O malware bytes não tinha nada na quarentena. Segue o log do combo fix.
ComboFix 10-01-25.02 - PC 24/01/2010 20:51:03.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.2045.1610 [GMT -2:00]
Executando de: c:\documents and settings\PC\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1368 [VPS 100125-1] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))) )
.
C:\Autorun.inf
C:\c2e.exe
c:\docume~1\PC\CONFIG~1\Temp\cvasds0.dll
c:\docume~1\PC\CONFIG~1\Temp\herss.exe
c:\documents and settings\PC\Configurações locais\Temp\cvasds0.dll
c:\windows\system32\DROPPEDFILEOK.tmp
D:\autorun.inf
D:\c2e.exe
.
(((((((((((((((( Arquivos/Ficheiros criados de 2009-12-24 to 2010-01-24 ))))))))))))))))))))))))))))
.
2010-01-24 22:55 . 2010-01-24 22:55 -------- d-----w- c:\windows\system32\xircom
2010-01-24 22:55 . 2010-01-24 22:55 -------- d-----w- c:\windows\system32\wbem\snmp
2010-01-24 21:27 . 2010-01-24 21:27 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\Malwarebytes
2010-01-24 21:22 . 2010-01-24 21:22 -------- d-----w- c:\documents and settings\PC\Dados de aplicativos\Malwarebytes
2010-01-24 21:22 . 2010-01-07 18:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-24 21:22 . 2010-01-24 21:22 -------- d-----w- c:\arquivos de programas\Malwarebytes' Anti-Malware
2010-01-24 21:22 . 2010-01-24 21:22 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Malwarebytes
2010-01-24 21:22 . 2010-01-07 18:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-24 20:09 . 2009-10-22 14:54 37392 ----a-w- c:\windows\system32\drivers\02260612.sys
2010-01-24 20:09 . 2009-10-10 00:31 315408 ----a-w- c:\windows\system32\drivers\0226061.sys
2010-01-24 17:24 . 2009-11-24 23:48 23120 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-01-24 17:24 . 2009-11-24 23:49 48560 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-01-24 17:24 . 2009-11-24 23:47 27408 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-01-24 17:24 . 2009-11-24 23:47 97480 ----a-w- c:\windows\system32\AvastSS.scr
2010-01-24 17:24 . 2009-11-24 23:51 93424 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-01-24 17:24 . 2009-11-24 23:50 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-01-24 17:24 . 2009-11-24 23:50 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-01-24 17:24 . 2009-11-24 23:50 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-01-24 17:24 . 2009-11-24 23:54 1280480 ----a-w- c:\windows\system32\aswBoot.exe
2010-01-24 17:24 . 2003-03-18 19:20 1060864 ----a-w- c:\windows\system32\MFC71.dll
2010-01-24 17:24 . 2010-01-24 17:24 -------- d-----w- c:\arquivos de programas\Alwil Software
2010-01-24 16:52 . 2010-01-24 16:52 -------- d-----w- c:\documents and settings\PC\Dados de aplicativos\IObit
2010-01-24 16:52 . 2010-01-24 16:52 -------- d-----w- c:\arquivos de programas\IObit
2010-01-22 21:38 . 2005-06-03 17:56 53248 ----a-r- c:\windows\UpdtNv28.exe
2010-01-07 00:43 . 2010-01-07 00:43 -------- d-----w- c:\documents and settings\PC\Dados de aplicativos\AskToolbar
2010-01-06 23:09 . 2010-01-06 23:09 -------- d-----w- c:\arquivos de programas\MSBuild
2010-01-06 23:06 . 2010-01-06 23:11 -------- d-----w- c:\windows\system32\XPSViewer
2010-01-06 23:05 . 2010-01-06 23:05 -------- d-----w- c:\arquivos de programas\Reference Assemblies
2010-01-06 23:05 . 2006-10-14 18:43 27648 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\filterpi pelineprintproc.dll
2010-01-06 23:04 . 2006-06-29 15:07 14048 ------w- c:\windows\system32\spmsg2.dll
2010-01-06 22:55 . 2010-01-06 22:56 -------- d-----w- c:\documents and settings\PC\Dados de aplicativos\Nero
2010-01-06 22:45 . 2010-01-17 14:13 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Nero
2010-01-06 22:45 . 2010-01-17 14:20 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Nero
2010-01-06 22:35 . 2005-01-21 23:30 90112 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Symantec\LiveUpdate\Downloads\ExItem46 41_symnet_4.7.2_english\Message.exe
2010-01-06 22:35 . 2005-01-21 23:30 124168 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Symantec\LiveUpdate\Downloads\ExItem46 41_symnet_4.7.2_english\SymStore.dll
2010-01-06 22:35 . 2005-01-22 00:32 79504 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Symantec\LiveUpdate\Downloads\ExItem46 41_symnet_4.7.2_english\setup.exe
2010-01-06 22:33 . 2010-01-06 22:33 -------- d-----w- c:\arquivos de programas\CCleaner
2010-01-06 18:02 . 2010-01-06 18:02 -------- d-----w- c:\documents and settings\PC\Dados de aplicativos\CyberLink
2010-01-06 18:01 . 2010-01-06 18:02 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\CyberLink
2010-01-06 17:55 . 2007-01-09 00:17 27168 ------w- c:\windows\system32\msxml3a.dll
2010-01-06 17:53 . 2010-01-06 17:55 -------- d-----w- c:\arquivos de programas\CyberLink
2010-01-06 01:21 . 2010-01-06 01:21 -------- d-----w- c:\arquivos de programas\MSECache
2009-12-29 12:48 . 2009-12-29 12:48 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Adobe
2009-12-26 19:50 . 2009-12-26 19:52 -------- d-----w- c:\documents and settings\PC\Dados de aplicativos\Media Player Classic
2009-12-26 19:49 . 2009-08-16 15:08 178176 ----a-w- c:\windows\system32\unrar.dll
2009-12-26 19:49 . 2009-05-29 21:37 205824 ----a-w- c:\windows\system32\xvidvfw.dll
2009-12-26 19:49 . 2009-05-29 21:31 881664 ----a-w- c:\windows\system32\xvidcore.dll
2009-12-26 19:49 . 2004-01-25 16:18 217088 ----a-w- c:\windows\system32\yv12vfw.dll
2009-12-26 19:49 . 2009-12-11 18:00 85504 ----a-w- c:\windows\system32\ff_vfw.dll
2009-12-26 19:49 . 2009-12-26 19:52 -------- d-----w- c:\arquivos de programas\K-Lite Codec Pack
2009-12-26 16:34 . 2006-11-23 04:05 982272 ----a-w- c:\windows\system32\drivers\smserial.sys
2009-12-26 16:34 . 2006-11-23 04:01 196608 ----a-w- c:\windows\system32\sm56co6a.dll
2009-12-26 16:34 . 2007-11-28 09:30 43264 ----a-w- c:\windows\system32\drivers\SiSGbeXP.sys
2009-12-26 16:34 . 2007-10-11 17:27 122880 ----a-w- c:\windows\system32\Oemdspif.dll
2009-12-26 14:34 . 2009-08-06 21:23 215920 ----a-w- c:\windows\system32\muweb.dll
2009-12-26 14:34 . 2009-08-06 21:23 274288 ----a-w- c:\windows\system32\mucltui.dll
2009-12-26 03:18 . 2009-12-26 03:18 -------- d-----w- c:\arquivos de programas\Arquivos comuns\xing shared
2009-12-26 03:18 . 2009-12-26 03:18 499712 ----a-w- c:\windows\system32\msvcp71.dll
2009-12-26 03:18 . 2009-12-26 03:18 348160 ----a-w- c:\windows\system32\msvcr71.dll
2009-12-26 03:18 . 2009-12-26 03:18 -------- d-----w- c:\arquivos de programas\Real
2009-12-26 03:18 . 2009-12-26 03:18 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Real
2009-12-26 03:17 . 2009-12-26 03:17 -------- d-----w- c:\arquivos de programas\Google
2009-12-26 01:44 . 2009-12-26 01:44 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Messenger Plus!
.
((((((((((((((((((((((((((((((((((((( Relatório Find3M )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2010-01-24 22:55 . 2010-01-24 22:55 -------- d-----w- c:\arquivos de programas\microsoft frontpage
2010-01-24 16:53 . 2009-12-25 16:10 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Symantec
2010-01-17 14:20 . 2009-12-25 16:07 -------- d-----w- c:\arquivos de programas\Nero
2010-01-06 23:10 . 2008-04-14 09:00 75428 ----a-w- c:\windows\system32\perfc016.dat
2010-01-06 23:10 . 2008-04-14 09:00 460960 ----a-w- c:\windows\system32\perfh016.dat
2010-01-06 22:26 . 2009-12-25 16:07 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Ahead
2010-01-06 17:53 . 2009-12-25 17:03 -------- d--h--w- c:\arquivos de programas\InstallShield Installation Information
2009-12-25 18:12 . 2009-12-25 18:12 -------- d-----w- c:\arquivos de programas\Messenger Plus! Live
2009-12-25 17:37 . 2009-12-25 17:37 -------- d-----w- c:\arquivos de programas\Microsoft
2009-12-25 17:37 . 2009-12-25 17:37 -------- d-----w- c:\arquivos de programas\Windows Live
2009-12-25 17:37 . 2009-12-25 17:37 -------- d-----w- c:\arquivos de programas\Windows Live SkyDrive
2009-12-25 17:27 . 2009-12-25 17:27 -------- d-----w- c:\arquivos de programas\Microsoft.NET
2009-12-25 17:26 . 2009-12-25 17:26 -------- d-----w- c:\arquivos de programas\Microsoft Works
2009-12-25 17:24 . 2009-12-25 17:24 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Windows Live
2009-12-25 17:16 . 2009-12-25 17:16 -------- d-----w- c:\documents and settings\NetworkService\Dados de aplicativos\Symantec
2009-12-25 17:14 . 2009-12-25 17:14 0 ----a-w- c:\windows\ativpsrm.bin
2009-12-25 17:05 . 2009-12-25 17:03 -------- d-----w- c:\arquivos de programas\Arquivos comuns\InstallShield
2009-12-25 17:03 . 2009-12-25 17:03 -------- d-----w- c:\arquivos de programas\Motorola
2009-12-25 17:03 . 2009-12-25 17:03 -------- d-----w- c:\arquivos de programas\Realtek
2009-12-25 17:03 . 2009-12-25 17:03 315392 ----a-w- c:\windows\HideWin.exe
2009-12-25 16:32 . 2009-12-25 15:54 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-12-25 16:14 . 2009-12-25 16:14 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\DVD Shrink
2009-12-25 16:14 . 2009-12-25 16:14 -------- d-----w- c:\arquivos de programas\DVD Shrink
2009-12-25 16:10 . 2009-12-25 16:10 -------- d-----w- c:\documents and settings\PC\Dados de aplicativos\Symantec
2009-12-25 15:54 . 2009-12-25 15:54 -------- d-----w- c:\arquivos de programas\Serviços on-line
2009-12-25 15:53 . 2009-12-25 15:53 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Serviços
2009-12-25 15:52 . 2009-12-25 15:52 21844 ----a-w- c:\windows\system32\emptyregdb.dat
2009-12-25 15:52 . 2009-12-25 15:52 -------- d-----w- c:\arquivos de programas\Windows Media Connect 2
.
------- Sigcheck -------
[-] 2008-10-10 . E88631E21A9CACA06104802F9E915115 . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys
.
(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))
.
.
*Nota* entradas vazias e legítimas por defeito não são mostradas.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"swg"="c:\arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolb arNotifier.exe" [2009-12-26 39408]
"msnmsgr"="c:\arquivos de programas\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883840]
"Advanced SystemCare 3"="c:\arquivos de programas\IObit\Advanced SystemCare 3\AWC.exe" [2010-01-06 2335952]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"TkBellExe"="c:\arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" [2009-12-26 198160]
"Adobe Reader Speed Launcher"="c:\arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"RemoteControl"="c:\arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe" [2007-01-09 68640]
"LanguageShortcut"="c:\arquivos de programas\CyberLink\PowerDVD\Language\Language.exe " [2007-01-09 52256]
"avast!"="c:\arquiv~1\ALWILS~1\Avast4\ashDisp. exe" [2009-11-24 81000]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\RunOnce]
"_nltide_2"="shell32" [X]
"_nltide_3"="advpack.dll" [2008-06-23 124928]
c:\documents and settings\PC\Menu Iniciar\Programas\Inicializar\
setup_9.0.0.722_25.01.2010_20-23.lnk - c:\documents and settings\PC\Desktop\Virus Removal Tool\setup_9.0.0.722_25.01.2010_20-23\startup.exe [2010-1-24 72208]
[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\policies\explorer]
"NoSMMyPictures"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
[HKEY_USERS\.default\software\microsoft\windows\cur rentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
"NoSMMyPictures"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
"StartMenuLogoff"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
2005-05-03 14:13 69632 ----a-w- c:\windows\Alcmtr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
2008-04-14 09:00 15360 ------w- c:\windows\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2009-07-26 18:44 3883840 ----a-w- c:\arquivos de programas\Windows Live\Messenger\msnmsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2007-08-10 10:51 16384000 ----a-w- c:\windows\RTHDCPL.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
2007-08-03 08:52 1826816 ----a-w- c:\windows\SkyTel.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSERIAL]
2006-11-23 04:01 630784 ----a-w- c:\arquivos de programas\Motorola\SMSERIAL\sm56hlpr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=
R0 02260612;02260612 Boot Guard Driver;c:\windows\system32\drivers\02260612.sys [24/1/2010 18:09 37392]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [24/1/2010 15:24 114768]
R1 setup_9.0.0.722_25.01.2010_20-23drv;setup_9.0.0.722_25.01.2010_20-23drv;c:\windows\system32\drivers\0226061.sys [24/1/2010 18:09 315408]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswF sBlk.sys [24/1/2010 15:24 20560]
S1 02260611;02260611;c:\windows\system32\DRIVERS\0226 0611.sys --> c:\windows\system32\DRIVERS\02260611.sys [?]
.
Conteúdo da pasta 'Tarefas Agendadas'
.
.
------- Scan Suplementar -------
.
uStart Page = hxxp://www.google.com/
IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\arquivos de programas\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6 097707281E79.dll/cmsidewiki.html
.
- - - - ORFÃOS REMOVIDOS - - - -
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKU-Default-Run-ALUAlert - c:\arquivos de programas\Symantec\LiveUpdate\ALUNotify.exe
MSConfigStartUp-BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - c:\arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe
MSConfigStartUp-NeroFilterCheck - c:\arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe
AddRemove-LiveUpdate - c:\arquivos de programas\Symantec\LiveUpdate\LSETUP.EXE
************************************************** ************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2010-01-24 20:55
Windows 5.1.2600 Service Pack 3 NTFS
Procurando processos ocultos ...
Procurando entradas auto inicializáveis ocultas ...
Procurando ficheiros/arquivos ocultos ...
Varredura completada com sucesso
arquivos/ficheiros ocultos: 0
************************************************** ************************
.
--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------
- - - - - - - > 'winlogon.exe'(876)
c:\windows\system32\Ati2evxx.dll
- - - - - - - > 'explorer.exe'(3440)
c:\windows\system32\wpdshserviceobj.dll
c:\windows\system32\portabledevicetypes.dll
c:\windows\system32\portabledeviceapi.dll
.
------------------------ Outros Processos em Execução ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe
c:\arquivos de programas\Alwil Software\Avast4\ashServ.exe
c:\documents and settings\PC\Desktop\Virus Removal Tool\setup_9.0.0.722_25.01.2010_20-23\setup_9.0.0.722_25.01.2010_20-23.exe
c:\arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\arquivos de programas\Arquivos comuns\Nero\Nero BackItUp 4\NBService.exe
c:\arquivos de programas\CyberLink\Shared Files\RichVideo.exe
c:\arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe
c:\arquivos de programas\Alwil Software\Avast4\ashWebSv.exe
c:\windows\system32\wscntfy.exe
.
************************************************** ************************
.
Tempo para conclusão: 2010-01-24 20:58:12 - Máquina reiniciou
ComboFix-quarantined-files.txt 2010-01-24 22:58
Pré-execução: 4 pasta(s) 62.971.535.360 bytes disponíveis
Pós execução: 5 pasta(s) 62.921.007.104 bytes disponíveis
WindowsXP-KB310994-SP2-Pro-BootDisk-PTG.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOW S
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Micro soft Windows XP Professional" /noexecute=optin /fastdetect
- - End Of File - - B78A614DA33733BDEBC740629A635999
Vírus w32
. Nós temos 759.324 usuários, convidamos você fazer parte de nossa comunidade também! Se ainda não encontrou o que procura use nossa pesquisa. Esperamos que aprecie nosso trabalho.
Vírus w32
Crie uma pasta, e nomeia-a de Hijackthis..
Visite nosso 
