deem uma olhada

kuroi · Dezembro 15, 2007

baxou aqui uma porrada de virus q o avast ficava acusando. quando eu tentava o control alt del, aparecia a mensagem falando q o gerenciador de tarefas tava desativado, e ficava aparcendo uma mensagem q dizia ser do windows pra eu proteger o pc contra spyware. e ele tb pos um mte de exe pra executar quando inicializar.

ai eu deletei todos os exes, dlls e alguns otros arquivos com a data da criação de hj e depois restaurei o sistema e parece q todos os problemas foram resolvidos, o pc ta funcionando normal e tb não inicializa mas nd de estranho.

mas queria por aqui o log do HijackThis pra ver se vocês conseguem perceber alguma coisa de errado q possa ter sobrado, tb porque apesar de estar tudo bem eu não sou o cara mais indicado pra fazer esse tipo de limpeza no pc.

vejam se vocês econtram qualquer coisa de estranho ai senao podem fechar o tópico. valeu.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:38:02, on 15/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe
C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Arquivos de programas\Nero\Nero 7\InCD\InCDsrv.exe
C:\WINDOWS\system32\nvsvc32.exe
c:\Arquivos de programas\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
c:\Programas\Wamp\mysql\bin\mysqld-nt.exe
C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe
C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe
C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe
C:\Arquivos de programas\Messenger\msmsgs.exe
C:\Arquivos de programas\Arquivos comuns\Ahead\lib\NMBgMonitor.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Arquivos de programas\eMule\emule.exe
C:\Arquivos de programas\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Punk\ScreenMates\MULTISP.EXE
C:\WINDOWS\System32\svchost.exe
C:\Programas\Wamp\wampmanager.exe
C:\Arquivos de programas\WorldCommunityGrid\UD.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Arquivos de programas\WorldCommunityGrid\ud_17956201.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Arquivos de programas\WorldCommunityGrid\ud_17956201_0.dir\WCGrid_AutoDock.exe
C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe
C:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://m.busca.uol.com.br/ie/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://plyrics.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://farejador.ig.com.br/ie/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://farejador.ig.com.br
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: CUOLSearchHook Object - {1FE8243E-0A3A-41B9-B9CE-EFFEE51974D3} - C:\Arquivos de programas\Arquivos comuns\uol\urlsearch\UOLSearchHook.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Arquivos de programas\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [avast!]C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [LXCCCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCCtime.dll,_RunDLLEntry@16
O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Arquivos de programas\Arquivos comuns\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [eMuleAutoStart] C:\Arquivos de programas\eMule\emule.exe -AutoStart
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: MULTISP.lnk = C:\Punk\ScreenMates\MULTISP.EXE
O4 - Startup: Speedy.lnk = ?
O4 - Startup: WampServer.lnk = C:\Programas\Wamp\wampmanager.exe
O4 - Startup: World Community Grid Agent.lnk = C:\Arquivos de programas\WorldCommunityGrid\UD.EXE
O4 - Global Startup: Acrobat Assistant.lnk = C:\Arquivos de programas\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{75A911B0-4E04-4FF4-8B24-74AEAD63DBA2}: NameServer = 85.255.116.121 85.255.112.69
O20 - AppInit_DLLs:
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Arquivos de programas\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: lxcc_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxcccoms.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: wampapache - Apache Software Foundation - c:\Programas\Wamp\apache2\bin\httpd.exe
O23 - Service: wampmysqld - Unknown owner - c:\Programas\Wamp\mysql\bin\mysqld-nt.exe
--
End of file - 7236 bytes

JackSSA · Dezembro 16, 2007

Clique em Iniciar -> Executar e digite msconfig -> Ok. Na guia Inicializar -> Marque todos os itens e confirme.

Reinicie e poste um novo Log do Hijackthis feito em Modo Normal.

kuroi · Dezembro 22, 2007

então, acontece q tem varias coisas desse msconfig q eu deschequei por conta propria. por exemplo, tinha uns negocios do nero e do realplayer q abriam na inicializacao q eu tirei.

e sempre q eu abria o msconfig e via alguma coisa nova q eu não sabia o q era, eu sempre deschecava.

mas tb dessa vez q eu disse q apaguei varios exes estranhos no meu pc, e tb umas outras vezes q apareceram uns virus aqui, apareciam varios itens de exes estranhos no msconfig e eu sempre deschequei a opcao e depois fui la e apaguei o exe.

agora eu chequei de volta as opcoes, mas todos os caminhos desses exes são invalidos, pois os exes não existem mais (entre eles esta por exemplo, o flash.exe q aparece no log abaixo).

mas de qualquer modo, tudo q era referente a esses virus e tb todos os itens incomuns q eu não sei o q são q eu havia deschecado, agora eu chequei de volta e eles tão no log ai embaixo.

outra coisa q ta acontecendo aqui é q, desde esse dia q baxou os virus aqui, o avast fica acusando o virus Win32:Agent-XXX onde XXX varia entre MEB, NJB, NGJ e OUH. não tenho certeza ainda, mas depois q chequei as opcoes do msconfig, acho q ele parou de acusar.

o log é esse, tem como tirar o win32agent?? valeu.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:39:37, on 22/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe
C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe
C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe
C:\ARQUIV~1\ASSIST~1\SMARTB~1\MotiveSB.exe
C:\Arquivos de programas\Messenger\msmsgs.exe
C:\Arquivos de programas\Arquivos comuns\Ahead\lib\NMBgMonitor.exe
C:\Arquivos de programas\eMule\emule.exe
C:\Arquivos de programas\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Punk\ScreenMates\MULTISP.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\mdm.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Arquivos de programas\Nero\Nero 7\InCD\InCDsrv.exe
C:\WINDOWS\system32\nvsvc32.exe
c:\Arquivos de programas\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
c:\Programas\Wamp\apache2\bin\httpd.exe
c:\Programas\Wamp\mysql\bin\mysqld-nt.exe
C:\Programas\Wamp\apache2\bin\httpd.exe
C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe
C:\Programas\Wamp\wampmanager.exe
C:\Arquivos de programas\WorldCommunityGrid\UD.EXE
C:\Arquivos de programas\WorldCommunityGrid\ud_17956201.exe
C:\WINDOWS\System32\svchost.exe
C:\Arquivos de programas\WorldCommunityGrid\ud_17956201_0.dir\WCGrid_AutoDock.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Arquivos de programas\Mozilla Firefox\firefox.exe
C:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\svchost.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://m.busca.uol.com.br/ie/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://plyrics.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://farejador.ig.com.br/ie/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://farejador.ig.com.br
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: CUOLSearchHook Object - {1FE8243E-0A3A-41B9-B9CE-EFFEE51974D3} - C:\Arquivos de programas\Arquivos comuns\uol\urlsearch\UOLSearchHook.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Arquivos de programas\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [avast!]C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [LXCCCATS] rundll32 C:\WINDOWS\system32\spool\DRIVERS\W32X86\3\LXCCtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Motive SmartBridge] "C:\ARQUIV~1\ASSIST~1\SMARTB~1\MotiveSB.exe" /restart
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: C:\Arquivos de programas\Flash.exe
O4 - HKLM\..\Run: [ControlPanel] C:\WINDOWS\system32\private.exe internat.dll,LoadMouseCarpetProfile
O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Arquivos de programas\Arquivos comuns\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [eMuleAutoStart] C:\Arquivos de programas\eMule\emule.exe -AutoStart
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: MULTISP.lnk = C:\Punk\ScreenMates\MULTISP.EXE
O4 - Startup: Speedy.lnk = ?
O4 - Startup: WampServer.lnk = C:\Programas\Wamp\wampmanager.exe
O4 - Startup: World Community Grid Agent.lnk = C:\Arquivos de programas\WorldCommunityGrid\UD.EXE
O4 - Global Startup: Acrobat Assistant.lnk = C:\Arquivos de programas\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{75A911B0-4E04-4FF4-8B24-74AEAD63DBA2}: NameServer = 200.204.0.10 200.204.0.138
O20 - AppInit_DLLs:
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Arquivos de programas\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: lxcc_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxcccoms.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: wampapache - Apache Software Foundation - c:\Programas\Wamp\apache2\bin\httpd.exe
O23 - Service: wampmysqld - Unknown owner - c:\Programas\Wamp\mysql\bin\mysqld-nt.exe
--
End of file - 7249 bytes

Editado Dezembro 22, 2007 por kuroi

JackSSA · Dezembro 22, 2007

Baixe o ComboFix e salve no desktop.

Feche todas as janelas e programas.

Dê um duplo-clique no combofix.exe e tecle "1" em seguida Enter para prosseguir o Fix. Vai durar uma média de 10 minutos.

O ComboFix reiniciará o PC automaticamente para completar o processo de remoção.

Quando acabar, será gerado um log, que vai estar em C:\ComboFix.txt.

Atenção:

Não clique na Janela do ComboFix, nem o feche clicando no X, enquanto estiver rodando, pois senão irá parar e seu desktop ficará em branco.

Para parar ou sair do ComboFix, tecle "2" e Enter.

Depois gere um novo log com o HijackThis e poste, juntamente com o ComboFix.txt.

kuroi · Dezembro 22, 2007

JackSSA · Dezembro 23, 2007

Acesse este site: http://www.virustotal.com/pt/

Em Enviar arquivo coloque: C:\WINDOWS\system32\dllcache\_install.exe

Em seguida clique em Enviar arquivo

Copie e poste o resultado deste exame.

Repita o procedimento acima e realize a verificação para os arquivos abaixo:

C:\WINDOWS\system32\_install.exe

C:\WINDOWS\_install.exe

kuroi · Dezembro 24, 2007

então, jackssa, esses arquivos _install.exe comecaram a aparecer depois q eu chequei os itens do msconfig como você falou. ele aparecia em varias pastas random e eu apagava sempre q via.

esses q sobraram foram os q passaram despercebidos.

outra coisa q anda aconteceu hj aqui é q eu percebia q na janelinha da minha conexao speedy, o item bytes recebidos não parava de aumentar apesar de eu não estar abrindo nd (tb com o emule e os demais porgramas fechados) e q o firefox tava demorando pra abrir as paginas.

ai apertei control alt del e vi q tinha quase dez instancias do Internet Explorer abertas (apesar de a janela não aparecer pra mim) e sabe-se la o q elas tavam fazendo.

os resultados:

C:\WINDOWS\system32\dllcache\_install.exe

Arquivo _install.exe_ recebido em 2007.12.24 04:42:52 (CET)
Antivírus Versão Última Atualização Resultado
AhnLab-V3 2007.12.22.10 2007.12.21 -
AntiVir 7.6.0.46 2007.12.23 Worm/Zhelatin.nl
Authentium 4.93.8 2007.12.23 -
Avast 4.7.1098.0 2007.12.23 -
AVG 7.5.0.516 2007.12.23 I-Worm/Nuwar.H
BitDefender 7.2 2007.12.24 Trojan.Peed.IQW
CAT-QuickHeal 9.00 2007.12.22 (Suspicious) - DNAScan
ClamAV 0.91.2 2007.12.24 -
DrWeb 4.44.0.09170 2007.12.23 Trojan.Packed.255
eSafe 7.0.15.0 2007.12.23 Suspicious File
eTrust-Vet 31.3.5395 2007.12.21 Win32/Sintun.AT
Ewido 4.0 2007.12.23 -
FileAdvisor 1 2007.12.24 -
Fortinet 3.14.0.0 2007.12.24 W32/PackTibs.G
F-Prot 4.4.2.54 2007.12.23 -
F-Secure 6.70.13030.0 2007.12.24 Packed.Win32.Tibs.fc
Ikarus T3.1.1.15 2007.12.24 -
Kaspersky 7.0.0.125 2007.12.24 Packed.Win32.Tibs.fc
McAfee 5191 2007.12.21 Tibs-Packed
Microsoft 1.3109 2007.12.24 Trojan:Win32/Tibs.gen!ldr
NOD32v2 2744 2007.12.23 Win32/Nuwar.Gen
Norman 5.80.02 2007.12.21 -
Panda 9.0.0.4 2007.12.23 -
Prevx1 V2 2007.12.24 -
Rising 20.23.62.00 2007.12.23 -
Sophos 4.24.0 2007.12.24 -
Sunbelt 2.2.907.0 2007.12.21 -
Symantec 10 2007.12.24 Trojan.Peacomm.D
TheHacker 6.2.9.168 2007.12.22 -
VBA32 3.12.2.5 2007.12.22 -
VirusBuster 4.3.26:9 2007.12.23 Trojan.Tibs.Gen!Pac.A
Webwasher-Gateway 6.6.2 2007.12.24 Worm.Zhelatin.nl
Informações adicionais
File size: 135168 bytes
MD5: e820f6e17893425599fb45c20b672162
SHA1: aa2f6498c5272d80bd3dcd7203220ae68a350788
PEiD: -

C:\WINDOWS\system32\_install.exe

O arquivo já foi reanalisado:
MD5: e820f6e17893425599fb45c20b672162
Data 2007.12.24 04:46:40 (CET) [<1D]
Resultados 16/32
Permalink: resultado.html?f5abed5abc1a5b3be0aee8ddfa73f2cd

C:\WINDOWS\_install.exe

O arquivo já foi reanalisado:
MD5: e820f6e17893425599fb45c20b672162
Data 2007.12.24 04:46:40 (CET) [<1D]Resultados 16/32
Permalink: resultado.html?f5abed5abc1a5b3be0aee8ddfa73f2cd

EDITADO:

alias, fiz uma pesquisa aqui agora e vi q tem mais de 300 _install.exes no meu pc (quando a pesquisa chegou em 300 eu já cancelei mas devem ter bem mais).

JackSSA · Dezembro 24, 2007

Baixe o Pocket KillBox

Salve em uma pasta em C:\

Sugiro que imprima ou salve os procedimentos abaixo, e não use a internet até terminado o procedimento.

Abra o Bloco de Notas, copie estas linhas e salve.

C:\WINDOWS\system32\dllcache\_install.exe

C:\WINDOWS\system32\_install.exe

C:\WINDOWS\_install.exe

C:\WINDOWS\ntfyapp.config

C:\WINDOWS\ntfyapp.exe

C:\WINDOWS\inf\_install.exe

C:\WINDOWS\Help\Tours\mmTour\_install.exe

C:\Arquivos de programas\Flash.exe

C:\WINDOWS\system32\private.exe

Abra o KillBox e marque a função Delete on Reboot. Abra o Bloco de notas, selecione e copie as linhas salvas. No KillBox, clique em File, depois em Paste from Clipboard, Clique no botão All Files e clique no botão . Depois clique em Não.

Abra o Hijackthis, clique em Do scan a system only, marque as entradas abaixo e clique no botão

O4 - HKLM\..\Run: C:\Arquivos de programas\Flash.exe

O4 - HKLM\..\Run: [ControlPanel] C:\WINDOWS\system32\private.exe internat.dll,LoadMouseCarpetProfile

Reinicie. Siga novamente os procedimentos com o ComboFix conforme instruções acima e poste o novo resultado do ComboFix mais um novo Log do Hijackthis.

kuroi · Dezembro 24, 2007

JackSSA · Dezembro 26, 2007

Faça o download do SDFix:

http://linhadefensiva.uol.com.br/dl/sdfix

Salve-o em sua área de trabalho. Dê um duplo clique no SDFix.exe e a ferramenta será instalada em %SystemDrive%\SDFix (geralmente C:\SDFix)

Sugiro que imprima ou salve os procedimentos abaixo, e não use a internet até terminado o procedimento.

Reinicie em Modo de Segurança (Pressione intermitentemente F8 durante a inicialização, no menu que aparecer escolha através da seta de navegação, Modo Seguro).

Entre na pasta SDFix que foi instalada no seu computador e dê um duplo clique no arquivo RunThis.bat
Tecle Y para que a ferramenta inicie o processo de remoção
Quando tudo terminar, você verá um aviso dizendo para apertar qualquer tecla para continuar. Ao pressionar qualquer tecla, o computador será reiniciado automaticamente
Após reiniciar, a ferramenta ainda será executada novamente e irá terminar o seu trabalho e a palavra Finished irá aparecer. Pressione qualquer tecla.
Uma janela com o relatório do SDFix irá aparecer.
Copie e cole este relatório na sua resposta. Caso você tenha fechado a janela, uma cópia do relatório estará na pasta SDFix com o nome Report.txt

Reinicie e poste um novo Log do Hijackthis feito em Modo Normal.

kuroi · Dezembro 29, 2007

Report.txt

SDFix: Version 1.120
Run by Microsoft on 28/12/2007 at 22:25
Microsoft Windows XP [versão 5.1.2600]Running From: C:\ARQUIV~1\SDFix
Safe Mode:
Checking Services:
Name:
smtpdrv
Path:
System32\DRIVERS\smtpdrv.sys
smtpdrv - Deleted
Restoring Windows Registry Values
Restoring Windows Default Hosts File
Rebooting...
Normal Mode:
Checking Files:
Trojan Files Found:
C:\WINDOWS\SYSTEM32\DI.EXE - Deleted
C:\WINDOWS\system32\12.tmp - Deleted
C:\WINDOWS\system32\8_exception.nls - Deleted
Folder C:\Documents and Settings\All Users\Documentos\Settings - Removed
Removing Temp Files...
ADS Check:
C:\WINDOWS
No streams found.
C:\WINDOWS\system32
No streams found.
C:\WINDOWS\system32\svchost.exe
No streams found.

C:\WINDOWS\system32\ntoskrnl.exe
No streams found.

Final Check:
catchme 0.3.1333.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-28 22:37:02
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
scanning hidden registry entries ...
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher]
"TracesProcessed"=dword:00000095
"TracesSuccessful"=dword:00000004
scanning hidden files ...
C:\Documents and Settings\Microsoft\Configurações locais\Dados de aplicativos\Microsoft\Messenger\marina_rocknroll@hotmail.com\SharingMetadata\neusa.elisa@hotmail.com\DFSR\Staging\CS{938592E1-5BCB-D1DB-67E8-872C90944AE8}1\10-{938592E1-5BCB-D1DB-67E8-872C90944AE8}-v1-{602DD50B-D78C-4037-A001-8A3CCD065A60}-v10-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 8 bytes hidden from API
C:\Documents and Settings\Microsoft\Configurações locais\Dados de aplicativos\Microsoft\Messenger\rafaelsposito[a]hotmail.com\SharingMetadata\irieikuystrife@hotmail.com\DFSR\Staging\CS{E4BE93E8-0148-5DCD-E544-F5DF5C0031FB}1\10-{E4BE93E8-0148-5DCD-E544-F5DF5C0031FB}-v1-{F86EDD04-3BAC-4324-9DBF-1549541B281B}-v10-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 8 bytes hidden from API
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 2
Remaining Services:
------------------
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
Remaining Files:
---------------
File Backups: - C:\ARQUIV~1\SDFix\backups\backups.zip
Files with Hidden Attributes:
Sun 4 Jun 2006 4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Tue 21 Feb 2006 515,392 A..H. --- "C:\Punk\S‚rgio\Atas\Atas.zip"
Sun 4 Jun 2006 4,348 ...H. --- "C:\Documents and Settings\Microsoft\Meus documentos\Minhas m£sicas\Backup de Licen‡a\drmv1key.bak"
Sun 4 Jun 2006 20 A..H. --- "C:\Documents and Settings\Microsoft\Meus documentos\Minhas m£sicas\Backup de Licen‡a\drmv1lic.bak"
Sun 22 Jan 2006 312 A.SH. --- "C:\Documents and Settings\Microsoft\Meus documentos\Minhas m£sicas\Backup de Licen‡a\drmv2key.bak"
Sun 12 Aug 2007 59,904 A..H. --- "C:\Documents and Settings\Microsoft\Meus documentos\NEUSA\Neusa\Artigos Eventos\~WRL0002.tmp"
Sun 12 Aug 2007 41,472 A..H. --- "C:\Documents and Settings\Microsoft\Meus documentos\NEUSA\Neusa\Artigos Eventos\~WRL1528.tmp"
Sun 12 Aug 2007 62,976 A..H. --- "C:\Documents and Settings\Microsoft\Meus documentos\NEUSA\Neusa\Artigos Eventos\~WRL3821.tmp"
Tue 20 Mar 2001 28,160 A..H. --- "C:\Documents and Settings\Microsoft\Meus documentos\NEUSA\Neusa\CURRICULOS\~WRL0184.tmp"
Fri 5 Jan 2001 27,648 A..H. --- "C:\Documents and Settings\Microsoft\Meus documentos\NEUSA\Neusa\CURRICULOS\~WRL0953.tmp"
Tue 6 Mar 2001 19,456 A..H. --- "C:\Documents and Settings\Microsoft\Meus documentos\NEUSA\Neusa\CURRICULOS\~WRL1731.tmp"
Thu 11 Aug 2005 19,456 A..H. --- "C:\Documents and Settings\Microsoft\Meus documentos\NEUSA\Neusa\CURRICULOS\~WRL2933.tmp"
Mon 8 Sep 1997 10,752 A..H. --- "C:\Documents and Settings\Microsoft\Meus documentos\NEUSA\Neusa\LEIS DA EDUCA€ÇO\~WRL0238.tmp"
Sat 18 Mar 2000 139,776 A..H. --- "C:\Documents and Settings\Microsoft\Meus documentos\NEUSA\Neusa\MESTRADO\~WRL0912.tmp"
Sat 18 Mar 2000 137,216 A..H. --- "C:\Documents and Settings\Microsoft\Meus documentos\NEUSA\Neusa\MESTRADO\~WRL2112.tmp"
Sun 4 May 2003 33,792 A..H. --- "C:\Documents and Settings\Microsoft\Meus documentos\NEUSA\Neusa\PEDAGOGIA CIDADÇ\~WRL0001.tmp"
Tue 13 May 2003 33,792 A..H. --- "C:\Documents and Settings\Microsoft\Meus documentos\NEUSA\Neusa\PEDAGOGIA CIDADÇ\~WRL0003.tmp"
Wed 9 Nov 2005 44,032 A..H. --- "C:\Documents and Settings\Microsoft\Meus documentos\NEUSA\Neusa\CURRICULOS\CURRICULO ATUALIZADO\~WRL0913.tmp"
Wed 9 Nov 2005 42,496 A..H. --- "C:\Documents and Settings\Microsoft\Meus documentos\NEUSA\Neusa\CURRICULOS\CURRICULO ATUALIZADO\~WRL1499.tmp"
Wed 9 Nov 2005 42,496 A..H. --- "C:\Documents and Settings\Microsoft\Meus documentos\NEUSA\Neusa\CURRICULOS\CURRICULO ATUALIZADO\~WRL1873.tmp"
Wed 9 Nov 2005 41,984 A..H. --- "C:\Documents and Settings\Microsoft\Meus documentos\NEUSA\Neusa\CURRICULOS\CURRICULO ATUALIZADO\~WRL3752.tmp"
Wed 9 Nov 2005 45,568 A..H. --- "C:\Documents and Settings\Microsoft\Meus documentos\NEUSA\Neusa\CURRICULOS\CURRICULO ATUALIZADO\~WRL3891.tmp"
Mon 8 Sep 1997 10,752 A..H. --- "C:\Documents and Settings\Microsoft\Meus documentos\NEUSA\Neusa\DOUTORADO UNESP\DIDµTICA DAS CIÒNCIAS\~WRL0001.tmp"
Thu 16 Jun 2005 29,184 A..H. --- "C:\Documents and Settings\Microsoft\Meus documentos\NEUSA\Neusa\DOUTORADO UNESP\DIDµTICA DAS CIÒNCIAS\~WRL0003.tmp"
Sun 14 Dec 2003 20,992 A..H. --- "C:\Documents and Settings\Microsoft\Meus documentos\NEUSA\Neusa\PEDAGOGIA CIDADÇ\AVALIA€åES\~WRL0001.tmp"
Sun 14 Dec 2003 26,112 A..H. --- "C:\Documents and Settings\Microsoft\Meus documentos\NEUSA\Neusa\PEDAGOGIA CIDADÇ\AVALIA€åES\~WRL0004.tmp"
Thu 14 Dec 2006 24,576 A..H. --- "C:\Documents and Settings\Microsoft\Meus documentos\NEUSA\Neusa\2006 PESQUISA DOUTORADO 9.5.07\A TESE\1.INTRODU€AO\~WRL0072.tmp"
Thu 14 Dec 2006 24,064 A..H. --- "C:\Documents and Settings\Microsoft\Meus documentos\NEUSA\Neusa\2006 PESQUISA DOUTORADO 9.5.07\A TESE\1.INTRODU€AO\~WRL1189.tmp"
Wed 13 Dec 2006 21,504 A..H. --- "C:\Documents and Settings\Microsoft\Meus documentos\NEUSA\Neusa\2006 PESQUISA DOUTORADO 9.5.07\A TESE\1.INTRODU€AO\~WRL1549.tmp"
Thu 14 Dec 2006 27,648 A..H. --- "C:\Documents and Settings\Microsoft\Meus documentos\NEUSA\Neusa\2006 PESQUISA DOUTORADO 9.5.07\A TESE\1.INTRODU€AO\~WRL1770.tmp"
Thu 14 Dec 2006 24,064 A..H. --- "C:\Documents and Settings\Microsoft\Meus documentos\NEUSA\Neusa\2006 PESQUISA DOUTORADO 9.5.07\A TESE\1.INTRODU€AO\~WRL2650.tmp"
Thu 14 Dec 2006 25,600 A..H. --- "C:\Documents and Settings\Microsoft\Meus documentos\NEUSA\Neusa\2006 PESQUISA DOUTORADO 9.5.07\A TESE\1.INTRODU€AO\~WRL3145.tmp"
Thu 14 Dec 2006 27,136 A..H. --- "C:\Documents and Settings\Microsoft\Meus documentos\NEUSA\Neusa\2006 PESQUISA DOUTORADO 9.5.07\A TESE\1.INTRODU€AO\~WRL3354.tmp"
Sun 9 Sep 2001 122,880 A..H. --- "C:\Documents and Settings\Microsoft\Meus documentos\NEUSA\Neusa\AULAS\BIOLOGIA\BIOLOGIA SEXUALIDADE\~WRL3937.tmp"
Mon 8 Sep 1997 10,752 A..H. --- "C:\Documents and Settings\Microsoft\Meus documentos\NEUSA\Neusa\AULAS\EDUCA€ÇO AMBIENTAL\VÖDEOS SMA GOV EST SP\~WRL3199.tmp"
Fri 4 May 2001 160,768 A..H. --- "C:\Documents and Settings\Microsoft\Meus documentos\NEUSA\Neusa\DIVERSOS\DISSERTA€ÇO\DISSERTA€ÇO RESULTADOS DISC 1\~WRL0961.tmp"
Wed 9 May 2001 167,424 A..H. --- "C:\Documents and Settings\Microsoft\Meus documentos\NEUSA\Neusa\DIVERSOS\DISSERTA€ÇO\DISSERTA€ÇO RESULTADOS DISC 1\~WRL1031.tmp"
Wed 9 May 2001 1,589,760 A..H. --- "C:\Documents and Settings\Microsoft\Meus documentos\NEUSA\Neusa\DIVERSOS\DISSERTA€ÇO\DISSERTA€ÇO RESULTADOS DISC 1\~WRL2024.tmp"
Mon 6 Nov 2000 5,961,728 A..H. --- "C:\Documents and Settings\Microsoft\Meus documentos\NEUSA\Neusa\DIVERSOS\DISSERTA€ÇO\DISSERTA€ÇO RESULT DISC 2\~WRL0572.tmp"
Mon 8 Jan 2001 19,456 A..H. --- "C:\Documents and Settings\Microsoft\Meus documentos\NEUSA\Neusa\DIVERSOS\DISSERTA€ÇO\DISSERTA€ÇO RESULT DISC 2\~WRL0992.tmp"
Tue 23 Jan 2001 987,136 A..H. --- "C:\Documents and Settings\Microsoft\Meus documentos\NEUSA\Neusa\DIVERSOS\DISSERTA€ÇO\DISSERTA€ÇO RESULT DISC 2\~WRL2067.tmp"
Sun 11 Feb 2001 141,312 A..H. --- "C:\Documents and Settings\Microsoft\Meus documentos\NEUSA\Neusa\DIVERSOS\DISSERTA€ÇO\DISSERTA€ÇO RESULT DISC 2\~WRL2161.tmp"
Sun 18 Feb 2001 335,360 A..H. --- "C:\Documents and Settings\Microsoft\Meus documentos\NEUSA\Neusa\DIVERSOS\DISSERTA€ÇO\DISSERTA€ÇO RESULT DISC 2\~WRL2265.tmp"
Mon 8 Jan 2001 20,480 A..H. --- "C:\Documents and Settings\Microsoft\Meus documentos\NEUSA\Neusa\DIVERSOS\DISSERTA€ÇO\DISSERTA€ÇO RESULT DISC 2\~WRL2855.tmp"
Sun 11 Feb 2001 140,288 A..H. --- "C:\Documents and Settings\Microsoft\Meus documentos\NEUSA\Neusa\DIVERSOS\DISSERTA€ÇO\DISSERTA€ÇO RESULT DISC 2\~WRL3345.tmp"
Tue 12 Dec 2000 267,776 A..H. --- "C:\Documents and Settings\Microsoft\Meus documentos\NEUSA\Neusa\DIVERSOS\DISSERTA€ÇO\DISSERTA€ÇO RESULT DISC 2\~WRL3649.tmp"
Sun 5 Jan 2003 216,064 A..H. --- "C:\Documents and Settings\Microsoft\Meus documentos\NEUSA\Neusa\PROJETOS OFICINAS ARTIGOS\ARTIGOS\ARTIGO REVISTA\~WRL2283.tmp"
Mon 8 Sep 1997 10,752 A..H. --- "C:\Documents and Settings\Microsoft\Meus documentos\NEUSA\Neusa\2006 PESQUISA DOUTORADO 9.5.07\A TESE\3. EIXO 2. Contexto\1. Aulas\1.Relat¢rios dos alunos AULAS\RELATàRIO DE AULA PARCIAL\~WRL0003.tmp"
Finished!

hijackthis.log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:54:37, on 28/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe
C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe
C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe
C:\Arquivos de programas\Messenger\msmsgs.exe
C:\Arquivos de programas\Arquivos comuns\Ahead\lib\NMBgMonitor.exe
C:\Arquivos de programas\eMule\emule.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Arquivos de programas\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Punk\ScreenMates\MULTISP.EXE
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Arquivos de programas\Nero\Nero 7\InCD\InCDsrv.exe
C:\WINDOWS\system32\nvsvc32.exe
c:\Arquivos de programas\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
c:\Programas\Wamp\apache2\bin\httpd.exe
c:\Programas\Wamp\mysql\bin\mysqld-nt.exe
C:\Programas\Wamp\apache2\bin\httpd.exe
C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe
C:\Programas\Wamp\wampmanager.exe
C:\Arquivos de programas\WorldCommunityGrid\UD.EXE
C:\Arquivos de programas\WorldCommunityGrid\ud_17956201.exe
C:\Arquivos de programas\WorldCommunityGrid\ud_17956201_0.dir\WCGrid_AutoDock.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\svchost.exe
C:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://plyrics.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://farejador.ig.com.br/ie/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://farejador.ig.com.br
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: CUOLSearchHook Object - {1FE8243E-0A3A-41B9-B9CE-EFFEE51974D3} - C:\Arquivos de programas\Arquivos comuns\uol\urlsearch\UOLSearchHook.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\ARQUIV~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Arquivos de programas\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\ARQUIV~1\MEGAUP~1\MEGAUP~1.DLL
O4 - HKLM\..\Run: [avast!]C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [LXCCCATS] rundll32 C:\WINDOWS\system32\spool\DRIVERS\W32X86\3\LXCCtime.dll,_RunDLLEntry@16
O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Arquivos de programas\Arquivos comuns\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [eMuleAutoStart] C:\Arquivos de programas\eMule\emule.exe -AutoStart
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: MULTISP.lnk = C:\Punk\ScreenMates\MULTISP.EXE
O4 - Startup: Speedy.lnk = ?
O4 - Startup: WampServer.lnk = C:\Programas\Wamp\wampmanager.exe
O4 - Startup: World Community Grid Agent.lnk = C:\Arquivos de programas\WorldCommunityGrid\UD.EXE
O4 - Global Startup: Acrobat Assistant.lnk = C:\Arquivos de programas\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{75A911B0-4E04-4FF4-8B24-74AEAD63DBA2}: NameServer = 200.204.0.10 200.204.0.138
O20 - AppInit_DLLs:
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Arquivos de programas\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: lxcc_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxcccoms.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: wampapache - Apache Software Foundation - c:\Programas\Wamp\apache2\bin\httpd.exe
O23 - Service: wampmysqld - Unknown owner - c:\Programas\Wamp\mysql\bin\mysqld-nt.exe
--
End of file - 6946 bytes

JackSSA · Dezembro 29, 2007

Baixe o ATF Cleaner e Salve no seu Desktop.

Reinicie em Modo de Segurança (Pressione intermitentemente F8 durante a inicialização, no menu que aparecer escolha através da seta de navegação, Modo Seguro).

Dê dois cliques no ATF-Cleaner.exe para executar a Ferramenta

Marque “Select All”

Clique em Empty Selected. Aparecerá uma janela "Done Cleaning" clique OK e exit.

Reinicie.

Clique em Iniciar -> Configurações -> Painel de Controle -> Abra o item Sistema.

Clique na guia Restauração do Sistema -> Marque Desativar restauração do sistemas em todas as unidades -> Em seguida clique em Aplicar. Após aplicado, desmarque a caixa Desativar restauração do sistemas em todas as unidades e clique novamente em Aplicar depois Ok.

Faça um scan on line na Kaspersky

*Acesse o site, clique em .

Na próxima página, clique em I Accept para instalar o controle activeX e em seguida atualize o banco de dados.

Na próxima página, clique em My Computer e faça o scan.

Tenha paciência. Tanto para atualizar a base de dados, quanto para o próprio exame, demora bastante.

Salve e poste o resultado.

kuroi · Janeiro 7, 2008

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Sunday, January 06, 2008 10:33:49 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 6/01/2008
Kaspersky Anti-Virus database records: 503156
-------------------------------------------------------------------------------
Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true
Scan Target - My Computer:
A:\
C:\
D:\
Scan Statistics:
Total number of scanned objects: 144198
Number of viruses found: 20
Number of infected objects: 671
Number of suspicious objects: 0
Duration of the scan process: 05:41:58
Infected Object Name / Virus Name / Last Action
C:\!KillBox\167540.exe/WISE0017.BIN Infected: not-a-virus:AdWare.Win32.NewDotNet skipped
C:\!KillBox\167540.exe/WISE0019.BIN Infected: not-a-virus:AdTool.Win32.WhenU.a skipped
C:\!KillBox\167540.exe/WISE0024.BIN Infected: not-a-virus:AdWare.Win32.Relevant.a skipped
C:\!KillBox\167540.exe WiseSFX: infected - 3 skipped
C:\!KillBox\167540.exe WiseSFXDropper: infected - 3 skipped
C:\!KillBox\167540.exe( 3)/WISE0017.BIN Infected: not-a-virus:AdWare.Win32.NewDotNet skipped
C:\!KillBox\167540.exe( 3)/WISE0019.BIN Infected: not-a-virus:AdTool.Win32.WhenU.a skipped
C:\!KillBox\167540.exe( 3)/WISE0024.BIN Infected: not-a-virus:AdWare.Win32.Relevant.a skipped
C:\!KillBox\167540.exe( 3) WiseSFX: infected - 3 skipped
C:\!KillBox\167540.exe( 3) WiseSFXDropper: infected - 3 skipped
C:\!KillBox\akira98_tt.exe/WISE0017.BIN Infected: Trojan-Downloader.Win32.Small.bke skipped
C:\!KillBox\akira98_tt.exe/WISE0018.BIN Infected: not-a-virus:AdWare.Win32.NewDotNet skipped
C:\!KillBox\akira98_tt.exe WiseSFX: infected - 2 skipped
C:\!KillBox\akira98_tt.exe WiseSFXDropper: infected - 2 skipped
C:\!KillBox\akira98_tt.exe( 2)/WISE0017.BIN Infected: Trojan-Downloader.Win32.Small.bke skipped
C:\!KillBox\akira98_tt.exe( 2)/WISE0018.BIN Infected: not-a-virus:AdWare.Win32.NewDotNet skipped
C:\!KillBox\akira98_tt.exe( 2) WiseSFX: infected - 2 skipped
C:\!KillBox\akira98_tt.exe( 2) WiseSFXDropper: infected - 2 skipped
C:\!KillBox\hyjco.exe Infected: Trojan.Win32.DNSChanger.hd skipped
C:\!KillBox\hyjco.exe( 1) Infected: Trojan.Win32.DNSChanger.hd skipped
C:\!KillBox\ntfyapp.exe Infected: Packed.Win32.Tibs.fc skipped
C:\!KillBox\ntfyapp.exe( 3) Infected: Packed.Win32.Tibs.fc skipped
C:\!KillBox\RevelationV2.exe/WISE0012.BIN Infected: not-a-virus:PSWTool.Win32.SnadBoy.2011 skipped
C:\!KillBox\RevelationV2.exe/WISE0013.BIN Infected: not-a-virus:PSWTool.Win32.SnadBoy.2011 skipped
C:\!KillBox\RevelationV2.exe WiseSFX: infected - 2 skipped
C:\!KillBox\RevelationV2.zip/SetupRevelationV2.exe/WISE0012.BIN Infected: not-a-virus:PSWTool.Win32.SnadBoy.2011 skipped
C:\!KillBox\RevelationV2.zip/SetupRevelationV2.exe/WISE0013.BIN Infected: not-a-virus:PSWTool.Win32.SnadBoy.2011 skipped
C:\!KillBox\RevelationV2.zip/SetupRevelationV2.exe Infected: not-a-virus:PSWTool.Win32.SnadBoy.2011 skipped
C:\!KillBox\RevelationV2.zip ZIP: infected - 3 skipped
C:\!KillBox\RevelationV2.zip( 4)/SetupRevelationV2.exe/WISE0012.BIN Infected: not-a-virus:PSWTool.Win32.SnadBoy.2011 skipped
C:\!KillBox\RevelationV2.zip( 4)/SetupRevelationV2.exe/WISE0013.BIN Infected: not-a-virus:PSWTool.Win32.SnadBoy.2011 skipped
C:\!KillBox\RevelationV2.zip( 4)/SetupRevelationV2.exe Infected: not-a-virus:PSWTool.Win32.SnadBoy.2011 skipped
C:\!KillBox\RevelationV2.zip( 4) ZIP: infected - 3 skipped
C:\!KillBox\winmds.exe Infected: Trojan.Win32.Dialer.tn skipped
C:\!KillBox\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\!KillBox\_install.exe( 1) Infected: Packed.Win32.Tibs.fc skipped
C:\!KillBox\_install.exe( 2) Infected: Packed.Win32.Tibs.fc skipped
C:\!KillBox\_install.exe( 3) Infected: Packed.Win32.Tibs.fc skipped
C:\!KillBox\_install.exe( 4) Infected: Packed.Win32.Tibs.fc skipped
C:\!KillBox\_install.exe( 5) Infected: Packed.Win32.Tibs.fc skipped
C:\!KillBox\_install.exe( 6) Infected: Packed.Win32.Tibs.fc skipped
C:\Arquivos de programas\Abbyy FineReader 6.0 Sprint\Scan\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\Arquivos de programas\Abbyy FineReader 6.0 Sprint\Support\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\Arquivos de programas\Abbyy FineReader 6.0 Sprint\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\Arquivos de programas\ACASystems\ACARecorder203\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\Arquivos de programas\Adobe\Acrobat 5.0\Distillr\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\Updater\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\Arquivos de programas\Adobe\Acrobat 7.0\Setup Files\RdrBig709\ENU\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\Arquivos de programas\Adobe\PageMaker 7.0\Converter for MSP_QXP\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\Arquivos de programas\Adobe\PageMaker 7.0\EXTRAS\Converter for Publisher 95-97\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\Arquivos de programas\Adobe\PageMaker 7.0\EXTRAS\XPlatConv\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\Arquivos de programas\Adobe\PageMaker 7.0\TABLE30\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\Arquivos de programas\Adobe\PageMaker 7.0\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\Arquivos de programas\Adobe\Photoshop 7.0\Required\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\Arquivos de programas\Adobe\Photoshop 7.0\Samples\Droplets\ImageReady Droplets\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\Arquivos de programas\Adobe\Photoshop 7.0\Samples\Droplets\Photoshop Droplets\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\Arquivos de programas\Adobe\Photoshop 7.0\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\Arquivos de programas\Alwil Software\Avast4\DATA\aswResp.dat Object is locked skipped
C:\Arquivos de programas\Alwil Software\Avast4\DATA\Avast4.db Object is locked skipped
C:\Arquivos de programas\Alwil Software\Avast4\DATA\integ\avast.int Object is locked skipped
C:\Arquivos de programas\Alwil Software\Avast4\DATA\log\AshWebSv.ws Object is locked skipped
C:\Arquivos de programas\Alwil Software\Avast4\DATA\log\nshield.log Object is locked skipped
C:\Arquivos de programas\Alwil Software\Avast4\DATA\report\Proteção residente.txt Object is locked skipped
C:\Arquivos de programas\Alwil Software\Avast4\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\Arquivos de programas\Arquivos comuns\Adobe\Web\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\Arquivos de programas\Arquivos comuns\Adobe\Workflow\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\Arquivos de programas\Arquivos comuns\Ahead\Nero Web\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\Arquivos de programas\Arquivos comuns\Ahead\RemoteControl\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\Arquivos de programas\Arquivos comuns\Business Objects\2.7\Bin\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\7\Intel 32\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\9\Intel 32\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\Arquivos de programas\Arquivos comuns\InstallShield\Engine\6\Intel 32\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\Arquivos de programas\Arquivos comuns\InstallShield\Professional\RunTime91\Intel32\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\Arquivos de programas\Arquivos comuns\Java\Update\Base Images\jre1.5.0.b64\patch-jre1.5.0_06.b05\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\Arquivos de programas\Arquivos comuns\Merge Modules\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\CoreCon\1.0\Target\wce400\armv4\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\CoreCon\1.0\Target\wce400\armv4i\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\CoreCon\1.0\Target\wce400\mipsii\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\CoreCon\1.0\Target\wce400\mipsii_fp\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\CoreCon\1.0\Target\wce400\mipsiv\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\CoreCon\1.0\Target\wce400\mipsiv_fp\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\CoreCon\1.0\Target\wce400\sh4\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\CoreCon\1.0\Target\wce400\x86\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Help 8\Microsoft Document Explorer 2005\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Help 8\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\MSEnv\en\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\MSEnv\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\MSInfo\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Smart Tag\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Speech\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VSA\8.0\VsaEnv\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\web server extensions\40\admcgi\scripts\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\web server extensions\40\bin\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\web server extensions\40\isapi\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\web server extensions\40\_vti_bin\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\web server extensions\40\_vti_bin\_vti_adm\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\web server extensions\40\_vti_bin\_vti_aut\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\Arquivos de programas\Arquivos comuns\Real\GToolbar\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\Arquivos de programas\ASCII\TOOLS\MM122\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\Arquivos de programas\BitTorrent\bak\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\Arquivos de programas\BitTorrent\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\Arquivos de programas\Bobyte\AviTricks Classic\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\Arquivos de programas\CE Remote Tools\5.01\bin\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\Arquivos de programas\CE Remote Tools\5.01\target\wce500\armV4\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\Arquivos de programas\CE Remote Tools\5.01\target\wce500\armV4i\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\Arquivos de programas\CE Remote Tools\5.01\target\wce500\armV4t\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\Arquivos de programas\CE Remote Tools\5.01\target\wce500\mips16\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\Arquivos de programas\CE Remote Tools\5.01\target\wce500\mipsII\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\Arquivos de programas\CE Remote Tools\5.01\target\wce500\mipsII_fp\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\Arquivos de programas\CE Remote Tools\5.01\target\wce500\mipsIV\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\Arquivos de programas\CE Remote Tools\5.01\target\wce500\mipsIV_fp\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\Arquivos de programas\CE Remote Tools\5.01\target\wce500\sh4\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\Arquivos de programas\CE Remote Tools\5.01\target\wce500\x86\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\Arquivos de programas\CyberLink\Common\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\Arquivos de programas\CyberLink\PowerDVD\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\Arquivos de programas\Dicionário UOL\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\Arquivos de programas\Discador itelefonica\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\Arquivos de programas\Discador UOL 10.0 Light\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\Arquivos de programas\DVD Shrink\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\Arquivos de programas\EditPlus 2\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\Arquivos de programas\eMule\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\Arquivos de programas\Enigma Software Group\SpyHunter\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\Arquivos de programas\FLVPlayer\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\Arquivos de programas\Google\Google Talk\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\Arquivos de programas\Grisoft\AVG Free\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\Arquivos de programas\Guitar Pro 5\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\Arquivos de programas\HTML Help Workshop\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\Arquivos de programas\iGv6\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\Arquivos de programas\Inno Setup 5\Examples\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\Arquivos de programas\Inno Setup 5\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\Arquivos de programas\Input32X Edit Control\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\Arquivos de programas\InstallShield Installation Information\{3BE480ED-E17A-431A-981C-5C2EDDBCD3BF}\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\Arquivos de programas\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\Arquivos de programas\InstallShield Installation Information\{8B4AB829-DFD3-436D-B808-D9733D76C590}\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\Arquivos de programas\InstallShield Installation Information\{930B2432-43D4-11D5-9871-00C04F8EEB39}\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\Arquivos de programas\InstallShield Installation Information\{A5BA14E0-7384-11D4-BAE7-00409631A2C8}\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\Arquivos de programas\Internet Explorer\Connection Wizard\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\Arquivos de programas\Internet Explorer\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\Arquivos de programas\ISTool\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\Arquivos de programas\Java\jre1.5.0_06\bin\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\Arquivos de programas\K-Lite Codec Pack\gspot\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\Arquivos de programas\K-Lite Codec Pack\lame\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\Arquivos de programas\K-Lite Codec Pack\Media Player Classic\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\Arquivos de programas\K-Lite Codec Pack\tools\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\Arquivos de programas\K-Lite Codec Pack\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\Arquivos de programas\Kazaa Lite K++\Kazupernodes\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\Arquivos de programas\Kazaa Lite K++\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\Arquivos de programas\Lavalys\EVEREST Home Edition\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\Arquivos de programas\Lexmark 3300 Series\Drivers\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\Arquivos de programas\Lexmark 3300 Series\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\Arquivos de programas\Lexmark Fax Solutions\Install\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\Arquivos de programas\Lexmark Fax Solutions\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\Arquivos de programas\Lexmark_3300 Series\Install\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\Arquivos de programas\LimeWire\.NetworkShare\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\Arquivos de programas\LimeWire\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\Arquivos de programas\Macromedia\Dreamweaver MX\JVM\bin\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\Arquivos de programas\Macromedia\Dreamweaver MX\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\Arquivos de programas\Macromedia\Extension Manager\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\Arquivos de programas\Macromedia\Fireworks MX\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\Arquivos de programas\Macromedia\Flash MX\Players\Debug\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\Arquivos de programas\Macromedia\Flash MX\Players\Release\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\Arquivos de programas\Macromedia\Flash MX\Players\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\Arquivos de programas\Macromedia\Flash MX\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\Arquivos de programas\MapInfo MapX\Program\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\Arquivos de programas\Messenger\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\Arquivos de programas\Messenger Plus! Live\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\Arquivos de programas\Microsoft Device Emulator\1.0\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\Arquivos de programas\microsoft frontpage\version3.0\bin\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\Arquivos de programas\Microsoft SQL Server\90\COM\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\Arquivos de programas\Microsoft SQL Server\90\Setup Bootstrap\BPA\bin\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\Arquivos de programas\Microsoft SQL Server\90\Setup Bootstrap\BPA\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\Arquivos de programas\Microsoft SQL Server\90\Setup Bootstrap\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\Arquivos de programas\Microsoft SQL Server\90\Shared\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\Arquivos de programas\Microsoft SQL Server\90\Tools\Binn\VSShell\Common7\IDE\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\Arquivos de programas\Microsoft SQL Server\90\Tools\Binn\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\Arquivos de programas\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\Arquivos de programas\Microsoft SQL Server\MSSQL.1\MSSQL\Data\master.mdf Object is locked skipped
C:\Arquivos de programas\Microsoft SQL Server\MSSQL.1\MSSQL\Data\mastlog.ldf Object is locked skipped
C:\Arquivos de programas\Microsoft SQL Server\MSSQL.1\MSSQL\Data\model.mdf Object is locked skipped
C:\Arquivos de programas\Microsoft SQL Server\MSSQL.1\MSSQL\Data\modellog.ldf Object is locked skipped
C:\Arquivos de programas\Microsoft SQL Server\MSSQL.1\MSSQL\Data\msdbdata.mdf Object is locked skipped
C:\Arquivos de programas\Microsoft SQL Server\MSSQL.1\MSSQL\Data\msdblog.ldf Object is locked skipped
C:\Arquivos de programas\Microsoft SQL Server\MSSQL.1\MSSQL\Data\tempdb.mdf Object is locked skipped
C:\Arquivos de programas\Microsoft SQL Server\MSSQL.1\MSSQL\Data\templog.ldf Object is locked skipped
C:\Arquivos de programas\Microsoft SQL Server\MSSQL.1\MSSQL\LOG\ERRORLOG Object is locked skipped
C:\Arquivos de programas\Microsoft SQL Server\MSSQL.1\MSSQL\LOG\log_1057.trc Object is locked skipped
C:\Arquivos de programas\Microsoft Visual Studio\Common\Tools\VS-Ent98\vmodeler\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\Arquivos de programas\Microsoft Visual Studio 8\Application\PreEmptive Solutions\Dotfuscator Community Edition\samples\output\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\Arquivos de programas\Microsoft Visual Studio 8\Application\PreEmptive Solutions\Dotfuscator Community Edition\samples\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\Arquivos de programas\Microsoft Visual Studio 8\Application\PreEmptive Solutions\Dotfuscator Community Edition\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\Arquivos de programas\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x64\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\Arquivos de programas\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\Arquivos de programas\Microsoft Visual Studio 8\Common7\IDE\Xml\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\Arquivos de programas\Microsoft Visual Studio 8\Common7\IDE\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\Arquivos de programas\Microsoft Visual Studio 8\Common7\Tools\Bin\winnt\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\Arquivos de programas\Microsoft Visual Studio 8\Common7\Tools\Bin\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\Arquivos de programas\Microsoft Visual Studio 8\Common7\Tools\Deployment\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\Arquivos de programas\Microsoft Visual Studio 8\Common7\Tools\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\Arquivos de programas\Microsoft Visual Studio 8\JavaLanguageConversionAssistant\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\Arquivos de programas\Microsoft Visual Studio 8\Microsoft Visual Studio 2005 Professional Edition - ENU\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\Arquivos de programas\Microsoft Visual Studio 8\SDK\v2.0\Bin\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\Arquivos de programas\Microsoft Visual Studio 8\SDK\v2.0\BootStrapper\Packages\dotnetfx\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\Arquivos de programas\Microsoft Visual Studio 8\SDK\v2.0\BootStrapper\Packages\InstMSI\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\Arquivos de programas\Microsoft Visual Studio 8\SDK\v2.0\BootStrapper\Packages\ReportViewer\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\Arquivos de programas\Microsoft Visual Studio 8\SDK\v2.0\BootStrapper\Packages\SqlExpress\en\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\Arquivos de programas\Microsoft Visual Studio 8\SDK\v2.0\BootStrapper\Packages\SqlExpress\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\Arquivos de programas\Microsoft Visual Studio 8\SDK\v2.0\BootStrapper\Packages\vcredist_x64\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\Arquivos de programas\Microsoft Visual Studio 8\SDK\v2.0\BootStrapper\Packages\vcredist_x86\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\Arquivos de programas\Microsoft Visual Studio 8\SDK\v2.0\BootStrapper\Packages\VJSharpRDP\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\Arquivos de programas\Microsoft Visual Studio 8\SDK\v2.0\BootStrapper\Packages\WindowsInstaller3_1\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\Arquivos de programas\Microsoft Visual Studio 8\SDK\v2.0\GuiDebug\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\Arquivos de programas\Microsoft Visual Studio 8\SDK\v2.0\Samples\Setup\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\Arquivos de programas\Microsoft Visual Studio 8\Setup\Microsoft Visual Studio 2005 Professional Edition - ENU\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\Arquivos de programas\Microsoft Visual Studio 8\SmartDevices\Debugger\target\wce400\armv4\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\Arquivos de programas\Microsoft Visual Studio 8\SmartDevices\Debugger\target\wce400\armv4i\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\Arquivos de programas\Microsoft Visual Studio 8\SmartDevices\Debugger\target\wce400\mipsii\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\Arquivos de programas\Microsoft Visual Studio 8\SmartDevices\Debugger\target\wce400\mipsiv\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\Arquivos de programas\Microsoft Visual Studio 8\SmartDevices\Debugger\target\wce400\sh4\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\Arquivos de programas\Microsoft Visual Studio 8\SmartDevices\Debugger\target\wce400\x86\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\Arquivos de programas\Microsoft Visual Studio 8\SmartDevices\Emulators\DeviceEmulator\armv4\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\Arquivos de programas\Microsoft Visual Studio 8\SmartDevices\Emulators\DeviceEmulator\armv4i\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\Arquivos de programas\Microsoft Visual Studio 8\SmartDevices\Emulators\DeviceEmulator\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\Arquivos de programas\Microsoft Visual Studio 8\SmartDevices\SDK\SDKTools\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\Arquivos de programas\Microsoft Visual Studio 8\SmartDevices\SDK\SQL Server\Mobile\v3.0\wce400\armv4\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\Arquivos de programas\Microsoft Visual Studio 8\SmartDevices\SDK\SQL Server\Mobile\v3.0\wce500\armv4i\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\Arquivos de programas\Microsoft Visual Studio 8\SmartDevices\SDK\SQL Server\Mobile\v3.0\wce500\mipsii\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\Arquivos de programas\Microsoft Visual Studio 8\SmartDevices\SDK\SQL Server\Mobile\v3.0\wce500\mipsii_fp\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\Arquivos de programas\Microsoft Visual Studio 8\SmartDevices\SDK\SQL Server\Mobile\v3.0\wce500\mipsiv\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\Arquivos de programas\Microsoft Visual Studio 8\SmartDevices\SDK\SQL Server\Mobile\v3.0\wce500\mipsiv_fp\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\Arquivos de programas\Microsoft Visual Studio 8\SmartDevices\SDK\SQL Server\Mobile\v3.0\wce500\sh4\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\Arquivos de programas\Microsoft Visual Studio 8\SmartDevices\SDK\SQL Server\Mobile\v3.0\wce500\x86\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\Arquivos de programas\Microsoft Visual Studio 8\VB\VBUpgrade\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\Arquivos de programas\Microsoft Visual Studio 8\você\bin\amd64\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\Arquivos de programas\Microsoft Visual Studio 8\você\bin\x86_amd64\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\Arquivos de programas\Microsoft Visual Studio 8\você\bin\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\Arquivos de programas\Microsoft Visual Studio 8\você\ce\bin\x86_arm\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\Arquivos de programas\Microsoft Visual Studio 8\você\ce\bin\x86_cex86\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\Arquivos de programas\Microsoft Visual Studio 8\você\ce\bin\x86_mips\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\Arquivos de programas\Microsoft Visual Studio 8\você\ce\bin\x86_sh\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\Arquivos de programas\Microsoft Visual Studio 8\você\PlatformSDK\Bin\win64\AMD64\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\Arquivos de programas\Microsoft Visual Studio 8\você\PlatformSDK\Bin\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\Arquivos de programas\Microsoft Visual Studio 8\você\vcpackages\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\Arquivos de programas\Microsoft Visual Studio 8\VJ#\bin\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\Arquivos de programas\Movie Maker\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\Arquivos de programas\Mozilla Firefox\extensions\talkback@mozilla.org\components\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\Arquivos de programas\Mozilla Firefox\plugins\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\Arquivos de programas\Mozilla Firefox\uninstall\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\Arquivos de programas\Mozilla Firefox\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\Arquivos de programas\MSDN\MSDN8.0\Common\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\Arquivos de programas\MSN Gaming Zone\Windows\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\Arquivos de programas\MSN Messenger\Device Manager\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\Arquivos de programas\MSN Messenger\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\Arquivos de programas\Nero\Nero 7\Core\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\Arquivos de programas\Nero\Nero 7\InCD\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\Arquivos de programas\Nero\Nero 7\Nero\Uninstall\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\Arquivos de programas\Nero\Nero 7\Nero CoverDesigner\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\Arquivos de programas\Nero\Nero 7\Nero Fast CD-DVD Burning Plug-in\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\Arquivos de programas\Nero\Nero 7\Nero Home\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\Arquivos de programas\Nero\Nero 7\Nero ImageDrive\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\Arquivos de programas\Nero\Nero 7\Nero MediaHome\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\Arquivos de programas\Nero\Nero 7\Nero PhotoSnap\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\Arquivos de programas\Nero\Nero 7\Nero Recode\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\Arquivos de programas\Nero\Nero 7\Nero ShowTime\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\Arquivos de programas\Nero\Nero 7\Nero SoundTrax\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\Arquivos de programas\Nero\Nero 7\Nero StartSmart\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\Arquivos de programas\Nero\Nero 7\Nero Toolkit\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\Arquivos de programas\Nero\Nero 7\Nero Vision\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\Arquivos de programas\Nero\Nero 7\Nero WaveEditor\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\Arquivos de programas\NetMeeting\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\Arquivos de programas\NVIDIA\Win2KXP\81.98\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\Arquivos de programas\OGMTOAVI\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\Arquivos de programas\Opera\program\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\Arquivos de programas\Opera\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\Arquivos de programas\Outlook Express\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\Arquivos de programas\QuickTime\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\Arquivos de programas\Real\RealPlayer\Setup\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\Arquivos de programas\Real\RealPlayer\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\Arquivos de programas\Red Gate\SQL Prompt\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\Arquivos de programas\RPG Online\RPG2ic Lite\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\Arquivos de programas\Seagate Software\Crystal Reports\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\Arquivos de programas\Seagate Software\Report Designer Component\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\Arquivos de programas\Seagate Software\Shared\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\Arquivos de programas\Seagate Software\Viewers\ActiveXViewer\en\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\Arquivos de programas\Seagate Software\Viewers\JavaPlugIn\Win32\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\Arquivos de programas\SlySoft\AnyDVD\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\Arquivos de programas\SlySoft\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\Arquivos de programas\Sony\Shared Plug-Ins\Utilities\Migration Tools\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\Arquivos de programas\Sony\Sound Forge 7.0\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\Arquivos de programas\Sony Setup\Sound Forge 7.0\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\Arquivos de programas\Spybot - Search & Destroy\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\Arquivos de programas\Telefonica\Speedy\dialer\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\Arquivos de programas\Telefonica\Speedy\motive\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\Arquivos de programas\Telefonica\Speedy\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\Arquivos de programas\Trend Micro\HijackThis\backups\backup-20071215-150239-105-findfast.exe Infected: Trojan.Win32.Qhost.ace skipped
C:\Arquivos de programas\Trend Micro\HijackThis\backups\backup-20071215-150239-767-autorun.exe Infected: Trojan.Win32.Qhost.ace skipped
C:\Arquivos de programas\Trend Micro\HijackThis\backups\backup-20071215-150339-287-autorun.exe Infected: Trojan.Win32.Qhost.ace skipped
C:\Arquivos de programas\Trend Micro\HijackThis\backups\backup-20071215-150339-983-findfast.exe Infected: Trojan.Win32.Qhost.ace skipped
C:\Arquivos de programas\Trend Micro\HijackThis\backups\backup-20071215-151056-856-findfast.exe Infected: Trojan.Win32.Qhost.ace skipped
C:\Arquivos de programas\Trend Micro\HijackThis\backups\backup-20071215-151056-879-autorun.exe Infected: Trojan.Win32.Qhost.ace skipped
C:\Arquivos de programas\Trend Micro\HijackThis\backups\backup-20071215-151632-936-findfast.exe Infected: Trojan.Win32.Qhost.ace skipped
C:\Arquivos de programas\Trend Micro\HijackThis\backups\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\Arquivos de programas\Trend Micro\HijackThis\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\Arquivos de programas\Windows Media Player\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\Arquivos de programas\Windows NT\Acessórios\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\Arquivos de programas\Windows NT\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\Arquivos de programas\WinRAR\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\Arquivos de programas\WorldCommunityGrid\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\bak-backups\29-07-2007 22-47\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\CD\CDRW\Ata\Logos\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\CD\CDRW\Ata\Salario\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\CD\CDRW\ctrlremoto\Server\Test Infected: Backdoor.Win32.VB.hu skipped
C:\CD\CDRW\ctrlremoto.zip/Server/Test Infected: Backdoor.Win32.VB.hu skipped
C:\CD\CDRW\ctrlremoto.zip ZIP: infected - 1 skipped
C:\CD\CDRW\Nova pasta\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\CD\CDRW\Salario\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\CD\Nova pasta\Macromedia FreeHand + Serial\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\CD\Nova pasta\Xadrez\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\CD\Nova pasta\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\Dev-Cpp\bin\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\Dev-Cpp\libexec\gcc\mingw32\3.4.2\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\Dev-Cpp\mingw32\bin\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\Dev-Cpp\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\Documents and Settings\LocalService\Configurações locais\Dados de aplicativos\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Configurações locais\Dados de aplicativos\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Configurações locais\Histórico\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Configurações locais\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Microsoft\Configurações locais\Dados de aplicativos\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Microsoft\Configurações locais\Dados de aplicativos\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Microsoft\Configurações locais\Histórico\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Microsoft\Configurações locais\Histórico\History.IE5\MSHist012008010620080107\index.dat Object is locked skipped
C:\Documents and Settings\Microsoft\Configurações locais\Temp\Acr7234.tmp Object is locked skipped
C:\Documents and Settings\Microsoft\Configurações locais\Temp\~DF1B13.tmp Object is locked skipped
C:\Documents and Settings\Microsoft\Configurações locais\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Microsoft\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Microsoft\Dados de aplicativos\Adobe\Acrobat\7.0\Updater\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\Documents and Settings\Microsoft\Dados de aplicativos\LimeWire\.NetworkShare\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\Documents and Settings\Microsoft\Dados de aplicativos\Microsoft\Installer\{39619863-8A11-4B60-A166-E6747C986EBE}\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\Documents and Settings\Microsoft\Dados de aplicativos\Microsoft\Installer\{3CEA3FEC-1AF5-4818-89D5-406F627E7337}\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\Documents and Settings\Microsoft\Meus documentos\Visual Studio 2005\Projects\XXX\debug\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\Documents and Settings\Microsoft\Meus documentos\Visual Studio 2005\Projects\XXX\XXX\Debug\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\Documents and Settings\Microsoft\ntuser.dat Object is locked skipped
C:\Documents and Settings\Microsoft\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Configurações locais\Dados de aplicativos\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Configurações locais\Dados de aplicativos\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Configurações locais\Histórico\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Configurações locais\Temp\Perflib_Perfdata_a0.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Configurações locais\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Emuladores\Arcade\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\Emuladores\Game Boy Advance\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\Emuladores\Neo Geo\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\Emuladores\NES\fceu-0.98.12.win\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\Emuladores\NES\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\Emuladores\PlayStation 2\Pcsx2\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\Emuladores\PlayStation 2\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\Emuladores\SNES\SNES9x\snes9x-1.51-win32\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\Emuladores\SNES\SNES9x\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\Emuladores\SNES\Utilitários\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\Emuladores\SNES\ZSNES Dos\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\Emuladores\SNES\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\fixwareout\FindT\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\fixwareout\Sub\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\Instaladores\EClea2_0\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\Instaladores\Guitar Pro 5\GP5\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\Instaladores\instavitricksc\InstAviTricksC\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\Instaladores\Macromedia FreeHand + Serial\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\Instaladores\VirtualDubMod_1_5_10_2_All_inclusive\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\Instaladores\Virus\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\Instaladores\Windows Update\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\Instaladores\Xadrez\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\Instaladores\XP\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\Instaladores\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\Jogos\Age of Empires III\Age of Empires III\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\Jogos\Age of Empires III\Crack\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\Jogos\Age of Empires III\directx9\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\Jogos\Age of Empires III\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\Jogos\Doom 3\Crack + Serial\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\Jogos\Doom 3\DirectX\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\Jogos\Doom 3\Game\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\Jogos\Doom 3\Setup\Data\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\Jogos\Doom 3\Setup\rsrc\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\Jogos\Doom 3\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\Jogos\StarCraft\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\Jogos\WarCraft III\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\Pasta\bronto.xexe system32 Infected: Backdoor.Win32.Small.cmf skipped
C:\Pasta\Ehl71.xsys - windowsdrivers Infected: Trojan-Downloader.Win32.Diehard.cp skipped
C:\Pasta\proper.xexe system32 Infected: not-virus:Hoax.Win32.Fera.ay skipped
C:\Pasta\shell.xexe Infected: Trojan.Win32.Qhost.ace skipped
C:\Pasta\trayicons.xdll Infected: Email-Worm.Win32.Mydoom.bq skipped
C:\Pasta\windisk.xdll Infected: Email-Worm.Win32.Mydoom.bq skipped
C:\Pasta\wowfx.xdll system32 Infected: Trojan.Win32.Qhost.abh skipped
C:\Programas\Python24\Lib\distutils\command\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\Programas\Python24\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\Programas\ruby-1.8.4-i386-mswin32\bin\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\Programas\Wamp\Apache2\bin\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\Programas\Wamp\logs\access.log Object is locked skipped
C:\Programas\Wamp\logs\apache_error.log Object is locked skipped
C:\Programas\Wamp\logs\mysql_error.log Object is locked skipped
C:\Programas\Wamp\mysql\bin\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\Programas\Wamp\mysql\data\ibdata1 Object is locked skipped
C:\Programas\Wamp\mysql\data\ib_logfile0 Object is locked skipped
C:\Programas\Wamp\mysql\data\ib_logfile1 Object is locked skipped
C:\Programas\Wamp\php\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\Programas\Wamp\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\Programas\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\Punk\C#\IKCLoja\obj\Debug\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\Punk\C#\Jankenpo\Jankenpo\bin\Debug\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\Punk\C#\Jankenpo\Jankenpo\bin\Release\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\Punk\C#\Jankenpo\Jankenpo\obj\Debug\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\Punk\C#\Jankenpo\Jankenpo\obj\Release\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\Punk\C#\Jogo da Velha\Jogo da Velha\bin\Debug\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\Punk\C#\Jogo da Velha\Jogo da Velha\bin\Release\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\Punk\C#\Jogo da Velha\Jogo da Velha\obj\Debug\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\Punk\C#\Jogo da Velha\Jogo da Velha\obj\Release\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\Punk\C#\MyPod\IKCAdm\IKCAdm Agent\obj\Debug\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\Punk\C#\TesteConsole\TesteConsole\bin\Debug\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\Punk\C#\TesteConsole\TesteConsole\bin\Release\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\Punk\C#\TesteConsole\TesteConsole\obj\Debug\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\Punk\C#\TesteConsole\TesteConsole\obj\Release\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\Punk\C++\Jogo\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\Punk\C++\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\Punk\Knight050\Knight050\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\Punk\ProgramaRita\Clientes\bin\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\Punk\ScreenMates\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\Punk\Sérgio\Ata\Logos\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\Punk\Sérgio\Ata\Salario\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\Punk\Sérgio\Atas\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\Punk\Sérgio\Nova pasta (4)\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\Punk\Sérgio\Novo Salário\Salario\2007-07-03\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\Punk\Sérgio\Novo Salário\Salario\2007-07-29\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\Punk\Sérgio\Novo Salário\Salario\2007-09-05\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\Punk\Sérgio\Novo Salário\Salario\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\Punk\Sérgio\Salario\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\Punk\VB.NET\X\SX\SX\bin\Debug\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\Punk\VB.NET\X\SX\SX\bin\Release\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\Punk\VB.NET\X\SX\SX\obj\Debug\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\Punk\VB.NET\X\SX\SX\obj\Release\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\Punk\Visual Basic\2005\X\X\bin\Debug\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\Punk\Visual Basic\2005\X\X\bin\Release\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\Punk\Visual Basic\2005\X\X\obj\Debug\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\Punk\Visual Basic\2005\X\X\obj\Release\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\Punk\Visual Basic\Nova pasta (2)\Formatar\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\Punk\Visual Basic\Nova pasta (2)\Programa\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\Punk\Visual Basic\Nova pasta (2)\Viagem\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\Punk\Visual Basic\teste-kuroi\Output\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\Punk\Visual Basic\teste-kuroi\Package\Support\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\Punk\Visual Basic\teste-kuroi\Package\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\Punk\Visual Basic\teste-kuroi\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\mscore.dll.vir Infected: Trojan.Win32.Patched.bh skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\shift.exe.exe.vir Infected: Packed.Win32.Tibs.fc skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\QooBox\Quarantine\catchme2007-12-22_190235.84.zip/svchost.exe Infected: Trojan.Win32.Patched.bh skipped
C:\QooBox\Quarantine\catchme2007-12-22_190235.84.zip ZIP: infected - 1 skipped
C:\RECYCLER\S-1-5-21-823518204-630328440-725345543-1003\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\RECYCLER\S-1-5-21-823518204-630328440-725345543-500\Dc1.exe Infected: not-virus:Hoax.Win32.Fera.ay skipped
C:\RECYCLER\S-1-5-21-823518204-630328440-725345543-500\Dc2.exe Infected: Trojan.Win32.Qhost.ace skipped
C:\RECYCLER\S-1-5-21-823518204-630328440-725345543-500\Dc3.exe Infected: not-virus:Hoax.Win32.Fera.ay skipped
C:\RECYCLER\S-1-5-21-823518204-630328440-725345543-500\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\RpgMaker\ASCII\RPG2000\Project\Project1\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\RpgMaker\ASCII\RPG2000\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\RpgMaker\ASCII\RPG2003\Fonts\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\RpgMaker\ASCII\RPG2003\White Riot\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\RpgMaker\ASCII\RPG2003\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\RpgMaker\Enterbrain\RPGXP\System\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\RpgMaker\Enterbrain\RPGXP\White Riot\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\RpgMaker\Enterbrain\RPGXP\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{E1398412-379D-4CE3-BEFF-6744051889AF}\RP442\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\System Volume Information\_restore{E1398412-379D-4CE3-BEFF-6744051889AF}\RP443\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\System Volume Information\_restore{E1398412-379D-4CE3-BEFF-6744051889AF}\RP444\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\System Volume Information\_restore{E1398412-379D-4CE3-BEFF-6744051889AF}\RP445\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\System Volume Information\_restore{E1398412-379D-4CE3-BEFF-6744051889AF}\RP446\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\System Volume Information\_restore{E1398412-379D-4CE3-BEFF-6744051889AF}\RP447\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\System Volume Information\_restore{E1398412-379D-4CE3-BEFF-6744051889AF}\RP448\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\System Volume Information\_restore{E1398412-379D-4CE3-BEFF-6744051889AF}\RP449\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\System Volume Information\_restore{E1398412-379D-4CE3-BEFF-6744051889AF}\RP450\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\System Volume Information\_restore{E1398412-379D-4CE3-BEFF-6744051889AF}\RP451\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\System Volume Information\_restore{E1398412-379D-4CE3-BEFF-6744051889AF}\RP452\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\System Volume Information\_restore{E1398412-379D-4CE3-BEFF-6744051889AF}\RP453\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\System Volume Information\_restore{E1398412-379D-4CE3-BEFF-6744051889AF}\RP454\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\System Volume Information\_restore{E1398412-379D-4CE3-BEFF-6744051889AF}\RP455\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\System Volume Information\_restore{E1398412-379D-4CE3-BEFF-6744051889AF}\RP456\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\System Volume Information\_restore{E1398412-379D-4CE3-BEFF-6744051889AF}\RP457\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\System Volume Information\_restore{E1398412-379D-4CE3-BEFF-6744051889AF}\RP458\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\System Volume Information\_restore{E1398412-379D-4CE3-BEFF-6744051889AF}\RP459\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\System Volume Information\_restore{E1398412-379D-4CE3-BEFF-6744051889AF}\RP460\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\System Volume Information\_restore{E1398412-379D-4CE3-BEFF-6744051889AF}\RP461\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\System Volume Information\_restore{E1398412-379D-4CE3-BEFF-6744051889AF}\RP462\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\System Volume Information\_restore{E1398412-379D-4CE3-BEFF-6744051889AF}\RP463\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\System Volume Information\_restore{E1398412-379D-4CE3-BEFF-6744051889AF}\RP464\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\System Volume Information\_restore{E1398412-379D-4CE3-BEFF-6744051889AF}\RP465\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\System Volume Information\_restore{E1398412-379D-4CE3-BEFF-6744051889AF}\RP466\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\System Volume Information\_restore{E1398412-379D-4CE3-BEFF-6744051889AF}\RP467\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\System Volume Information\_restore{E1398412-379D-4CE3-BEFF-6744051889AF}\RP468\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\System Volume Information\_restore{E1398412-379D-4CE3-BEFF-6744051889AF}\RP469\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\System Volume Information\_restore{E1398412-379D-4CE3-BEFF-6744051889AF}\RP470\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\System Volume Information\_restore{E1398412-379D-4CE3-BEFF-6744051889AF}\RP471\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\System Volume Information\_restore{E1398412-379D-4CE3-BEFF-6744051889AF}\RP472\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\System Volume Information\_restore{E1398412-379D-4CE3-BEFF-6744051889AF}\RP473\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\System Volume Information\_restore{E1398412-379D-4CE3-BEFF-6744051889AF}\RP474\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\System Volume Information\_restore{E1398412-379D-4CE3-BEFF-6744051889AF}\RP475\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\System Volume Information\_restore{E1398412-379D-4CE3-BEFF-6744051889AF}\RP476\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\System Volume Information\_restore{E1398412-379D-4CE3-BEFF-6744051889AF}\RP477\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\System Volume Information\_restore{E1398412-379D-4CE3-BEFF-6744051889AF}\RP478\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\System Volume Information\_restore{E1398412-379D-4CE3-BEFF-6744051889AF}\RP479\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\System Volume Information\_restore{E1398412-379D-4CE3-BEFF-6744051889AF}\RP480\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\System Volume Information\_restore{E1398412-379D-4CE3-BEFF-6744051889AF}\RP483\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\System Volume Information\_restore{E1398412-379D-4CE3-BEFF-6744051889AF}\RP484\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\System Volume Information\_restore{E1398412-379D-4CE3-BEFF-6744051889AF}\RP485\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\System Volume Information\_restore{E1398412-379D-4CE3-BEFF-6744051889AF}\RP486\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\System Volume Information\_restore{E1398412-379D-4CE3-BEFF-6744051889AF}\RP487\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\System Volume Information\_restore{E1398412-379D-4CE3-BEFF-6744051889AF}\RP488\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\System Volume Information\_restore{E1398412-379D-4CE3-BEFF-6744051889AF}\RP489\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\System Volume Information\_restore{E1398412-379D-4CE3-BEFF-6744051889AF}\RP490\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\System Volume Information\_restore{E1398412-379D-4CE3-BEFF-6744051889AF}\RP491\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\System Volume Information\_restore{E1398412-379D-4CE3-BEFF-6744051889AF}\RP492\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\System Volume Information\_restore{E1398412-379D-4CE3-BEFF-6744051889AF}\RP493\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\System Volume Information\_restore{E1398412-379D-4CE3-BEFF-6744051889AF}\RP494\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\System Volume Information\_restore{E1398412-379D-4CE3-BEFF-6744051889AF}\RP495\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\System Volume Information\_restore{E1398412-379D-4CE3-BEFF-6744051889AF}\RP496\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\System Volume Information\_restore{E1398412-379D-4CE3-BEFF-6744051889AF}\RP497\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\System Volume Information\_restore{E1398412-379D-4CE3-BEFF-6744051889AF}\RP498\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\System Volume Information\_restore{E1398412-379D-4CE3-BEFF-6744051889AF}\RP499\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\System Volume Information\_restore{E1398412-379D-4CE3-BEFF-6744051889AF}\RP501\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\System Volume Information\_restore{E1398412-379D-4CE3-BEFF-6744051889AF}\RP502\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\System Volume Information\_restore{E1398412-379D-4CE3-BEFF-6744051889AF}\RP503\A0110016.sys Infected: Rootkit.Win32.Agent.pr skipped
C:\System Volume Information\_restore{E1398412-379D-4CE3-BEFF-6744051889AF}\RP503\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\System Volume Information\_restore{E1398412-379D-4CE3-BEFF-6744051889AF}\RP504\A0111993.dll Infected: Trojan.Win32.Qhost.abh skipped
C:\System Volume Information\_restore{E1398412-379D-4CE3-BEFF-6744051889AF}\RP504\A0111995.dll Infected: Trojan.Win32.Qhost.abh skipped
C:\System Volume Information\_restore{E1398412-379D-4CE3-BEFF-6744051889AF}\RP504\A0112009.sys Infected: Rootkit.Win32.Agent.pr skipped
C:\System Volume Information\_restore{E1398412-379D-4CE3-BEFF-6744051889AF}\RP504\snapshot\MFEX-1.DAT Infected: Trojan.Win32.Qhost.abh skipped
C:\System Volume Information\_restore{E1398412-379D-4CE3-BEFF-6744051889AF}\RP504\snapshot\MFEX-10.DAT Infected: Trojan.Win32.Qhost.abh skipped
C:\System Volume Information\_restore{E1398412-379D-4CE3-BEFF-6744051889AF}\RP504\snapshot\MFEX-11.DAT Infected: Trojan.Win32.Qhost.abh skipped
C:\System Volume Information\_restore{E1398412-379D-4CE3-BEFF-6744051889AF}\RP504\snapshot\MFEX-12.DAT Infected: Trojan.Win32.Qhost.abh skipped
C:\System Volume Information\_restore{E1398412-379D-4CE3-BEFF-6744051889AF}\RP504\snapshot\MFEX-13.DAT Infected: Trojan.Win32.Qhost.abh skipped
C:\System Volume Information\_restore{E1398412-379D-4CE3-BEFF-6744051889AF}\RP504\snapshot\MFEX-14.DAT Infected: Trojan.Win32.Qhost.abh skipped
C:\System Volume Information\_restore{E1398412-379D-4CE3-BEFF-6744051889AF}\RP504\snapshot\MFEX-15.DAT Infected: Trojan.Win32.Qhost.abh skipped
C:\System Volume Information\_restore{E1398412-379D-4CE3-BEFF-6744051889AF}\RP504\snapshot\MFEX-16.DAT Infected: Trojan.Win32.Qhost.abh skipped
C:\System Volume Information\_restore{E1398412-379D-4CE3-BEFF-6744051889AF}\RP504\snapshot\MFEX-17.DAT Infected: Trojan.Win32.Qhost.abh skipped
C:\System Volume Information\_restore{E1398412-379D-4CE3-BEFF-6744051889AF}\RP504\snapshot\MFEX-18.DAT Infected: Trojan.Win32.Qhost.abh skipped
C:\System Volume Information\_restore{E1398412-379D-4CE3-BEFF-6744051889AF}\RP504\snapshot\MFEX-2.DAT Infected: Trojan.Win32.Qhost.abh skipped
C:\System Volume Information\_restore{E1398412-379D-4CE3-BEFF-6744051889AF}\RP504\snapshot\MFEX-3.DAT Infected: Trojan.Win32.Qhost.abh skipped
C:\System Volume Information\_restore{E1398412-379D-4CE3-BEFF-6744051889AF}\RP504\snapshot\MFEX-4.DAT Infected: Trojan.Win32.Qhost.abh skipped
C:\System Volume Information\_restore{E1398412-379D-4CE3-BEFF-6744051889AF}\RP504\snapshot\MFEX-5.DAT Infected: Trojan.Win32.Qhost.abh skipped
C:\System Volume Information\_restore{E1398412-379D-4CE3-BEFF-6744051889AF}\RP504\snapshot\MFEX-6.DAT Infected: Trojan.Win32.Qhost.abh skipped
C:\System Volume Information\_restore{E1398412-379D-4CE3-BEFF-6744051889AF}\RP504\snapshot\MFEX-7.DAT Infected: Trojan.Win32.Qhost.abh skipped
C:\System Volume Information\_restore{E1398412-379D-4CE3-BEFF-6744051889AF}\RP504\snapshot\MFEX-8.DAT Infected: Trojan.Win32.Qhost.abh skipped
C:\System Volume Information\_restore{E1398412-379D-4CE3-BEFF-6744051889AF}\RP504\snapshot\MFEX-9.DAT Infected: Trojan.Win32.Qhost.abh skipped
C:\System Volume Information\_restore{E1398412-379D-4CE3-BEFF-6744051889AF}\RP504\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\System Volume Information\_restore{E1398412-379D-4CE3-BEFF-6744051889AF}\RP505\A0113078.sys Infected: Trojan-Downloader.Win32.Diehard.cp skipped
C:\System Volume Information\_restore{E1398412-379D-4CE3-BEFF-6744051889AF}\RP505\A0113335.sys Infected: Trojan-Downloader.Win32.Diehard.cp skipped
C:\System Volume Information\_restore{E1398412-379D-4CE3-BEFF-6744051889AF}\RP505\A0113363.sys Infected: Trojan-Downloader.Win32.Diehard.cp skipped
C:\System Volume Information\_restore{E1398412-379D-4CE3-BEFF-6744051889AF}\RP505\A0113397.sys Infected: Trojan-Downloader.Win32.Diehard.cp skipped
C:\System Volume Information\_restore{E1398412-379D-4CE3-BEFF-6744051889AF}\RP505\A0113416.sys Infected: Rootkit.Win32.Agent.pr skipped
C:\System Volume Information\_restore{E1398412-379D-4CE3-BEFF-6744051889AF}\RP505\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\System Volume Information\_restore{E1398412-379D-4CE3-BEFF-6744051889AF}\RP506\A0114423.sys Infected: Trojan-Downloader.Win32.Diehard.cp skipped
C:\System Volume Information\_restore{E1398412-379D-4CE3-BEFF-6744051889AF}\RP506\A0114443.sys Infected: Trojan-Downloader.Win32.Diehard.cp skipped
C:\System Volume Information\_restore{E1398412-379D-4CE3-BEFF-6744051889AF}\RP506\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\System Volume Information\_restore{E1398412-379D-4CE3-BEFF-6744051889AF}\RP507\A0114465.sys Infected: Rootkit.Win32.Agent.pr skipped
C:\System Volume Information\_restore{E1398412-379D-4CE3-BEFF-6744051889AF}\RP507\A0114473.sys Infected: Trojan-Downloader.Win32.Diehard.cp skipped
C:\System Volume Information\_restore{E1398412-379D-4CE3-BEFF-6744051889AF}\RP507\A0114507.sys Infected: Rootkit.Win32.Agent.pr skipped
C:\System Volume Information\_restore{E1398412-379D-4CE3-BEFF-6744051889AF}\RP507\A0114510.exe Infected: Trojan.Win32.Qhost.ace skipped
C:\System Volume Information\_restore{E1398412-379D-4CE3-BEFF-6744051889AF}\RP507\A0114511.exe Infected: Trojan.Win32.Qhost.ace skipped
C:\System Volume Information\_restore{E1398412-379D-4CE3-BEFF-6744051889AF}\RP507\A0114515.exe Infected: Trojan.Win32.Qhost.ace skipped
C:\System Volume Information\_restore{E1398412-379D-4CE3-BEFF-6744051889AF}\RP507\A0114516.dll Infected: Email-Worm.Win32.Mydoom.bq skipped
C:\System Volume Information\_restore{E1398412-379D-4CE3-BEFF-6744051889AF}\RP507\A0114517.sys Infected: Trojan-Downloader.Win32.Diehard.cp skipped
C:\System Volume Information\_restore{E1398412-379D-4CE3-BEFF-6744051889AF}\RP507\A0114518.dll Infected: Trojan.Win32.Qhost.abh skipped
C:\System Volume Information\_restore{E1398412-379D-4CE3-BEFF-6744051889AF}\RP507\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\System Volume Information\_restore{E1398412-379D-4CE3-BEFF-6744051889AF}\RP508\A0115508.sys Infected: Rootkit.Win32.Agent.pr skipped
C:\System Volume Information\_restore{E1398412-379D-4CE3-BEFF-6744051889AF}\RP508\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\System Volume Information\_restore{E1398412-379D-4CE3-BEFF-6744051889AF}\RP509\A0115534.exe Infected: Trojan.Win32.Qhost.ace skipped
C:\System Volume Information\_restore{E1398412-379D-4CE3-BEFF-6744051889AF}\RP509\A0115535.exe Infected: Trojan.Win32.Qhost.ace skipped
C:\System Volume Information\_restore{E1398412-379D-4CE3-BEFF-6744051889AF}\RP509\A0115537.sys Infected: Trojan-Downloader.Win32.Agent.ggt skipped
C:\System Volume Information\_restore{E1398412-379D-4CE3-BEFF-6744051889AF}\RP509\A0115555.exe Infected: Packed.Win32.Tibs.fc skipped
C:\System Volume Information\_restore{E1398412-379D-4CE3-BEFF-6744051889AF}\RP509\A0115576.sys Infected: Trojan-Downloader.Win32.Agent.ggt skipped
C:\System Volume Information\_restore{E1398412-379D-4CE3-BEFF-6744051889AF}\RP510\A0115602.exe Infected: Packed.Win32.Tibs.fc skipped
C:\System Volume Information\_restore{E1398412-379D-4CE3-BEFF-6744051889AF}\RP510\A0116588.exe Infected: Packed.Win32.Tibs.fc skipped
C:\System Volume Information\_restore{E1398412-379D-4CE3-BEFF-6744051889AF}\RP511\A0116660.dll Infected: Trojan.Win32.Patched.bh skipped
C:\System Volume Information\_restore{E1398412-379D-4CE3-BEFF-6744051889AF}\RP511\A0116668.sys Infected: Trojan-Downloader.Win32.Agent.ggt skipped
C:\System Volume Information\_restore{E1398412-379D-4CE3-BEFF-6744051889AF}\RP511\A0116833.sys Infected: Trojan-Downloader.Win32.Agent.ggt skipped
C:\System Volume Information\_restore{E1398412-379D-4CE3-BEFF-6744051889AF}\RP512\A0116883.exe Infected: Packed.Win32.Tibs.fc skipped
C:\System Volume Information\_restore{E1398412-379D-4CE3-BEFF-6744051889AF}\RP512\A0116913.exe Infected: Packed.Win32.Tibs.fc skipped
C:\System Volume Information\_restore{E1398412-379D-4CE3-BEFF-6744051889AF}\RP512\A0116918.exe Infected: Packed.Win32.Tibs.fc skipped
C:\System Volume Information\_restore{E1398412-379D-4CE3-BEFF-6744051889AF}\RP512\A0116939.exe Infected: Packed.Win32.Tibs.fc skipped
C:\System Volume Information\_restore{E1398412-379D-4CE3-BEFF-6744051889AF}\RP512\A0116962.exe Infected: Packed.Win32.Tibs.fc skipped
C:\System Volume Information\_restore{E1398412-379D-4CE3-BEFF-6744051889AF}\RP512\A0116982.exe Infected: Packed.Win32.Tibs.fc skipped
C:\System Volume Information\_restore{E1398412-379D-4CE3-BEFF-6744051889AF}\RP512\A0116984.exe Infected: Packed.Win32.Tibs.fc skipped
C:\System Volume Information\_restore{E1398412-379D-4CE3-BEFF-6744051889AF}\RP512\A0116998.exe Infected: Packed.Win32.Tibs.fc skipped
C:\System Volume Information\_restore{E1398412-379D-4CE3-BEFF-6744051889AF}\RP512\A0117001.exe Infected: Packed.Win32.Tibs.fc skipped
C:\System Volume Information\_restore{E1398412-379D-4CE3-BEFF-6744051889AF}\RP512\A0117002.exe Infected: Packed.Win32.Tibs.fc skipped
C:\System Volume Information\_restore{E1398412-379D-4CE3-BEFF-6744051889AF}\RP512\A0117003.exe Infected: Packed.Win32.Tibs.fc skipped
C:\System Volume Information\_restore{E1398412-379D-4CE3-BEFF-6744051889AF}\RP512\A0117008.sys Infected: Trojan-Downloader.Win32.Agent.ggt skipped
C:\System Volume Information\_restore{E1398412-379D-4CE3-BEFF-6744051889AF}\RP512\A0117035.sys Infected: Trojan-Downloader.Win32.Agent.ggt skipped
C:\System Volume Information\_restore{E1398412-379D-4CE3-BEFF-6744051889AF}\RP512\A0117036.exe Infected: Packed.Win32.Tibs.fc skipped
C:\System Volume Information\_restore{E1398412-379D-4CE3-BEFF-6744051889AF}\RP512\A0117062.sys Infected: Trojan-Downloader.Win32.Agent.ggt skipped
C:\System Volume Information\_restore{E1398412-379D-4CE3-BEFF-6744051889AF}\RP512\A0117063.exe Infected: Packed.Win32.Tibs.fc skipped
C:\System Volume Information\_restore{E1398412-379D-4CE3-BEFF-6744051889AF}\RP512\A0117078.sys Infected: Trojan-Downloader.Win32.Agent.ggt skipped
C:\System Volume Information\_restore{E1398412-379D-4CE3-BEFF-6744051889AF}\RP512\A0117079.exe Infected: Packed.Win32.Tibs.fc skipped
C:\System Volume Information\_restore{E1398412-379D-4CE3-BEFF-6744051889AF}\RP512\A0117081.exe Infected: Packed.Win32.Tibs.fc skipped
C:\System Volume Information\_restore{E1398412-379D-4CE3-BEFF-6744051889AF}\RP512\A0117082.exe Infected: Packed.Win32.Tibs.fc skipped
C:\System Volume Information\_restore{E1398412-379D-4CE3-BEFF-6744051889AF}\RP512\A0117083.exe Infected: Packed.Win32.Tibs.fc skipped
C:\System Volume Information\_restore{E1398412-379D-4CE3-BEFF-6744051889AF}\RP513\A0117111.sys Infected: Trojan-Downloader.Win32.Agent.ggt skipped
C:\System Volume Information\_restore{E1398412-379D-4CE3-BEFF-6744051889AF}\RP513\A0117139.sys Infected: Trojan-Downloader.Win32.Agent.ggt skipped
C:\System Volume Information\_restore{E1398412-379D-4CE3-BEFF-6744051889AF}\RP513\A0117158.sys Infected: Trojan-Downloader.Win32.Agent.ggt skipped
C:\System Volume Information\_restore{E1398412-379D-4CE3-BEFF-6744051889AF}\RP514\A0118190.sys Infected: Trojan-Downloader.Win32.Agent.ggt skipped
C:\System Volume Information\_restore{E1398412-379D-4CE3-BEFF-6744051889AF}\RP514\A0118228.sys Infected: Trojan-Downloader.Win32.Agent.ggt skipped
C:\System Volume Information\_restore{E1398412-379D-4CE3-BEFF-6744051889AF}\RP514\A0119273.sys Infected: Trojan-Downloader.Win32.Agent.ggt skipped
C:\System Volume Information\_restore{E1398412-379D-4CE3-BEFF-6744051889AF}\RP514\A0119397.sys Infected: Trojan-Downloader.Win32.Agent.ggt skipped
C:\System Volume Information\_restore{E1398412-379D-4CE3-BEFF-6744051889AF}\RP515\A0119525.sys Infected: Trojan-Downloader.Win32.Agent.ggt skipped
C:\System Volume Information\_restore{E1398412-379D-4CE3-BEFF-6744051889AF}\RP515\A0120552.sys Infected: Email-Worm.Win32.Agent.l skipped
C:\System Volume Information\_restore{E1398412-379D-4CE3-BEFF-6744051889AF}\RP515\A0120562.sys Infected: Trojan-Downloader.Win32.Agent.ggt skipped
C:\System Volume Information\_restore{E1398412-379D-4CE3-BEFF-6744051889AF}\RP515\A0120582.sys Infected: Trojan-Downloader.Win32.Agent.ggt skipped
C:\System Volume Information\_restore{E1398412-379D-4CE3-BEFF-6744051889AF}\RP515\A0120599.sys Infected: Trojan-Downloader.Win32.Agent.ggt skipped
C:\System Volume Information\_restore{E1398412-379D-4CE3-BEFF-6744051889AF}\RP516\A0121639.sys Infected: Trojan-Downloader.Win32.Agent.ggt skipped
C:\System Volume Information\_restore{E1398412-379D-4CE3-BEFF-6744051889AF}\RP516\A0121679.sys Infected: Trojan-Downloader.Win32.Agent.ggt skipped
C:\System Volume Information\_restore{E1398412-379D-4CE3-BEFF-6744051889AF}\RP516\A0122700.sys Infected: Trojan-Downloader.Win32.Agent.ggt skipped
C:\System Volume Information\_restore{E1398412-379D-4CE3-BEFF-6744051889AF}\RP516\A0122736.sys Infected: Trojan-Downloader.Win32.Agent.ggt skipped
C:\System Volume Information\_restore{E1398412-379D-4CE3-BEFF-6744051889AF}\RP516\A0122777.sys Infected: Trojan-Downloader.Win32.Agent.ggt skipped
C:\System Volume Information\_restore{E1398412-379D-4CE3-BEFF-6744051889AF}\RP516\A0122803.sys Infected: Trojan-Downloader.Win32.Agent.ggt skipped
C:\System Volume Information\_restore{E1398412-379D-4CE3-BEFF-6744051889AF}\RP516\A0122829.sys Infected: Trojan-Downloader.Win32.Agent.ggt skipped
C:\System Volume Information\_restore{E1398412-379D-4CE3-BEFF-6744051889AF}\RP516\A0122854.sys Infected: Trojan-Downloader.Win32.Agent.ggt skipped
C:\System Volume Information\_restore{E1398412-379D-4CE3-BEFF-6744051889AF}\RP516\A0122883.sys Infected: Trojan-Downloader.Win32.Agent.ggt skipped
C:\System Volume Information\_restore{E1398412-379D-4CE3-BEFF-6744051889AF}\RP516\A0122931.sys Infected: Trojan-Downloader.Win32.Agent.ggt skipped
C:\System Volume Information\_restore{E1398412-379D-4CE3-BEFF-6744051889AF}\RP517\A0122976.sys Infected: Trojan-Downloader.Win32.Agent.ggt skipped
C:\System Volume Information\_restore{E1398412-379D-4CE3-BEFF-6744051889AF}\RP517\A0124004.sys Infected: Trojan-Downloader.Win32.Agent.ggt skipped
C:\System Volume Information\_restore{E1398412-379D-4CE3-BEFF-6744051889AF}\RP517\A0124026.sys Infected: Trojan-Downloader.Win32.Agent.ggt skipped
C:\System Volume Information\_restore{E1398412-379D-4CE3-BEFF-6744051889AF}\RP517\A0124071.sys Infected: Trojan-Downloader.Win32.Agent.ggt skipped
C:\System Volume Information\_restore{E1398412-379D-4CE3-BEFF-6744051889AF}\RP517\A0124091.sys Infected: Trojan-Downloader.Win32.Agent.ggt skipped
C:\System Volume Information\_restore{E1398412-379D-4CE3-BEFF-6744051889AF}\RP517\A0125110.sys Infected: Trojan-Downloader.Win32.Agent.ggt skipped
C:\System Volume Information\_restore{E1398412-379D-4CE3-BEFF-6744051889AF}\RP518\change.log Object is locked skipped
C:\Temas\167540.exe/WISE0017.BIN Infected: not-a-virus:AdWare.Win32.NewDotNet skipped
C:\Temas\167540.exe/WISE0019.BIN Infected: not-a-virus:AdTool.Win32.WhenU.a skipped
C:\Temas\167540.exe/WISE0024.BIN Infected: not-a-virus:AdWare.Win32.Relevant.a skipped
C:\Temas\167540.exe WiseSFX: infected - 3 skipped
C:\Temas\167540.exe WiseSFXDropper: infected - 3 skipped
C:\Temas\akira98_tt.exe/WISE0017.BIN Infected: Trojan-Downloader.Win32.Small.bke skipped
C:\Temas\akira98_tt.exe/WISE0018.BIN Infected: not-a-virus:AdWare.Win32.NewDotNet skipped
C:\Temas\akira98_tt.exe WiseSFX: infected - 2 skipped
C:\Temas\akira98_tt.exe WiseSFXDropper: infected - 2 skipped
C:\Temas\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\WINDOWS\$hf_mig$\KB894391\update\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\WINDOWS\$hf_mig$\KB894391\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\WINDOWS\$hf_mig$\KB912919\update\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\WINDOWS\$hf_mig$\KB912919\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\WINDOWS\$hf_mig$\KB918899\SP2QFE\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\WINDOWS\$hf_mig$\KB918899\update\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\WINDOWS\$hf_mig$\KB918899\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\WINDOWS\$hf_mig$\KB921883\update\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\WINDOWS\$hf_mig$\KB921883\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\WINDOWS\$hf_mig$\KB925486\update\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\WINDOWS\$hf_mig$\KB925486\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\WINDOWS\$MSI31Uninstall_KB893803$\spuninst\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\WINDOWS\$MSI31Uninstall_KB893803$\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\WINDOWS\$NtUninstallKB894391$\spuninst\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\WINDOWS\$NtUninstallKB912919$\spuninst\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\WINDOWS\$NtUninstallKB918899$\spuninst\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\WINDOWS\$NtUninstallKB918899$\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\WINDOWS\$NtUninstallKB921883$\spuninst\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\WINDOWS\$NtUninstallKB925486$\spuninst\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\dfsvc\3d5c1b1a8c9a1f479e38b24e20952d51\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\WINDOWS\Cache\Adobe Reader 6\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\Dil25.sys Object is locked skipped
C:\WINDOWS\ime\imjp8_1\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\WINDOWS\ime\imkr6_1\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\WINDOWS\ime\shared\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\WINDOWS\Installer\{350C9416-3D7C-4EE8-BAA9-00BCB3D54227}\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\WINDOWS\Installer\{75E71ADD-042C-4F30-BFAC-A9EC42351313}\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\WINDOWS\Installer\{7699B723-9718-41DE-8C18-549F341C02CE}\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\WINDOWS\Installer\{7B9CC60A-9B81-46A3-A953-76B6BF9EEC97}\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\WINDOWS\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\WINDOWS\Installer\{90510416-6000-11D3-8CFE-0150048383C9}\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\WINDOWS\Installer\{9FAEB5B2-4548-45AB-AC5B-510176BED53D}\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\WINDOWS\Installer\{AC76BA86-7AD7-1033-7B44-A70900000002}\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\WINDOWS\Installer\{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft Visual J# 2.0 Redistributable Package\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\WINDOWS\Microsoft.NET\Framework\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\WINDOWS\msagent\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\WINDOWS\pchealth\helpctr\binaries\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\WINDOWS\pchealth\UploadLB\Binaries\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\WINDOWS\pss\autorun.exeCommon Startup Infected: Trojan.Win32.Qhost.ace skipped
C:\WINDOWS\pss\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\WINDOWS\RegisteredPackages\{3FDF25EE-E592-4495-8391-6E9C504DAC2B}\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\WINDOWS\RegisteredPackages\{3FDF25EE-E592-4495-8391-6E9C504DAC2B}$BACKUP$\System\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\WINDOWS\RegisteredPackages\{981FB688-E76B-4246-987B-92083185B90A}\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\WINDOWS\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\WINDOWS\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}$BACKUP$\System\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\WINDOWS\RegisteredPackages\{DD90D410-1823-43EB-9A16-A2331BF08799}\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\WINDOWS\RegisteredPackages\{DD90D410-1823-43EB-9A16-A2331BF08799}$BACKUP$\System\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\WINDOWS\Registration\{02D4B3F1-FD88-11D1-960D-00805FC79235}.{E0075D6C-B76B-47EB-AE1E-890907C8299E}.crmlog Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\Com\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\WINDOWS\system32\config\Antivirus.Evt Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\Configurações locais\Temporary Internet Files\Content.IE5\8LS5CD8R\shift[1].exe Infected: Packed.Win32.Tibs.fc skipped
C:\WINDOWS\system32\config\systemprofile\Configurações locais\Temporary Internet Files\Content.IE5\8LS5CD8R\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\WINDOWS\system32\drivers\Dil25.sys Object is locked skipped
C:\WINDOWS\system32\drivers\etc\hosts.20071220-125458.backup Infected: Trojan.Win32.Qhost.nl skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\inetsrv\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\WINDOWS\system32\Macromed\Director\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\WINDOWS\system32\Macromed\Flash\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\WINDOWS\system32\Macromed\Shockwave 10\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\WINDOWS\system32\npp\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\WINDOWS\system32\oobe\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\WINDOWS\system32\Restore\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\WINDOWS\system32\spool\drivers\w32x86\3\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\WINDOWS\system32\spool\drivers\w32x86\lexmark_3300_seriesfe18\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\WINDOWS\system32\usmt\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\WINDOWS\Temp\Perflib_Perfdata_494.dat Object is locked skipped
C:\WINDOWS\Temp\_avast4_\Webshlock.txt Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
C:\Youtube\_install.exe Infected: Packed.Win32.Tibs.fc skipped
Scan process completed.

JackSSA · Janeiro 8, 2008

Baixe o AVG Anti-Spyware Instale e Atualize-o.

Reinicie em Modo de Segurança (Pressione intermitentemente F8 durante a inicialização, no menu que aparecer escolha através da seta de navegação, Modo Seguro).

Execute um scan completo com o AVG AntiSpyware, ao final do scan, informe o AVG para remover todas as infecções encontradas, por fim salve o Log do scan (Salvar relatório de verificação)

Reinicie e poste o conteúdo deste Relatório.

kuroi · Janeiro 10, 2008

esse link não ta abrindo aqui (alias, nem o killbox abriu mas eu já tinha), baxei um anti-spyware q tava no baixaki.

o log é esse, ele diz nenhuma ação executada, mas é porque eu fiz o relatorio antes de mandar excluir, não sabia q ia aparecer no log.

mas mandei excluir tudo.

---------------------------------------------------------
AVG Anti-Spyware - Relatório de verificação
---------------------------------------------------------
+ Criação: 01:05:58 10/01/2008
+ Resultado da verificação:
C:\Instaladores\kazaa_setup.exe -> Adware.Altnet : Nenhuma ação executada.
C:\Emuladores\Neo Geo\NeoRageX v4.8.exe -> Backdoor.Sdbot : Nenhuma ação executada.
C:\Emuladores\Neo Geo\neoragex48 - abre el archivo name&key.txt.zip/NeoRageX v4.8.exe -> Backdoor.Sdbot : Nenhuma ação executada.
C:\Pasta\bronto.xexe system32 -> Backdoor.Small.cmf : Nenhuma ação executada.
C:\CD\CDRW\ctrlremoto.zip/Server/Test -> Backdoor.VB.hu : Nenhuma ação executada.
C:\CD\CDRW\ctrlremoto\Server\Test -> Backdoor.VB.hu : Nenhuma ação executada.
C:\System Volume Information\_restore{E1398412-379D-4CE3-BEFF-6744051889AF}\RP509\A0115537.sys -> Downloader.Agent.ggt : Nenhuma ação executada.
C:\System Volume Information\_restore{E1398412-379D-4CE3-BEFF-6744051889AF}\RP509\A0115576.sys -> Downloader.Agent.ggt : Nenhuma ação executada.
C:\System Volume Information\_restore{E1398412-379D-4CE3-BEFF-6744051889AF}\RP511\A0116668.sys -> Downloader.Agent.ggt : Nenhuma ação executada.
C:\System Volume Information\_restore{E1398412-379D-4CE3-BEFF-6744051889AF}\RP511\A0116833.sys -> Downloader.Agent.ggt : Nenhuma ação executada.
C:\System Volume Information\_restore{E1398412-379D-4CE3-BEFF-6744051889AF}\RP512\A0117008.sys -> Downloader.Agent.ggt : Nenhuma ação executada.
C:\System Volume Information\_restore{E1398412-379D-4CE3-BEFF-6744051889AF}\RP512\A0117035.sys -> Downloader.Agent.ggt : Nenhuma ação executada.
C:\System Volume Information\_restore{E1398412-379D-4CE3-BEFF-6744051889AF}\RP512\A0117062.sys -> Downloader.Agent.ggt : Nenhuma ação executada.
C:\System Volume Information\_restore{E1398412-379D-4CE3-BEFF-6744051889AF}\RP512\A0117078.sys -> Downloader.Agent.ggt : Nenhuma ação executada.
C:\System Volume Information\_restore{E1398412-379D-4CE3-BEFF-6744051889AF}\RP513\A0117111.sys -> Downloader.Agent.ggt : Nenhuma ação executada.
C:\System Volume Information\_restore{E1398412-379D-4CE3-BEFF-6744051889AF}\RP513\A0117139.sys -> Downloader.Agent.ggt : Nenhuma ação executada.
C:\System Volume Information\_restore{E1398412-379D-4CE3-BEFF-6744051889AF}\RP513\A0117158.sys -> Downloader.Agent.ggt : Nenhuma ação executada.
C:\System Volume Information\_restore{E1398412-379D-4CE3-BEFF-6744051889AF}\RP514\A0118190.sys -> Downloader.Agent.ggt : Nenhuma ação executada.
C:\System Volume Information\_restore{E1398412-379D-4CE3-BEFF-6744051889AF}\RP514\A0118228.sys -> Downloader.Agent.ggt : Nenhuma ação executada.
C:\System Volume Information\_restore{E1398412-379D-4CE3-BEFF-6744051889AF}\RP514\A0119273.sys -> Downloader.Agent.ggt : Nenhuma ação executada.
C:\System Volume Information\_restore{E1398412-379D-4CE3-BEFF-6744051889AF}\RP514\A0119397.sys -> Downloader.Agent.ggt : Nenhuma ação executada.
C:\System Volume Information\_restore{E1398412-379D-4CE3-BEFF-6744051889AF}\RP515\A0119525.sys -> Downloader.Agent.ggt : Nenhuma ação executada.
C:\System Volume Information\_restore{E1398412-379D-4CE3-BEFF-6744051889AF}\RP515\A0120562.sys -> Downloader.Agent.ggt : Nenhuma ação executada.
C:\System Volume Information\_restore{E1398412-379D-4CE3-BEFF-6744051889AF}\RP515\A0120582.sys -> Downloader.Agent.ggt : Nenhuma ação executada.
C:\System Volume Information\_restore{E1398412-379D-4CE3-BEFF-6744051889AF}\RP515\A0120599.sys -> Downloader.Agent.ggt : Nenhuma ação executada.
C:\System Volume Information\_restore{E1398412-379D-4CE3-BEFF-6744051889AF}\RP516\A0121639.sys -> Downloader.Agent.ggt : Nenhuma ação executada.
C:\System Volume Information\_restore{E1398412-379D-4CE3-BEFF-6744051889AF}\RP516\A0121679.sys -> Downloader.Agent.ggt : Nenhuma ação executada.
C:\System Volume Information\_restore{E1398412-379D-4CE3-BEFF-6744051889AF}\RP516\A0122700.sys -> Downloader.Agent.ggt : Nenhuma ação executada.
C:\System Volume Information\_restore{E1398412-379D-4CE3-BEFF-6744051889AF}\RP516\A0122736.sys -> Downloader.Agent.ggt : Nenhuma ação executada.
C:\System Volume Information\_restore{E1398412-379D-4CE3-BEFF-6744051889AF}\RP516\A0122777.sys -> Downloader.Agent.ggt : Nenhuma ação executada.
C:\System Volume Information\_restore{E1398412-379D-4CE3-BEFF-6744051889AF}\RP516\A0122803.sys -> Downloader.Agent.ggt : Nenhuma ação executada.
C:\System Volume Information\_restore{E1398412-379D-4CE3-BEFF-6744051889AF}\RP516\A0122829.sys -> Downloader.Agent.ggt : Nenhuma ação executada.
C:\System Volume Information\_restore{E1398412-379D-4CE3-BEFF-6744051889AF}\RP516\A0122854.sys -> Downloader.Agent.ggt : Nenhuma ação executada.
C:\System Volume Information\_restore{E1398412-379D-4CE3-BEFF-6744051889AF}\RP516\A0122883.sys -> Downloader.Agent.ggt : Nenhuma ação executada.
C:\System Volume Information\_restore{E1398412-379D-4CE3-BEFF-6744051889AF}\RP516\A0122931.sys -> Downloader.Agent.ggt : Nenhuma ação executada.
C:\System Volume Information\_restore{E1398412-379D-4CE3-BEFF-6744051889AF}\RP517\A0122976.sys -> Downloader.Agent.ggt : Nenhuma ação executada.
C:\System Volume Information\_restore{E1398412-379D-4CE3-BEFF-6744051889AF}\RP517\A0124004.sys -> Downloader.Agent.ggt : Nenhuma ação executada.
C:\System Volume Information\_restore{E1398412-379D-4CE3-BEFF-6744051889AF}\RP517\A0124026.sys -> Downloader.Agent.ggt : Nenhuma ação executada.
C:\System Volume Information\_restore{E1398412-379D-4CE3-BEFF-6744051889AF}\RP517\A0124071.sys -> Downloader.Agent.ggt : Nenhuma ação executada.
C:\System Volume Information\_restore{E1398412-379D-4CE3-BEFF-6744051889AF}\RP517\A0124091.sys -> Downloader.Agent.ggt : Nenhuma ação executada.
C:\System Volume Information\_restore{E1398412-379D-4CE3-BEFF-6744051889AF}\RP517\A0125110.sys -> Downloader.Agent.ggt : Nenhuma ação executada.
C:\System Volume Information\_restore{E1398412-379D-4CE3-BEFF-6744051889AF}\RP518\A0125138.sys -> Downloader.Agent.ggt : Nenhuma ação executada.
C:\System Volume Information\_restore{E1398412-379D-4CE3-BEFF-6744051889AF}\RP518\A0125177.sys -> Downloader.Agent.ggt : Nenhuma ação executada.
C:\System Volume Information\_restore{E1398412-379D-4CE3-BEFF-6744051889AF}\RP518\A0126216.sys -> Downloader.Agent.ggt : Nenhuma ação executada.
C:\System Volume Information\_restore{E1398412-379D-4CE3-BEFF-6744051889AF}\RP519\A0126257.sys -> Downloader.Agent.ggt : Nenhuma ação executada.
C:\System Volume Information\_restore{E1398412-379D-4CE3-BEFF-6744051889AF}\RP519\A0126301.sys -> Downloader.Agent.ggt : Nenhuma ação executada.
C:\System Volume Information\_restore{E1398412-379D-4CE3-BEFF-6744051889AF}\RP519\A0126345.sys -> Downloader.Agent.ggt : Nenhuma ação executada.
C:\System Volume Information\_restore{E1398412-379D-4CE3-BEFF-6744051889AF}\RP519\A0126374.sys -> Downloader.Agent.ggt : Nenhuma ação executada.
C:\System Volume Information\_restore{E1398412-379D-4CE3-BEFF-6744051889AF}\RP520\A0126430.sys -> Downloader.Agent.ggt : Nenhuma ação executada.
C:\System Volume Information\_restore{E1398412-379D-4CE3-BEFF-6744051889AF}\RP520\A0126481.sys -> Downloader.Agent.ggt : Nenhuma ação executada.
C:\WINDOWS\Dil25(2).sys -> Downloader.Agent.ggt : Nenhuma ação executada.
C:\WINDOWS\Dil25(3).sys -> Downloader.Agent.ggt : Nenhuma ação executada.
C:\WINDOWS\Dil25(4).sys -> Downloader.Agent.ggt : Nenhuma ação executada.
C:\WINDOWS\Dil25(5).sys -> Downloader.Agent.ggt : Nenhuma ação executada.
C:\WINDOWS\Dil25(6).sys -> Downloader.Agent.ggt : Nenhuma ação executada.
C:\WINDOWS\Dil25(7).sys -> Downloader.Agent.ggt : Nenhuma ação executada.
[500]VM_13140000 -> Downloader.Agent.ggt : Nenhuma ação executada.
C:\WINDOWS\system32\drivers\Mqt36.sys -> Downloader.Agent.hbs : Nenhuma ação executada.
C:\Pasta\Ehl71.xsys - windowsdrivers -> Downloader.Diehard.cp : Nenhuma ação executada.
C:\System Volume Information\_restore{E1398412-379D-4CE3-BEFF-6744051889AF}\RP505\A0113078.sys -> Downloader.Diehard.cp : Nenhuma ação executada.
C:\System Volume Information\_restore{E1398412-379D-4CE3-BEFF-6744051889AF}\RP505\A0113335.sys -> Downloader.Diehard.cp : Nenhuma ação executada.
C:\System Volume Information\_restore{E1398412-379D-4CE3-BEFF-6744051889AF}\RP505\A0113363.sys -> Downloader.Diehard.cp : Nenhuma ação executada.
C:\System Volume Information\_restore{E1398412-379D-4CE3-BEFF-6744051889AF}\RP505\A0113397.sys -> Downloader.Diehard.cp : Nenhuma ação executada.
C:\System Volume Information\_restore{E1398412-379D-4CE3-BEFF-6744051889AF}\RP506\A0114423.sys -> Downloader.Diehard.cp : Nenhuma ação executada.
C:\System Volume Information\_restore{E1398412-379D-4CE3-BEFF-6744051889AF}\RP506\A0114443.sys -> Downloader.Diehard.cp : Nenhuma ação executada.
C:\System Volume Information\_restore{E1398412-379D-4CE3-BEFF-6744051889AF}\RP507\A0114473.sys -> Downloader.Diehard.cp : Nenhuma ação executada.
C:\System Volume Information\_restore{E1398412-379D-4CE3-BEFF-6744051889AF}\RP507\A0114517.sys -> Downloader.Diehard.cp : Nenhuma ação executada.
C:\Pasta\proper.xexe system32 -> Not-A-Virus.Hoax.Win32.Fera.ay : Nenhuma ação executada.
C:\RECYCLER\S-1-5-21-823518204-630328440-725345543-500\Dc1.exe -> Not-A-Virus.Hoax.Win32.Fera.ay : Nenhuma ação executada.
C:\RECYCLER\S-1-5-21-823518204-630328440-725345543-500\Dc3.exe -> Not-A-Virus.Hoax.Win32.Fera.ay : Nenhuma ação executada.
C:\System Volume Information\_restore{E1398412-379D-4CE3-BEFF-6744051889AF}\RP503\A0110016.sys -> Rootkit.Agent.pr : Nenhuma ação executada.
C:\System Volume Information\_restore{E1398412-379D-4CE3-BEFF-6744051889AF}\RP504\A0112009.sys -> Rootkit.Agent.pr : Nenhuma ação executada.
C:\System Volume Information\_restore{E1398412-379D-4CE3-BEFF-6744051889AF}\RP505\A0113416.sys -> Rootkit.Agent.pr : Nenhuma ação executada.
C:\System Volume Information\_restore{E1398412-379D-4CE3-BEFF-6744051889AF}\RP507\A0114465.sys -> Rootkit.Agent.pr : Nenhuma ação executada.
C:\System Volume Information\_restore{E1398412-379D-4CE3-BEFF-6744051889AF}\RP507\A0114507.sys -> Rootkit.Agent.pr : Nenhuma ação executada.
C:\System Volume Information\_restore{E1398412-379D-4CE3-BEFF-6744051889AF}\RP508\A0115508.sys -> Rootkit.Agent.pr : Nenhuma ação executada.
:mozilla.693:C:\Documents and Settings\Microsoft\Dados de aplicativos\Mozilla\Firefox\Profiles\45iml2f0.default\cookies.txt -> TrackingCookie.247realmedia : Nenhuma ação executada.
:mozilla.694:C:\Documents and Settings\Microsoft\Dados de aplicativos\Mozilla\Firefox\Profiles\45iml2f0.default\cookies.txt -> TrackingCookie.247realmedia : Nenhuma ação executada.
:mozilla.350:C:\Documents and Settings\Microsoft\Dados de aplicativos\Mozilla\Firefox\Profiles\45iml2f0.default\cookies.txt -> TrackingCookie.2o7 : Nenhuma ação executada.
:mozilla.351:C:\Documents and Settings\Microsoft\Dados de aplicativos\Mozilla\Firefox\Profiles\45iml2f0.default\cookies.txt -> TrackingCookie.2o7 : Nenhuma ação executada.
:mozilla.352:C:\Documents and Settings\Microsoft\Dados de aplicativos\Mozilla\Firefox\Profiles\45iml2f0.default\cookies.txt -> TrackingCookie.2o7 : Nenhuma ação executada.
:mozilla.353:C:\Documents and Settings\Microsoft\Dados de aplicativos\Mozilla\Firefox\Profiles\45iml2f0.default\cookies.txt -> TrackingCookie.2o7 : Nenhuma ação executada.
:mozilla.354:C:\Documents and Settings\Microsoft\Dados de aplicativos\Mozilla\Firefox\Profiles\45iml2f0.default\cookies.txt -> TrackingCookie.2o7 : Nenhuma ação executada.
:mozilla.355:C:\Documents and Settings\Microsoft\Dados de aplicativos\Mozilla\Firefox\Profiles\45iml2f0.default\cookies.txt -> TrackingCookie.2o7 : Nenhuma ação executada.
:mozilla.356:C:\Documents and Settings\Microsoft\Dados de aplicativos\Mozilla\Firefox\Profiles\45iml2f0.default\cookies.txt -> TrackingCookie.2o7 : Nenhuma ação executada.
:mozilla.357:C:\Documents and Settings\Microsoft\Dados de aplicativos\Mozilla\Firefox\Profiles\45iml2f0.default\cookies.txt -> TrackingCookie.2o7 : Nenhuma ação executada.
:mozilla.358:C:\Documents and Settings\Microsoft\Dados de aplicativos\Mozilla\Firefox\Profiles\45iml2f0.default\cookies.txt -> TrackingCookie.2o7 : Nenhuma ação executada.
:mozilla.359:C:\Documents and Settings\Microsoft\Dados de aplicativos\Mozilla\Firefox\Profiles\45iml2f0.default\cookies.txt -> TrackingCookie.2o7 : Nenhuma ação executada.
:mozilla.734:C:\Documents and Settings\Microsoft\Dados de aplicativos\Mozilla\Firefox\Profiles\45iml2f0.default\cookies.txt -> TrackingCookie.2o7 : Nenhuma ação executada.
:mozilla.914:C:\Documents and Settings\Microsoft\Dados de aplicativos\Mozilla\Firefox\Profiles\45iml2f0.default\cookies.txt -> TrackingCookie.2o7 : Nenhuma ação executada.
:mozilla.265:C:\Documents and Settings\Microsoft\Dados de aplicativos\Mozilla\Firefox\Profiles\45iml2f0.default\cookies.txt -> TrackingCookie.Adbrite : Nenhuma ação executada.
:mozilla.266:C:\Documents and Settings\Microsoft\Dados de aplicativos\Mozilla\Firefox\Profiles\45iml2f0.default\cookies.txt -> TrackingCookie.Adbrite : Nenhuma ação executada.
:mozilla.267:C:\Documents and Settings\Microsoft\Dados de aplicativos\Mozilla\Firefox\Profiles\45iml2f0.default\cookies.txt -> TrackingCookie.Adbrite : Nenhuma ação executada.
:mozilla.231:C:\Documents and Settings\Microsoft\Dados de aplicativos\Mozilla\Firefox\Profiles\45iml2f0.default\cookies.txt -> TrackingCookie.Adrevolver : Nenhuma ação executada.
:mozilla.232:C:\Documents and Settings\Microsoft\Dados de aplicativos\Mozilla\Firefox\Profiles\45iml2f0.default\cookies.txt -> TrackingCookie.Adrevolver : Nenhuma ação executada.
:mozilla.233:C:\Documents and Settings\Microsoft\Dados de aplicativos\Mozilla\Firefox\Profiles\45iml2f0.default\cookies.txt -> TrackingCookie.Adrevolver : Nenhuma ação executada.
:mozilla.234:C:\Documents and Settings\Microsoft\Dados de aplicativos\Mozilla\Firefox\Profiles\45iml2f0.default\cookies.txt -> TrackingCookie.Adrevolver : Nenhuma ação executada.
:mozilla.235:C:\Documents and Settings\Microsoft\Dados de aplicativos\Mozilla\Firefox\Profiles\45iml2f0.default\cookies.txt -> TrackingCookie.Adrevolver : Nenhuma ação executada.
:mozilla.236:C:\Documents and Settings\Microsoft\Dados de aplicativos\Mozilla\Firefox\Profiles\45iml2f0.default\cookies.txt -> TrackingCookie.Adrevolver : Nenhuma ação executada.
:mozilla.237:C:\Documents and Settings\Microsoft\Dados de aplicativos\Mozilla\Firefox\Profiles\45iml2f0.default\cookies.txt -> TrackingCookie.Adrevolver : Nenhuma ação executada.
:mozilla.238:C:\Documents and Settings\Microsoft\Dados de aplicativos\Mozilla\Firefox\Profiles\45iml2f0.default\cookies.txt -> TrackingCookie.Adrevolver : Nenhuma ação executada.
:mozilla.239:C:\Documents and Settings\Microsoft\Dados de aplicativos\Mozilla\Firefox\Profiles\45iml2f0.default\cookies.txt -> TrackingCookie.Adrevolver : Nenhuma ação executada.
:mozilla.302:C:\Documents and Settings\Microsoft\Dados de aplicativos\Mozilla\Firefox\Profiles\45iml2f0.default\cookies.txt -> TrackingCookie.Adtech : Nenhuma ação executada.
:mozilla.303:C:\Documents and Settings\Microsoft\Dados de aplicativos\Mozilla\Firefox\Profiles\45iml2f0.default\cookies.txt -> TrackingCookie.Adtech : Nenhuma ação executada.
:mozilla.425:C:\Documents and Settings\Microsoft\Dados de aplicativos\Mozilla\Firefox\Profiles\45iml2f0.default\cookies.txt -> TrackingCookie.Advertising : Nenhuma ação executada.
:mozilla.426:C:\Documents and Settings\Microsoft\Dados de aplicativos\Mozilla\Firefox\Profiles\45iml2f0.default\cookies.txt -> TrackingCookie.Advertising : Nenhuma ação executada.
:mozilla.427:C:\Documents and Settings\Microsoft\Dados de aplicativos\Mozilla\Firefox\Profiles\45iml2f0.default\cookies.txt -> TrackingCookie.Advertising : Nenhuma ação executada.
:mozilla.245:C:\Documents and Settings\Microsoft\Dados de aplicativos\Mozilla\Firefox\Profiles\45iml2f0.default\cookies.txt -> TrackingCookie.Atdmt : Nenhuma ação executada.
C:\Documents and Settings\Microsoft\Cookies\microsoft@atdmt[2].txt -> TrackingCookie.Atdmt : Nenhuma ação executada.
:mozilla.396:C:\Documents and Settings\Microsoft\Dados de aplicativos\Mozilla\Firefox\Profiles\45iml2f0.default\cookies.txt -> TrackingCookie.Burstnet : Nenhuma ação executada.
:mozilla.100:C:\Documents and Settings\Microsoft\Dados de aplicativos\Mozilla\Firefox\Profiles\45iml2f0.default\cookies.txt -> TrackingCookie.Casalemedia : Nenhuma ação executada.
:mozilla.101:C:\Documents and Settings\Microsoft\Dados de aplicativos\Mozilla\Firefox\Profiles\45iml2f0.default\cookies.txt -> TrackingCookie.Casalemedia : Nenhuma ação executada.
:mozilla.92:C:\Documents and Settings\Microsoft\Dados de aplicativos\Mozilla\Firefox\Profiles\45iml2f0.default\cookies.txt -> TrackingCookie.Casalemedia : Nenhuma ação executada.
:mozilla.93:C:\Documents and Settings\Microsoft\Dados de aplicativos\Mozilla\Firefox\Profiles\45iml2f0.default\cookies.txt -> TrackingCookie.Casalemedia : Nenhuma ação executada.
:mozilla.94:C:\Documents and Settings\Microsoft\Dados de aplicativos\Mozilla\Firefox\Profiles\45iml2f0.default\cookies.txt -> TrackingCookie.Casalemedia : Nenhuma ação executada.
:mozilla.95:C:\Documents and Settings\Microsoft\Dados de aplicativos\Mozilla\Firefox\Profiles\45iml2f0.default\cookies.txt -> TrackingCookie.Casalemedia : Nenhuma ação executada.
:mozilla.96:C:\Documents and Settings\Microsoft\Dados de aplicativos\Mozilla\Firefox\Profiles\45iml2f0.default\cookies.txt -> TrackingCookie.Casalemedia : Nenhuma ação executada.
:mozilla.97:C:\Documents and Settings\Microsoft\Dados de aplicativos\Mozilla\Firefox\Profiles\45iml2f0.default\cookies.txt -> TrackingCookie.Casalemedia : Nenhuma ação executada.
:mozilla.98:C:\Documents and Settings\Microsoft\Dados de aplicativos\Mozilla\Firefox\Profiles\45iml2f0.default\cookies.txt -> TrackingCookie.Casalemedia : Nenhuma ação executada.
:mozilla.99:C:\Documents and Settings\Microsoft\Dados de aplicativos\Mozilla\Firefox\Profiles\45iml2f0.default\cookies.txt -> TrackingCookie.Casalemedia : Nenhuma ação executada.
C:\Documents and Settings\Microsoft\Cookies\microsoft@casalemedia[1].txt -> TrackingCookie.Casalemedia : Nenhuma ação executada.
:mozilla.179:C:\Documents and Settings\Microsoft\Dados de aplicativos\Mozilla\Firefox\Profiles\45iml2f0.default\cookies.txt -> TrackingCookie.Comclick : Nenhuma ação executada.
:mozilla.180:C:\Documents and Settings\Microsoft\Dados de aplicativos\Mozilla\Firefox\Profiles\45iml2f0.default\cookies.txt -> TrackingCookie.Comclick : Nenhuma ação executada.
:mozilla.181:C:\Documents and Settings\Microsoft\Dados de aplicativos\Mozilla\Firefox\Profiles\45iml2f0.default\cookies.txt -> TrackingCookie.Comclick : Nenhuma ação executada.
:mozilla.324:C:\Documents and Settings\Microsoft\Dados de aplicativos\Mozilla\Firefox\Profiles\45iml2f0.default\cookies.txt -> TrackingCookie.Coremetrics : Nenhuma ação executada.
:mozilla.115:C:\Documents and Settings\Microsoft\Dados de aplicativos\Mozilla\Firefox\Profiles\45iml2f0.default\cookies.txt -> TrackingCookie.Doubleclick : Nenhuma ação executada.
:mozilla.762:C:\Documents and Settings\Microsoft\Dados de aplicativos\Mozilla\Firefox\Profiles\45iml2f0.default\cookies.txt -> TrackingCookie.Estat : Nenhuma ação executada.
:mozilla.370:C:\Documents and Settings\Microsoft\Dados de aplicativos\Mozilla\Firefox\Profiles\45iml2f0.default\cookies.txt -> TrackingCookie.Fastclick : Nenhuma ação executada.
:mozilla.371:C:\Documents and Settings\Microsoft\Dados de aplicativos\Mozilla\Firefox\Profiles\45iml2f0.default\cookies.txt -> TrackingCookie.Fastclick : Nenhuma ação executada.
:mozilla.637:C:\Documents and Settings\Microsoft\Dados de aplicativos\Mozilla\Firefox\Profiles\45iml2f0.default\cookies.txt -> TrackingCookie.Googleadservices : Nenhuma ação executada.
:mozilla.662:C:\Documents and Settings\Microsoft\Dados de aplicativos\Mozilla\Firefox\Profiles\45iml2f0.default\cookies.txt -> TrackingCookie.Googleadservices : Nenhuma ação executada.
:mozilla.676:C:\Documents and Settings\Microsoft\Dados de aplicativos\Mozilla\Firefox\Profiles\45iml2f0.default\cookies.txt -> TrackingCookie.Googleadservices : Nenhuma ação executada.
:mozilla.494:C:\Documents and Settings\Microsoft\Dados de aplicativos\Mozilla\Firefox\Profiles\45iml2f0.default\cookies.txt -> TrackingCookie.Hitbox : Nenhuma ação executada.
:mozilla.495:C:\Documents and Settings\Microsoft\Dados de aplicativos\Mozilla\Firefox\Profiles\45iml2f0.default\cookies.txt -> TrackingCookie.Hitbox : Nenhuma ação executada.
:mozilla.691:C:\Documents and Settings\Microsoft\Dados de aplicativos\Mozilla\Firefox\Profiles\45iml2f0.default\cookies.txt -> TrackingCookie.Hitbox : Nenhuma ação executada.
:mozilla.368:C:\Documents and Settings\Microsoft\Dados de aplicativos\Mozilla\Firefox\Profiles\45iml2f0.default\cookies.txt -> TrackingCookie.Imrworldwide : Nenhuma ação executada.
:mozilla.369:C:\Documents and Settings\Microsoft\Dados de aplicativos\Mozilla\Firefox\Profiles\45iml2f0.default\cookies.txt -> TrackingCookie.Imrworldwide : Nenhuma ação executada.
:mozilla.626:C:\Documents and Settings\Microsoft\Dados de aplicativos\Mozilla\Firefox\Profiles\45iml2f0.default\cookies.txt -> TrackingCookie.Liveperson : Nenhuma ação executada.
:mozilla.443:C:\Documents and Settings\Microsoft\Dados de aplicativos\Mozilla\Firefox\Profiles\45iml2f0.default\cookies.txt -> TrackingCookie.Mediaplex : Nenhuma ação executada.
:mozilla.288:C:\Documents and Settings\Microsoft\Dados de aplicativos\Mozilla\Firefox\Profiles\45iml2f0.default\cookies.txt -> TrackingCookie.Overture : Nenhuma ação executada.
:mozilla.289:C:\Documents and Settings\Microsoft\Dados de aplicativos\Mozilla\Firefox\Profiles\45iml2f0.default\cookies.txt -> TrackingCookie.Overture : Nenhuma ação executada.
:mozilla.290:C:\Documents and Settings\Microsoft\Dados de aplicativos\Mozilla\Firefox\Profiles\45iml2f0.default\cookies.txt -> TrackingCookie.Overture : Nenhuma ação executada.
:mozilla.640:C:\Documents and Settings\Microsoft\Dados de aplicativos\Mozilla\Firefox\Profiles\45iml2f0.default\cookies.txt -> TrackingCookie.Paycounter : Nenhuma ação executada.
:mozilla.506:C:\Documents and Settings\Microsoft\Dados de aplicativos\Mozilla\Firefox\Profiles\45iml2f0.default\cookies.txt -> TrackingCookie.Pointroll : Nenhuma ação executada.
:mozilla.507:C:\Documents and Settings\Microsoft\Dados de aplicativos\Mozilla\Firefox\Profiles\45iml2f0.default\cookies.txt -> TrackingCookie.Pointroll : Nenhuma ação executada.
:mozilla.508:C:\Documents and Settings\Microsoft\Dados de aplicativos\Mozilla\Firefox\Profiles\45iml2f0.default\cookies.txt -> TrackingCookie.Pointroll : Nenhuma ação executada.
:mozilla.509:C:\Documents and Settings\Microsoft\Dados de aplicativos\Mozilla\Firefox\Profiles\45iml2f0.default\cookies.txt -> TrackingCookie.Pointroll : Nenhuma ação executada.
:mozilla.510:C:\Documents and Settings\Microsoft\Dados de aplicativos\Mozilla\Firefox\Profiles\45iml2f0.default\cookies.txt -> TrackingCookie.Pointroll : Nenhuma ação executada.
:mozilla.511:C:\Documents and Settings\Microsoft\Dados de aplicativos\Mozilla\Firefox\Profiles\45iml2f0.default\cookies.txt -> TrackingCookie.Pointroll : Nenhuma ação executada.
:mozilla.512:C:\Documents and Settings\Microsoft\Dados de aplicativos\Mozilla\Firefox\Profiles\45iml2f0.default\cookies.txt -> TrackingCookie.Pointroll : Nenhuma ação executada.
:mozilla.428:C:\Documents and Settings\Microsoft\Dados de aplicativos\Mozilla\Firefox\Profiles\45iml2f0.default\cookies.txt -> TrackingCookie.Revsci : Nenhuma ação executada.
:mozilla.429:C:\Documents and Settings\Microsoft\Dados de aplicativos\Mozilla\Firefox\Profiles\45iml2f0.default\cookies.txt -> TrackingCookie.Revsci : Nenhuma ação executada.
:mozilla.438:C:\Documents and Settings\Microsoft\Dados de aplicativos\Mozilla\Firefox\Profiles\45iml2f0.default\cookies.txt -> TrackingCookie.Revsci : Nenhuma ação executada.
:mozilla.439:C:\Documents and Settings\Microsoft\Dados de aplicativos\Mozilla\Firefox\Profiles\45iml2f0.default\cookies.txt -> TrackingCookie.Revsci : Nenhuma ação executada.
:mozilla.440:C:\Documents and Settings\Microsoft\Dados de aplicativos\Mozilla\Firefox\Profiles\45iml2f0.default\cookies.txt -> TrackingCookie.Revsci : Nenhuma ação executada.
:mozilla.441:C:\Documents and Settings\Microsoft\Dados de aplicativos\Mozilla\Firefox\Profiles\45iml2f0.default\cookies.txt -> TrackingCookie.Revsci : Nenhuma ação executada.
:mozilla.529:C:\Documents and Settings\Microsoft\Dados de aplicativos\Mozilla\Firefox\Profiles\45iml2f0.default\cookies.txt -> TrackingCookie.Ru4 : Nenhuma ação executada.
:mozilla.530:C:\Documents and Settings\Microsoft\Dados de aplicativos\Mozilla\Firefox\Profiles\45iml2f0.default\cookies.txt -> TrackingCookie.Ru4 : Nenhuma ação executada.
:mozilla.531:C:\Documents and Settings\Microsoft\Dados de aplicativos\Mozilla\Firefox\Profiles\45iml2f0.default\cookies.txt -> TrackingCookie.Ru4 : Nenhuma ação executada.
:mozilla.532:C:\Documents and Settings\Microsoft\Dados de aplicativos\Mozilla\Firefox\Profiles\45iml2f0.default\cookies.txt -> TrackingCookie.Ru4 : Nenhuma ação executada.
:mozilla.779:C:\Documents and Settings\Microsoft\Dados de aplicativos\Mozilla\Firefox\Profiles\45iml2f0.default\cookies.txt -> TrackingCookie.Serving-sys : Nenhuma ação executada.
:mozilla.780:C:\Documents and Settings\Microsoft\Dados de aplicativos\Mozilla\Firefox\Profiles\45iml2f0.default\cookies.txt -> TrackingCookie.Serving-sys : Nenhuma ação executada.
:mozilla.781:C:\Documents and Settings\Microsoft\Dados de aplicativos\Mozilla\Firefox\Profiles\45iml2f0.default\cookies.txt -> TrackingCookie.Serving-sys : Nenhuma ação executada.
:mozilla.782:C:\Documents and Settings\Microsoft\Dados de aplicativos\Mozilla\Firefox\Profiles\45iml2f0.default\cookies.txt -> TrackingCookie.Serving-sys : Nenhuma ação executada.
:mozilla.783:C:\Documents and Settings\Microsoft\Dados de aplicativos\Mozilla\Firefox\Profiles\45iml2f0.default\cookies.txt -> TrackingCookie.Serving-sys : Nenhuma ação executada.
:mozilla.784:C:\Documents and Settings\Microsoft\Dados de aplicativos\Mozilla\Firefox\Profiles\45iml2f0.default\cookies.txt -> TrackingCookie.Serving-sys : Nenhuma ação executada.
:mozilla.785:C:\Documents and Settings\Microsoft\Dados de aplicativos\Mozilla\Firefox\Profiles\45iml2f0.default\cookies.txt -> TrackingCookie.Serving-sys : Nenhuma ação executada.
C:\Documents and Settings\Microsoft\Cookies\microsoft@bs.serving-sys[2].txt -> TrackingCookie.Serving-sys : Nenhuma ação executada.
C:\Documents and Settings\Microsoft\Cookies\microsoft@serving-sys[2].txt -> TrackingCookie.Serving-sys : Nenhuma ação executada.
:mozilla.403:C:\Documents and Settings\Microsoft\Dados de aplicativos\Mozilla\Firefox\Profiles\45iml2f0.default\cookies.txt -> TrackingCookie.Statcounter : Nenhuma ação executada.
:mozilla.404:C:\Documents and Settings\Microsoft\Dados de aplicativos\Mozilla\Firefox\Profiles\45iml2f0.default\cookies.txt -> TrackingCookie.Statcounter : Nenhuma ação executada.
:mozilla.405:C:\Documents and Settings\Microsoft\Dados de aplicativos\Mozilla\Firefox\Profiles\45iml2f0.default\cookies.txt -> TrackingCookie.Statcounter : Nenhuma ação executada.
:mozilla.517:C:\Documents and Settings\Microsoft\Dados de aplicativos\Mozilla\Firefox\Profiles\45iml2f0.default\cookies.txt -> TrackingCookie.Tribalfusion : Nenhuma ação executada.
:mozilla.518:C:\Documents and Settings\Microsoft\Dados de aplicativos\Mozilla\Firefox\Profiles\45iml2f0.default\cookies.txt -> TrackingCookie.Tribalfusion : Nenhuma ação executada.
:mozilla.519:C:\Documents and Settings\Microsoft\Dados de aplicativos\Mozilla\Firefox\Profiles\45iml2f0.default\cookies.txt -> TrackingCookie.Tribalfusion : Nenhuma ação executada.
:mozilla.520:C:\Documents and Settings\Microsoft\Dados de aplicativos\Mozilla\Firefox\Profiles\45iml2f0.default\cookies.txt -> TrackingCookie.Tribalfusion : Nenhuma ação executada.
:mozilla.123:C:\Documents and Settings\Microsoft\Dados de aplicativos\Mozilla\Firefox\Profiles\45iml2f0.default\cookies.txt -> TrackingCookie.Valuead : Nenhuma ação executada.
:mozilla.124:C:\Documents and Settings\Microsoft\Dados de aplicativos\Mozilla\Firefox\Profiles\45iml2f0.default\cookies.txt -> TrackingCookie.Valuead : Nenhuma ação executada.
:mozilla.125:C:\Documents and Settings\Microsoft\Dados de aplicativos\Mozilla\Firefox\Profiles\45iml2f0.default\cookies.txt -> TrackingCookie.Valuead : Nenhuma ação executada.
:mozilla.126:C:\Documents and Settings\Microsoft\Dados de aplicativos\Mozilla\Firefox\Profiles\45iml2f0.default\cookies.txt -> TrackingCookie.Valuead : Nenhuma ação executada.
:mozilla.712:C:\Documents and Settings\Microsoft\Dados de aplicativos\Mozilla\Firefox\Profiles\45iml2f0.default\cookies.txt -> TrackingCookie.Webtrends : Nenhuma ação executada.
:mozilla.627:C:\Documents and Settings\Microsoft\Dados de aplicativos\Mozilla\Firefox\Profiles\45iml2f0.default\cookies.txt -> TrackingCookie.Webtrendslive : Nenhuma ação executada.
:mozilla.800:C:\Documents and Settings\Microsoft\Dados de aplicativos\Mozilla\Firefox\Profiles\45iml2f0.default\cookies.txt -> TrackingCookie.Yadro : Nenhuma ação executada.
:mozilla.116:C:\Documents and Settings\Microsoft\Dados de aplicativos\Mozilla\Firefox\Profiles\45iml2f0.default\cookies.txt -> TrackingCookie.Yieldmanager : Nenhuma ação executada.
:mozilla.117:C:\Documents and Settings\Microsoft\Dados de aplicativos\Mozilla\Firefox\Profiles\45iml2f0.default\cookies.txt -> TrackingCookie.Yieldmanager : Nenhuma ação executada.
:mozilla.118:C:\Documents and Settings\Microsoft\Dados de aplicativos\Mozilla\Firefox\Profiles\45iml2f0.default\cookies.txt -> TrackingCookie.Yieldmanager : Nenhuma ação executada.
:mozilla.119:C:\Documents and Settings\Microsoft\Dados de aplicativos\Mozilla\Firefox\Profiles\45iml2f0.default\cookies.txt -> TrackingCookie.Yieldmanager : Nenhuma ação executada.
:mozilla.120:C:\Documents and Settings\Microsoft\Dados de aplicativos\Mozilla\Firefox\Profiles\45iml2f0.default\cookies.txt -> TrackingCookie.Yieldmanager : Nenhuma ação executada.
C:\Documents and Settings\Microsoft\Cookies\microsoft@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Nenhuma ação executada.
:mozilla.169:C:\Documents and Settings\Microsoft\Dados de aplicativos\Mozilla\Firefox\Profiles\45iml2f0.default\cookies.txt -> TrackingCookie.Zedo : Nenhuma ação executada.
:mozilla.170:C:\Documents and Settings\Microsoft\Dados de aplicativos\Mozilla\Firefox\Profiles\45iml2f0.default\cookies.txt -> TrackingCookie.Zedo : Nenhuma ação executada.
:mozilla.171:C:\Documents and Settings\Microsoft\Dados de aplicativos\Mozilla\Firefox\Profiles\45iml2f0.default\cookies.txt -> TrackingCookie.Zedo : Nenhuma ação executada.
C:\!KillBox\winmds.exe -> Trojan.Dialer.tn : Nenhuma ação executada.
C:\!KillBox\hyjco.exe -> Trojan.DNSChanger.hd : Nenhuma ação executada.
C:\!KillBox\hyjco.exe( 1) -> Trojan.DNSChanger.hd : Nenhuma ação executada.
C:\WINDOWS\system32\drivers\etc\hosts.20071220-125458.backup -> Trojan.Qhost.nl : Nenhuma ação executada.
C:\System Volume Information\_restore{E1398412-379D-4CE3-BEFF-6744051889AF}\RP515\A0120552.sys -> Worm.Agent.l : Nenhuma ação executada.
::Fim do relatório

mas o q acontece é q isso acho q nem é mais valido, porque aqui o negocio ta cada vez pior. agora eu ligo meu pc em modo normal e ele reboota assim q o windows abre. tive q restaurar o sistema pra conseguir baxar o avg. ai fiz o scan, mas apesar de ele diz q deleta o Agent.ggg, assim q eu mando fazer otro scan aparece ele la de novo.

mas ai acontece q o pc continua rebootando. ai eu tive q fazer a restauracao de novo, e foi mo trampo pra conseguir ligar de novo em modo normal, nem a restauracao tava funcionando, sei q nas opcoes de boot selecionei uma coisa tipo "Inicializar com as últimas configurações válidas" e ai foi. provavelmente no proximo reboot não vao conseguir mais abrir o windows.

você acha q da pra salvar esse pc ainda, ou vou ter q formatar mesmo??

esse é o log atual:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 02:06:30, on 10/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\savedump.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe
C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe
C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe
C:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Arquivos de programas\Messenger\msmsgs.exe
C:\Arquivos de programas\Arquivos comuns\Ahead\lib\NMBgMonitor.exe
C:\Arquivos de programas\eMule\emule.exe
C:\Arquivos de programas\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Punk\ScreenMates\MULTISP.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Arquivos de programas\Nero\Nero 7\InCD\InCDsrv.exe
C:\WINDOWS\system32\nvsvc32.exe
c:\Arquivos de programas\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
c:\Programas\Wamp\apache2\bin\httpd.exe
c:\Programas\Wamp\mysql\bin\mysqld-nt.exe
C:\Programas\Wamp\apache2\bin\httpd.exe
C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe
C:\Programas\Wamp\wampmanager.exe
C:\Arquivos de programas\WorldCommunityGrid\UD.EXE
C:\Arquivos de programas\WorldCommunityGrid\ud_17956201.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe
C:\Arquivos de programas\WorldCommunityGrid\ud_17956201_0.dir\WCGrid_AutoDock.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://plyrics.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://farejador.ig.com.br/ie/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://farejador.ig.com.br
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: CUOLSearchHook Object - {1FE8243E-0A3A-41B9-B9CE-EFFEE51974D3} - C:\Arquivos de programas\Arquivos comuns\uol\urlsearch\UOLSearchHook.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\ARQUIV~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Arquivos de programas\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\ARQUIV~1\MEGAUP~1\MEGAUP~1.DLL
O4 - HKLM\..\Run: [avast!]C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [LXCCCATS] rundll32 C:\WINDOWS\system32\spool\DRIVERS\W32X86\3\LXCCtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Arquivos de programas\Arquivos comuns\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [eMuleAutoStart] C:\Arquivos de programas\eMule\emule.exe -AutoStart
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: MULTISP.lnk = C:\Punk\ScreenMates\MULTISP.EXE
O4 - Startup: Speedy.lnk = ?
O4 - Startup: WampServer.lnk = C:\Programas\Wamp\wampmanager.exe
O4 - Startup: World Community Grid Agent.lnk = C:\Arquivos de programas\WorldCommunityGrid\UD.EXE
O4 - Global Startup: Acrobat Assistant.lnk = C:\Arquivos de programas\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{75A911B0-4E04-4FF4-8B24-74AEAD63DBA2}: NameServer = 200.204.0.10 200.204.0.138
O20 - AppInit_DLLs:
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Arquivos de programas\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: lxcc_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxcccoms.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: wampapache - Apache Software Foundation - c:\Programas\Wamp\apache2\bin\httpd.exe
O23 - Service: wampmysqld - Unknown owner - c:\Programas\Wamp\mysql\bin\mysqld-nt.exe
--
End of file - 7368 bytes

o q é esse O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k q apareceu agora??

outra coisa, apaguei na mao todos os _install.exe q tavam enchendo o saco aqui.

JackSSA · Janeiro 11, 2008

Baixe este Fix: remover_install

Descompacte e execute-o. Após terminar de executar, reinicie.

Delete a pasta !KillBox que está localizada em C:\.

Clique em Iniciar -> Configurações -> Painel de Controle -> Abra o item Sistema.

Clique na guia Restauração do Sistema -> Marque Desativar restauração do sistemas em todas as unidades -> Em seguida clique em Aplicar. Após aplicado, desmarque a caixa Desativar restauração do sistemas em todas as unidades e clique novamente em Aplicar depois Ok.

Execute novamente o scan pela Kaspersky conforme instruções acima e poste o novo resultado.

kuroi · Janeiro 11, 2008

Clique na guia Restauração do Sistema -> Marque Desativar restauração do sistemas em todas as unidades -> Em seguida clique em Aplicar. Após aplicado, desmarque a caixa Desativar restauração do sistemas em todas as unidades e clique novamente em Aplicar depois Ok.

se eu fizer isso eu não vou conseguir mais restaurar o sistema??

as vezes precisa, por exemplo nesse ultimo caso q ele tava rebootando.

EDITADO:

outra coisa, esse bat do remover_install é só pra apagar todos os installs??

mas como eu disse acima, já apaguei.

Editado Janeiro 11, 2008 por kuroi

JackSSA · Janeiro 12, 2008

se eu fizer isso eu não vou conseguir mais restaurar o sistema??

Não vai interferir em absolutamente nada do sistema.

outra coisa, esse bat do remover_install é só pra apagar todos os installs??

Obviamente que é para remover todos.

kuroi · Janeiro 25, 2008

esse é o log. os arquivos q tão em C:\Pasta listados ai embaxo são uns arquivos suspeitos que eu copiei do System32 mas não quis apagar. já vi q são virus mesmo.

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Friday, January 25, 2008 9:19:08 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 25/01/2008
Kaspersky Anti-Virus database records: 532563
-------------------------------------------------------------------------------
Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true
Scan Target - My Computer:
A:\
C:\
D:\
Scan Statistics:
Total number of scanned objects: 140887
Number of viruses found: 10
Number of infected objects: 57
Number of suspicious objects: 0
Duration of the scan process: 05:29:35
Infected Object Name / Virus Name / Last Action
C:\Arquivos de programas\Alwil Software\Avast4\DATA\aswResp.dat Object is locked skipped
C:\Arquivos de programas\Alwil Software\Avast4\DATA\Avast4.db Object is locked skipped
C:\Arquivos de programas\Alwil Software\Avast4\DATA\log\AshWebSv.ws Object is locked skipped
C:\Arquivos de programas\Alwil Software\Avast4\DATA\log\nshield.log Object is locked skipped
C:\Arquivos de programas\Alwil Software\Avast4\DATA\report\Proteção residente.txt Object is locked skipped
C:\Arquivos de programas\Microsoft SQL Server\MSSQL.1\MSSQL\Data\master.mdf Object is locked skipped
C:\Arquivos de programas\Microsoft SQL Server\MSSQL.1\MSSQL\Data\mastlog.ldf Object is locked skipped
C:\Arquivos de programas\Microsoft SQL Server\MSSQL.1\MSSQL\Data\model.mdf Object is locked skipped
C:\Arquivos de programas\Microsoft SQL Server\MSSQL.1\MSSQL\Data\modellog.ldf Object is locked skipped
C:\Arquivos de programas\Microsoft SQL Server\MSSQL.1\MSSQL\Data\msdbdata.mdf Object is locked skipped
C:\Arquivos de programas\Microsoft SQL Server\MSSQL.1\MSSQL\Data\msdblog.ldf Object is locked skipped
C:\Arquivos de programas\Microsoft SQL Server\MSSQL.1\MSSQL\Data\tempdb.mdf Object is locked skipped
C:\Arquivos de programas\Microsoft SQL Server\MSSQL.1\MSSQL\Data\templog.ldf Object is locked skipped
C:\Arquivos de programas\Microsoft SQL Server\MSSQL.1\MSSQL\LOG\ERRORLOG Object is locked skipped
C:\Arquivos de programas\Microsoft SQL Server\MSSQL.1\MSSQL\LOG\log_1102.trc Object is locked skipped
C:\Arquivos de programas\Trend Micro\HijackThis\backups\backup-20071215-150239-105-findfast.exe Infected: Trojan.Win32.Qhost.ace skipped
C:\Arquivos de programas\Trend Micro\HijackThis\backups\backup-20071215-150239-767-autorun.exe Infected: Trojan.Win32.Qhost.ace skipped
C:\Arquivos de programas\Trend Micro\HijackThis\backups\backup-20071215-150339-287-autorun.exe Infected: Trojan.Win32.Qhost.ace skipped
C:\Arquivos de programas\Trend Micro\HijackThis\backups\backup-20071215-150339-983-findfast.exe Infected: Trojan.Win32.Qhost.ace skipped
C:\Arquivos de programas\Trend Micro\HijackThis\backups\backup-20071215-151056-856-findfast.exe Infected: Trojan.Win32.Qhost.ace skipped
C:\Arquivos de programas\Trend Micro\HijackThis\backups\backup-20071215-151056-879-autorun.exe Infected: Trojan.Win32.Qhost.ace skipped
C:\Arquivos de programas\Trend Micro\HijackThis\backups\backup-20071215-151632-936-findfast.exe Infected: Trojan.Win32.Qhost.ace skipped
C:\Documents and Settings\LocalService\Configurações locais\Dados de aplicativos\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Configurações locais\Dados de aplicativos\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Configurações locais\Histórico\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Configurações locais\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Microsoft\Configurações locais\Dados de aplicativos\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Microsoft\Configurações locais\Dados de aplicativos\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Microsoft\Configurações locais\Dados de aplicativos\Microsoft\Windows Live Contacts\marina_rocknroll@hotmail.com\real\members.stg Object is locked skipped
C:\Documents and Settings\Microsoft\Configurações locais\Dados de aplicativos\Microsoft\Windows Live Contacts\marina_rocknroll@hotmail.com\shadow\members.stg Object is locked skipped
C:\Documents and Settings\Microsoft\Configurações locais\Dados de aplicativos\Microsoft\Windows Live Contacts\ukely@hotmail.com\real\members.stg Object is locked skipped
C:\Documents and Settings\Microsoft\Configurações locais\Dados de aplicativos\Microsoft\Windows Live Contacts\ukely@hotmail.com\shadow\members.stg Object is locked skipped
C:\Documents and Settings\Microsoft\Configurações locais\Dados de aplicativos\Mozilla\Firefox\Profiles\45iml2f0.default\Cache\_CACHE_001_ Object is locked skipped
C:\Documents and Settings\Microsoft\Configurações locais\Dados de aplicativos\Mozilla\Firefox\Profiles\45iml2f0.default\Cache\_CACHE_002_ Object is locked skipped
C:\Documents and Settings\Microsoft\Configurações locais\Dados de aplicativos\Mozilla\Firefox\Profiles\45iml2f0.default\Cache\_CACHE_003_ Object is locked skipped
C:\Documents and Settings\Microsoft\Configurações locais\Dados de aplicativos\Mozilla\Firefox\Profiles\45iml2f0.default\Cache\_CACHE_MAP_ Object is locked skipped
C:\Documents and Settings\Microsoft\Configurações locais\Dados de aplicativos\Mozilla\Firefox\Profiles\45iml2f0.default\XUL.mfl Object is locked skipped
C:\Documents and Settings\Microsoft\Configurações locais\Histórico\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Microsoft\Configurações locais\Histórico\History.IE5\MSHist012008012520080126\index.dat Object is locked skipped
C:\Documents and Settings\Microsoft\Configurações locais\Temp\~DF911C.tmp Object is locked skipped
C:\Documents and Settings\Microsoft\Configurações locais\Temp\~DFAD8E.tmp Object is locked skipped
C:\Documents and Settings\Microsoft\Configurações locais\Temp\~DFAFFC.tmp Object is locked skipped
C:\Documents and Settings\Microsoft\Configurações locais\Temp\~DFCA8D.tmp Object is locked skipped
C:\Documents and Settings\Microsoft\Configurações locais\Temp\~DFCAFF.tmp Object is locked skipped
C:\Documents and Settings\Microsoft\Configurações locais\Temp\~DFDE0F.tmp Object is locked skipped
C:\Documents and Settings\Microsoft\Configurações locais\Temp\~DFDF88.tmp Object is locked skipped
C:\Documents and Settings\Microsoft\Configurações locais\Temp\~DFDFA9.tmp Object is locked skipped
C:\Documents and Settings\Microsoft\Configurações locais\Temp\~DFE0A1.tmp Object is locked skipped
C:\Documents and Settings\Microsoft\Configurações locais\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Microsoft\Configurações locais\Temporary Internet Files\Content.IE5\TRJVPDKE000005073_000000000000000463790[10].swf Object is locked skipped
C:\Documents and Settings\Microsoft\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Microsoft\Dados de aplicativos\Mozilla\Firefox\Profiles\45iml2f0.default\cert8.db Object is locked skipped
C:\Documents and Settings\Microsoft\Dados de aplicativos\Mozilla\Firefox\Profiles\45iml2f0.default\history.dat Object is locked skipped
C:\Documents and Settings\Microsoft\Dados de aplicativos\Mozilla\Firefox\Profiles\45iml2f0.default\key3.db Object is locked skipped
C:\Documents and Settings\Microsoft\Dados de aplicativos\Mozilla\Firefox\Profiles\45iml2f0.default\parent.lock Object is locked skipped
C:\Documents and Settings\Microsoft\Dados de aplicativos\Mozilla\Firefox\Profiles\45iml2f0.default\search.sqlite Object is locked skipped
C:\Documents and Settings\Microsoft\Dados de aplicativos\Mozilla\Firefox\Profiles\45iml2f0.default\urlclassifier2.sqlite Object is locked skipped
C:\Documents and Settings\Microsoft\Meus documentos\Os Meus Registos\janeiro 2008\bobesponjaaa@hotmail.com.html Object is locked skipped
C:\Documents and Settings\Microsoft\Meus documentos\Os Meus Registos\janeiro 2008\marinamoghrabi@hotmail.com.html Object is locked skipped
C:\Documents and Settings\Microsoft\ntuser.dat Object is locked skipped
C:\Documents and Settings\Microsoft\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Microsoft\UserData\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Configurações locais\Dados de aplicativos\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Configurações locais\Dados de aplicativos\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Configurações locais\Histórico\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Configurações locais\Temp\Perflib_Perfdata_2a4.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Configurações locais\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Pasta\System32Drivers.rar/Mru25.sys Infected: Trojan-Downloader.Win32.Agent.hbs skipped
C:\Pasta\System32Drivers.rar/Nqu71.sys Infected: Trojan-Downloader.Win32.Agent.hbs skipped
C:\Pasta\System32Drivers.rar/Nrv47.sys Infected: Trojan-Downloader.Win32.Agent.hbs skipped
C:\Pasta\System32Drivers.rar/Ntw82.sys Infected: Trojan-Downloader.Win32.Agent.hbs skipped
C:\Pasta\System32Drivers.rar/Ptw58.sys Infected: Trojan-Downloader.Win32.Agent.hbs skipped
C:\Pasta\System32Drivers.rar/Uyd58.sys Infected: Trojan-Downloader.Win32.Agent.hbs skipped
C:\Pasta\System32Drivers.rar/Vyd71.sys Infected: Trojan-Downloader.Win32.Agent.hbs skipped
C:\Pasta\System32Drivers.rar/Wbf83.sys Infected: Trojan-Downloader.Win32.Agent.hbs skipped
C:\Pasta\System32Drivers.rar/Ydh72.sys Infected: Trojan-Downloader.Win32.Agent.hbs skipped
C:\Pasta\System32Drivers.rar/Agj14.sys Infected: Trojan-Downloader.Win32.Agent.hbs skipped
C:\Pasta\System32Drivers.rar/Bfi37.sys Infected: Trojan-Downloader.Win32.Agent.hbs skipped
C:\Pasta\System32Drivers.rar/Cgk48.sys Infected: Trojan-Downloader.Win32.Agent.hbs skipped
C:\Pasta\System32Drivers.rar/Chl26.sys Infected: Trojan-Downloader.Win32.Agent.hbs skipped
C:\Pasta\System32Drivers.rar/Dim72.sys Infected: Trojan-Downloader.Win32.Agent.hlt skipped
C:\Pasta\System32Drivers.rar/Hmq26.sys Infected: Trojan-Downloader.Win32.Agent.hbs skipped
C:\Pasta\System32Drivers.rar/Kqt03.sys Infected: Trojan-Downloader.Win32.Agent.hbs skipped
C:\Pasta\System32Drivers.rar RAR: infected - 16 skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\mscore.dll.vir Infected: Trojan.Win32.Patched.bh skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\shift.exe.exe.vir Infected: Packed.Win32.Tibs.fc skipped
C:\QooBox\Quarantine\catchme2007-12-22_190235.84.zip/svchost.exe Infected: Trojan.Win32.Patched.bh skipped
C:\QooBox\Quarantine\catchme2007-12-22_190235.84.zip/xpdx.sys Infected: Trojan-Clicker.Win32.Costrat.db skipped
C:\QooBox\Quarantine\catchme2007-12-22_190235.84.zip ZIP: infected - 2 skipped
C:\RECYCLER\S-1-5-21-823518204-630328440-725345543-1003\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\RECYCLER\S-1-5-21-823518204-630328440-725345543-500\Dc2.exe Infected: Trojan.Win32.Qhost.ace skipped
C:\RECYCLER\S-1-5-21-823518204-630328440-725345543-500\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{E1398412-379D-4CE3-BEFF-6744051889AF}\RP537\change.log Object is locked skipped
C:\Temas\167540.exe/WISE0017.BIN Infected: not-a-virus:AdWare.Win32.NewDotNet skipped
C:\Temas\167540.exe/WISE0019.BIN Infected: not-a-virus:AdTool.Win32.WhenU.a skipped
C:\Temas\167540.exe/WISE0024.BIN Infected: not-a-virus:AdWare.Win32.Relevant.a skipped
C:\Temas\167540.exe WiseSFX: infected - 3 skipped
C:\Temas\167540.exe WiseSFXDropper: infected - 3 skipped
C:\Temas\akira98_tt.exe/WISE0017.BIN Infected: Trojan-Downloader.Win32.Small.bke skipped
C:\Temas\akira98_tt.exe/WISE0018.BIN Infected: not-a-virus:AdWare.Win32.NewDotNet skipped
C:\Temas\akira98_tt.exe WiseSFX: infected - 2 skipped
C:\Temas\akira98_tt.exe WiseSFXDropper: infected - 2 skipped
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\dfsvc\3d5c1b1a8c9a1f479e38b24e20952d51\_install.exe Infected: Packed.Win32.Tibs.fc skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\Dil25.sys Object is locked skipped
C:\WINDOWS\Registration\{02D4B3F1-FD88-11D1-960D-00805FC79235}.{4654D908-CCD0-4F24-96AE-26A8AD5C445C}.crmlog Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\config\Antivirus.Evt Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\drivers\Aeh04.sys Infected: Trojan-Downloader.Win32.Agent.hlt skipped
C:\WINDOWS\system32\drivers\Agj14.sys Infected: Trojan-Downloader.Win32.Agent.hlt skipped
C:\WINDOWS\system32\drivers\Bfj83.sys Infected: Trojan-Downloader.Win32.Agent.hlt skipped
C:\WINDOWS\system32\drivers\Dil25.sys Object is locked skipped
C:\WINDOWS\system32\drivers\Fjm03.sys Infected: Trojan-Downloader.Win32.Agent.hlt skipped
C:\WINDOWS\system32\drivers\Fjn72.sys Infected: Trojan-Downloader.Win32.Agent.hlt skipped
C:\WINDOWS\system32\drivers\Fkn36.sys Infected: Trojan-Downloader.Win32.Agent.hlt skipped
C:\WINDOWS\system32\drivers\Gkn37.sys Infected: Trojan-Downloader.Win32.Agent.hlt skipped
C:\WINDOWS\system32\drivers\Ilp82.sys Infected: Trojan-Downloader.Win32.Agent.hlt skipped
C:\WINDOWS\system32\drivers\Imp36.sys Infected: Trojan-Downloader.Win32.Agent.hlt skipped
C:\WINDOWS\system32\drivers\Mrw48.sys Infected: Trojan-Downloader.Win32.Agent.hlt skipped
C:\WINDOWS\system32\drivers\Osw83.sys Infected: Trojan-Downloader.Win32.Agent.hlt skipped
C:\WINDOWS\system32\drivers\Qvy58.sys Infected: Trojan-Downloader.Win32.Agent.hlt skipped
C:\WINDOWS\system32\drivers\Swb37.sys Infected: Trojan-Downloader.Win32.Agent.hlt skipped
C:\WINDOWS\system32\drivers\Sxb04.sys Infected: Trojan-Downloader.Win32.Agent.hlt skipped
C:\WINDOWS\system32\drivers\Ube03.sys Infected: Trojan-Downloader.Win32.Agent.hlt skipped
C:\WINDOWS\system32\drivers\Wcg37.sys Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\Logfiles\W3SVC1\ex080125.log Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\Temp\Perflib_Perfdata_4cc.dat Object is locked skipped
C:\WINDOWS\Temp\_avast4_\Webshlock.txt Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
Scan process completed.

kuroi · Fevereiro 1, 2008

opa, jackssa. desistiu já??

tipo, é q ta foda aqui, se você falar q não tem mais jeito eu já formato o hd aqui.

valeu pela ajuda até aqui.

JackSSA · Fevereiro 1, 2008

Não, eu não desisti. Apenas estou lhe dando o mesmo 'chá de espera' que me deu. Se observar, minha ultima postagem foi no dia 12/01 e a sua apenas no dia 25/01, ou seja, 13 dias de espera por uma posição sua. Em caso de viagem ou algo do tipo, você no minimo deveria ter avisado a respeito.

Sugiro que imprima ou salve os procedimentos abaixo, e não use a internet até terminado o procedimento.

Abra o Bloco de Notas, copie estas linhas e salve.

C:\Temas\167540.exe

C:\Temas\akira98_tt.exe

C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\dfsvc\3d5c1b1a8c9a1f479e38b24e20952d51\_install.exe

C:\WINDOWS\system32\drivers\Aeh04.sys

C:\WINDOWS\system32\drivers\Agj14.sys

C:\WINDOWS\system32\drivers\Bfj83.sys

C:\WINDOWS\system32\drivers\Fjm03.sys

C:\WINDOWS\system32\drivers\Fjn72.sys

C:\WINDOWS\system32\drivers\Fkn36.sys

C:\WINDOWS\system32\drivers\Gkn37.sys

C:\WINDOWS\system32\drivers\Ilp82.sys

C:\WINDOWS\system32\drivers\Imp36.sys

C:\WINDOWS\system32\drivers\Mrw48.sys

C:\WINDOWS\system32\drivers\Osw83.sys

C:\WINDOWS\system32\drivers\Qvy58.sys

C:\WINDOWS\system32\drivers\Swb37.sys

C:\WINDOWS\system32\drivers\Sxb04.sys

C:\WINDOWS\system32\drivers\Ube03.sys

Abra o KillBox e marque a função Delete on Reboot. Abra o Bloco de notas, selecione e copie as linhas salvas. No KillBox, clique em File, depois em Paste from Clipboard, Clique no botão All Files e clique no botão . Depois clique em Não.

Reinicie.

Delete a pasta !KillBox que está localizada em C:\.

Repita o scan conforme instruções acima e ao final poste o novo resultado.

Entrar

deem uma olhada

Pergunta

Link para o comentário

Compartilhar em outros sites

20 respostass a esta questão

Posts Recomendados

Link para o comentário

Compartilhar em outros sites

Link para o comentário

Compartilhar em outros sites

Link para o comentário

Compartilhar em outros sites

Link para o comentário

Compartilhar em outros sites

Link para o comentário

Compartilhar em outros sites

Link para o comentário

Compartilhar em outros sites

Link para o comentário

Compartilhar em outros sites

Link para o comentário

Compartilhar em outros sites

Link para o comentário

Compartilhar em outros sites

Link para o comentário

Compartilhar em outros sites

Link para o comentário

Compartilhar em outros sites

Link para o comentário

Compartilhar em outros sites

Link para o comentário

Compartilhar em outros sites

Link para o comentário

Compartilhar em outros sites

Link para o comentário

Compartilhar em outros sites

Link para o comentário

Compartilhar em outros sites

Link para o comentário

Compartilhar em outros sites

Link para o comentário

Compartilhar em outros sites

Link para o comentário

Compartilhar em outros sites

Link para o comentário

Compartilhar em outros sites

Estatísticas dos Fóruns