Mensagem de erro ao iniciar o windows

Question

Gente, preciso de uma ajuda. Sempre que ligo o pc, quando entra na minha tela normal, vem duas mensagens de erro diferentes sobre 5 locais. Seguinte:

O Windows n&atilde;o consegue encontrar 'C:\Documents'. Certifique-se de que o nome foi digitado corretamente e tente de novo. Para procurar um arquivo, clique no bot&atilde;o 'Iniciar' e em 'Pesquisar'
E
N&atilde;o foi poss&iacute;vel carregar ou executar 'C:\Documents' especificado no Registro. Certifique-se de que o arquivo existe no computador ou remova a refer&ecirc;ncia a ele no Registro
Essas duas mensagens com esses 5 nomes: C:\Documents, and, Settings\user\configura&ccedil;&otilde;es, locais\Dados, de e aplicativos\ghhllsys.exe

Como posso corrigir esse problema? =/ Algu&eacute;m me ajuda?

Answer

Ol&aacute; kuki-chan

Instale o MalwareBytes

*Aguarde a atualiza&ccedil;&atilde;o e o programa ser&aacute; aberto automaticamente

*Selecione [Verifica&ccedil;&atilde;o R&aacute;pida]

*Clique [Verificar]

*Ao t&eacute;rmino, clique [OK] &gt; [Ver Resultados] &gt; [Remover Selecionados]

*Cole o relat&oacute;rio apresentado

Answer

&gt;&gt;&gt; t&oacute;pico movido da sala de Windows &gt;&gt;&gt;

japichin
Moderador

Answer

Malwarebytes Anti-Malware (Trial) 1.65.1.1000
www.malwarebytes.org

Vers&atilde;o da Base de Dados:  v2012.11.24.11

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 7.0.5730.13
user :: RENATA [administrador]

Prote&ccedil;&atilde;o: Permitir

24/11/2012 21:21:21
mbam-log-2012-11-24 (21-21-21).txt

Tipo de Verifica&ccedil;&atilde;o:  Verifica&ccedil;&atilde;o R&aacute;pida 
Op&ccedil;&otilde;es de verifica&ccedil;&otilde;es ativadas: Mem&oacute;ria | Inicializa&ccedil;&atilde;o | Registro | Sistema de arquivos  | Heur&iacute;stica/Extra | Heur&iacute;stica/Shuriken | PUP | PUM
Op&ccedil;&otilde;es de verifica&ccedil;&atilde;o desativadas: P2P
Objetos escaneados:  214593
Tempo decorrido: 12 minuto(s), 58 segundo(s)

Processos de Mem&oacute;ria Detectados: 0
(N&atilde;o foram detectados &iacute;tens maliciosos)

M&oacute;dulos de Mem&oacute;ria Detectados: 0
(N&atilde;o foram detectados &iacute;tens maliciosos)

Chaves de Registro Detectadas: 1
HKCU\SOFTWARE\WakeNet (Trojan.Agent) -&gt; Enviado para a Quarentena e deletado com sucesso.

Valores de Registro Detectadas: 5
HKCU\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow|host-domain-lookup.com (Malware.Trace) -&gt; Data:  -&gt; Enviado para a Quarentena e deletado com sucesso.
HKCU\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow|www.host-domain-lookup.com (Malware.Trace) -&gt; Data:  -&gt; Enviado para a Quarentena e deletado com sucesso.
HKCU\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow|mysearchnow.com (Malware.Trace) -&gt; Data:  -&gt; Enviado para a Quarentena e deletado com sucesso.
HKCU\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow|www.mysearchnow.com (Malware.Trace) -&gt; Data:  -&gt; Enviado para a Quarentena e deletado com sucesso.
HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows|Load (PUM.UserWLoad) -&gt; Data: C:\Documents and Settings\user\Configura&ccedil;&otilde;es locais\Dados de aplicativos\ghhllsys.exe -&gt; Enviado para a Quarentena e deletado com sucesso.

Itens de Dados no Registro Detectadas: 0
(N&atilde;o foram detectados &iacute;tens maliciosos)

Pastas Detectadas: 0
(N&atilde;o foram detectados &iacute;tens maliciosos)

Arquivos Detectados: 1
C:\WINDOWS\Tasks\{810401E2-DDE0-454e-B0E2-AA89C9E5967C}.job (Trojan.FraudPack) -&gt; Enviado para a Quarentena e deletado com sucesso.

(fim)

Answer

Baixe o OTL (...de Old_Timer) e salve-o no Desktop (&Aacute;rea de Trabalho)

*Execute-o. Usu&aacute;rios do Windows Vista ou do Windows 7 devem clicar com o bot&atilde;o direito do mouse no arquivo e selecionar Executar como administrador

*Selecione:

Verificar All Users
Ignorar Arquivos Microsoft
Verificar Lop
Verificar Purity

*Clique [Verificar]

*Ao t&eacute;rmino, os relat&oacute;rios OTL.txt e Extras.txt ser&atilde;o criados no Desktop (&Aacute;rea de Trabalho)

Acesse este link

*Clique [Selecionar arquivo]

*Localize o arquivo OTL.txt no Desktop (&Aacute;rea de Trabalho) e clique [Abrir]

*Clique [Envoyer le fichier]

*Cole o link criado abaixo de Fichier envoy&eacute; avec succ&eacute;s! Copiez votre lien :

*Repita o procedimento para o relat&oacute;rio Extras.txt e cole o link

Answer

OTL:http://mydoc.tk/3/1643OTL.Txt
Extras:
http://mydoc.tk/3/442Extras.Txt

Answer

Ambos os relat&oacute;rios est&atilde;o incompletos.

Fa&ccedil;a novamente o upload e cole os links.

Answer

&Eacute; normal n&atilde;o ir completo?

OTL:
http://mydoc.tk/3/8413OTL.Txt
Extras:
http://mydoc.tk/3/8685Extras.Txt

Answer

Ambos incompletos novamente.

Execute novamente o OTL

*Selecione:

Verificar All Users
Ignorar Arquivos Microsoft
Verificar Lop
Verificar Purity

*Em Exame Extra do Registro, selecione Usar SafeList

*Clique [Verificar]

Acesse este link

*Clique [Selecionar arquivo]

*Localize o arquivo OTL.txt no Desktop (&Aacute;rea de Trabalho) e clique [Abrir]

*Clique [Envoyer le fichier]

*Cole o link criado abaixo de Fichier envoy&eacute; avec succ&eacute;s! Copiez votre lien :

*Repita o procedimento para o relat&oacute;rio Extras.txt e cole o link

Answer

OTL:http://mydoc.tk/3/2066OTL.Txt
Extras:
http://mydoc.tk/3/6533Extras.Txt

Agora deu certo?

Answer

Sim....est&aacute; correto.

Desinstale o Spybot

*Desative temporariamente seu antiv&iacute;rus

Baixe o ComboFix (...de sUBs) e salve-o no Desktop (&Aacute;rea de Trabalho)

*Execute-o.

*Usu&aacute;rios do Windows XP: Se o Console de Recupera&ccedil;&atilde;o do Microsoft Windows n&atilde;o estiver instalado, aceite a sua instala&ccedil;&atilde;o. Ap&oacute;s a instala&ccedil;&atilde;o do Console, clique [Sim].

*Aceite o contrato

*Aguarde a extra&ccedil;&atilde;o dos arquivos

*Aguarde a conclus&atilde;o das etapas...pode demorar!

*Evite usar o mouse e o teclado. N&atilde;o use nenhum outro programa at&eacute; que o ComboFix termine![/b]

*Aguarde o t&eacute;rmino e cole o relat&oacute;rio apresentado

Answer

ComboFix 12-11-24.02 - user 24/11/2012  23:34:22.1.2 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.55.1046.18.2039.1193 [GMT -2:00]
Executando de: c:\documents and settings\user\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
 ADS - WINDOWS: deleted 48 bytes in 1 streams. 
.
(((((((((((((((((((((((((((((((((((((   Outras Exclus&otilde;es   )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Dados de aplicativos\4C3B2B99-ECAA-4D9D-B9D5-9F7442A71C71
c:\documents and settings\All Users\Dados de aplicativos\D81EDBF9-D167-4011-B77D-211DF920EB80
c:\documents and settings\All Users\Dados de aplicativos\TEMP
c:\documents and settings\user\Dados de aplicativos\Desktopicon
c:\documents and settings\user\Dados de aplicativos\Desktopicon\mc.ico
c:\documents and settings\user\Dados de aplicativos\PriceGong
c:\documents and settings\user\Dados de aplicativos\PriceGong\Data\1.xml
c:\documents and settings\user\Dados de aplicativos\PriceGong\Data\a.xml
c:\documents and settings\user\Dados de aplicativos\PriceGong\Data\b.xml
c:\documents and settings\user\Dados de aplicativos\PriceGong\Data\c.xml
c:\documents and settings\user\Dados de aplicativos\PriceGong\Data\d.xml
c:\documents and settings\user\Dados de aplicativos\PriceGong\Data\e.xml
c:\documents and settings\user\Dados de aplicativos\PriceGong\Data\f.xml
c:\documents and settings\user\Dados de aplicativos\PriceGong\Data\g.xml
c:\documents and settings\user\Dados de aplicativos\PriceGong\Data\h.xml
c:\documents and settings\user\Dados de aplicativos\PriceGong\Data\i.xml
c:\documents and settings\user\Dados de aplicativos\PriceGong\Data\J.xml
c:\documents and settings\user\Dados de aplicativos\PriceGong\Data\k.xml
c:\documents and settings\user\Dados de aplicativos\PriceGong\Data\l.xml
c:\documents and settings\user\Dados de aplicativos\PriceGong\Data\m.xml
c:\documents and settings\user\Dados de aplicativos\PriceGong\Data\mru.xml
c:\documents and settings\user\Dados de aplicativos\PriceGong\Data
.xml
c:\documents and settings\user\Dados de aplicativos\PriceGong\Data\o.xml
c:\documents and settings\user\Dados de aplicativos\PriceGong\Data\p.xml
c:\documents and settings\user\Dados de aplicativos\PriceGong\Data\q.xml
c:\documents and settings\user\Dados de aplicativos\PriceGong\Data.xml
c:\documents and settings\user\Dados de aplicativos\PriceGong\Data\s.xml
c:\documents and settings\user\Dados de aplicativos\PriceGong\Data	.xml
c:\documents and settings\user\Dados de aplicativos\PriceGong\Data\u.xml
c:\documents and settings\user\Dados de aplicativos\PriceGong\Data\v.xml
c:\documents and settings\user\Dados de aplicativos\PriceGong\Data\w.xml
c:\documents and settings\user\Dados de aplicativos\PriceGong\Data\x.xml
c:\documents and settings\user\Dados de aplicativos\PriceGong\Data\y.xml
c:\documents and settings\user\Dados de aplicativos\PriceGong\Data\z.xml
c:\documents and settings\user\WINDOWS
c:\windows\IsUn0416.exe
c:\windows\system32\_000006_.tmp.dll
c:\windows\system32\43f1c37a-c8ee-40c4-ae97-245883ef2153.dll
c:\windows\system32\6ffdbcaf-f6c1-42d3-a4a9-c7957224a70b.dll
c:\windows\system32\SET46.tmp
c:\windows\system32\SET48.tmp
c:\windows\system32\SET54.tmp
c:\windows\system32\ST~5.tmp
c:\windows\system32\ST~6.tmp
c:\windows\XSxS
.
.
((((((((((((((((   Arquivos/Ficheiros criados de 2012-10-25 to 2012-11-25  ))))))))))))))))))))))))))))
.
.
2012-11-24 23:19 . 2012-11-24 23:19	--------	d-----w-	c:\documents and settings\user\Dados de aplicativos\Malwarebytes
2012-11-24 23:19 . 2012-11-24 23:19	--------	d-----w-	c:\documents and settings\All Users\Dados de aplicativos\Malwarebytes
2012-11-24 23:19 . 2012-11-24 23:19	--------	d-----w-	c:\arquivos de programas\Malwarebytes' Anti-Malware
2012-11-24 23:19 . 2012-09-29 21:54	22856	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-11-18 16:33 . 2012-11-18 16:33	--------	d-----w-	c:\arquivos de programas\Microsoft Visual Studio 8
2012-11-14 19:33 . 2012-11-24 17:29	--------	d-----w-	c:\windows\AutoKMS
.
.
.
(((((((((((((((((((((((((((((((((((((   Relat&oacute;rio Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-22 19:56 . 2004-08-04 03:38	1866496	----a-w-	c:\windows\system32\win32k.sys
2012-10-02 18:04 . 2004-08-04 03:45	58368	----a-w-	c:\windows\system32\synceng.dll
2012-09-26 22:57 . 2012-06-09 04:23	4659712	----a-w-	c:\windows\system32\Redemption.dll
2012-08-27 18:40 . 2004-08-04 03:45	832512	----a-w-	c:\windows\system32\wininet.dll
2012-08-27 18:40 . 2004-08-04 03:45	1830912	------w-	c:\windows\system32\inetcpl.cpl
2012-08-27 18:40 . 2004-08-04 03:45	78336	----a-w-	c:\windows\system32\ieencode.dll
2012-08-27 18:40 . 2004-08-04 03:45	17408	------w-	c:\windows\system32\corpol.dll
.
.
((((((((((((((((((((((((((   Pontos de Carregamento do Registro   )))))))))))))))))))))))))))))))))))))))
.
.
*Nota* entradas vazias e leg&iacute;timas por padr&atilde;o n&atilde;o s&atilde;o apresentadas. 
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
{b5d39f9d-9d08-4466-8f80-9873ed5124dd}= c:\arquivos de programas\Softonic.com.br_FF\prxtbSof2.dll [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{b5d39f9d-9d08-4466-8f80-9873ed5124dd}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b5d39f9d-9d08-4466-8f80-9873ed5124dd}]
2011-05-09 09:49	176936	----a-w-	c:\arquivos de programas\Softonic.com.br_FF\prxtbSof2.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{b5d39f9d-9d08-4466-8f80-9873ed5124dd}= c:\arquivos de programas\Softonic.com.br_FF\prxtbSof2.dll [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{b5d39f9d-9d08-4466-8f80-9873ed5124dd}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
{B5D39F9D-9D08-4466-8F80-9873ED5124DD}= c:\arquivos de programas\Softonic.com.br_FF\prxtbSof2.dll [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{b5d39f9d-9d08-4466-8f80-9873ed5124dd}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
SpybotSD TeaTimer=c:\arquivos de programas\Spybot - Search &amp; Destroy\TeaTimer.exe [2009-03-05 2260480]
Facebook Update=c:\documents and settings\user\Configura&ccedil;&otilde;es locais\Dados de aplicativos\Facebook\Update\FacebookUpdate.exe [2012-07-12 138096]
Gadwin PrintScreen=c:\arquivos de programas\Gadwin Systems\PrintScreen\PrintScreen.exe [2012-05-30 1842384]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
NvCplDaemon=c:\windows\system32\NvCpl.dll [2007-02-14 7630848]
NvMediaCenter=c:\windows\system32\NvMcTray.dll [2007-02-14 86016]
BigDogPath=c:\windows\VM_STI.EXE [2004-06-09 40960]
avast5=c:\arquivos de programas\Alwil Software\Avast5\avastUI.exe [2010-09-07 2838912]
SunJavaUpdateSched=c:\arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe [2011-04-08 254696]
GrooveMonitor=c:\arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe [2009-02-26 30040]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
Malwarebytes Anti-Malware=c:\arquivos de programas\Malwarebytes' Anti-Malware\mbamgui.exe [2012-09-29 766536]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
CTFMON.EXE=c:\windows\system32\CTFMON.EXE [2008-04-14 15360]
.
c:\documents and settings\user\Menu Iniciar\Programas\Inicializar\
SolidWorks Task Scheduler Engine.lnk - c:\arquivos de programas\SolidWorks\swScheduler\swBOEngine.exe [N/A]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@=Service
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@=Driver
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Adobe Gamma Loader.lnk]
path=c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\Adobe Gamma Loader.lnk
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^user^Menu Iniciar^Programas^Inicializar^Adobe Gamma.lnk]
path=c:\documents and settings\user\Menu Iniciar\Programas\Inicializar\Adobe Gamma.lnk
backup=c:\windows\pss\Adobe Gamma.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^user^Menu Iniciar^Programas^Inicializar^Jogar RagnaPRoject.lnk]
path=c:\documents and settings\user\Menu Iniciar\Programas\Inicializar\Jogar RagnaPRoject.lnk
backup=c:\windows\pss\Jogar RagnaPRoject.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\3288]
2009-05-20 02:51	86016	-c----r-	c:\arquivos de programas\PC Camera\3288.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
2005-05-03 10:43	69632	-c----r-	c:\windows\Alcmtr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2008-12-21 16:51	133104	----atw-	c:\documents and settings\user\Configura&ccedil;&otilde;es locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
2007-05-15 17:55	1057328	-c--a-w-	c:\arquivos de programas\Nero\Nero 7\InCD\InCD.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
2006-12-06 00:55	54832	-c--a-w-	c:\arquivos de programas\CyberLink\PowerDVD\Language\Language.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2007-03-01 17:57	153136	-c--a-w-	c:\arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg
wiz]
2007-02-14 05:32	1519616	-c--a-w-	c:\windows\system32
wiz.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2006-11-23 17:10	56928	-c----w-	c:\arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2006-08-01 11:10	16049664	-c----r-	c:\windows\RTHDCPL.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SecurDisc]
2007-05-15 17:55	1628208	-c--a-w-	c:\arquivos de programas\Nero\Nero 7\InCD\NBHGui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
2006-05-16 10:04	2879488	-c----r-	c:\windows\SkyTel.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2008-08-11 17:54	68856	----a-w-	c:\arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\whs32.exe]
c:\documents and settings\user\Configura&ccedil;&otilde;es locais\Dados de aplicativos\whs32.exe [BU]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WTClient]
2007-04-11 16:27	40960	-c--a-w-	c:\windows\system32\WTClient.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversionun-disabled]
TkBellExe=c:\arquivos de programas\Arquivos comuns\Real\Update_OBealsched.exe  -osboot
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
%windir%\system32\sessmgr.exe=
c:\Arquivos de programas\CyberLink\PowerDVD\PowerDVD.exe=
c:\Arquivos de programas\uTorrent\uTorrent.exe=
c:\Arquivos de programas\Messenger\msmsgs.exe=
%windir%\Network Diagnostic\xpnetdiag.exe=
c:\WINDOWS\system32\rtcshare.exe=
c:\Arquivos de programas\BitTorrent\bittorrent.exe=
c:\WINDOWS\system32\dpvsetup.exe=
c:\Arquivos de programas\Microsoft Office\Office12\ONENOTE.EXE=
c:\Arquivos de programas\NetMeeting\conf.exe=
c:\Arquivos de programas\Warcraft III Demo\War3Demo.exe=
c:\Arquivos de programas\Google\Google Earth\plugin\geplugin.exe=
c:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe=
c:\WINDOWS\pchealth\helpctr\binaries\helpctr.exe=
c:\Arquivos de programas\Java\jre6\bin\javaw.exe=
c:\WINDOWS\system32\muzapp.exe=
c:\Arquivos de programas\Skype\Phone\Skype.exe=
c:\Documents and Settings\user\Configura&ccedil;&otilde;es locais\Dados de aplicativos\Facebook\Video\Skype\FacebookVideoCalling.exe=
c:\Arquivos de programas\Microsoft Office\Office12\OUTLOOK.EXE=
c:\Arquivos de programas\Microsoft Office\Office12\GROOVE.EXE=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
443:UDP= 443:UDP:*isabled:ooVoo UDP port 443
37674:TCP= 37674:TCP:*isabled:ooVoo TCP port 37674
37674:UDP= 37674:UDP:*isabled:ooVoo UDP port 37674
37675:UDP= 37675:UDP:*isabled:ooVoo UDP port 37675
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [8/1/2008 14:53 691696]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [17/7/2009 17:49 165584]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [17/7/2009 17:49 17744]
R2 MBAMScheduler;MBAMScheduler;c:\arquivos de programas\Malwarebytes' Anti-Malware\mbamscheduler.exe [24/11/2012 21:19 399432]
R2 MBAMService;MBAMService;c:\arquivos de programas\Malwarebytes' Anti-Malware\mbamservice.exe [24/11/2012 21:19 676936]
R2 Proteq;Proteq;c:\windows\system32\drivers\Proteq.sys [12/4/2007 10:14 7598]
R2 TabletServicePen;TabletServicePen;c:\arquivos de programas\Tablet\Pen\Pen_Tablet.exe [25/11/2011 13:06 6076272]
R2 TouchServicePen;Wacom Consumer Touch Service;c:\arquivos de programas\Tablet\Pen\Pen_TouchService.exe [25/11/2011 13:07 616816]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [24/11/2012 21:19 22856]
R3 PTSimBus;PenTablet Bus Enumerator;c:\windows\system32\drivers\PTSimBus.sys [7/6/2007 15:16 18944]
R3 VCSVADHWSer;Avnex Virtual Audio Device (WDM);c:\windows\system32\drivers\vcsvad.sys [14/10/2009 17:27 17792]
S2 SkypeUpdate;Skype Updater;c:\arquivos de programas\Skype\Updater\Updater.exe [13/7/2012 14:28 160944]
S3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys --&gt; c:\windows\system32\drivers\dgderdrv.sys [?]
S3 MotDev;Motorola Inc. USB Device;c:\windows\system32\drivers\motodrv.sys [30/11/2010 15:12 42752]
S3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [25/1/2010 21:22 47360]
S3 PTSimHid;PenTablet Simulated HID MiniDriver;c:\windows\system32\drivers\PTSimHid.sys [23/4/2007 13:28 10752]
S3 usbcamcl;Driver for video Device;c:\windows\system32\drivers\usbcamcl.sys [21/8/2010 01:25 31104]
S3 ZSMC302;VIMICRO USB PC Camera;c:\windows\system32\drivers\usbVM31b.sys [29/8/2009 23:35 91263]
.
--- =Outros Servi&ccedil;os/Drivers Na Mem&oacute;ria ---
.
*NewlyCreated* - IPFILTERDRIVER
*NewlyCreated* - MBAMPROTECTOR
*NewlyCreated* - MBAMSCHEDULER
*NewlyCreated* - MBAMSERVICE
.
Conte&uacute;do da pasta 'Tarefas Agendadas'
.
2012-11-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2010-07-01 03:01]
.
2012-11-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2010-07-01 03:01]
.
2012-11-24 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2009-03-31 01:18]
.
.
------- Scan Suplementar -------
.
uStart Page = hxxp://search.babylon.com/?AF=109867&amp;tt=090212_noffx&amp;babsrc=HP_ss&amp;mntrId=147ac34b0000000000000018f30d3e94
IE: &amp;Enviar para o OneNote - c:\arquiv~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: Add to AMV Convert Tool... - c:\arquivos de programas\MP3 Player Utilities 4.00\AMVConverter\grab.html
IE: E&amp;xportar para o Microsoft Excel - c:\arquiv~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: MediaManager tool grab multimedia file - c:\arquivos de programas\MP3 Player Utilities 4.00\MediaManager\grab.html
TCP: DhcpNameServer = 192.168.0.1
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} - hxxps://secure.gopetslive.com/dev/GoPetsWeb.cab
.
.
------- Associa&ccedil;&atilde;o de arquivos/ficheiros -------
.
.scr=AutoCADScriptFile
.
- - - - ORF&Atilde;OS REMOVIDOS - - - -
.
HKCU-Run-Seguranca - c:\documents and settings\user\Configura&ccedil;&otilde;es locais\Dados de aplicativos\systemCall.exe
HKCU-Run-EA Core - c:\arquivos de programas\Electronic Arts\EADM\Core.exe
HKCU-Run-MediaGet2 - c:\documents and settings\user\Configura&ccedil;&otilde;es locais\Dados de aplicativos\MediaGet2\mediaget.exe
MSConfigStartUp-BitTorrent DNA - c:\arquivos de programas\DNA\btdna.exe
MSConfigStartUp-EA Core - c:\arquivos de programas\Electronic Arts\EADM\Core.exe
MSConfigStartUp-whs32 - c:\documents and settings\user\Configura&ccedil;&otilde;es locais\Dados de aplicativos\whs32.exe
AddRemove-USB MP3 Player WIN98 Drivers - c:\arquivos de programas\MP3\U-MP3\Uninst.isu
AddRemove-{09FF4DB8-7DE9-4D47-B7DB-915DB7D9A8CA} - c:\documents and settings\All Users\Dados de aplicativos\{83C3B2FD-37EA-4C06-A228-E9B5E32FF0B1}\bm_installer.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-11-24 23:42
Windows 5.1.2600 Service Pack 3 NTFS
.
Procurando processos ocultos ... 
.
Procurando entradas auto inicializ&aacute;veis ocultas ... 
.
Procurando ficheiros/arquivos ocultos ... 
.
Varredura completada com sucesso
arquivos/ficheiros ocultos: 0
.
**************************************************************************
.
Tempo para conclus&atilde;o: 2012-11-24  23:45:32
ComboFix-quarantined-files.txt  2012-11-25 01:45
.
Pr&eacute;-execu&ccedil;&atilde;o: 8.861.913.088 bytes dispon&iacute;veis
P&oacute;s execu&ccedil;&atilde;o: 22 pasta(s) 10.046.414.848 bytes dispon&iacute;veis
.
WindowsXP-KB310994-SP2-Pro-BootDisk-PTG.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT=Microsoft Windows Recovery Console /cmdcons
UnsupportedDebug=do not select this /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS=Microsoft Windows XP Professional /noexecute=optin /fastdetect
.
- - End Of File - - 87AC4F821985AC6CD8196223070D7D50

Answer

Seu Avast est&aacute; bem desatualizado. Depois resolveremos isto.

Vc desinstalou o Spybot conforme solicitei?

Abra o bloco de notas e cole nele as linhas em azul:

File::
c:\documents and settings\user\Configura&ccedil;&otilde;es locais\Dados de aplicativos\whs32.exe
Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\whs32.exe]

*Salve o arquivo no desktop como CFScript.txt

*Arraste-o para o Combofix conforme ilustra&ccedil;&atilde;o abaixo:

*Enquanto o combofix estiver em execu&ccedil;&atilde;o, n&atilde;o use o mouse nem o teclado!!

*Cole o relat&oacute;rio apresentado

Answer

ComboFix 12-11-24.02 - user 25/11/2012   0:11.2.2 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.55.1046.18.2039.1442 [GMT -2:00]
Executando de: c:\documents and settings\user\Desktop\ComboFix.exe
Comandos utilizados :: c:\documents and settings\user\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((   Arquivos/Ficheiros criados de 2012-10-25 to 2012-11-25  ))))))))))))))))))))))))))))
.
.
2012-11-24 23:19 . 2012-11-24 23:19	--------	d-----w-	c:\documents and settings\user\Dados de aplicativos\Malwarebytes
2012-11-24 23:19 . 2012-11-24 23:19	--------	d-----w-	c:\documents and settings\All Users\Dados de aplicativos\Malwarebytes
2012-11-24 23:19 . 2012-11-24 23:19	--------	d-----w-	c:\arquivos de programas\Malwarebytes' Anti-Malware
2012-11-24 23:19 . 2012-09-29 21:54	22856	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-11-18 16:33 . 2012-11-18 16:33	--------	d-----w-	c:\arquivos de programas\Microsoft Visual Studio 8
2012-11-14 19:33 . 2012-11-24 17:29	--------	d-----w-	c:\windows\AutoKMS
.
.
.
(((((((((((((((((((((((((((((((((((((   Relat&oacute;rio Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-22 19:56 . 2004-08-04 03:38	1866496	----a-w-	c:\windows\system32\win32k.sys
2012-10-02 18:04 . 2004-08-04 03:45	58368	----a-w-	c:\windows\system32\synceng.dll
2012-09-26 22:57 . 2012-06-09 04:23	4659712	----a-w-	c:\windows\system32\Redemption.dll
2012-08-27 18:40 . 2004-08-04 03:45	832512	----a-w-	c:\windows\system32\wininet.dll
2012-08-27 18:40 . 2004-08-04 03:45	1830912	------w-	c:\windows\system32\inetcpl.cpl
2012-08-27 18:40 . 2004-08-04 03:45	78336	----a-w-	c:\windows\system32\ieencode.dll
2012-08-27 18:40 . 2004-08-04 03:45	17408	------w-	c:\windows\system32\corpol.dll
.
.
((((((((((((((((((((((((((   Pontos de Carregamento do Registro   )))))))))))))))))))))))))))))))))))))))
.
.
*Nota* entradas vazias e leg&iacute;timas por padr&atilde;o n&atilde;o s&atilde;o apresentadas. 
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
{b5d39f9d-9d08-4466-8f80-9873ed5124dd}= c:\arquivos de programas\Softonic.com.br_FF\prxtbSof2.dll [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{b5d39f9d-9d08-4466-8f80-9873ed5124dd}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b5d39f9d-9d08-4466-8f80-9873ed5124dd}]
2011-05-09 09:49	176936	----a-w-	c:\arquivos de programas\Softonic.com.br_FF\prxtbSof2.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{b5d39f9d-9d08-4466-8f80-9873ed5124dd}= c:\arquivos de programas\Softonic.com.br_FF\prxtbSof2.dll [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{b5d39f9d-9d08-4466-8f80-9873ed5124dd}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
{B5D39F9D-9D08-4466-8F80-9873ED5124DD}= c:\arquivos de programas\Softonic.com.br_FF\prxtbSof2.dll [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{b5d39f9d-9d08-4466-8f80-9873ed5124dd}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
Facebook Update=c:\documents and settings\user\Configura&ccedil;&otilde;es locais\Dados de aplicativos\Facebook\Update\FacebookUpdate.exe [2012-07-12 138096]
Gadwin PrintScreen=c:\arquivos de programas\Gadwin Systems\PrintScreen\PrintScreen.exe [2012-05-30 1842384]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
NvCplDaemon=c:\windows\system32\NvCpl.dll [2007-02-14 7630848]
NvMediaCenter=c:\windows\system32\NvMcTray.dll [2007-02-14 86016]
BigDogPath=c:\windows\VM_STI.EXE [2004-06-09 40960]
avast5=c:\arquivos de programas\Alwil Software\Avast5\avastUI.exe [2010-09-07 2838912]
SunJavaUpdateSched=c:\arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe [2011-04-08 254696]
GrooveMonitor=c:\arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe [2009-02-26 30040]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
CTFMON.EXE=c:\windows\system32\CTFMON.EXE [2008-04-14 15360]
.
c:\documents and settings\user\Menu Iniciar\Programas\Inicializar\
SolidWorks Task Scheduler Engine.lnk - c:\arquivos de programas\SolidWorks\swScheduler\swBOEngine.exe [N/A]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@=Service
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@=Driver
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Adobe Gamma Loader.lnk]
path=c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\Adobe Gamma Loader.lnk
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^user^Menu Iniciar^Programas^Inicializar^Adobe Gamma.lnk]
path=c:\documents and settings\user\Menu Iniciar\Programas\Inicializar\Adobe Gamma.lnk
backup=c:\windows\pss\Adobe Gamma.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^user^Menu Iniciar^Programas^Inicializar^Jogar RagnaPRoject.lnk]
path=c:\documents and settings\user\Menu Iniciar\Programas\Inicializar\Jogar RagnaPRoject.lnk
backup=c:\windows\pss\Jogar RagnaPRoject.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\3288]
2009-05-20 02:51	86016	-c----r-	c:\arquivos de programas\PC Camera\3288.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
2005-05-03 10:43	69632	-c----r-	c:\windows\Alcmtr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2008-12-21 16:51	133104	----atw-	c:\documents and settings\user\Configura&ccedil;&otilde;es locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
2007-05-15 17:55	1057328	-c--a-w-	c:\arquivos de programas\Nero\Nero 7\InCD\InCD.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
2006-12-06 00:55	54832	-c--a-w-	c:\arquivos de programas\CyberLink\PowerDVD\Language\Language.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2007-03-01 17:57	153136	-c--a-w-	c:\arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg
wiz]
2007-02-14 05:32	1519616	-c--a-w-	c:\windows\system32
wiz.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2006-11-23 17:10	56928	-c----w-	c:\arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2006-08-01 11:10	16049664	-c----r-	c:\windows\RTHDCPL.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SecurDisc]
2007-05-15 17:55	1628208	-c--a-w-	c:\arquivos de programas\Nero\Nero 7\InCD\NBHGui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
2006-05-16 10:04	2879488	-c----r-	c:\windows\SkyTel.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2008-08-11 17:54	68856	----a-w-	c:\arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WTClient]
2007-04-11 16:27	40960	-c--a-w-	c:\windows\system32\WTClient.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversionun-disabled]
TkBellExe=c:\arquivos de programas\Arquivos comuns\Real\Update_OBealsched.exe  -osboot
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
%windir%\system32\sessmgr.exe=
c:\Arquivos de programas\CyberLink\PowerDVD\PowerDVD.exe=
c:\Arquivos de programas\uTorrent\uTorrent.exe=
c:\Arquivos de programas\Messenger\msmsgs.exe=
%windir%\Network Diagnostic\xpnetdiag.exe=
c:\WINDOWS\system32\rtcshare.exe=
c:\Arquivos de programas\BitTorrent\bittorrent.exe=
c:\WINDOWS\system32\dpvsetup.exe=
c:\Arquivos de programas\Microsoft Office\Office12\ONENOTE.EXE=
c:\Arquivos de programas\NetMeeting\conf.exe=
c:\Arquivos de programas\Warcraft III Demo\War3Demo.exe=
c:\Arquivos de programas\Google\Google Earth\plugin\geplugin.exe=
c:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe=
c:\WINDOWS\pchealth\helpctr\binaries\helpctr.exe=
c:\Arquivos de programas\Java\jre6\bin\javaw.exe=
c:\WINDOWS\system32\muzapp.exe=
c:\Arquivos de programas\Skype\Phone\Skype.exe=
c:\Documents and Settings\user\Configura&ccedil;&otilde;es locais\Dados de aplicativos\Facebook\Video\Skype\FacebookVideoCalling.exe=
c:\Arquivos de programas\Microsoft Office\Office12\OUTLOOK.EXE=
c:\Arquivos de programas\Microsoft Office\Office12\GROOVE.EXE=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
443:UDP= 443:UDP:*isabled:ooVoo UDP port 443
37674:TCP= 37674:TCP:*isabled:ooVoo TCP port 37674
37674:UDP= 37674:UDP:*isabled:ooVoo UDP port 37674
37675:UDP= 37675:UDP:*isabled:ooVoo UDP port 37675
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [8/1/2008 14:53 691696]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [17/7/2009 17:49 165584]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [17/7/2009 17:49 17744]
R2 MBAMScheduler;MBAMScheduler;c:\arquivos de programas\Malwarebytes' Anti-Malware\mbamscheduler.exe [24/11/2012 21:19 399432]
R2 MBAMService;MBAMService;c:\arquivos de programas\Malwarebytes' Anti-Malware\mbamservice.exe [24/11/2012 21:19 676936]
R2 Proteq;Proteq;c:\windows\system32\drivers\Proteq.sys [12/4/2007 10:14 7598]
R2 TabletServicePen;TabletServicePen;c:\arquivos de programas\Tablet\Pen\Pen_Tablet.exe [25/11/2011 13:06 6076272]
R2 TouchServicePen;Wacom Consumer Touch Service;c:\arquivos de programas\Tablet\Pen\Pen_TouchService.exe [25/11/2011 13:07 616816]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [24/11/2012 21:19 22856]
R3 PTSimBus;PenTablet Bus Enumerator;c:\windows\system32\drivers\PTSimBus.sys [7/6/2007 15:16 18944]
R3 VCSVADHWSer;Avnex Virtual Audio Device (WDM);c:\windows\system32\drivers\vcsvad.sys [14/10/2009 17:27 17792]
S2 SkypeUpdate;Skype Updater;c:\arquivos de programas\Skype\Updater\Updater.exe [13/7/2012 14:28 160944]
S3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys --&gt; c:\windows\system32\drivers\dgderdrv.sys [?]
S3 MotDev;Motorola Inc. USB Device;c:\windows\system32\drivers\motodrv.sys [30/11/2010 15:12 42752]
S3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [25/1/2010 21:22 47360]
S3 PTSimHid;PenTablet Simulated HID MiniDriver;c:\windows\system32\drivers\PTSimHid.sys [23/4/2007 13:28 10752]
S3 usbcamcl;Driver for video Device;c:\windows\system32\drivers\usbcamcl.sys [21/8/2010 01:25 31104]
S3 ZSMC302;VIMICRO USB PC Camera;c:\windows\system32\drivers\usbVM31b.sys [29/8/2009 23:35 91263]
.
--- =Outros Servi&ccedil;os/Drivers Na Mem&oacute;ria ---
.
*NewlyCreated* - WS2IFSL
.
Conte&uacute;do da pasta 'Tarefas Agendadas'
.
2012-11-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2010-07-01 03:01]
.
2012-11-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2010-07-01 03:01]
.
2012-11-25 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2009-03-31 01:18]
.
.
------- Scan Suplementar -------
.
uStart Page = hxxp://search.babylon.com/?AF=109867&amp;tt=090212_noffx&amp;babsrc=HP_ss&amp;mntrId=147ac34b0000000000000018f30d3e94
IE: &amp;Enviar para o OneNote - c:\arquiv~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: Add to AMV Convert Tool... - c:\arquivos de programas\MP3 Player Utilities 4.00\AMVConverter\grab.html
IE: E&amp;xportar para o Microsoft Excel - c:\arquiv~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: MediaManager tool grab multimedia file - c:\arquivos de programas\MP3 Player Utilities 4.00\MediaManager\grab.html
TCP: DhcpNameServer = 192.168.0.1
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} - hxxps://secure.gopetslive.com/dev/GoPetsWeb.cab
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-11-25 00:21
Windows 5.1.2600 Service Pack 3 NTFS
.
Procurando processos ocultos ... 
.
Procurando entradas auto inicializ&aacute;veis ocultas ... 
.
Procurando ficheiros/arquivos ocultos ... 
.
Varredura completada com sucesso
arquivos/ficheiros ocultos: 0
.
**************************************************************************
.
--------------------- DLLs Carregadas Sob os Processos em Execu&ccedil;&atilde;o ---------------------
.
- - - - - - - &gt; 'explorer.exe'(3328)
c:\windows\system32\WININET.dll
c:\windows\system32\msi.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Tempo para conclus&atilde;o: 2012-11-25  00:23:40
ComboFix-quarantined-files.txt  2012-11-25 02:23
ComboFix2.txt  2012-11-25 01:45
.
Pr&eacute;-execu&ccedil;&atilde;o: 21 pasta(s) 10.046.881.792 bytes dispon&iacute;veis
P&oacute;s execu&ccedil;&atilde;o: 22 pasta(s) 10.031.304.704 bytes dispon&iacute;veis
.
- - End Of File - - FEC4EA348E30E9A9215EF58B3FB0C166

Answer

Estamos terminando...

Tenha um pouco de paci&ecirc;ncia. Havia muita coisa para corrigir no seu PC.

Renomei o Combofix para Uninstall

*Execute-o, aguarde a mensagem ComboFix foi desinstalado e clique [OK]

*Delete o arquivo C:\Combofix.txt

Execute o OTL

*Selecione:

Verificar All Users
Ignorar Arquivos Microsoft
Verificar Lop
Verificar Purity

*Clique [Verificar]

*Cole apenas o relat&oacute;rio OTL.txt