Por favor dêem uma verificada nos logs para ver se tá ficando algo.
Log do Combofix
ComboFix 10-02-03.03 - Administrador 03/02/2010 18:39:43.5.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.510.204 [GMT -2:00]
Executando de: c:\documents and settings\Administrador\Desktop\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
.
ADS - drivers: deleted 12 bytes in 1 streams.
((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\AutoRun.inf
c:\windows\system32\csrcs.exe
c:\windows\system32\midimap.dll . . . está infectado!!
.
(((((((((((((((( Arquivos/Ficheiros criados de 2010-01-03 to 2010-02-03 ))))))))))))))))))))))))))))
.
2010-02-03 18:16 . 2010-02-03 18:16 -------- d-----w- C:\spoolerlogs
2010-01-05 09:56 . 2010-01-05 09:56 192512 -c----w- c:\windows\system32\dllcache\iepeers.dll
.
((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-03 20:22 . 2009-01-29 19:41 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\Skype
2010-02-03 18:11 . 2009-01-29 18:34 -------- d---a-w- c:\documents and settings\All Users\Dados de aplicativos\TEMP
2010-01-13 14:10 . 2009-01-29 17:56 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Microsoft Help
2009-12-29 10:38 . 2009-01-29 17:59 -------- d-----w- c:\arquivos de programas\Microsoft Works
2009-12-28 11:05 . 2009-11-10 19:56 -------- d-----w- c:\arquivos de programas\Google
2009-12-28 10:56 . 2002-09-11 08:00 370046 ----a-w- c:\windows\system32\perfh016.dat
2009-12-28 10:56 . 2002-09-11 08:00 60114 ----a-w- c:\windows\system32\perfc016.dat
2009-12-22 13:06 . 2009-01-29 20:10 -------- d-----w- c:\arquivos de programas\Windows Live
2009-12-22 12:53 . 2009-03-10 21:43 -------- d-----w- c:\arquivos de programas\HP
2009-12-22 12:48 . 2009-03-10 21:46 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\HP
2009-12-21 12:30 . 2009-02-06 19:36 -------- d-----w- c:\arquivos de programas\GbPlugin
2009-12-11 10:39 . 2009-02-06 19:36 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\GbPlugin
2009-12-08 11:57 . 2009-04-29 22:42 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-11-21 15:58 . 2008-04-13 17:20 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
.
------- Sigcheck -------
[-] 2009-01-22 . B0C0BF2504B830BFC1E93CA39F3C75FE . 549376 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe
[-] 2009-01-22 . 4A82CD98D559D958523E9CAD9FDA399E . 724992 . . [5.82] . . c:\windows\system32\comctl32.dll
[-] 2009-01-22 . 7C0E5D593730414B5994A15A6D10C201 . 588288 . . [5.1.2600.5512] . . c:\windows\system32\user32.dll
[-] 2009-01-22 . F1A3E95588DB92660C8C6DAA9101D49B . 1554432 . . [6.00.2900.5512] . . c:\windows\explorer.exe
[-] 2009-01-22 . B541D5DF035BE6644380C5902CD6AE70 . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
[-] 2009-01-22 . D67945A2290E98BB54D7792F09E7504E . 25088 . . [5.1.2600.5512] . . c:\windows\system32\ctfmon.exe
.
(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))
.
.
*Nota* entradas vazias e legítimas por defeito não são mostradas.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\arquivos de programas\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883840]
"Skype"="c:\arquivos de programas\Skype\Phone\Skype.exe" [2007-07-02 23237416]
"swg"="c:\arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-12-28 39408]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"_nltide_2"="shell32" [X]
"_nltide_3"="advpack.dll" [2010-01-05 124928]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMConfigurePrograms"= 1 (0x1)
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Arquivos de programas\\Windows Media Player\\wmplayer.exe"=
"c:\\Arquivos de programas\\eMule\\emule.exe"=
"c:\\Arquivos de programas\\Java\\jre6\\bin\\java.exe"=
"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Arquivos de programas\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Arquivos de programas\\Skype\\Phone\\Skype.exe"=
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\arquivos de programas\Avira\AntiVir Desktop\sched.exe [29/4/2009 20:42 108289]
R2 GbpSv;Gbp Service;c:\arquiv~1\GbPlugin\GbpSv.exe [6/2/2009 17:36 53800]
R3 PAC207;USB PC CAMERA P227;c:\windows\system32\drivers\PFC027.SYS [28/9/2007 16:25 614912]
S0 GbpKm;Gbp KernelMode;c:\windows\system32\drivers\GbpKm.sys [6/2/2009 17:36 30504]
S4 gupdate;Google Update Service (gupdate);c:\arquivos de programas\Google\Update\GoogleUpdate.exe [10/11/2009 17:56 135664]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Conteúdo da pasta 'Tarefas Agendadas'
2010-02-03 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2009-12-22 00:18]
.
.
------- Scan Suplementar -------
.
uStart Page = hxxp://www.unoparvirtual.com.br/
IE: Download all with Free Download Manager - file://c:\arquivos de programas\Free Download Manager\dlall.htm
IE: Download selected with Free Download Manager - file://c:\arquivos de programas\Free Download Manager\dlselected.htm
IE: Download video with Free Download Manager - file://c:\arquivos de programas\Free Download Manager\dlfvideo.htm
IE: Download with Free Download Manager - file://c:\arquivos de programas\Free Download Manager\dllink.htm
IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\arquivos de programas\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
.
- - - - ORFÃOS REMOVIDOS - - - -
Notify- GbPluginCef - c:\arquivos de programas\GbPlugin\gbiehcef.dll
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-03 18:43
Windows 5.1.2600 Service Pack 3 NTFS
Procurando processos ocultos ...
Procurando entradas auto inicializáveis ocultas ...
Procurando ficheiros/arquivos ocultos ...
Varredura completada com sucesso
arquivos/ficheiros ocultos: 0
**************************************************************************
.
--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------
- - - - - - - > 'winlogon.exe'(700)
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\cscui.dll
- - - - - - - > 'lsass.exe'(756)
c:\windows\system32\SETUPAPI.dll
.
Tempo para conclusão: 2010-02-03 18:44:50
ComboFix-quarantined-files.txt 2010-02-03 20:44
ComboFix2.txt 2009-12-22 13:00
Pré-execução: 13 pasta(s) 68.447.342.592 bytes disponíveis
Pós execução: 14 pasta(s) 68.567.937.024 bytes disponíveis
- - End Of File - - 4E7115F0F0AAFF5AEEF9EB15AD49CEA6
Log do Hijackthis depois que passei o Combofix
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:51:38, on 3/2/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16981)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\ARQUIV~1\GbPlugin\GbpSv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe
C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe
C:\Arquivos de programas\Skype\Phone\Skype.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe
C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\mdm.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\zshp1020.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE
C:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.unoparvirtual.com.br/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre6\bin\ssv.dll
O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll
O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\Arquivos de programas\GbPlugin\gbiehcef.dll (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Arquivos de programas\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [swg] "C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKUS\S-1-5-18\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [_nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dllink.htm
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Arquivos de programas\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O20 - Winlogon Notify: GbPluginCef - C:\Arquivos de programas\GbPlugin\gbiehcef.dll (file missing)
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: Gbp Service (GbpSv) - - C:\ARQUIV~1\GbPlugin\GbpSv.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\1150\Intel 32\IDriverT.exe
--
End of file - 5876 bytes