[Resolvido] &nbspProblemas com minha maquina..

Olá FreedomFSA

*Baixe e instale o MalwareBytes

*Aguarde a atualização e o programa será aberto automaticamente

*Na aba [Verificação], selecione [Verificação completa]

*Clique [Verificar] e selecione a partição onde o Windows está instalado

*Ao finalizar o scan, clique [sIM] > [OK] > [Ver Resultados] > [Remover Selecionados]

*Cole o relatório apresentado

Caso já tenhas o Malwarebytes instalado....

*Abra o Malwarebytes, clique [Atualização] > [baixar Atualizações]

*Na aba [Verificação], selecione Verificação completa

*Clique [Verificar] e selecione a partição onde o Windows está instalado

*Ao finalizar o scan, clique [sIM] > [OK] > [Ver Resultados] > [Remover Selecionados]

*Cole o relatório apresentado

Fiz que foi pedido.Atualizei o malwarebytes, logo depois efetuei o scan.

Segue a baixo o log do Hijackthis e também do Malwarebytes:

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Versão da Base de Dados: 8000

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

22/10/2011 18:35:53
mbam-log-2011-10-22 (18-35-53).txt

Tipo de Verificação: Verificação Completa (C:\|D:\|)
Objetos escaneados: 227643
Tempo decorrido: 1 hora(s), 27 minuto(s), 31 segundo(s)

Processos de Memória Infectados: 1
Módulos de Memória Infectados: 0
Chaves de Registro Infectadas: 1
Valores de Registro Infectados: 0
Itens de Dados no Registro Infectados: 0
Pastas Infectadas: 0
Arquivos Infectados: 6

Processos de Memória Infectados:
c:\WINDOWS\110763840:3219154425.exe (Backdoor.0Access) -> 1472 -> Failed to unload process.

Módulos de Memória Infectados:
(Não foram detectados ítens maliciosos)

Chaves de Registro Infectadas:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\401f9a06 (Backdoor.0Access) -> Quarantined and deleted successfully.

Valores de Registro Infectados:
(Não foram detectados ítens maliciosos)

Itens de Dados no Registro Infectados:
(Não foram detectados ítens maliciosos)

Pastas Infectadas:
(Não foram detectados ítens maliciosos)

Arquivos Infectados:
c:\WINDOWS\110763840:3219154425.exe (Backdoor.0Access) -> Delete on reboot.
c:\documents and settings\cauan\configurações locais\dados de aplicativos\401f9a06\X (Backdoor.0Access) -> Quarantined and deleted successfully.
c:\documents and settings\cauan\configurações locais\dados de aplicativos\401f9a06\U\80000000.@ (Spyware.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\cauan\configurações locais\dados de aplicativos\401f9a06\U\800000cb.@ (Backdoor.0Access) -> Quarantined and deleted successfully.
c:\documents and settings\cauan\Desktop\programas - atalhos\kaspersky\ih_kavresetter_2.3\ih_resetter_2.3.exe (Trojan.Agent.CK) -> Quarantined and deleted successfully.
c:\documents and settings\cauan\Desktop\programas - atalhos\vsoconvertxtodvd4\Keygen.exe (RiskWare.Tool.CK) -> Quarantined and deleted successfully.

Hijackthis

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 18:44:26, on 22/10/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\110763840:3219154425.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Arquivos de programas\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\VM303_STI.EXE
C:\Arquivos de programas\Arquivos comuns\Spigot\Search Settings\SearchSettings.exe
C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe
C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\System32\svchost.exe
C:\Arquivos de programas\Mozilla Firefox\firefox.exe
C:\Arquivos de programas\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\system32\svchost.exe
C:\Hijack\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com.br/0SEPTBR/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://login.live.com/ppsecure/sha1auth.srf?lc=1046
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Windows Help Browser 2010 - {0C0B5708-3F9C-4554-84C9-F039AB7C0169} - C:\programdata\55.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 2010\ievkbd.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [soundMAXPnP] C:\Arquivos de programas\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [bigDog303] C:\WINDOWS\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)
O4 - HKLM\..\Run: [searchSettings] "C:\Arquivos de programas\Arquivos comuns\Spigot\Search Settings\SearchSettings.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AVP] "C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\cauan\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe" /c
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: &Teclado virtual - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll
O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Veri&ficação de URLs - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/MessengerGamesContent/GameContent/pt/uno1/GAME_UNO1.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{C96D40A8-18BF-4E8D-9769-374DEC533367}: NameServer = 208.67.222.222,208.67.220.220
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\ARQUIV~1\KASPER~1\KASPER~1\mzvkbd3.dll
O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon de cache de categorias de componente - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Application Updater - Unknown owner - C:\Arquivos de programas\Application Updater\ApplicationUpdater.exe

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe
O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe

O23 - Service: LogMeIn Hamachi Tunneling Engine (Hamachi2Svc) - Unknown owner - C:\Arquivos de programas\LogMeIn Hamachi\hamachi-2.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Arquivos de programas\Java\jre6\bin\jqs.exe
O23 - Service: LiveUpdate - Unknown owner - C:\ARQUIV~1\Symantec\LIVEUP~1\LUCOMS~1.EXE (file missing)
O23 - Service: MBAMService - Unknown owner - C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Arquivos de programas\Netropa\Multimedia Keyboard\nhksrv.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - Unknown owner - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - Unknown owner - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Arquivos de programas\WinPcap\rpcapd.exe
O23 - Service: wampapache - Apache Software Foundation - c:\wamp\bin\apache\apache2.2.21\bin\httpd.exe
O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.5.16\bin\mysqld.exe
O23 - Service: Windows Live ID Sign-in Assistant (wlidsvc) - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WLIDSVC.EXE

--
End of file - 8601 bytes

1.

*Reinicie o PC

2.

*Baixe o AD-Remover e salve-o no desktop

*Execute-o, clique [Clean] > [sim] > [OK] > [sim]. O PC poderá ser reiniciado para a completa limpeza.

*Cole o relatório C:\Ad-Report-CLEAN[1].txt

3.

*Novo log do hijack

Logs:

Ad-remover

======= REPORT FROM AD-REMOVER 2.0.0.2,G | ONLY XP/VISTA/7 =======

Updated by TeamXscript on 12/04/11
Contact: AdRemover[DOT]contact[AT]gmail[DOT]com
website: http://www.teamxscript.org

C:\Arquivos de programas\Ad-Remover\main.exe (CLEAN [1]) -> Launched at 16:07:49 on 23/10/2011, Normal boot

Microsoft Windows XP Professional Service Pack 3 (X86)
cauan@CASA-443B0DBC42 ( )

============== ACTION(S) ==============

Service: "Application Updater" Service stopped and deleted

Folder deleting error: C:\Arquivos de programas\Application Updater
Folder deleted: C:\Documents and Settings\cauan\Dados de aplicativos\Search Settings
Folder deleted: C:\Arquivos de programas\Arquivos comuns\Spigot
Folder deleted: C:\Documents and Settings\All Users\Dados de aplicativos\Trymedia

(!) -- Temporary files deleted.

Key deleted: HKLM\Software\Application Updater
Key deleted: HKLM\Software\Search Settings
Key deleted: HKLM\Software\Trymedia Systems
Key deleted: HKCU\Software\AppDataLow\Software\Search Settings
Key deleted: HKLM\Software\Microsoft\Shared Tools\MSConfig\startupreg\SearchSettings

Value deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Run|SearchSettings

============== ADDITIONNAL SCAN ==============

** Mozilla Firefox Version [7.0.1 (pt-BR)] **

HKCU_MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0 (x)
Searchplugins\buscape.xml (hxxp://busca.buscape.com.br/cprocura)
Searchplugins\mercadolivre.xml (hxxp://pmstrk.mercadolivre.com.br/jm/PmsTrk)
Searchplugins\wikipedia-br.xml (hxxp://pt.wikipedia.org/wiki/Especial:Busca)
Searchplugins\yahoo-br.xml (hxxp://br.search.yahoo.com/search)
Components\browsercomps.dll (Mozilla Foundation)

-- C:\Documents and Settings\cauan\Dados de aplicativos\Mozilla\FireFox\Profiles\5sbtt2b4.default --
Extensions\amin.eft_Shutdown@gmail.com (Auto Shutdown)
Extensions\jid0-HZ5UvAEiWWAxT9TKLuhEgUCARqo@jetpack (Auto Shutdown NG)
Extensions\pt-BR@dictionaries.addons.mozilla.org (Dicionário para Ortografia pt-BR)
Extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b} (Flagfox)
Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781} (Greasemonkey)
Prefs.js - browser.download.dir, C:\\Documents and Settings\\cauan\\Desktop
Prefs.js - browser.download.lastDir, D:
Prefs.js - browser.search.defaultenginename, Yahoo
Prefs.js - browser.search.selectedEngine, Google
Prefs.js - browser.startup.homepage, hxxp://www.google.com.br/
Prefs.js - browser.startup.homepage_override.buildID, 20110928134238
Prefs.js - browser.startup.homepage_override.mstone, rv:7.0.1
Prefs.js - keyword.URL, hxxp://br.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=685749&p=

========================================

** Google Chrome Version [14.0.835.202] **

-- C:\Documents and Settings\cauan\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default --
Preferences - default_search_provider: "Google" (Enabled: true) (?)
Preferences - homepage: hxxp://www.google.com.br/
Preferences - homepage_is_newtabpage: true
Plugin - Chrome NaCl (Enabled: true) (C:\Documents and Settings\cauan\Configura\u00E7\u00F5es locais\Dados de aplicativos\Google\Chrome\Application\14.0.835.202\ppGoogleNaClPluginChrome.dll) (x)
Plugin - RealJukebox NS Plugin (Enabled: true) (C:\Arquivos de programas\Mozilla Firefox\plugins\nprjplug.dll)
Plugin - Unity Player (Enabled: true) (C:\Documents and Settings\cauan\Configura\u00E7\u00F5es locais\Dados de aplicativos\Unity\WebPlayer\loader\npUnity3D32.dll) (x)
Plugin - "Java" (Enabled: true)
Plugin - "Silverlight" (Enabled: true)
Plugin - "Chrome NaCl" (Enabled: false)
Plugin - "RealJukebox NS Plugin" (Enabled: true)
Plugin - "Unity Player" (Enabled: true)

========================================

** Internet Explorer Version [8.0.6001.18702] **

HKCU_Main|Default_Page_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKCU_Main|Default_Search_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU_Main|Search bar - hxxp://go.microsoft.com/fwlink/?linkid=54896
HKCU_Main|Start Page - hxxp://fr.msn.com/
HKLM_Main|Default_Page_URL - hxxp://go.microsoft.com/fwlink/?LinkId=54896
HKLM_Main|Default_Search_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM_Main|Search bar - hxxp://search.msn.com/spbasic.htm
HKLM_Main|Search Page - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM_Main|Start Page - hxxp://fr.msn.com/
HKCU_Toolbar\WebBrowser|{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} (x)
HKCU_Toolbar\WebBrowser|{C55BBCD6-41AD-48AD-9953-3609C48EACC7} (x)
HKLM_ElevationPolicy\{09E9B8FC-3D94-4A9B-AD2E-A64255121895} - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbws.exe (Kaspersky Lab)
HKLM_ElevationPolicy\{4250488A-CB24-0893-C066-B1AEA57BCFF2} - C:\Arquivos de programas\Orbitdownloader\orbitdm.exe (x)
HKLM_ElevationPolicy\{4671F4B7-89F5-4701-B641-570278D5C856} - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtblfs.exe (Kaspersky Lab)
HKLM_Extensions\{e2e2dd38-d088-4134-82b7-f2ba38496583} - "?" (?)
BHO\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - "Adobe PDF Reader Link Helper" (C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll)
BHO\{0C0B5708-3F9C-4554-84C9-F039AB7C0169} - "Windows Help Browser 2010" (C:\programdata\55.dll)
BHO\{5C255C8A-E604-49b4-9D64-90988571CECB} (?)

========================================

C:\Arquivos de programas\Ad-Remover\Quarantine: 14 File(s)
C:\Arquivos de programas\Ad-Remover\Backup: 13 File(s)

C:\Ad-Report-CLEAN[1].txt - 23/10/2011 16:08:00 (4625 Byte(s))

End at: 16:09:20, 23/10/2011

============== E.O.F ==============

Hijackthis

aLogfile of Trend Micro HijackThis v2.0.4
Scan saved at 16:32:13, on 23/10/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\110763840:3219154425.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Arquivos de programas\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\VM303_STI.EXE
C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe
C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\System32\svchost.exe
C:\Arquivos de programas\Mozilla Firefox\firefox.exe
C:\Arquivos de programas\Ad-Remover\main.exe
C:\Arquivos de programas\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Hijack\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.microsoft.com/fwlink/?linkid=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://login.live.com/ppsecure/sha1auth.srf?lc=1046
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Windows Help Browser 2010 - {0C0B5708-3F9C-4554-84C9-F039AB7C0169} - C:\programdata\55.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 2010\ievkbd.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [soundMAXPnP] C:\Arquivos de programas\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [bigDog303] C:\WINDOWS\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AVP] "C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\cauan\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe" /c
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: &Teclado virtual - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll
O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Veri&ficação de URLs - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/MessengerGamesContent/GameContent/pt/uno1/GAME_UNO1.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{C96D40A8-18BF-4E8D-9769-374DEC533367}: NameServer = 208.67.222.222,208.67.220.220
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\ARQUIV~1\KASPER~1\KASPER~1\mzvkbd3.dll
O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon de cache de categorias de componente - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe
O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe

O23 - Service: LogMeIn Hamachi Tunneling Engine (Hamachi2Svc) - Unknown owner - C:\Arquivos de programas\LogMeIn Hamachi\hamachi-2.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Arquivos de programas\Java\jre6\bin\jqs.exe
O23 - Service: LiveUpdate - Unknown owner - C:\ARQUIV~1\Symantec\LIVEUP~1\LUCOMS~1.EXE (file missing)
O23 - Service: MBAMService - Unknown owner - C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Arquivos de programas\Netropa\Multimedia Keyboard\nhksrv.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - Unknown owner - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - Unknown owner - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Arquivos de programas\WinPcap\rpcapd.exe
O23 - Service: wampapache - Apache Software Foundation - c:\wamp\bin\apache\apache2.2.21\bin\httpd.exe
O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.5.16\bin\mysqld.exe
O23 - Service: Windows Live ID Sign-in Assistant (wlidsvc) - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WLIDSVC.EXE

--
End of file - 8323 bytes

B)

1.

*Execute o Malwarebytes, clique na aba [Quarentena], selecione todos os resultados e clique [Apagar tudo]

*Clique na aba [Logs], selecione o relatório e clique [Apagar]

*Feche o Malwarebytes

2.

*Execute o AD-Remover e clique [uninstall] > [Não] > [Close]

3.

*Baixe o ERUNT e salve-o no desktop

*Crie uma pasta em C:\ chamada ERUNT e extraia para ela

*Execute o arquivo C:\ERUNT\ERUNT.exe

*Clique [OK] > [OK] > [sim] > [OK]

4.

*Desative temporariamente seu antivírus

>
Clique com o botão direito do mouse no ícone do Kaspersky ao lado do relógio

Selecione "Disable monitoring"

*Baixe o ComboFix e salve-o no desktop

*Execute-o e aceite o contrato

*Se o Console de Recuperação do Microsoft Windows não estiver instalado, aceite a sua instalação

*Após a instalação do Console, clique [sim] e aguarde a conclusão das etapas

Algumas observações:

1) Não use o mouse nem o teclado durante as etapas!!

2) Para interromper o scan, tecle N

3) Caso perca a conexão com a internet:

a. Reinicie o PC.

Se não resolver...

b. Clique [iniciar] > [Configurações] > [Painel de Controle] > [Conexões de Rede]

Localize a sua conexão da internet, clique com o botão direito do mouse nela e selecione: Reparar

Caso o icone da sua conexão esteja visível no tray clique com o botão direito do mouse nele e selecione: Reparar

*Cole o relatório apresentado

Ai está :D

ComboFix 11-10-23.03 - cauan 24/10/2011 0:20.4.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.511.245 [GMT -2:00]
Executando de: c:\documents and settings\cauan\Desktop\ComboFix.exe
AV: Kaspersky Anti-Virus Disabled/Updated {2C4D4BC6-0793-4956-A9F9-E252435469C0}
.
.
((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Execuções precedente -------
.
C:\A3.0.txt
c:\arquivos de programas\messenge
c:\arquivos de programas\messenge\001a
c:\arquivos de programas\messenge\001b
c:\arquivos de programas\messenge\001c
c:\arquivos de programas\Windows Media Player\Silkscrenn001.ini
c:\documents and settings\cauan\Dados de aplicativos\Cerulean.lic
c:\documents and settings\cauan\Dados de aplicativos\vso_ts_preview.xml
c:\windows\{2521BB91-29B1-4d7e-9137-AC9875D77735}
c:\windows\assembly\GAC_MSIL\desktop.ini
c:\windows\system32\
c:\windows\system32\kill.bat
c:\windows\system32\nvsvc32.exe
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Serviços )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_401f9a06
-------\Legacy_NVSvc
-------\Service_NVSvc
.
.
(((((((((((((((( Arquivos/Ficheiros criados de 2011-09-24 to 2011-10-24 ))))))))))))))))))))))))))))
.
.
2011-10-24 00:24 . 2011-10-24 00:25 -------- d-----w- C:\ERUNT
2011-10-23 18:07 . 2011-10-24 00:22 -------- d-----w- c:\arquivos de programas\Ad-Remover
2011-10-21 03:51 . 2011-10-21 04:16 -------- d-----w- C:\wamp
2011-10-21 03:25 . 2011-10-21 03:25 -------- d-sh--w- c:\documents and settings\cauan\Configurações locais\Dados de aplicativos\401f9a06
2011-10-20 15:30 . 2011-10-20 15:30 63115 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\USERTILE.JS
2011-10-20 15:30 . 2011-10-20 15:30 6429 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\UICORE.JS
2011-10-20 15:30 . 2011-10-20 15:30 4599 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\UIRESOURCE.JS
2011-10-20 15:30 . 2011-10-20 15:30 9310 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TEXTBOX.JS
2011-10-20 15:30 . 2011-10-20 15:30 8646 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TILEBOX.JS
2011-10-20 15:30 . 2011-10-20 15:30 5927 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TEXT.JS
2011-10-20 15:30 . 2011-10-20 15:30 8613 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\SAVEDUSER.JS
2011-10-20 15:30 . 2011-10-20 15:30 1651 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\QUERYSTRING.JS
2011-10-20 15:30 . 2011-10-20 15:30 6910 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\NEWUSERCOMM.JS
2011-10-20 15:30 . 2011-10-20 15:30 8288 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\IMAGE.JS
2011-10-20 15:30 . 2011-10-20 15:30 6208 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\LINK.JS
2011-10-20 15:30 . 2011-10-20 15:30 18541 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\LOCALIZATION.JS
2011-10-20 15:29 . 2011-10-20 15:29 51852 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\EXTERNALWRAPPER.JS
2011-10-20 15:29 . 2011-10-20 15:29 7271 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\CHECKBOX.JS
2011-10-20 15:29 . 2011-10-20 15:29 23327 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\COMBOBOX.JS
2011-10-20 15:29 . 2011-10-20 15:29 20719 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\DIVWRAPPER.JS
2011-10-20 15:29 . 2011-10-20 15:29 8782 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\BUTTON.JS
2011-10-14 05:34 . 2011-10-14 05:40 -------- d-----w- c:\documents and settings\cauan\Dados de aplicativos\Vso
2011-10-14 05:30 . 2009-09-02 16:44 102439 ----a-w- c:\windows\system32\sipr3260.dll
2011-10-14 05:30 . 2009-09-02 16:44 65602 ----a-w- c:\windows\system32\cook3260.dll
2011-10-14 05:30 . 2009-09-02 16:44 217127 ----a-w- c:\windows\system32\drv43260.dll
2011-10-14 05:30 . 2009-09-02 16:44 208935 ----a-w- c:\windows\system32\drv33260.dll
2011-10-14 05:30 . 2009-09-02 16:44 176165 ----a-w- c:\windows\system32\drv23260.dll
2011-10-14 05:30 . 2009-09-02 16:44 626688 ----a-w- c:\windows\system32\vp7vfw.dll
2011-10-14 05:30 . 2009-09-02 16:44 1184984 ----a-w- c:\windows\system32\wvc1dmod.dll
2011-10-14 05:30 . 2011-10-14 05:31 -------- d-----w- c:\arquivos de programas\VSO
2011-10-06 04:27 . 2011-10-06 04:27 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\{3C0AACBF-B491-4BE5-BAF9-AA46E0629E42}
2011-10-03 21:14 . 2011-10-03 22:23 97961 ----a-w- c:\windows\system32\drivers\klick.dat
2011-10-03 21:14 . 2011-10-03 22:23 115369 ----a-w- c:\windows\system32\drivers\klin.dat
2011-10-03 21:12 . 2011-10-24 02:33 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Kaspersky Lab
2011-10-03 21:12 . 2011-10-03 21:12 -------- d-----w- c:\arquivos de programas\Kaspersky Lab
2011-10-03 20:55 . 2011-10-03 20:55 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Kaspersky Lab Setup Files
2011-10-03 16:41 . 2010-05-07 15:37 150200 ----a-w- c:\arquivos de programas\Mozilla Firefox\extensions\linkfilter@kaspersky.ru\components\kavlinkfilter.dll
2011-09-26 06:58 . 2011-09-26 06:58 -------- d-----w- c:\documents and settings\cauan\Configurações locais\Dados de aplicativos\PackageAware
.
.
.
((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-21 18:17 . 2009-08-19 01:10 69632 ----a-w- c:\windows\system32\HPZipm12.exe
2011-08-31 20:00 . 2009-10-03 03:47 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-09-30 07:11 . 2011-05-06 06:24 134104 ----a-w- c:\arquivos de programas\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))
.
.
Nota entradas vazias e legítimas por padrão não são apresentadas.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0C0B5708-3F9C-4554-84C9-F039AB7C0169}]
2010-11-10 22:43 130680 ----a-w- c:\programdata\55.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\arquivos de programas\Windows Live\Messenger\msnmsgr.exe" [2010-04-17 3872080]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\arquivos de programas\Analog Devices\Core\smax4pnp.exe" [2005-05-20 925696]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-01-03 13508608]
"BigDog303"="c:\windows\VM303_STI.EXE" [2005-10-25 61440]
"Malwarebytes' Anti-Malware"="c:\arquivos de programas\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
"TkBellExe"="c:\arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" [2009-08-16 198160]
"AVP"="c:\arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe" [2011-10-22 340520]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\fsproflt]
@=""
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Adobe Reader Speed Launch.lnk]
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Enable Office Keyboard Driver.lnk]
path=c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\Enable Office Keyboard Driver.lnk
backup=c:\windows\pss\Enable Office Keyboard Driver.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^HP Digital Imaging Monitor.lnk]
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Msnmsgrs.exe]
backup=c:\windows\pss\Msnmsgrs.exeCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^cauan^Menu Iniciar^Programas^Inicializar^Adobe Gamma.lnk]
backup=c:\windows\pss\Adobe Gamma.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\init]
01 [X]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mint
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2005-10-28 19:25 94208 ----a-w- c:\arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BigDog303]
2005-10-25 15:56 61440 ----a-w- c:\windows\VM303_STI.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
2006-11-12 10:48 157592 ----a-w- c:\arquivos de programas\DAEMON Tools\daemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FlashPlayerUpdate]
2009-07-18 03:12 257440 ----a-r- c:\windows\system32\Macromed\Flash\FlashUtil10c.exe
.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2011-05-10 20:38	136176	----atw-	c:\documents and settings\cauan\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2006-02-19 05:41	49152	----a-w-	c:\arquivos de programas\HP\HP Software Update\hpwuSchd2.exe
.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn Hamachi Ui]
2011-08-04 17:34 1955208 ----a-w- c:\arquivos de programas\LogMeIn Hamachi\hamachi-2-ui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]
2011-08-31 20:00 449608 ----a-w- c:\arquivos de programas\Malwarebytes' Anti-Malware\mbamgui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MULTIMEDIA KEYBOARD]
2002-01-31 18:13 151552 ----a-w- c:\arquivos de programas\Netropa\Multimedia Keyboard\MMKeybd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 13:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2008-01-03 14:26 13508608 ----a-w- c:\windows\system32\nvcpl.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-11-11 01:08 417792 ----a-w- c:\arquivos de programas\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2011-01-03 17:44 15028104 ----a-r- c:\arquivos de programas\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2011-04-08 15:59	254696	----a-w-	c:\arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe
.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2009-08-16 07:24 198160 ----a-w- c:\arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2009-07-01 16:37 37888 ----a-w- c:\arquivos de programas\Winamp\winampa.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Arquivos de programas\\BitTorrent\\bittorrent.exe"=
"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Arquivos de programas\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Arquivos de programas\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Arquivos de programas\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\WINDOWS\\system32\\ftp.exe"=
"c:\\Arquivos de programas\\Skype\\Phone\\Skype.exe"=
"c:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Documents and Settings\\cauan\\Configurações locais\\Dados de aplicativos\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"21:TCP"= 21:TCP:ftpx
"21:UDP"= 21:UDP:ftpy
.
R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [14/10/2009 21:18 36880]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [31/7/2009 21:28 646392]
R1 kbfilter;Keyboard Filter Driver;c:\windows\system32\drivers\kbfilter.sys [19/11/2009 15:00 10240]
R1 msikbd2k;Multimedia Keyboard Filter Driver;c:\windows\system32\drivers\Msikbd2k.sys [6/12/2009 01:23 6656]
R1 UsbFltr;WayTechUSBFilterDriver;c:\windows\system32\drivers\UsbFltr.sys [19/11/2009 15:00 9600]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [14/9/2009 13:42 32272]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [2/10/2009 19:39 19472]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [3/10/2009 01:47 22216]
S1 GF738Drv;GameFort 7.38;\??\c:\documents and settings\cauan\Desktop\Jogos\RAG\GF738_32.sys --> c:\documents and settings\cauan\Desktop\Jogos\RAG\GF738_32.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18/3/2010 14:16 130384]
S2 gupdate;Google Update Service (gupdate);c:\arquivos de programas\Google\Update\GoogleUpdate.exe [23/5/2011 14:26 136176]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\arquivos de programas\LogMeIn Hamachi\hamachi-2.exe [4/8/2011 15:34 0]
S2 MBAMService;MBAMService;c:\arquivos de programas\Malwarebytes' Anti-Malware\mbamservice.exe [3/10/2009 01:47 0]
S2 nhksrv;Netropa NHK Server;c:\arquivos de programas\Netropa\Multimedia Keyboard\nhksrv.exe [6/12/2009 01:23 0]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;\??\c:\arquivos de programas\Arquivos comuns\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys --> c:\arquivos de programas\Arquivos comuns\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [?]
S3 GarenaPEngine;GarenaPEngine;\??\c:\docume~1\cauan\CONFIG~1\Temp\HTRB1.tmp --> c:\docume~1\cauan\CONFIG~1\Temp\HTRB1.tmp [?]
S3 GGSAFERDriver;GGSAFER Driver;\??\c:\arquivos de programas\Garena\safedrv.sys --> c:\arquivos de programas\Garena\safedrv.sys [?]
S3 gupdatem;Serviço do Google Update (gupdatem);c:\arquivos de programas\Google\Update\GoogleUpdate.exe [23/5/2011 14:26 136176]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2/8/2005 19:10 32512]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18/3/2010 14:16 753504]
.
Conteúdo da pasta 'Tarefas Agendadas'
.
2011-10-13 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\arquivos de programas\Apple Software Update\SoftwareUpdate.exe [2008-07-30 14:34]
.

2011-10-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2011-05-23 16:26]
.

2011-10-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2011-05-23 16:26]
.
.

------- Scan Suplementar -------
.
uInternet Connection Wizard,ShellNext = https://login.live.com/ppsecure/sha1auth.srf?lc=1046
uInternet Settings,ProxyOverride = local
IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{C96D40A8-18BF-4E8D-9769-374DEC533367}: NameServer = 208.67.222.222,208.67.220.220
FF - ProfilePath - c:\documents and settings\cauan\Dados de aplicativos\Mozilla\Firefox\Profiles\5sbtt2b4.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.br/
FF - prefs.js: keyword.URL - hxxp://br.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=685749&p=
.

• - - - ORFÃOS REMOVIDOS - - - -

.
Notify-NavLogon - (no file)
MSConfigStartUp-ccApp - c:\arquivos de programas\Arquivos comuns\Symantec Shared\ccApp.exe
MSConfigStartUp-Office_app - c:\windows\system32\W4i4n32.exe
MSConfigStartUp-vptray - c:\arquiv~1\SYMANT~1\VPTray.exe
AddRemove-Garena 2010 - c:\arquivos de programas\Garena\uninst.exe
AddRemove-LiveUpdate - c:\arquivos de programas\Symantec\LiveUpdate\LSETUP.EXE
AddRemove-{09FF4DB8-7DE9-4D47-B7DB-915DB7D9A8CA} - c:\documents and settings\All Users\Dados de aplicativos\{3C0AACBF-B491-4BE5-BAF9-AA46E0629E42}\bm_installer.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-10-24 00:32
Windows 5.1.2600 Service Pack 3 NTFS
.
Procurando processos ocultos ...
.
Procurando entradas auto inicializáveis ocultas ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
BigDog303 = c:\windows\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)????????????????0?????????@??????????????
.
Procurando ficheiros/arquivos ocultos ...
.
Varredura completada com sucesso
arquivos/ficheiros ocultos: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\GarenaPEngine]
"ImagePath"="\??\c:\docume~1\cauan\CONFIG~1\Temp\HTRB1.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------
.

• - - - - - - > 'explorer.exe'(2516)

c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Outros Processos em Execução ------------------------
.
c:\windows\system32\wdfmgr.exe
.
**************************************************************************
.
Tempo para conclusão: 2011-10-24 00:39:26 - Máquina reiniciou
ComboFix-quarantined-files.txt 2011-10-24 02:39
.
Pré-execução: 1.372.901.376 bytes disponíveis
Pós execução: 1.393.192.960 bytes disponíveis
.

• - End Of File - - 9AA7CA1E093DDCCE4859B961E0002DAE

*Abra o bloco de notas e cole nele o código abaixo:

File::

c:\programdata\55.dll

c:\windows\pss\Msnmsgrs.exe

Registry::

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0C0B5708-3F9C-4554-84C9-F039AB7C0169}]

[-HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Msnmsgrs.exe]

*Salve o arquivo no desktop como CFScript.txt

*Arraste-o para o Combofix conforme ilustração abaixo:

/applications/core/interface/imageproxy/imageproxy.php?img=http://www.brimg.com/uploads/3/b2ea2c6367.gif&key=451782690bde92be5957ddd7161af4ef06e56dabefbde6c5a8b434dca7137738" alt="b2ea2c6367.gif" />

*Enquanto o combofix estiver em execução, não use o mouse nem o teclado!!

*Cole o relatório apresentado

Ai está :D

ComboFix 11-10-24.03 - cauan 25/10/2011 4:55.5.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.511.246 [GMT -2:00]
Executando de: c:\documents and settings\cauan\Desktop\ComboFix.exe
Comandos utilizados :: c:\documents and settings\cauan\Desktop\CFScript.txt.txt
AV: Kaspersky Anti-Virus Disabled/Outdated {2C4D4BC6-0793-4956-A9F9-E252435469C0}
.
FILE ::
"c:\programdata\55.dll"
"c:\windows\pss\Msnmsgrs.exe"
.
.
((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\55.dll
.
.
(((((((((((((((( Arquivos/Ficheiros criados de 2011-09-25 to 2011-10-25 ))))))))))))))))))))))))))))
.
.
2011-10-24 00:24 . 2011-10-24 00:25 -------- d-----w- C:\ERUNT
2011-10-23 18:07 . 2011-10-24 00:22 -------- d-----w- c:\arquivos de programas\Ad-Remover
2011-10-21 03:51 . 2011-10-21 04:16 -------- d-----w- C:\wamp
2011-10-21 03:25 . 2011-10-21 03:25 -------- d-sh--w- c:\documents and settings\cauan\Configurações locais\Dados de aplicativos\401f9a06
2011-10-20 15:30 . 2011-10-20 15:30 63115 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\USERTILE.JS
2011-10-20 15:30 . 2011-10-20 15:30 6429 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\UICORE.JS
2011-10-20 15:30 . 2011-10-20 15:30 4599 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\UIRESOURCE.JS
2011-10-20 15:30 . 2011-10-20 15:30 9310 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TEXTBOX.JS
2011-10-20 15:30 . 2011-10-20 15:30 8646 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TILEBOX.JS
2011-10-20 15:30 . 2011-10-20 15:30 5927 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TEXT.JS
2011-10-20 15:30 . 2011-10-20 15:30 8613 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\SAVEDUSER.JS
2011-10-20 15:30 . 2011-10-20 15:30 1651 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\QUERYSTRING.JS
2011-10-20 15:30 . 2011-10-20 15:30 6910 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\NEWUSERCOMM.JS
2011-10-20 15:30 . 2011-10-20 15:30 8288 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\IMAGE.JS
2011-10-20 15:30 . 2011-10-20 15:30 6208 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\LINK.JS
2011-10-20 15:30 . 2011-10-20 15:30 18541 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\LOCALIZATION.JS
2011-10-20 15:29 . 2011-10-20 15:29 51852 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\EXTERNALWRAPPER.JS
2011-10-20 15:29 . 2011-10-20 15:29 7271 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\CHECKBOX.JS
2011-10-20 15:29 . 2011-10-20 15:29 23327 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\COMBOBOX.JS
2011-10-20 15:29 . 2011-10-20 15:29 20719 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\DIVWRAPPER.JS
2011-10-20 15:29 . 2011-10-20 15:29 8782 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\BUTTON.JS
2011-10-14 05:34 . 2011-10-14 05:40 -------- d-----w- c:\documents and settings\cauan\Dados de aplicativos\Vso
2011-10-14 05:30 . 2009-09-02 16:44 102439 ----a-w- c:\windows\system32\sipr3260.dll
2011-10-14 05:30 . 2009-09-02 16:44 65602 ----a-w- c:\windows\system32\cook3260.dll
2011-10-14 05:30 . 2009-09-02 16:44 217127 ----a-w- c:\windows\system32\drv43260.dll
2011-10-14 05:30 . 2009-09-02 16:44 208935 ----a-w- c:\windows\system32\drv33260.dll
2011-10-14 05:30 . 2009-09-02 16:44 176165 ----a-w- c:\windows\system32\drv23260.dll
2011-10-14 05:30 . 2009-09-02 16:44 626688 ----a-w- c:\windows\system32\vp7vfw.dll
2011-10-14 05:30 . 2009-09-02 16:44 1184984 ----a-w- c:\windows\system32\wvc1dmod.dll
2011-10-14 05:30 . 2011-10-14 05:31 -------- d-----w- c:\arquivos de programas\VSO
2011-10-06 04:27 . 2011-10-06 04:27 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\{3C0AACBF-B491-4BE5-BAF9-AA46E0629E42}
2011-10-03 21:14 . 2011-10-03 22:23 97961 ----a-w- c:\windows\system32\drivers\klick.dat
2011-10-03 21:14 . 2011-10-03 22:23 115369 ----a-w- c:\windows\system32\drivers\klin.dat
2011-10-03 21:12 . 2011-10-24 17:25 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Kaspersky Lab
2011-10-03 21:12 . 2011-10-03 21:12 -------- d-----w- c:\arquivos de programas\Kaspersky Lab
2011-10-03 20:55 . 2011-10-03 20:55 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Kaspersky Lab Setup Files
2011-10-03 16:41 . 2010-05-07 15:37 150200 ----a-w- c:\arquivos de programas\Mozilla Firefox\extensions\linkfilter@kaspersky.ru\components\kavlinkfilter.dll
2011-09-26 06:58 . 2011-09-26 06:58 -------- d-----w- c:\documents and settings\cauan\Configurações locais\Dados de aplicativos\PackageAware
.
.
.
((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-21 18:17 . 2009-08-19 01:10 69632 ----a-w- c:\windows\system32\HPZipm12.exe
2011-08-31 20:00 . 2009-10-03 03:47 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-09-30 07:11 . 2011-05-06 06:24 134104 ----a-w- c:\arquivos de programas\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))
.
.
Nota entradas vazias e legítimas por padrão não são apresentadas.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\arquivos de programas\Windows Live\Messenger\msnmsgr.exe" [2010-04-17 3872080]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\arquivos de programas\Analog Devices\Core\smax4pnp.exe" [2005-05-20 925696]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-01-03 13508608]
"BigDog303"="c:\windows\VM303_STI.EXE" [2005-10-25 61440]
"Malwarebytes' Anti-Malware"="c:\arquivos de programas\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
"TkBellExe"="c:\arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" [2009-08-16 198160]
"AVP"="c:\arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe" [2011-10-22 340520]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\fsproflt]
@=""
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Adobe Reader Speed Launch.lnk]
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Enable Office Keyboard Driver.lnk]
path=c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\Enable Office Keyboard Driver.lnk
backup=c:\windows\pss\Enable Office Keyboard Driver.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^HP Digital Imaging Monitor.lnk]
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^cauan^Menu Iniciar^Programas^Inicializar^Adobe Gamma.lnk]
backup=c:\windows\pss\Adobe Gamma.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\init]
01 [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2005-10-28 19:25 94208 ----a-w- c:\arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BigDog303]
2005-10-25 15:56 61440 ----a-w- c:\windows\VM303_STI.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
2006-11-12 10:48 157592 ----a-w- c:\arquivos de programas\DAEMON Tools\daemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FlashPlayerUpdate]
2009-07-18 03:12 257440 ----a-r- c:\windows\system32\Macromed\Flash\FlashUtil10c.exe
.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2011-05-10 20:38	136176	----atw-	c:\documents and settings\cauan\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2006-02-19 05:41	49152	----a-w-	c:\arquivos de programas\HP\HP Software Update\hpwuSchd2.exe
.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn Hamachi Ui]
2011-08-04 17:34 1955208 ----a-w- c:\arquivos de programas\LogMeIn Hamachi\hamachi-2-ui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]
2011-08-31 20:00 449608 ----a-w- c:\arquivos de programas\Malwarebytes' Anti-Malware\mbamgui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MULTIMEDIA KEYBOARD]
2002-01-31 18:13 151552 ----a-w- c:\arquivos de programas\Netropa\Multimedia Keyboard\MMKeybd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 13:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2008-01-03 14:26 13508608 ----a-w- c:\windows\system32\nvcpl.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-11-11 01:08 417792 ----a-w- c:\arquivos de programas\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2011-01-03 17:44 15028104 ----a-r- c:\arquivos de programas\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2011-04-08 15:59	254696	----a-w-	c:\arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe
.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2009-08-16 07:24 198160 ----a-w- c:\arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2009-07-01 16:37 37888 ----a-w- c:\arquivos de programas\Winamp\winampa.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Arquivos de programas\\BitTorrent\\bittorrent.exe"=
"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Arquivos de programas\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Arquivos de programas\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Arquivos de programas\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\WINDOWS\\system32\\ftp.exe"=
"c:\\Arquivos de programas\\Skype\\Phone\\Skype.exe"=
"c:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Documents and Settings\\cauan\\Configurações locais\\Dados de aplicativos\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"21:TCP"= 21:TCP:ftpx
"21:UDP"= 21:UDP:ftpy
.
R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [14/10/2009 21:18 36880]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [31/7/2009 21:28 646392]
R1 kbfilter;Keyboard Filter Driver;c:\windows\system32\drivers\kbfilter.sys [19/11/2009 15:00 10240]
R1 msikbd2k;Multimedia Keyboard Filter Driver;c:\windows\system32\drivers\Msikbd2k.sys [6/12/2009 01:23 6656]
R1 UsbFltr;WayTechUSBFilterDriver;c:\windows\system32\drivers\UsbFltr.sys [19/11/2009 15:00 9600]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [14/9/2009 13:42 32272]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [2/10/2009 19:39 19472]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [3/10/2009 01:47 22216]
S1 GF738Drv;GameFort 7.38;\??\c:\documents and settings\cauan\Desktop\Jogos\RAG\GF738_32.sys --> c:\documents and settings\cauan\Desktop\Jogos\RAG\GF738_32.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18/3/2010 14:16 130384]
S2 gupdate;Google Update Service (gupdate);c:\arquivos de programas\Google\Update\GoogleUpdate.exe [23/5/2011 14:26 136176]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\arquivos de programas\LogMeIn Hamachi\hamachi-2.exe [4/8/2011 15:34 0]
S2 MBAMService;MBAMService;c:\arquivos de programas\Malwarebytes' Anti-Malware\mbamservice.exe [3/10/2009 01:47 0]
S2 nhksrv;Netropa NHK Server;c:\arquivos de programas\Netropa\Multimedia Keyboard\nhksrv.exe [6/12/2009 01:23 0]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;\??\c:\arquivos de programas\Arquivos comuns\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys --> c:\arquivos de programas\Arquivos comuns\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [?]
S3 GarenaPEngine;GarenaPEngine;\??\c:\docume~1\cauan\CONFIG~1\Temp\HTRB1.tmp --> c:\docume~1\cauan\CONFIG~1\Temp\HTRB1.tmp [?]
S3 GGSAFERDriver;GGSAFER Driver;\??\c:\arquivos de programas\Garena\safedrv.sys --> c:\arquivos de programas\Garena\safedrv.sys [?]
S3 gupdatem;Serviço do Google Update (gupdatem);c:\arquivos de programas\Google\Update\GoogleUpdate.exe [23/5/2011 14:26 136176]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2/8/2005 19:10 32512]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18/3/2010 14:16 753504]
.
Conteúdo da pasta 'Tarefas Agendadas'
.
2011-10-13 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\arquivos de programas\Apple Software Update\SoftwareUpdate.exe [2008-07-30 14:34]
.

2011-10-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2011-05-23 16:26]
.

2011-10-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2011-05-23 16:26]
.
.

------- Scan Suplementar -------
.
uInternet Connection Wizard,ShellNext = https://login.live.com/ppsecure/sha1auth.srf?lc=1046
uInternet Settings,ProxyOverride = local
IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{C96D40A8-18BF-4E8D-9769-374DEC533367}: NameServer = 208.67.222.222,208.67.220.220
FF - ProfilePath - c:\documents and settings\cauan\Dados de aplicativos\Mozilla\Firefox\Profiles\5sbtt2b4.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.br/
FF - prefs.js: keyword.URL - hxxp://br.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=685749&p=
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-10-25 05:06
Windows 5.1.2600 Service Pack 3 NTFS
.
Procurando processos ocultos ...
.
Procurando entradas auto inicializáveis ocultas ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
BigDog303 = c:\windows\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)????????????????0?????????@??????????????
.
Procurando ficheiros/arquivos ocultos ...
.
Varredura completada com sucesso
arquivos/ficheiros ocultos: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\GarenaPEngine]
"ImagePath"="\??\c:\docume~1\cauan\CONFIG~1\Temp\HTRB1.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------
.

• - - - - - - > 'winlogon.exe'(1192)

c:\windows\system32\CLBCATQ.DLL
c:\windows\system32\DNSAPI.dll
.
Tempo para conclusão: 2011-10-25 05:11:16
ComboFix-quarantined-files.txt 2011-10-25 07:11
ComboFix2.txt 2011-10-24 02:39
.
Pré-execução: 898.478.080 bytes disponíveis
Pós execução: 945.512.448 bytes disponíveis
.

• - End Of File - - B70F231D7A40ECDE0867DFE3CC83CA72

OK...log limpo. :)

*Clique [iniciar] > [Executar] > copie e cole:

c:\documents and settings\cauan\Desktop\ComboFix.exe /uninstall

*Clique [OK] e aguarde a mensagem: "ComboFix está desinstalado"

Um abraço.

Obrigado pela ajuda Wings !

:joia:

PROBLEMA RESOLVIDO

Caso o autor necessite que o tópico seja reaberto basta enviar uma Mensagem Privada para um Moderador com um link para o tópico.