[Resolvido!]Meu Log do HijackThis

leonotre · Janeiro 5, 2008

Boa tarde pessoal.

Nessa semana pluguei um iPod de um amigo no meu computador, e depois disso, apareceram 2 arquivos em todas as partições do meu computador.

Os arquivos são esses: arquivos.exe e programa.exe .

Acontece que eu apago e sempre que reinicio o computador, eles aparece. Já rodei antivirus e anti-spyware, mas não acusa nada.

Baixei o HijackThis, segue o log se ajudar em alguma coisa, ou alguma solução para esse meu problema.

---------------------------------

Logfile of HijackThis v1.99.1

Scan saved at 12:19:16, on 5/1/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\Google\Google Talk\googletalk.exe

C:\Arquivos de programas\Nokia\Nokia PC Suite 6\LaunchApplication.exe

C:\Arquivos de programas\iTunes\iTunesHelper.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\GT-Plug\GtPlug.exe

C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe

C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\WINDOWS\system32\LckFldService.exe

C:\Arquivos de programas\Eset\nod32krn.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\iPod\bin\iPodService.exe

C:\WINDOWS\System32\alg.exe

C:\Arquivos de programas\PC Connectivity Solution\ServiceLayer.exe

c:\windows\system32\uwybf.exe

c:\windows\usezy.exe

c:\arquivos de programas\arquivos comuns\zadkj.exe

c:\windows\system\lelxh.exe

c:\windows\config\etfvz.exe

c:\windows\system32\mtjbz.exe

c:\windows\inf\hvmua.exe

C:\hijackthis\HijackThis.exe

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_02\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\arquivos de programas\google\googletoolbar1.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar1.dll

O4 - HKLM\..\Run: [nod32kui] "C:\Arquivos de programas\Eset\nod32kui.exe" /WAITSERVICE

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [googletalk] C:\Arquivos de programas\Google\Google Talk\googletalk.exe /autostart

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_02\bin\jusched.exe"

O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Arquivos de programas\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup

O4 - HKLM\..\Run: [iTunesHelper] "C:\Arquivos de programas\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [tDefault] c:\windows\system32\uwybf.exe

O4 - HKLM\..\Run: [settings] c:\windows\usezy.exe

O4 - HKLM\..\Run: [systemT] c:\windows\system\lelxh.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [GT-Plug Auto start] C:\Arquivos de programas\GT-Plug\GtPlug.exe

O4 - HKCU\..\Run: [swg] C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [RocketDock] "C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe"

O4 - HKCU\..\Run: [RSetting] c:\windows\inf\hvmua.exe

O4 - HKCU\..\Run: [userTools] c:\arquivos de programas\arquivos comuns\zadkj.exe

O4 - HKCU\..\Run: [CheckS] c:\windows\config\etfvz.exe

O4 - HKCU\..\Run: [DeviceSys] c:\windows\system32\mtjbz.exe

O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~1\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~1\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O17 - HKLM\System\CCS\Services\Tcpip\..\{7AA67C40-E679-4238-AAAC-1302299D3F65}: NameServer = 201.10.128.2 201.10.120.2

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Serviço iPod (iPod Service) - Apple Inc. - C:\Arquivos de programas\iPod\bin\iPodService.exe

O23 - Service: LckFldService - Unknown owner - C:\WINDOWS\system32\LckFldService.exe

O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Arquivos de programas\Eset\nod32krn.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: ScsiAccess - Unknown owner - C:\Arquivos de programas\Photodex\ProShowGold\ScsiAccess.exe

O23 - Service: ServiceLayer - Nokia. - C:\Arquivos de programas\PC Connectivity Solution\ServiceLayer.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

O23 - Service: Cópia de volume em memória (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe (file missing)

O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Arquivos de programas\Windows Live\installer\WLSetupSvc.exe

---------------------------------

Aguardo.

Obrigado!

:thumbsup:

jgarcia · Janeiro 6, 2008

Opa leonotre,

Baixe o ComboFix em:

ComboFix

1) Desabilite o seu anti-vírus temporariamente;

2) Dê um duplo-clique no combofix.exe e tecle "1" para prosseguir. O processo vai durar, em média, 10 minutos;

3) O ComboFix reiniciará o PC automaticamente, a fim de que o processo de remoção seja finalizado (somente se houver infecção);

4) Quando a varredura acabar, será gerado um log, que estará em C:\ComboFix.txt;

5) Não clique na janela do ComboFix, nem feche clicando no X, enquanto a ferramenta estiver sendo executada, pois isto implicará na desconfiguração de seu desktop (ele ficará todo branco);

6) Para parar ou sair do ComboFix, tecle "N";

7) Reabilite o seu anti-vírus;

8) Preciso que você cole o conteúdo do ComboFix.txt em sua próxima resposta, juntamente com um novo log do HijackThis.

Abraços.

leonotre · Janeiro 7, 2008

Opa jgarcia!

Obrigado pelas instruções! Segue o log do ComboFix:

-------------------------------------------------------------

ComboFix 08-01-07.5 - Leonardo 2008-01-07 18:40:54.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.204 [GMT -2:00]

Executando de: C:\Documents and Settings\Leonardo\Desktop\ComboFix.exe

* Criado um novo ponto de restauro

.

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

D:\Autorun.inf

E:\Autorun.inf

F:\Autorun.inf

.

((((((((((((((((((((((( Ficheiros criados de 2007-12-07 to 2008-01-07 ))))))))))))))))))))))))))))))))

.

2008-01-07 18:40 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe

2008-01-05 12:19 . 2008-01-05 12:19 <DIR> d-------- C:\hijackthis

2008-01-05 11:41 . 2008-01-05 11:41 <DIR> d--h----- C:\WINDOWS\system32\GroupPolicy

2008-01-05 11:35 . 2008-01-05 19:27 <DIR> d-------- C:\LinhaDefensiva

2008-01-04 14:24 . 2008-01-04 14:24 <DIR> d-------- C:\WINDOWS\WinAVI Video Converter 9.0

2008-01-04 14:24 . 2008-01-04 14:24 <DIR> d-------- C:\Arquivos de programas\WinAVI Video Converter 9.0

2007-12-31 10:35 . 2008-01-05 11:30 131,072 -r-hs---- C:\WINDOWS\usezy.exe

2007-12-31 10:35 . 2008-01-05 11:16 131,072 -r-hs---- C:\WINDOWS\system32\uwybf.exe

2007-12-31 10:35 . 2008-01-05 11:30 131,072 -r-hs---- C:\WINDOWS\system32\mtjbz.exe

2007-12-31 10:35 . 2008-01-05 11:30 131,072 -r-hs---- C:\WINDOWS\system\lelxh.exe

2007-12-31 10:35 . 2008-01-05 11:30 131,072 -r-hs---- C:\Arquivos de programas\Arquivos comuns\zadkj.exe

2007-12-25 21:46 . 2007-12-26 05:01 <DIR> d-------- C:\TEMPDVD

2007-12-24 14:06 . 2007-12-24 14:06 <DIR> d-------- C:\Documents and Settings\Leonardo\Dados de aplicativos\dvdcss

2007-12-24 14:00 . 2008-01-07 18:35 54,156 --ah----- C:\WINDOWS\QTFont.qfn

2007-12-24 14:00 . 2007-12-24 14:00 1,409 --a------ C:\WINDOWS\QTFont.for

2007-12-09 12:01 . 2007-12-09 12:01 <DIR> d-------- C:\Documents and Settings\Leonardo\Dados de aplicativos\Nokia Multimedia Player

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-01-05 14:14 131,072 --sh--r C:\WINDOWS\inf\hvmua.exe

2007-12-30 13:35 --------- d-----w C:\Documents and Settings\Leonardo\Dados de aplicativos\ADPHONE

2007-12-28 04:22 --------- d--h--w C:\Arquivos de programas\InstallShield Installation Information

2007-12-27 23:51 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\BVRP Software

2007-12-24 16:03 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\DVD Shrink

2007-12-20 21:10 --------- d-----w C:\Arquivos de programas\Messenger Plus! Live

2007-12-09 14:01 --------- d-----w C:\Documents and Settings\Leonardo\Dados de aplicativos\Nokia

2007-12-05 16:18 --------- d-----w C:\Documents and Settings\Leonardo\Dados de aplicativos\LimeWire

2007-12-05 12:58 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Nokia

2007-12-05 12:58 --------- d-----w C:\Arquivos de programas\Nokia

2007-12-05 12:58 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Nokia

2007-12-04 22:23 --------- d-----w C:\Documents and Settings\Karine\Dados de aplicativos\PC Suite

2007-12-04 18:09 --------- d-----w C:\Documents and Settings\Leonardo\Dados de aplicativos\PC Suite

2007-12-04 18:08 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\PC Suite

2007-12-04 17:25 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Downloaded Installations

2007-12-04 17:25 --------- d-----w C:\Arquivos de programas\Arquivos comuns\PCSuite

2007-12-04 17:24 --------- d-----w C:\Arquivos de programas\PC Connectivity Solution

2007-12-04 17:24 --------- d-----w C:\Arquivos de programas\DIFX

2007-12-04 17:22 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Installations

2007-12-03 21:36 --------- d-----w C:\Arquivos de programas\EaseAudioConverter

2007-11-29 22:27 --------- d-----w C:\Arquivos de programas\Red Kawa

2007-11-29 22:27 --------- d-----w C:\Arquivos de programas\AviSynth 2.5

2007-11-10 12:40 --------- d-----w C:\Documents and Settings\Karine\Dados de aplicativos\Winamp

2007-08-15 01:06 81,920 ----a-w C:\Documents and Settings\Leonardo\Dados de aplicativos\ezpinst.exe

2007-08-15 01:06 47,360 ----a-w C:\Documents and Settings\Leonardo\Dados de aplicativos\pcouffin.sys

2007-04-16 23:21 25,600 ----a-w C:\Documents and Settings\Leonardo\usbsermptxp.sys

2007-04-16 23:21 22,768 ----a-w C:\Documents and Settings\Leonardo\usbsermpt.sys

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

REGEDIT4

*Nota* entradas vazias & legítimas por defeito não são mostradas.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:45 15360]

"GT-Plug Auto start"="C:\Arquivos de programas\GT-Plug\GtPlug.exe" [2007-05-03 16:42 1015808]

"swg"="C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-08 23:10 68856]

"RocketDock"="C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe" [2007-03-18 20:05 630784]

"RSetting"="c:\windows\inf\hvmua.exe" [2008-01-05 12:14 131072]

"UserTools"="c:\arquivos de programas\arquivos comuns\zadkj.exe" [2008-01-05 11:30 131072]

"CheckS"="c:\windows\config\etfvz.exe" [2008-01-05 11:16 131072]

"DeviceSys"="c:\windows\system32\mtjbz.exe" [2008-01-05 11:30 131072]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"nod32kui"="C:\Arquivos de programas\Eset\nod32kui.exe" [2007-03-20 21:49 921600]

"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2001-12-31 14:04 3756032]

"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2001-12-31 14:04 46080]

"googletalk"="C:\Arquivos de programas\Google\Google Talk\googletalk.exe" [2007-01-01 20:54 3735552]

"SunJavaUpdateSched"="C:\Arquivos de programas\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 05:00 132496]

"PCSuiteTrayApplication"="C:\Arquivos de programas\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-06-18 15:10 271360]

"iTunesHelper"="C:\Arquivos de programas\iTunes\iTunesHelper.exe" [2007-09-26 14:42 267064]

"tDefault"="c:\windows\system32\uwybf.exe" [2008-01-05 11:16 131072]

"Settings"="c:\windows\usezy.exe" [2008-01-05 11:30 131072]

"SystemT"="c:\windows\system\lelxh.exe" [2008-01-05 11:30 131072]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 01:45 15360]

"Nokia.PCSync"="C:\Arquivos de programas\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-06-19 10:17 1241088]

C:\Documents and Settings\Leonardo\Menu Iniciar\Programas\Inicializar\

RocketDock.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe [2007-03-18 20:05:02]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"NoDesktopCleanupWizard"= 1 (0x1)

"ForceClassicControlPanel"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]

"UIHost"="C:\\WINDOWS\\system32\\logonui.exe"

R0 viamraid;viamraid;C:\WINDOWS\system32\DRIVERS\viamraid.sys [2006-08-06 14:06]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{89ff631e-8cad-11dc-be1e-0013d48bcdc2}]

\Shell\Auto\Command - I:\program.exe e

\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL program.exe e

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ccda364a-b79c-11dc-be6e-0013d48bcdc2}]

\Shell\Auto\Command - I:\program.exe e

\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL program.exe e

*Newly Created Service* - PROCEXP90

.

Conteúdo da pasta 'Tarefas Agendadas'

"2007-12-14 22:22:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"

- C:\Arquivos de programas\Apple Software Update\SoftwareUpdate.exe

.

**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-01-07 18:43:14

Windows 5.1.2600 Service Pack 2 NTFS

Procurando processos ocultos ...

Procurando entradas auto inicializáveis ocultas ...

Procurando ficheiros ocultos ...

Varredura completada com sucesso

Ficheiros ocultos: 0

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\lsass.exe [5.01.2600.2180]

-> C:\Arquivos de programas\Eset\pr_imon.dll

PROCESS: C:\WINDOWS\explorer.exe [6.00.2900.2180]

-> C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.dll

.

Tempo para conclusão: 2008-01-07 18:44:04

ComboFix-quarantined-files.txt 2008-01-07 20:43:48

-------------------------------------------------------------

Reiniciei o PC, mas os arquivos "arquivos.exe" e "program.exe" continuam aparecendo, mesmo depois de deletados, eles voltam...

Alguma solução que não seja formatar o PC???

Muito obrigado!

jgarcia · Janeiro 7, 2008

Reiniciei o PC, mas os arquivos "arquivos.exe" e "program.exe" continuam aparecendo, mesmo depois de deletados, eles voltam...

Alguma solução que não seja formatar o PC???

Calma. Vamos acabar com estas pragas. :thumbsup:

Bem, siga as instruções abaixo:

* Baixe o VundoFix.

* Dê duplo-clique sobre VundoFix.exe para iniciá-lo;

* Quando o VundoFix abrir clique em Scan for Vundo. Aguarde o término do scan que pode demorar algum tempo. Seja paciente;

* Terminado o scan clique em Remove Vundo;

* Você receberá um alerta perguntando se deseja remover os arquivos. Clique em YES. O seu desktop irá apagar (isto é normal);

* Para completar o scan será necessário reinicializar a máquina. Clique em OK;

* Favor postar o log do VundoFix (C:\vundofix.txt) em sua próxima resposta, juntamente com um novo do HijackThis.

Abraços.

leonotre · Janeiro 8, 2008

jgarcia, tá complicado aqui... Passei o Vundo, mas não detectou esses arquivos.

Coloquei "manualmente" na lista do Vundo, deletou, mas sempre volta só apertando F5.

Será que é por que meu HD é dividio em partições??? No principal (C:\) não tem esses arquivos, só no D, E e F.

Seguem os logs:

====================================

VundoFix V6.7.7

Checking Java version...

Sun Java not detected

Scan started at 18:29:04 8/1/2008

Listing files found while scanning....

C:\WINDOWS\United Football\uninstall.exe

Beginning removal...

Attempting to delete C:\WINDOWS\United Football\uninstall.exe

C:\WINDOWS\United Football\uninstall.exe Has been deleted!

Performing Repairs to the registry.

Done!

VundoFix V6.7.7

Checking Java version...

Sun Java not detected

Scan started at 18:40:07 8/1/2008

Listing files found while scanning....

No infected files were found.

VundoFix V6.7.7

Checking Java version...

Sun Java not detected

Scan started at 18:51:08 8/1/2008

Listing files found while scanning....

No infected files were found.

Beginning removal...

Attempting to delete D:\arquivos.exe

D:\arquivos.exe Has been deleted!

Attempting to delete D:\program.exe

D:\program.exe Has been deleted!

Attempting to delete E:\arquivos.exe

E:\arquivos.exe Has been deleted!

Attempting to delete E:\program.exe

E:\program.exe Has been deleted!

Attempting to delete F:\arquivos.exe

F:\arquivos.exe Has been deleted!

Attempting to delete F:\program.exe

F:\program.exe Has been deleted!

Performing Repairs to the registry.

Done!

====================================

Logfile of HijackThis v1.99.1

Scan saved at 19:04:32, on 8/1/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\WINDOWS\system32\LckFldService.exe

C:\Arquivos de programas\Eset\nod32krn.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\Eset\nod32kui.exe

C:\Arquivos de programas\Google\Google Talk\googletalk.exe

C:\Arquivos de programas\Java\jre1.6.0_02\bin\jusched.exe

C:\Arquivos de programas\Nokia\Nokia PC Suite 6\LaunchApplication.exe

C:\Arquivos de programas\iTunes\iTunesHelper.exe

C:\windows\system32\uwybf.exe

C:\windows\usezy.exe

C:\windows\system\lelxh.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\GT-Plug\GtPlug.exe

C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe

C:\windows\inf\hvmua.exe

C:\arquivos de programas\arquivos comuns\zadkj.exe

C:\windows\config\etfvz.exe

C:\Arquivos de programas\PC Connectivity Solution\ServiceLayer.exe

C:\windows\system32\mtjbz.exe

C:\Arquivos de programas\iPod\bin\iPodService.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe