infected with: Trojan.Regger.Q"

Line00000138 = "D:\System Volume Information\_restore{E1E3AAFE-AA41-420A-BDF3-29C5CEFAFBFD}\RP109\A0031077.reg Deleted"

Line00000137 = "D:\System Volume Information\_restore{E1E3AAFE-AA41-420A-BDF3-29C5CEFAFBFD}\RP109\A0031078.vbs Infected with: VBS.Small.P"

Line00000136 = "D:\System Volume Information\_restore{E1E3AAFE-AA41-420A-BDF3-29C5CEFAFBFD}\RP109\A0031078.vbs Disinfection failed"

Line00000135 = "D:\System Volume Information\_restore{E1E3AAFE-AA41-420A-BDF3-29C5CEFAFBFD}\RP109\A0031078.vbs Deleted"

Line00000134 = "D:\System Volume Information\_restore{E1E3AAFE-AA41-420A-BDF3-29C5CEFAFBFD}\RP109\A0031142.bat Infected with: Trojan.BAT.Autorun.A"

Line00000133 = "D:\System Volume Information\_restore{E1E3AAFE-AA41-420A-BDF3-29C5CEFAFBFD}\RP109\A0031142.bat Disinfection failed"

Line00000132 = "D:\System Volume Information\_restore{E1E3AAFE-AA41-420A-BDF3-29C5CEFAFBFD}\RP109\A0031142.bat Deleted"

Line00000131 = "D:\System Volume Information\_restore{E1E3AAFE-AA41-420A-BDF3-29C5CEFAFBFD}\RP109\A0031143.inf Infected with: VBS.Small.Q"

Line00000130 = "D:\System Volume Information\_restore{E1E3AAFE-AA41-420A-BDF3-29C5CEFAFBFD}\RP109\A0031143.inf Deleted"

Line00000129 = "D:\System Volume Information\_restore{E1E3AAFE-AA41-420A-BDF3-29C5CEFAFBFD}\RP109\A0031144.reg Infected with: Trojan.Regger.Q"

Line00000128 = "D:\System Volume Information\_restore{E1E3AAFE-AA41-420A-BDF3-29C5CEFAFBFD}\RP109\A0031144.reg Deleted"

Line00000127 = "D:\System Volume Information\_restore{E1E3AAFE-AA41-420A-BDF3-29C5CEFAFBFD}\RP109\A0031145.vbs Infected with: VBS.Small.P"

Line00000126 = "D:\System Volume Information\_restore{E1E3AAFE-AA41-420A-BDF3-29C5CEFAFBFD}\RP109\A0031145.vbs Disinfection failed"

Line00000125 = "D:\System Volume Information\_restore{E1E3AAFE-AA41-420A-BDF3-29C5CEFAFBFD}\RP109\A0031145.vbs Deleted"

Line00000124 = "D:\System Volume Information\_restore{E1E3AAFE-AA41-420A-BDF3-29C5CEFAFBFD}\RP110\A0031166.bat Infected with: Trojan.BAT.Autorun.A"

Line00000123 = "D:\System Volume Information\_restore{E1E3AAFE-AA41-420A-BDF3-29C5CEFAFBFD}\RP110\A0031166.bat Disinfection failed"

Line00000122 = "D:\System Volume Information\_restore{E1E3AAFE-AA41-420A-BDF3-29C5CEFAFBFD}\RP110\A0031166.bat Deleted"

Line00000121 = "D:\System Volume Information\_restore{E1E3AAFE-AA41-420A-BDF3-29C5CEFAFBFD}\RP110\A0031167.inf Infected with: VBS.Small.Q"

Line00000120 = "D:\System Volume Information\_restore{E1E3AAFE-AA41-420A-BDF3-29C5CEFAFBFD}\RP110\A0031167.inf Deleted"

Line00000119 = "D:\System Volume Information\_restore{E1E3AAFE-AA41-420A-BDF3-29C5CEFAFBFD}\RP110\A0031168.reg Infected with: Trojan.Regger.Q"

Line00000118 = "D:\System Volume Information\_restore{E1E3AAFE-AA41-420A-BDF3-29C5CEFAFBFD}\RP110\A0031168.reg Deleted"

Line00000117 = "D:\System Volume Information\_restore{E1E3AAFE-AA41-420A-BDF3-29C5CEFAFBFD}\RP110\A0031169.vbs Infected with: VBS.Small.P"

Line00000116 = "D:\System Volume Information\_restore{E1E3AAFE-AA41-420A-BDF3-29C5CEFAFBFD}\RP110\A0031169.vbs Disinfection failed"

Line00000115 = "D:\System Volume Information\_restore{E1E3AAFE-AA41-420A-BDF3-29C5CEFAFBFD}\RP110\A0031169.vbs Deleted"

Line00000114 = "D:\System Volume Information\_restore{E1E3AAFE-AA41-420A-BDF3-29C5CEFAFBFD}\RP110\A0031190.bat Infected with: Trojan.BAT.Autorun.A"

Line00000113 = "D:\System Volume Information\_restore{E1E3AAFE-AA41-420A-BDF3-29C5CEFAFBFD}\RP110\A0031190.bat Disinfection failed"

Line00000112 = "D:\System Volume Information\_restore{E1E3AAFE-AA41-420A-BDF3-29C5CEFAFBFD}\RP110\A0031190.bat Deleted"

Line00000111 = "D:\System Volume Information\_restore{E1E3AAFE-AA41-420A-BDF3-29C5CEFAFBFD}\RP110\A0031191.inf Infected with: VBS.Small.Q"

Line00000110 = "D:\System Volume Information\_restore{E1E3AAFE-AA41-420A-BDF3-29C5CEFAFBFD}\RP110\A0031191.inf Deleted"

Line00000109 = "D:\System Volume Information\_restore{E1E3AAFE-AA41-420A-BDF3-29C5CEFAFBFD}\RP110\A0031192.reg Infected with: Trojan.Regger.Q"

Line00000108 = "D:\System Volume Information\_restore{E1E3AAFE-AA41-420A-BDF3-29C5CEFAFBFD}\RP110\A0031192.reg Deleted"

Line00000107 = "D:\System Volume Information\_restore{E1E3AAFE-AA41-420A-BDF3-29C5CEFAFBFD}\RP110\A0031193.vbs Infected with: VBS.Small.P"

Line00000106 = "D:\System Volume Information\_restore{E1E3AAFE-AA41-420A-BDF3-29C5CEFAFBFD}\RP110\A0031193.vbs Disinfection failed"

Line00000105 = "D:\System Volume Information\_restore{E1E3AAFE-AA41-420A-BDF3-29C5CEFAFBFD}\RP110\A0031193.vbs Deleted"

Line00000104 = "D:\System Volume Information\_restore{E1E3AAFE-AA41-420A-BDF3-29C5CEFAFBFD}\RP110\A0032190.bat Infected with: Trojan.BAT.Autorun.A"

Line00000103 = "D:\System Volume Information\_restore{E1E3AAFE-AA41-420A-BDF3-29C5CEFAFBFD}\RP110\A0032190.bat Disinfection failed"

Line00000102 = "D:\System Volume Information\_restore{E1E3AAFE-AA41-420A-BDF3-29C5CEFAFBFD}\RP110\A0032190.bat Deleted"

Line00000101 = "D:\System Volume Information\_restore{E1E3AAFE-AA41-420A-BDF3-29C5CEFAFBFD}\RP110\A0032191.inf Infected with: VBS.Small.Q"

Line00000100 = "D:\System Volume Information\_restore{E1E3AAFE-AA41-420A-BDF3-29C5CEFAFBFD}\RP110\A0032191.inf Deleted"

Line00000099 = "D:\System Volume Information\_restore{E1E3AAFE-AA41-420A-BDF3-29C5CEFAFBFD}\RP110\A0032192.reg Infected with: Trojan.Regger.Q"

Line00000098 = "D:\System Volume Information\_restore{E1E3AAFE-AA41-420A-BDF3-29C5CEFAFBFD}\RP110\A0032192.reg Deleted"

Line00000097 = "D:\System Volume Information\_restore{E1E3AAFE-AA41-420A-BDF3-29C5CEFAFBFD}\RP110\A0032193.vbs Infected with: VBS.Small.P"

Line00000096 = "D:\System Volume Information\_restore{E1E3AAFE-AA41-420A-BDF3-29C5CEFAFBFD}\RP110\A0032193.vbs Disinfection failed"

Line00000095 = "D:\System Volume Information\_restore{E1E3AAFE-AA41-420A-BDF3-29C5CEFAFBFD}\RP110\A0032193.vbs Deleted"

Line00000094 = "D:\System Volume Information\_restore{E1E3AAFE-AA41-420A-BDF3-29C5CEFAFBFD}\RP111\A0032222.bat Infected with: Trojan.BAT.Autorun.A"

Line00000093 = "D:\System Volume Information\_restore{E1E3AAFE-AA41-420A-BDF3-29C5CEFAFBFD}\RP111\A0032222.bat Disinfection failed"

Line00000092 = "D:\System Volume Information\_restore{E1E3AAFE-AA41-420A-BDF3-29C5CEFAFBFD}\RP111\A0032222.bat Deleted"

Line00000091 = "D:\System Volume Information\_restore{E1E3AAFE-AA41-420A-BDF3-29C5CEFAFBFD}\RP111\A0032223.inf Infected with: VBS.Small.Q"

Line00000090 = "D:\System Volume Information\_restore{E1E3AAFE-AA41-420A-BDF3-29C5CEFAFBFD}\RP111\A0032223.inf Deleted"

Line00000089 = "D:\System Volume Information\_restore{E1E3AAFE-AA41-420A-BDF3-29C5CEFAFBFD}\RP111\A0032224.reg Infected with: Trojan.Regger.Q"

Line00000088 = "D:\System Volume Information\_restore{E1E3AAFE-AA41-420A-BDF3-29C5CEFAFBFD}\RP111\A0032224.reg Deleted"

Line00000087 = "D:\System Volume Information\_restore{E1E3AAFE-AA41-420A-BDF3-29C5CEFAFBFD}\RP111\A0032225.vbs Infected with: VBS.Small.P"

Line00000086 = "D:\System Volume Information\_restore{E1E3AAFE-AA41-420A-BDF3-29C5CEFAFBFD}\RP111\A0032225.vbs Disinfection failed"

Line00000085 = "D:\System Volume Information\_restore{E1E3AAFE-AA41-420A-BDF3-29C5CEFAFBFD}\RP111\A0032225.vbs Deleted"

Line00000084 = "D:\System Volume Information\_restore{E1E3AAFE-AA41-420A-BDF3-29C5CEFAFBFD}\RP111\A0032253.bat Infected with: Trojan.BAT.Autorun.A"

Line00000083 = "D:\System Volume Information\_restore{E1E3AAFE-AA41-420A-BDF3-29C5CEFAFBFD}\RP111\A0032253.bat Disinfection failed"

Line00000082 = "D:\System Volume Information\_restore{E1E3AAFE-AA41-420A-BDF3-29C5CEFAFBFD}\RP111\A0032253.bat Deleted"

Line00000081 = "D:\System Volume Information\_restore{E1E3AAFE-AA41-420A-BDF3-29C5CEFAFBFD}\RP111\A0032254.inf Infected with: VBS.Small.Q"

Line00000080 = "D:\System Volume Information\_restore{E1E3AAFE-AA41-420A-BDF3-29C5CEFAFBFD}\RP111\A0032254.inf Deleted"

Line00000079 = "D:\System Volume Information\_restore{E1E3AAFE-AA41-420A-BDF3-29C5CEFAFBFD}\RP111\A0032255.reg Infected with: Trojan.Regger.Q"

Line00000078 = "D:\System Volume Information\_restore{E1E3AAFE-AA41-420A-BDF3-29C5CEFAFBFD}\RP111\A0032255.reg Deleted"

Line00000077 = "D:\System Volume Information\_restore{E1E3AAFE-AA41-420A-BDF3-29C5CEFAFBFD}\RP111\A0032256.vbs Infected with: VBS.Small.P"

Line00000076 = "D:\System Volume Information\_restore{E1E3AAFE-AA41-420A-BDF3-29C5CEFAFBFD}\RP111\A0032256.vbs Disinfection failed"

Line00000075 = "D:\System Volume Information\_restore{E1E3AAFE-AA41-420A-BDF3-29C5CEFAFBFD}\RP111\A0032256.vbs Deleted"

Line00000074 = "D:\System Volume Information\_restore{E1E3AAFE-AA41-420A-BDF3-29C5CEFAFBFD}\RP111\A0032283.bat Infected with: Trojan.BAT.Autorun.A"

Line00000073 = "D:\System Volume Information\_restore{E1E3AAFE-AA41-420A-BDF3-29C5CEFAFBFD}\RP111\A0032283.bat Disinfection failed"

Line00000072 = "D:\System Volume Information\_restore{E1E3AAFE-AA41-420A-BDF3-29C5CEFAFBFD}\RP111\A0032283.bat Deleted"

Line00000071 = "D:\System Volume Information\_restore{E1E3AAFE-AA41-420A-BDF3-29C5CEFAFBFD}\RP111\A0032284.inf Infected with: VBS.Small.Q"

Line00000070 = "D:\System Volume Information\_restore{E1E3AAFE-AA41-420A-BDF3-29C5CEFAFBFD}\RP111\A0032284.inf Deleted"

Line00000069 = "D:\System Volume Information\_restore{E1E3AAFE-AA41-420A-BDF3-29C5CEFAFBFD}\RP111\A0032285.reg Infected with: Trojan.Regger.Q"

Line00000068 = "D:\System Volume Information\_restore{E1E3AAFE-AA41-420A-BDF3-29C5CEFAFBFD}\RP111\A0032285.reg Deleted"

Line00000067 = "D:\System Volume Information\_restore{E1E3AAFE-AA41-420A-BDF3-29C5CEFAFBFD}\RP111\A0032286.vbs Infected with: VBS.Small.P"

Line00000066 = "D:\System Volume Information\_restore{E1E3AAFE-AA41-420A-BDF3-29C5CEFAFBFD}\RP111\A0032286.vbs Disinfection failed"

Line00000065 = "D:\System Volume Information\_restore{E1E3AAFE-AA41-420A-BDF3-29C5CEFAFBFD}\RP111\A0032286.vbs Deleted"

Line00000064 = "D:\System Volume Information\_restore{E1E3AAFE-AA41-420A-BDF3-29C5CEFAFBFD}\RP111\A0032300.bat Infected with: Trojan.BAT.Autorun.A"

Line00000063 = "D:\System Volume Information\_restore{E1E3AAFE-AA41-420A-BDF3-29C5CEFAFBFD}\RP111\A0032300.bat Disinfection failed"

Line00000062 = "D:\System Volume Information\_restore{E1E3AAFE-AA41-420A-BDF3-29C5CEFAFBFD}\RP111\A0032300.bat Deleted"

Line00000061 = "D:\System Volume Information\_restore{E1E3AAFE-AA41-420A-BDF3-29C5CEFAFBFD}\RP111\A0032301.inf Infected with: VBS.Small.Q"

Line00000060 = "D:\System Volume Information\_restore{E1E3AAFE-AA41-420A-BDF3-29C5CEFAFBFD}\RP111\A0032301.inf Deleted"

Line00000059 = "D:\System Volume Information\_restore{E1E3AAFE-AA41-420A-BDF3-29C5CEFAFBFD}\RP111\A0032302.reg Infected with: Trojan.Regger.Q"

Line00000058 = "D:\System Volume Information\_restore{E1E3AAFE-AA41-420A-BDF3-29C5CEFAFBFD}\RP111\A0032302.reg Deleted"

Line00000057 = "D:\System Volume Information\_restore{E1E3AAFE-AA41-420A-BDF3-29C5CEFAFBFD}\RP111\A0032303.vbs Infected with: VBS.Small.P"

Line00000056 = "D:\System Volume Information\_restore{E1E3AAFE-AA41-420A-BDF3-29C5CEFAFBFD}\RP111\A0032303.vbs Disinfection failed"

Line00000055 = "D:\System Volume Information\_restore{E1E3AAFE-AA41-420A-BDF3-29C5CEFAFBFD}\RP111\A0032303.vbs Deleted"

Line00000054 = "D:\System Volume Information\_restore{E1E3AAFE-AA41-420A-BDF3-29C5CEFAFBFD}\RP111\A0033300.bat Infected with: Trojan.BAT.Autorun.A"

Line00000053 = "D:\System Volume Information\_restore{E1E3AAFE-AA41-420A-BDF3-29C5CEFAFBFD}\RP111\A0033300.bat Disinfection failed"

Line00000052 = "D:\System Volume Information\_restore{E1E3AAFE-AA41-420A-BDF3-29C5CEFAFBFD}\RP111\A0033300.bat Deleted"

Line00000051 = "D:\System Volume Information\_restore{E1E3AAFE-AA41-420A-BDF3-29C5CEFAFBFD}\RP111\A0033301.inf Infected with: VBS.Small.Q"

Line00000050 = "D:\System Volume Information\_restore{E1E3AAFE-AA41-420A-BDF3-29C5CEFAFBFD}\RP111\A0033301.inf Deleted"

Line00000049 = "D:\System Volume Information\_restore{E1E3AAFE-AA41-420A-BDF3-29C5CEFAFBFD}\RP111\A0033302.reg Infected with: Trojan.Regger.Q"

Line00000048 = "D:\System Volume Information\_restore{E1E3AAFE-AA41-420A-BDF3-29C5CEFAFBFD}\RP111\A0033302.reg Deleted"

Line00000047 = "D:\System Volume Information\_restore{E1E3AAFE-AA41-420A-BDF3-29C5CEFAFBFD}\RP111\A0033303.vbs Infected with: VBS.Small.P"

Line00000046 = "D:\System Volume Information\_restore{E1E3AAFE-AA41-420A-BDF3-29C5CEFAFBFD}\RP111\A0033303.vbs Disinfection failed"

Line00000045 = "D:\System Volume Information\_restore{E1E3AAFE-AA41-420A-BDF3-29C5CEFAFBFD}\RP111\A0033303.vbs Deleted"

Line00000044 = "D:\System Volume Information\_restore{E1E3AAFE-AA41-420A-BDF3-29C5CEFAFBFD}\RP111\A0034300.bat Infected with: Trojan.BAT.Autorun.A"

Line00000043 = "D:\System Volume Information\_restore{E1E3AAFE-AA41-420A-BDF3-29C5CEFAFBFD}\RP111\A0034300.bat Disinfection failed"

Line00000042 = "D:\System Volume Information\_restore{E1E3AAFE-AA41-420A-BDF3-29C5CEFAFBFD}\RP111\A0034300.bat Deleted"

Line00000041 = "D:\System Volume Information\_restore{E1E3AAFE-AA41-420A-BDF3-29C5CEFAFBFD}\RP111\A0034301.inf Infected with: VBS.Small.Q"

Line00000040 = "D:\System Volume Information\_restore{E1E3AAFE-AA41-420A-BDF3-29C5CEFAFBFD}\RP111\A0034301.inf Deleted"

Line00000039 = "D:\System Volume Information\_restore{E1E3AAFE-AA41-420A-BDF3-29C5CEFAFBFD}\RP111\A0034302.reg Infected with: Trojan.Regger.Q"

Line00000038 = "D:\System Volume Information\_restore{E1E3AAFE-AA41-420A-BDF3-29C5CEFAFBFD}\RP111\A0034302.reg Deleted"

Line00000037 = "D:\System Volume Information\_restore{E1E3AAFE-AA41-420A-BDF3-29C5CEFAFBFD}\RP111\A0034303.vbs Infected with: VBS.Small.P"

Line00000036 = "D:\System Volume Information\_restore{E1E3AAFE-AA41-420A-BDF3-29C5CEFAFBFD}\RP111\A0034303.vbs Disinfection failed"

Line00000035 = "D:\System Volume Information\_restore{E1E3AAFE-AA41-420A-BDF3-29C5CEFAFBFD}\RP111\A0034303.vbs Deleted"

Line00000034 = "D:\System Volume Information\_restore{E1E3AAFE-AA41-420A-BDF3-29C5CEFAFBFD}\RP112\A0034326.bat Infected with: Trojan.BAT.Autorun.A"

Line00000033 = "D:\System Volume Information\_restore{E1E3AAFE-AA41-420A-BDF3-29C5CEFAFBFD}\RP112\A0034326.bat Disinfection failed"

Line00000032 = "D:\System Volume Information\_restore{E1E3AAFE-AA41-420A-BDF3-29C5CEFAFBFD}\RP112\A0034326.bat Deleted"

Line00000031 = "D:\System Volume Information\_restore{E1E3AAFE-AA41-420A-BDF3-29C5CEFAFBFD}\RP112\A0034327.inf Infected with: VBS.Small.Q"

Line00000030 = "D:\System Volume Information\_restore{E1E3AAFE-AA41-420A-BDF3-29C5CEFAFBFD}\RP112\A0034327.inf Deleted"

Line00000029 = "D:\System Volume Information\_restore{E1E3AAFE-AA41-420A-BDF3-29C5CEFAFBFD}\RP112\A0034328.reg Infected with: Trojan.Regger.Q"

Line00000028 = "D:\System Volume Information\_restore{E1E3AAFE-AA41-420A-BDF3-29C5CEFAFBFD}\RP112\A0034328.reg Deleted"

Line00000027 = "D:\System Volume Information\_restore{E1E3AAFE-AA41-420A-BDF3-29C5CEFAFBFD}\RP112\A0034329.vbs Infected with: VBS.Small.P"

Line00000026 = "D:\System Volume Information\_restore{E1E3AAFE-AA41-420A-BDF3-29C5CEFAFBFD}\RP112\A0034329.vbs Disinfection failed"

Line00000025 = "D:\System Volume Information\_restore{E1E3AAFE-AA41-420A-BDF3-29C5CEFAFBFD}\RP112\A0034329.vbs Deleted"

Line00000024 = "D:\System Volume Information\_restore{E1E3AAFE-AA41-420A-BDF3-29C5CEFAFBFD}\RP112\A0035300.bat Infected with: Trojan.BAT.Autorun.A"

Line00000023 = "D:\System Volume Information\_restore{E1E3AAFE-AA41-420A-BDF3-29C5CEFAFBFD}\RP112\A0035300.bat Disinfection failed"

Line00000022 = "D:\System Volume Information\_restore{E1E3AAFE-AA41-420A-BDF3-29C5CEFAFBFD}\RP112\A0035300.bat Deleted"

Line00000021 = "D:\System Volume Information\_restore{E1E3AAFE-AA41-420A-BDF3-29C5CEFAFBFD}\RP112\A0035301.inf Infected with: VBS.Small.Q"

Line00000020 = "D:\System Volume Information\_restore{E1E3AAFE-AA41-420A-BDF3-29C5CEFAFBFD}\RP112\A0035301.inf Deleted"

Line00000019 = "D:\System Volume Information\_restore{E1E3AAFE-AA41-420A-BDF3-29C5CEFAFBFD}\RP112\A0035302.reg Infected with: Trojan.Regger.Q"

Line00000018 = "D:\System Volume Information\_restore{E1E3AAFE-AA41-420A-BDF3-29C5CEFAFBFD}\RP112\A0035302.reg Deleted"

Line00000017 = "D:\System Volume Information\_restore{E1E3AAFE-AA41-420A-BDF3-29C5CEFAFBFD}\RP112\A0035303.vbs Infected with: VBS.Small.P"

Line00000016 = "D:\System Volume Information\_restore{E1E3AAFE-AA41-420A-BDF3-29C5CEFAFBFD}\RP112\A0035303.vbs Disinfection failed"

Line00000015 = "D:\System Volume Information\_restore{E1E3AAFE-AA41-420A-BDF3-29C5CEFAFBFD}\RP112\A0035303.vbs Deleted"

Line00000014 = "D:\System Volume Information\_restore{E1E3AAFE-AA41-420A-BDF3-29C5CEFAFBFD}\RP113\A0035363.vbs Infected with: VBS.Small.P"

Line00000013 = "D:\System Volume Information\_restore{E1E3AAFE-AA41-420A-BDF3-29C5CEFAFBFD}\RP113\A0035363.vbs Disinfection failed"

Line00000012 = "D:\System Volume Information\_restore{E1E3AAFE-AA41-420A-BDF3-29C5CEFAFBFD}\RP113\A0035363.vbs Deleted"

Line00000011 = "D:\System Volume Information\_restore{ED483AA3-5A4E-4B2A-9E8F-C2DD82ED3A1E}\RP29\A0007902.inf Infected with: VBS.Small.Q"

Line00000010 = "D:\System Volume Information\_restore{ED483AA3-5A4E-4B2A-9E8F-C2DD82ED3A1E}\RP29\A0007902.inf Deleted"

Line00000009 = "D:\System Volume Information\_restore{ED483AA3-5A4E-4B2A-9E8F-C2DD82ED3A1E}\RP29\A0007903.bat Infected with: Trojan.BAT.Autorun.A"

Line00000008 = "D:\System Volume Information\_restore{ED483AA3-5A4E-4B2A-9E8F-C2DD82ED3A1E}\RP29\A0007903.bat Disinfection failed"

Line00000007 = "D:\System Volume Information\_restore{ED483AA3-5A4E-4B2A-9E8F-C2DD82ED3A1E}\RP29\A0007903.bat Deleted"

Line00000006 = "D:\System Volume Information\_restore{ED483AA3-5A4E-4B2A-9E8F-C2DD82ED3A1E}\RP31\A0010127.reg Infected with: Trojan.Regger.Q"

Line00000005 = "D:\System Volume Information\_restore{ED483AA3-5A4E-4B2A-9E8F-C2DD82ED3A1E}\RP31\A0010127.reg Deleted"

Line00000004 = "D:\System Volume Information\_restore{ED483AA3-5A4E-4B2A-9E8F-C2DD82ED3A1E}\RP31\A0010128.exe Infected with: Backdoor.Irc.Flood.CI"

Line00000003 = "D:\System Volume Information\_restore{ED483AA3-5A4E-4B2A-9E8F-C2DD82ED3A1E}\RP31\A0010128.exe Deleted"

Line00000002 = "D:\System Volume Information\_restore{ED483AA3-5A4E-4B2A-9E8F-C2DD82ED3A1E}\RP31\A0010129.exe Detected with: Application.Findkeyxp.G"

Line00000001 = "D:\System Volume Information\_restore{ED483AA3-5A4E-4B2A-9E8F-C2DD82ED3A1E}\RP31\A0010129.exe Disinfection failed"

Line00000000 = "D:\System Volume Information\_restore{ED483AA3-5A4E-4B2A-9E8F-C2DD82ED3A1E}\RP31\A0010129.exe Deleted"

 

 

Logfile of HijackThis v1.99.1

Scan saved at 12:42:03, on 11/3/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.5730.0013)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\WINDOWS\WinLogT.exe

C:\WINDOWS\system32\RunDLL32.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Registry Clean Expert\RCHelper.exe

C:\Arquivos de programas\DAEMON Tools\daemon.exe

C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBService.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexingService.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Windows Live\Messenger\usnsvc.exe

D:\Igor\Programas\HijackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [WinLogT] C:\WINDOWS\WinLogT.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [NBKeyScan] "C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [RegClean Expert Scheduler] "C:\Arquivos de programas\Registry Clean Expert\RCHelper.exe" /startup

O4 - HKCU\..\Run: [DAEMON Tools] "C:\Arquivos de programas\DAEMON Tools\daemon.exe" -lang 1033

O4 - HKCU\..\Run: [indxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O11 - Options group: [iNTERNATIONAL] International*

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1204385061890

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{3B8AB0F1-9991-4304-840F-4D2F58AFC6A1}: NameServer = 200.165.132.155 200.149.55.142

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexingService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)

O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

[DigRam 144]

Boa Noite! Igor_Filipe

 

>@< Estando tudo Ok com o PC,crie um Ponto de Restauração do Sistema,completamente Limpo!

>@< Clique com o botão direito do mouse em cima de Meu Computador >> Propriedades >> Restauração do Sistema.

>@< Marque: Desativar Restauração do Sistema >> Aplicar >> Ok.

__________________________

 

>@< Vá em Iniciar >> Executar >> Digite: cleanmgr

>@< Aguarde!No Utilitário de limpeza de disco,marque todas as caixas e confirme!

>@< Terminando!Vá,novamente,à restauração e desmarque a caixa. >> Aplicar >> Ok.

__________________________

 

>@< Faça uma nova verificação em BitDefender,e poste o relatório. Delete o antigo!

 

Abraços!

[Igor_Filipe 0]

Ola DigRam!

 

 

[General]

App = "BitDefender Online Scanner v8"

Date = 12:03:2008

Time = 03:49:43

Scan Path = C:\;D:\;E:\;F:\;I:\;

 

[Engines Info]

Virus Definitions = 986815

Engine build = "AVCORE v1.0 (build 2422) (i386) (Sep 25 2007 08:26:36)"

Scan plugins = 16

Archive plugins = 41

Unpack plugins = 7

E-mail plugins = 6

System plugins = 5

 

[scan Statistics]

Folders = 3750

Files = 163610

Archives = 4120

Packed files = 9530

Identified viruses = 4

Infected files = 4

Warnings = 0

Suspect files = 0

Disinfected files = 0

Deleted files = 4

Copied files = 0

Moved files = 0

Renamed files = 0

I/O Errors = 27

 

[scan Settings]

SecondAction = Delete

FirstAction = Disinfect

Heuristics = 1

Enable Warnings = 1

Exclude Ext =

Extensions = *;

Scan Emails = 1

Scan Archives = 1

Scan Packed = 1

Scan Files = 1

Scan Boot = 1

Verify Memory = 0

 

[scan Results]

Line00000014 = "D:\Felipe2\ADSTechnologyInstall.exe=>(NSIS o)=>zlib_nsis0002=>(NSIS o)=>zlib_nsis0002 Detected with: Adware.BHO.WQB"

Line00000013 = "D:\Felipe2\ADSTechnologyInstall.exe=>(NSIS o)=>zlib_nsis0002=>(NSIS o)=>zlib_nsis0002 Disinfection failed"

Line00000012 = "D:\Felipe2\ADSTechnologyInstall.exe=>(NSIS o)=>zlib_nsis0002=>(NSIS o)=>zlib_nsis0002 Deleted"

Line00000011 = "D:\Felipe2\ADSTechnologyInstall.exe=>(NSIS o)=>zlib_nsis0002=>(NSIS o) Update failed"

Line00000010 = "D:\Igor\Jogos\Warcraft III The Frozen Throne.nrg=>crack/dev-ft-keygen.exe Infected with: Trojan.Dropper.PT"

Line00000009 = "D:\Igor\Jogos\Warcraft III The Frozen Throne.nrg=>crack/dev-ft-keygen.exe Deleted"

Line00000008 = "D:\Igor\Jogos\Warcraft III The Frozen Throne.nrg Update failed"

Line00000007 = "D:\Igor\Programas\keyfinder.rar=>keyfinder.exe Detected with: Application.Findkeyxp.G"

Line00000006 = "D:\Igor\Programas\keyfinder.rar=>keyfinder.exe Disinfection failed"

Line00000005 = "D:\Igor\Programas\keyfinder.rar=>keyfinder.exe Deleted"

Line00000004 = "D:\Igor\Programas\keyfinder.rar Update failed"

Line00000003 = "D:\Igor\Programas\Nero-7.9.6.0_PTB.rar=>Nero.rar=>Nero\nero_keygen.exe Detected with: Application.Keygen.Nero.A"

Line00000002 = "D:\Igor\Programas\Nero-7.9.6.0_PTB.rar=>Nero.rar=>Nero\nero_keygen.exe Disinfection failed"

Line00000001 = "D:\Igor\Programas\Nero-7.9.6.0_PTB.rar=>Nero.rar=>Nero\nero_keygen.exe Deleted"

Line00000000 = "D:\Igor\Programas\Nero-7.9.6.0_PTB.rar=>Nero.rar Update failed"

[DigRam 144]

Bom Dia Igor_Filipe!

 

>@< BitDefender removeu o adware: ADSTechnologyInstall.exe

>@< Caso necessite do programa,utilize-o de uma forma isolada,com o Sandbox.

 

<!> Leia o Tutorial.

_________________________

 

>@< Como está o computador?

>@< Os erros continuam?

 

Abraços!

[Igor_Filipe 0]

Muito obrigado DigRam! resolveu meu problema!

[DigRam 144]

PROBLEMA RESOLVIDO!

 

Caso o autor necessite que o Tópico seja reaberto é preciso enviar uma Mensagem Privada,para um Moderador,com um Link para o Tópico.