Virus Impossivel

[drinllyn]

Galera descupa o incomodo ou se postei em luga errado me avisa

Estou com um virus que tá chato pacas para tira

sintomas:

você tenta instalar um antivirus EX: Avast ele renicia seu computador

você tenta instalar um antivirus EX: AVG ele desinstala ele antes mesmo de instalar

você tenta entra em modo seguro ele renicia seu computador

se tiver algum antivirus instalado ele reconhece todos os .Exe como virus

se você formata o computador como ainda tem backup você clica em um backup e tudo volta novamente

se você tenta entra em sites como kaspersky ele conta como pagina Inesistente.

aqui esta os log que fiz.

Log hijackthis:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 12:38:18, on 12/28/aaaa

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Lavasoft\Ad-Aware\aawservice.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\VIA\VIAudioi\HDADeck\HDeck.exe

C:\Arquivos de programas\Java\jre6\bin\jusched.exe

C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe

C:\Arquivos de programas\Nero\Nero 7\InCD\NBHGui.exe

C:\Arquivos de programas\Nero\Nero 7\InCD\InCD.exe

C:\WINDOWS\FixCamera.exe

C:\WINDOWS\tsnp2std.exe

C:\WINDOWS\vsnp2std.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Arquivos de programas\Winamp\winampa.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Bonjour\mDNSResponder.exe

C:\Arquivos de programas\Nero\Nero 7\InCD\InCDsrv.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\WINDOWS\system32\nvsvc32.exe

c:\Arquivos de programas\Arquivos comuns\Protexis\License Service\PsiService_2.exe

C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe

C:\Arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\WINDOWS\system32\wuauclt.exe

C:\DOCUME~1\Drinllyn\CONFIG~1\Temp\krnq.exe

C:\DOCUME~1\Drinllyn\CONFIG~1\Temp\windhsrc.exe

C:\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp

O1 - Hosts: 74.55.89.186 L2authd.lineage2.com ------------------- 72.29.79.178

O1 - Hosts: 74.55.89.186 L2testauthd.lineage2.com ------------------- 72.29.79.178

O1 - Hosts: 216.107.250.194 update.nprotect.com ------------------- 72.29.79.178

O1 - Hosts: 216.107.250.194 update.nprotect.net ------------------- 72.29.79.178

O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Arquivos de programas\AskBarDis\bar\bin\askBar.dll

O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Arquivos de programas\Winamp Toolbar\winamptb.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Arquivos de programas\AVG\AVG8\avgssie.dll (file missing)

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Arquivos de programas\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre6\bin\ssv.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\ARQUIV~1\AVG\AVG8\AVGTOO~1.DLL (file missing)

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\arquivos de programas\google\googletoolbar1.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar1.dll

O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Arquivos de programas\Winamp Toolbar\winamptb.dll

O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Arquivos de programas\AskBarDis\bar\bin\askBar.dll

O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll

O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\ARQUIV~1\AVG\AVG8\AVGTOO~1.DLL (file missing)

O4 - HKLM\..\Run: [HDAudDeck] C:\Arquivos de programas\VIA\VIAudioi\HDADeck\HDeck.exe 1

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [RemoteControl] "C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [LanguageShortcut] "C:\Arquivos de programas\CyberLink\PowerDVD\Language\Language.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [securDisc] C:\Arquivos de programas\Nero\Nero 7\InCD\NBHGui.exe

O4 - HKLM\..\Run: [inCD] C:\Arquivos de programas\Nero\Nero 7\InCD\InCD.exe

O4 - HKLM\..\Run: [FixCamera] C:\WINDOWS\FixCamera.exe

O4 - HKLM\..\Run: [tsnp2std] C:\WINDOWS\tsnp2std.exe

O4 - HKLM\..\Run: [snp2std] C:\WINDOWS\vsnp2std.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [vssms32] C:\WINDOWS\system32\vssms32.exe

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [WinampAgent] "C:\Arquivos de programas\Winamp\winampa.exe"

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office10\OSA.EXE

O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O17 - HKLM\System\CCS\Services\Tcpip\..\{5CC6A092-38A1-4385-A7DF-28EFAA469641}: NameServer = 201.10.128.2,201.10.120.2

O17 - HKLM\System\CS1\Services\Tcpip\..\{5CC6A092-38A1-4385-A7DF-28EFAA469641}: NameServer = 201.10.128.2,201.10.120.2

O17 - HKLM\System\CS2\Services\Tcpip\..\{5CC6A092-38A1-4385-A7DF-28EFAA469641}: NameServer = 201.10.128.2,201.10.120.2

O17 - HKLM\System\CS3\Services\Tcpip\..\{5CC6A092-38A1-4385-A7DF-28EFAA469641}: NameServer = 201.10.128.2,201.10.120.2

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Arquivos de programas\AVG\AVG8\avgpp.dll (file missing)

O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Arquivos de programas\Lavasoft\Ad-Aware\aawservice.exe

O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Arquivos de programas\Bonjour\mDNSResponder.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Arquivos de programas\Nero\Nero 7\InCD\InCDsrv.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Arquivos de programas\Arquivos comuns\Protexis\License Service\PsiService_2.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe

--

End of file - 9227 bytes

Log ComboFix:

ComboFix 08-12-26.03 - Drinllyn 2008-12-28 13:54:10.2 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.2047.1600 [GMT -2:00]

Executando de: c:\documents and settings\Drinllyn\Desktop\ComboFix.exe

AV: AVG Anti-Virus Free *On-access scanning disabled* (Outdated)

.

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

((((((((((((((((((((((((((((((((((((((( Drivers/Serviços )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Legacy_ASC3360PR

(((((((((((((((( Arquivos/Ficheiros criados de 2008-11-28 to 2008-12-28 ))))))))))))))))))))))))))))

.

2008-12-28 13:24 . 2008-12-28 13:57 <DIR> d-------- c:\documents and settings\Drinllyn\Tracing

2008-12-28 12:39 . 2008-12-28 12:40 572,088 --a------ C:\fsbl.exe

2008-12-28 12:37 . 2007-06-28 14:36 471,352 --a------ C:\HijackThis.exe

2008-12-28 12:02 . 2008-12-28 12:02 <DIR> d-------- c:\documents and settings\Drinllyn\Dados de aplicativos\AVGTOOLBAR

2008-12-28 12:02 . 2008-12-28 12:14 <DIR> d-------- c:\documents and settings\All Users\Dados de aplicativos\avg8

2008-12-28 12:02 . 2008-12-28 12:02 <DIR> d-------- c:\arquivos de programas\AVG

2008-12-28 11:50 . 2008-12-28 11:50 <DIR> d-------- c:\documents and settings\Drinllyn\Dados de aplicativos\InstallShield

2008-12-28 11:37 . 2008-12-28 11:37 <DIR> d-------- c:\documents and settings\Drinllyn\Dados de aplicativos\Winamp

2008-12-28 11:27 . 2008-12-28 11:03 <DIR> d--h----- c:\documents and settings\Drinllyn\Modelos

2008-12-28 11:27 . 2008-12-28 13:27 <DIR> dr------- c:\documents and settings\Drinllyn\Meus documentos

2008-12-28 11:27 . 2008-12-16 15:58 <DIR> dr------- c:\documents and settings\Drinllyn\Menu Iniciar

2008-12-28 11:27 . 2008-12-28 11:28 <DIR> dr------- c:\documents and settings\Drinllyn\Favoritos

2008-12-28 11:27 . 2008-12-28 11:50 <DIR> dr-h----- c:\documents and settings\Drinllyn\Dados de aplicativos

2008-12-28 11:27 . 2008-12-28 12:51 <DIR> d--h----- c:\documents and settings\Drinllyn\Configurações locais

2008-12-28 11:27 . 2008-12-16 15:58 <DIR> d--h----- c:\documents and settings\Drinllyn\Ambiente de rede

2008-12-28 11:27 . 2008-12-16 15:58 <DIR> d--h----- c:\documents and settings\Drinllyn\Ambiente de impressão

2008-12-28 11:27 . 2008-12-28 13:24 <DIR> d-------- c:\documents and settings\Drinllyn

2008-12-28 11:22 . 1782-01-19 01:14 13,463,552 --a--c--- c:\windows\system32\dllcache\hwxjpn.dll

2008-12-28 11:21 . 2004-08-04 01:45 2,134,528 --a--c--- c:\windows\system32\dllcache\smtpsnap.dll

2008-12-28 11:20 . 2004-08-04 01:45 221,184 --a------ c:\windows\system32\wmpns.dll

2008-12-28 11:19 . 2008-12-28 11:19 749 -rah----- c:\windows\WindowsShell.Manifest

2008-12-28 11:19 . 2008-12-28 11:19 749 -rah----- c:\windows\system32\wuaucpl.cpl.manifest

2008-12-28 11:19 . 2008-12-28 11:19 749 -rah----- c:\windows\system32\sapi.cpl.manifest

2008-12-28 11:19 . 2008-12-28 11:19 749 -rah----- c:\windows\system32\nwc.cpl.manifest

2008-12-28 11:19 . 2008-12-28 11:19 749 -rah----- c:\windows\system32\ncpa.cpl.manifest

2008-12-28 11:19 . 2008-12-28 11:19 488 -rah----- c:\windows\system32\logonui.exe.manifest

2008-12-28 11:07 . 2001-08-17 20:13 27,165 --a------ c:\windows\system32\drivers\fetnd5.sys

2008-12-28 08:56 . 2008-12-28 11:30 2,145,386,496 --a------ c:\windows\MEMORY.DMP

2008-12-27 23:36 . 2008-12-28 11:35 10,455 --a------ c:\windows\hkr32.asm

2008-12-27 22:40 . 2008-12-27 22:43 <DIR> d-------- c:\documents and settings\All Users\Dados de aplicativos\Lavasoft

2008-12-27 22:40 . 2008-12-27 22:40 <DIR> d-------- c:\arquivos de programas\Lavasoft

2008-12-27 22:40 . 2008-12-27 22:40 <DIR> d-------- c:\arquivos de programas\Arquivos comuns\Wise Installation Wizard

2008-12-27 22:11 . 2008-12-27 22:11 <DIR> d-------- c:\arquivos de programas\Arquivos comuns\xing shared

2008-12-27 22:11 . 2008-12-27 22:11 <DIR> d-------- c:\arquivos de programas\Arquivos comuns\Real

2008-12-27 12:29 . 2008-12-27 12:29 <DIR> d-------- C:\laucher

2008-12-26 22:38 . 2008-12-26 22:42 <DIR> d-------- c:\arquivos de programas\Lineage II

2008-12-26 16:03 . 2008-12-26 16:03 <DIR> d-------- c:\arquivos de programas\Gravity

2008-12-26 10:10 . 2008-12-26 10:10 421 --a------ c:\windows\ODBC.INI

2008-12-26 10:08 . 2008-12-26 10:09 <DIR> d--h----- c:\windows\ShellNew

2008-12-25 18:50 . 2008-12-25 18:53 <DIR> d-------- c:\documents and settings\Administrador\.jSMS

2008-12-23 12:25 . 2006-02-04 03:50 5,174 --a------ c:\windows\system32\nppt9x.vxd

2008-12-23 12:25 . 2006-02-04 03:50 4,682 --a------ c:\windows\system32\npptNT2.sys

2008-12-23 12:23 . 2008-12-23 12:23 <DIR> d-------- c:\windows\Ultimate Fight Server

2008-12-23 10:15 . 2008-12-23 14:31 <DIR> d-------- c:\arquivos de programas\L2Informer

2008-12-23 08:36 . 2008-12-23 08:36 0 --ah----- c:\windows\system32\drivers\Msft_Kernel_motccgpfl_01005.Wdf

2008-12-23 08:36 . 2008-12-23 08:36 0 --ah----- c:\windows\system32\drivers\Msft_Kernel_motccgp_01005.Wdf

2008-12-22 20:44 . 2008-12-22 20:44 <DIR> d-------- c:\documents and settings\Administrador\Dados de aplicativos\Ahead

2008-12-22 18:21 . 2008-12-22 18:21 <DIR> d-------- C:\gamesX

2008-12-20 21:47 . 2008-12-20 21:47 <DIR> d-------- c:\documents and settings\All Users\Dados de aplicativos\FLEXnet

2008-12-20 21:00 . 2008-12-20 21:00 <DIR> d-------- c:\arquivos de programas\Bonjour

2008-12-20 20:51 . 2008-12-20 20:51 <DIR> d-------- c:\arquivos de programas\Arquivos comuns\Macrovision Shared

2008-12-20 20:48 . 2008-12-20 21:00 <DIR> d-------- c:\arquivos de programas\Arquivos comuns\Adobe

2008-12-19 21:46 . 2008-12-19 21:46 0 --ah----- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf

2008-12-19 21:46 . 2008-12-19 21:46 0 --ah----- c:\windows\system32\drivers\Msft_Kernel_motmodem_01005.Wdf

2008-12-19 21:43 . 2008-12-19 21:44 <DIR> d----c--- c:\windows\system32\DRVSTORE

2008-12-19 21:43 . 2008-12-27 22:11 <DIR> d-------- C:\Program Files

2008-12-19 21:43 . 2008-12-19 21:43 <DIR> d-------- c:\arquivos de programas\Arquivos comuns\Motorola Shared

2008-12-19 21:43 . 2006-11-13 15:45 1,419,232 --a------ c:\windows\system32\wdfcoinstaller01005.dll

2008-12-19 21:43 . 2006-12-14 11:27 40,832 --a------ c:\windows\system32\drivers\motodrv.sys

2008-12-19 21:43 . 2007-04-02 22:13 21,632 --a------ c:\windows\system32\drivers\motmodem.sys

2008-12-19 21:43 . 2007-04-02 22:13 17,920 --a------ c:\windows\system32\drivers\motccgp.sys

2008-12-19 21:43 . 2007-01-23 20:03 7,680 --a------ c:\windows\system32\drivers\motccgpfl.sys

2008-12-19 21:43 . 2006-12-06 18:33 6,400 --a------ c:\windows\system32\drivers\motswch.sys

2008-12-19 17:05 . 2008-12-19 17:05 <DIR> d-------- c:\windows\system32\Adobe

2008-12-19 16:56 . 2008-12-19 16:56 <DIR> d-------- c:\documents and settings\LocalService\Dados de aplicativos\TeamViewer

2008-12-19 16:50 . 2008-12-19 16:50 <DIR> d-------- c:\windows\system32\config\systemprofile\Dados de aplicativos\TeamViewer

2008-12-19 16:50 . 2008-12-19 16:50 <DIR> d-------- c:\documents and settings\Administrador\temp

2008-12-19 16:50 . 2008-12-19 16:59 <DIR> d-------- c:\documents and settings\Administrador\Dados de aplicativos\TeamViewer

2008-12-19 16:50 . 2008-12-19 16:50 <DIR> d-------- c:\arquivos de programas\TeamViewer

2008-12-19 13:23 . 2008-12-19 13:23 <DIR> d-------- c:\arquivos de programas\Aspyr

2008-12-19 13:14 . 2007-07-19 18:14 3,727,720 --a------ c:\windows\system32\d3dx9_35.dll

2008-12-19 13:14 . 2007-04-04 18:53 81,768 --a------ c:\windows\system32\xinput1_3.dll

2008-12-19 12:55 . 2008-12-27 11:22 <DIR> d-------- c:\arquivos de programas\DAEMON Tools Toolbar

2008-12-19 12:54 . 2008-12-27 12:39 <DIR> d-------- c:\arquivos de programas\DAEMON Tools Lite

2008-12-19 12:33 . 2008-12-19 12:33 <DIR> d-------- c:\documents and settings\Administrador\Dados de aplicativos\DAEMON Tools

2008-12-19 12:33 . 2008-12-19 12:33 717,296 --a------ c:\windows\system32\drivers\sptd.sys

2008-12-19 08:58 . 2008-12-19 08:58 <DIR> d-------- c:\documents and settings\Administrador\Dados de aplicativos\Media Player Classic

2008-12-19 08:57 . 2008-12-19 08:57 <DIR> d-------- c:\arquivos de programas\K-Lite Codec Pack

2008-12-19 08:57 . 2008-05-22 20:22 3,596,288 --a------ c:\windows\system32\qt-dx331.dll

2008-12-19 08:57 . 2008-07-04 04:34 860,160 --a------ c:\windows\system32\lameACM.acm

2008-12-19 08:57 . 2008-01-10 10:15 755,027 --a------ c:\windows\system32\xvidcore.dll

2008-12-19 08:57 . 2008-05-30 21:22 683,520 --a------ c:\windows\system32\divx.dll

2008-12-19 08:57 . 2004-01-25 14:18 217,088 --a------ c:\windows\system32\yv12vfw.dll

2008-12-19 08:57 . 2007-09-04 14:56 164,352 --a------ c:\windows\system32\unrar.dll

2008-12-19 08:57 . 2008-01-10 10:16 159,839 --a------ c:\windows\system32\xvidvfw.dll

2008-12-19 08:57 . 2007-09-20 22:52 118,784 --a------ c:\windows\system32\ac3acm.acm

2008-12-19 08:57 . 2008-05-22 20:19 81,920 --a------ c:\windows\system32\dpl100.dll

2008-12-19 08:57 . 2008-06-12 16:36 7,680 --a------ c:\windows\system32\ff_vfw.dll

2008-12-19 08:57 . 2007-07-10 14:10 547 --a------ c:\windows\system32\ff_vfw.dll.manifest

2008-12-19 08:57 . 2007-10-03 13:03 414 --a------ c:\windows\system32\lame_acm.xml

2008-12-19 08:54 . 2008-12-27 22:06 69 --a------ c:\windows\NeroDigital.ini

2008-12-18 23:50 . 2008-12-18 23:50 <DIR> d-------- c:\arquivos de programas\Macromedia

2008-12-18 23:50 . 2008-12-18 23:50 <DIR> d-------- c:\arquivos de programas\Arquivos comuns\Macromedia

2008-12-18 23:49 . 2008-12-18 23:49 <DIR> d-------- c:\windows\Downloaded Installations

2008-12-18 23:03 . 2008-12-18 23:03 <DIR> d-------- c:\documents and settings\All Users\Dados de aplicativos\Corel

2008-12-18 23:03 . 2008-12-18 23:03 <DIR> d-------- c:\arquivos de programas\Arquivos comuns\Protexis

2008-12-18 22:55 . 2008-12-18 22:55 <DIR> d-------- c:\arquivos de programas\Arquivos comuns\Corel

2008-12-18 22:51 . 2008-12-18 22:51 <DIR> d-------- c:\arquivos de programas\Corel

2008-12-18 22:44 . 2004-08-03 22:58 5,504 --a------ c:\windows\system32\drivers\MSTEE.sys

2008-12-18 22:43 . 2004-08-04 00:45 91,136 --a------ c:\windows\system32\kswdmcap.ax

2008-12-18 22:43 . 2004-08-03 23:10 85,376 --a------ c:\windows\system32\drivers\NABTSFEC.sys

2008-12-18 22:43 . 2004-08-04 00:45 61,952 --a------ c:\windows\system32\kstvtune.ax

2008-12-18 22:43 . 2004-08-04 00:45 54,784 --a------ c:\windows\system32\vfwwdm32.dll

2008-12-18 22:43 . 2004-08-04 00:45 28,672 --a------ c:\windows\system32\vidcap.ax

2008-12-18 22:43 . 2004-08-03 23:10 19,328 --a------ c:\windows\system32\drivers\WSTCODEC.SYS

2008-12-18 22:43 . 2004-08-03 23:10 17,024 --a------ c:\windows\system32\drivers\CCDECODE.sys

2008-12-18 22:42 . 2004-08-04 00:45 43,008 --a------ c:\windows\system32\ksxbar.ax

2008-12-18 22:41 . 2008-12-18 22:41 <DIR> d-------- c:\documents and settings\Administrador\Dados de aplicativos\InstallShield

2008-12-18 22:41 . 2008-12-18 22:41 <DIR> d-------- c:\arquivos de programas\Arquivos comuns\snp2std

2008-12-18 22:41 . 2007-03-10 16:33 12,007,296 --a------ c:\windows\system32\drivers\snp2sxp.sys

2008-12-18 22:41 . 2006-12-05 14:22 425,984 --a------ c:\windows\vsnp2std.exe

2008-12-18 22:41 . 2007-02-13 11:01 262,144 --a------ c:\windows\tsnp2std.exe

2008-12-18 22:41 . 2006-07-03 10:31 172,032 --a------ c:\windows\amcap.exe

2008-12-18 22:41 . 2007-02-05 15:25 151,552 --a------ c:\windows\system32\rsnp2std.dll

2008-12-18 22:41 . 2006-11-16 15:57 77,824 --a------ c:\windows\system32\csnp2std.dll

2008-12-18 22:41 . 2007-02-13 15:45 69,632 --a------ c:\windows\system32\vsnp2std.dll

2008-12-18 22:41 . 2007-01-25 18:48 25,472 --a------ c:\windows\system32\drivers\sncamd.sys

2008-12-18 22:41 . 2007-02-12 14:50 20,480 --a------ c:\windows\FixCamera.exe

2008-12-18 22:41 . 2004-12-09 17:23 15,497 --a------ c:\windows\snp2std.ini

2008-12-18 22:41 . 2004-12-09 17:23 13,022 --a------ c:\windows\snp2std.src

2008-12-18 21:08 . 2008-12-18 21:08 <DIR> d-------- c:\documents and settings\All Users\Dados de aplicativos\CyberLink

2008-12-18 21:08 . 2008-12-18 21:08 <DIR> d-------- c:\documents and settings\Administrador\Dados de aplicativos\CyberLink

2008-12-18 21:07 . 2008-12-18 21:30 <DIR> d-------- C:\Temp

2008-12-18 21:06 . 2008-12-27 11:18 <DIR> d-------- c:\arquivos de programas\lg_fwupdate

2008-12-18 21:06 . 1998-06-24 00:00 115,016 --a------ c:\windows\system32\MSINET.OCX

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-12-16 20:26 --------- d-----w c:\arquivos de programas\microsoft frontpage

2008-12-16 20:24 --------- d-----w c:\arquivos de programas\Serviços on-line

2008-12-16 20:24 --------- d-----w c:\arquivos de programas\Arquivos comuns\Serviços

2008-12-05 01:03 308,072 ----a-w c:\windows\WLXPGSS.SCR

.

((((((((((((((((((((((((((((( snapshot@2008-12-28_12.57.18.59 )))))))))))))))))))))))))))))))))))))))))

.

+ 2008-12-28 15:56:52 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_644.dat

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]

2008-09-29 17:24 325000 --a------ c:\arquivos de programas\AskBarDis\bar\bin\askBar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\arquivos de programas\AskBarDis\bar\bin\askBar.dll" [2008-09-29 325000]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]

"msnmsgr"="c:\arquivos de programas\Windows Live\Messenger\msnmsgr.exe" [2008-12-02 3960136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"HDAudDeck"="c:\arquivos de programas\VIA\VIAudioi\HDADeck\HDeck.exe" [2007-05-11 790528]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-06-28 8466432]

"SunJavaUpdateSched"="c:\arquivos de programas\Java\jre6\bin\jusched.exe" [2008-12-18 136600]

"RemoteControl"="c:\arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe" [2007-03-14 71216]

"LanguageShortcut"="c:\arquivos de programas\CyberLink\PowerDVD\Language\Language.exe" [2007-01-08 121888]

"NeroFilterCheck"="c:\arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe" [2007-03-01 226864]

"SecurDisc"="c:\arquivos de programas\Nero\Nero 7\InCD\NBHGui.exe" [2007-11-26 1629480]

"InCD"="c:\arquivos de programas\Nero\Nero 7\InCD\InCD.exe" [2007-11-26 1057064]

"FixCamera"="c:\windows\FixCamera.exe" [2007-02-12 20480]

"tsnp2std"="c:\windows\tsnp2std.exe" [2007-02-13 262144]

"snp2std"="c:\windows\vsnp2std.exe" [2006-12-05 425984]

"TkBellExe"="c:\arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" [2008-12-27 337424]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-06-28 81920]

"WinampAgent"="c:\arquivos de programas\Winamp\winampa.exe" [2008-08-03 36352]

"nwiz"="nwiz.exe" [2007-06-28 c:\windows\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\

Microsoft Office.lnk - c:\arquivos de programas\Microsoft Office\Office10\OSA.EXE [2001-02-13 152992]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusDisableNotify"=dword:00000001

"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Arquivos de programas\\DNA\\btdna.exe"=

"c:\\Arquivos de programas\\BitTorrent\\bittorrent.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Arquivos de programas\\Windows Live\\Sync\\WindowsLiveSync.exe"=

"c:\\Arquivos de programas\\CyberLink\\PowerDVD\\PowerDVD.exe"=

"c:\\Arquivos de programas\\Aspyr\\Guitar Hero III\\GH3.exe"=

"c:\\Arquivos de programas\\Bonjour\\mDNSResponder.exe"=

"c:\\Arquivos de programas\\VIA\\VIAudioi\\HDADeck\\HDeck.exe"=

"c:\\Arquivos de programas\\Microsoft Office\\Office10\\OSA.EXE"=

"c:\\WINDOWS\\system32\\mstsc.exe"=

"c:\\WINDOWS\\system32\\nwiz.exe"=

"c:\\WINDOWS\\system32\\userinit.exe"=

"c:\\Arquivos de programas\\Nero\\Nero 7\\InCD\\NBHGui.exe"=

"c:\\Arquivos de programas\\Mozilla Firefox\\firefox.exe"=

"c:\\Arquivos de programas\\Arquivos comuns\\Ahead\\Lib\\NeroCheck.exe"=

"c:\\Arquivos de programas\\Arquivos comuns\\Real\\Update_OB\\realsched.exe"=

"c:\\WINDOWS\\system32\\wscntfy.exe"=

"c:\\DOCUME~1\\Drinllyn\\CONFIG~1\\Temp\\ivjvk.exe"=

"c:\\DOCUME~1\\Drinllyn\\CONFIG~1\\Temp\\winddgi.exe"=

R0 ViBus;ViBus;c:\windows\system32\DRIVERS\ViBus.sys [2008-12-16 16896]

R0 ViPrt;VIA SATA IDE Device Driver;c:\windows\system32\DRIVERS\ViPrt.sys [2008-12-16 52224]

R2 SeaPort;SeaPort;"c:\arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe" [2008-12-04 226640]

R3 asc3360pr;asc3360pr;\??\c:\windows\system32\drivers\kmrfgn.sys []

S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys [2008-12-19 17920]

S3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys [2008-12-19 7680]

S3 MotDev;Motorola Inc. USB Device;c:\windows\system32\DRIVERS\motodrv.sys [2008-12-19 40832]

S3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\DRIVERS\teamviewervpn.sys [2008-01-07 25088]

*Newly Created Service* - ASC3360PR

.

.

------- Scan Suplementar -------

.

TCP: {5CC6A092-38A1-4385-A7DF-28EFAA469641} = 201.10.128.2,201.10.120.2

FF - ProfilePath - c:\documents and settings\Drinllyn\Dados de aplicativos\Mozilla\Firefox\Profiles\6gytox8w.default\

FF - component: c:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll

FF - plugin: c:\arquivos de programas\Mozilla Firefox\plugins\npbittorrent.dll

FF - plugin: c:\arquivos de programas\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: c:\program files\Real\RealPlayer\Netscape6\nppl3260.dll

FF - plugin: c:\program files\Real\RealPlayer\Netscape6\nprjplug.dll

FF - plugin: c:\program files\Real\RealPlayer\Netscape6\nprpjplug.dll

ATTENTION: FIREFOX POLICES IS IN FORCE

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");

.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-12-28 13:57:01

Windows 5.1.2600 Service Pack 2 NTFS

Procurando processos ocultos ...

Procurando entradas auto inicializáveis ocultas ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

HDAudDeck = c:\arquivos de programas\VIA\VIAudioi\HDADeck\HDeck.exe 1????????????????????????????????????????????????????????

Procurando ficheiros/arquivos ocultos ...

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

**************************************************************************

.

------------------------ Outros Processos em Execução ------------------------

.

c:\arquivos de programas\Lavasoft\Ad-Aware\aawservice.exe

c:\windows\system32\rundll32.exe

c:\arquivos de programas\Bonjour\mDNSResponder.exe

c:\arquivos de programas\Nero\Nero 7\InCD\InCDsrv.exe

c:\arquivos de programas\Java\jre6\bin\jqs.exe

c:\windows\system32\nvsvc32.exe

c:\arquivos de programas\Arquivos comuns\Protexis\License Service\PsiService_2.exe

c:\arquivos de programas\CyberLink\Shared Files\RichVideo.exe

c:\windows\system32\wscntfy.exe

c:\docume~1\Drinllyn\CONFIG~1\temp\ivjvk.exe

c:\docume~1\Drinllyn\CONFIG~1\temp\winddgi.exe

.

**************************************************************************

.

Tempo para conclusão: 2008-12-28 14:02:20 - Máquina reiniciou

ComboFix-quarantined-files.txt 2008-12-28 16:02:18

ComboFix2.txt 2008-12-28 14:58:21

Pré-execução: 12 pasta(s) 30.682.931.200 bytes disponíveis

Pós execução: 12 pasta(s) 30,646,177,792 bytes disponíveis

267

E o fsbl.exe não e um aplicativo win32 valido ^^.

tentei por esse post mais nao deu

http://forum.clubedohardware.com.br/virus-apagou-avast/482324?

[vzolin]

Tente limpar o backup em uma maquina com anti-virus e formate a maquina bichada

[drinllyn]

fiz o dito nao adianto muito mais 3 antivirus consseguio apaga essa praga de virus

nome do virus: sality-gen e o que pega em todos os EXE isso pelo avast

muito obrigado

[eikiti]

cara você tentou dar boot pelo cd e depois formatar o pc??

talvez o virus esteja dentro do backup.

Não sou um expert...mas vamos tentar!!! =D