[Arquivado] TR/Spy.Banker.Gen

[lockgirl 0]

Bom, baixei o anti-vírus Avira e de 5 em 5 minutos, quando estou na internet aparece mensagem desse vírus, eu deleto e aparece um arquivo novo, não sei como ele funciona, mas como eu vi em outro tópico e o moderador pediu pra pessoa correr o Silent Runners no pc dela, já fiz isso no meu. Espero que ajude vocês a me ajudarem.

 

"Silent Runners.vbs", revision 59, http://www.silentrunners.org/

Operating System: Windows Vista

Output limited to non-default values, except where indicated by "{++}"

 

 

Startup items buried in registry:

---------------------------------

 

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}

"Sidebar" = "C:\Program Files\Windows Sidebar\sidebar.exe /autoRun" [MS]

"WindowsWelcomeCenter" = "rundll32.exe oobefldr.dll,ShowWelcomeCenter" [MS]

"LightScribe Control Panel" = "C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden" ["Hewlett-Packard Company"]

"ehTray.exe" = "C:\Windows\ehome\ehTray.exe" [MS]

"DAEMON Tools Lite" = ""C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun" ["DT Soft Ltd"]

"Google Update" = ""C:\Users\nag\AppData\Local\Google\Update\GoogleUpdate.exe" /c" ["Google Inc."]

"AdobeUpdater" = "C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe" ["Adobe Systems Incorporated"]

"ADPHONE" = "C:\Program Files\ADPHONE3\ADPHONE.EXE /STARTUP" [file not found]

"BitTorrent DNA" = ""C:\Users\nag\Program Files\DNA\btdna.exe"" ["BitTorrent, Inc."]

"WMPNSCFG" = "C:\Program Files\Windows Media Player\WMPNSCFG.exe" [MS]

 

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}

"SynTPStart" = "C:\Program Files\Synaptics\SynTP\SynTPStart.exe" ["Synaptics, Inc."]

"QPService" = ""C:\Program Files\HP\QuickPlay\QPService.exe"" ["CyberLink Corp."]

"QlbCtrl" = "C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start"

"OnScreenDisplay" = "C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe"

"UCam_Menu" = ""C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" update "Software\CyberLink\YouCam\1.0"" ["CyberLink Corp."]

"Windows Defender" = "C:\Program Files\Windows Defender\MSASCui.exe -hide"

"hpqSRMon" = "C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe" ["Hewlett-Packard"]

"Adobe Reader Speed Launcher" = ""C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"" ["Adobe Systems Incorporated"]

"HP Health Check Scheduler" = "[ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [file not found]

"HP Software Update" = "C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" ["Hewlett-Packard Co."]

"hpWirelessAssistant" = "C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" ["Hewlett-Packard Development Company, L.P."]

"WAWifiMessage" = "C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" ["Hewlett-Packard Development Company, L.P."]

"SunJavaUpdateSched" = ""C:\Program Files\Java\jre6\bin\jusched.exe"" ["Sun Microsystems, Inc."]

"TkBellExe" = ""C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot" ["RealNetworks, Inc."]

"AppleSyncNotifier" = "C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" ["Apple Inc."]

"QuickTime Task" = ""C:\Program Files\QuickTime\QTTask.exe" -atboottime" ["Apple Inc."]

"iTunesHelper" = ""C:\Program Files\iTunes\iTunesHelper.exe"" ["Apple Inc."]

"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}" = "C:\Program Files\Google\Gmail Notifier\gnotify.exe" ["Google Inc."]

"NvCplDaemon" = "RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup" [MS]

"NvMediaCenter" = "RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit" [MS]

"avgnt" = ""C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min" ["Avira GmbH"]

 

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)

-> {HKLM...CLSID} = "Adobe PDF Reader Link Helper"

\InProcServer32\(Default) = "C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]

{3049C3E9-B461-4BC5-8870-4C09146192CA}\(Default) = (no title provided)

-> {HKLM...CLSID} = "RealPlayer Download and Record Plugin for Internet Explorer"

\InProcServer32\(Default) = "C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll" ["RealPlayer"]

{9030D464-4C02-4ABF-8ECC-5164760863C6}\(Default) = (no title provided)

-> {HKLM...CLSID} = "Windows Live Sign-in Helper"

\InProcServer32\(Default) = "C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll" [MS]

{AA58ED58-01DD-4d91-8333-CF10577473F7}\(Default) = (no title provided)

-> {HKLM...CLSID} = "Google Toolbar Helper"

\InProcServer32\(Default) = "c:\program files\google\googletoolbar1.dll" ["Google Inc."]

{DBC80044-A445-435b-BC74-9C25C1C588A9}\(Default) = (no title provided)

-> {HKLM...CLSID} = "Java Plug-In 2 SSV Helper"

\InProcServer32\(Default) = "C:\Program Files\Java\jre6\bin\jp2ssv.dll" ["Sun Microsystems, Inc."]

{FFFFFFFF-FF12-44C5-91EC-068E3AA1B2D7}\(Default) = (no title provided)

-> {HKLM...CLSID} = "HP Print Clips"

\InProcServer32\(Default) = "c:\Program Files\HP\Smart Web Printing\hpswp_framework.dll" ["Hewlett-Packard Co."]

 

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\

"{00020d75-0000-0000-c000-000000000046}" = "lnkfile"

-> {HKLM...CLSID} = "Microsoft Outlook"

\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~3\Office\MLSHEXT.DLL" [MS]

"{993BE281-6695-4BA5-8A2A-7AACBFAAB69E}" = "Microsoft Office Metadata Handler"

-> {HKLM...CLSID} = "Microsoft Office Metadata Handler"

\InProcServer32\(Default) = "C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll" [MS]

"{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97}" = "Microsoft Office Thumbnail Handler"

-> {HKLM...CLSID} = "Microsoft Office Thumbnail Handler"

\InProcServer32\(Default) = "C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll" [MS]

"{7F67036B-66F1-411A-AD85-759FB9C5B0DB}" = "ShellViewRTF"

-> {HKLM...CLSID} = "ShellViewRTF"

\InProcServer32\(Default) = "C:\Windows\System32\ShellvRTF.dll" ["XSS"]

"{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class"

-> {HKLM...CLSID} = "DesktopContext Class"

\InProcServer32\(Default) = "C:\Windows\system32\nvcpl.dll" ["NVIDIA Corporation"]

"{2F603045-309F-11CF-9774-0020AFD0CFF6}" = "Synaptics Control Panel"

-> {HKLM...CLSID} = (no title provided)

\InProcServer32\(Default) = "C:\Program Files\Synaptics\SynTP\SynTPCpl.dll" ["Synaptics, Inc."]

"{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}" = "Shell Extensions for RealOne Player"

-> {HKLM...CLSID} = "RealOne Player Context Menu Class"

\InProcServer32\(Default) = "C:\Program Files\Real\RealPlayer\rpshell.dll" ["RealNetworks, Inc."]

"{FC9FB64A-1EB2-4CCF-AF5E-1A497A9B5C2D}" = "Messenger Sharing Folders"

-> {HKLM...CLSID} = "My Sharing Folders"

\InProcServer32\(Default) = "C:\Program Files\Windows Live\Messenger\fsshext.8.5.1302.1018.dll" [MS]

"{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF}" = "iTunes"

-> {HKLM...CLSID} = "iTunes"

\InProcServer32\(Default) = "C:\Program Files\iTunes\iTunesMiniPlayer.dll" ["Apple Inc."]

"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"

-> {HKLM...CLSID} = "WinRAR"

\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" ["Alexander Roshal"]

"{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper"

-> {HKLM...CLSID} = "NVIDIA CPL Extension"

\InProcServer32\(Default) = "C:\Windows\system32\nvcpl.dll" ["NVIDIA Corporation"]

"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Outlook Custom Icon Handler"

-> {HKLM...CLSID} = "Extensão de ícone de arquivo do Outlook"

\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~3\Office\OLKFSTUB.DLL" [MS]

"{0561EC90-CE54-4f0c-9C55-E226110A740C}" = "Haali Column Provider"

-> {HKLM...CLSID} = "Haali Column Provider"

\InProcServer32\(Default) = "C:\Program Files\Essentials Codec Pack\Haali\mmfinfo.dll" [null data]

"{5574006C-28F5-4a65-A28C-74DE6BFBE0BB}" = "Haali Matroska Shell Property Page"

-> {HKLM...CLSID} = "Haali Matroska Shell Property Page"

\InProcServer32\(Default) = "C:\Program Files\Essentials Codec Pack\Haali\mmfinfo.dll" [null data]

"{327669A0-59A7-4be9-B99E-1C9F3A57611A}" = "Haali Matroska Thumbnail Extractor"

-> {HKLM...CLSID} = "Haali Matroska Thumbnail Extractor"

\InProcServer32\(Default) = "C:\Program Files\Essentials Codec Pack\Haali\mmfinfo.dll" [null data]

"{45AC2688-0253-4ED8-97DE-B5370FA7D48A}" = "Shell Extension for Malware scanning"

-> {HKLM...CLSID} = "Shell Extension for Malware scanning"

\InProcServer32\(Default) = "C:\Program Files\Avira\AntiVir Desktop\shlext.dll" ["Avira GmbH"]

"{A155339D-CCCD-4714-85EB-3754B804C9DF}" = "a-squared Free Shell Extension"

-> {HKLM...CLSID} = "a-squared Free Shell Extension"

\InProcServer32\(Default) = "C:\Program Files\a-squared Free\a2freecontmenu.dll" ["Emsi Software GmbH"]

 

HKLM\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\

{0561EC90-CE54-4f0c-9C55-E226110A740C}\(Default) = "Haali Column Provider"

-> {HKLM...CLSID} = "Haali Column Provider"

\InProcServer32\(Default) = "C:\Program Files\Essentials Codec Pack\Haali\mmfinfo.dll" [null data]

{F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info"

-> {HKLM...CLSID} = "PDF Shell Extension"

\InProcServer32\(Default) = "C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."]

 

HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\

Shell Extension for Malware scanning\(Default) = "{45AC2688-0253-4ED8-97DE-B5370FA7D48A}"

-> {HKLM...CLSID} = "Shell Extension for Malware scanning"

\InProcServer32\(Default) = "C:\Program Files\Avira\AntiVir Desktop\shlext.dll" ["Avira GmbH"]

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

-> {HKLM...CLSID} = "WinRAR"

\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" ["Alexander Roshal"]

 

HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

-> {HKLM...CLSID} = "WinRAR"

\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" ["Alexander Roshal"]

 

HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\

a-squared Free Shell Extension\(Default) = "{A155339D-CCCD-4714-85EB-3754B804C9DF}"

-> {HKLM...CLSID} = "a-squared Free Shell Extension"

\InProcServer32\(Default) = "C:\Program Files\a-squared Free\a2freecontmenu.dll" ["Emsi Software GmbH"]

Shell Extension for Malware scanning\(Default) = "{45AC2688-0253-4ED8-97DE-B5370FA7D48A}"

-> {HKLM...CLSID} = "Shell Extension for Malware scanning"

\InProcServer32\(Default) = "C:\Program Files\Avira\AntiVir Desktop\shlext.dll" ["Avira GmbH"]

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

-> {HKLM...CLSID} = "WinRAR"

\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" ["Alexander Roshal"]

 

HKLM\SOFTWARE\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\

a-squared Free Shell Extension\(Default) = "{A155339D-CCCD-4714-85EB-3754B804C9DF}"

-> {HKLM...CLSID} = "a-squared Free Shell Extension"

\InProcServer32\(Default) = "C:\Program Files\a-squared Free\a2freecontmenu.dll" ["Emsi Software GmbH"]

 

 

Group Policies {GPedit.msc branch and setting}:

-----------------------------------------------

 

Note: detected settings may not have any effect.

 

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\

 

"ConsentPromptBehaviorAdmin" = (REG_DWORD) dword:0x00000002

{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|

User Account Control: Behavior Of The Elevation Prompt For Administrators In Admin Approval Mode}

 

"ConsentPromptBehaviorUser" = (REG_DWORD) dword:0x00000001

{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|

User Account Control: Behavior Of The Elevation Prompt For Standard Users}

 

"EnableInstallerDetection" = (REG_DWORD) dword:0x00000001

{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|

User Account Control: Detect Application Installations And Prompt For Elevation}

 

"EnableLUA" = (REG_DWORD) dword:0x00000001

{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|

User Account Control: Run All Administrators In Admin Approval Mode}

 

"EnableSecureUIAPaths" = (REG_DWORD) dword:0x00000001

{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|

User Account Control: Only elevate UIAccess applications that are installed in secure locations}

 

"EnableVirtualization" = (REG_DWORD) dword:0x00000001

{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|

User Account Control: Virtualize file and registry write failures to per-user locations}

 

"PromptOnSecureDesktop" = (REG_DWORD) dword:0x00000001

{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|

User Account Control: Switch to the secure desktop when prompting for elevation}

 

"shutdownwithoutlogon" = (REG_DWORD) dword:0x00000001

{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|

Shutdown: Allow system to be shut down without having to log on}

 

"undockwithoutlogon" = (REG_DWORD) dword:0x00000001

{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|

Devices: Allow undock without having to log on}

 

"FilterAdministratorToken" = (REG_DWORD) dword:0x00000000

{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|

User Account Control: Admin Approval Mode for the Built-in Administrator Account}

 

 

Active Desktop and Wallpaper:

-----------------------------

 

Active Desktop may be disabled at this entry:

HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

 

Displayed if Active Desktop enabled and wallpaper not set by Group Policy:

HKCU\Software\Microsoft\Internet Explorer\Desktop\General\

"Wallpaper" = "C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg"

 

Displayed if Active Desktop disabled and wallpaper not set by Group Policy:

HKCU\Control Panel\Desktop\

"Wallpaper" = "C:\Users\nag\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg"

 

 

Enabled Screen Saver:

---------------------

 

HKCU\Control Panel\Desktop\

"SCRNSAVE.EXE" = "C:\Windows\system32\Bubbles.scr" [MS]

 

 

Windows Portable Device AutoPlay Handlers

-----------------------------------------

 

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\

 

CADeviceOnArrival\

"Provider" = "Vongo"

"ProgID" = "Vongo.HWEventHandler"

HKLM\SOFTWARE\Classes\Vongo.HWEventHandler\CLSID\(Default) = "{362296A1-BA71-4f15-BFC8-849426DF39E4}"

-> {HKLM...CLSID} = "Vongo Portable"

\LocalServer32\(Default) = "C:\Program Files\Vongo\CaLauncher.exe" [null data]

 

HPAutoplayPSE\

"Provider" = "HP Photosmart Essential 2.5"

"InvokeProgID" = "HpqPSApl.Autoplay"

"InvokeVerb" = "Play"

HKLM\SOFTWARE\Classes\HpqPSApl.Autoplay\shell\Play\DropTarget\CLSID = "{A6873065-D632-4615-A3A9-C5F05EE109C1}"

-> {HKLM...CLSID} = (no title provided)

\LocalServer32\(Default) = "C:\Program Files\HP\Digital Imaging\bin\HpqPsApl.exe" ["Hewlett-Packard"]

 

iTunesBurnCDOnArrival\

"Provider" = "iTunes"

"InvokeProgID" = "iTunes.BurnCD"

"InvokeVerb" = "burn"

HKLM\SOFTWARE\Classes\iTunes.BurnCD\shell\burn\command\(Default) = ""C:\Program Files\iTunes\iTunes.exe" /AutoPlayBurn "%L"" ["Apple Inc."]

 

iTunesImportSongsOnArrival\

"Provider" = "iTunes"

"InvokeProgID" = "iTunes.ImportSongsOnCD"

"InvokeVerb" = "import"

HKLM\SOFTWARE\Classes\iTunes.ImportSongsOnCD\shell\import\command\(Default) = ""C:\Program Files\iTunes\iTunes.exe" /AutoPlayImportSongs "%L"" ["Apple Inc."]

 

iTunesPlaySongsOnArrival\

"Provider" = "iTunes"

"InvokeProgID" = "iTunes.PlaySongsOnCD"

"InvokeVerb" = "play"

HKLM\SOFTWARE\Classes\iTunes.PlaySongsOnCD\shell\play\command\(Default) = ""C:\Program Files\iTunes\iTunes.exe" /playCD "%L"" ["Apple Inc."]

 

iTunesShowSongsOnArrival\

"Provider" = "iTunes"

"InvokeProgID" = "iTunes.ShowSongsOnCD"

"InvokeVerb" = "showsongs"

HKLM\SOFTWARE\Classes\iTunes.ShowSongsOnCD\shell\showsongs\command\(Default) = ""C:\Program Files\iTunes\iTunes.exe" /AutoPlayShowSongs "%L"" ["Apple Inc."]

 

LightScribeOnArrivalAP\

"Provider" = "LightScribe Direct Disc Labeling"

"InvokeProgID" = "LightScribe.AutoPlayHandler"

"InvokeVerb" = "LabelLightScribeDisc"

HKLM\SOFTWARE\Classes\LightScribe.AutoPlayHandler\shell\LabelLightScribeDisc\command\(Default) = "C:\Program Files\Common Files\LightScribe\LsLauncher.exe" ["Hewlett-Packard Company"]

 

MPC_CD\

"Provider" = "Media Player Classic"

"InvokeProgID" = "APR_MediaHandlers"

"InvokeVerb" = "MPC_CD"

HKLM\SOFTWARE\Classes\APR_MediaHandlers\shell\MPC_CD\command\(Default) = "C:\Program Files\Essentials Codec Pack\wmplayer.exe /cd "%L"" [file not found]

 

MPC_DVD\

"Provider" = "Media Player Classic"

"InvokeProgID" = "APR_MediaHandlers"

"InvokeVerb" = "MPC_DVD"

HKLM\SOFTWARE\Classes\APR_MediaHandlers\shell\MPC_DVD\command\(Default) = "C:\Program Files\Essentials Codec Pack\wmplayer.exe /dvd "%L"" [file not found]

 

muveeVideoCameraArrival\

"Provider" = "muvee autoProducer 6.1"

"ProgID" = "Shell.HWEventHandlerShellExecute"

"InitCmdLine" = ""C:\Program Files\muvee Technologies\muvee autoProducer 6.1 - SE\muveeapp.exe" /RECORD"

HKLM\SOFTWARE\Classes\Shell.HWEventHandlerShellExecute\CLSID\(Default) = "{FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}"

-> {HKLM...CLSID} = "Shell Execute Hardware Event Handler"

\LocalServer32\(Default) = "C:\Windows\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}" [MS]

 

P2GCDBurningOnArrival\

"Provider" = "Power2Go"

"InvokeProgID" = "Picture"

"InvokeVerb" = "OpenWithPower2Go"

HKLM\SOFTWARE\Classes\Picture\shell\OpenWithPower2Go\Command\(Default) = ""C:\Program Files\CyberLink\Power2Go\Power2Go.exe"" ["CyberLink Corp."]

 

PDirDVArrival\

"Provider" = "PowerDirector"

"ProgID" = "Shell.HWEventHandlerShellExecute"

"InitCmdLine" = ""C:\Program Files\CyberLink\PowerDirector\PDR.exe" /DV"

HKLM\SOFTWARE\Classes\Shell.HWEventHandlerShellExecute\CLSID\(Default) = "{FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}"

-> {HKLM...CLSID} = "Shell Execute Hardware Event Handler"

\LocalServer32\(Default) = "C:\Windows\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}" [MS]

 

Power2GoPlayCDAudioOnArrival\

"Provider" = "Power2Go"

"InvokeProgID" = "AudioCD"

"InvokeVerb" = "PlayWithPower2Go"

HKLM\SOFTWARE\Classes\AudioCD\shell\PlayWithPower2Go\Command\(Default) = ""C:\Program Files\CyberLink\Power2Go\Power2Go.exe" /AudioRipper "%L"" ["CyberLink Corp."]

 

PStarterBlankCDArrival\

"Provider" = "DVD Suite"

"InvokeProgID" = "Picture"

"InvokeVerb" = "OpenWithPowerStarter"

HKLM\SOFTWARE\Classes\Picture\shell\OpenWithPowerStarter\Command\(Default) = ""C:\Program Files\CyberLink\DVD Suite\PowerStarter.exe"" ["CyberLink"]

 

PStarterDVDBurningOnArrival\

"Provider" = "DVD Suite"

"InvokeProgID" = "BlankDVD"

"InvokeVerb" = "OpenWithPowerStarter"

HKLM\SOFTWARE\Classes\BlankDVD\shell\OpenWithPowerStarter\Command\(Default) = ""C:\Program Files\CyberLink\DVD Suite\PowerStarter.exe"" ["CyberLink"]

 

PStarterMixedCDArrival\

"Provider" = "DVD Suite"

"InvokeProgID" = "MixedContent"

"InvokeVerb" = "OpenWithPowerStarter"

HKLM\SOFTWARE\Classes\MixedContent\shell\OpenWithPowerStarter\Command\(Default) = ""C:\Program Files\CyberLink\DVD Suite\PowerStarter.exe"" ["CyberLink"]

 

PStarterMusicFilesArrival\

"Provider" = "DVD Suite"

"InvokeProgID" = "MusicFiles"

"InvokeVerb" = "OpenWithPowerStarter"

HKLM\SOFTWARE\Classes\MusicFiles\shell\OpenWithPowerStarter\Command\(Default) = ""C:\Program Files\CyberLink\DVD Suite\PowerStarter.exe"" ["CyberLink"]

 

PStarterPicturesArrival\

"Provider" = "DVD Suite"

"InvokeProgID" = "BlankCD"

"InvokeVerb" = "OpenWithPowerStarter"

HKLM\SOFTWARE\Classes\BlankCD\shell\OpenWithPowerStarter\Command\(Default) = ""C:\Program Files\CyberLink\DVD Suite\PowerStarter.exe"" ["CyberLink"]

 

PStarterPlayCDAudioOnArrival\

"Provider" = "DVD Suite"

"InvokeProgID" = "AudioCD"

"InvokeVerb" = "PlayWithPowerStarter"

HKLM\SOFTWARE\Classes\AudioCD\shell\PlayWithPowerStarter\Command\(Default) = ""C:\Program Files\CyberLink\DVD Suite\PowerStarter.exe" "%L"" ["CyberLink"]

 

PStarterPlayDVDMovieOnArrival\

"Provider" = "DVD Suite"

"InvokeProgID" = "DVD"

"InvokeVerb" = "PlayWithPowerStarter"

HKLM\SOFTWARE\Classes\DVD\shell\PlayWithPowerStarter\Command\(Default) = ""C:\Program Files\CyberLink\DVD Suite\PowerStarter.exe" "%L"" ["CyberLink"]

 

PStarterVideoFilesArrival\

"Provider" = "DVD Suite"

"InvokeProgID" = "VideoFiles"

"InvokeVerb" = "OpenWithPowerStarter"

HKLM\SOFTWARE\Classes\VideoFiles\shell\OpenWithPowerStarter\Command\(Default) = ""C:\Program Files\CyberLink\DVD Suite\PowerStarter.exe"" ["CyberLink"]

 

QuickPlayDCameraArrival\

"Provider" = "HP QuickPlay"

"InvokeProgID" = "Picture"

"InvokeVerb" = "PlayWithQuickPlay"

HKLM\SOFTWARE\Classes\Picture\shell\PlayWithQuickPlay\Command\(Default) = ""C:\Program Files\HP\QuickPlay\QP.exe" AUTOPLAY DSC "%L"" ["CyberLink Corp."]

 

QuickPlayDVArrival\

"Provider" = "HP QuickPlay"

"ProgID" = "Shell.HWEventHandlerShellExecute"

"InitCmdLine" = ""C:\Program Files\HP\QuickPlay\QP.exe" DV "%L""

HKLM\SOFTWARE\Classes\Shell.HWEventHandlerShellExecute\CLSID\(Default) = "{FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}"

-> {HKLM...CLSID} = "Shell Execute Hardware Event Handler"

\LocalServer32\(Default) = "C:\Windows\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}" [MS]

 

QuickPlayMusicFilesArrival\

"Provider" = "HP QuickPlay"

"InvokeProgID" = "MusicFiles"

"InvokeVerb" = "PlayWithQuickPlay"

HKLM\SOFTWARE\Classes\MusicFiles\shell\PlayWithQuickPlay\Command\(Default) = ""C:\Program Files\HP\QuickPlay\QP.exe" AUTOPLAY MUSIC "%L"" ["CyberLink Corp."]

 

QuickPlayPlayCDAudioOnArrival\

"Provider" = "HP QuickPlay"

"InvokeProgID" = "AudioCD"

"InvokeVerb" = "PlayWithQuickPlay"

HKLM\SOFTWARE\Classes\AudioCD\shell\PlayWithQuickPlay\Command\(Default) = ""C:\Program Files\HP\QuickPlay\QP.exe" AUTOPLAY CD "%L"" ["CyberLink Corp."]

 

QuickPlayPlayDVDMovieOnArrival\

"Provider" = "HP QuickPlay"

"InvokeProgID" = "DVD"

"InvokeVerb" = "PlayWithQuickPlay"

HKLM\SOFTWARE\Classes\DVD\shell\PlayWithQuickPlay\Command\(Default) = ""C:\Program Files\HP\QuickPlay\QP.exe" AUTOPLAY MOVIE "%L"" ["CyberLink Corp."]

 

QuickPlayPlayVideoCDMovieOnArrival\

"Provider" = "HP QuickPlay"

"InvokeProgID" = "VCD"

"InvokeVerb" = "PlayWithQuickPlay"

HKLM\SOFTWARE\Classes\VCD\shell\PlayWithQuickPlay\Command\(Default) = ""C:\Program Files\HP\QuickPlay\QP.exe" AUTOPLAY MOVIE "%L"" ["CyberLink Corp."]

 

RPCDBurningOnArrival\

"Provider" = "RealPlayer"

"InvokeProgID" = "RealPlayer.CDBurn.6"

"InvokeVerb" = "open"

HKCU\Software\Classes\RealPlayer.CDBurn.6\shell\open\command\(Default) = ""C:\Program Files\Real\RealPlayer\RealPlay.exe" /burn "%1"" ["RealNetworks, Inc."]

 

RPDeviceOnArrival\

"Provider" = "RealPlayer"

"ProgID" = "RealPlayer.HWEventHandler"

HKLM\SOFTWARE\Classes\RealPlayer.HWEventHandler\CLSID\(Default) = "{67E76F1D-BDE2-4052-913C-2752366192D2}"

-> {HKLM...CLSID} = "RealNetworks Scheduler"

\LocalServer32\(Default) = ""C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -autoplay" ["RealNetworks, Inc."]

 

RPPlayCDAudioOnArrival\

"Provider" = "RealPlayer"

"InvokeProgID" = "RealPlayer.AudioCD.6"

"InvokeVerb" = "play"

HKCU\Software\Classes\RealPlayer.AudioCD.6\shell\play\command\(Default) = ""C:\Program Files\Real\RealPlayer\RealPlay.exe" /play %1 " ["RealNetworks, Inc."]

 

RPPlayDVDMovieOnArrival\

"Provider" = "RealPlayer"

"InvokeProgID" = "RealPlayer.DVD.6"

"InvokeVerb" = "play"

HKCU\Software\Classes\RealPlayer.DVD.6\shell\play\command\(Default) = ""C:\Program Files\Real\RealPlayer\RealPlay.exe" /dvd %1 " ["RealNetworks, Inc."]

 

RPPlayMediaOnArrival\

"Provider" = "RealPlayer"

"InvokeProgID" = "RealPlayer.AutoPlay.6"

"InvokeVerb" = "open"

HKCU\Software\Classes\RealPlayer.AutoPlay.6\shell\open\command\(Default) = ""C:\Program Files\Real\RealPlayer\RealPlay.exe" /autoplay "%1"" ["RealNetworks, Inc."]

 

WIA_{C3CDC176-15B7-47b2-8D40-2CF932067CB4}\

"Provider" = "muvee autoProducer 6.1"

"CLSID" = "{A55803CC-4D53-404c-8557-FD63DBA95D24}"

"InitCmdLine" = "/WiaCmd;C:\Program Files\muvee Technologies\muvee autoProducer 6.1 - SE\muveeapp.exe /StiDevice:%1 /StiEvent:%2;"

-> {HKLM...CLSID} = "WPDShextAutoplay"

\LocalServer32\(Default) = "C:\Windows\system32\WPDShextAutoplay.exe" [MS]

 

WIA_{FBC97FCA-03C9-451F-8DDF-890319A5E559}\

"Provider" = "HP Photosmart Essential 2.5"

"CLSID" = "{A55803CC-4D53-404c-8557-FD63DBA95D24}"

"InitCmdLine" = "/WiaCmd;C:\Program Files\HP\Digital Imaging\bin\HpqPsApl.exe;"

-> {HKLM...CLSID} = "WPDShextAutoplay"

\LocalServer32\(Default) = "C:\Windows\system32\WPDShextAutoplay.exe" [MS]

 

 

Startup items in "nag" & "All Users" startup folders:

-----------------------------------------------------

 

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup

"Microsoft Office" -> shortcut to: "C:\Program Files\Microsoft Office\Office\OSA9.EXE -b -l" [MS]

"Vongo Tray" -> shortcut to: "C:\Windows\Installer\{8C3AE2D1-854D-4650-A73D-C7CC7EE36B80}\NewShortcut2_DB7E00C96DEF489A8112D8F81614F45A.exe" ["Macrovision Corporation"]

 

 

Winsock2 Service Provider DLLs:

-------------------------------

 

Namespace Service Providers

 

HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}

000000000001\LibraryPath = "%SystemRoot%\system32\NLAapi.dll" [MS]

000000000002\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

000000000003\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]

000000000004\LibraryPath = "%SystemRoot%\system32\napinsp.dll" [MS]

000000000005\LibraryPath = "%SystemRoot%\system32\pnrpnsp.dll" [MS]

000000000006\LibraryPath = "%SystemRoot%\system32\pnrpnsp.dll" [MS]

000000000007\LibraryPath = "C:\Program Files\Bonjour\mdnsNSP.dll" ["Apple Inc."]

 

Transport Service Providers

 

HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}

0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:

%SystemRoot%\system32\mswsock.dll [MS], 01 - 18

 

 

Toolbars, Explorer Bars, Extensions:

------------------------------------

 

Toolbars

 

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\

"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"

-> {HKLM...CLSID} = "&Google"

\InProcServer32\(Default) = "c:\program files\google\googletoolbar1.dll" ["Google Inc."]

 

HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\

"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" = (no title provided)

-> {HKLM...CLSID} = "&Google"

\InProcServer32\(Default) = "c:\program files\google\googletoolbar1.dll" ["Google Inc."]

 

Extensions (Tools menu items, main toolbar menu buttons)

 

HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\

{58ECB495-38F0-49CB-A538-10282ABF65E7}\

"ButtonText" = "HP Smart Select"

"CLSIDExtension" = "{A93C41D8-01F8-4F8B-B14C-DE20B117E636}"

-> {HKLM...CLSID} = "EnhSelectionBtn Class"

\InProcServer32\(Default) = "c:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll" ["Hewlett-Packard Co."]

 

 

Running Services (Display Name, Service Name, Path {Service DLL}):

------------------------------------------------------------------

 

a-squared Free Service, a2free, ""C:\Program Files\a-squared Free\a2service.exe"" ["Emsi Software GmbH"]

Apple Mobile Device, Apple Mobile Device, ""C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe"" ["Apple Inc."]

Avira AntiVir Guard, AntiVirService, ""C:\Program Files\Avira\AntiVir Desktop\avguard.exe"" ["Avira GmbH"]

Avira AntiVir Scheduler, AntiVirSchedulerService, ""C:\Program Files\Avira\AntiVir Desktop\sched.exe"" ["Avira GmbH"]

Bonjour Service, Bonjour Service, ""C:\Program Files\Bonjour\mDNSResponder.exe"" ["Apple Inc."]

CNG Key Isolation, KeyIso, "C:\Windows\system32\lsass.exe" [MS]

Cyberlink RichVideo Service(CRVS), RichVideo, ""C:\Program Files\CyberLink\Shared Files\RichVideo.exe"" [empty string]

Extensible Authentication Protocol, EapHost, "C:\Windows\System32\svchost.exe -k netsvcs" {"C:\Windows\System32\eapsvc.dll" [MS]}

HP Health Check Service, HP Health Check Service, ""c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe"" [null data]

hpqwmiex, hpqwmiex, "C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe" ["Hewlett-Packard Development Company, L.P."]

Human Interface Device Access, hidserv, "C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted" {"C:\Windows\system32\hidserv.dll" [MS]}

iPod Service, iPod Service, ""C:\Program Files\iPod\bin\iPodService.exe"" ["Apple Inc."]

LightScribeService Direct Disc Labeling Service, LightScribeService, ""C:\Program Files\Common Files\LightScribe\LSSrvc.exe"" ["Hewlett-Packard Company"]

Messenger Sharing Folders USN Journal Reader service, usnjsvc, ""C:\Program Files\Windows Live\Messenger\usnsvc.exe"" [MS]

MrHealthy, MrHealthyService, "C:\Program Files\Norton PC Checkup\executables\mrHealthy\MrHealthy.exe -service" ["Symantec Corporation"]

NVIDIA Display Driver Service, nvsvc, "C:\Windows\system32\nvvsvc.exe" ["NVIDIA Corporation"]

QuickPlay Background Capture Service (QBCS), QPCapSvc, ""C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe"" [empty string]

QuickPlay Task Scheduler (QTS), QPSched, ""C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe"" [empty string]

Windows Driver Foundation - User-mode Driver Framework, wudfsvc, "C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted" {"C:\Windows\System32\WUDFSvc.dll" [MS]}

Windows Image Acquisition (WIA), stisvc, "C:\Windows\system32\svchost.exe -k imgsvc" {"C:\Windows\System32\wiaservc.dll" [MS]}

Windows Media Player Network Sharing Service, WMPNetworkSvc, ""C:\Program Files\Windows Media Player\wmpnetwk.exe"" [MS]

WLAN AutoConfig, Wlansvc, "C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted" {"C:\Windows\System32\wlansvc.dll" [MS]}

XAudioService, XAudioService, "C:\Windows\system32\DRIVERS\xaudio.exe" ["Conexant Systems, Inc."]

 

 

---------- (launch time: 2009-04-07 17:41:39)

+ This report excludes default entries except where indicated.

+ To see *everywhere* the script checks and *everything* it finds,

launch it from a command prompt or a shortcut with the -all parameter.

+ To search all directories of local fixed drives for DESKTOP.INI

DLL launch points, use the -supp parameter or answer "No" at the

first message box and "Yes" at the second message box.

---------- (total run time: 153 seconds, including 6 seconds for message boxes)

 

 

 

Outra coisa que eu quero saber é se alguém tem alguma dica de algum programa que limpe meu windows vista de programas inuteis, pois realmente nào tenho certeza doq posso apagar ou não, e ocupa muito espaço tudo isso aqui.

Muito grata.

[Power Max 54]

:thumbsup: Olá Lockgirl! Seja bem-vinda ao Fórum Imasters.

 

:seta: Sugiro que você salve ou imprima essas instruções abaixo, pois em alguns momentos você poderá precisar usar o computador sem o acesso à internet:

 

1. Faça o download da ferramenta BankerFix clicando no link abaixo:

http://www.linhadefensiva.org/dl/bankerfix

2. Salve a ferramenta no seu disco rígido.

3. Caso seu antivírus possua algum bloqueio de scripts, é possível que ele alerte que a ferramenta é insegura. Este bloqueio existe porque, durante um tempo, muitos vírus eram programados em linguagens de “script”. O BankerFix também é criado nessa linguagem, mas não se trata de um vírus. De qualquer forma, o antivírus poderá alertá-lo com uma mensagem perguntando se você quer executar o script ou não. Certifique-se de permitir sua execução ou a ferramenta não irá funcionar.

4. Dê um duplo-clique no bankerfix.exe

5. Se você está executando ela pela primeira vez, uma mensagem pedindo para confirmar a existência de conexão com a Internet será exibida. Clique em OK.

6. Quando o BankerFix estiver instalado, uma mensagem de confirmação irá aparecer. Clique em OK para executá-lo ou Cancelar para sair

7. Se você executá-lo, uma janela de texto simples irá aparecer na tela.

8. Feche todas as janelas e programas, com exceção do Banker Fix

9. Clique na janela do BankerFix e aperte qualquer tecla. O BankerFix faz o resto sozinho

10. Você irá receber uma mensagem informando se nenhum problema foi encontrado, se algum problema foi encontrado e solucionado ou se alguns arquivos infectados não puderam ser removidos

11. Feche a janela

12. Troque qualquer senha de banco, Orkut e MSN caso a ferramenta tenha detectado problemas no seu computador

 

Notas

 

* Se a ferramenta não conseguir remover algum arquivo, tente usar o Modo de Segurança (apertando a tecla F8 (ou a tecla F5 em alguns computadores) repetidas vezes quando o computador estiver reiniciando e escolhendo a opção Modo Seguro ou Modo de Segurança). Aí quando o computador tiver reiniciado, você escaneia o computador com o BankerFix novamente ou apenas reinicie e execute novamente o BankerFix.

Na sua próxima resposta poste o conteúdo do Relatorio.txt que encontrará na pasta C:\LinhaDefensiva juntamente com um log do programa Hijackthis.

 

Para postar este log do programa Hijackthis é só seguir as dicas deste tópico:

http://forum.imasters.com.br/index.php?showtopic=165906

 

Ficamos no aguardo de sua resposta.

[lockgirl 0]

Bom, o bankerfix não achou nada :(

E não consegui rodá-lo em modo de segurança, simplesmente nada aparecia... vou tentar novamente.

Mas por enquanto vou pastar aqui oque você me pediu:

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 12:12:18 AM, on 4/8/2009

Platform: Windows Vista (WinNT 6.00.1904)

MSIE: Internet Explorer v7.00 (7.00.6000.16809)

Boot mode: Normal

 

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\system32\taskeng.exe

C:\Windows\Explorer.EXE

C:\Program Files\Synaptics\SynTP\SynTPStart.exe

C:\Program Files\HP\QuickPlay\QPService.exe

C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe

C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe

C:\Program Files\HP\HP Software Update\hpwuSchd2.exe

C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Google\Gmail Notifier\gnotify.exe

C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe

C:\Windows\ehome\ehtray.exe

C:\Program Files\DAEMON Tools Lite\daemon.exe

C:\Users\nag\AppData\Local\Google\Update\GoogleUpdate.exe

C:\Users\nag\Program Files\DNA\btdna.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Windows\System32\mobsync.exe

C:\Windows\ehome\ehmsas.exe

C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Users\nag\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\nag\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\nag\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\nag\AppData\Local\Google\Chrome\Application\chrome.exe

c:\PROGRA~1\java\jre6\bin\jp2launcher.exe

C:\Program Files\Java\jre6\bin\java.exe

C:\Windows\system32\wuauclt.exe

C:\Users\nag\Documents\Downloads\HiJackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O1 - Hosts: ::1 localhost

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll

O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: HP Print Clips - {FFFFFFFF-FF12-44C5-91EC-068E3AA1B2D7} - c:\Program Files\HP\Smart Web Printing\hpswp_framework.dll

O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

O4 - HKLM\..\Run: [synTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe

O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"

O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start

O4 - HKLM\..\Run: [OnScreenDisplay] C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe

O4 - HKLM\..\Run: [uCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" update "Software\CyberLink\YouCam\1.0"

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

O4 - HKLM\..\Run: [WAWifiMessage] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter

O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden

O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe

O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun

O4 - HKCU\..\Run: [Google Update] "C:\Users\nag\AppData\Local\Google\Update\GoogleUpdate.exe" /c

O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe

O4 - HKCU\..\Run: [ADPHONE] C:\Program Files\ADPHONE3\ADPHONE.EXE /STARTUP

O4 - HKCU\..\Run: [bitTorrent DNA] "C:\Users\nag\Program Files\DNA\btdna.exe"

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O4 - Global Startup: Vongo Tray.lnk = ?

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000

O9 - Extra button: HP Smart Select - {58ECB495-38F0-49cb-A538-10282ABF65E7} - c:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll

O13 - Gopher Prefix:

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe

O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe

O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: MrHealthy (MrHealthyService) - Symantec Corporation - C:\Program Files\Norton PC Checkup\executables\mrHealthy\MrHealthy.exe

O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe

O23 - Service: QuickPlay Background Capture Service (QBCS) (QPCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe

O23 - Service: QuickPlay Task Scheduler (QTS) (QPSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

O23 - Service: Vongo Service - Starz Entertainment Group LLC - C:\Program Files\Vongo\VongoService.exe

O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

 

--

End of file - 10608 bytes

 

 

 

Relatório:

BankerFix 3.0 VALKYRIE - Banker Trojan Remover

Linha Defensiva | http://www.linhadefensiva.org

http://www.linhadefensiva.org/bankerfix/

-------------------------------------------------------

Date: 2009-04-08 - 00:14

-------------------------------------------------------

Version: 2009-01-21-2 | CORE: 2009-01-21-1

=======================================================

 

 

 

----- End -------------------------

[Power Max 54]

:seta: Pode remover o programa Bankerfix e vá no menu: Iniciar - Todos os programas - Acessórios - Windows Explorer - encontre esta pasta em destaque abaixo e a exclua:

C:\LinhaDefensiva

_______________________________________________________________________________

 

:seta: Há um programa instalado em seu PC que é problemático, ele se chama DNA (ou BitTorrent DNA).

 

Vá no menu: Iniciar > Painel de Controle > Adicionar ou remover programas > veja se este programa DNA está na lista de programas. Selecione-o e clique no botão Remover > Aí é só ir seguindo os passos que o desinstalador vai te passando.

_______________________________________________________________________________

 

:seta: Baixe o programa Avenger no link abaixo e extraia o conteúdo para o desktop (área de trabalho):

http://swandog46.geekstogo.com/avenger2/download.php

*Selecione e copie (Ctrl+C) todo o texto dentro do CODE (caixa branca) abaixo:

 

Folders to delete:C:\Users\nag\Program Files\DNA

 

*Execute o programa Avenger

*Clique em [Load Script] > [Paste from Clipboard]

*Clique em [Execute] > [OK]

*O PC será reiniciado.

_______________________________________________________________________________

 

:seta: Abra o HijackThis, clique em Do a system scan only, marque as entradas abaixo e clique em Fix checked:

 

O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)

 

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

 

O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)

 

O4 - HKCU\..\Run: [bitTorrent DNA] "C:\Users\nag\Program Files\DNA\btdna.exe"

_______________________________________________________________________________

 

:seta: Sugiro que você salve ou imprima essas instruções abaixo, pois em alguns momentos você poderá precisar usar o computador sem o acesso à internet:

 

- Faça o download do Malwarebytes Anti-Malware.

* Faça a instalação dando um duplo clique em "mbam-setup.exe";

*Selecione a linguagem Português (Brasil)

*Selecione apenas a caixa: "Atualizar MalwareBytes'Anti-Malware"

*Se alguma atualização existir, o download será automático

*Não faça ainda scan!!!

*Reinicie o PC em Modo de Segurança (apertando a tecla F8 (ou a tecla F5 em alguns computadores) repetidas vezes quando o computador estiver reiniciando e escolhendo a opção Modo Seguro ou Modo de Segurança).

* Se não possível executar o computador em Modo Seguro, faça o escaneamento no modo normal

*Execute o programa MalwareBytes'Anti-Malware e clique na aba: "Verificação", selecione a opção "Verificação completa"

*Clique no botão: "Verificar"

* Marque todas as partes do computador que você deseja escanear e clique no botão: “Iniciar verificação”

*Ao término do scan, clique em "OK" > "Mostrar Resultados"

*Selecione todas as entradas e clique em "Remover Selecionados"

*Após a remoção poderá ser interrogado se deseja remover objetos da memória. Clique "SIM"

*Um log será apresentado com o resultado das ações

*Alguns malwares são rebeldes e necessitam de uma reinicialização para a remoção. Caso isto seja solicitado, clique para reiniciar o PC.

*Ao término do processo, reinicie o PC em Modo Normal.

* Depois de alguns dias, se o seu computador estiver funcionando normalmente sem estes arquivos que foram excluidos pelo Malwarebytes Anti-malware, abra (execute) o Malwarebytes Anti-malware, clique na aba: Quarentena e clique no botão: Remover tudo.

*Execute novamente o programa Malwarebytes Anti-malware e clique na aba “Logs”, dê um duplo clique com o mouse sobre o log mais recente, selecione o log completo e copie-o.

 

Poste este log gerado pelo Malwarebytes Anti-Malware juntamente com o relatório criado em C:\avenger.txt e um novo log do Hijackthis na sua próxima resposta e nos diga como está o seu computador depois de seguir estes procedimentos acima.

 

Ficamos no aguardo de sua resposta.

[lockgirl 0]

Bom, não adiantou muito... a mensagem do vírus continua aparecendo.

A cada 5 minutos quando estou na internet.

Aparece a seguinte mensagem:

 

C:\Users\nag\AppData\Local\Temp\roger8774223782868505557.exe

Is the TR/Spy.Banker.Gen Trojan

 

Só muda o nómero do arquivo, eu sempre deleto, mas sempre aparecem ou são craidos arquivos novos na mesma pasta. Será que vou ter que formatar o pc?

 

Bom vou postar oque você me pediu:

 

MBAM- LOG:

 

Malwarebytes' Anti-Malware 1.36

Versão do banco de dados: 1945

Windows 6.0.6000

 

4/9/2009 10:09:01 PM

mbam-log-2009-04-09 (22-09-01).txt

 

Tipo de Verificação: Completa (C:\|)

Objetos verificados: 244068

Tempo decorrido: 1 hour(s), 46 minute(s), 8 second(s)

 

Processos da Memória infectados: 0

Módulos de Memória Infectados: 0

Chaves do Registro infectadas: 0

Valores do Registro infectados: 0

Ítens do Registro infectados: 0

Pastas infectadas: 0

Arquivos infectados: 0

 

Processos da Memória infectados:

(Nenhum ítem malicioso foi detectado)

 

Módulos de Memória Infectados:

(Nenhum ítem malicioso foi detectado)

 

Chaves do Registro infectadas:

(Nenhum ítem malicioso foi detectado)

 

Valores do Registro infectados:

(Nenhum ítem malicioso foi detectado)

 

Ítens do Registro infectados:

(Nenhum ítem malicioso foi detectado)

 

Pastas infectadas:

(Nenhum ítem malicioso foi detectado)

 

Arquivos infectados:

(Nenhum ítem malicioso foi detectado)

 

LOG DO HIJACKTHIS

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 10:18:26 PM, on 4/9/2009

Platform: Windows Vista (WinNT 6.00.1904)

MSIE: Internet Explorer v7.00 (7.00.6000.16809)

Boot mode: Normal

 

Running processes:

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Synaptics\SynTP\SynTPStart.exe

C:\Program Files\HP\QuickPlay\QPService.exe

C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe

C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe

C:\Program Files\HP\HP Software Update\hpwuSchd2.exe

C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Google\Gmail Notifier\gnotify.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe

C:\Windows\ehome\ehtray.exe

C:\Program Files\DAEMON Tools Lite\daemon.exe

C:\Users\nag\AppData\Local\Google\Update\GoogleUpdate.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Windows\ehome\ehmsas.exe

C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe

C:\Windows\system32\wuauclt.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

C:\Users\nag\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\nag\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\nag\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Users\nag\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\nag\AppData\Local\Google\Chrome\Application\chrome.exe

c:\PROGRA~1\java\jre6\bin\jp2launcher.exe

C:\Program Files\Java\jre6\bin\java.exe

C:\Users\nag\AppData\Local\Google\Chrome\Application\chrome.exe

c:\Users\nag\Documents\Downloads\avenger.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Users\nag\Documents\Downloads\HiJackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O1 - Hosts: ::1 localhost

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: HP Print Clips - {FFFFFFFF-FF12-44C5-91EC-068E3AA1B2D7} - c:\Program Files\HP\Smart Web Printing\hpswp_framework.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

O4 - HKLM\..\Run: [synTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe

O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"

O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start

O4 - HKLM\..\Run: [OnScreenDisplay] C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe

O4 - HKLM\..\Run: [uCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" update "Software\CyberLink\YouCam\1.0"

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

O4 - HKLM\..\Run: [WAWifiMessage] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter

O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden

O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe

O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun

O4 - HKCU\..\Run: [Google Update] "C:\Users\nag\AppData\Local\Google\Update\GoogleUpdate.exe" /c

O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe

O4 - HKCU\..\Run: [ADPHONE] C:\Program Files\ADPHONE3\ADPHONE.EXE /STARTUP

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O4 - Global Startup: Vongo Tray.lnk = ?

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000

O9 - Extra button: HP Smart Select - {58ECB495-38F0-49cb-A538-10282ABF65E7} - c:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll

O13 - Gopher Prefix:

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe

O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe

O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: MrHealthy (MrHealthyService) - Symantec Corporation - C:\Program Files\Norton PC Checkup\executables\mrHealthy\MrHealthy.exe

O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe

O23 - Service: QuickPlay Background Capture Service (QBCS) (QPCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe

O23 - Service: QuickPlay Task Scheduler (QTS) (QPSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

O23 - Service: Vongo Service - Starz Entertainment Group LLC - C:\Program Files\Vongo\VongoService.exe

O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

 

--

End of file - 10582 bytes

 

 

AVENGER RELATÓRIO

 

Logfile of The Avenger Version 2.0, © by Swandog46

http://swandog46.geekstogo.com

 

Platform: Windows Vista

 

*******************

 

Script file opened successfully.

Script file read successfully.

 

Backups directory opened successfully at C:\Avenger

 

*******************

 

Beginning to process script file:

 

Rootkit scan active.

No rootkits found!

 

 

Error: could not open folder "C:\Users\nag\Program Files\DNA"

Deletion of folder "C:\Users\nag\Program Files\DNA" failed!

Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND)

--> bad path / the parent directory does not exist

 

 

Completed script processing.

 

*******************

 

Finished! Terminate.

[Power Max 54]

Embora o PC ainda esteja com problemas, ele já deu uma melhorada segundo o log que você postou.

 

:seta: Siga as dicas dos tutoriais abaixo para configurar e utilizar o Avira Antivir:

 

Tutorial do Avira Antivir 9 free (instalação e configuração)

 

Tutorial do Avira Antivir 9 free (como usá-lo corretamente)

 

Depois disto faça uma atualização (update) do Avira e faça o seguinte:

 

Reinicie o seu computador e entre pelo Modo de Segurança (apertando a tecla F8 (ou a tecla F5 em alguns computadores) repetidas vezes quando o computador estiver reiniciando e escolhendo a opção Modo Seguro ou Modo de Segurança). Aí quando o computador tiver reiniciado, você escaneia o computador com o Avira Antivir e com o Windows Defender que você tem também instalado em seu PC e à medida em que forem sendo achados vírus e programas espiões vá enviando eles para a quarentena. Depois de algumas semanas, se o seu computador estiver funcionando normalmente sem estes arquivos que foram para a quarentena, você pode ir na quarentena e excluí-los definitivamente.

______________________________________________________________________________

 

Faça também o seguinte:

 

:seta: Sugiro que você salve ou imprima essas instruções abaixo, pois em alguns momentos você poderá precisar usar o computador sem o acesso à internet:

 

• Faça o download do Spyware Doctor Starter Edition;

• Dê um duplo clique no ícone do programa e instale-o clicando em (Próximo > Aceite o contrato > Próximo > Próximo > Instalar > Aguarde a instalação e atualização do Spyware Doctor > Clique no botão Concluir > Próximo > se aparecer uma caixa com a opção de Proteção IntelliGuard, clique no botão Sim > Caso apareça uma caixa com a frase “Bem vindo ao Smart Update, clique no botão Próximo > Concluir);

• Automaticamente ele deverá iniciar uma verificação rápida. Se ele encontrar ameaças, clique no botão Reparar Marcados → > Continuar.

• Reinicie o PC em Modo de Segurança (apertando a tecla F8 (ou a tecla F5 em alguns computadores) repetidas vezes quando o computador estiver reiniciando e escolhendo a opção Modo Seguro ou Modo de Segurança);

• Se não possível executar o computador em Modo Seguro, faça o escaneamento no modo normal;

• Marque a opção Verificação Completa > Verificar Agora;

• Seja paciente, o scan pode demorar;

• Se ele encontrar ameaças, clique no botão Reparar Marcados → > Continuar > Exibir Histórico > Salvar no arquivo > clique na opção Desktop (para que o log seja salvo na área de trabalho do computador) e salve-o com o nome de Log

• Reinicie o computador normalmente. Abra este arquivo Log > selecione e copie todo o seu conteúdo e poste-o em sua próxima resposta juntamente com um novo log do Hijackthis e nos diga como está o seu PC depois destes procedimentos;

• Ficamos no aguardo.

[Mário Monteiro 179]

Tópico Arquivado

 

Como o autor não respondeu por mais de 30 dias, o tópico foi arquivado.

 

Caso você seja o autor do tópico e quer reabrir, envie uma mensagem privada para um moderador da área juntamente com o link para este tópico e explique o motivo da reabertura.