[Resolvido!]BHO que não desaparece do registro

JSousa · Março 23, 2008

Oi, gente, a um tempinho atrás eu pedi a resolução de uma dúvida aqui e fui super bem atendido e ainda aprendi um pouco, e agora tá acontecedo algo com o meu computador que nem Hyjack This está resolvendo.

Apareceu uma pasta aqui no meu "Arquivos de Sistema" chamada CPV, e toda a vez que eu a deleto ela volta.

Ela está relacionada a um BHO que não desaparece do Hyjack This, ou melhor ele desaparece, mas minutos depois ele reaparece ele está destacado em vermelho no log abaixo.

O que ele fax é simples porém incômodo. Ele aleatóriamente coloca a janela do programa em que eu estou em segundo plano, fazendo com que eu tenha de clicar nela para voltar a usar.

Eu tenho um log em backup de um momento em que a minha máquina estava sem bugs e a única diferença entre esse "log perfeito" e agora é a presença disso.

Como faço para resolver esse problema? Nem restaurando o meu sistema pra UM MÊS atrás eu consegui resolver.

Muitíssimo obrigado já com antecedência e segue o log do HT.

Logfile of HijackThis v1.99.1

Scan saved at 11:31:50, on 23/3/2008

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\System32\msdtc.exe

C:\WINDOWS\System32\inetsrv\inetinfo.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7Debug\mdm.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\WINDOWS\System32\tcpsvcs.exe

C:\WINDOWS\System32\snmp.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\Tablet.exe

C:\WINDOWS\System32\mqsvc.exe

C:\WINDOWS\System32\mqtgsvc.exe

C:\WINDOWS\System32\WTablet\TabUserW.exe

C:\WINDOWS\System32\Tablet.exe

C:\Arquivos de programas\Intel\NCS\PROSet\PRONoMgr.exe

C:\Arquivos de programas\HP\hpcoretech\hpcmpmgr.exe

C:\ARQUIV~1\Nokia\NOKIAP~1\LAUNCH~1.EXE

C:\WINDOWS\SOUNDMAN.EXE

C:\Arquivos de programas\Arquivos comuns\{9050EA2C-09E5-1046-0630-030213030037}\Update.exe

C:\WINDOWS\System32\ctfmon.exe

C:\Arquivos de programas\Nokia\Nokia PC Suite 6\PcSync2.exe

C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe

C:\Arquivos de programas\Save\Save.exe

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

C:\Arquivos de programas\Arquivos comuns\PCSuite\Services\ServiceLayer.exe

C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexStoreSvr.exe

C:\ARQUIV~1\ARQUIV~1\Nokia\MPAPI\MPAPI3s.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\Documents and Settings\Administrador\Menu Iniciar\Programas\Acessórios\Ferramentas do sistema\HijackThis.exe

O2 - BHO: testCPV6 - {15421B84-3488-49A7-AD18-CBF84A3EFAF6} - C:\Arquivos de programas\CPV\CPV7.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dll

O2 - BHO: G-Buster Browser Defense Unibanco - {C41A1C0E-EA6C-11D4-B1B8-444553540008} - C:\WINDOWS\Downloaded Program Files\gbiehuni.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [PRONoMgr.exe] c:\Arquivos de programas\Intel\NCS\PROSet\PRONoMgr.exe

O4 - HKLM\..\Run: [HP Component Manager] "C:\Arquivos de programas\HP\hpcoretech\hpcmpmgr.exe"

O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\ARQUIV~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [iSUSPM] "C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\ISUSPM.exe" -scheduler

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe

O4 - HKCU\..\Run: [PcSync] C:\Arquivos de programas\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [WhenUSave] "C:\Arquivos de programas\Save\Save.exe"

O4 - Startup: Adobe Gamma.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\MSMSGS.EXE

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\MSMSGS.EXE

O17 - HKLM\System\CCS\Services\Tcpip\..\{6E9EADA7-558E-4508-994F-F5959C509A6D}: NameServer = 201.6.0.100,201.6.0.102

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Macromedia Shared\Service\Macromedia Licensing.exe

O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - c:\Arquivos de programas\Intel\NCS\Sync\NetSvc.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe

O23 - Service: ServiceLayer - Nokia. - C:\Arquivos de programas\Arquivos comuns\PCSuite\Services\ServiceLayer.exe

O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\System32\Tablet.exe

jgarcia · Março 23, 2008

Opa JSousa,

Baixe o ComboFix em:

ComboFix

1) Desabilite o seu anti-vírus temporariamente;

2) Dê um duplo-clique no combofix.exe e tecle "1" para prosseguir. O processo vai durar, em média, 10 minutos;

3) O ComboFix reiniciará o PC automaticamente, a fim de que o processo de remoção seja finalizado (somente se houver infecção);

4) Quando a varredura acabar, será gerado um log, que estará em C:\ComboFix.txt;

5) Não clique na janela do ComboFix, nem feche clicando no X, enquanto a ferramenta estiver sendo executada, pois isto implicará na desconfiguração de seu desktop (ele ficará todo branco);

6) Para parar ou sair do ComboFix, tecle "N";

7) Reabilite o seu anti-vírus;

8) Preciso que você cole o conteúdo do ComboFix.txt em sua próxima resposta, juntamente com um novo log do HijackThis.

Abraços.

JSousa · Março 24, 2008

Antes de mais nada (porque educação não ocupa espaço :) ), muitíssimo obrigado pela rapidez na resposta jgarcia!

Segue o log do combofix:

ComboFix 08-03-23.2 - Administrador 2008-03-23 23:00:00.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.1.1252.1.1046.18.218 [GMT -3:00]

Executando de: C:\Documents and Settings\Administrador\Desktop\ComboFix.exe

* Criado um novo ponto de restauro

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

-- Other TimeOuts --

VFind -td "C:\WINDOWS\system32\baiso*"

CF10170.exe /c " VFind.exe -ltf -s-1300000 -d+2007-12-24 C:\WINDOWS\* >Windir.dat"

VFind.exe -ltf -s-1300000 -d+2007-12-24 C:\WINDOWS\*

CF10170.exe /c " VFind.exe -ltf -s-1000000 -d+2007-12-24 "C:\Arquivos de programas\*" >progfile.dat"

VFind.exe -ltf -s-1000000 -d+2007-12-24 "C:\Arquivos de programas\*"

CF10170.exe /c " dir /a/s/b C:\_desktop.ini C:\desktop_.ini C:\cnsmin* C:\_install.exe >DirRoot"

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\Arquivos de programas\Arquivos comuns\{3050E~1

C:\Arquivos de programas\Arquivos comuns\{3050E~1\UnInstall.exe

C:\Arquivos de programas\Arquivos comuns\{9050E~1

C:\Arquivos de programas\Arquivos comuns\{9050E~1\system.dll

C:\Arquivos de programas\Arquivos comuns\{9050E~1\Update.exe

C:\Arquivos de programas\Arquivos comuns\{9050E~2

C:\Arquivos de programas\Arquivos comuns\{9050E~2\system.dll

C:\Arquivos de programas\Arquivos comuns\{9050E~2\Update.exe

C:\Arquivos de programas\Drmupgds

C:\Arquivos de programas\Drmupgds\Drmupgds.exe

C:\Arquivos de programas\inetget2

C:\Arquivos de programas\Insider

C:\Arquivos de programas\Insider\Insider.exe

C:\Arquivos de programas\Insider\UnInstall.exe

C:\Arquivos de programas\JavaCore

C:\Arquivos de programas\JavaCore\JavaCore.exe

C:\Arquivos de programas\JavaCore\UnInstall.exe

C:\Arquivos de programas\Temporary

C:\Arquivos de programas\Temporary\InsiDERInst.exe

C:\Arquivos de programas\xInsIDE

C:\Arquivos de programas\xInsIDE\xInsIDE.exe

C:\Documents and Settings\Administrador\Dados de aplicativos\searchtoolbarcorp

C:\Documents and Settings\Administrador\Dados de aplicativos\searchtoolbarcorp\Toolbar Vision\PageHistory.txt

C:\Documents and Settings\Administrador\Dados de aplicativos\searchtoolbarcorp\Toolbar Vision\WebHistory.txt

C:\Documents and Settings\Administrador\Dados de aplicativos\WinTouch

C:\Documents and Settings\Administrador\Dados de aplicativos\WinTouch\wintouch.cfg

C:\Documents and Settings\Administrador\Dados de aplicativos\WinTouch\WinTouch.exe

C:\Documents and Settings\Administrador\Dados de aplicativos\WinTouch\WTUninstaller.exe

C:\WINDOWS\NDNuninstall4_85.exe

C:\WINDOWS\system32\Cache

C:\WINDOWS\system32\mcrh.tmp

C:\WINDOWS\system32\svchosts.exe

C:\WINDOWS\system32\unsvchosts.exe

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Legacy_CLIENT_IP-IPX

-------\Legacy_IPRIP

-------\Service_Client IP-IPX

((((((((((((((((((((((((( Files Created from 2008-02-24 to 2008-03-24 )))))))))))))))))))))))))))))))

.

2008-03-23 11:25 . 2008-03-23 22:55 <DIR> d-------- C:\Arquivos de programas\CPV

2008-03-13 19:55 . 2008-03-23 11:17 <DIR> d-------- C:\Arquivos de programas\Phun

2008-03-10 12:29 . 2008-03-23 11:18 <DIR> d-------- C:\Arquivos de programas\nvcoi

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-03-24 02:07 --------- d-----w C:\Documents and Settings\Administrador\Dados de aplicativos\WTablet

2008-03-24 01:56 --------- d-----w C:\Arquivos de programas\Save

2008-03-23 16:32 --------- d-----w C:\Arquivos de programas\Mozilla Thunderbird

2008-03-23 14:18 --------- d-----w C:\Documents and Settings\Administrador\Dados de aplicativos\uTorrent

2008-02-07 03:27 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Alias

2008-02-07 03:26 --------- d-----w C:\Arquivos de programas\Alias

2008-02-07 03:24 --------- d-----w C:\Documents and Settings\Administrador\Dados de aplicativos\Alias

2008-01-26 20:15 --------- d-----w C:\Arquivos de programas\DivX

2008-01-25 10:30 --------- d-----w C:\Documents and Settings\NetworkService\Dados de aplicativos\PC Suite

2008-01-21 14:41 51,716 ----a-w C:\WINDOWS\system32\pdf995mon.dll

2008-01-21 14:41 249,856 ----a-w C:\WINDOWS\system32\pdfmona.dll

2007-12-28 14:14 10 ----a-w C:\Arquivos de programas\.autoreg

2007-12-24 16:49 7,680 ----a-w C:\WINDOWS\system32\ff_vfw.dll

2007-05-31 18:01 21,856 ----a-w C:\Documents and Settings\Administrador\Dados de aplicativos\GDIPFONTCACHEV1.DAT

2006-09-29 02:57 24,192 ----a-w C:\Documents and Settings\Administrador\usbsermptxp.sys

2006-09-29 02:57 22,768 ----a-w C:\Documents and Settings\Administrador\usbsermpt.sys

2006-08-14 01:21 284 ----a-w C:\Documents and Settings\Administrador\Dados de aplicativos\ViewerApp.dat

2006-03-20 18:37 5,689,344 ----a-w C:\Arquivos de programas\mplayerc.exe

2004-10-31 17:39 56 --sha-r C:\WINDOWS\system32\2873A136F7.sys

2002-09-09 14:08 558,080 --sh--r C:\WINDOWS\system32\igfotyhzez.exe

2004-10-31 17:39 1,682 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{15421B84-3488-49A7-AD18-CBF84A3EFAF6}]

2008-03-23 22:55 51200 --a------ C:\Arquivos de programas\CPV\CPV7.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\System32\ctfmon.exe" [2002-09-09 11:08 13312]

"PcSync"="C:\Arquivos de programas\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-06-27 16:21 1449984]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe" [2006-11-16 18:04 139264]

"WhenUSave"="C:\Arquivos de programas\Save\Save.exe" [2006-08-25 14:45 803184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2005-06-15 17:20 6803456]

"nwiz"="nwiz.exe" [2005-06-15 17:20 1519616 C:\WINDOWS\system32\nwiz.exe]

"PRONoMgr.exe"="c:\Arquivos de programas\Intel\NCS\PROSet\PRONoMgr.exe" [2002-10-23 10:15 86016]

"HP Component Manager"="C:\Arquivos de programas\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 07:38 241664]

"MsmqIntCert"="regsvr32 /s mqrt.dll" []

"NvMediaCenter"="C:\WINDOWS\System32\NvMcTray.dll" [2005-06-15 17:20 86016]

"PCSuiteTrayApplication"="C:\ARQUIV~1\Nokia\NOKIAP~1\LAUNCH~1.exe" [2006-06-15 12:36 229376]

"NeroFilterCheck"="C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe" [2006-01-12 14:40 155648]

"SoundMan"="SOUNDMAN.EXE" [2006-11-17 04:42 577536 C:\WINDOWS\SOUNDMAN.EXE]

"ISUSPM"="C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\ISUSPM.exe" [ ]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2002-09-09 11:08 13312]

"Mioft Wiws Seice ent"="igfotyhzez.exe" [2002-09-09 11:08 558080 C:\WINDOWS\system32\igfotyhzez.exe]

C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\

HP Digital Imaging Monitor.lnk - C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe [2003-09-16 04:19:24 237568]

Microsoft Office.lnk - C:\Arquivos de programas\Microsoft Office\Office10\OSA.EXE [2001-02-13 09:01:04 83360]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\run]

"{9050EA2C-09E5-1046-0630-030213030037}"= "C:\Arquivos de programas\Arquivos comuns\{9050EA2C-09E5-1046-0630-030213030037}\Update.exe" te-110-12-0000257

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer\run]

"{9050EA2C-09E5-1046-0630-030213030037}"= "C:\Arquivos de programas\Arquivos comuns\{9050EA2C-09E5-1046-0630-030213030037}\Update.exe" te-110-12-0000257

"{9050EA2C-09E6-1046-0630-030213030037}"= "C:\Arquivos de programas\Arquivos comuns\{9050EA2C-09E6-1046-0630-030213030037}\Update.exe" te-110-12-0000257

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]

"{E37CB5F0-51F5-4395-A808-5FA49E399008}"= C:\WINDOWS\Downloaded Program Files\gbiehuni.dll [2006-11-06 16:25 211112]

[HKLM\~\startupfolder\C:^Documents and Settings^Administrador^Menu Iniciar^Programas^Inicializar^Cerberus FTP Server.lnk]

path=C:\Documents and Settings\Administrador\Menu Iniciar\Programas\Inicializar\Cerberus FTP Server.lnk

backup=C:\WINDOWS\pss\Cerberus FTP Server.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]

--a------ 2003-08-04 16:28 49152 C:\Arquivos de programas\HP\HP Software Update\HPWuSchd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Load]

--a------ 2004-09-10 15:05 32768 C:\TBridge\Flatbed.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MessengerDiscovery]

--a------ 2004-12-13 17:22 2510848 C:\Arquivos de programas\MessengerDiscovery\MessengerDiscovery.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MessengerPlus3]

--a------ 2006-02-21 01:02 190024 C:\Arquivos de programas\Messenger Plus! 3\MsgPlus.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

--a------ 2005-11-10 13:03 36975 C:\Arquivos de programas\Java\jre1.5.0_06\bin\jusched.exe

R2 DK2DRV;DK2 WindowsNT Driver;C:\WINDOWS\System32\Drivers\DK2DRV.SYS [2002-01-24 07:40]

R2 FLE5WNNT;FLE-5 WindowsNT Driver;C:\WINDOWS\System32\Drivers\fle5wnnt.sys [2004-07-27 14:37]

R2 FLSIFACE;FLSIface;C:\WINDOWS\System32\Drivers\flsiface.sys [2004-07-27 14:38]

R2 FLSPAR;FLSPar;C:\WINDOWS\System32\Drivers\flspar.sys [2004-07-27 14:39]

R2 FLSSER;FLSSer;C:\WINDOWS\System32\Drivers\flsser.sys [2003-10-16 14:02]

R2 FLSVCOM;FLSVCom;C:\WINDOWS\System32\Drivers\flsvcom.sys [2004-08-11 11:47]

R2 nvTUNEP;nVidia WDM TVTuner;C:\WINDOWS\System32\DRIVERS\nvtunep.sys [2003-09-16 01:16]

R2 nvtvSND;nVidia WDM TVAudio Crossbar;C:\WINDOWS\System32\DRIVERS\nvtvsnd.sys [2003-09-16 01:16]

R2 ppsio;PrmxPPDev;C:\WINDOWS\System32\drivers\ppsio.sys [1998-02-26 00:27]

R2 SMTPSVC;Simple Mail Transfer Protocol (SMTP);C:\WINDOWS\System32\inetsrv\inetinfo.exe [2001-10-28 09:06]

R3 wacommousefilter;Wacom Mouse Filter Driver;C:\WINDOWS\System32\DRIVERS\wacommousefilter.sys [2006-02-14 18:18]

R3 wacomvhid;Wacom Virtual Hid Driver;C:\WINDOWS\System32\DRIVERS\wacomvhid.sys [2006-11-15 16:55]

S3 NAL;Nal Service ;C:\WINDOWS\System32\Drivers\iqvw32.sys [2002-10-16 00:11]

.

**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-03-23 23:07:06

Windows 5.1.2600 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

------------------------ Other Running Processes ------------------------

.

C:\WINDOWS\System32\msdtc.exe

C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexStoreSvr.exe

C:\ARQUIV~1\ARQUIV~1\Nokia\MPAPI\MPAPI3s.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7Debug\mdm.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\WINDOWS\System32\tcpsvcs.exe

C:\WINDOWS\System32\snmp.exe

C:\WINDOWS\System32\Tablet.exe

C:\WINDOWS\System32\mqsvc.exe

C:\WINDOWS\System32\mqtgsvc.exe

C:\Arquivos de programas\Arquivos comuns\PCSuite\Services\ServiceLayer.exe

C:\WINDOWS\System32\WTablet\TabUserW.exe

C:\WINDOWS\System32\Tablet.exe

.

**************************************************************************

.

Completion time: 2008-03-23 23:09:27 - machine was rebooted

ComboFix-quarantined-files.txt 2008-03-24 02:09:25

E o Log do Hijack This:

Logfile of HijackThis v1.99.1

Scan saved at 23:10:15, on 23/3/2008

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Intel\NCS\PROSet\PRONoMgr.exe

C:\Arquivos de programas\HP\hpcoretech\hpcmpmgr.exe

C:\ARQUIV~1\Nokia\NOKIAP~1\LAUNCH~1.EXE

C:\WINDOWS\SOUNDMAN.EXE

C:\WINDOWS\System32\ctfmon.exe

C:\Arquivos de programas\Nokia\Nokia PC Suite 6\PcSync2.exe

C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexStoreSvr.exe

C:\ARQUIV~1\ARQUIV~1\Nokia\MPAPI\MPAPI3s.exe

C:\WINDOWS\System32\inetsrv\inetinfo.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7Debug\mdm.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\WINDOWS\System32\tcpsvcs.exe

C:\WINDOWS\System32\snmp.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\Tablet.exe

C:\WINDOWS\System32\mqsvc.exe

C:\WINDOWS\System32\mqtgsvc.exe

C:\Arquivos de programas\Arquivos comuns\PCSuite\Services\ServiceLayer.exe

C:\WINDOWS\System32\WTablet\TabUserW.exe

C:\WINDOWS\System32\Tablet.exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\system32\notepad.exe

C:\Documents and Settings\Administrador\Menu Iniciar\Programas\Acessórios\Ferramentas do sistema\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

O2 - BHO: testCPV6 - {15421B84-3488-49A7-AD18-CBF84A3EFAF6} - C:\Arquivos de programas\CPV\CPV7.dll