Usamos cookies para medir audiência e melhorar sua experiência. Você pode aceitar ou recusar a qualquer momento. Veja sobre o iMasters.
Opa...
Pesquisei hoje sobre um virus q surgiu na lista dos processos do meu pc e achei esse forum muito massa para resolver os problemas...
primeiro passei o combofix segui tudo certinho....
cara acho q sumiu alguns do malwares q estavam no pc...
melhorou bem..
depois lendo o forum achei o tal do hijackthis e passei ele tambem com todos os meus drivers conectador ao pc...
estou com o log dos dois...
Combofix:
ComboFix 09-04-01.01 - Felipe de Souza 2009-04-02 19:29:49.1 - NTFSx86
Executando de: e:\documents and settings\Felipe de Souza\Desktop\ComboFix.exe
.
((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))
.
E:\autorun.inf
e:\documents and settings\Felipe de Souza\Dados de aplicativos\inst.exe
e:\windows\system32\Core.dll
e:\windows\system32\msssc.dll
F:\Autorun.inf
.
(((((((((((((((( Arquivos/Ficheiros criados de 2009-03-02 to 2009-04-02 ))))))))))))))))))))))))))))
.
2009-04-02 19:13 . 2006-03-02 23:42 73,728 --a------ E:\pv.exe
2009-04-02 19:12 . 2009-04-02 19:12 <DIR> d-------- e:\documents and settings\Felipe de Souza\Dados de aplicativos\Windows Desktop Search
2009-04-02 16:25 . 2009-04-02 16:25 <DIR> d-------- e:\documents and settings\Felipe de Souza\Dados de aplicativos\Windows Search
2009-04-02 16:23 . 2009-04-02 16:23 <DIR> d-------- e:\arquivos de programas\Windows Desktop Search2009-04-02 16:22 . 2008-03-07 14:02 192,000 -----c--- e:\windows\system32\dllcache\offfilt.dll
2009-04-02 16:22 . 2008-03-07 14:02 98,304 -----c--- e:\windows\system32\dllcache\nlhtml.dll
2009-04-02 16:22 . 2008-03-07 14:02 29,696 -----c--- e:\windows\system32\dllcache\mimefilt.dll
2009-04-02 13:38 . 2009-01-09 16:19 1,089,883 -----c--- e:\windows\system32\dllcache\ntprint.cat
2009-04-01 14:10 . 2006-06-29 13:07 14,048 --------- e:\windows\system32\spmsg2.dll
2009-04-01 13:59 . 2009-04-01 14:10 <DIR> d-------- e:\windows\system32\XPSViewer
2009-04-01 13:58 . 2009-04-01 13:58 <DIR> d-------- e:\arquivos de programas\Reference Assemblies
2009-04-01 13:58 . 2009-04-01 13:58 <DIR> d-------- E:\82395a271562dfd27ce6b42009-04-01 13:58 . 2008-07-06 09:06 1,676,288 --------- e:\windows\system32\xpssvcs.dll
2009-04-01 13:58 . 2008-07-06 09:06 1,676,288 -----c--- e:\windows\system32\dllcache\xpssvcs.dll
2009-04-01 13:58 . 2008-07-06 07:50 597,504 -----c--- e:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-04-01 13:58 . 2008-07-06 09:06 575,488 --------- e:\windows\system32\xpsshhdr.dll
2009-04-01 13:58 . 2008-07-06 09:06 575,488 -----c--- e:\windows\system32\dllcache\xpsshhdr.dll
2009-04-01 13:58 . 2008-07-06 09:06 117,760 --------- e:\windows\system32\prntvpt.dll
2009-04-01 13:58 . 2008-07-06 09:06 89,088 -----c--- e:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-04-01 13:48 . 2009-04-01 13:48 <DIR> d-------- E:\1dbbb87d4aea535a613cdea85f1d
2009-03-31 16:26 . 2009-03-31 16:26 <DIR> d--hs---- e:\documents and settings\Felipe de Souza\PrivacIE
2009-03-31 16:26 . 2009-03-31 16:26 <DIR> d--hs---- e:\documents and settings\Felipe de Souza\IECompatCache
2009-03-31 15:50 . 2009-03-31 15:50 <DIR> d--hs---- e:\documents and settings\LocalService\IETldCache
2009-03-31 15:50 . 2009-03-31 15:50 <DIR> d--hs---- e:\documents and settings\Felipe de Souza\IETldCache
2009-03-31 15:31 . 2009-03-31 15:31 <DIR> d-------- e:\windows\ie8updates
2009-03-31 15:26 . 2009-03-31 15:30 <DIR> d--h-c--- e:\windows\ie82009-03-31 15:04 . 2009-02-28 01:55 105,984 -----c--- e:\windows\system32\dllcache\iecompat.dll
2009-03-25 22:15 . 2009-03-25 22:15 <DIR> d-------- e:\documents and settings\All Users\Dados de aplicativos\Kaspersky Lab Setup Files
2009-03-19 18:27 . 2009-04-02 16:04 <DIR> d-------- e:\documents and settings\All Users\Dados de aplicativos\Google Updater
2009-03-19 16:23 . 2009-03-19 16:23 <DIR> d-------- e:\documents and settings\Felipe de Souza\Dados de aplicativos\Windows Live Writer
2009-03-19 15:17 . 2009-03-19 15:17 <DIR> d-------- e:\arquivos de programas\Microsoft Silverlight
2009-03-19 14:36 . 2009-03-19 14:36 <DIR> d-------- e:\windows\system32\config\systemprofile\Dados de aplicativos\SACore
2009-03-16 21:27 . 2009-03-16 21:56 <DIR> d-------- e:\documents and settings\Felipe de Souza\.receitanet2009-03-16 21:23 . 2008-12-23 17:01 69,632 --a------ e:\windows\system32\MSJCE.dll
2009-03-08 14:35 . 2009-03-08 14:35 53,248 --------- e:\windows\system32\msrating.dll.mui
2009-03-08 14:35 . 2009-03-08 14:35 2,560 --------- e:\windows\system32\mshta.exe.mui
2009-03-08 14:32 . 2009-03-08 14:32 81,920 --------- e:\windows\system32\iedkcs32.dll.mui
2009-03-08 14:32 . 2009-03-08 14:32 4,096 --------- e:\windows\system32\ie4uinit.exe.mui
2009-03-08 04:33 . 2009-03-08 04:33 18,944 -----c--- e:\windows\system32\dllcache\corpol.dll
.
((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-02 22:32 --------- d-----w e:\documents and settings\Felipe de Souza\Dados de aplicativos\BitTorrent
2009-04-02 22:29 --------- d-----w e:\documents and settings\Felipe de Souza\Dados de aplicativos\DNA
2009-04-02 22:13 --------- d-----w e:\arquivos de programas\Mozilla Firefox 3.1 Beta 2
2009-04-02 22:09 --------- d-----w e:\arquivos de programas\DNA
2009-04-01 18:27 --------- d-----w e:\documents and settings\All Users\Dados de aplicativos\Babylon
2009-04-01 16:59 --------- d-----w e:\arquivos de programas\MSBuild
2009-03-31 23:55 --------- d-----w e:\documents and settings\Felipe de Souza\Dados de aplicativos\Babylon
2009-03-31 17:54 --------- d-----w e:\arquivos de programas\Hamachi
2009-03-31 17:54 --------- d-----w e:\arquivos de programas\GordianKnot
2009-03-31 17:53 --------- d-----w e:\arquivos de programas\Cheatbook Database 2008
2009-03-31 17:53 --------- d-----w e:\arquivos de programas\BitTorrent_DNA
2009-03-31 17:53 --------- d-----w e:\arquivos de programas\BitTorrent
2009-03-31 17:49 --------- d-----w e:\arquivos de programas\Acoustica Audio Converter Pro
2009-03-29 23:09 --------- d-----w e:\documents and settings\LocalService\Dados de aplicativos\SACore
2009-03-27 19:54 --------- d-----w e:\documents and settings\Felipe de Souza\Dados de aplicativos\Vso
2009-03-26 20:22 --------- d-----w e:\arquivos de programas\VDOWNLOADER
2009-03-26 01:18 --------- d-----w e:\arquivos de programas\AIMP2
2009-03-19 21:27 --------- d-----w e:\arquivos de programas\Google
2009-03-19 18:44 --------- d-----w e:\arquivos de programas\Windows Live
2009-03-19 16:19 --------- d-----w e:\arquivos de programas\McAfee
2009-03-17 01:15 --------- d-----w e:\arquivos de programas\Programas RFB
2009-03-13 15:58 --------- d-----w e:\documents and settings\All Users\Dados de aplicativos\Microsoft Help
2009-03-08 07:34 914,944 ----a-w e:\windows\system32\wininet.dll
2009-03-08 07:34 43,008 ----a-w e:\windows\system32\licmgr10.dll
2009-03-08 07:33 420,352 ----a-w e:\windows\system32\vbscript.dll
2009-03-08 07:33 18,944 ----a-w e:\windows\system32\corpol.dll
2009-03-08 07:32 72,704 ----a-w e:\windows\system32\admparse.dll
2009-03-08 07:32 71,680 ----a-w e:\windows\system32\iesetup.dll
2009-03-08 07:31 48,128 ----a-w e:\windows\system32\mshtmler.dll
2009-03-08 07:31 45,568 ----a-w e:\windows\system32\mshta.exe
2009-03-08 07:31 34,816 ----a-w e:\windows\system32\imgutil.dll
2009-03-08 07:22 156,160 ----a-w e:\windows\system32\msls31.dll
2009-02-09 14:06 1,846,912 ----a-w e:\windows\system32\win32k.sys
2009-02-08 00:16 --------- d--h--w e:\arquivos de programas\InstallShield Installation Information
2009-02-07 22:05 --------- d-----w e:\arquivos de programas\Messenger Plus! Live
2009-02-07 00:42 --------- d-----w e:\arquivos de programas\sXe Injected
2009-02-06 22:14 308,088 ----a-w e:\windows\WLXPGSS.SCR
2009-02-06 21:52 49,504 ----a-w e:\windows\system32\sirenacm.dll
2009-02-02 15:52 --------- d-----w e:\documents and settings\Felipe de Souza\Dados de aplicativos\SUPERAntiSpyware.com
2009-02-02 15:52 --------- d-----w e:\arquivos de programas\SUPERAntiSpyware
2009-01-07 21:21 26,144 ----a-w e:\windows\system32\spupdsvc.exe
2009-01-07 21:20 265,720 ----a-w e:\windows\system32\msdbg2.dll
2009-01-07 21:20 26,112 ----a-w e:\windows\system32\idndl.dll
2009-01-07 21:20 24,576 ----a-w e:\windows\system32\nlsdl.dll
2009-01-07 21:20 23,552 ----a-w e:\windows\system32\normaliz.dll
2008-03-08 21:06 47,360 ----a-w e:\documents and settings\Felipe de Souza\Dados de aplicativos\pcouffin.sys
2008-12-08 23:08 32,768 --sha-w e:\windows\system32\config\systemprofile\Configurações locais\Histórico\History.IE5\MSHist012008120820081209\index.dat
.
(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))
.
.
Nota entradas vazias e legítimas por defeito não são mostradas.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BitTorrent"="e:\arquivos de programas\BitTorrent\bittorrent.exe" [2008-12-16 637232]
"ctfmon.exe"="e:\windows\system32\ctfmon.exe" [2008-04-13 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="e:\arquiv~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"MSConfig"="e:\windows\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2008-04-13 171520]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="e:\windows\system32\CTFMON.EXE" [2008-04-13 15360]
e:\documents and settings\Felipe de Souza\Menu Iniciar\Programas\Inicializar\
Ferramenta de Verifica‡Æo de M¡dia do Cyber-shot Viewer.lnk - e:\arquivos de programas\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe [2008-02-23 155648]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "e:\arquivos de programas\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 304128]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3fhg"= mp3fhg.acm
"msacm.divxa32"= divxa32.acm
"VIDC.X264"= x264vfw.dll
"VIDC.HFYU"= huffyuv.dll
"vidc.i263"= i263_32.drv
[HKLM\~\startupfolder\E:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Windows Search.lnk]
path=e:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\Windows Search.lnk
backup=e:\windows\pss\Windows Search.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-10-15 00:04 39792 e:\arquivos de programas\Adobe\Reader 8.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Babylon Client]
--a------ 2008-02-20 23:22 3165920 e:\arquivos de programas\Babylon\Babylon-Pro\Babylon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent]
--a------ 2008-12-16 17:16 637232 e:\arquivos de programas\BitTorrent\bittorrent.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]
--a------ 2008-12-19 08:22 342848 e:\arquivos de programas\DNA\btdna.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\fssui]
--a------ 2009-02-06 18:08 454000 e:\arquivos de programas\Windows Live\Family Safety\fsui.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
--a------ 2007-08-24 06:00 33648 e:\arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
--a------ 2004-05-12 15:18 241664 e:\arquivos de programas\HP\hpcoretech\hpcmpmgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2004-02-12 13:38 49152 e:\arquivos de programas\HP\HP Software Update\hpwuSchd2.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2008-04-13 23:21 1695232 e:\arquivos de programas\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
--a------ 2009-02-06 18:50 3885408 e:\arquivos de programas\Windows Live\Messenger\msnmsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2007-03-09 18:53 153136 e:\arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2006-10-22 13:22 7700480 e:\windows\system32\nvcpl.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2006-10-22 13:22 86016 e:\windows\system32\nvmctray.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
--a------ 2008-12-03 11:47 1205760 e:\arquivos de programas\Nokia\Nokia PC Suite 7\PCSuite.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2001-12-31 13:04 831488 e:\windows\system32\nwiz.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"e:\\Arquivos de programas\\DNA\\btdna.exe"=
"e:\\Arquivos de programas\\Shareaza\\Shareaza.exe"=
"e:\\Arquivos de programas\\BitTorrent\\bittorrent.exe"=
"e:\\Arquivos de programas\\Valve\\hl.exe"=
"e:\\Arquivos de programas\\Valve\\hlds.exe"=
"e:\\Arquivos de programas\\Valve\\HLServer\\hlds.exe"=
"e:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=
"e:\\Arquivos de programas\\Windows Live\\Sync\\WindowsLiveSync.exe"=
R2 gupdate1c9a8d98cb40f30;Google Update Service (gupdate1c9a8d98cb40f30);e:\arquivos de programas\Google\Update\GoogleUpdate.exe [2009-03-19 133104]
R3 cpuz129;cpuz129;f:\felipe\Programas\pc wizz\pcwiz32.sys [2008-01-25 9600]
R3 Mkd2kfNt;Mkd2kfNt;e:\windows\system32\drivers\Mkd2kfNt.sys [2008-07-08 130560]
R3 Mkd2Nadr;Mkd2Nadr;e:\windows\system32\drivers\Mkd2Nadr.sys [2008-07-08 79104]
R3 XDva168;XDva168; [x]
S1 aswSP;avast! Self Protection; [x]
S2 aswFsBlk;aswFsBlk;e:\windows\system32\DRIVERS\aswFsBlk.sys [2009-02-05 20560]
S2 fssfltr;fssfltr;e:\windows\system32\DRIVERS\fssfltr_tdi.sys [2008-12-08 55136]
S2 fsssvc;Windows Live Proteção para a Família;e:\arquivos de programas\Windows Live\Family Safety\fsssvc.exe [2009-02-06 533360]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;e:\arquivos de programas\McAfee\SiteAdvisor\McSACore.exe [2009-02-11 210216]
S2 SeaPort;SeaPort;e:\arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-01-14 226656]
--- ---
Deregistered - Aavmker4
Deregistered - AFD
Deregistered - ALG
Deregistered - aswFsBlk
Deregistered - aswMon2
Deregistered - aswRdr
Deregistered - aswSP
Deregistered - aswTdi
Deregistered - aswUpdSv
Deregistered - AudioSrv
Deregistered - audstub
Deregistered - avast! Antivirus
Deregistered - avast! Mail Scanner
Deregistered - avast! Web Scanner
Deregistered - Beep
Deregistered - BITS
Deregistered - Browser
Deregistered - Cdfs
Deregistered - CryptSvc
Deregistered - DcomLaunch
Deregistered - Dhcp
Deregistered - dmio
Deregistered - dmload
Deregistered - dmserver
Deregistered - Dnscache
Deregistered - ElbyCDIO
Deregistered - ERSvc
Deregistered - EventSystem
Deregistered - Fastfat
Deregistered - FastUserSwitchingCompatibility
Deregistered - Fips
Deregistered - FltMgr
Deregistered - fssfltr
Deregistered - fsssvc
Deregistered - Ftdisk
Deregistered - Gpc
Deregistered - gupdate1c9a8d98cb40f30
Deregistered - gusvc
Deregistered - helpsvc
Deregistered - HTTP
Deregistered - InCDfs
Deregistered - InCDsrv
Deregistered - IpNat
Deregistered - IPSec
Deregistered - KSecDD
Deregistered - lanmanserver
Deregistered - lanmanworkstation
Deregistered - LmHosts
Deregistered - McAfee SiteAdvisor Service
Deregistered - MDM
Deregistered - mnmdd
Deregistered - MountMgr
Deregistered - MRxDAV
Deregistered - MRxSmb
Deregistered - Msfs
Deregistered - mssmbios
Deregistered - Mup
Deregistered - NDIS
Deregistered - NdisTapi
Deregistered - Ndisuio
Deregistered - NdisWan
Deregistered - NDProxy
Deregistered - NetBIOS
Deregistered - NetBT
Deregistered - Netman
Deregistered - Nla
Deregistered - Npfs
Deregistered - Ntfs
Deregistered - Null
Deregistered - NVSvc
Deregistered - PartMgr
Deregistered - ParVdm
Deregistered - PCIIde
Deregistered - pcouffin
Deregistered - PolicyAgent
Deregistered - PptpMiniport
Deregistered - ProtectedStorage
Deregistered - PSched
Deregistered - RasAcd
Deregistered - Rasl2tp
Deregistered - RasMan
Deregistered - RasPppoe
Deregistered - Raspti
Deregistered - Rdbss
Deregistered - RDPCDD
Deregistered - rdpdr
Deregistered - RemoteRegistry
Deregistered - RpcSs
Deregistered - SamSs
Deregistered - SCDEmu
Deregistered - Schedule
Deregistered - SeaPort
Deregistered - seclogon
Deregistered - SENS
Deregistered - SharedAccess
Deregistered - ShellHWDetection
Deregistered - sisidex
Deregistered - SoundMAX Agent Service (default)
Deregistered - Spooler
Deregistered - sr
Deregistered - srservice
Deregistered - Srv
Deregistered - SSDPSRV
Deregistered - stisvc
Deregistered - swenum
Deregistered - TapiSrv
Deregistered - Tcpip
Deregistered - TermDD
Deregistered - TermService
Deregistered - Themes
Deregistered - TrkWks
Deregistered - Update
Deregistered - upnphost
Deregistered - VgaSave
Deregistered - VolSnap
Deregistered - W32Time
Deregistered - Wanarp
Deregistered - WebClient
Deregistered - winmgmt
Deregistered - wscsvc
Deregistered - WSearch
Deregistered - wuauserv
Deregistered - WudfPf
Deregistered - WudfSvc
Deregistered - WZCSVC
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{02e24a10-e202-11dc-a4ba-806d6172696f}]
\Shell\AutoRun\command - m0vnonh.bat
\Shell\open\Command - m0vnonh.bat
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{02e24a12-e202-11dc-a4ba-806d6172696f}]
\Shell\AutoRun\command - m0vnonh.bat
\Shell\open\Command - m0vnonh.bat
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0a81d1e5-d761-11dd-85ca-00109588f044}]
\Shell\AutoRun\command - C:\ino6.com
\Shell\explore\Command - C:\ino6.com
\Shell\open\Command - C:\ino6.com
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{118fd434-c39b-11dd-8585-00109588f044}]
\Shell\AutoRun\command - C:\m0vnonh.bat
\Shell\open\Command - C:\m0vnonh.bat
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6b5c1600-e22d-11dc-8223-0011d8abaa45}]
\Shell\AutoRun\command - e:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wbsinstalls.exe
\Shell\infected\command - C:\wbsinstalls.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{93c1bb04-f246-11dd-8611-00109588f044}]
\Shell\AutoRun\command - C:\pook.com
\Shell\open\Command - C:\pook.com
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{aa108ff5-7c46-11dd-848c-00109588f044}]
\Shell\AutoRun\command - e:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe killVBS.vbs
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c9da06ba-d793-11dd-85cb-00109588f044}]
\Shell\AutoRun\command - e:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe killVBS.vbs
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d28d13e2-d79d-11dd-85cd-00109588f044}]
\Shell\Auto\command - MicrosoftPowerPoint.exe
\Shell\AutoRun\command - e:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL MicrosoftPowerPoint.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e4f8ddfe-7ad2-11dd-8481-00109588f044}]
\Shell\AutoRun\command - C:\jdhc2x2.com
\Shell\explore\Command - C:\jdhc2x2.com
\Shell\open\Command - C:\jdhc2x2.com
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fd464f9c-406a-11dd-83a4-00109588f044}]
\Shell\AutoRun\command - C:\m0vnonh.bat
\Shell\open\Command - C:\m0vnonh.bat
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"e:\windows\system32\rundll32.exe" "e:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Conteúdo da pasta 'Tarefas Agendadas'
2009-03-27 e:\windows\Tasks\1-Click Maintenance.job
2009-04-02 e:\windows\Tasks\Google Software Updater.job
2009-04-02 e:\windows\Tasks\GoogleUpdateTaskMachine.job
2009-04-02 e:\windows\Tasks\User_Feed_Synchronization-{0C36095E-F041-48A4-8102-508217BE272F}.job
.
HKU-Default-Run-Nokia.PCSync - e:\arquivos de programas\Nokia\Nokia PC Suite 6\PcSync2.exe
SafeBoot-Wdf01000.sys
MSConfigStartUp-amva - e:\windows\system32\amvo.exe
MSConfigStartUp-cdoosoft - e:\windows\system32\olhrwef.exe
MSConfigStartUp-mstwain32 - e:\windows\mstwain32.exe
MSConfigStartUp-Nokia - e:\arquivos de programas\Nokia\Nokia PC Suite 6\PCSync2.exe
MSConfigStartUp-SiteAdvisor - e:\arquivos de programas\SiteAdvisor\6253\SiteAdv.exe
.
------- Scan Suplementar -------
.
uStart Page = about:blank
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://br.search.yahoo.com/search?fr=mcafee&p=%s
IE: E&xportar para o Microsoft Excel - e:\arquiv~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Translate with &Babylon - e:\arquivos de programas\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Translate.htm
DPF: {A1D886C6-4039-4451-97A9-515F5BE5D4C2} - hxxps://secwebclinic.ahnlab.com/asp/cab/mkdplus.cab
FF - ProfilePath - e:\documents and settings\Felipe de Souza\Dados de aplicativos\Mozilla\Firefox\Profiles\5o2cppyd.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
FF - prefs.js: browser.search.selectedEngine - Live Search
FF - prefs.js: browser.startup.homepage - www.orkut.com
FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
FF - component: e:\documents and settings\Felipe de Souza\Dados de aplicativos\Mozilla\Firefox\Profiles\5o2cppyd.default\extensions\{f592709f-ff4a-4862-b659-4afabda56312}\components\FFExternalAlert.dll
FF - plugin: e:\arquivos de programas\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: e:\arquivos de programas\Google\Update\1.2.141.5\npGoogleOneClick7.dll
FF - plugin: e:\arquivos de programas\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: e:\arquivos de programas\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: e:\arquivos de programas\Microsoft\Office Live\npOLW.dll
FF - plugin: e:\arquivos de programas\Windows Live\Photo Gallery\NPWLPG.dll
---- FIREFOX POLICIES ----
e:\arquivos de programas\Mozilla Firefox 3.1 Beta 2\greprefs\all.js - pref("media.enforce_same_site_origin", false);
e:\arquivos de programas\Mozilla Firefox 3.1 Beta 2\greprefs\all.js - pref("media.ogg.enabled", true);
e:\arquivos de programas\Mozilla Firefox 3.1 Beta 2\greprefs\all.js - pref("media.wave.enabled", true);
e:\arquivos de programas\Mozilla Firefox 3.1 Beta 2\greprefs\all.js - pref("media.autoplay.enabled", true);
e:\arquivos de programas\Mozilla Firefox 3.1 Beta 2\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
e:\arquivos de programas\Mozilla Firefox 3.1 Beta 2\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
e:\arquivos de programas\Mozilla Firefox 3.1 Beta 2\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
e:\arquivos de programas\Mozilla Firefox 3.1 Beta 2\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
e:\arquivos de programas\Mozilla Firefox 3.1 Beta 2\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");
e:\arquivos de programas\Mozilla Firefox 3.1 Beta 2\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
e:\arquivos de programas\Mozilla Firefox 3.1 Beta 2\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
e:\arquivos de programas\Mozilla Firefox 3.1 Beta 2\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
e:\arquivos de programas\Mozilla Firefox 3.1 Beta 2\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
e:\arquivos de programas\Mozilla Firefox 3.1 Beta 2\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
e:\arquivos de programas\Mozilla Firefox 3.1 Beta 2\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
e:\arquivos de programas\Mozilla Firefox 3.1 Beta 2\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
.**************************************************************************
catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-02 19:33:10
Windows 5.1.2600 Service Pack 3 NTFS
Procurando processos ocultos ...
Procurando entradas auto inicializáveis ocultas ...
Procurando ficheiros/arquivos ocultos ...
Varredura completada com sucesso
arquivos/ficheiros ocultos: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-1220945662-573735546-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{5A52899D-87F3-097F-6051-C61BEBFA4271}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
Tempo para conclusão: 2009-04-02 19:35:54
ComboFix-quarantined-files.txt 2009-04-02 22:35:48
Pré-execução: 1,773,019,136 bytes disponíveis
Pós execução: 1,789,616,128 bytes disponíveis
Current=5 Default=5 Failed=3 LastKnownGood=1 Sets=1,2,3,5
422 --- E O F --- 2009-04-02 17:31:31
Hijackthis:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:06:12, on 2/4/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\svchost.exe
E:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe
E:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe
E:\WINDOWS\system32\spoolsv.exe
E:\Arquivos de programas\Windows Live\Family Safety\fsssvc.exe
E:\Arquivos de programas\Nero\Nero 7\InCD\InCDsrv.exe
E:\Arquivos de programas\McAfee\SiteAdvisor\McSACore.exe
E:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\mdm.exe
E:\Arquivos de programas\Google\Update\GoogleUpdate.exe
E:\WINDOWS\system32\nvsvc32.exe
E:\Arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
E:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\system32\SearchIndexer.exe
E:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe
E:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe
E:\WINDOWS\Explorer.EXE
E:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe
E:\Arquivos de programas\BitTorrent\bittorrent.exe
E:\WINDOWS\system32\ctfmon.exe
E:\Arquivos de programas\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
E:\Arquivos de programas\Mozilla Firefox 3.1 Beta 2\firefox.exe
E:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe
E:\Arquivos de programas\Windows Live\Contacts\wlcomm.exe
E:\Arquivos de programas\Windows Live\Mail\wlmail.exe
E:\Hijack\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://br.search.yahoo.com/search?fr=mcafee&p=%s
R3 - URLSearchHook: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Windows Live Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - E:\Arquivos de programas\Windows Live\Family Safety\fssbho.dll
O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - E:\Arquivos de programas\Windows Live\Messenger\wlchtc.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - E:\Arquivos de programas\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - E:\Arquivos de programas\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - E:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - E:\Arquivos de programas\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - e:\ARQUIV~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - E:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Babylon - {965B54B0-71E0-4611-8DE7-F73FA0B20E26} - E:\Arquivos de programas\Babylon\Babylon Toolbar\BabylonIEToolBar.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - e:\ARQUIV~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - E:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [avast!] E:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE E:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [bitTorrent] "E:\Arquivos de programas\BitTorrent\bittorrent.exe"
O4 - HKCU\..\Run: [ctfmon.exe] E:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-21-1220945662-573735546-839522115-1003\..\Run: [bitTorrent] "E:\Arquivos de programas\BitTorrent\bittorrent.exe" (User '?')
O4 - HKUS\S-1-5-21-1220945662-573735546-839522115-1003\..\Run: [ctfmon.exe] E:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User '?')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - S-1-5-21-1220945662-573735546-839522115-1003 Startup: Ferramenta de Verificação de Mídia do Cyber-shot Viewer.lnk = E:\Arquivos de programas\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe (User '?')
O4 - Startup: Ferramenta de Verificação de Mídia do Cyber-shot Viewer.lnk = E:\Arquivos de programas\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://E:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Translate with &Babylon - res://E:\Arquivos de programas\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Translate.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - E:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - E:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - E:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - E:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - E:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - E:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Arquivos de programas\Messenger\msmsgs.exe
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - E:\Arquivos de programas\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1228502599578
O16 - DPF: {A1D886C6-4039-4451-97A9-515F5BE5D4C2} (mkdplusCtrl Class) - https://secwebclinic.ahnlab.com/asp/cab/mkdplus.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab57213.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flas...ent/swflash.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - E:\Arquivos de programas\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - e:\ARQUIV~1\mcafee\SITEAD~1\mcieplg.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - E:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - E:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - E:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - E:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Update Service (gupdate1c9a8d98cb40f30) (gupdate1c9a8d98cb40f30) - Google Inc. - E:\Arquivos de programas\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - E:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - E:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - E:\Arquivos de programas\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - E:\Arquivos de programas\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: NBService - Nero AG - E:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - E:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - E:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - E:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ServiceLayer - Nokia. - E:\Arquivos de programas\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - E:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe
--
End of file - 10970 bytes
Agradeço desde ja...
Carregando comentários...