[Resolvido!] Provável malware no PC - relato de problemas

Carlos SP · Abril 28, 2009

Boa noite aos membros, administradores e analistas.

Utilizo o Windows XP em um PC que adquiri em 2006, já com o Norton Internet Security instalado. Ano passado, instalei o Norton IS 2008, mantendo conexão discada. Algumas ameaças (vírus, spywares) parecem ter sido removidas no momento da instalação,porém nos últimos meses uma série de problemas vêm acontecendo. Principalmente agora, que estou com conexão de banda larga. Alguns desses problemas:

1. Bloqueio de acesso ao site da Symantec ou qualquer outro fornecedor de antivírus. Mais precisamente, é solicitada conexão dial-up, com uma senha bem diferente da que eu vinha utilizando. O Live Update falha, e algumas vezes recebo a mensagem de que o produto está configurado para conexão discada.

2. O suporte técnico da Symantec encaminhou uma série de procedimentos (basicamente, remoção e reinstalação do NIS 2008, com update da versão 2009). Porém, não consigo mais instalar o produto no PC, nem fazer o download da tal atualização.

3. Enquanto o NIS 2008 estava instalado, várias janelas entituladas "Symantec proxy" abriam enquanto eu navegava pela Internet. Pelo que entendi, "algo" na máquina estava enviando mensagens a MUITOS e-mails desconhecidos. Esse fato estava comprometendo o desempenho do PC.

4. O computador trava frequentemente no momento de desligar. Aparecem telas com mensagens "a estação de trabalho está sendo desligada". Iniciando o Windows, vêm aparecendo mensagens de erro como "Win32 Generic Host server", e outras.

Segue o log do HijackThis:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 23:00:27, on 27/4/2009

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\afisicx.exe

C:\WINDOWS\dhcp\svchost.exe

C:\Arquivos de programas\Arquivos comuns\LightScribe\LSSrvc.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\sopidkc.exe

C:\WINDOWS\system32\tdctxte.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccSvcHst.exe

C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpCtr.exe

C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpSvc.exe

C:\WINDOWS\pchealth\helpctr\binaries\HelpCtr.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\WINDOWS\system32\WISPTIS.EXE

C:\Hijack\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://login.yahoo.com/config/login_verify...=br&.src=ym

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dll

O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Arquivos de programas\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll

O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)

O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Arquivos de programas\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll

O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto

O4 - HKCU\..\Run: [Windows Service help] C:\RECYCLER\S-1-5-21-6057772207-5458510898-973275790-8303\winservices.exe

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - HKUS\.DEFAULT\..\Run: [svc] c:\program Files\ThunMail\testabd.exe (User 'Default user')

O4 - HKUS\.DEFAULT\..\Run: [reader_s] C:\Documents and Settings\Carlos\reader_s.exe (User 'Default user')

O4 - HKUS\.DEFAULT\..\Run: [VRTE0A] C:\WINDOWS\TEMP\VRTE0A.exe (User 'Default user')

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1131549136390

O20 - AppInit_DLLs: c:\progra~1\ThunMail\testabd.dll

O23 - Service: afisicx Service (afisicx) - 5.232.121.233 - C:\WINDOWS\system32\afisicx.exe

O23 - Service: Dhcp server (DhcpSrv) - Unknown owner - C:\WINDOWS\dhcp\svchost.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Arquivos de programas\Arquivos comuns\LightScribe\LSSrvc.exe

O23 - Service: sopidkc Service (sopidkc) - 5.232.121.233 - C:\WINDOWS\system32\sopidkc.exe

O23 - Service: Symantec Core LC - Unknown owner - C:\ARQUIV~1\ARQUIV~1\SYMANT~1\CCPD-LC\symlcsvc.exe (file missing)

O23 - Service: tdctxte Service (tdctxte) - 5.232.121.233 - C:\WINDOWS\system32\tdctxte.exe

--

End of file - 4742 bytes

Peço desculpas pelo tamanho da descrição dos problemas, mas creio que esse é o melhor meio para que outros membros possam tirar suas dúvidas.

Desde já agradeço...

DigRam · Abril 28, 2009

Bom Dia! Carlos SP

<@> Baixe: < DrWebCureIt >

<@> Salve-o no desktop!

<@> Reinicie o computador em Modo de Segurança.

<@> Inicie a instalação/execução,com um duplo-clique em drweb-cureit.

<@> Na janela que abrir,clique em Iniciar --> OK.

<@> Será dado início a "Verificação rápida" --> Feche a janela de propaganda!

<@> Terminando,marque a caixa de "Verificação Completa".

<@> Click em "Options" --> Em Change settings,desmarque a "Heuristic analysis".

Neste modo são verificados os seguintes objectos:

* Sectores de Arranque de Todos os Discos. <--

* Todas as Unidades Removíveis. <--

* Todos os Discos Locais. <--

<@> Clique em "Iniciar verificação" --> Aguarde!

<@> Surgindo mensagens para mover ou desinfectar arquivos,clique em Sim.

<@> Terminando,clique em "Ficheiro" --> "Guardar lista de relatórios".

<@> Procure salvá-lo em um local adequado. ( DrWeb.csv ) <-- Texto!

<@> Poste: DrWeb.csv <--

<><><><><><><><><><><><>

<@> Baixe: < Kaspersky Virus Removal Tool >

<@> Salve-o em Arquivos de Programas,e instale-o aí mesmo!

<@> Reinicie o computador,em Modo de Segurança! <-- Importante!

<@> Dê início ao exame,clicando em "Scan".

<@> A verificação é muito demorada. <-- Aguarde!

<@> Caso seja encontrada infecções,clique em "disinfect".

<@> Terminando,clique na aba Events.

<@> Desmarque a caixa de seleção "Show all events".

<@> Clique em "Save to file".

<@> Nomeie-o e salve-o no desktop! <-- Relatório para postagem!

<@> Poste,também,HijackThis atualizado.

Abraços!

Carlos SP · Abril 29, 2009

Boa noite, DigRam. Obrigado pelo auxílio!

Não consegui acessar o drweb-cureit ("a página não pode ser exibida")...

Eu poderia salvar esse programa, e o Kaspersky, em outro computador, e copiar (via pen-drive) para o meu PC? Isso pode comprometer a continuidade do processo de verificação?

Forte abraço.

DigRam · Abril 29, 2009

Boa noite, DigRam. Obrigado pelo auxílio!

Não consegui acessar o drweb-cureit ("a página não pode ser exibida")...

Eu poderia salvar esse programa, e o Kaspersky, em outro computador, e copiar (via pen-drive) para o meu PC? Isso pode comprometer a continuidade do processo de verificação?

Forte abraço.

<><><><><><><><><>

Opa! Carlos SP

<!> Faça!

Abraços!

Carlos SP · Abril 29, 2009

Boa noite, DigRam! Aí vão os posts requisitados... dividi os relatórios em quatro mensagens, ok?

- RELATÓRIO DrWEB:

issch.exe c:\arquivos de programas\arquivos comuns\installshield\updateservice Win32.Virut.56 Desinfectado.

isuspm.exe c:\arquivos de programas\arquivos comuns\installshield\updateservice Win32.Virut.56 Desinfectado.

lssrvc.exe c:\arquivos de programas\arquivos comuns\lightscribe Win32.Virut.56 Desinfectado.

hpqtra08.exe c:\arquivos de programas\hp\digital imaging\bin Win32.Virut.56 Desinfectado.

hpwuschd2.exe c:\arquivos de programas\hp\hp software update Win32.Virut.56 Desinfectado.

jusched.exe c:\arquivos de programas\java\jre1.5.0_06\bin Win32.Virut.56 Desinfectado.

msmsgs.exe c:\arquivos de programas\messenger Win32.Virut.56 Desinfectado.

bc40case.exe c:\arquivos de programas\textware\bookcase40 Win32.Virut.56 Desinfectado.

websvr.exe c:\documents and settings\carlos\configurações locais\dados de aplicativos Trojan.Click.25647

reader_s.exe c:\documents and settings\carlos Trojan.DownLoad.29459 Eliminado.

testabd.dll c:\program files\thunmail Trojan.PWS.Wow.1315 Eliminado.

testabd.exe c:\program files\thunmail Win32.Virut.56 Desinfectado.

testabd.exe c:\program files\thunmail Trojan.PWS.Wow.1315 Eliminado.

winservices.exe c:\recycler\s-1-5-21-4401291817-2159327192-588525911-9524 Win32.Virut.56 Desinfectado.

winservices.exe c:\recycler\s-1-5-21-4401291817-2159327192-588525911-9524 Win32.HLLW.Recycler.3 Eliminado.

winservices.exe c:\recycler\s-1-5-21-6057772207-5458510898-973275790-8303 Win32.Virut.56 Desinfectado.

winservices.exe c:\recycler\s-1-5-21-6057772207-5458510898-973275790-8303 Win32.HLLW.Recycler.3 Eliminado.

isl.exe c:\recycler\s-1-5-21-6299375358-1579059880-171803785-1409 Win32.Virut.56 Desinfectado.

isl.exe c:\recycler\s-1-5-21-6299375358-1579059880-171803785-1409 Win32.HLLW.Lime.3 Eliminado.

vshost.exe c:\ Win32.Virut.56 Desinfectado.

vshost.exe c:\ Win32.HLLW.Recycler.3 Eliminado.

svchost.exe c:\windows\dhcp Win32.Virut.56 Desinfectado.

svchost.exe c:\windows\dhcp BackDoor.BlackHole.3332 Eliminado.

explorer.exe c:\windows Win32.Virut.56 Desinfectado.

unregmp2.exe c:\windows\inf Win32.Virut.56 Desinfectado.

soundman.exe c:\windows Win32.Virut.56 Desinfectado.

svchost.exe c:\windows\system32\3361 Win32.Virut.56 Desinfectado.

svchost.exe c:\windows\system32\3361 Trojan.Ads.49 Eliminado.

afisicx.exe c:\windows\system32 Win32.Virut.56 Desinfectado.

afisicx.exe c:\windows\system32 Trojan.DownLoad.35111 Eliminado.

alg.exe c:\windows\system32 Win32.Virut.56 Desinfectado.

at1394.sys c:\windows\system32 Trojan.NtRootKit.2785 Eliminado.

cisvc.exe c:\windows\system32 Win32.Virut.56 Desinfectado.

clipsrv.exe c:\windows\system32 Win32.Virut.56 Desinfectado.

ctfmon.exe c:\windows\system32 Win32.Virut.56 Desinfectado.

dllhost.exe c:\windows\system32 Win32.Virut.56 Desinfectado.

dmadmin.exe c:\windows\system32 Win32.Virut.56 Desinfectado.

calling.com c:\windows\system32\drive Program.mIRC.603

iasv32.dll c:\windows\system32 Trojan.DownLoad.35600 Eliminado.

ie4uinit.exe c:\windows\system32 Win32.Virut.56 Desinfectado.

imapi.exe c:\windows\system32 Win32.Virut.56 Desinfectado.

locator.exe c:\windows\system32 Win32.Virut.56 Desinfectado.

logon.scr c:\windows\system32 Win32.Virut.56 Desinfectado.

logonui.exe c:\windows\system32 Win32.Virut.56 Desinfectado.

mnmsrvc.exe c:\windows\system32 Win32.Virut.56 Desinfectado.

msdtc.exe c:\windows\system32 Win32.Virut.56 Desinfectado.

msiexec.exe c:\windows\system32 Win32.Virut.56 Desinfectado.

netdde.exe c:\windows\system32 Win32.Virut.56 Desinfectado.

ntsd.exe c:\windows\system32 Win32.Virut.56 Desinfectado.

reader_s.exe c:\windows\system32 Trojan.DownLoad.29459 Eliminado.

regsvr32.exe c:\windows\system32 Win32.Virut.56 Desinfectado.

rsvp.exe c:\windows\system32 Win32.Virut.56 Desinfectado.

rundll32.exe c:\windows\system32 Win32.Virut.56 Desinfectado.

scardsvr.exe c:\windows\system32 Win32.Virut.56 Desinfectado.

sessmgr.exe c:\windows\system32 Win32.Virut.56 Desinfectado.

shmgrate.exe c:\windows\system32 Win32.Virut.56 Desinfectado.

smlogsvc.exe c:\windows\system32 Win32.Virut.56 Desinfectado.

sopidkc.exe c:\windows\system32 Win32.Virut.56 Desinfectado.

sopidkc.exe c:\windows\system32 Trojan.DownLoad.35111 Eliminado.

tdctxte.exe c:\windows\system32 Win32.Virut.56 Desinfectado.

tdctxte.exe c:\windows\system32 Trojan.DownLoad.35111 Eliminado.

ups.exe c:\windows\system32 Win32.Virut.56 Desinfectado.

userinit.exe c:\windows\system32 Win32.Virut.56 Desinfectado.

vssvc.exe c:\windows\system32 Win32.Virut.56 Desinfectado.

wmiapsrv.exe c:\windows\system32\wbem Win32.Virut.56 Desinfectado.

xnqpu.dll c:\windows\system32 Win32.HLLW.Autoruner.5555 Eliminado.

ata.exe C:\ Win32.HLLW.MyBot Eliminado.

ckc.exe/data002\data002 C:\ckc.exe/data002 Program.mIRC.603

ckc.exe/data002\data003 C:\ckc.exe/data002 Tool.Moo

ckc.exe/data002\data005 C:\ckc.exe/data002 Program.PrcView.3725

ckc.exe/data002\data006 C:\ckc.exe/data002 Tool.Dasniff

ckc.exe/data002\data007 C:\ckc.exe/data002 Trojan.Flood.22016

ckc.exe/data002\data008 C:\ckc.exe/data002 IRC.Flood

ckc.exe/data002\data009 C:\ckc.exe/data002 Tool.PassView

ckc.exe/data002\data010 C:\ckc.exe/data002 IRC.Generic.147

data002 C:\ O arquivo contém objectos infectados

ckc.exe C:\ A pasta contem objectos infectados

ddram.exe/data002\data010 C:\ddram.exe/data002 Tool.Moo

ddram.exe/data002\data012 C:\ddram.exe/data002 Program.PrcView.3725

ddram.exe/data002\data013 C:\ddram.exe/data002 Tool.Dasniff

ddram.exe/data002\data014 C:\ddram.exe/data002 Trojan.Flood.22016

ddram.exe/data002\data015 C:\ddram.exe/data002 IRC.Flood

ddram.exe/data002\data016 C:\ddram.exe/data002 Tool.PassView

ddram.exe/data002\data021 C:\ddram.exe/data002 BackDoor.IRC.based

ddram.exe/data002\data022 C:\ddram.exe/data002 IRC.Generic.147

data002 C:\ O arquivo contém objectos infectados

ddram.exe C:\ A pasta contem objectos infectados

drive C:\ Win32.HLLW.Autoruner.6307 Eliminado.

dyr.exe C:\ Win32.Virut.56 Desinfectado.

dyr.exe C:\ Win32.HLLW.Autoruner.6307 Eliminado.

hah.exe/data002\data002 C:\hah.exe/data002 Program.mIRC.603

hah.exe/data002\data003 C:\hah.exe/data002 Tool.Moo

hah.exe/data002\data005 C:\hah.exe/data002 Program.PrcView.3725

hah.exe/data002\data006 C:\hah.exe/data002 Tool.Dasniff

hah.exe/data002\data007 C:\hah.exe/data002 Trojan.Flood.22016

hah.exe/data002\data008 C:\hah.exe/data002 IRC.Flood

hah.exe/data002\data009 C:\hah.exe/data002 Tool.PassView

hah.exe/data002\data010 C:\hah.exe/data002 IRC.Generic.147

data002 C:\ O arquivo contém objectos infectados

hah.exe C:\ A pasta contem objectos infectados

kvcxcscl.exe C:\ Win32.Virut.56 Desinfectado.

nfhusmai.exe C:\ Win32.Virut.56 Desinfectado.

qp.exe C:\ Win32.Virut.56 Desinfectado.

qp.exe C:\ Trojan.Packed.469 Eliminado.

rq.exe/data002\data002 C:\rq.exe/data002 Program.mIRC.603

rq.exe/data002\data003 C:\rq.exe/data002 Tool.Moo

rq.exe/data002\data005 C:\rq.exe/data002 Program.PrcView.3725

rq.exe/data002\data006 C:\rq.exe/data002 Tool.Dasniff

rq.exe/data002\data007 C:\rq.exe/data002 Trojan.Flood.22016

rq.exe/data002\data008 C:\rq.exe/data002 IRC.Flood

rq.exe/data002\data009 C:\rq.exe/data002 Tool.PassView

rq.exe/data002\data010 C:\rq.exe/data002 IRC.Generic.147

data002 C:\ O arquivo contém objectos infectados

rq.exe C:\ A pasta contem objectos infectados

sdd.exe C:\ Win32.HLLW.Autoruner.848 Eliminado.

sys.exe C:\ Win32.Virut.56 Desinfectado.

sys.exe C:\ Win32.HLLW.Lime.4 Eliminado.

sysm.exe/data002\data010 C:\sysm.exe/data002 Tool.Moo

sysm.exe/data002\data012 C:\sysm.exe/data002 Program.PrcView.3725

sysm.exe/data002\data013 C:\sysm.exe/data002 Tool.Dasniff

sysm.exe/data002\data014 C:\sysm.exe/data002 Trojan.Flood.22016

sysm.exe/data002\data015 C:\sysm.exe/data002 IRC.Flood

data002 C:\ O arquivo contém objectos infectados

sysm.exe C:\ A pasta contem objectos infectados

tip.exe C:\ Win32.Virut.56 Desinfectado.

tip.exe C:\ BackDoor.IRC.Flood.8 Eliminado.

superinteressante.exe C:\Arquivos de programas\Abril\Superinteressante Win32.Virut.56 Desinfectado.

AcroRd32.exe C:\Arquivos de programas\Adobe\Acrobat 6.0\Reader Win32.Virut.56 Desinfectado.

IDriver.exe C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\9\Intel 32 Win32.Virut.56 Desinfectado.

agent.exe C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService Win32.Virut.56 Desinfectado.

msinfo32.exe C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\MSInfo Win32.Virut.56 Desinfectado.

game.exe C:\Arquivos de programas\Black Bean Games\Great Battles of WWII - Stalingrad (Demo) Win32.Virut.56 Desinfectado.

CoDMP.exe C:\Arquivos de programas\Call of Duty Win32.Virut.56 Desinfectado.

UNWISE.EXE C:\Arquivos de programas\Call of Duty\Uninstall Win32.Virut.56 Desinfectado.

DedicatedServer.exe C:\Arquivos de programas\EA GAMES\Battlefield 1942 Win32.Virut.56 Desinfectado.

Battlefield 1942_eReg.exe C:\Arquivos de programas\EA GAMES\Battlefield 1942\eReg Win32.Virut.56 Desinfectado.

Battlefield 1942_EZ.exe C:\Arquivos de programas\EA GAMES\Battlefield 1942\eReg Win32.Virut.56 Desinfectado.

prism.exe C:\Arquivos de programas\GraphPad\Prism 4 Win32.Virut.56 Desinfectado.

hpqdirec.exe C:\Arquivos de programas\HP\Digital Imaging\bin Win32.Virut.56 Desinfectado.

hpqpprop.exe C:\Arquivos de programas\HP\Digital Imaging\bin Win32.Virut.56 Desinfectado.

hpqste08.exe C:\Arquivos de programas\HP\Digital Imaging\bin Win32.Virut.56 Desinfectado.

hpqtbx01.exe C:\Arquivos de programas\HP\Digital Imaging\bin Win32.Virut.56 Desinfectado.

hpqusgl.exe C:\Arquivos de programas\HP\Digital Imaging\bin Win32.Virut.56 Desinfectado.

hpqwrg.exe C:\Arquivos de programas\HP\Digital Imaging\bin Win32.Virut.56 Desinfectado.

hprbui.exe C:\Arquivos de programas\HP\Digital Imaging\Product Assistant\bin Win32.Virut.56 Desinfectado.

HPWUCli.exe C:\Arquivos de programas\HP\HP Software Update Win32.Virut.56 Desinfectado.

HP_IZE.exe C:\Arquivos de programas\HP\Image Zone Express Win32.Virut.56 Desinfectado.

Player.exe C:\Arquivos de programas\HT NETWORKS\HT Player Win32.Virut.56 Desinfectado.

Setup.exe C:\Arquivos de programas\InstallShield Installation Information\{698D7E61-E4BF-4CA6-8A09-CF6BDBFDEF65} Win32.Virut.56 Desinfectado.

iedw.exe C:\Arquivos de programas\Internet Explorer Win32.Virut.56 Desinfectado.

IEXPLORE.EXE C:\Arquivos de programas\Internet Explorer Win32.Virut.56 Desinfectado.

icwconn1.exe C:\Arquivos de programas\Internet Explorer\Connection Wizard Win32.Virut.56 Desinfectado.

icwconn2.exe C:\Arquivos de programas\Internet Explorer\Connection Wizard Win32.Virut.56 Desinfectado.

icwrmind.exe C:\Arquivos de programas\Internet Explorer\Connection Wizard Win32.Virut.56 Desinfectado.

icwtutor.exe C:\Arquivos de programas\Internet Explorer\Connection Wizard Win32.Virut.56 Desinfectado.

inetwiz.exe C:\Arquivos de programas\Internet Explorer\Connection Wizard Win32.Virut.56 Desinfectado.

isignup.exe C:\Arquivos de programas\Internet Explorer\Connection Wizard Win32.Virut.56 Desinfectado.

javaws.exe C:\Arquivos de programas\Java\jre1.5.0_06\bin Win32.Virut.56 Desinfectado.

SC3.EXE C:\Arquivos de programas\Maxis\SimCity 3000\Game Win32.Virut.56 Desinfectado.

VBAPB10.CHM\html/pbproStartInNextTextBox.htm C:\Arquivos de programas\Microsoft Office\OFFICE11\1046\VBAPB10.CHM Modificação de Avispa.2048

VBAPB10.CHM C:\Arquivos de programas\Microsoft Office\OFFICE11\1046 A pasta contem objectos infectados

moviemk.exe C:\Arquivos de programas\Movie Maker Win32.Virut.56 Desinfectado.

bckgzm.exe C:\Arquivos de programas\MSN Gaming Zone\Windows Win32.Virut.56 Desinfectado.

chkrzm.exe C:\Arquivos de programas\MSN Gaming Zone\Windows Win32.Virut.56 Desinfectado.

hrtzzm.exe C:\Arquivos de programas\MSN Gaming Zone\Windows Win32.Virut.56 Desinfectado.

Rvsezm.exe C:\Arquivos de programas\MSN Gaming Zone\Windows Win32.Virut.56 Desinfectado.

shvlzm.exe C:\Arquivos de programas\MSN Gaming Zone\Windows Win32.Virut.56 Desinfectado.

conf.exe C:\Arquivos de programas\NetMeeting Win32.Virut.56 Desinfectado.

msimn.exe C:\Arquivos de programas\Outlook Express Win32.Virut.56 Desinfectado.

wab.exe C:\Arquivos de programas\Outlook Express Win32.Virut.56 Desinfectado.

Victoria.exe C:\Arquivos de programas\Paradox Entertainment\Victoria Win32.Virut.56 Desinfectado.

Victoria_Settings.exe C:\Arquivos de programas\Paradox Entertainment\Victoria Win32.Virut.56 Desinfectado.

PDFCreator.exe C:\Arquivos de programas\PDFCreator Win32.Virut.56 Desinfectado.

TransTool.exe C:\Arquivos de programas\PDFCreator\languages Win32.Virut.56 Desinfectado.

CinePlayer.exe C:\Arquivos de programas\Roxio\CinePlayer Win32.Virut.56 Desinfectado.

wmplayer.exe C:\Arquivos de programas\Windows Media Player Win32.Virut.56 Desinfectado.

hypertrm.exe C:\Arquivos de programas\Windows NT Win32.Virut.56 Desinfectado.

wordpad.exe C:\Arquivos de programas\Windows NT\Acessórios Win32.Virut.56 Desinfectado.

PINBALL.EXE C:\Arquivos de programas\Windows NT\Pinball Win32.Virut.56 Desinfectado.

WinRAR.exe C:\Arquivos de programas\WinRAR Win32.Virut.56 Desinfectado.

I_AM_EMO.gif---www.facebook.com C:\Documents and Settings\Administrador\Configurações locais\Temp Win32.HLLW.Recycler.3 Eliminado.

DFUDC.exe C:\Documents and Settings\Carlos Win32.Virut.56 Desinfectado.

DFUDC.exe C:\Documents and Settings\Carlos Win32.HLLW.Recycler.3 Eliminado.

DUJUJ.exe C:\Documents and Settings\Carlos Win32.HLLW.Recycler.3 Eliminado.

KRPTS.exe C:\Documents and Settings\Carlos Win32.HLLW.Recycler.3 Eliminado.

QYESO.exe C:\Documents and Settings\Carlos Win32.Virut.56 Desinfectado.

QYESO.exe C:\Documents and Settings\Carlos Win32.HLLW.Recycler.3 Eliminado.

TCNCN.exe C:\Documents and Settings\Carlos Win32.HLLW.Recycler.3 Eliminado.

TGIUI.exe C:\Documents and Settings\Carlos Win32.HLLW.Recycler.3 Eliminado.

TZNWJ.exe C:\Documents and Settings\Carlos Win32.Virut.56 Desinfectado.

TZNWJ.exe C:\Documents and Settings\Carlos Win32.HLLW.Recycler.3 Eliminado.

WMXNW.exe C:\Documents and Settings\Carlos Win32.Virut.56 Desinfectado.

WMXNW.exe C:\Documents and Settings\Carlos Win32.HLLW.Recycler.3 Eliminado.

WPWBD.exe C:\Documents and Settings\Carlos Win32.Virut.56 Desinfectado.

WPWBD.exe C:\Documents and Settings\Carlos Win32.HLLW.Recycler.3 Eliminado.

websvr.exe C:\Documents and Settings\Carlos\Configurações locais\Dados de aplicativos Trojan.Click.25647

ddsuper1[1].htm C:\Documents and Settings\Carlos\Configurações locais\Temporary Internet Files\Content.IE5\3ASVVPWL Win32.Virut.56 Desinfectado.

nload[1].exe C:\Documents and Settings\Carlos\Configurações locais\Temporary Internet Files\Content.IE5\85UJ016N Win32.Virut.56 Desinfectado.

rc[1].htm\Script.2 C:\Documents and Settings\Carlos\Configurações locais\Temporary Internet Files\Content.IE5\93R7H9GE\rc[1].htm Exploit.ActiveX.9

rc[1].htm C:\Documents and Settings\Carlos\Configurações locais\Temporary Internet Files\Content.IE5\93R7H9GE A pasta contem objectos infectados

rc[2].htm\Script.2 C:\Documents and Settings\Carlos\Configurações locais\Temporary Internet Files\Content.IE5\93R7H9GE\rc[2].htm Exploit.ActiveX.9

rc[2].htm C:\Documents and Settings\Carlos\Configurações locais\Temporary Internet Files\Content.IE5\93R7H9GE A pasta contem objectos infectados

rc[3].htm\Script.2 C:\Documents and Settings\Carlos\Configurações locais\Temporary Internet Files\Content.IE5\93R7H9GE\rc[3].htm Exploit.ActiveX.9

rc[3].htm C:\Documents and Settings\Carlos\Configurações locais\Temporary Internet Files\Content.IE5\93R7H9GE A pasta contem objectos infectados

rc[4].htm\Script.2 C:\Documents and Settings\Carlos\Configurações locais\Temporary Internet Files\Content.IE5\93R7H9GE\rc[4].htm Exploit.ActiveX.9

rc[4].htm C:\Documents and Settings\Carlos\Configurações locais\Temporary Internet Files\Content.IE5\93R7H9GE A pasta contem objectos infectados

nload[1].exe C:\Documents and Settings\Carlos\Configurações locais\Temporary Internet Files\Content.IE5\C1MB4L2N Win32.Virut.56 Desinfectado.

nload[1].exe C:\Documents and Settings\Carlos\Configurações locais\Temporary Internet Files\Content.IE5\CJ0J27MV Win32.Virut.56 Desinfectado.

cmd1[1].exe C:\Documents and Settings\Carlos\Configurações locais\Temporary Internet Files\Content.IE5\G5M7K5YR Win32.HLLW.Lime.3 Eliminado.

ddsuper2[1].htm C:\Documents and Settings\Carlos\Configurações locais\Temporary Internet Files\Content.IE5\IPLA7298 Trojan.DownLoad.29459 Eliminado.

nload[1].exe C:\Documents and Settings\Carlos\Configurações locais\Temporary Internet Files\Content.IE5\OR25WRMT Win32.Virut.56 Desinfectado.

pic[1].exe C:\Documents and Settings\Carlos\Configurações locais\Temporary Internet Files\Content.IE5\OR25WRMT Win32.HLLW.Lime.2 Eliminado.

nload[1].exe C:\Documents and Settings\Carlos\Configurações locais\Temporary Internet Files\Content.IE5\QHYR85GZ Win32.Virut.56 Desinfectado.

lvhost[1].exe C:\Documents and Settings\Carlos\Configurações locais\Temporary Internet Files\Content.IE5\RPG11Y7E Win32.HLLW.Recycler.3 Eliminado.

lvhost[1].exe C:\Documents and Settings\Carlos\Configurações locais\Temporary Internet Files\Content.IE5\S567M521 Win32.HLLW.Recycler.3 Eliminado.

tdl[1].exe C:\Documents and Settings\Carlos\Configurações locais\Temporary Internet Files\Content.IE5\S567M521 Win32.HLLW.Recycler.3 Eliminado.

ouqenbopzz[1].txt C:\Documents and Settings\Carlos\Configurações locais\Temporary Internet Files\Content.IE5\S9OBKRKB Trojan.Packed.2450 Eliminado.

ouqenbopzz[1].txt C:\Documents and Settings\Carlos\Configurações locais\Temporary Internet Files\Content.IE5\SFTB6MN1 Trojan.Packed.2450 Eliminado.

KaM_1024.exe C:\Documents and Settings\Carlos\Meus documentos\Knights AND Merchants RIP CLASS (Seeded By SnesHeaven.org)\Knights&Merchants Win32.Virut.56 Desinfectado.

w[2].bin C:\Documents and Settings\LocalService\Configurações locais\Temporary Internet Files\Content.IE5\0059PVX9 Trojan.DownLoad.35942 Eliminado.

inuninst.exe C:\Program Files\InterActual\InterActual Player Win32.Virut.56 Desinfectado.

iPlayer.exe C:\Program Files\InterActual\InterActual Player Win32.Virut.56 Desinfectado.

winservices.exe C:\RECYCLER\S-1-5-21-2294762216-9637911831-536108129-0741 Win32.Virut.56 Desinfectado.

winservices.exe C:\RECYCLER\S-1-5-21-2294762216-9637911831-536108129-0741 Win32.HLLW.Recycler.3 Eliminado.

isl.exe C:\RECYCLER\S-1-5-21-8783608433-9158052299-466083778-8539 Win32.HLLW.Autoruner.6307 Eliminado.

SETUP32.EXE C:\SIERRA Win32.Virut.56 Desinfectado.

SIGSPAT.EXE C:\SIERRA Win32.Virut.56 Desinfectado.

A0001060.exe C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1 Win32.HLLW.Lime.3 Eliminado.

A0001072.exe C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1 Win32.HLLW.Recycler.3 Eliminado.

A0001150.old C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1 Trojan.Click.25824 Eliminado.

A0002200.exe C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1 Win32.Virut.56 Desinfectado.

A0002200.exe C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1 BackDoor.BlackHole.3323 Eliminado.

A0004173.old C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1 Trojan.Click.25824 Eliminado.

A0004176.exe C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1 Win32.Virut.56 Desinfectado.

A0005184.sys C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1 Trojan.DownLoad.35604 Eliminado.

A0007207.exe C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1 Win32.Virut.56 Desinfectado.

A0007207.exe C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1 Trojan.DownLoad.35604 Eliminado.

A0007209.exe C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1 Trojan.DownLoad.29459 Eliminado.

A0007210.exe C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1 Trojan.DownLoad.29459 Eliminado.

A0007214.old C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1 Trojan.Siggen.2215 Eliminado.

A0008209.dll C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1 Trojan.PWS.Wsgame.11359 Eliminado.

A0008210.exe C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1 Win32.Virut.56 Desinfectado.

A0008210.exe C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1 Trojan.PWS.Wsgame.11359 Eliminado.

A0008212.exe C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1 Win32.Virut.56 Desinfectado.

A0008212.exe C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1 BackDoor.BlackHole.3324 Eliminado.

A0009211.old C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1 Trojan.Click.25715 Eliminado.

A0009214.exe C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1 Win32.Virut.56 Desinfectado.

A0010212.old C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1 Trojan.Siggen.2215 Eliminado.

A0010215.exe C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1 Win32.Virut.56 Desinfectado.

A0010236.dll C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1 Trojan.PWS.Wsgame.11359 Eliminado.

A0010237.exe C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1 Win32.Virut.56 Desinfectado.

A0010237.exe C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1 Trojan.PWS.Wsgame.11359 Eliminado.

A0010238.dll C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1 Trojan.DownLoad.35600 Eliminado.

A0010239.exe C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1 Win32.Virut.56 Desinfectado.

A0010239.exe C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1 BackDoor.BlackHole.3333 Eliminado.

A0011224.exe C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1 Win32.Virut.56 Desinfectado.

A0011228.exe C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1 Win32.Virut.56 Desinfectado.

A0011235.old C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1 Trojan.Click.25824 Eliminado.

A0011236.dll C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1 Trojan.DownLoad.35945 Eliminado.

A0013300.exe C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1 Win32.HLLW.Lime.4 Eliminado.

A0013301.exe C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1 Win32.HLLW.Autoruner.848 Eliminado.

A0013302.exe C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1 Trojan.Packed.469 Eliminado.

A0013303.exe C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1 Win32.HLLW.Autoruner.6307 Eliminado.

A0013304.exe C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1 Win32.HLLW.MyBot Eliminado.

A0013315.exe C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1 Win32.HLLW.Recycler.3 Eliminado.

A0013319.exe C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1 Win32.Virut.56 Desinfectado.

A0013319.exe C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1 Win32.HLLW.Recycler.3 Eliminado.

A0013320.exe C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1 Win32.Virut.56 Desinfectado.

A0013321.exe C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1 Win32.Virut.56 Desinfectado.

A0013321.exe C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1 Win32.HLLW.Recycler.3 Eliminado.

A0013322.exe C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1 Win32.Virut.56 Desinfectado.

A0013325.exe C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1 Win32.Virut.56 Desinfectado.

A0013326.exe C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1 Win32.Virut.56 Desinfectado.

A0013326.exe C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1 Win32.HLLW.Recycler.3 Eliminado.

A0013327.exe C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1 Win32.Virut.56 Desinfectado.

A0013327.exe C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1 Win32.HLLW.Recycler.3 Eliminado.

A0013328.exe C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1 Win32.Virut.56 Desinfectado.

A0013329.exe C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1 Win32.Virut.56 Desinfectado.

A0013329.exe C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1 Win32.HLLW.Recycler.3 Eliminado.

A0013333.exe C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1 Win32.Virut.56 Desinfectado.

A0013333.exe C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1 Win32.HLLW.Recycler.3 Eliminado.

A0013334.exe C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1 Win32.Virut.56 Desinfectado.

A0013334.exe C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1 Win32.HLLW.Recycler.3 Eliminado.

A0013335.exe C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1 Win32.Virut.56 Desinfectado.

A0013337.exe C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1 Win32.Virut.56 Desinfectado.

A0013337.exe C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1 Win32.HLLW.Lime.2 Eliminado.

A0013341.exe C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1 Win32.Virut.56 Desinfectado.

A0013341.exe C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1 Win32.HLLW.Recycler.3 Eliminado.

A0013343.exe C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1 Win32.Virut.56 Desinfectado.

A0013346.exe C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1 Win32.Virut.56 Desinfectado.

A0013346.exe C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1 Win32.HLLW.Lime.3 Eliminado.

A0013347.exe C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1 FDOS.Atomix.origin

A0013349.exe C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1 Win32.Virut.56 Desinfectado.

A0013349.exe C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1 Win32.HLLW.Recycler.3 Eliminado.

A0013351.exe C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1 Win32.Virut.56 Desinfectado.

A0013351.exe C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1 Win32.HLLW.Recycler.3 Eliminado.

A0013352.exe C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1 Win32.HLLW.Recycler.3 Eliminado.

A0013353.exe C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1 Win32.Virut.56 Desinfectado.

A0013353.exe C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1 Win32.HLLW.Recycler.3 Eliminado.

A0013356.exe C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1 Win32.Virut.56 Desinfectado.

A0013357.exe C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1 Win32.Virut.56 Desinfectado.

A0013358.exe C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1 Win32.Virut.56 Desinfectado.

A0013360.exe C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1 Win32.Virut.56 Desinfectado.

A0013360.exe C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1 Win32.HLLW.Recycler.3 Eliminado.

A0013361.exe C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1 Win32.HLLW.Recycler.3 Eliminado.

A0013363.exe C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1 FDOS.Atomix.origin

A0013366.exe C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1 Win32.Virut.56 Desinfectado.

A0013366.exe C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1 Win32.HLLW.Recycler.3 Eliminado.

A0013367.exe C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1 Win32.Virut.56 Desinfectado.

A0013367.exe C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1 Win32.HLLW.Recycler.3 Eliminado.

A0013368.exe C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1 Win32.Virut.56 Desinfectado.

A0013370.exe C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1 Win32.Virut.56 Desinfectado.

A0013370.exe C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1 Win32.HLLW.Recycler.3 Eliminado.

A0013374.exe C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1 Win32.Virut.56 Desinfectado.

A0013376.exe C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1 Win32.Virut.56 Desinfectado.

A0013382.com C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1 Win32.HLLW.Recycler.3 Eliminado.

A0013385.exe C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1 Win32.Virut.56 Desinfectado.

A0013385.exe C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1 Dialer.Siggen.121 Eliminado.

A0013386.com C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1 Win32.HLLW.Recycler.3 Eliminado.

A0013388.exe C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1 Win32.Virut.56 Desinfectado.

A0013392.pif C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1 Win32.HLLW.Recycler.3 Eliminado.

A0013484.exe C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1 Win32.Virut.56 Desinfectado.

A0013915.exe C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1 Win32.Virut.56 Desinfectado.

A0013919.exe C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1 Win32.Virut.56 Desinfectado.

A0014207.exe C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1 Win32.HLLW.Recycler.3 Eliminado.

A0014209.exe C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1 Win32.HLLW.MyBot Eliminado.

A0014213.com C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1 Win32.HLLW.Recycler.3 Eliminado.

A0014446.exe C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1 Win32.HLLW.MyBot Eliminado.

A0014448.exe C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1 BackDoor.IRC.Flood.8 Eliminado.

A0014455.exe C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1 Win32.Virut.56 Desinfectado.

A0014484.exe C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1 Win32.Virut.56 Desinfectado.

A0014489.exe C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1 Trojan.DownLoad.29459 Eliminado.

A0014490.exe C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1 Trojan.DownLoad.29459 Eliminado.

A0014492.exe C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1 Win32.Virut.56 Desinfectado.

A0014497.sys C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1 Trojan.DownLoad.35942 Eliminado.

A0014498.exe C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1 Win32.Virut.56 Desinfectado.

A0014523.exe C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1 Win32.Virut.56 Desinfectado.

A0014523.exe C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1 Trojan.PWS.Wow.1315 Eliminado.

A0014532.exe C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1 Win32.Virut.56 Desinfectado.

A0014532.exe C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1 Trojan.PWS.Wow.1315 Eliminado.

A0014540.exe C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1 Win32.HLLW.MyBot Eliminado.

A0014543.exe C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1 Win32.Virut.56 Desinfectado.

A0014544.exe C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1 Win32.Virut.56 Desinfectado.

A0014545.exe C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1 Win32.Virut.56 Desinfectado.

A0014546.exe C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1 Win32.Virut.56 Desinfectado.

A0014547.exe C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1 Win32.Virut.56 Desinfectado.

A0014548.exe C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1 Win32.Virut.56 Desinfectado.

A0014549.exe C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1 Win32.Virut.56 Desinfectado.

A0014550.exe C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1 Win32.Virut.56 Desinfectado.

A0014551.exe C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1 Trojan.DownLoad.29459 Eliminado.

A0014552.dll C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1 Trojan.PWS.Wow.1315 Eliminado.

A0014553.exe C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1 Win32.Virut.56 Desinfectado.

A0014553.exe C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1 Trojan.PWS.Wow.1315 Eliminado.

A0014554.exe C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1 Win32.Virut.56 Desinfectado.

A0014554.exe C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1 Win32.HLLW.Recycler.3 Eliminado.

A0014555.exe C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1 Win32.Virut.56 Desinfectado.

A0014555.exe C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1 Win32.HLLW.Lime.3 Eliminado.

A0014556.exe C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1 Win32.Virut.56 Desinfectado.

A0014556.exe C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1 Win32.HLLW.Recycler.3 Eliminado.

A0014557.exe C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1 Win32.Virut.56 Desinfectado.

A0014557.exe C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1 BackDoor.BlackHole.3332 Eliminado.

A0014558.exe C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1 Win32.Virut.56 Desinfectado.

A0014559.exe C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1 Win32.Virut.56 Desinfectado.

A0014560.EXE C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1 Win32.Virut.56 Desinfectado.

A0014561.EXE C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1 Win32.Virut.56 Desinfectado.

A0014561.EXE C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1 Trojan.Ads.49 Eliminado.

A0014562.exe C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1 Win32.Virut.56 Desinfectado.

A0014562.exe C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1 Trojan.DownLoad.35111 Eliminado.

A0014563.exe C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1 Win32.Virut.56 Desinfectado.

A0014564.sys C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1 Trojan.NtRootKit.2785 Eliminado.

A0014565.exe C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1 Win32.Virut.56 Desinfectado.

A0014566.exe C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1 Win32.Virut.56 Desinfectado.

A0014567.exe C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1 Win32.Virut.56 Desinfectado.

A0014568.exe C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1 Win32.Virut.56 Desinfectado.

A0014569.exe C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1 Win32.Virut.56 Desinfectado.

A0014570.dll C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1 Trojan.DownLoad.35600 Eliminado.

A0014571.exe C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1 Win32.Virut.56 Desinfectado.

A0014572.exe C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1 Win32.Virut.56 Desinfectado.

A0014573.exe C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1 Win32.Virut.56 Desinfectado.

A0014574.scr C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1 Win32.Virut.56 Desinfectado.

A0014575.exe C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1 Win32.Virut.56 Desinfectado.

A0014576.exe C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1 Win32.Virut.56 Desinfectado.

A0014577.exe C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1 Win32.Virut.56 Desinfectado.

A0014578.exe C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1 Win32.Virut.56 Desinfectado.

A0014579.exe C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1 Win32.Virut.56 Desinfectado.

A0014580.exe C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1 Win32.Virut.56 Desinfectado.

A0014581.exe C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1 Trojan.DownLoad.29459 Eliminado.

A0014582.exe C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1 Win32.Virut.56 Desinfectado.

A0014583.exe C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1 Win32.Virut.56 Desinfectado.

A0014584.exe C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1 Win32.Virut.56 Desinfectado.

A0014585.exe C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1 Win32.Virut.56 Desinfectado.

A0014586.exe C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1 Win32.Virut.56 Desinfectado.

A0014587.exe C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1 Win32.Virut.56 Desinfectado.

A0014588.exe C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1 Win32.Virut.56 Desinfectado.

A0014589.exe C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1 Win32.Virut.56 Desinfectado.

A0014589.exe C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1 Trojan.DownLoad.35111 Eliminado.

A0014590.exe C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1 Win32.Virut.56 Desinfectado.

A0014590.exe C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1 Trojan.DownLoad.35111 Eliminado.

A0014591.exe C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1 Win32.Virut.56 Desinfectado.

A0014592.exe C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1 Win32.Virut.56 Desinfectado.

A0014593.exe C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1 Win32.Virut.56 Desinfectado.

A0014594.exe C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1 Win32.Virut.56 Desinfectado.

dla.exe C:\WINDOWS Win32.Virut.56 Desinfectado.

hh.exe C:\WINDOWS Win32.Virut.56 Desinfectado.

InstFunc.exe C:\WINDOWS Win32.Virut.56 Desinfectado.

IsUn0416.exe C:\WINDOWS Win32.Virut.56 Desinfectado.

IsUninst.exe C:\WINDOWS Win32.Virut.56 Desinfectado.

NOTEPAD.EXE C:\WINDOWS Win32.Virut.56 Desinfectado.

regedit.exe C:\WINDOWS Win32.Virut.56 Desinfectado.

setdebug.exe C:\WINDOWS Win32.Virut.56 Desinfectado.

sm56hlpr.exe C:\WINDOWS Win32.Virut.56 Desinfectado.

TASKMAN.EXE C:\WINDOWS Win32.Virut.56 Desinfectado.

twunk_32.exe C:\WINDOWS Win32.Virut.56 Desinfectado.

unin0416.exe C:\WINDOWS Win32.Virut.56 Desinfectado.

winhlp32.exe C:\WINDOWS Win32.Virut.56 Desinfectado.

msiexec.exe C:\WINDOWS\$MSI31Uninstall_KB893803v2$ Win32.Virut.56 Desinfectado.

msmsgs.exe C:\WINDOWS\$NtUninstallKB887472$ Win32.Virut.56 Desinfectado.

hh.exe C:\WINDOWS\$NtUninstallKB896358$ Win32.Virut.56 Desinfectado.

spoolsv.exe C:\WINDOWS\$NtUninstallKB896423$ Win32.Virut.56 Desinfectado.

telnet.exe C:\WINDOWS\$NtUninstallKB896428$ Win32.Virut.56 Desinfectado.

iedw.exe C:\WINDOWS\$NtUninstallKB896688$ Win32.Virut.56 Desinfectado.

migregdb.exe C:\WINDOWS\$NtUninstallKB902400$ Win32.Virut.56 Desinfectado.

iedw.exe C:\WINDOWS\$NtUninstallKB905915$ Win32.Virut.56 Desinfectado.

iedw.exe C:\WINDOWS\$NtUninstallKB912945$ Win32.Virut.56 Desinfectado.

agentsvr.exe C:\WINDOWS\$NtUninstallKB920213$ Win32.Virut.56 Desinfectado.

fltmc.exe C:\WINDOWS\$NtUninstallKB922582$ Win32.Virut.56 Desinfectado.

tzchange.exe C:\WINDOWS\$NtUninstallKB933360$ Win32.Virut.56 Desinfectado.

explorer.exe C:\WINDOWS\$NtUninstallKB938828$ Win32.Virut.56 Desinfectado.

tzchange.exe C:\WINDOWS\$NtUninstallKB942763$ Win32.Virut.56 Desinfectado.

iedw.exe C:\WINDOWS\$NtUninstallKB950759$ Win32.Virut.56 Desinfectado.

tzchange.exe C:\WINDOWS\$NtUninstallKB951072-v2$ Win32.Virut.56 Desinfectado.

tzchange.exe C:\WINDOWS\$NtUninstallKB955839$ Win32.Virut.56 Desinfectado.

dwusplay.exe C:\WINDOWS\Downloaded Program Files Win32.Virut.56 Desinfectado.

NewShortcut11_0AD604BD75F940F88EFF81C9FDAF2FA2.exe C:\WINDOWS\Installer\{0AD604BD-75F9-40F8-8EFF-81C9FDAF2FA2} Win32.Virut.56 Desinfectado.

NewShortcut1_0AD604BD75F940F88EFF81C9FDAF2FA2.exe C:\WINDOWS\Installer\{0AD604BD-75F9-40F8-8EFF-81C9FDAF2FA2} Win32.Virut.56 Desinfectado.

HPSUShortcut2_936C42D08CEE4BDFB8CEC4BDC93C6CF8_1.exe C:\WINDOWS\Installer\{15EE79F4-4ED1-4267-9B0F-351009325D7D} Win32.Virut.56 Desinfectado.

NewShortcut1.A6CC6977_F7B4_4C0B_9510_BCD847D4BDB2.exe C:\WINDOWS\Installer\{30C19FF2-7FBA-4d09-B9DE-1659977F64F6} Win32.Virut.56 Desinfectado.

accicons.exe C:\WINDOWS\Installer\{90110416-6000-11D3-8CFE-0150048383C9} Win32.Virut.56 Desinfectado.

inficon.exe C:\WINDOWS\Installer\{90110416-6000-11D3-8CFE-0150048383C9} Win32.Virut.56 Desinfectado.

misc.exe C:\WINDOWS\Installer\{90110416-6000-11D3-8CFE-0150048383C9} Win32.Virut.56 Desinfectado.

outicon.exe C:\WINDOWS\Installer\{90110416-6000-11D3-8CFE-0150048383C9} Win32.Virut.56 Desinfectado.

pptico.exe C:\WINDOWS\Installer\{90110416-6000-11D3-8CFE-0150048383C9} Win32.Virut.56 Desinfectado.

pubs.exe C:\WINDOWS\Installer\{90110416-6000-11D3-8CFE-0150048383C9} Win32.Virut.56 Desinfectado.

wordicon.exe C:\WINDOWS\Installer\{90110416-6000-11D3-8CFE-0150048383C9} Win32.Virut.56 Desinfectado.

xlicons.exe C:\WINDOWS\Installer\{90110416-6000-11D3-8CFE-0150048383C9} Win32.Virut.56 Desinfectado.

fpicon.exe C:\WINDOWS\Installer\{90170416-6000-11D3-8CFE-0150048383C9} Win32.Virut.56 Desinfectado.

misc.exe C:\WINDOWS\Installer\{90170416-6000-11D3-8CFE-0150048383C9} Win32.Virut.56 Desinfectado.

agentsvr.exe C:\WINDOWS\msagent Win32.Virut.56 Desinfectado.

HelpCtr.exe C:\WINDOWS\pchealth\helpctr\binaries Win32.Virut.56 Desinfectado.

HelpSvc.exe C:\WINDOWS\pchealth\helpctr\binaries Win32.Virut.56 Desinfectado.

msconfig.exe C:\WINDOWS\pchealth\helpctr\binaries Win32.Virut.56 Desinfectado.

6to4v32.dll C:\WINDOWS\system32 Trojan.DownLoad.35600 Eliminado.

accwiz.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.

actmovie.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.

ahui.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.

Apiload.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.

arp.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.

at.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.

atmadm.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.

attrib.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.

auditusr.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.

blastcln.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.

bootok.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.

bootvrfy.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.

cacls.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.

calc.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.

charmap.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.

chkdsk.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.

chkntfs.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.

cidaemon.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.

ckcnv.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.

cleanmgr.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.

cliconfg.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.

clipbrd.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.

clspack.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.

cmd.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.

cmdl32.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.

cmmon32.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.

cmstp.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.

comp.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.

compact.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.

conime.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.

control.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.

convert.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.

cscript.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.

dcomcnfg.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.

ddeshare.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.

defrag.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.

dfrgfat.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.

dfrgntfs.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.

diantz.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.

diskpart.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.

diskperf.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.

dllhst3g.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.

dmremote.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.

dncyool64.sys C:\WINDOWS\system32 Trojan.Click.25824 Eliminado.

doskey.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.

dpcxool64.sys C:\WINDOWS\system32 Trojan.Siggen.2215 Eliminado.

dplaysvr.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.

dpnsvr.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.

dpvsetup.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.

drwtsn32.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.

dumprep.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.

dvdplay.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.

dvdupgrd.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.

dwwin.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.

dxdiag.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.

esentutl.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.

eudcedit.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.

eventvwr.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.

expand.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.

extrac32.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.

fc.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.

find.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.

findstr.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.

finger.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.

fixmapi.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.

fltmc.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.

fontview.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.

forcedos.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.

freecell.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.

fsquirt.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.

fsutil.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.

ftp.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.

grpconv.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.

help.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.

hostname.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.

iexpress.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.

ipconfig.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.

ipsec6.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.

ipv6.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.

ipxroute.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.

java.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.

javaw.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.

javaws.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.

jdbgmgr.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.

JETCOMP.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.

jview.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.

label.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.

lights.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.

lnkstub.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.

lodctr.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.

logagent.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.

logman.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.

logoff.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.

lpq.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.

lpr.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.

magnify.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.

makecab.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.

migpwd.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.

mmc.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.

mobsync.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.

mountvol.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.

mplay32.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.

mpnotify.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.

mrinfo.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.

msg.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.

mshearts.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.

mshta.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.

msncache.dll.877023 C:\WINDOWS\system32 Trojan.DownLoad.35945 Eliminado.

mspaint.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.

msswchx.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.

mstinit.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.

mstsc.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.

narrator.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.

nbtstat.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.

nddeapir.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.

net.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.

net1.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.

netsetup.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.

netsh.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.

netstat.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.

notepad.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.

nslookup.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.

ntvdm.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.

odbcad32.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.

odbcconf.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.

osk.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.

osuninst.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.

packager.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.

pathping.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.

pentnt.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.

perfmon.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.

ping.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.

ping6.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.

powercfg.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.

print.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.

progman.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.

proquota.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.

proxycfg.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.

qappsrv.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.

qprocess.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.

qwinsta.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.

rasautou.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.

rasdial.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.

rasphone.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.

rcimlby.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.

rcp.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.

rdpclip.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.

rdsaddin.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.

rdshost.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.

recover.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.

reg.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.

regedt32.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.

regini.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.

regwiz.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.

replace.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.

reset.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.

rexec.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.

route.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.

routemon.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.

rsh.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.

rsm.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.

rsmsink.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.

rsmui.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.

rtcshare.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.

RTLCPL.EXE C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.

runas.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.

runonce.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.

rwinsta.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.

savedump.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.

sc.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.

scrnsave.scr C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.

sdbinst.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.

sethc.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.

setup.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.

sfc.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.

shadow.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.

shrpubw.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.

shutdown.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.

sigverif.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.

skeys.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.

smbinst.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.

sndrec32.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.

sndvol32.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.

sol.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.

sort.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.

spider.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.

spnpinst.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.

ss3dfo.scr C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.

ssbezier.scr C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.

ssflwbox.scr C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.

ssmarque.scr C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.

ssmypics.scr C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.

ssmyst.scr C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.

sspipes.scr C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.

ssstars.scr C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.

sstext3d.scr C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.

stimon.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.

subst.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.

syncapp.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.

syskey.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.

sysocmgr.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.

systray.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.

t1p0_598990259786.b1k C:\WINDOWS\system32 Trojan.Click.25770 Eliminado.

taskman.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.

taskmgr.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.

tcmsetup.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.

tcpsvcs.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.

telnet.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.

tftp.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.

tourstart.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.

tpsaxyd.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.

tracert.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.

tracert6.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.

tscon.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.

tscupgrd.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.

tsdiscon.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.

tskill.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.

tsshutdn.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.

tzchange.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.

uha.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.

unlodctr.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.

upnpcont.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.

usrmlnka.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.

usrprbda.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.

usrshuta.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.

utilman.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.

verifier.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.

vssadmin.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.

w.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.

w.exe C:\WINDOWS\system32 Trojan.DownLoad.35733 Eliminado.

w32tm.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.

wextract.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.

wiaacmgr.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.

winhlp32.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.

winmine.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.

winmsd.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.

winver.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.

WISPTIS.EXE C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.

wjview.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.

wpabaln.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.

wpnpinst.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.

write.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.

wscntfy.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.

wscript.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.

wtukd32.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.

wupdmgr.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.

XC3SUNIN.EXE C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.

xcopy.exe C:\WINDOWS\system32 Win32.Virut.56 Desinfectado.

d.dll C:\WINDOWS\system32\dk Tool.Moo

lam1.exe C:\WINDOWS\system32\dk Program.PrcView.3725

lam2.exe C:\WINDOWS\system32\dk Tool.Dasniff

lmz.exe C:\WINDOWS\system32\dk IRC.Generic.147 Eliminado.

27296716.INS C:\WINDOWS\system32\drive Program.mIRC.603

31861617.INS C:\WINDOWS\system32\drive Program.mIRC.603

37224256.INS C:\WINDOWS\system32\drive Program.mIRC.603

7058408.INS C:\WINDOWS\system32\drive Program.mIRC.603

8204747.INS C:\WINDOWS\system32\drive Program.mIRC.603

86102025.INS C:\WINDOWS\system32\drive Program.mIRC.603

calling.com C:\WINDOWS\system32\drive Program.mIRC.603

d.dll C:\WINDOWS\system32\drive Tool.Moo

lam1.exe C:\WINDOWS\system32\drive Program.PrcView.3725

lam2.exe C:\WINDOWS\system32\drive Tool.Dasniff

lmz.exe C:\WINDOWS\system32\drive IRC.Generic.147 Eliminado.

rstrui.exe C:\WINDOWS\system32\Restore Win32.Virut.56 Desinfectado.

migwiz.exe C:\WINDOWS\system32\usmt Win32.Virut.56 Desinfectado.

wmiprvse.exe C:\WINDOWS\system32\wbem Win32.Virut.56 Desinfectado.

nncdndfdfg48.exe\dpcxool64.sys C:\WINDOWS\Temp\nncdndfdfg48.exe Trojan.Siggen.2215

nncdndfdfg48.exe C:\WINDOWS\Temp O arquivo contém objectos infectados

VRT3.tmp C:\WINDOWS\Temp Trojan.DownLoad.35934 Eliminado.

----------------------------------------------------------------------------------

Carlos SP · Abril 29, 2009

No scan do Kaspersky, verifiquei inicialmente (por acidente) apenas as três primeiras opções do menu. Em seguida realizei o scan com todos os itens. Coloquei aqui os dois relatórios, ok?

- RELATÓRIO KASPERSKY (SYSTEM MEMORY, STARTUP OBJECTS, DISK BOOT SECTORS):

Scan

----

Scanned: 1400

Detected: 2

Untreated: 0

Start time: 29/4/2009 15:54:20

Duration: 00:02:28

Finish time: 29/4/2009 15:56:48

Detected

--------

Status Object

------ ------

deleted: Trojan program Rootkit.Win32.Agent.jbb File: c:\windows\system32\drivers\fngkvbb.sys

deleted: Trojan program Backdoor.Win32.IRCBot.dsh File: c:\windows\system32\drive\calling.com

Events

------

Time Name Status Reason

---- ---- ------ ------

29/4/2009 15:54:54 File: c:\windows\system32\drive\calling.com detected Trojan program 'Backdoor.Win32.IRCBot.dsh'

29/4/2009 15:54:55 File: c:\windows\system32\drive\calling.com not disinfected postponed

29/4/2009 15:55:28 File: c:\windows\system32\drivers\fngkvbb.sys detected Trojan program 'Rootkit.Win32.Agent.jbb'

29/4/2009 15:55:28 File: c:\windows\system32\drivers\fngkvbb.sys not disinfected postponed

29/4/2009 15:56:02 File: c:\windows\system32\drive\calling.com detected Trojan program 'Backdoor.Win32.IRCBot.dsh'

29/4/2009 15:56:37 Startup object: HKEY_LOCAL_MACHINE\Software\Classes\ChatFile\shell\open\command\ disinfected Trojan program 'Backdoor.Win32.IRCBot.dsh'

29/4/2009 15:56:38 Startup object: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\winreg disinfected Trojan program 'Backdoor.Win32.IRCBot.dsh'

29/4/2009 15:56:38 Startup object: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\msennger disinfected Trojan program 'Backdoor.Win32.IRCBot.dsh'

29/4/2009 15:56:38 Startup object: HKEY_USERS\S-1-5-21-3748263854-567553014-1295907222-1007\Software\Microsoft\Windows\CurrentVersion\Run\hohohhaha disinfected Trojan program 'Backdoor.Win32.IRCBot.dsh'

29/4/2009 15:56:39 File: c:\windows\system32\drive\calling.com deleted

29/4/2009 15:56:39 File: c:\windows\system32\drivers\fngkvbb.sys detected Trojan program 'Rootkit.Win32.Agent.jbb'

29/4/2009 15:56:47 Startup object: HKLM\System\ControlSet001\Services\yqcwdncn\yqcwdncn deleted

29/4/2009 15:56:47 Startup object: HKLM\System\ControlSet003\Services\yqcwdncn\yqcwdncn deleted

29/4/2009 15:56:48 File: c:\windows\system32\drivers\fngkvbb.sys deleted

Statistics

----------

Object Scanned Detected Untreated Deleted Moved to Quarantine Archives Packed files Password protected Corrupted

------ ------- -------- --------- ------- ------------------- -------- ------------ ------------------ ---------

Settings

--------

Parameter Value

--------- -----

Security Level Recommended

Action Prompt for action when the scan is complete

Run mode Manually

File types Scan all files

Scan only new and changed files No

Scan archives All

Scan embedded OLE objects All

Skip if object is larger than No

Skip if scan takes longer than No

Parse email formats No

Scan password-protected archives No

Enable iChecker technology No

Enable iSwift technology No

Show detected threats on "Detected" tab Yes

Rootkits search Yes

Deep rootkits search No

Use heuristic analyzer Yes

Quarantine

----------

Status Object Size Added

------ ------ ---- -----

Backup

------

Status Object Size

------ -----------------

Carlos SP · Abril 29, 2009

RELATÓRIO KASPERSKY PARTE 2 (TODOS OS ITENS DO MENU):

Scan

----

Scanned: 425485

Detected: 139

Untreated: 0

Start time: 29/4/2009 16:00:50

Duration: 02:49:38

Finish time: 29/4/2009 18:50:28

Detected

--------

Status Object

------ ------

disinfected: Trojan program Trojan-Clicker.HTML.IFrame.aga File: C:\Documents and Settings\Carlos\Meus documentos\Diet Calculator, Body Fat Calculator.htm

deleted: Trojan program Backdoor.Win32.IRCBot.dsh File: C:\ckc.exe//calling.com

deleted: Trojan program Backdoor.IRC.Zapchast.zwqy File: C:\ckc.exe//lmz.exe

deleted: Trojan program Backdoor.IRC.Zapchast.zwqz File: C:\ckc.exe//lmz1.bmp

deleted: Trojan program Backdoor.IRC.Zapchast.zwra File: C:\ckc.exe//lmz2.bmp

deleted: Trojan program Backdoor.IRC.Zapchast.zwrb File: C:\ckc.exe//lmz3.bmp

deleted: Trojan program Backdoor.IRC.Zapchast.zwrb File: C:\ddram.exe//lmz3.bmp

deleted: Trojan program Backdoor.IRC.Zapchast.zwqz File: C:\ddram.exe//lmz1.bmp

deleted: Trojan program Backdoor.IRC.Zapchast.zwra File: C:\ddram.exe//lmz2.bmp

deleted: Trojan program Backdoor.IRC.Zapchast.zwqy File: C:\ddram.exe//lmz.exe

deleted: Trojan program Backdoor.IRC.Zapchast.zwrb File: C:\hah.exe

deleted: Trojan program Trojan.Win32.Agent2.hoc File: C:\nfhusmai.exe

deleted: Trojan program Backdoor.IRC.Zapchast.zwrb File: C:\rq.exe

deleted: Trojan program Backdoor.IRC.Zapchast.zwrb File: C:\sysm.exe//lmz3.bmp

disinfected: Trojan program Trojan-Clicker.HTML.IFrame.aga File: C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\pm.html

disinfected: Trojan program Trojan-Clicker.HTML.IFrame.aga File: C:\Arquivos de programas\HP\Digital Imaging\hp deskjet 3900 series\data\readme.html

disinfected: Trojan program Trojan-Clicker.HTML.IFrame.aga File: C:\Arquivos de programas\HT NETWORKS\HT Player\Pomoc.html

deleted: Trojan program Trojan-Spy.Win32.AutoIt.c File: C:\Documents and Settings\Carlos\Configurações locais\Dados de aplicativos\websvr.exe

disinfected: Trojan program Trojan-Clicker.HTML.IFrame.aga File: C:\Documents and Settings\Carlos\Configurações locais\Temp\Temporary Internet Files\Content.IE5\STUJ8LAN\iframe[1].htm

disinfected: Trojan program Trojan-Clicker.HTML.IFrame.aga File: C:\Documents and Settings\Carlos\Configurações locais\Temporary Internet Files\Content.IE5\3ASVVPWL\069[1].htm

disinfected: Trojan program Trojan-Clicker.HTML.IFrame.aga File: C:\Documents and Settings\Carlos\Configurações locais\Temporary Internet Files\Content.IE5\3ASVVPWL\184[1].htm

deleted: Trojan program Trojan.Win32.Agent2.hoc File: C:\Documents and Settings\Carlos\Configurações locais\Temporary Internet Files\Content.IE5\93R7H9GE\bqwkgherb[1].htm

deleted: Trojan program Trojan-Downloader.JS.Plif.a File: C:\Documents and Settings\Carlos\Configurações locais\Temporary Internet Files\Content.IE5\93R7H9GE\rc[1].htm

deleted: Trojan program Trojan-Downloader.JS.Plif.a File: C:\Documents and Settings\Carlos\Configurações locais\Temporary Internet Files\Content.IE5\93R7H9GE\rc[2].htm

deleted: Trojan program Trojan-Downloader.JS.Plif.a File: C:\Documents and Settings\Carlos\Configurações locais\Temporary Internet Files\Content.IE5\93R7H9GE\rc[3].htm

deleted: Trojan program Trojan-Downloader.JS.Plif.a File: C:\Documents and Settings\Carlos\Configurações locais\Temporary Internet Files\Content.IE5\93R7H9GE\rc[4].htm

deleted: Trojan program Trojan.Win32.Agent2.hoc File: C:\Documents and Settings\Carlos\Configurações locais\Temporary Internet Files\Content.IE5\C1MB4L2N\ddsuper3[1].htm

disinfected: Trojan program Trojan-Clicker.HTML.IFrame.aga File: C:\Documents and Settings\Carlos\Configurações locais\Temporary Internet Files\Content.IE5\C1MB4L2N\index[1].htm

disinfected: Trojan program Trojan-Clicker.HTML.IFrame.aga File: C:\Documents and Settings\Carlos\Configurações locais\Temporary Internet Files\Content.IE5\CJ0J27MV\poliovirus[1].htm

deleted: Trojan program Trojan.Win32.Agent2.hoc File: C:\Documents and Settings\Carlos\Configurações locais\Temporary Internet Files\Content.IE5\F650ZKLP\iolvvift[1].htm

disinfected: Trojan program Trojan-Clicker.HTML.IFrame.aga File: C:\Documents and Settings\Carlos\Configurações locais\Temporary Internet Files\Content.IE5\F650ZKLP\redirect[1].htm

deleted: Trojan program Trojan.Win32.Agent2.hoc File: C:\Documents and Settings\Carlos\Configurações locais\Temporary Internet Files\Content.IE5\G5M7K5YR\hnwtu[1].htm

disinfected: Trojan program Trojan-Clicker.HTML.IFrame.aga File: C:\Documents and Settings\Carlos\Configurações locais\Temporary Internet Files\Content.IE5\KL2N0D6R\042[1].htm

disinfected: Trojan program Trojan-Clicker.HTML.IFrame.aga File: C:\Documents and Settings\Carlos\Configurações locais\Temporary Internet Files\Content.IE5\KL2N0D6R\ListarMinhasInscricoes8d41d5b8[1].htm

disinfected: Trojan program Trojan-Clicker.HTML.IFrame.aga File: C:\Documents and Settings\Carlos\Configurações locais\Temporary Internet Files\Content.IE5\KXAXSJQZ\horaciocorral.tudoteca.com[1].htm

deleted: Trojan program Trojan.Win32.Agent2.hoc File: C:\Documents and Settings\Carlos\Configurações locais\Temporary Internet Files\Content.IE5\OR25WRMT\ahurebocmi[1].htm

deleted: Trojan program Trojan.Win32.Pakes.nju File: C:\Documents and Settings\Carlos\Configurações locais\Temporary Internet Files\Content.IE5\OR25WRMT\ddsuper0[1].htm

disinfected: Trojan program Trojan-Clicker.HTML.IFrame.aga File: C:\Documents and Settings\Carlos\Configurações locais\Temporary Internet Files\Content.IE5\OR25WRMT\Informacoes[1].htm

disinfected: Trojan program Trojan-Clicker.HTML.IFrame.aga File: C:\Documents and Settings\Carlos\Configurações locais\Temporary Internet Files\Content.IE5\RPG11Y7E\Index[2].htm

deleted: Trojan program Trojan.Win32.Agent2.hoc File: C:\Documents and Settings\Carlos\Configurações locais\Temporary Internet Files\Content.IE5\SBLP5O15\pifccpdnab[1].htm

deleted: Trojan program Trojan.Win32.Agent2.hoc File: C:\Documents and Settings\Carlos\Configurações locais\Temporary Internet Files\Content.IE5\SN6R49Q3\djspmz[1].htm

disinfected: Trojan program Trojan-Clicker.HTML.IFrame.aga File: C:\Documents and Settings\Carlos\Configurações locais\Temporary Internet Files\Content.IE5\W1QV4927\FaleConosco[1].htm

disinfected: Trojan program Trojan-Clicker.HTML.IFrame.aga File: C:\Documents and Settings\Carlos\Desktop\Blackwell Synergy - Scand J Immunol, Volume 66 Issue 2-3 Page 106-112, August-September 2007 (Full Text).htm

disinfected: Trojan program Trojan-Clicker.HTML.IFrame.aga File: C:\Documents and Settings\Carlos\Desktop\How to Start Jogging.htm

disinfected: Trojan program Trojan-Clicker.HTML.IFrame.aga File: C:\Documents and Settings\Carlos\Desktop\Radiofarmácia - IPEN\Potenciais orientadores.htm

deleted: Trojan program Backdoor.Win32.IRCBot.dsh File: C:\Documents and Settings\Carlos\DoctorWeb\Quarantine\ckc.exe//calling.com

deleted: Trojan program Backdoor.IRC.Zapchast.zwqy File: C:\Documents and Settings\Carlos\DoctorWeb\Quarantine\ckc.exe//lmz.exe

deleted: Trojan program Backdoor.IRC.Zapchast.zwqz File: C:\Documents and Settings\Carlos\DoctorWeb\Quarantine\ckc.exe//lmz1.bmp

deleted: Trojan program Backdoor.IRC.Zapchast.zwra File: C:\Documents and Settings\Carlos\DoctorWeb\Quarantine\ckc.exe//lmz2.bmp

deleted: Trojan program Backdoor.IRC.Zapchast.zwrb File: C:\Documents and Settings\Carlos\DoctorWeb\Quarantine\ckc.exe//lmz3.bmp

deleted: Trojan program Backdoor.IRC.Zapchast.zwrb File: C:\Documents and Settings\Carlos\DoctorWeb\Quarantine\ddram.exe//lmz3.bmp

deleted: Trojan program Backdoor.IRC.Zapchast.zwqz File: C:\Documents and Settings\Carlos\DoctorWeb\Quarantine\ddram.exe//lmz1.bmp

deleted: Trojan program Backdoor.IRC.Zapchast.zwra File: C:\Documents and Settings\Carlos\DoctorWeb\Quarantine\ddram.exe//lmz2.bmp

deleted: Trojan program Backdoor.IRC.Zapchast.zwqy File: C:\Documents and Settings\Carlos\DoctorWeb\Quarantine\ddram.exe//lmz.exe

deleted: Trojan program Backdoor.IRC.Zapchast.zwrb File: C:\Documents and Settings\Carlos\DoctorWeb\Quarantine\hah.exe

deleted: Trojan program Trojan.Win32.VB.obn File: C:\Documents and Settings\Carlos\DoctorWeb\Quarantine\nncdndfdfg48.exe/dpcxool64.sys

deleted: Trojan program Trojan-Downloader.JS.Plif.a File: C:\Documents and Settings\Carlos\DoctorWeb\Quarantine\rc[1].htm

deleted: Trojan program Trojan-Downloader.JS.Plif.a File: C:\Documents and Settings\Carlos\DoctorWeb\Quarantine\rc[2].htm

deleted: Trojan program Trojan-Downloader.JS.Plif.a File: C:\Documents and Settings\Carlos\DoctorWeb\Quarantine\rc[3].htm

deleted: Trojan program Trojan-Downloader.JS.Plif.a File: C:\Documents and Settings\Carlos\DoctorWeb\Quarantine\rc[4].htm

deleted: Trojan program Backdoor.IRC.Zapchast.zwrb File: C:\Documents and Settings\Carlos\DoctorWeb\Quarantine\rq.exe

deleted: Trojan program Backdoor.IRC.Zapchast.zwrb File: C:\Documents and Settings\Carlos\DoctorWeb\Quarantine\sysm.exe//lmz3.bmp

deleted: Trojan program Trojan-Spy.Win32.AutoIt.c File: C:\Documents and Settings\Carlos\DoctorWeb\Quarantine\websvr.exe

deleted: Trojan program Trojan-Spy.Win32.AutoIt.c File: C:\Documents and Settings\Carlos\DoctorWeb\Quarantine\websvr_0.exe

disinfected: Trojan program Trojan-Clicker.HTML.IFrame.aga File: C:\Program Files\Activision\Rome - Total War\Docs\Help\Readme\readme.htm

deleted: Trojan program Trojan-GameThief.Win32.WOW.ihf File: C:\Program Files\ThunMail\testabd.ex_

deleted: Trojan program Trojan-Downloader.Win32.Agent.brzt File: C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1\A0001103.sys

deleted: Trojan program Trojan-GameThief.Win32.WOW.ihf File: C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1\A0001121.exe

deleted: Trojan program Trojan.Win32.Agent2.iho File: C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1\A0002198.dll

deleted: Trojan program Trojan-Downloader.Win32.Delf.tka File: C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1\A0004169.sys

deleted: Trojan program Trojan-Downloader.Win32.Delf.tlp File: C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1\A0007213.sys

deleted: Trojan program Trojan.Win32.Obfuscated.aeob File: C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1\A0008211.dll//PE_Patch.UPX//UPX

deleted: Trojan program Rootkit.Win32.Pakes.pf File: C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1\A0008214.sys

deleted: Trojan program Trojan-Downloader.Win32.Delf.tlq File: C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1\A0009210.sys

deleted: Trojan program Trojan-Downloader.Win32.Delf.tlq File: C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1\A0009214.exe

deleted: Trojan program Trojan.Win32.Agent.cdah File: C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1\A0010211.sys

deleted: Trojan program Trojan.Win32.Agent.cdah File: C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1\A0010215.exe

deleted: Trojan program Rootkit.Win32.Small.hz File: C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1\A0011223.sys

deleted: Trojan program Rootkit.Win32.Small.hz File: C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1\A0014453.sys

deleted: Trojan program Backdoor.Win32.IEbooot.bwg File: C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1\A0014456.sys

deleted: Trojan program Trojan.Win32.Agent2.ipp File: C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1\A0014491.dll

deleted: Trojan program Trojan.Win32.VB.nzr File: C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1\A0014500.old

deleted: Trojan program Backdoor.Win32.IRCBot.dsh File: C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1\A0014609.com

deleted: Trojan program Rootkit.Win32.Agent.jbb File: C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1\A0014610.sys

deleted: Trojan program Backdoor.Win32.IRCBot.dsh File: C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1\A0014612.exe//calling.com

deleted: Trojan program Backdoor.IRC.Zapchast.zwqy File: C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1\A0014612.exe//lmz.exe

deleted: Trojan program Backdoor.IRC.Zapchast.zwqz File: C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1\A0014612.exe//lmz1.bmp

deleted: Trojan program Backdoor.IRC.Zapchast.zwra File: C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1\A0014612.exe//lmz2.bmp

deleted: Trojan program Backdoor.IRC.Zapchast.zwrb File: C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1\A0014612.exe//lmz3.bmp

deleted: Trojan program Backdoor.IRC.Zapchast.zwrb File: C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1\A0014613.exe//lmz3.bmp

deleted: Trojan program Backdoor.IRC.Zapchast.zwqz File: C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1\A0014613.exe//lmz1.bmp

deleted: Trojan program Backdoor.IRC.Zapchast.zwra File: C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1\A0014613.exe//lmz2.bmp

deleted: Trojan program Backdoor.IRC.Zapchast.zwqy File: C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1\A0014613.exe//lmz.exe

deleted: Trojan program Trojan.Win32.Agent2.hoc File: C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1\A0014614.exe

deleted: Trojan program Backdoor.IRC.Zapchast.zwrb File: C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1\A0014615.exe//lmz3.bmp

deleted: Trojan program Trojan-Spy.Win32.AutoIt.c File: C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1\A0014616.exe

deleted: Trojan program Backdoor.IRC.Zapchast.zwrb File: C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1\A0014617.exe

deleted: Trojan program Backdoor.IRC.Zapchast.zwqy File: C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1\A0014618.exe

deleted: Trojan program Trojan.Win32.VB.obn File: C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1\A0014619.exe/dpcxool64.sys

deleted: Trojan program not-a-virus:RiskTool.Win32.HideWindows File: C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1\A0014620.exe

deleted: Trojan program Trojan-Spy.Win32.AutoIt.c File: C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1\A0014621.exe

deleted: Trojan program Trojan-Spy.Win32.AutoIt.c File: C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1\A0014622.exe

disinfected: Trojan program Trojan-Clicker.HTML.IFrame.aga File: C:\WINDOWS\Help\ciadmin.htm

disinfected: Trojan program Trojan-Clicker.HTML.IFrame.aga File: C:\WINDOWS\Help\migwiz.htm

disinfected: Trojan program Trojan-Clicker.HTML.IFrame.aga File: C:\WINDOWS\Help\migwiz2.htm

disinfected: Trojan program Trojan-Clicker.HTML.IFrame.aga File: C:\WINDOWS\pchealth\helpctr\System\blurbs\searchtips.htm

disinfected: Trojan program Trojan-Clicker.HTML.IFrame.aga File: C:\WINDOWS\pchealth\helpctr\System\errors\connection.htm

disinfected: Trojan program Trojan-Clicker.HTML.IFrame.aga File: C:\WINDOWS\system32\config\systemprofile\Configurações locais\Temporary Internet Files\Content.IE5\WPMN4XI7\ToastMini[1].htm

deleted: Trojan program Backdoor.IRC.Zapchast.zwqz File: C:\WINDOWS\system32\dk\lmz1.bmp

deleted: Trojan program Backdoor.Win32.IRCBot.dsh File: C:\WINDOWS\system32\drive\27296716.INS

deleted: Trojan program Backdoor.Win32.IRCBot.dsh File: C:\WINDOWS\system32\drive\31861617.INS

deleted: Trojan program Backdoor.Win32.IRCBot.dsh File: C:\WINDOWS\system32\drive\37224256.INS

deleted: Trojan program Backdoor.Win32.IRCBot.dsh File: C:\WINDOWS\system32\drive\7058408.INS

deleted: Trojan program Backdoor.Win32.IRCBot.dsh File: C:\WINDOWS\system32\drive\8204747.INS

deleted: Trojan program Backdoor.Win32.IRCBot.dsh File: C:\WINDOWS\system32\drive\86102025.INS

deleted: Trojan program Backdoor.IRC.Zapchast.zwqz File: C:\WINDOWS\system32\drive\lmz1.bmp

deleted: Trojan program Trojan-Downloader.Win32.FraudLoad.vqzq File: C:\WINDOWS\Temp\BN13.tmp

deleted: Trojan program Trojan-Downloader.Win32.FraudLoad.vqzq File: C:\WINDOWS\Temp\BN14.tmp

deleted: Trojan program Trojan-Downloader.Win32.FraudLoad.vqzq File: C:\WINDOWS\Temp\BN15.tmp

deleted: Trojan program Trojan-Downloader.Win32.FraudLoad.vqzq File: C:\WINDOWS\Temp\BN27.tmp

deleted: Trojan program Trojan-Downloader.Win32.FraudLoad.vqzq File: C:\WINDOWS\Temp\BNC.tmp

deleted: Trojan program Trojan.Win32.VB.obn File: C:\WINDOWS\Temp\nncdndfdfg48.exe/dpcxool64.sys

deleted: Trojan program Trojan.Win32.Agent2.iqq File: C:\WINDOWS\Temp\VRT4.tmp

deleted: Trojan program Trojan.Win32.Agent2.iqq File: C:\WINDOWS\Temp\VRT7.tmp

disinfected: Trojan program Trojan-Clicker.HTML.IFrame.aga File: C:\WINDOWS\Web\tip.htm

deleted: Trojan program Backdoor.Win32.IRCBot.dsh File: C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1\A0014623.INS

deleted: Trojan program Backdoor.Win32.IRCBot.dsh File: C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1\A0014624.INS

deleted: Trojan program Backdoor.Win32.IRCBot.dsh File: C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1\A0014625.INS

deleted: Trojan program Backdoor.Win32.IRCBot.dsh File: C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1\A0014626.INS

deleted: Trojan program Backdoor.Win32.IRCBot.dsh File: C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1\A0014627.INS

deleted: Trojan program Backdoor.Win32.IRCBot.dsh File: C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1\A0014628.INS

deleted: Trojan program Backdoor.IRC.Zapchast.zwrb File: C:\Documents and Settings\Carlos\DoctorWeb\Quarantine\ckc.exe

deleted: Trojan program Backdoor.IRC.Zapchast.zwqy File: C:\Documents and Settings\Carlos\DoctorWeb\Quarantine\ddram.exe

deleted: Trojan program not-a-virus:RiskTool.Win32.HideWindows File: C:\Documents and Settings\Carlos\DoctorWeb\Quarantine\sysm.exe

deleted: Trojan program Backdoor.IRC.Zapchast.zwrb File: C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1\A0014612.exe

deleted: Trojan program Backdoor.IRC.Zapchast.zwqy File: C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1\A0014613.exe

deleted: Trojan program not-a-virus:RiskTool.Win32.HideWindows File: C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1\A0014615.exe

deleted: Trojan program Trojan.Win32.VB.obn File: c:\system volume information\_restore{d0518e27-9216-4643-bef1-64c323f10013}\rp1\a0014619.exe

deleted: Trojan program Trojan.Win32.VB.obn File: c:\windows\temp\nncdndfdfg48.exe

Events

------

Time Name Status Reason

---- ---- ------ ------

29/4/2009 16:03:17 File: C:\Documents and Settings\Carlos\Meus documentos\Diet Calculator, Body Fat Calculator.htm detected Trojan program 'Trojan-Clicker.HTML.IFrame.aga'

29/4/2009 16:03:17 File: C:\Documents and Settings\Carlos\Meus documentos\Diet Calculator, Body Fat Calculator.htm not disinfected postponed

29/4/2009 16:05:21 File: C:\ckc.exe//calling.com detected Trojan program 'Backdoor.Win32.IRCBot.dsh'

29/4/2009 16:05:22 File: C:\ckc.exe//calling.com not disinfected postponed

29/4/2009 16:05:23 File: C:\ckc.exe//lmz.exe detected Trojan program 'Backdoor.IRC.Zapchast.zwqy'

29/4/2009 16:05:23 File: C:\ckc.exe//lmz1.bmp detected Trojan program 'Backdoor.IRC.Zapchast.zwqz'

29/4/2009 16:05:23 File: C:\ckc.exe//lmz2.bmp detected Trojan program 'Backdoor.IRC.Zapchast.zwra'

29/4/2009 16:05:23 File: C:\ckc.exe//lmz3.bmp detected Trojan program 'Backdoor.IRC.Zapchast.zwrb'

29/4/2009 16:05:24 File: C:\ddram.exe//lmz3.bmp detected Trojan program 'Backdoor.IRC.Zapchast.zwrb'

29/4/2009 16:05:24 File: C:\ddram.exe//lmz3.bmp not disinfected postponed

29/4/2009 16:05:26 File: C:\ddram.exe//lmz1.bmp detected Trojan program 'Backdoor.IRC.Zapchast.zwqz'

29/4/2009 16:05:26 File: C:\ddram.exe//lmz2.bmp detected Trojan program 'Backdoor.IRC.Zapchast.zwra'

29/4/2009 16:05:28 File: C:\ddram.exe//lmz.exe detected Trojan program 'Backdoor.IRC.Zapchast.zwqy'

29/4/2009 16:05:29 File: C:\hah.exe detected Trojan program 'Backdoor.IRC.Zapchast.zwrb' by hash

29/4/2009 16:05:29 File: C:\nfhusmai.exe detected Trojan program 'Trojan.Win32.Agent2.hoc'

29/4/2009 16:05:29 File: C:\nfhusmai.exe not disinfected postponed

29/4/2009 16:05:29 File: C:\rq.exe detected Trojan program 'Backdoor.IRC.Zapchast.zwrb' by hash

29/4/2009 16:05:30 File: C:\sysm.exe//lmz3.bmp detected Trojan program 'Backdoor.IRC.Zapchast.zwrb'

29/4/2009 16:05:30 File: C:\sysm.exe//lmz3.bmp not disinfected postponed

29/4/2009 16:06:45 File: C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\pm.html detected Trojan program 'Trojan-Clicker.HTML.IFrame.aga'

29/4/2009 16:06:45 File: C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\pm.html not disinfected postponed

29/4/2009 16:22:26 File: C:\Arquivos de programas\HP\Digital Imaging\hp deskjet 3900 series\data\readme.html detected Trojan program 'Trojan-Clicker.HTML.IFrame.aga'

29/4/2009 16:22:26 File: C:\Arquivos de programas\HP\Digital Imaging\hp deskjet 3900 series\data\readme.html not disinfected postponed

29/4/2009 16:22:48 File: C:\Arquivos de programas\HT NETWORKS\HT Player\Pomoc.html detected Trojan program 'Trojan-Clicker.HTML.IFrame.aga'

29/4/2009 16:22:48 File: C:\Arquivos de programas\HT NETWORKS\HT Player\Pomoc.html not disinfected postponed

29/4/2009 16:39:11 File: C:\Documents and Settings\Carlos\Configurações locais\Dados de aplicativos\websvr.exe detected Trojan program 'Trojan-Spy.Win32.AutoIt.c'

29/4/2009 16:39:12 File: C:\Documents and Settings\Carlos\Configurações locais\Dados de aplicativos\websvr.exe not disinfected postponed

29/4/2009 16:40:33 File: C:\Documents and Settings\Carlos\Configurações locais\Temp\Temporary Internet Files\Content.IE5\STUJ8LAN\iframe[1].htm detected Trojan program 'Trojan-Clicker.HTML.IFrame.aga'

29/4/2009 16:40:33 File: C:\Documents and Settings\Carlos\Configurações locais\Temp\Temporary Internet Files\Content.IE5\STUJ8LAN\iframe[1].htm not disinfected postponed

29/4/2009 16:41:15 File: C:\Documents and Settings\Carlos\Configurações locais\Temporary Internet Files\Content.IE5\3ASVVPWL\069[1].htm detected Trojan program 'Trojan-Clicker.HTML.IFrame.aga'

29/4/2009 16:41:15 File: C:\Documents and Settings\Carlos\Configurações locais\Temporary Internet Files\Content.IE5\3ASVVPWL\069[1].htm not disinfected postponed

29/4/2009 16:41:15 File: C:\Documents and Settings\Carlos\Configurações locais\Temporary Internet Files\Content.IE5\3ASVVPWL\184[1].htm detected Trojan program 'Trojan-Clicker.HTML.IFrame.aga'

29/4/2009 16:41:15 File: C:\Documents and Settings\Carlos\Configurações locais\Temporary Internet Files\Content.IE5\3ASVVPWL\184[1].htm not disinfected postponed

29/4/2009 16:42:13 File: C:\Documents and Settings\Carlos\Configurações locais\Temporary Internet Files\Content.IE5\93R7H9GE\bqwkgherb[1].htm detected Trojan program 'Trojan.Win32.Agent2.hoc'

29/4/2009 16:42:13 File: C:\Documents and Settings\Carlos\Configurações locais\Temporary Internet Files\Content.IE5\93R7H9GE\bqwkgherb[1].htm not disinfected postponed

29/4/2009 16:42:29 File: C:\Documents and Settings\Carlos\Configurações locais\Temporary Internet Files\Content.IE5\93R7H9GE\rc[1].htm detected Trojan program 'Trojan-Downloader.JS.Plif.a'

29/4/2009 16:42:29 File: C:\Documents and Settings\Carlos\Configurações locais\Temporary Internet Files\Content.IE5\93R7H9GE\rc[1].htm not disinfected postponed

29/4/2009 16:42:29 File: C:\Documents and Settings\Carlos\Configurações locais\Temporary Internet Files\Content.IE5\93R7H9GE\rc[2].htm detected Trojan program 'Trojan-Downloader.JS.Plif.a'

29/4/2009 16:42:29 File: C:\Documents and Settings\Carlos\Configurações locais\Temporary Internet Files\Content.IE5\93R7H9GE\rc[2].htm not disinfected postponed

29/4/2009 16:42:29 File: C:\Documents and Settings\Carlos\Configurações locais\Temporary Internet Files\Content.IE5\93R7H9GE\rc[3].htm detected Trojan program 'Trojan-Downloader.JS.Plif.a'

29/4/2009 16:42:29 File: C:\Documents and Settings\Carlos\Configurações locais\Temporary Internet Files\Content.IE5\93R7H9GE\rc[3].htm not disinfected postponed

29/4/2009 16:42:29 File: C:\Documents and Settings\Carlos\Configurações locais\Temporary Internet Files\Content.IE5\93R7H9GE\rc[4].htm detected Trojan program 'Trojan-Downloader.JS.Plif.a'

29/4/2009 16:42:29 File: C:\Documents and Settings\Carlos\Configurações locais\Temporary Internet Files\Content.IE5\93R7H9GE\rc[4].htm not disinfected postponed

29/4/2009 16:42:45 File: C:\Documents and Settings\Carlos\Configurações locais\Temporary Internet Files\Content.IE5\C1MB4L2N\ddsuper3[1].htm detected Trojan program 'Trojan.Win32.Agent2.hoc'

29/4/2009 16:42:45 File: C:\Documents and Settings\Carlos\Configurações locais\Temporary Internet Files\Content.IE5\C1MB4L2N\ddsuper3[1].htm not disinfected postponed

29/4/2009 16:42:49 File: C:\Documents and Settings\Carlos\Configurações locais\Temporary Internet Files\Content.IE5\C1MB4L2N\index[1].htm detected Trojan program 'Trojan-Clicker.HTML.IFrame.aga'

29/4/2009 16:42:49 File: C:\Documents and Settings\Carlos\Configurações locais\Temporary Internet Files\Content.IE5\C1MB4L2N\index[1].htm not disinfected postponed

29/4/2009 16:43:13 File: C:\Documents and Settings\Carlos\Configurações locais\Temporary Internet Files\Content.IE5\CJ0J27MV\poliovirus[1].htm detected Trojan program 'Trojan-Clicker.HTML.IFrame.aga'

29/4/2009 16:43:13 File: C:\Documents and Settings\Carlos\Configurações locais\Temporary Internet Files\Content.IE5\CJ0J27MV\poliovirus[1].htm not disinfected postponed

29/4/2009 16:43:37 File: C:\Documents and Settings\Carlos\Configurações locais\Temporary Internet Files\Content.IE5\F650ZKLP\iolvvift[1].htm detected Trojan program 'Trojan.Win32.Agent2.hoc'

29/4/2009 16:43:37 File: C:\Documents and Settings\Carlos\Configurações locais\Temporary Internet Files\Content.IE5\F650ZKLP\iolvvift[1].htm not disinfected postponed

29/4/2009 16:43:40 File: C:\Documents and Settings\Carlos\Configurações locais\Temporary Internet Files\Content.IE5\F650ZKLP\redirect[1].htm detected Trojan program 'Trojan-Clicker.HTML.IFrame.aga'

29/4/2009 16:43:40 File: C:\Documents and Settings\Carlos\Configurações locais\Temporary Internet Files\Content.IE5\F650ZKLP\redirect[1].htm not disinfected postponed

29/4/2009 16:43:56 File: C:\Documents and Settings\Carlos\Configurações locais\Temporary Internet Files\Content.IE5\G5M7K5YR\hnwtu[1].htm detected Trojan program 'Trojan.Win32.Agent2.hoc'

29/4/2009 16:43:56 File: C:\Documents and Settings\Carlos\Configurações locais\Temporary Internet Files\Content.IE5\G5M7K5YR\hnwtu[1].htm not disinfected postponed

29/4/2009 16:44:28 File: C:\Documents and Settings\Carlos\Configurações locais\Temporary Internet Files\Content.IE5\KL2N0D6R\042[1].htm detected Trojan program 'Trojan-Clicker.HTML.IFrame.aga'

29/4/2009 16:44:28 File: C:\Documents and Settings\Carlos\Configurações locais\Temporary Internet Files\Content.IE5\KL2N0D6R\042[1].htm not disinfected postponed

29/4/2009 16:44:40 File: C:\Documents and Settings\Carlos\Configurações locais\Temporary Internet Files\Content.IE5\KL2N0D6R\ListarMinhasInscricoes8d41d5b8[1].htm detected Trojan program 'Trojan-Clicker.HTML.IFrame.aga'

29/4/2009 16:44:40 File: C:\Documents and Settings\Carlos\Configurações locais\Temporary Internet Files\Content.IE5\KL2N0D6R\ListarMinhasInscricoes8d41d5b8[1].htm not disinfected postponed

29/4/2009 16:45:01 File: C:\Documents and Settings\Carlos\Configurações locais\Temporary Internet Files\Content.IE5\KXAXSJQZ\horaciocorral.tudoteca.com[1].htm detected Trojan program 'Trojan-Clicker.HTML.IFrame.aga'

29/4/2009 16:45:01 File: C:\Documents and Settings\Carlos\Configurações locais\Temporary Internet Files\Content.IE5\KXAXSJQZ\horaciocorral.tudoteca.com[1].htm not disinfected postponed

29/4/2009 16:45:16 File: C:\Documents and Settings\Carlos\Configurações locais\Temporary Internet Files\Content.IE5\OR25WRMT\ahurebocmi[1].htm detected Trojan program 'Trojan.Win32.Agent2.hoc'

29/4/2009 16:45:16 File: C:\Documents and Settings\Carlos\Configurações locais\Temporary Internet Files\Content.IE5\OR25WRMT\ahurebocmi[1].htm not disinfected postponed

29/4/2009 16:45:21 File: C:\Documents and Settings\Carlos\Configurações locais\Temporary Internet Files\Content.IE5\OR25WRMT\ddsuper0[1].htm detected Trojan program 'Trojan.Win32.Pakes.nju'

29/4/2009 16:45:21 File: C:\Documents and Settings\Carlos\Configurações locais\Temporary Internet Files\Content.IE5\OR25WRMT\ddsuper0[1].htm not disinfected postponed

29/4/2009 16:45:24 File: C:\Documents and Settings\Carlos\Configurações locais\Temporary Internet Files\Content.IE5\OR25WRMT\Informacoes[1].htm detected Trojan program 'Trojan-Clicker.HTML.IFrame.aga'

29/4/2009 16:45:24 File: C:\Documents and Settings\Carlos\Configurações locais\Temporary Internet Files\Content.IE5\OR25WRMT\Informacoes[1].htm not disinfected postponed

29/4/2009 16:46:05 File: C:\Documents and Settings\Carlos\Configurações locais\Temporary Internet Files\Content.IE5\RPG11Y7E\Index[2].htm detected Trojan program 'Trojan-Clicker.HTML.IFrame.aga'

29/4/2009 16:46:05 File: C:\Documents and Settings\Carlos\Configurações locais\Temporary Internet Files\Content.IE5\RPG11Y7E\Index[2].htm not disinfected postponed

29/4/2009 16:47:10 File: C:\Documents and Settings\Carlos\Configurações locais\Temporary Internet Files\Content.IE5\SBLP5O15\pifccpdnab[1].htm detected Trojan program 'Trojan.Win32.Agent2.hoc'

29/4/2009 16:47:10 File: C:\Documents and Settings\Carlos\Configurações locais\Temporary Internet Files\Content.IE5\SBLP5O15\pifccpdnab[1].htm not disinfected postponed

29/4/2009 16:47:45 File: C:\Documents and Settings\Carlos\Configurações locais\Temporary Internet Files\Content.IE5\SN6R49Q3\djspmz[1].htm detected Trojan program 'Trojan.Win32.Agent2.hoc'

29/4/2009 16:47:45 File: C:\Documents and Settings\Carlos\Configurações locais\Temporary Internet Files\Content.IE5\SN6R49Q3\djspmz[1].htm not disinfected postponed

29/4/2009 16:48:05 File: C:\Documents and Settings\Carlos\Configurações locais\Temporary Internet Files\Content.IE5\W1QV4927\FaleConosco[1].htm detected Trojan program 'Trojan-Clicker.HTML.IFrame.aga'

29/4/2009 16:48:05 File: C:\Documents and Settings\Carlos\Configurações locais\Temporary Internet Files\Content.IE5\W1QV4927\FaleConosco[1].htm not disinfected postponed

29/4/2009 16:48:28 File: C:\Documents and Settings\Carlos\Desktop\Blackwell Synergy - Scand J Immunol, Volume 66 Issue 2-3 Page 106-112, August-September 2007 (Full Text).htm detected Trojan program 'Trojan-Clicker.HTML.IFrame.aga'

29/4/2009 16:48:28 File: C:\Documents and Settings\Carlos\Desktop\Blackwell Synergy - Scand J Immunol, Volume 66 Issue 2-3 Page 106-112, August-September 2007 (Full Text).htm not disinfected postponed

29/4/2009 16:48:39 File: C:\Documents and Settings\Carlos\Desktop\How to Start Jogging.htm detected Trojan program 'Trojan-Clicker.HTML.IFrame.aga'

29/4/2009 16:48:39 File: C:\Documents and Settings\Carlos\Desktop\How to Start Jogging.htm not disinfected postponed

29/4/2009 16:49:40 File: C:\Documents and Settings\Carlos\Desktop\Radiofarmácia - IPEN\Potenciais orientadores.htm detected Trojan program 'Trojan-Clicker.HTML.IFrame.aga'

29/4/2009 16:49:40 File: C:\Documents and Settings\Carlos\Desktop\Radiofarmácia - IPEN\Potenciais orientadores.htm not disinfected postponed

29/4/2009 16:50:03 File: C:\Documents and Settings\Carlos\DoctorWeb\Quarantine\ckc.exe//calling.com detected Trojan program 'Backdoor.Win32.IRCBot.dsh'

29/4/2009 16:50:03 File: C:\Documents and Settings\Carlos\DoctorWeb\Quarantine\ckc.exe//calling.com not disinfected postponed

29/4/2009 16:50:05 File: C:\Documents and Settings\Carlos\DoctorWeb\Quarantine\ckc.exe//lmz.exe detected Trojan program 'Backdoor.IRC.Zapchast.zwqy'

29/4/2009 16:50:05 File: C:\Documents and Settings\Carlos\DoctorWeb\Quarantine\ckc.exe//lmz1.bmp detected Trojan program 'Backdoor.IRC.Zapchast.zwqz'

29/4/2009 16:50:05 File: C:\Documents and Settings\Carlos\DoctorWeb\Quarantine\ckc.exe//lmz2.bmp detected Trojan program 'Backdoor.IRC.Zapchast.zwra'

29/4/2009 16:50:05 File: C:\Documents and Settings\Carlos\DoctorWeb\Quarantine\ckc.exe//lmz3.bmp detected Trojan program 'Backdoor.IRC.Zapchast.zwrb'

29/4/2009 16:50:06 File: C:\Documents and Settings\Carlos\DoctorWeb\Quarantine\ddram.exe//lmz3.bmp detected Trojan program 'Backdoor.IRC.Zapchast.zwrb'

29/4/2009 16:50:07 File: C:\Documents and Settings\Carlos\DoctorWeb\Quarantine\ddram.exe//lmz3.bmp not disinfected postponed

29/4/2009 16:50:09 File: C:\Documents and Settings\Carlos\DoctorWeb\Quarantine\ddram.exe//lmz1.bmp detected Trojan program 'Backdoor.IRC.Zapchast.zwqz'

29/4/2009 16:50:09 File: C:\Documents and Settings\Carlos\DoctorWeb\Quarantine\ddram.exe//lmz2.bmp detected Trojan program 'Backdoor.IRC.Zapchast.zwra'

29/4/2009 16:50:11 File: C:\Documents and Settings\Carlos\DoctorWeb\Quarantine\ddram.exe//lmz.exe detected Trojan program 'Backdoor.IRC.Zapchast.zwqy'

29/4/2009 16:50:11 File: C:\Documents and Settings\Carlos\DoctorWeb\Quarantine\hah.exe detected Trojan program 'Backdoor.IRC.Zapchast.zwrb' by hash

29/4/2009 16:50:11 File: C:\Documents and Settings\Carlos\DoctorWeb\Quarantine\nncdndfdfg48.exe/dpcxool64.sys detected Trojan program 'Trojan.Win32.VB.obn'

29/4/2009 16:50:12 File: C:\Documents and Settings\Carlos\DoctorWeb\Quarantine\nncdndfdfg48.exe/dpcxool64.sys not disinfected postponed

29/4/2009 16:50:12 File: C:\Documents and Settings\Carlos\DoctorWeb\Quarantine\rc[1].htm detected Trojan program 'Trojan-Downloader.JS.Plif.a'

29/4/2009 16:50:12 File: C:\Documents and Settings\Carlos\DoctorWeb\Quarantine\rc[1].htm not disinfected postponed

29/4/2009 16:50:12 File: C:\Documents and Settings\Carlos\DoctorWeb\Quarantine\rc[2].htm detected Trojan program 'Trojan-Downloader.JS.Plif.a'

29/4/2009 16:50:12 File: C:\Documents and Settings\Carlos\DoctorWeb\Quarantine\rc[2].htm not disinfected postponed

29/4/2009 16:50:12 File: C:\Documents and Settings\Carlos\DoctorWeb\Quarantine\rc[3].htm detected Trojan program 'Trojan-Downloader.JS.Plif.a'

29/4/2009 16:50:12 File: C:\Documents and Settings\Carlos\DoctorWeb\Quarantine\rc[3].htm not disinfected postponed

29/4/2009 16:50:12 File: C:\Documents and Settings\Carlos\DoctorWeb\Quarantine\rc[4].htm detected Trojan program 'Trojan-Downloader.JS.Plif.a'

29/4/2009 16:50:12 File: C:\Documents and Settings\Carlos\DoctorWeb\Quarantine\rc[4].htm not disinfected postponed

29/4/2009 16:50:13 File: C:\Documents and Settings\Carlos\DoctorWeb\Quarantine\rq.exe detected Trojan program 'Backdoor.IRC.Zapchast.zwrb' by hash

29/4/2009 16:50:13 File: C:\Documents and Settings\Carlos\DoctorWeb\Quarantine\sysm.exe//lmz3.bmp detected Trojan program 'Backdoor.IRC.Zapchast.zwrb'

29/4/2009 16:50:13 File: C:\Documents and Settings\Carlos\DoctorWeb\Quarantine\sysm.exe//lmz3.bmp not disinfected postponed

29/4/2009 16:50:29 File: C:\Documents and Settings\Carlos\DoctorWeb\Quarantine\websvr.exe detected Trojan program 'Trojan-Spy.Win32.AutoIt.c'

29/4/2009 16:50:29 File: C:\Documents and Settings\Carlos\DoctorWeb\Quarantine\websvr.exe not disinfected postponed

29/4/2009 16:50:29 File: C:\Documents and Settings\Carlos\DoctorWeb\Quarantine\websvr_0.exe detected Trojan program 'Trojan-Spy.Win32.AutoIt.c'

29/4/2009 16:50:30 File: C:\Documents and Settings\Carlos\DoctorWeb\Quarantine\websvr_0.exe not disinfected postponed

29/4/2009 16:50:32 File: C:\Documents and Settings\Carlos\Meus documentos\Diet Calculator, Body Fat Calculator.htm detected Trojan program 'Trojan-Clicker.HTML.IFrame.aga'

29/4/2009 16:50:32 File: C:\Documents and Settings\Carlos\Meus documentos\Diet Calculator, Body Fat Calculator.htm not disinfected postponed

29/4/2009 16:56:06 File: C:\Program Files\Activision\Rome - Total War\Docs\Help\Readme\readme.htm detected Trojan program 'Trojan-Clicker.HTML.IFrame.aga'

29/4/2009 16:56:06 File: C:\Program Files\Activision\Rome - Total War\Docs\Help\Readme\readme.htm not disinfected postponed

29/4/2009 16:56:14 File: C:\Program Files\ThunMail\testabd.ex_ detected Trojan program 'Trojan-GameThief.Win32.WOW.ihf'

29/4/2009 16:56:14 File: C:\Program Files\ThunMail\testabd.ex_ not disinfected postponed

29/4/2009 16:57:12 File: C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1\A0001103.sys detected Trojan program 'Trojan-Downloader.Win32.Agent.brzt'

29/4/2009 16:57:12 File: C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1\A0001103.sys not disinfected postponed

29/4/2009 16:57:15 File: C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1\A0001121.exe detected Trojan program 'Trojan-GameThief.Win32.WOW.ihf'

29/4/2009 16:57:15 File: C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1\A0001121.exe not disinfected postponed

29/4/2009 16:57:25 File: C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1\A0002198.dll detected Trojan program 'Trojan.Win32.Agent2.iho'

29/4/2009 16:57:25 File: C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1\A0002198.dll not disinfected postponed

29/4/2009 16:57:26 File: C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1\A0004169.sys detected Trojan program 'Trojan-Downloader.Win32.Delf.tka'

29/4/2009 16:57:26 File: C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1\A0004169.sys not disinfected postponed

29/4/2009 16:57:36 File: C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1\A0007213.sys detected Trojan program 'Trojan-Downloader.Win32.Delf.tlp'

29/4/2009 16:57:36 File: C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1\A0007213.sys not disinfected postponed

29/4/2009 16:57:38 File: C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1\A0008211.dll//PE_Patch.UPX//UPX detected Trojan program 'Trojan.Win32.Obfuscated.aeob'

29/4/2009 16:57:38 File: C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1\A0008211.dll//PE_Patch.UPX//UPX not disinfected postponed

29/4/2009 16:57:39 File: C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1\A0008214.sys detected Trojan program 'Rootkit.Win32.Pakes.pf'

29/4/2009 16:57:39 File: C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1\A0008214.sys not disinfected postponed

29/4/2009 16:57:40 File: C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1\A0009210.sys detected Trojan program 'Trojan-Downloader.Win32.Delf.tlq'

29/4/2009 16:57:40 File: C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1\A0009210.sys not disinfected postponed

29/4/2009 16:57:42 File: C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1\A0009214.exe detected Trojan program 'Trojan-Downloader.Win32.Delf.tlq'

29/4/2009 16:57:42 File: C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1\A0009214.exe not disinfected postponed

29/4/2009 16:57:43 File: C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1\A0010211.sys detected Trojan program 'Trojan.Win32.Agent.cdah'

29/4/2009 16:57:43 File: C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1\A0010211.sys not disinfected postponed

29/4/2009 16:57:45 File: C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1\A0010215.exe detected Trojan program 'Trojan.Win32.Agent.cdah'

29/4/2009 16:57:45 File: C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1\A0010215.exe not disinfected postponed

29/4/2009 16:57:45 File: C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1\A0011223.sys detected Trojan program 'Rootkit.Win32.Small.hz'

29/4/2009 16:57:45 File: C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1\A0011223.sys not disinfected postponed

29/4/2009 17:00:38 File: C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1\A0014453.sys detected Trojan program 'Rootkit.Win32.Small.hz'

29/4/2009 17:00:38 File: C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1\A0014453.sys not disinfected postponed

29/4/2009 17:00:39 File: C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1\A0014456.sys detected Trojan program 'Backdoor.Win32.IEbooot.bwg'

29/4/2009 17:00:39 File: C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1\A0014456.sys not disinfected postponed

29/4/2009 17:00:41 File: C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1\A0014491.dll detected Trojan program 'Trojan.Win32.Agent2.ipp'

29/4/2009 17:00:41 File: C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1\A0014491.dll not disinfected postponed

29/4/2009 17:00:42 File: C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1\A0014500.old detected Trojan program 'Trojan.Win32.VB.nzr'

29/4/2009 17:00:42 File: C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1\A0014500.old not disinfected postponed

29/4/2009 17:00:50 File: C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1\A0014609.com detected Trojan program 'Backdoor.Win32.IRCBot.dsh'

29/4/2009 17:00:50 File: C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1\A0014609.com not disinfected postponed

29/4/2009 17:00:51 File: C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1\A0014610.sys detected Trojan program 'Rootkit.Win32.Agent.jbb'

29/4/2009 17:00:51 File: C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1\A0014610.sys not disinfected postponed

29/4/2009 17:00:51 File: C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1\A0014612.exe//calling.com detected Trojan program 'Backdoor.Win32.IRCBot.dsh'

29/4/2009 17:00:51 File: C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1\A0014612.exe//calling.com not disinfected postponed

29/4/2009 17:00:53 File: C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1\A0014612.exe//lmz.exe detected Trojan program 'Backdoor.IRC.Zapchast.zwqy'

29/4/2009 17:00:53 File: C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1\A0014612.exe//lmz1.bmp detected Trojan program 'Backdoor.IRC.Zapchast.zwqz'

29/4/2009 17:00:53 File: C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1\A0014612.exe//lmz2.bmp detected Trojan program 'Backdoor.IRC.Zapchast.zwra'

29/4/2009 17:00:53 File: C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1\A0014612.exe//lmz3.bmp detected Trojan program 'Backdoor.IRC.Zapchast.zwrb'

29/4/2009 17:00:53 File: C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1\A0014613.exe//lmz3.bmp detected Trojan program 'Backdoor.IRC.Zapchast.zwrb'

29/4/2009 17:00:53 File: C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1\A0014613.exe//lmz3.bmp not disinfected postponed

29/4/2009 17:00:55 File: C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1\A0014613.exe//lmz1.bmp detected Trojan program 'Backdoor.IRC.Zapchast.zwqz'

29/4/2009 17:00:55 File: C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1\A0014613.exe//lmz2.bmp detected Trojan program 'Backdoor.IRC.Zapchast.zwra'

29/4/2009 17:00:57 File: C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1\A0014613.exe//lmz.exe detected Trojan program 'Backdoor.IRC.Zapchast.zwqy'

29/4/2009 17:00:57 File: C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1\A0014614.exe detected Trojan program 'Trojan.Win32.Agent2.hoc'

29/4/2009 17:00:57 File: C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1\A0014614.exe not disinfected postponed

29/4/2009 17:00:58 File: C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1\A0014615.exe//lmz3.bmp detected Trojan program 'Backdoor.IRC.Zapchast.zwrb'

29/4/2009 17:00:58 File: C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1\A0014615.exe//lmz3.bmp not disinfected postponed

29/4/2009 17:00:59 File: C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1\A0014616.exe detected Trojan program 'Trojan-Spy.Win32.AutoIt.c'

29/4/2009 17:00:59 File: C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1\A0014616.exe not disinfected postponed

29/4/2009 17:01:00 File: C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1\A0014617.exe detected Trojan program 'Backdoor.IRC.Zapchast.zwrb' by hash

29/4/2009 17:01:00 File: C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1\A0014618.exe detected Trojan program 'Backdoor.IRC.Zapchast.zwqy' by hash

29/4/2009 17:01:00 File: C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1\A0014619.exe/dpcxool64.sys detected Trojan program 'Trojan.Win32.VB.obn'

29/4/2009 17:01:00 File: C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1\A0014619.exe/dpcxool64.sys not disinfected postponed

29/4/2009 17:01:01 File: C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1\A0014620.exe detected Trojan program 'not-a-virus:RiskTool.Win32.HideWindows' by hash

29/4/2009 17:01:01 File: C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1\A0014621.exe detected Trojan program 'Trojan-Spy.Win32.AutoIt.c'

29/4/2009 17:01:01 File: C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1\A0014621.exe not disinfected postponed

29/4/2009 17:01:01 File: C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1\A0014622.exe detected Trojan program 'Trojan-Spy.Win32.AutoIt.c'

29/4/2009 17:01:01 File: C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1\A0014622.exe not disinfected postponed

29/4/2009 17:14:44 File: C:\WINDOWS\Help\ciadmin.htm detected Trojan program 'Trojan-Clicker.HTML.IFrame.aga'

29/4/2009 17:14:44 File: C:\WINDOWS\Help\ciadmin.htm not disinfected postponed

29/4/2009 17:15:09 File: C:\WINDOWS\Help\migwiz.htm detected Trojan program 'Trojan-Clicker.HTML.IFrame.aga'

29/4/2009 17:15:09 File: C:\WINDOWS\Help\migwiz.htm not disinfected postponed

29/4/2009 17:15:09 File: C:\WINDOWS\Help\migwiz2.htm detected Trojan program 'Trojan-Clicker.HTML.IFrame.aga'

29/4/2009 17:15:09 File: C:\WINDOWS\Help\migwiz2.htm not disinfected postponed

29/4/2009 17:18:01 File: C:\WINDOWS\pchealth\helpctr\System\blurbs\searchtips.htm detected Trojan program 'Trojan-Clicker.HTML.IFrame.aga'

29/4/2009 17:18:01 File: C:\WINDOWS\pchealth\helpctr\System\blurbs\searchtips.htm not disinfected postponed

29/4/2009 17:18:02 File: C:\WINDOWS\pchealth\helpctr\System\errors\connection.htm detected Trojan program 'Trojan-Clicker.HTML.IFrame.aga'

29/4/2009 17:18:02 File: C:\WINDOWS\pchealth\helpctr\System\errors\connection.htm not disinfected postponed

29/4/2009 17:22:30 File: C:\WINDOWS\system32\config\systemprofile\Configurações locais\Temporary Internet Files\Content.IE5\WPMN4XI7\ToastMini[1].htm detected Trojan program 'Trojan-Clicker.HTML.IFrame.aga'

29/4/2009 17:22:30 File: C:\WINDOWS\system32\config\systemprofile\Configurações locais\Temporary Internet Files\Content.IE5\WPMN4XI7\ToastMini[1].htm not disinfected postponed

29/4/2009 17:22:47 File: C:\WINDOWS\system32\dk\lmz1.bmp detected Trojan program 'Backdoor.IRC.Zapchast.zwqz'

29/4/2009 17:22:47 File: C:\WINDOWS\system32\dk\lmz1.bmp not disinfected postponed

29/4/2009 17:25:11 File: C:\WINDOWS\system32\drive\27296716.INS detected Trojan program 'Backdoor.Win32.IRCBot.dsh'

29/4/2009 17:25:12 File: C:\WINDOWS\system32\drive\27296716.INS not disinfected postponed

29/4/2009 17:25:12 File: C:\WINDOWS\system32\drive\31861617.INS detected Trojan program 'Backdoor.Win32.IRCBot.dsh'

29/4/2009 17:25:13 File: C:\WINDOWS\system32\drive\31861617.INS not disinfected postponed

29/4/2009 17:25:13 File: C:\WINDOWS\system32\drive\37224256.INS detected Trojan program 'Backdoor.Win32.IRCBot.dsh'

29/4/2009 17:25:13 File: C:\WINDOWS\system32\drive\37224256.INS not disinfected postponed

29/4/2009 17:25:14 File: C:\WINDOWS\system32\drive\7058408.INS detected Trojan program 'Backdoor.Win32.IRCBot.dsh'

29/4/2009 17:25:14 File: C:\WINDOWS\system32\drive\7058408.INS not disinfected postponed

29/4/2009 17:25:15 File: C:\WINDOWS\system32\drive\8204747.INS detected Trojan program 'Backdoor.Win32.IRCBot.dsh'

29/4/2009 17:25:15 File: C:\WINDOWS\system32\drive\8204747.INS not disinfected postponed

29/4/2009 17:25:15 File: C:\WINDOWS\system32\drive\86102025.INS detected Trojan program 'Backdoor.Win32.IRCBot.dsh'

29/4/2009 17:25:16 File: C:\WINDOWS\system32\drive\86102025.INS not disinfected postponed

29/4/2009 17:25:17 File: C:\WINDOWS\system32\drive\lmz1.bmp detected Trojan program 'Backdoor.IRC.Zapchast.zwqz'

29/4/2009 17:25:17 File: C:\WINDOWS\system32\drive\lmz1.bmp not disinfected postponed

29/4/2009 17:26:24 File: C:\WINDOWS\Temp\BN13.tmp detected Trojan program 'Trojan-Downloader.Win32.FraudLoad.vqzq'

29/4/2009 17:26:24 File: C:\WINDOWS\Temp\BN13.tmp not disinfected postponed

29/4/2009 17:26:24 File: C:\WINDOWS\Temp\BN14.tmp detected Trojan program 'Trojan-Downloader.Win32.FraudLoad.vqzq'

29/4/2009 17:26:24 File: C:\WINDOWS\Temp\BN14.tmp not disinfected postponed

29/4/2009 17:26:24 File: C:\WINDOWS\Temp\BN15.tmp detected Trojan program 'Trojan-Downloader.Win32.FraudLoad.vqzq'

29/4/2009 17:26:24 File: C:\WINDOWS\Temp\BN15.tmp not disinfected postponed

29/4/2009 17:26:24 File: C:\WINDOWS\Temp\BN27.tmp detected Trojan program 'Trojan-Downloader.Win32.FraudLoad.vqzq'

29/4/2009 17:26:24 File: C:\WINDOWS\Temp\BN27.tmp not disinfected postponed

29/4/2009 17:26:24 File: C:\WINDOWS\Temp\BNC.tmp detected Trojan program 'Trojan-Downloader.Win32.FraudLoad.vqzq'

29/4/2009 17:26:24 File: C:\WINDOWS\Temp\BNC.tmp not disinfected postponed

29/4/2009 17:26:26 File: C:\WINDOWS\Temp\nncdndfdfg48.exe/dpcxool64.sys detected Trojan program 'Trojan.Win32.VB.obn'

29/4/2009 17:26:26 File: C:\WINDOWS\Temp\nncdndfdfg48.exe/dpcxool64.sys not disinfected postponed

29/4/2009 17:26:27 File: C:\WINDOWS\Temp\VRT4.tmp detected Trojan program 'Trojan.Win32.Agent2.iqq'

29/4/2009 17:26:27 File: C:\WINDOWS\Temp\VRT4.tmp not disinfected postponed

29/4/2009 17:26:27 File: C:\WINDOWS\Temp\VRT7.tmp detected Trojan program 'Trojan.Win32.Agent2.iqq'

29/4/2009 17:26:27 File: C:\WINDOWS\Temp\VRT7.tmp not disinfected postponed

29/4/2009 17:26:28 File: C:\WINDOWS\Web\tip.htm detected Trojan program 'Trojan-Clicker.HTML.IFrame.aga'

29/4/2009 17:26:28 File: C:\WINDOWS\Web\tip.htm not disinfected postponed

29/4/2009 17:26:40 File: C:\ckc.exe//calling.com detected Trojan program 'Backdoor.Win32.IRCBot.dsh'

29/4/2009 17:26:40 File: C:\ckc.exe//calling.com not disinfected postponed

29/4/2009 17:26:42 File: C:\ckc.exe//lmz.exe detected Trojan program 'Backdoor.IRC.Zapchast.zwqy'

29/4/2009 17:26:42 File: C:\ckc.exe//lmz1.bmp detected Trojan program 'Backdoor.IRC.Zapchast.zwqz'

29/4/2009 17:26:42 File: C:\ckc.exe//lmz2.bmp detected Trojan program 'Backdoor.IRC.Zapchast.zwra'

29/4/2009 17:26:42 File: C:\ckc.exe//lmz3.bmp detected Trojan program 'Backdoor.IRC.Zapchast.zwrb'

29/4/2009 17:26:43 File: C:\ddram.exe//lmz3.bmp detected Trojan program 'Backdoor.IRC.Zapchast.zwrb'

29/4/2009 17:26:43 File: C:\ddram.exe//lmz3.bmp not disinfected postponed

29/4/2009 17:26:44 File: C:\ddram.exe//lmz1.bmp detected Trojan program 'Backdoor.IRC.Zapchast.zwqz'

29/4/2009 17:26:44 File: C:\ddram.exe//lmz2.bmp detected Trojan program 'Backdoor.IRC.Zapchast.zwra'

29/4/2009 17:26:47 File: C:\ddram.exe//lmz.exe detected Trojan program 'Backdoor.IRC.Zapchast.zwqy'

29/4/2009 17:26:47 File: C:\hah.exe detected Trojan program 'Backdoor.IRC.Zapchast.zwrb' by hash

29/4/2009 17:26:47 File: C:\nfhusmai.exe detected Trojan program 'Trojan.Win32.Agent2.hoc'

29/4/2009 17:26:47 File: C:\nfhusmai.exe not disinfected postponed

29/4/2009 17:26:48 File: C:\rq.exe detected Trojan program 'Backdoor.IRC.Zapchast.zwrb' by hash

29/4/2009 17:26:48 File: C:\sysm.exe//lmz3.bmp detected Trojan program 'Backdoor.IRC.Zapchast.zwrb'

29/4/2009 17:26:48 File: C:\sysm.exe//lmz3.bmp not disinfected postponed

29/4/2009 17:28:00 File: C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\pm.html detected Trojan program 'Trojan-Clicker.HTML.IFrame.aga'

29/4/2009 17:28:00 File: C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\pm.html not disinfected postponed

29/4/2009 17:43:35 File: C:\Arquivos de programas\HP\Digital Imaging\hp deskjet 3900 series\data\readme.html detected Trojan program 'Trojan-Clicker.HTML.IFrame.aga'

29/4/2009 17:43:35 File: C:\Arquivos de programas\HP\Digital Imaging\hp deskjet 3900 series\data\readme.html not disinfected postponed

29/4/2009 17:43:56 File: C:\Arquivos de programas\HT NETWORKS\HT Player\Pomoc.html detected Trojan program 'Trojan-Clicker.HTML.IFrame.aga'

29/4/2009 17:43:56 File: C:\Arquivos de programas\HT NETWORKS\HT Player\Pomoc.html not disinfected postponed

29/4/2009 18:00:25 File: C:\Documents and Settings\Carlos\Configurações locais\Dados de aplicativos\websvr.exe detected Trojan program 'Trojan-Spy.Win32.AutoIt.c'

29/4/2009 18:00:25 File: C:\Documents and Settings\Carlos\Configurações locais\Dados de aplicativos\websvr.exe not disinfected postponed

29/4/2009 18:01:50 File: C:\Documents and Settings\Carlos\Configurações locais\Temp\Temporary Internet Files\Content.IE5\STUJ8LAN\iframe[1].htm detected Trojan program 'Trojan-Clicker.HTML.IFrame.aga'

29/4/2009 18:01:50 File: C:\Documents and Settings\Carlos\Configurações locais\Temp\Temporary Internet Files\Content.IE5\STUJ8LAN\iframe[1].htm not disinfected postponed

29/4/2009 18:02:36 File: C:\Documents and Settings\Carlos\Configurações locais\Temporary Internet Files\Content.IE5\3ASVVPWL\069[1].htm detected Trojan program 'Trojan-Clicker.HTML.IFrame.aga'

29/4/2009 18:02:36 File: C:\Documents and Settings\Carlos\Configurações locais\Temporary Internet Files\Content.IE5\3ASVVPWL\069[1].htm not disinfected postponed

29/4/2009 18:02:37 File: C:\Documents and Settings\Carlos\Configurações locais\Temporary Internet Files\Content.IE5\3ASVVPWL\184[1].htm detected Trojan program 'Trojan-Clicker.HTML.IFrame.aga'

29/4/2009 18:02:37 File: C:\Documents and Settings\Carlos\Configurações locais\Temporary Internet Files\Content.IE5\3ASVVPWL\184[1].htm not disinfected postponed

29/4/2009 18:03:34 File: C:\Documents and Settings\Carlos\Configurações locais\Temporary Internet Files\Content.IE5\93R7H9GE\bqwkgherb[1].htm detected Trojan program 'Trojan.Win32.Agent2.hoc'

29/4/2009 18:03:34 File: C:\Documents and Settings\Carlos\Configurações locais\Temporary Internet Files\Content.IE5\93R7H9GE\bqwkgherb[1].htm not disinfected postponed

29/4/2009 18:03:50 File: C:\Documents and Settings\Carlos\Configurações locais\Temporary Internet Files\Content.IE5\93R7H9GE\rc[1].htm detected Trojan program 'Trojan-Downloader.JS.Plif.a'

29/4/2009 18:03:50 File: C:\Documents and Settings\Carlos\Configurações locais\Temporary Internet Files\Content.IE5\93R7H9GE\rc[1].htm not disinfected postponed

29/4/2009 18:03:51 File: C:\Documents and Settings\Carlos\Configurações locais\Temporary Internet Files\Content.IE5\93R7H9GE\rc[2].htm detected Trojan program 'Trojan-Downloader.JS.Plif.a'

29/4/2009 18:03:51 File: C:\Documents and Settings\Carlos\Configurações locais\Temporary Internet Files\Content.IE5\93R7H9GE\rc[2].htm not disinfected postponed

29/4/2009 18:03:51 File: C:\Documents and Settings\Carlos\Configurações locais\Temporary Internet Files\Content.IE5\93R7H9GE\rc[3].htm detected Trojan program 'Trojan-Downloader.JS.Plif.a'

29/4/2009 18:03:51 File: C:\Documents and Settings\Carlos\Configurações locais\Temporary Internet Files\Content.IE5\93R7H9GE\rc[3].htm not disinfected postponed

29/4/2009 18:03:51 File: C:\Documents and Settings\Carlos\Configurações locais\Temporary Internet Files\Content.IE5\93R7H9GE\rc[4].htm detected Trojan program 'Trojan-Downloader.JS.Plif.a'

29/4/2009 18:03:51 File: C:\Documents and Settings\Carlos\Configurações locais\Temporary Internet Files\Content.IE5\93R7H9GE\rc[4].htm not disinfected postponed

29/4/2009 18:04:06 File: C:\Documents and Settings\Carlos\Configurações locais\Temporary Internet Files\Content.IE5\C1MB4L2N\ddsuper3[1].htm detected Trojan program 'Trojan.Win32.Agent2.hoc'

29/4/2009 18:04:06 File: C:\Documents and Settings\Carlos\Configurações locais\Temporary Internet Files\Content.IE5\C1MB4L2N\ddsuper3[1].htm not disinfected postponed

29/4/2009 18:04:10 File: C:\Documents and Settings\Carlos\Configurações locais\Temporary Internet Files\Content.IE5\C1MB4L2N\index[1].htm detected Trojan program 'Trojan-Clicker.HTML.IFrame.aga'

29/4/2009 18:04:10 File: C:\Documents and Settings\Carlos\Configurações locais\Temporary Internet Files\Content.IE5\C1MB4L2N\index[1].htm not disinfected postponed

29/4/2009 18:04:34 File: C:\Documents and Settings\Carlos\Configurações locais\Temporary Internet Files\Content.IE5\CJ0J27MV\poliovirus[1].htm detected Trojan program 'Trojan-Clicker.HTML.IFrame.aga'

29/4/2009 18:04:34 File: C:\Documents and Settings\Carlos\Configurações locais\Temporary Internet Files\Content.IE5\CJ0J27MV\poliovirus[1].htm not disinfected postponed

29/4/2009 18:04:58 File: C:\Documents and Settings\Carlos\Configurações locais\Temporary Internet Files\Content.IE5\F650ZKLP\iolvvift[1].htm detected Trojan program 'Trojan.Win32.Agent2.hoc'

29/4/2009 18:04:58 File: C:\Documents and Settings\Carlos\Configurações locais\Temporary Internet Files\Content.IE5\F650ZKLP\iolvvift[1].htm not disinfected postponed

29/4/2009 18:05:01 File: C:\Documents and Settings\Carlos\Configurações locais\Temporary Internet Files\Content.IE5\F650ZKLP\redirect[1].htm detected Trojan program 'Trojan-Clicker.HTML.IFrame.aga'

29/4/2009 18:05:01 File: C:\Documents and Settings\Carlos\Configurações locais\Temporary Internet Files\Content.IE5\F650ZKLP\redirect[1].htm not disinfected postponed

29/4/2009 18:05:17 File: C:\Documents and Settings\Carlos\Configurações locais\Temporary Internet Files\Content.IE5\G5M7K5YR\hnwtu[1].htm detected Trojan program 'Trojan.Win32.Agent2.hoc'

29/4/2009 18:05:17 File: C:\Documents and Settings\Carlos\Configurações locais\Temporary Internet Files\Content.IE5\G5M7K5YR\hnwtu[1].htm not disinfected postponed

29/4/2009 18:05:48 File: C:\Documents and Settings\Carlos\Configurações locais\Temporary Internet Files\Content.IE5\KL2N0D6R\042[1].htm detected Trojan program 'Trojan-Clicker.HTML.IFrame.aga'

29/4/2009 18:05:48 File: C:\Documents and Settings\Carlos\Configurações locais\Temporary Internet Files\Content.IE5\KL2N0D6R\042[1].htm not disinfected postponed

29/4/2009 18:06:00 File: C:\Documents and Settings\Carlos\Configurações locais\Temporary Internet Files\Content.IE5\KL2N0D6R\ListarMinhasInscricoes8d41d5b8[1].htm detected Trojan program 'Trojan-Clicker.HTML.IFrame.aga'

29/4/2009 18:06:00 File: C:\Documents and Settings\Carlos\Configurações locais\Temporary Internet Files\Content.IE5\KL2N0D6R\ListarMinhasInscricoes8d41d5b8[1].htm not disinfected postponed

29/4/2009 18:06:21 File: C:\Documents and Settings\Carlos\Configurações locais\Temporary Internet Files\Content.IE5\KXAXSJQZ\horaciocorral.tudoteca.com[1].htm detected Trojan program 'Trojan-Clicker.HTML.IFrame.aga'

29/4/2009 18:06:21 File: C:\Documents and Settings\Carlos\Configurações locais\Temporary Internet Files\Content.IE5\KXAXSJQZ\horaciocorral.tudoteca.com[1].htm not disinfected postponed

29/4/2009 18:06:36 File: C:\Documents and Settings\Carlos\Configurações locais\Temporary Internet Files\Content.IE5\OR25WRMT\ahurebocmi[1].htm detected Trojan program 'Trojan.Win32.Agent2.hoc'

29/4/2009 18:06:36 File: C:\Documents and Settings\Carlos\Configurações locais\Temporary Internet Files\Content.IE5\OR25WRMT\ahurebocmi[1].htm not disinfected postponed

29/4/2009 18:06:41 File: C:\Documents and Settings\Carlos\Configurações locais\Temporary Internet Files\Content.IE5\OR25WRMT\ddsuper0[1].htm detected Trojan program 'Trojan.Win32.Pakes.nju'

29/4/2009 18:06:41 File: C:\Documents and Settings\Carlos\Configurações locais\Temporary Internet Files\Content.IE5\OR25WRMT\ddsuper0[1].htm not disinfected postponed

29/4/2009 18:06:44 File: C:\Documents and Settings\Carlos\Configurações locais\Temporary Internet Files\Content.IE5\OR25WRMT\Informacoes[1].htm detected Trojan program 'Trojan-Clicker.HTML.IFrame.aga'

29/4/2009 18:06:44 File: C:\Documents and Settings\Carlos\Configurações locais\Temporary Internet Files\Content.IE5\OR25WRMT\Informacoes[1].htm not disinfected postponed

29/4/2009 18:07:25 File: C:\Documents and Settings\Carlos\Configurações locais\Temporary Internet Files\Content.IE5\RPG11Y7E\Index[2].htm detected Trojan program 'Trojan-Clicker.HTML.IFrame.aga'

29/4/2009 18:07:25 File: C:\Documents and Settings\Carlos\Configurações locais\Temporary Internet Files\Content.IE5\RPG11Y7E\Index[2].htm not disinfected postponed

29/4/2009 18:08:30 File: C:\Documents and Settings\Carlos\Configurações locais\Temporary Internet Files\Content.IE5\SBLP5O15\pifccpdnab[1].htm detected Trojan program 'Trojan.Win32.Agent2.hoc'

29/4/2009 18:08:30 File: C:\Documents and Settings\Carlos\Configurações locais\Temporary Internet Files\Content.IE5\SBLP5O15\pifccpdnab[1].htm not disinfected postponed

29/4/2009 18:09:04 File: C:\Documents and Settings\Carlos\Configurações locais\Temporary Internet Files\Content.IE5\SN6R49Q3\djspmz[1].htm detected Trojan program 'Trojan.Win32.Agent2.hoc'

29/4/2009 18:09:04 File: C:\Documents and Settings\Carlos\Configurações locais\Temporary Internet Files\Content.IE5\SN6R49Q3\djspmz[1].htm not disinfected postponed

29/4/2009 18:09:24 File: C:\Documents and Settings\Carlos\Configurações locais\Temporary Internet Files\Content.IE5\W1QV4927\FaleConosco[1].htm detected Trojan program 'Trojan-Clicker.HTML.IFrame.aga'

29/4/2009 18:09:24 File: C:\Documents and Settings\Carlos\Configurações locais\Temporary Internet Files\Content.IE5\W1QV4927\FaleConosco[1].htm not disinfected postponed

29/4/2009 18:09:47 File: C:\Documents and Settings\Carlos\Desktop\Blackwell Synergy - Scand J Immunol, Volume 66 Issue 2-3 Page 106-112, August-September 2007 (Full Text).htm detected Trojan program 'Trojan-Clicker.HTML.IFrame.aga'

29/4/2009 18:09:47 File: C:\Documents and Settings\Carlos\Desktop\Blackwell Synergy - Scand J Immunol, Volume 66 Issue 2-3 Page 106-112, August-September 2007 (Full Text).htm not disinfected postponed

29/4/2009 18:09:58 File: C:\Documents and Settings\Carlos\Desktop\How to Start Jogging.htm detected Trojan program 'Trojan-Clicker.HTML.IFrame.aga'

29/4/2009 18:09:58 File: C:\Documents and Settings\Carlos\Desktop\How to Start Jogging.htm not disinfected postponed

29/4/2009 18:10:59 File: C:\Documents and Settings\Carlos\Desktop\Radiofarmácia - IPEN\Potenciais orientadores.htm detected Trojan program 'Trojan-Clicker.HTML.IFrame.aga'

29/4/2009 18:10:59 File: C:\Documents and Settings\Carlos\Desktop\Radiofarmácia - IPEN\Potenciais orientadores.htm not disinfected postponed

29/4/2009 18:11:22 File: C:\Documents and Settings\Carlos\DoctorWeb\Quarantine\ckc.exe//calling.com detected Trojan program 'Backdoor.Win32.IRCBot.dsh'

29/4/2009 18:11:22 File: C:\Documents and Settings\Carlos\DoctorWeb\Quarantine\ckc.exe//calling.com not disinfected postponed

29/4/2009 18:11:24 File: C:\Documents and Settings\Carlos\DoctorWeb\Quarantine\ckc.exe//lmz.exe detected Trojan program 'Backdoor.IRC.Zapchast.zwqy'

29/4/2009 18:11:24 File: C:\Documents and Settings\Carlos\DoctorWeb\Quarantine\ckc.exe//lmz1.bmp detected Trojan program 'Backdoor.IRC.Zapchast.zwqz'

29/4/2009 18:11:24 File: C:\Documents and Settings\Carlos\DoctorWeb\Quarantine\ckc.exe//lmz2.bmp detected Trojan program 'Backdoor.IRC.Zapchast.zwra'

29/4/2009 18:11:24 File: C:\Documents and Settings\Carlos\DoctorWeb\Quarantine\ckc.exe//lmz3.bmp detected Trojan program 'Backdoor.IRC.Zapchast.zwrb'

29/4/2009 18:11:25 File: C:\Documents and Settings\Carlos\DoctorWeb\Quarantine\ddram.exe//lmz3.bmp detected Trojan program 'Backdoor.IRC.Zapchast.zwrb'

29/4/2009 18:11:25 File: C:\Documents and Settings\Carlos\DoctorWeb\Quarantine\ddram.exe//lmz3.bmp not disinfected postponed

29/4/2009 18:11:27 File: C:\Documents and Settings\Carlos\DoctorWeb\Quarantine\ddram.exe//lmz1.bmp detected Trojan program 'Backdoor.IRC.Zapchast.zwqz'

29/4/2009 18:11:27 File: C:\Documents and Settings\Carlos\DoctorWeb\Quarantine\ddram.exe//lmz2.bmp detected Trojan program 'Backdoor.IRC.Zapchast.zwra'

29/4/2009 18:11:29 File: C:\Documents and Settings\Carlos\DoctorWeb\Quarantine\ddram.exe//lmz.exe detected Trojan program 'Backdoor.IRC.Zapchast.zwqy'

29/4/2009 18:11:30 File: C:\Documents and Settings\Carlos\DoctorWeb\Quarantine\hah.exe detected Trojan program 'Backdoor.IRC.Zapchast.zwrb' by hash

29/4/2009 18:11:30 File: C:\Documents and Settings\Carlos\DoctorWeb\Quarantine\nncdndfdfg48.exe/dpcxool64.sys detected Trojan program 'Trojan.Win32.VB.obn'

29/4/2009 18:11:30 File: C:\Documents and Settings\Carlos\DoctorWeb\Quarantine\nncdndfdfg48.exe/dpcxool64.sys not disinfected postponed

29/4/2009 18:11:31 File: C:\Documents and Settings\Carlos\DoctorWeb\Quarantine\rc[1].htm detected Trojan program 'Trojan-Downloader.JS.Plif.a'

29/4/2009 18:11:31 File: C:\Documents and Settings\Carlos\DoctorWeb\Quarantine\rc[1].htm not disinfected postponed

29/4/2009 18:11:31 File: C:\Documents and Settings\Carlos\DoctorWeb\Quarantine\rc[2].htm detected Trojan program 'Trojan-Downloader.JS.Plif.a'

29/4/2009 18:11:31 File: C:\Documents and Settings\Carlos\DoctorWeb\Quarantine\rc[2].htm not disinfected postponed

29/4/2009 18:11:31 File: C:\Documents and Settings\Carlos\DoctorWeb\Quarantine\rc[3].htm detected Trojan program 'Trojan-Downloader.JS.Plif.a'

29/4/2009 18:11:31 File: C:\Documents and Settings\Carlos\DoctorWeb\Quarantine\rc[3].htm not disinfected postponed

29/4/2009 18:11:31 File: C:\Documents and Settings\Carlos\DoctorWeb\Quarantine\rc[4].htm detected Trojan program 'Trojan-Downloader.JS.Plif.a'

29/4/2009 18:11:31 File: C:\Documents and Settings\Carlos\DoctorWeb\Quarantine\rc[4].htm not disinfected postponed

29/4/2009 18:11:31 File: C:\Documents and Settings\Carlos\DoctorWeb\Quarantine\rq.exe detected Trojan program 'Backdoor.IRC.Zapchast.zwrb' by hash

29/4/2009 18:11:32 File: C:\Documents and Settings\Carlos\DoctorWeb\Quarantine\sysm.exe//lmz3.bmp detected Trojan program 'Backdoor.IRC.Zapchast.zwrb'

29/4/2009 18:11:32 File: C:\Documents and Settings\Carlos\DoctorWeb\Quarantine\sysm.exe//lmz3.bmp not disinfected postponed

29/4/2009 18:11:47 File: C:\Documents and Settings\Carlos\DoctorWeb\Quarantine\websvr.exe detected Trojan program 'Trojan-Spy.Win32.AutoIt.c'

29/4/2009 18:11:47 File: C:\Documents and Settings\Carlos\DoctorWeb\Quarantine\websvr.exe not disinfected postponed

29/4/2009 18:11:47 File: C:\Documents and Settings\Carlos\DoctorWeb\Quarantine\websvr_0.exe detected Trojan program 'Trojan-Spy.Win32.AutoIt.c'

29/4/2009 18:11:47 File: C:\Documents and Settings\Carlos\DoctorWeb\Quarantine\websvr_0.exe not disinfected postponed

29/4/2009 18:11:50 File: C:\Documents and Settings\Carlos\Meus documentos\Diet Calculator, Body Fat Calculator.htm detected Trojan program 'Trojan-Clicker.HTML.IFrame.aga'

29/4/2009 18:11:50 File: C:\Documents and Settings\Carlos\Meus documentos\Diet Calculator, Body Fat Calculator.htm not disinfected postponed

29/4/2009 18:17:57 File: C:\Program Files\Activision\Rome - Total War\Docs\Help\Readme\readme.htm detected Trojan program 'Trojan-Clicker.HTML.IFrame.aga'

29/4/2009 18:17:57 File: C:\Program Files\Activision\Rome - Total War\Docs\Help\Readme\readme.htm not disinfected postponed

29/4/2009 18:18:07 File: C:\Program Files\ThunMail\testabd.ex_ detected Trojan program 'Trojan-GameThief.Win32.WOW.ihf'

29/4/2009 18:18:07 File: C:\Program Files\ThunMail\testabd.ex_ not disinfected postponed

29/4/2009 18:19:06 File: C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1\A0001103.sys detected Trojan program 'Trojan-Downloader.Win32.Agent.brzt'

29/4/2009 18:19:06 File: C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1\A0001103.sys not disinfected postponed

29/4/2009 18:19:10 File: C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1\A0001121.exe detected Trojan program 'Trojan-GameThief.Win32.WOW.ihf'

29/4/2009 18:19:10 File: C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1\A0001121.exe not disinfected postponed

29/4/2009 18:19:21 File: C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1\A0002198.dll detected Trojan program 'Trojan.Win32.Agent2.iho'

29/4/2009 18:19:21 File: C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1\A0002198.dll not disinfected postponed

29/4/2009 18:19:22 File: C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1\A0004169.sys detected Trojan program 'Trojan-Downloader.Win32.Delf.tka'

29/4/2009 18:19:22 File: C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1\A0004169.sys not disinfected postponed

29/4/2009 18:19:32 File: C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1\A0007213.sys detected Trojan program 'Trojan-Downloader.Win32.Delf.tlp'

29/4/2009 18:19:32 File: C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1\A0007213.sys not disinfected postponed

29/4/2009 18:19:34 File: C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1\A0008211.dll//PE_Patch.UPX//UPX detected Trojan program 'Trojan.Win32.Obfuscated.aeob'

29/4/2009 18:19:34 File: C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1\A0008211.dll//PE_Patch.UPX//UPX not disinfected postponed

29/4/2009 18:19:35 File: C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1\A0008214.sys detected Trojan program 'Rootkit.Win32.Pakes.pf'

29/4/2009 18:19:35 File: C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1\A0008214.sys not disinfected postponed

29/4/2009 18:19:37 File: C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1\A0009210.sys detected Trojan program 'Trojan-Downloader.Win32.Delf.tlq'

29/4/2009 18:19:37 File: C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1\A0009210.sys not disinfected postponed

29/4/2009 18:19:39 File: C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1\A0009214.exe detected Trojan program 'Trojan-Downloader.Win32.Delf.tlq'

29/4/2009 18:19:39 File: C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1\A0009214.exe not disinfected postponed

29/4/2009 18:19:39 File: C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1\A0010211.sys detected Trojan program 'Trojan.Win32.Agent.cdah'

29/4/2009 18:19:39 File: C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1\A0010211.sys not disinfected postponed

29/4/2009 18:19:41 File: C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1\A0010215.exe detected Trojan program 'Trojan.Win32.Agent.cdah'

29/4/2009 18:19:41 File: C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1\A0010215.exe not disinfected postponed

29/4/2009 18:19:42 File: C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1\A0011223.sys detected Trojan program 'Rootkit.Win32.Small.hz'

29/4/2009 18:19:42 File: C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1\A0011223.sys not disinfected postponed

29/4/2009 18:22:48 File: C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1\A0014453.sys detected Trojan program 'Rootkit.Win32.Small.hz'

29/4/2009 18:22:48 File: C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1\A0014453.sys not disinfected postponed

29/4/2009 18:22:49 File: C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1\A0014456.sys detected Trojan program 'Backdoor.Win32.IEbooot.bwg'

29/4/2009 18:22:49 File: C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1\A0014456.sys not disinfected postponed

29/4/2009 18:22:51 File: C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1\A0014491.dll detected Trojan program 'Trojan.Win32.Agent2.ipp'

29/4/2009 18:22:51 File: C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1\A0014491.dll not disinfected postponed

29/4/2009 18:22:52 File: C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1\A0014500.old detected Trojan program 'Trojan.Win32.VB.nzr'

29/4/2009 18:22:52 File: C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1\A0014500.old not disinfected postponed

29/4/2009 18:23:01 File: C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1\A0014609.com detected Trojan program 'Backdoor.Win32.IRCBot.dsh'

29/4/2009 18:23:01 File: C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1\A0014609.com not disinfected postponed

29/4/2009 18:23:01 File: C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1\A0014610.sys detected Trojan program 'Rootkit.Win32.Agent.jbb'

29/4/2009 18:23:01 File: C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1\A0014610.sys not disinfected postponed

29/4/2009 18:23:02 File: C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1\A0014612.exe//calling.com detected Trojan program 'Backdoor.Win32.IRCBot.dsh'

29/4/2009 18:23:02 File: C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1\A0014612.exe//calling.com not disinfected postponed

29/4/2009 18:23:03 File: C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1\A0014612.exe//lmz.exe detected Trojan program 'Backdoor.IRC.Zapchast.zwqy'

29/4/2009 18:23:03 File: C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1\A0014612.exe//lmz1.bmp detected Trojan program 'Backdoor.IRC.Zapchast.zwqz'

29/4/2009 18:23:03 File: C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1\A0014612.exe//lmz2.bmp detected Trojan program 'Backdoor.IRC.Zapchast.zwra'

29/4/2009 18:23:03 File: C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1\A0014612.exe//lmz3.bmp detected Trojan program 'Backdoor.IRC.Zapchast.zwrb'

29/4/2009 18:23:04 File: C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1\A0014613.exe//lmz3.bmp detected Trojan program 'Backdoor.IRC.Zapchast.zwrb'

29/4/2009 18:23:04 File: C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1\A0014613.exe//lmz3.bmp not disinfected postponed

29/4/2009 18:23:06 File: C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1\A0014613.exe//lmz1.bmp detected Trojan program 'Backdoor.IRC.Zapchast.zwqz'

29/4/2009 18:23:06 File: C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1\A0014613.exe//lmz2.bmp detected Trojan program 'Backdoor.IRC.Zapchast.zwra'

29/4/2009 18:23:08 File: C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1\A0014613.exe//lmz.exe detected Trojan program 'Backdoor.IRC.Zapchast.zwqy'

29/4/2009 18:23:08 File: C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1\A0014614.exe detected Trojan program 'Trojan.Win32.Agent2.hoc'

29/4/2009 18:23:08 File: C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1\A0014614.exe not disinfected postponed

29/4/2009 18:23:08 File: C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1\A0014615.exe//lmz3.bmp detected Trojan program 'Backdoor.IRC.Zapchast.zwrb'

29/4/2009 18:23:08 File: C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1\A0014615.exe//lmz3.bmp not disinfected postponed

29/4/2009 18:23:10 File: C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1\A0014616.exe detected Trojan program 'Trojan-Spy.Win32.AutoIt.c'

29/4/2009 18:23:10 File: C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1\A0014616.exe not disinfected postponed

29/4/2009 18:23:10 File: C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1\A0014617.exe detected Trojan program 'Backdoor.IRC.Zapchast.zwrb' by hash

29/4/2009 18:23:11 File: C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1\A0014618.exe detected Trojan program 'Backdoor.IRC.Zapchast.zwqy' by hash

29/4/2009 18:23:11 File: C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1\A0014619.exe/dpcxool64.sys detected Trojan program 'Trojan.Win32.VB.obn'

29/4/2009 18:23:11 File: C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1\A0014619.exe/dpcxool64.sys not disinfected postponed

29/4/2009 18:23:11 File: C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1\A0014620.exe detected Trojan program 'not-a-virus:RiskTool.Win32.HideWindows' by hash

29/4/2009 18:23:11 File: C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1\A0014621.exe detected Trojan program 'Trojan-Spy.Win32.AutoIt.c'

29/4/2009 18:23:11 File: C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1\A0014621.exe not disinfected postponed

29/4/2009 18:23:12 File: C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1\A0014622.exe detected Trojan program 'Trojan-Spy.Win32.AutoIt.c'

29/4/2009 18:23:12 File: C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1\A0014622.exe not disinfected postponed

29/4/2009 18:23:12 File: C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1\A0014623.INS detected Trojan program 'Backdoor.Win32.IRCBot.dsh'

29/4/2009 18:23:12 File: C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1\A0014623.INS not disinfected postponed

29/4/2009 18:23:12 File: C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1\A0014624.INS detected Trojan program 'Backdoor.Win32.IRCBot.dsh'

29/4/2009 18:23:12 File: C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1\A0014624.INS not disinfected postponed

29/4/2009 18:23:12 File: C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1\A0014625.INS detected Trojan program 'Backdoor.Win32.IRCBot.dsh'

29/4/2009 18:23:12 File: C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1\A0014625.INS not disinfected postponed

29/4/2009 18:23:12 File: C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1\A0014626.INS detected Trojan program 'Backdoor.Win32.IRCBot.dsh'

29/4/2009 18:23:12 File: C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1\A0014626.INS not disinfected postponed

29/4/2009 18:23:12 File: C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1\A0014627.INS detected Trojan program 'Backdoor.Win32.IRCBot.dsh'

29/4/2009 18:23:12 File: C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1\A0014627.INS not disinfected postponed

29/4/2009 18:23:12 File: C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1\A0014628.INS detected Trojan program 'Backdoor.Win32.IRCBot.dsh'

29/4/2009 18:23:12 File: C:\System Volume Information\_restore{D0518E27-9216-4643-BEF1-64C323F10013}\RP1\A0014628.INS not disinfected postponed

29/4/2009 18:37:00 File: C:\WINDOWS\Help\ciadmin.htm detected Trojan program 'Trojan-Clicker.HTML.IFrame.aga'

29/4/2009 18:37:00 File: C:\WINDOWS\Help\ciadmin.htm not disinfected postponed

29/4/2009 18:37:26 File: C:\WINDOWS\Help\migwiz.htm detected Trojan program 'Trojan-Clicker.HTML.IFrame.aga'

29/4/2009 18:37:26 File: C:\WINDOWS\Help\migwiz.htm not disinfected postponed

29/4/2009 18:37:26 File: C:\WINDOWS\Help\migwiz2.htm detected Trojan program 'Trojan-Clicker.HTML.IFrame.aga'

29/4/2009 18:37:26 File: C:\WINDOWS\Help\migwiz2.htm not disinfected postponed

29/4/2009 18:40:17 File: C:\WINDOWS\pchealth\helpctr\System\blurbs\searchtips.htm detected Trojan program 'Trojan-Clicker.HTML.IFrame.aga'

29/4/2009 18:40:17 File: C:\WINDOWS\pchealth\helpctr\System\blurbs\searchtips.htm not disinfected postponed

29/4/2009 18:40:19 File: C:\WINDOWS\pchealth\helpctr\System\errors\connection.htm detected Trojan program 'Trojan-Clicker.HTML.IFrame.aga'

29/4/2009 18:40:19 File: C:\WINDOWS\pchealth\helpctr\System\errors\connection.htm not disinfected postponed

29/4/2009 18:44:47 File: C:\WINDOWS\system32\config\systemprofile\Configurações locais\Temporary Internet Files\Content.IE5\WPMN4XI7\ToastMini[1].htm detected Trojan program 'Trojan-Clicker.HTML.IFrame.aga'

(continua no próximo post...)

Carlos SP · Abril 29, 2009

(continuação do post anterior)

29/4/2009 18:44:47 File: C:\WINDOWS\system32\config\systemprofile\Configurações locais\Temporary Internet Files\Content.IE5\WPMN4XI7\ToastMini[1].htm not disinfected postponed

29/4/2009 18:45:05 File: C:\WINDOWS\system32\dk\lmz1.bmp detected Trojan program 'Backdoor.IRC.Zapchast.zwqz'

29/4/2009 18:45:05 File: C:\WINDOWS\system32\dk\lmz1.bmp not disinfected postponed

29/4/2009 18:47:29 File: C:\WINDOWS\system32\drive\27296716.INS detected Trojan program 'Backdoor.Win32.IRCBot.dsh'

29/4/2009 18:47:29 File: C:\WINDOWS\system32\drive\27296716.INS not disinfected postponed

29/4/2009 18:47:29 File: C:\WINDOWS\system32\drive\31861617.INS detected Trojan program 'Backdoor.Win32.IRCBot.dsh'

29/4/2009 18:47:29 File: C:\WINDOWS\system32\drive\31861617.INS not disinfected postponed

29/4/2009 18:47:29 File: C:\WINDOWS\system32\drive\37224256.INS detected Trojan program 'Backdoor.Win32.IRCBot.dsh'

29/4/2009 18:47:29 File: C:\WINDOWS\system32\drive\37224256.INS not disinfected postponed

29/4/2009 18:47:30 File: C:\WINDOWS\system32\drive\7058408.INS detected Trojan program 'Backdoor.Win32.IRCBot.dsh'

29/4/2009 18:47:30 File: C:\WINDOWS\system32\drive\7058408.INS not disinfected postponed

29/4/2009 18:47:30 File: C:\WINDOWS\system32\drive\8204747.INS detected Trojan program 'Backdoor.Win32.IRCBot.dsh'

29/4/2009 18:47:30 File: C:\WINDOWS\system32\drive\8204747.INS not disinfected postponed

29/4/2009 18:47:30 File: C:\WINDOWS\system32\drive\86102025.INS detected Trojan program 'Backdoor.Win32.IRCBot.dsh'

29/4/2009 18:47:30 File: C:\WINDOWS\system32\drive\86102025.INS not disinfected postponed

29/4/2009 18:47:31 File: C:\WINDOWS\system32\drive\lmz1.bmp detected Trojan program 'Backdoor.IRC.Zapchast.zwqz'

29/4/2009 18:47:31 File: C:\WINDOWS\system32\drive\lmz1.bmp not disinfected postponed

29/4/2009 18:48:36 File: C:\WINDOWS\Temp\BN13.tmp detected Trojan program 'Trojan-Downloader.Win32.FraudLoad.vqzq'

29/4/2009 18:48:36 File: C:\WINDOWS\Temp\BN13.tmp not disinfected postponed

29/4/2009 18:48:36 File: C:\WINDOWS\Temp\BN14.tmp detected Trojan program 'Trojan-Downloader.Win32.FraudLoad.vqzq'

29/4/2009 18:48:36 File: C:\WINDOWS\Temp\BN14.tmp not disinfected postponed

29/4/2009 18:48:36 File: C:\WINDOWS\Temp\BN15.tmp detected Trojan program 'Trojan-Downloader.Win32.FraudLoad.vqzq'

29/4/2009 18:48:36 File: C:\WINDOWS\Temp\BN15.tmp not disinfected postponed

29/4/2009 18:48:36 File: C:\WINDOWS\Temp\BN27.tmp detected Trojan program 'Trojan-Downloader.Win32.FraudLoad.vqzq'

29/4/2009 18:48:36 File: C:\WINDOWS\Temp\BN27.tmp not disinfected postponed

29/4/2009 18:48:36 File: C:\WINDOWS\Temp\BNC.tmp detected Trojan program 'Trojan-Downloader.Win32.FraudLoad.vqzq'

29/4/2009 18:48:36 File: C:\WINDOWS\Temp\BNC.tmp not disinfected postponed

29/4/2009 18:48:38 File: C:\WINDOWS\Temp\nncdndfdfg48.exe/dpcxool64.sys detected Trojan program 'Trojan.Win32.VB.obn'

29/4/2009 18:48:38 File: C:\WINDOWS\Temp\nncdndfdfg48.exe/dpcxool64.sys not disinfected postponed

29/4/2009 18:48:39 File: C:\WINDOWS\Temp\VRT4.tmp detected Trojan program 'Trojan.Win32.Agent2.iqq'

29/4/2009 18:48:39 File: C:\WINDOWS\Temp\VRT4.tmp not disinfected postponed

29/4/2009 18:48:39 File: C:\WINDOWS\Temp\VRT7.tmp detected Trojan program 'Trojan.Win32.Agent2.iqq'

29/4/2009 18:48:39 File: C:\WINDOWS\Temp\VRT7.tmp not disinfected postponed

29/4/2009 18:48:40 File: C:\WINDOWS\Web\tip.htm detected Trojan program 'Trojan-Clicker.HTML.IFrame.aga'

29/4/2009 18:48:40 File: C:\WINDOWS\Web\tip.htm not disinfected postponed

29/4/2009 18:48:50 File: c:\documents and settings\carlos\meus documentos\diet calculator, body fat calculator.htm detected Trojan program 'Trojan-Clicker.HTML.IFrame.aga'

29/4/2009 18:49:15 File: c:\documents and settings\carlos\meus documentos\diet calculator, body fat calculator.htm disinfected Trojan program 'Trojan-Clicker.HTML.IFrame.aga'

29/4/2009 18:49:15 File: c:\documents and settings\carlos\meus documentos\diet calculator, body fat calculator.htm detected Trojan program 'Trojan-Clicker.HTML.IFrame.aga'