Logo Hardware.com.br
odntht
odntht Novo Membro Registrado
50 Mensagens 0 Curtidas

Análise HiJackThis

#1 Por odntht 26/06/2010 - 21:53
Bom segue ae
Percebo uma grande lentidão por parte do PC, algo que nao ocorria até a uns 2 meses.
Uso esse pc poucas vezes por semana, mas além de mim possui minha mãe e meu irmao, que acredito terem baixado algum tipo de vírus.


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 21:51:19, on 26/6/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe
C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe
C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Arquivos de programas\Bonjour\mDNSResponder.exe
C:\Arquivos de programas\Avira\AntiVir Desktop\avshadow.exe
C:\WINDOWS\system32\svchost.exe
C:\Arquivos de programas\Nero\Nero 7\InCD\InCDsrv.exe
C:\Arquivos de programas\Java\jre6\bin\jqs.exe
C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\mdm.exe
C:\WINDOWS\System32\svchost.exe
E:\Jogos\Ragnarok\Bro\nProtect\npkcmsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Arquivos de programas\iTunes\iTunesHelper.exe
C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Arquivos de programas\Codebox\BitMeter\BitMeter2.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Arquivos de programas\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Arquivos de programas\Windows Live\Contacts\wlcomm.exe
C:\Arquivos de programas\iTunes\iTunes.exe
C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
C:\Arquivos de programas\Mozilla Firefox\firefox.exe
C:\Arquivos de programas\uTorrent\uTorrent.exe
C:\Documents and Settings\Odnan\Desktop\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://br.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Arquivos de programas\Orbit\orbitcth.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\Arquivos de programas\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Arquivos de programas\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Arquivos de programas\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [uTorrent] "C:\Arquivos de programas\uTorrent\uTorrent.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Bitmeter2.lnk = C:\Arquivos de programas\Codebox\BitMeter\BitMeter2.exe
O8 - Extra context menu item: Add to AMV Convert Tool... - C:\Arquivos de programas\MP3 Player Utilities 4.00\AMVConverter\grab.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\ARQUIV~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Arquivos de programas\MP3 Player Utilities 4.00\MediaManager\grab.html
O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\ARQUIV~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\ARQUIV~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\ARQUIV~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - D:\Arquivos de programas\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - AppInit_DLLs:
O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon de cache de categorias de componente - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Dispositivo Celular da Apple (Apple Mobile Device) - Apple Inc. - C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Serviço do Bonjour (Bonjour Service) - Apple Inc. - C:\Arquivos de programas\Bonjour\mDNSResponder.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Arquivos de programas\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Arquivos de programas\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe
O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)
O23 - Service: npkcmsvc - INCA Internet Co., Ltd. - E:\Jogos\Ragnarok\Bro\nProtect\npkcmsvc.exe
O23 - Service: PS3 Media Server - Unknown owner - C:\Arquivos de programas\PS3 Media Server\win32\service\wrapper.exe (file missing)
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Remote Procedure Call (HGM) (RPCHGM) - Unknown owner - C:\Arquivos de programas\NetMeeting\secedit.exe (file missing)

--
End of file - 9107 bytes
brando lee
brando lee Zerinho Registrado
2.4K Mensagens 97 Curtidas
#2 Por brando lee
27/06/2010 - 21:15
Fixa essa entrada pelo Hijackthis.
O20 - AppInit_DLLs:


1) Baixe o ((DDS)) e salve-o no desktop
http://download.mandeibem.com.br/storage2/20100307-232033-2830/Programas/dds.exe

*Desative temporariamente seu antivírus
*Duplo clique em dds e aguarde
*Ao término surgirá um relatório (DDS.txt).
*Copia e Cole o relatório Arqui. DDS.txt
Ficarei um tempo ausente no Fórum, muito Ocupado, coisas mais importante pra fazer "Trabalho".


Removendo vírus pelo bloco de notas!


odntht
odntht Novo Membro Registrado
50 Mensagens 0 Curtidas
#3 Por odntht
29/06/2010 - 10:05
Segue abaixo o relatório


DDS (Ver_09-06-26.01) - NTFSx86
Run by Odnan at 10:04:03,09 on ter 29/06/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_19
Microsoft Windows XP Home Edition 5.1.2600.3.1252.55.1046.18.1015.40 [GMT -3:00]

AV: AntiVir Desktop *On-access scanning disabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe
svchost.exe
C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe
C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Arquivos de programas\Bonjour\mDNSResponder.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\Arquivos de programas\Nero\Nero 7\InCD\InCDsrv.exe
C:\Arquivos de programas\Avira\AntiVir Desktop\avshadow.exe
C:\Arquivos de programas\Java\jre6\bin\jqs.exe
C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\mdm.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
E:\Jogos\Ragnarok\Bro\nProtect\npkcmsvc.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Arquivos de programas\iTunes\iTunesHelper.exe
C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Arquivos de programas\DAEMON Tools Lite\daemon.exe
C:\Arquivos de programas\uTorrent\uTorrent.exe
C:\Arquivos de programas\Codebox\BitMeter\BitMeter2.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Arquivos de programas\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Arquivos de programas\Windows Live\Contacts\wlcomm.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Arquivos de programas\Mozilla Firefox\firefox.exe
C:\Arquivos de programas\iTunes\iTunes.exe
C:\Arquivos de programas\Mozilla Firefox\plugin-container.exe
C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
C:\Arquivos de programas\Arquivos comuns\Apple\Apple Application Support\distnoted.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://br.yahoo.com
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
mWinlogon: UIHost=c:\documents and settings\all users\dados de aplicativos\tuneup software\tuneup utilities\winstyler\tu_logonui.exe
BHO: Octh Class: {000123b4-9b42-4900-b3f7-f4b073efc214} - c:\arquivos de programas\orbit\orbitcth.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - d:\arquivos de programas\microsoft office\office12\GrooveShellExtensions.dll
BHO: Auxiliar de Conexão do Windows Live: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\arquivos de programas\arquivos comuns\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\arquivos de programas\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\arquivos de programas\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [msnmsgr] "c:\arquivos de programas\windows live\messenger\msnmsgr.exe" /background
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [DAEMON Tools Lite] "c:\arquivos de programas\daemon tools lite\daemon.exe" -autorun
uRun: [uTorrent] "c:\arquivos de programas\utorrent\uTorrent.exe"
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
mRun: [avgnt] "c:\arquivos de programas\avira\antivir desktop\avgnt.exe" /min
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [QuickTime Task] "c:\arquivos de programas\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\arquivos de programas\itunes\iTunesHelper.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\odnan\menuin~1\progra~1\inicia~1\bitmet~1.lnk - c:\arquivos de programas\codebox\bitmeter\BitMeter2.exe
IE: Add to AMV Convert Tool... - c:\arquivos de programas\mp3 player utilities 4.00\amvconverter\grab.html
IE: E&xport to Microsoft Excel - c:\arquiv~1\micros~3\office12\EXCEL.EXE/3000
IE: MediaManager tool grab multimedia file - c:\arquivos de programas\mp3 player utilities 4.00\mediamanager\grab.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\arquivos de programas\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - d:\arquiv~1\micros~1\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - d:\arquiv~1\micros~1\office12\REFIEBAR.DLL
DPF: {00000055-9980-0010-8000-00AA00389B71} - hxxp://codecs.microsoft.com/codecs/i386/fhg.CAB
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - d:\arquivos de programas\microsoft office\office12\GrooveSystemServices.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - d:\arquivos de programas\microsoft office\office12\GrooveShellExtensions.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\odnan\dadosd~1\mozilla\firefox\profiles\kw01okcf.default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50-ff-shoutcast-chromesbox-en-us&query=
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.br
FF - prefs.js: keyword.URL - hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=GRfox000&ptb=yItOFvhNn8XlAHi9..Ru1Q&psa=&ind=2010052015&ptnrS=GRfox000&si=&st=kwd&n=77cef5af&searchfor=
FF - plugin: c:\arquivos de programas\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\arquivos de programas\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\arquivos de programas\microsoft\office live\npOLW.dll
FF - plugin: c:\arquivos de programas\mozilla firefox\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\arquivos de programas\real player\netscape6\nppl3260.dll
FF - plugin: c:\arquivos de programas\real player\netscape6\nprjplug.dll
FF - plugin: c:\arquivos de programas\real player\netscape6\nprpjplug.dll
FF - plugin: d:\arquivos de programas\divx\divx player\npDivxPlayerPlugin.dll
FF - plugin: d:\arquivos de programas\divx\divx plus web player\npdivx32.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\arquivos de programas\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\arquivos de programas\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", "-1");
c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("geo.enabled", true);
c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\arquivos de programas\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\arquivos de programas\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\arquivos de programas\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\arquivos de programas\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\arquivos de programas\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\arquivos de programas\mozilla firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\arquivos de programas\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\arquivos de programas\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\arquivos de programas\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\arquivos de programas\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35"); // now unused
c:\arquivos de programas\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\arquivos de programas\mozilla firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");
c:\arquivos de programas\mozilla firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\arquivos de programas\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\arquivos de programas\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\arquivos de programas\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\arquivos de programas\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\arquivos de programas\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\arquivos de programas\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.delay", 50);
c:\arquivos de programas\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\arquivos de programas\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\arquivos de programas\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\arquivos de programas\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\arquivos de programas\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\arquivos de programas\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\arquivos de programas\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\arquivos de programas\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\arquivos de programas\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\arquivos de programas\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\arquivos de programas\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\arquivos de programas\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\arquivos de programas\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\arquivos de programas\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\arquivos de programas\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\arquivos de programas\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\arquivos de programas\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\arquivos de programas\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\arquivos de programas\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\arquivos de programas\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\arquivos de programas\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\arquivos de programas\mozilla firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\arquivos de programas\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\arquivos de programas\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\arquivos de programas\mozilla firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\arquivos de programas\mozilla firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\arquivos de programas\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\arquivos de programas\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\arquivos de programas\mozilla firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
c:\arquivos de programas\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\arquivos de programas\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\arquivos de programas\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\arquivos de programas\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\arquivos de programas\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\arquivos de programas\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
c:\arquivos de programas\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\arquivos de programas\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\arquivos de programas\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 BtHidBus;Bluetooth HID Bus Service;c:\windows\system32\drivers\BtHidBus.sys [2008-7-31 20744]
R1 avgio;avgio;c:\arquivos de programas\avira\antivir desktop\avgio.sys [2010-3-29 11608]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\arquivos de programas\avira\antivir desktop\sched.exe [2010-3-29 135336]
R2 AntiVirService;Avira AntiVir Guard;c:\arquivos de programas\avira\antivir desktop\avguard.exe [2010-3-29 267432]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2009-8-2 60936]
R2 cpuz133;cpuz133;c:\windows\system32\drivers\cpuz133_x32.sys [2010-4-8 20968]
R3 PAC207;PC Camera;c:\windows\system32\drivers\PFC027.SYS [2007-5-29 508160]
R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\drivers\seehcri.sys [2010-2-9 27632]
S2 gupdate;Google Update Service (gupdate);c:\arquivos de programas\google\update\GoogleUpdate.exe [2010-5-4 136176]
S2 liissfbv;Image Update;c:\windows\system32\svchost.exe -k netsvcs [2006-3-2 14336]
S2 RPCHGM;Remote Procedure Call (HGM);c:\arquivos de programas\netmeeting\secedit.exe --> c:\arquivos de programas\netmeeting\secedit.exe [?]
S2 wuauServer;Driver Logon;c:\windows\system32\svchost.exe -k netsvcs [2006-3-2 14336]
S3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\drivers\motfilt.sys --> c:\windows\system32\drivers\motfilt.sys [?]
S3 btnetBUs;Bluetooth PAN Bus Service;c:\windows\system32\drivers\btnetBus.sys [2008-12-7 30088]
S3 IvtBtBUs;IVT Bluetooth Bus Service;c:\windows\system32\drivers\IvtBtBus.sys [2008-7-2 26248]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys --> c:\windows\system32\drivers\motccgp.sys [?]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys --> c:\windows\system32\drivers\motccgpfl.sys [?]
S3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\drivers\motousbnet.sys --> c:\windows\system32\drivers\Motousbnet.sys [?]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 PS3 Media Server;PS3 Media Server;"c:\arquivos de programas\ps3 media server\win32\service\wrapper.exe" -s "c:\arquivos de programas\ps3 media server\win32\service\wrapper.conf" --> c:\arquivos de programas\ps3 media server\win32\service\wrapper.exe [?]
S3 s0016bus;Sony Ericsson Device 0016 driver (WDM);c:\windows\system32\drivers\s0016bus.sys [2009-4-4 89256]
S3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;c:\windows\system32\drivers\s0016mdfl.sys [2009-4-4 15016]
S3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;c:\windows\system32\drivers\s0016mdm.sys [2009-4-4 120744]
S3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s0016mgmt.sys [2009-4-4 114216]
S3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);c:\windows\system32\drivers\s0016nd5.sys [2009-4-4 25512]
S3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;c:\windows\system32\drivers\s0016obex.sys [2009-4-4 110632]
S3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);c:\windows\system32\drivers\s0016unic.sys [2009-4-4 115752]

=============== Created Last 30 ================

2010-06-18 15:02 ==================== Find3M ====================

2010-06-22 23:31 479,704 a------- c:\windows\system32\perfh016.dat
2010-06-22 23:31 83,888 a------- c:\windows\system32\perfc016.dat
2010-05-18 16:35 197,920 ac------ c:\windows\system32\dnssdX.dll
2010-05-18 16:35 107,808 ac------ c:\windows\system32\dns-sd.exe
2010-05-18 16:35 91,424 ac------ c:\windows\system32\dnssd.dll
2010-05-06 07:34 916,480 ac------ c:\windows\system32\wininet.dll
2010-05-04 12:43 43,520 ac------ c:\windows\system32\CmdLineExt03.dll
2010-05-02 05:08 1,851,392 ac------ c:\windows\system32\win32k.sys
2010-04-20 02:31 285,696 ac------ c:\windows\system32\atmfd.dll
2010-04-19 20:47 3,062,048 ac------ c:\windows\system32\usbaaplrc.dll
2010-04-03 20:40 17,451 -c-shr-- c:\documents and settings\odnan\ndmok.exe
2010-04-03 12:46 411,368 ac------ c:\windows\system32\deploytk.dll
2010-04-02 18:12 20,480 ac------ c:\windows\system32\H@tKeysH@@k.DLL

============= FINISH: 10:04:45,60 ===============
brando lee
brando lee Zerinho Registrado
2.4K Mensagens 97 Curtidas
#4 Por brando lee
29/06/2010 - 10:22
1) Faça o seguinte, copia esse caminho que esta em Citação:
c:\windows\system32\H@tKeysH@@k.DLL
2) Acesse ao site -> www.Virscan.org



* Abaixo tem as instruções de como enviar o arquivo:

Link -> http://img408.imageshack.us/img408/2518/analisevircan.gif
Ficarei um tempo ausente no Fórum, muito Ocupado, coisas mais importante pra fazer "Trabalho".


Removendo vírus pelo bloco de notas!


odntht
odntht Novo Membro Registrado
50 Mensagens 0 Curtidas
#5 Por odntht
29/06/2010 - 10:28
Devo postar aqui o Resultado da Verificação?
Se sim, segue abaixo..
Informações do Arquivo Nome do Arquivo : [email]H@tKeysH@@k.DLL[/email] Tamanho do Arquivo : 20480 byte Tipo do Arquivo : PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bi MD5 : 116ec20265b00cfe389518e2a0c7ed81 SHA1 : d04c903ef681bb18dbf337ffa7ff2a9ccc8bedd6
Resultado da Verificação Resultado da Verificação : 25% Software(9/36) encontrou código malicioso! Tempo : 2010/06/26 12:24:04 (ACT) Software Imagem Versão Versão Ass. Data Ass. Resultado da verificação Tempo a-squared 5.0.0.11 20100626080606 2010-06-26 -
0.080 AhnLab V3 2010.06.18.01 2010.06.18 2010-06-18 -
0.084 AntiVir 8.2.4.2 7.10.8.190 2010-06-25 -
0.269 Antiy 2.0.18 20100626.4789664 2010-06-26 Cracker/DOS.Game.HotHook.dll[:not_virus]
0.188 Arcavir 2009 201006260242 2010-06-26 -
0.089 Authentium 5.1.1 201006261241 2010-06-26 W32/Keylogger.BQ (Exact)
1.402 AVAST! 4.7.4 100626-0 2010-06-26 -
0.007 AVG 8.5.793 271.1.1/2964 2010-06-26 -
0.566 BitDefender 7.90123.6284422 7.32422 2010-06-26 -
5.469 ClamAV 0.96.1 11261 2010-06-25 Trojan.W32.HotKeysHook.A-2
0.011 Comodo 3.13.579 5223 2010-06-26 -
0.099 CP Secure 1.3.0.5 2010.06.26 2010-06-26 Troj.Dropper.W32.Delf.U
0.095 Dr.Web 5.0.2.3300 2010.06.26 2010-06-26 Tool.Hatkeys
8.365 F-Prot 4.4.4.56 20100626 2010-06-26 W32/Keylogger.BQ (exact)
1.339 F-Secure 7.02.73807 2010.06.26.04 2010-06-26 -
0.456 Fortinet 4.1.133 12.86 2010-06-26 -
0.079 GData 21.410/21.150 20100626 2010-06-26 -
0.079 Ikarus T3.1.01.84 2010.06.26.76143 2010-06-26 -
7.030 JiangMin 13.0.900 2010.06.26 2010-06-26 -
0.085 Kaspersky 5.5.10 2010.06.26 2010-06-26 -
0.255 KingSoft 2009.2.5.15 2010.6.26.18 2010-06-26 -
0.087 McAfee 5400.1158 6025 2010-06-26 -
17.168 Microsoft 1.5902 2010.06.26 2010-06-26 -
0.081 Norman 6.05.10 6.05.00 2010-06-25 W32/HotKeys.A
4.011 nProtect 20100626.02 8781042 2010-06-26 -
0.081 Panda 9.05.01 2010.06.24 2010-06-24 -
0.079 Quick Heal 10.00 2010.06.26 2010-06-26 -
0.078 Rising 20.0 22.53.04.05 2010-06-25 -
0.079 Sophos 3.07.1 4.54 2010-06-26 Mal/Generic-A
3.687 Sunbelt 3.9.2426.2 6508 2010-06-25 -
0.078 Symantec 1.3.0.24 20100615.005 2010-06-15 -
0.062 The Hacker 6.5.2.0 v00304 2010-06-25 -
0.088 Trend Micro 9.120-1004 7.268.10 2010-06-26 -
0.000 VBA32 3.12.12.5 20100625.0804 2010-06-25 RiskWare.CrackTool.Win32.HotHook.dll
3.194 ViRobot 20100626 2010.06.26 2010-06-26 -
0.079 VirusBuster 4.5.11.10 10.126.104/2040133 2010-06-26 -
5.820 Heuristic/Suspicious Exact
AVISO: Alguns softwares podem apresentar um falso positivo quando reportam um código malicioso, por isso você deve julgá-la por si mesmo. var virinfo="VirSCAN.org Scanned Report :\r\nScanned time : 2010/06/26 12:24:04 (ACT)\r\nScanner results: 25% Software(9/36) encontrou código malicioso!\r\nFile Name : [email]H@tKeysH@@k.DLL[/email]\r\nFile Size : 20480 byte\r\nFile Type : PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bi\r\nMD5 : 116ec20265b00cfe389518e2a0c7ed81\r\nSHA1 : d04c903ef681bb18dbf337ffa7ff2a9ccc8bedd6\r\nOnline report : http://virscan.org/report/35a14bd47f8f5a7980dc3c196c787d26.html\r\n\r\nScanner Engine Ver Sig Ver Sig Date Time Scan result\r\na-squared 5.0.0.11 20100626080606 2010-06-26 0.08 -\r\nAhnLab V3 2010.06.18.01 2010.06.18 2010-06-18 0.08 -\r\nAntiVir 8.2.4.2 7.10.8.190 2010-06-25 0.27 -\r\nAntiy 2.0.18 20100626.4789664 2010-06-26 0.19 Cracker/DOS.Game.HotHook.dll[:not_virus]\r\nArcavir 2009 201006260242 2010-06-26 0.09 -\r\nAuthentium 5.1.1 201006261241 2010-06-26 1.40 W32/Keylogger.BQ (Exact)\r\nAVAST! 4.7.4 100626-0 2010-06-26 0.01 -\r\nAVG 8.5.793 271.1.1/2964 2010-06-26 0.57 -\r\nBitDefender 7.90123.6284422 7.32422 2010-06-26 5.47 -\r\nClamAV 0.96.1 11261 2010-06-25 0.01 Trojan.W32.HotKeysHook.A-2\r\nComodo 3.13.579 5223 2010-06-26 0.10 -\r\nCP Secure 1.3.0.5 2010.06.26 2010-06-26 0.10 Troj.Dropper.W32.Delf.U\r\nDr.Web 5.0.2.3300 2010.06.26 2010-06-26 8.37 Tool.Hatkeys\r\nF-Prot 4.4.4.56 20100626 2010-06-26 1.34 W32/Keylogger.BQ (exact)\r\nF-Secure 7.02.73807 2010.06.26.04 2010-06-26 0.46 -\r\nFortinet 4.1.133 12.86 2010-06-26 0.08 -\r\nGData 21.410/21.150 20100626 2010-06-26 0.08 -\r\nViRobot 20100626 2010.06.26 2010-06-26 0.08 -\r\nIkarus T3.1.01.84 2010.06.26.76143 2010-06-26 7.03 -\r\nJiangMin 13.0.900 2010.06.26 2010-06-26 0.09 -\r\nKaspersky 5.5.10 2010.06.26 2010-06-26 0.26 -\r\nKingSoft 2009.2.5.15 2010.6.26.18 2010-06-26 0.09 -\r\nMcAfee 5400.1158 6025 2010-06-26 17.17 -\r\nMicrosoft 1.5902 2010.06.26 2010-06-26 0.08 -\r\nNorman 6.05.10 6.05.00 2010-06-25 4.01 W32/HotKeys.A\r\nPanda 9.05.01 2010.06.24 2010-06-24 0.08 -\r\nTrend Micro 9.120-1004 7.268.10 2010-06-26 0.00 -\r\nQuick Heal 10.00 2010.06.26 2010-06-26 0.08 -\r\nRising 20.0 22.53.04.05 2010-06-25 0.08 -\r\nSophos 3.07.1 4.54 2010-06-26 3.69 Mal/Generic-A\r\nSunbelt 3.9.2426.2 6508 2010-06-25 0.08 -\r\nSymantec 1.3.0.24 20100615.005 2010-06-15 0.06 -\r\nnProtect 20100626.02 8781042 2010-06-26 0.08 -\r\nThe Hacker 6.5.2.0 v00304 2010-06-25 0.09 -\r\nVBA32 3.12.12.5 20100625.0804 2010-06-25 3.19 RiskWare.CrackTool.Win32.HotHook.dll\r\nVirusBuster 4.5.11.10 10.126.104/20401332010-06-26 5.82 -\r\n"; var clip = null; function $(id) { return document.getElementById(id); } function init_clip() { clip = new ZeroClipboard.Client(); clip.setHandCursor( true ); clip.addEventListener('mouseOver', my_mouse_over); clip.addEventListener('complete', my_complete); clip.glue( 'm_clip_button' ); } function my_mouse_over(client) { clip.setText( virinfo); } function my_complete(client, text) { // alert('Cópia completada!'); }
igoreso
igoreso Super Participante Registrado
704 Mensagens 22 Curtidas
#6 Por igoreso
29/06/2010 - 10:36
Faça o download do Malwarebytes' Anti-Malware
http://www.besttechie.net/tools/mbam-setup.exe
http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html
Faça a instalação dando um duplo clique em "mbam-setup.exe";
Marque "Atualizar Malwarebytes Anti-Malware" e "Executar Malwarebytes Anti-Malware", e clique em concluir;
Marque "Verificação Completa" e depois clique em Verificar;
Quando o scan terminar, clique em Ok e em "Mostrar Resultados" para ver o log;
Se algo for detectado, veja se tudo está marcado e clique em "Remover";
O log é automaticamente gravado e pode ser consultado clicando em "Logs" do menu principal;
Copie e cole todo o relatório em sua próxima resposta.
Novo log DDS, no mais é com colega brando.
observe.pngNão respondo duvidas por MP, e-mail e msn! Use o fórum!

brando lee
brando lee Zerinho Registrado
2.4K Mensagens 97 Curtidas
#7 Por brando lee
29/06/2010 - 10:36
odntht disse:
Éra para colar só o link, mas esta bom, é vamos mandar esse arquivo pra quarentena.

Vamos lá.

****************************

1) Copia Todo os comandos abaixo no Código.
MD C:\Quarentena

Move c:\windows\system32\H@tKeysH@@k.DLL C:\Quarentena\H@tKeysH@@k.DLL.morto
Move "c:\documents and settings\odnan\ndmok.exe" C:\Quarentena\ndmok.exe.morto

Shutdown -r -t 00
2) Abra seu bloco de notas cole o conteudo no bloco e Salve no Desktop com este nome--> DelFix.bat

E executa o Aquivo DelFix.bat.

O PC será reniciado.

Depois cole um novo log do DDS.
Ficarei um tempo ausente no Fórum, muito Ocupado, coisas mais importante pra fazer "Trabalho".


Removendo vírus pelo bloco de notas!


brando lee
brando lee Zerinho Registrado
2.4K Mensagens 97 Curtidas
#9 Por brando lee
29/06/2010 - 11:07
No meu procedimento adicionei mas um arquivo para remover, esqueci de add no Script, refaça se não fez ainda.

O meu é mais rápido, não téra que fazer scaneamento e instalar, faça o meu primeiro.
Depois faça do Malwarebytes..
Ficarei um tempo ausente no Fórum, muito Ocupado, coisas mais importante pra fazer "Trabalho".


Removendo vírus pelo bloco de notas!


odntht
odntht Novo Membro Registrado
50 Mensagens 0 Curtidas
#10 Por odntht
29/06/2010 - 11:18
Segue abaixo o novo Log do DDS...

DDS (Ver_09-06-26.01) - NTFSx86
Run by Odnan at 11:16:25,45 on ter 29/06/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_19
Microsoft Windows XP Home Edition 5.1.2600.3.1252.55.1046.18.1015.465 [GMT -3:00]

AV: AntiVir Desktop *On-access scanning disabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe
svchost.exe
C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe
C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Arquivos de programas\Bonjour\mDNSResponder.exe
C:\WINDOWS\Explorer.EXE
svchost.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\Arquivos de programas\Nero\Nero 7\InCD\InCDsrv.exe
C:\Arquivos de programas\Java\jre6\bin\jqs.exe
C:\Arquivos de programas\Avira\AntiVir Desktop\avshadow.exe
C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\mdm.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
E:\Jogos\Ragnarok\Bro\nProtect\npkcmsvc.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\rundll32.exe
C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Arquivos de programas\iTunes\iTunesHelper.exe
C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Arquivos de programas\uTorrent\uTorrent.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Arquivos de programas\iPod\bin\iPodService.exe
C:\Arquivos de programas\Windows Live\Contacts\wlcomm.exe
C:\WINDOWS\system32\wuauclt.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://br.yahoo.com
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
mWinlogon: UIHost=c:\documents and settings\all users\dados de aplicativos\tuneup software\tuneup utilities\winstyler\tu_logonui.exe
BHO: Octh Class: {000123b4-9b42-4900-b3f7-f4b073efc214} - c:\arquivos de programas\orbit\orbitcth.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - d:\arquivos de programas\microsoft office\office12\GrooveShellExtensions.dll
BHO: Auxiliar de Conexão do Windows Live: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\arquivos de programas\arquivos comuns\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\arquivos de programas\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\arquivos de programas\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [DAEMON Tools Lite] "c:\arquivos de programas\daemon tools lite\daemon.exe" -autorun
uRun: [uTorrent] "c:\arquivos de programas\utorrent\uTorrent.exe"
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
mRun: [avgnt] "c:\arquivos de programas\avira\antivir desktop\avgnt.exe" /min
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [QuickTime Task] "c:\arquivos de programas\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\arquivos de programas\itunes\iTunesHelper.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\odnan\menuin~1\progra~1\inicia~1\bitmet~1.lnk - c:\arquivos de programas\codebox\bitmeter\BitMeter2.exe
IE: Add to AMV Convert Tool... - c:\arquivos de programas\mp3 player utilities 4.00\amvconverter\grab.html
IE: E&xport to Microsoft Excel - c:\arquiv~1\micros~3\office12\EXCEL.EXE/3000
IE: MediaManager tool grab multimedia file - c:\arquivos de programas\mp3 player utilities 4.00\mediamanager\grab.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\arquivos de programas\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - d:\arquiv~1\micros~1\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - d:\arquiv~1\micros~1\office12\REFIEBAR.DLL
DPF: {00000055-9980-0010-8000-00AA00389B71} - hxxp://codecs.microsoft.com/codecs/i386/fhg.CAB
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - d:\arquivos de programas\microsoft office\office12\GrooveSystemServices.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - d:\arquivos de programas\microsoft office\office12\GrooveShellExtensions.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\odnan\dadosd~1\mozilla\firefox\profiles\kw01okcf.default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50-ff-shoutcast-chromesbox-en-us&query=
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.br
FF - prefs.js: keyword.URL - hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=GRfox000&ptb=yItOFvhNn8XlAHi9..Ru1Q&psa=&ind=2010052015&ptnrS=GRfox000&si=&st=kwd&n=77cef5af&searchfor=
FF - plugin: c:\arquivos de programas\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\arquivos de programas\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\arquivos de programas\microsoft\office live\npOLW.dll
FF - plugin: c:\arquivos de programas\mozilla firefox\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\arquivos de programas\real player\netscape6\nppl3260.dll
FF - plugin: c:\arquivos de programas\real player\netscape6\nprjplug.dll
FF - plugin: c:\arquivos de programas\real player\netscape6\nprpjplug.dll
FF - plugin: d:\arquivos de programas\divx\divx player\npDivxPlayerPlugin.dll
FF - plugin: d:\arquivos de programas\divx\divx plus web player\npdivx32.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\arquivos de programas\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\arquivos de programas\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", "-1");
c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("geo.enabled", true);
c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\arquivos de programas\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\arquivos de programas\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\arquivos de programas\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\arquivos de programas\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\arquivos de programas\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\arquivos de programas\mozilla firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\arquivos de programas\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\arquivos de programas\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\arquivos de programas\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\arquivos de programas\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35"); // now unused
c:\arquivos de programas\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\arquivos de programas\mozilla firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");
c:\arquivos de programas\mozilla firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\arquivos de programas\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\arquivos de programas\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\arquivos de programas\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\arquivos de programas\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\arquivos de programas\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\arquivos de programas\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.delay", 50);
c:\arquivos de programas\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\arquivos de programas\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\arquivos de programas\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\arquivos de programas\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\arquivos de programas\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\arquivos de programas\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\arquivos de programas\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\arquivos de programas\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\arquivos de programas\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\arquivos de programas\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\arquivos de programas\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\arquivos de programas\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\arquivos de programas\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\arquivos de programas\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\arquivos de programas\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\arquivos de programas\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\arquivos de programas\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\arquivos de programas\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\arquivos de programas\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\arquivos de programas\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\arquivos de programas\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\arquivos de programas\mozilla firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\arquivos de programas\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\arquivos de programas\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\arquivos de programas\mozilla firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\arquivos de programas\mozilla firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\arquivos de programas\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\arquivos de programas\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\arquivos de programas\mozilla firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
c:\arquivos de programas\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\arquivos de programas\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\arquivos de programas\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\arquivos de programas\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\arquivos de programas\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\arquivos de programas\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
c:\arquivos de programas\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\arquivos de programas\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\arquivos de programas\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 BtHidBus;Bluetooth HID Bus Service;c:\windows\system32\drivers\BtHidBus.sys [2008-7-31 20744]
R1 avgio;avgio;c:\arquivos de programas\avira\antivir desktop\avgio.sys [2010-3-29 11608]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\arquivos de programas\avira\antivir desktop\sched.exe [2010-3-29 135336]
R2 AntiVirService;Avira AntiVir Guard;c:\arquivos de programas\avira\antivir desktop\avguard.exe [2010-3-29 267432]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2009-8-2 60936]
R2 cpuz133;cpuz133;c:\windows\system32\drivers\cpuz133_x32.sys [2010-4-8 20968]
R3 PAC207;PC Camera;c:\windows\system32\drivers\PFC027.SYS [2007-5-29 508160]
R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\drivers\seehcri.sys [2010-2-9 27632]
S2 gupdate;Google Update Service (gupdate);c:\arquivos de programas\google\update\GoogleUpdate.exe [2010-5-4 136176]
S2 liissfbv;Image Update;c:\windows\system32\svchost.exe -k netsvcs [2006-3-2 14336]
S2 RPCHGM;Remote Procedure Call (HGM);c:\arquivos de programas\netmeeting\secedit.exe --> c:\arquivos de programas\netmeeting\secedit.exe [?]
S2 wuauServer;Driver Logon;c:\windows\system32\svchost.exe -k netsvcs [2006-3-2 14336]
S3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\drivers\motfilt.sys --> c:\windows\system32\drivers\motfilt.sys [?]
S3 btnetBUs;Bluetooth PAN Bus Service;c:\windows\system32\drivers\btnetBus.sys [2008-12-7 30088]
S3 IvtBtBUs;IVT Bluetooth Bus Service;c:\windows\system32\drivers\IvtBtBus.sys [2008-7-2 26248]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys --> c:\windows\system32\drivers\motccgp.sys [?]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys --> c:\windows\system32\drivers\motccgpfl.sys [?]
S3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\drivers\motousbnet.sys --> c:\windows\system32\drivers\Motousbnet.sys [?]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 PS3 Media Server;PS3 Media Server;"c:\arquivos de programas\ps3 media server\win32\service\wrapper.exe" -s "c:\arquivos de programas\ps3 media server\win32\service\wrapper.conf" --> c:\arquivos de programas\ps3 media server\win32\service\wrapper.exe [?]
S3 s0016bus;Sony Ericsson Device 0016 driver (WDM);c:\windows\system32\drivers\s0016bus.sys [2009-4-4 89256]
S3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;c:\windows\system32\drivers\s0016mdfl.sys [2009-4-4 15016]
S3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;c:\windows\system32\drivers\s0016mdm.sys [2009-4-4 120744]
S3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s0016mgmt.sys [2009-4-4 114216]
S3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);c:\windows\system32\drivers\s0016nd5.sys [2009-4-4 25512]
S3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;c:\windows\system32\drivers\s0016obex.sys [2009-4-4 110632]
S3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);c:\windows\system32\drivers\s0016unic.sys [2009-4-4 115752]

=============== Created Last 30 ================

2010-06-29 11:12 ==================== Find3M ====================

2010-06-22 23:31 479,704 a------- c:\windows\system32\perfh016.dat
2010-06-22 23:31 83,888 a------- c:\windows\system32\perfc016.dat
2010-05-18 16:35 197,920 ac------ c:\windows\system32\dnssdX.dll
2010-05-18 16:35 107,808 ac------ c:\windows\system32\dns-sd.exe
2010-05-18 16:35 91,424 ac------ c:\windows\system32\dnssd.dll
2010-05-06 07:34 916,480 ac------ c:\windows\system32\wininet.dll
2010-05-04 12:43 43,520 ac------ c:\windows\system32\CmdLineExt03.dll
2010-05-02 05:08 1,851,392 ac------ c:\windows\system32\win32k.sys
2010-04-20 02:31 285,696 ac------ c:\windows\system32\atmfd.dll
2010-04-19 20:47 3,062,048 ac------ c:\windows\system32\usbaaplrc.dll
2010-04-03 20:40 17,451 -c-shr-- c:\documents and settings\odnan\ndmok.exe
2010-04-03 12:46 411,368 ac------ c:\windows\system32\deploytk.dll

============= FINISH: 11:17:14,45 ===============
odntht
odntht Novo Membro Registrado
50 Mensagens 0 Curtidas
#12 Por odntht
29/06/2010 - 13:06
Oks!
Escaneando com o Malwarebytes...

@Edit

Bom segue ae o log..
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Versão da Base de Dados: 4253

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

29/6/2010 14:48:55
mbam-log-2010-06-29 (14-48-55).txt

Tipo de Verificação: Verificação Completa (C:\|D:\|E:\|)
Objetos escaneados: 290374
Tempo decorrido: 2 hora(s), 22 minuto(s), 41 segundo(s)

Processos de Memória Infectados: 0
Módulos de Memória Infectados: 0
Chaves de Registro Infectadas: 28
Valores de Registro Infectados: 0
Itens de Dados no Registro Infectados: 0
Pastas Infectadas: 0
Arquivos Infectados: 5

Processos de Memória Infectados:
(Não foram detectados ítens maliciosos)

Módulos de Memória Infectados:
(Não foram detectados ítens maliciosos)

Chaves de Registro Infectadas:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{67kln5j0-4opm-01we-aax5-314cca324372} (Generic.Bot.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{741de825-a6f0-4497-9aa6-8023cf9b0fff} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{cf54be1c-9359-4395-8533-1657cf209cfe} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{d518921a-4a03-425e-9873-b9a71756821e} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59c7fc09-1c83-4648-b3e6-003d2bbc7481} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68af847f-6e91-45dd-9b68-d6a12c30e5d7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170b96c-28d4-4626-8358-27e6caeef907} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{d1a71fa0-ff48-48dd-9b6d-7a13a3e42127} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ddb1968e-ead6-40fd-8dae-ff14757f60c7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{f138d901-86f0-4383-99b6-9cdd406036da} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Enum\Root\LEGACY_RPCHGM (Trojan.Keylogger) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\RPCHGM (Trojan.Keylogger) -> Quarantined and deleted successfully.

Valores de Registro Infectados:
(Não foram detectados ítens maliciosos)

Itens de Dados no Registro Infectados:
(Não foram detectados ítens maliciosos)

Pastas Infectadas:
(Não foram detectados ítens maliciosos)

Arquivos Infectados:
C:\Documents and Settings\Odnan\Desktop\Trainer & Teleporter by Dizzler (for NFSMW 1.3 - Multilanguage Support)\Trainer.exe (Malware.Packer) -> Quarantined and deleted successfully.
D:\Felippe\Meus documentos\Downloads\MyWebFaceSetup2.3.67.1.SA.HP.GRfox000.exe (Adware.MyWebSearch) -> Quarantined and deleted successfully.
E:\Jogos\Need for Speed Most Wanted\Trainer\Trainer.exe (Malware.Packer) -> Quarantined and deleted successfully.
E:\Jogos\Ragnarok\Bro\GameFort.dll (Malware.Packer.Gen) -> Quarantined and deleted successfully.
E:\Jogos\Ragnarok\Ragnarok Online\RagnaTurn\GameFort.dll (Malware.Packer.Gen) -> Quarantined and deleted successfully.
brando lee
brando lee Zerinho Registrado
2.4K Mensagens 97 Curtidas
#14 Por brando lee
29/06/2010 - 15:35
igoreso disse:
Igoreso!, pode ficar avontade não sei porque o motivo de dizer "saiu do caso" ??, se vc encontrar esse arquivo no relatório do DDS:
arkOrange">==================== Find3M ====================

2010-06-22 23:31 479,704 a------- c:\windows\system32\perfh016.dat
2010-06-22 23:31 83,888 a------- c:\windows\system32\perfc016.dat
2010-05-18 16:35 197,920 ac------ c:\windows\system32\dnssdX.dll
2010-05-18 16:35 107,808 ac------ c:\windows\system32\dns-sd.exe
2010-05-18 16:35 91,424 ac------ c:\windows\system32\dnssd.dll
2010-05-06 07:34 916,480 ac------ c:\windows\system32\wininet.dll
2010-05-04 12:43 43,520 ac------ c:\windows\system32\CmdLineExt03.dll
2010-05-02 05:08 1,851,392 ac------ c:\windows\system32\win32k.sys
2010-04-20 02:31 285,696 ac------ c:\windows\system32\atmfd.dll
2010-04-19 20:47 3,062,048 ac------ c:\windows\system32\usbaaplrc.dll
2010-04-03 20:40 17,451 -c-shr-- c:\documents and settings\odnan\ndmok.exe
2010-04-03 12:46 411,368 ac------ c:\windows\system32\deploytk.dll
Delete com alguma ferramenta por exemplo, "Avanger" ou "OTM".

Como esse arquivo esta oculto esqueci de preparar o comando Attrib, para desativar-lo para poder move-lo, mas não fiz e ele não foi movido pra pasta "quarentena".

>>>>>>>>>>>>>>>>>>>>>>>>

Edit:

odntht

Se o "igoreso" não qquiser mas continua, faça esse ultimo procedimento abaixo:

1) Copia os comando abaixo no Código
Attrib -s -h "c:\documents and settings\odnan\ndmok.exe"
Move "c:\documents and settings\odnan\ndmok.exe" C:\Quarentena\ndmok.exe.morto
2) vá em ((Iniciar))>((Executar))> e digite (cmd) e clique em (ok) Abrirá uma janela cole os comandos com o botão direito do mause e clique em (colar) e depois tecle (Enter).

Depois que terminar os procedimento, e delete o DDS.exe, e sua pasta DDS, que estão em seu desktop.

No Malwarebytes, ele removeu o jogo
E:\Jogos\Ragnarok\Bro\GameFort.dll (Malware.Packer.Gen) -> Quarantined and deleted successfully
vc ultiliza esse jogo ?

Até um abraço!
Ficarei um tempo ausente no Fórum, muito Ocupado, coisas mais importante pra fazer "Trabalho".


Removendo vírus pelo bloco de notas!


© 1999-2025 Hardware.com.br. Todos os direitos reservados.
Imagem do Modal