Ir ao conteúdo
  • Comunicados

    • diego_moicano

      Gostaria de se tornar um analista em Remoção de Malware?   07-12-2015

      Gostaria de se tornar um analista em Remoção de Malware? O Fórum Clube do Hardware deu início a um programa de treinamento em análises de log. Os interessados deverão enviar um email para aprendizes (arroba) clubedohardware (ponto) com (ponto) br respondendo as seguintes perguntas: Por que você gostaria de aprender a analisar logs? Possui tempo hábil para o treinamento? Tem conhecimentos em informática? Se sim descreva-os. Possui inglês para leitura? Qual seu objetivo após completar o treinamento?   Não se esqueça de incluir no e-mail o seu nome de usuário (fornecer o link também), idade e cidade onde vive. Adicione também qualquer experiência e/ou razão sobre o porquê você seria um bom Analista. É digno de nota que apenas os que forem selecionados receberão resposta por MP (Mensagem Pessoal), não existe um padrão na escolha dos futuros aprendizes, todos os e-mails serão lidos e serão analisados de forma imparcial, portanto não será permitido reclamações neste aspecto. O treinamento é dado no próprio fórum. Quando um aprendiz é selecionado ele é movido para um novo grupo, onde terá acesso a fóruns fechados para os demais usuários onde poderá dar inicio ao seu treinamento. Importante: A cada 30 dias os e-mails não selecionados serão apagados, portanto você pode enviar um novo e-mail após 1 mês, e-mails enviados antes serão desconsiderados.  
    • Gabriel Torres

      Seja um moderador do Clube do Hardware!   12-02-2016

      Prezados membros do Clube do Hardware, Está aberto o processo de seleção de novos moderadores para diversos setores ou áreas do Clube do Hardware. Os requisitos são:   Pelo menos 500 posts e um ano de cadastro; Boa frequência de participação; Ser respeitoso, cordial e educado com os demais membros; Ter bom nível de português; Ter razoável conhecimento da área em que pretende atuar; Saber trabalhar em equipe (com os moderadores, coordenadores e administradores).   Os interessados deverão enviar uma mensagem privada para o usuário @Equipe Clube do Hardware com o título "Candidato a moderador". A mensagem deverá conter respostas às perguntas abaixo:   Qual o seu nome completo? Qual sua data de nascimento? Qual sua formação/profissão? Já atuou como moderador em algo outro fórum, se sim, qual? De forma sucinta, explique o porquê de querer ser moderador do fórum e conte-nos um pouco sobre você.   OBS: Não se trata de função remunerada. Todos que fazem parte do staff são voluntários.
Entre para seguir isso  
betinhatc

SOCORRO! Tem um spyware no meu pc!

Recommended Posts

Alguém me ajude!!! Entrei num site de seriais e meu pc agora ta louco, com aquela bolinha vermelha abrindo sites e reiniciando a maquina.

Segue o log do hijackthis.

Aguardo uma ajuda!!!

Brigadinho!!!

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html

F2 - REG:system.ini: Shell=explorer.exe "C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Web Folders\ibm00001.exe"

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Arquivos de programas\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: &Rádio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: UCmore XP - The Search Accelerator - {44BE0690-5429-47f0-85BB-3FFD8020233E} - C:\Arquivos de programas\TheSearchAccelerator\UCMTSAIE.dll

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [RemoteControl] "C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [ccApp] "C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [sSC_UserPrompt] C:\Arquivos de programas\Arquivos comuns\Symantec Shared\Security Center\UsrPrmpt.exe

O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\ARQUIV~1\SYMNET~1\SNDMon.exe /Consumer

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [HP Component Manager] "C:\Arquivos de programas\HP\hpcoretech\hpcmpmgr.exe"

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb10.exe

O4 - HKLM\..\Run: [HP Software Update] "C:\Arquivos de programas\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"

O4 - HKLM\..\Run: [WinampAgent] C:\Arquivos de programas\Winamp\winampa.exe

O4 - HKLM\..\Run: [DAEMON Tools] "C:\Arquivos de programas\DAEMON Tools\daemon.exe" -lang 1033

O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKLM\..\Run: [PayTime] C:\WINDOWS\System32\paytime.exe

O4 - HKLM\..\Run: [winsysupd] C:\windows\winsysupd5.exe

O4 - HKLM\..\Run: [siS Mpc Service] C:\WINDOWS\System32\mpcsvc.exe

O4 - HKLM\..\Run: [winsysban] C:\windows\winsysban5.exe

O4 - HKLM\..\Run: [gimmygames] C:\windows\gimmygames.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [shell] "C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Web Folders\ibm00001.exe"

O4 - HKCU\..\Run: [Windows installer] C:\winstall.exe

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office10\OSA.EXE

O4 - Global Startup: Picture Package Menu.lnk = ?

O4 - Global Startup: Picture Package VCD Maker.lnk = ?

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1139073810357

O17 - HKLM\System\CCS\Services\Tcpip\..\{85DCB5D9-A26D-4577-B891-4AA2D94BB7C4}: NameServer = 200.180.128.68,200.199.241.17

O17 - HKLM\System\CCS\Services\Tcpip\..\{BCE36879-9B71-4635-9422-F740A6999785}: NameServer = 201.10.1.2 201.10.120.3

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\ARQUIV~1\MSNMES~1\msgrapp.dll" (file missing)

O20 - Winlogon Notify: DateTime - C:\WINDOWS\system32\mfsystem.dll

O21 - SSODL: DCOM Server - {2C1CD3D7-86AC-4068-93BC-A02304BB8C34} - C:\WINDOWS\System32\dcom_13.dll

O21 - SSODL: UEOywg - {8CFC3DCE-2656-9764-941A-4EFC901421B9} - C:\WINDOWS\System32\fhz.dll (file missing)

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccPwdSvc.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccSetMgr.exe

O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Arquivos de programas\Norton AntiVirus\navapsvc.exe

O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Arquivos de programas\Norton AntiVirus\IWP\NPFMntor.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

O23 - Service: SAVScan - Symantec Corporation - C:\Arquivos de programas\Norton AntiVirus\SAVScan.exe

O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\ARQUIV~1\ARQUIV~1\SYMANT~1\SCRIPT~1\SBServ.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\SNDSrvc.exe

O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\SPBBC\SPBBCSvc.exe

O23 - Service: Symantec Core LC - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\CCPD-LC\symlcsvc.exe

Compartilhar este post


Link para o post
Compartilhar em outros sites

Seu log está incompleto. Poste desde o início, selecionando tudo, copiando e colando aqui no tópico.

Poste junto também, análise deste arquivo gimmygames.exe que passarei as instruções de como fazer:

Configure o Windows para mostrar todos os arquivos

Acesse:

http://www.virustotal.com

http://virusscan.jotti.org/

Siga as instruções dos sites para o upload do arquivo que está em:

C:\windows\gimmygames.exe <<< aqui

Aguarde o resultado das análises e poste junto com o log do HijackThis completo.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Qual site, http://www.mscracks.com, hein, eu uma vez naveguei com só o antivírus e sem o firefox nesse site, tive q formata,

NUNCA NAVEGUE EM SITES DE CRACKS, SEXO, E TIPO SEM UM FIREWAL, ANTIVÍRUS E ANTI-SPYWARE E ADWARE DE SUA CONFIANÇA

Compartilhar este post


Link para o post
Compartilhar em outros sites

Tá vendo a página principal do IE, sempre dá isso nos pcs infectados.

Propostas nesse sites pe dpesquisa

O resultado pode cair num arquivo com vírus, ou se instalar sem você perceber

Compartilhar este post


Link para o post
Compartilhar em outros sites
  • Autor do tópico
  • Sam Spade!!!

    Não consegui entender o que você pediu pra eu fazer em relação ao gimmy games.

    Sou marinheira de primeira viagem, e se puderem quanto mais explicado as etapas melhor.

    Agradeço a atenção e peço que me ajudem porque abre tantos sites juntos que a máquina já tá trancando!!!

    O Spybot não resolveu o problema. Aconteceu isso comigo uma vez, num outro pc e com dois programinhas o problema havia sido resolvido. Será que é muito complicado o problema???

    Segue o log (acho que agora tá completo né?):

    Running processes:

    C:\WINDOWS\System32\smss.exe

    C:\WINDOWS\system32\winlogon.exe

    C:\WINDOWS\system32\services.exe

    C:\WINDOWS\system32\lsass.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\System32\svchost.exe

    C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccSetMgr.exe

    C:\Arquivos de programas\Arquivos comuns\Symantec Shared\SNDSrvc.exe

    C:\Arquivos de programas\Arquivos comuns\Symantec Shared\SPBBC\SPBBCSvc.exe

    C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccEvtMgr.exe

    C:\WINDOWS\system32\rundll32.exe

    C:\WINDOWS\system32\spoolsv.exe

    C:\WINDOWS\explorer.exe

    C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe

    C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccApp.exe

    C:\Arquivos de programas\Arquivos comuns\Symantec Shared\Security Center\UsrPrmpt.exe

    C:\WINDOWS\SOUNDMAN.EXE

    C:\Arquivos de programas\HP\hpcoretech\hpcmpmgr.exe

    C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb10.exe

    C:\WINDOWS\System32\rundll32.exe

    C:\Arquivos de programas\Hewlett-Packard\HP Software Update\HPWuSchd2.exe

    C:\Arquivos de programas\Winamp\winampa.exe

    C:\Arquivos de programas\DAEMON Tools\daemon.exe

    C:\WINDOWS\System32\paytime.exe

    C:\WINDOWS\System32\mpcsvc.exe

    C:\windows\winsysban5.exe

    C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe

    C:\winstall.exe

    C:\Arquivos de programas\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe

    C:\Arquivos de programas\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe

    C:\Arquivos de programas\Norton AntiVirus\navapsvc.exe

    C:\Arquivos de programas\Norton AntiVirus\IWP\NPFMntor.exe

    C:\WINDOWS\System32\nvsvc32.exe

    C:\Arquivos de programas\Arquivos comuns\Symantec Shared\CCPD-LC\symlcsvc.exe

    C:\WINDOWS\System32\wuauclt.exe

    C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE

    C:\Documents and Settings\roberta\Configurações locais\Temp\Diretório temporário 3 para hijackthis.zip\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.findthewebsiteyouneed.com

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html

    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html

    F2 - REG:system.ini: Shell=explorer.exe "C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Web Folders\ibm00001.exe"

    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Arquivos de programas\Norton AntiVirus\NavShExt.dll

    O3 - Toolbar: &Rádio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

    O3 - Toolbar: UCmore XP - The Search Accelerator - {44BE0690-5429-47f0-85BB-3FFD8020233E} - C:\Arquivos de programas\TheSearchAccelerator\UCMTSAIE.dll

    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

    O4 - HKLM\..\Run: [RemoteControl] "C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe"

    O4 - HKLM\..\Run: [ccApp] "C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccApp.exe"

    O4 - HKLM\..\Run: [sSC_UserPrompt] C:\Arquivos de programas\Arquivos comuns\Symantec Shared\Security Center\UsrPrmpt.exe

    O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\ARQUIV~1\SYMNET~1\SNDMon.exe /Consumer

    O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

    O4 - HKLM\..\Run: [HP Component Manager] "C:\Arquivos de programas\HP\hpcoretech\hpcmpmgr.exe"

    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb10.exe

    O4 - HKLM\..\Run: [HP Software Update] "C:\Arquivos de programas\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"

    O4 - HKLM\..\Run: [WinampAgent] C:\Arquivos de programas\Winamp\winampa.exe

    O4 - HKLM\..\Run: [DAEMON Tools] "C:\Arquivos de programas\DAEMON Tools\daemon.exe" -lang 1033

    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe

    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

    O4 - HKLM\..\Run: [PayTime] C:\WINDOWS\System32\paytime.exe

    O4 - HKLM\..\Run: [winsysupd] C:\windows\winsysupd5.exe

    O4 - HKLM\..\Run: [siS Mpc Service] C:\WINDOWS\System32\mpcsvc.exe

    O4 - HKLM\..\Run: [winsysban] C:\windows\winsysban5.exe

    O4 - HKLM\..\Run: [gimmygames] C:\windows\gimmygames.exe

    O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe" /background

    O4 - HKCU\..\Run: [shell] "C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Web Folders\ibm00001.exe"

    O4 - HKCU\..\Run: [Windows installer] C:\winstall.exe

    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe

    O4 - Global Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office10\OSA.EXE

    O4 - Global Startup: Picture Package Menu.lnk = ?

    O4 - Global Startup: Picture Package VCD Maker.lnk = ?

    O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office10\EXCEL.EXE/3000

    O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

    O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

    O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1139073810357

    O17 - HKLM\System\CCS\Services\Tcpip\..\{85DCB5D9-A26D-4577-B891-4AA2D94BB7C4}: NameServer = 200.180.128.68,200.199.241.17

    O17 - HKLM\System\CCS\Services\Tcpip\..\{BCE36879-9B71-4635-9422-F740A6999785}: NameServer = 201.10.1.2 201.10.120.3

    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\ARQUIV~1\MSNMES~1\msgrapp.dll" (file missing)

    O20 - Winlogon Notify: Telephony - C:\WINDOWS\system32\g8040idqe80e0.dll

    O21 - SSODL: DCOM Server - {2C1CD3D7-86AC-4068-93BC-A02304BB8C34} - C:\WINDOWS\System32\dcom_13.dll

    O21 - SSODL: UEOywg - {8CFC3DCE-2656-9764-941A-4EFC901421B9} - C:\WINDOWS\System32\fhz.dll (file missing)

    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccEvtMgr.exe

    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccPwdSvc.exe

    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccSetMgr.exe

    O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Arquivos de programas\Norton AntiVirus\navapsvc.exe

    O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Arquivos de programas\Norton AntiVirus\IWP\NPFMntor.exe

    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

    O23 - Service: SAVScan - Symantec Corporation - C:\Arquivos de programas\Norton AntiVirus\SAVScan.exe

    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\ARQUIV~1\ARQUIV~1\SYMANT~1\SCRIPT~1\SBServ.exe

    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\SNDSrvc.exe

    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\SPBBC\SPBBCSvc.exe

    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\CCPD-LC\symlcsvc.exe

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    Ele pediu para você fazer um scan online no arquivo

    acesse um dos sites, em um campo do scan, selecione o arquivo, e clique em scan, ou algo assim.

    Poste o log do arquivo scaneado

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • Ahhh tá!!! Valeu osmano!!!

    Segue os logs:

    Esse log é do virus total:

    Antivirus Version Update Result

    AntiVir 6.33.0.81 02.05.2006 no virus found

    Avast 4.6.695.0 02.04.2006 no virus found

    AVG 718 02.04.2006 no virus found

    Avira 6.33.0.81 02.05.2006 no virus found

    BitDefender 7.2 02.05.2006 Trojan.Downloader.Adload.N

    CAT-QuickHeal 8.00 02.04.2006 no virus found

    ClamAV devel-20060126 02.05.2006 no virus found

    DrWeb 4.33 02.05.2006 Trojan.DownLoader.6759

    eTrust-InoculateIT 23.71.69 02.05.2006 no virus found

    eTrust-Vet 12.4.2064 02.03.2006 no virus found

    Ewido 3.5 02.05.2006 Downloader.VB.vr

    Fortinet 2.54.0.0 02.05.2006 W32/Drsmartl.I!dldr

    F-Prot 3.16c 02.04.2006 no virus found

    Ikarus 0.2.59.0 02.03.2006 no virus found

    Kaspersky 4.0.2.24 02.05.2006 Trojan-Downloader.Win32.VB.vr

    McAfee 4689 02.03.2006 no virus found

    NOD32v2 1.1393 02.03.2006 probably unknown NewHeur_PE virus

    Norman 5.70.10 02.03.2006 no virus found

    Panda 9.0.0.4 02.05.2006 no virus found

    Sophos 4.02.0 02.05.2006 Troj/Drsmartl-I

    Symantec 8.0 02.05.2006 no virus found

    TheHacker 5.9.3.090 02.03.2006 no virus found

    UNA 1.83 02.03.2006 no virus found

    VBA32 3.10.5 02.04.2006 Trojan-Downloader.Win32.VB.vr

    Esse é o log do viruscan:

    Status: INFECTED/MALWARE (Note: this file has been scanned before. Therefore, this file's scan results will not be stored in the database)

    MD5 1625966159565142cce276d369623ba4

    Packers detected: -

    Scanner results

    AntiVir Found nothing

    ArcaVir Found nothing

    Avast Found nothing

    AVG Antivirus Found nothing

    BitDefender Found Trojan.Downloader.Adload.N

    ClamAV Found nothing

    Dr.Web Found Trojan.DownLoader.6759

    F-Prot Antivirus Found nothing

    Fortinet Found W32/Drsmartl.I!dldr

    Kaspersky Anti-Virus Found Trojan-Downloader.Win32.VB.vr

    NOD32 Found probably unknown NewHeur_PE (probable variant)

    Norman Virus Control Found nothing

    UNA Found nothing

    VBA32 Found Trojan-Downloader.Win32.VB.vr

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    betinhatc, o que falta é esta parte, que identifica o seu Windows, a versão do HijackThis e o seu IE:

    Logfile of HijackThis v1.99.1

    Scan saved at 22:09:05, on 04/2/2006

    Platform: Windows XP SP1 (WinNT 5.01.2600)

    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Acesse este link e baixe o SmitfraudFix.zip.

    Salve ou imprima estas instruções, pois vai segui-las desconectada e sem acesso a esta página:

    1 - Antes de prosseguir, desabilite a proteção do seu anti vírus. Extraia os arquivos do SmitFraudFix para o seu desktop.

    2 - O seu HijackThis está em pasta temporária e assim não tem onde salvar os backups. Abra uma pasta em C:\ ou se quiser, no seu desktop e dê o nome que quiser a esta pasta.

    Depois vá na pasta zipada do HijackThis, clique com o direito e escolha Extrair para > pasta que abriu

    Ao entrar nesta pasta verá o ícone do HijackThis, que é de um detonador.

    3 - Reinicie o PC e aperte F8 intermitentemente. No menu que vai aparecer, escolha: modo seguro.

    Dê um duplo-clique em smitfraudfix.cmd.

    Escolha a opção 2.

    Quando perguntar se quer limpar o Registro , escolha o sim (o).

    Sim = oui = o

    Salve o log.

    4 - Localize e delete o gimmygames.exe.

    5 - Reinicie em modo normal, habilite novamente o seu anti vírus, faça um scan com o HijackThis e salve/poste o log, mais o log do SmitFraudFix.

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • Oie Sam!!! Agradeço toda a atenção por enquanto.

    Segue o log do HijackThis

    Logfile of HijackThis v1.99.1

    Scan saved at 19:50:38, on 6/2/2006

    Platform: Windows XP (WinNT 5.01.2600)

    MSIE: Internet Explorer v6.00 (6.00.2600.0000)

    Running processes:

    C:\WINDOWS\System32\smss.exe

    C:\WINDOWS\system32\winlogon.exe

    C:\WINDOWS\system32\services.exe

    C:\WINDOWS\system32\lsass.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\System32\svchost.exe

    C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccSetMgr.exe

    C:\Arquivos de programas\Arquivos comuns\Symantec Shared\SNDSrvc.exe

    C:\Arquivos de programas\Arquivos comuns\Symantec Shared\SPBBC\SPBBCSvc.exe

    C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccEvtMgr.exe

    C:\WINDOWS\system32\rundll32.exe

    C:\WINDOWS\system32\spoolsv.exe

    C:\WINDOWS\explorer.exe

    C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe

    C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccApp.exe

    C:\Arquivos de programas\Arquivos comuns\Symantec Shared\Security Center\UsrPrmpt.exe

    C:\WINDOWS\SOUNDMAN.EXE

    C:\Arquivos de programas\HP\hpcoretech\hpcmpmgr.exe

    C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb10.exe

    C:\Arquivos de programas\Hewlett-Packard\HP Software Update\HPWuSchd2.exe

    C:\Arquivos de programas\Winamp\winampa.exe

    C:\Arquivos de programas\DAEMON Tools\daemon.exe

    C:\WINDOWS\System32\rundll32.exe

    C:\WINDOWS\System32\mpcsvc.exe

    C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe

    C:\Arquivos de programas\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe

    C:\Arquivos de programas\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe

    C:\Arquivos de programas\Norton AntiVirus\IWP\NPFMntor.exe

    C:\WINDOWS\System32\nvsvc32.exe

    C:\Arquivos de programas\Arquivos comuns\Symantec Shared\CCPD-LC\symlcsvc.exe

    C:\WINDOWS\System32\wuauclt.exe

    C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE

    C:\Betinha\HijackThis\HijackThis.exe

    F2 - REG:system.ini: Shell=explorer.exe "C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Web Folders\ibm00001.exe"

    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Arquivos de programas\Norton AntiVirus\NavShExt.dll

    O3 - Toolbar: &Rádio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

    O3 - Toolbar: UCmore XP - The Search Accelerator - {44BE0690-5429-47f0-85BB-3FFD8020233E} - C:\Arquivos de programas\TheSearchAccelerator\UCMTSAIE.dll

    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

    O4 - HKLM\..\Run: [RemoteControl] "C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe"

    O4 - HKLM\..\Run: [ccApp] "C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccApp.exe"

    O4 - HKLM\..\Run: [sSC_UserPrompt] C:\Arquivos de programas\Arquivos comuns\Symantec Shared\Security Center\UsrPrmpt.exe

    O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\ARQUIV~1\SYMNET~1\SNDMon.exe /Consumer

    O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

    O4 - HKLM\..\Run: [HP Component Manager] "C:\Arquivos de programas\HP\hpcoretech\hpcmpmgr.exe"

    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb10.exe

    O4 - HKLM\..\Run: [HP Software Update] "C:\Arquivos de programas\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"

    O4 - HKLM\..\Run: [WinampAgent] C:\Arquivos de programas\Winamp\winampa.exe

    O4 - HKLM\..\Run: [DAEMON Tools] "C:\Arquivos de programas\DAEMON Tools\daemon.exe" -lang 1033

    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe

    O4 - HKLM\..\Run: [siS Mpc Service] C:\WINDOWS\System32\mpcsvc.exe

    O4 - HKLM\..\Run: [gimmygames] C:\WINDOWS\gimmygames.exe

    O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe" /background

    O4 - HKCU\..\Run: [shell] "C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Web Folders\ibm00001.exe"

    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe

    O4 - Global Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office10\OSA.EXE

    O4 - Global Startup: Picture Package Menu.lnk = ?

    O4 - Global Startup: Picture Package VCD Maker.lnk = ?

    O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office10\EXCEL.EXE/3000

    O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

    O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

    O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1139073810357

    O17 - HKLM\System\CCS\Services\Tcpip\..\{85DCB5D9-A26D-4577-B891-4AA2D94BB7C4}: NameServer = 200.180.128.68,200.199.241.17

    O17 - HKLM\System\CCS\Services\Tcpip\..\{BCE36879-9B71-4635-9422-F740A6999785}: NameServer = 201.10.1.2 201.10.120.3

    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\ARQUIV~1\MSNMES~1\msgrapp.dll" (file missing)

    O20 - Winlogon Notify: MSSYCLM - C:\WINDOWS\system32\fplo0333e.dll

    O21 - SSODL: DCOM Server - {2C1CD3D7-86AC-4068-93BC-A02304BB8C34} - C:\WINDOWS\System32\dcom_13.dll

    O21 - SSODL: UEOywg - {8CFC3DCE-2656-9764-941A-4EFC901421B9} - C:\WINDOWS\System32\fhz.dll (file missing)

    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccEvtMgr.exe

    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccPwdSvc.exe

    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccSetMgr.exe

    O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Arquivos de programas\Norton AntiVirus\navapsvc.exe

    O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Arquivos de programas\Norton AntiVirus\IWP\NPFMntor.exe

    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

    O23 - Service: SAVScan - Symantec Corporation - C:\Arquivos de programas\Norton AntiVirus\SAVScan.exe

    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\ARQUIV~1\ARQUIV~1\SYMANT~1\SCRIPT~1\SBServ.exe

    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\SNDSrvc.exe

    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\SPBBC\SPBBCSvc.exe

    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\CCPD-LC\symlcsvc.exe

    Segue o log do SmitFraudFix

    SmitFraudFix v2.16

    Rapport fait à 19:44:22,35 le seg 06/02/2006

    Executé à partir de C:\Betinha\SmitfraudFix\SmitfraudFix

    OS: Microsoft Windows XP [versÆo 5.1.2600]

    »»»»»»»»»»»»»»»»»»»»»»»» Arret des processus

    »»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés

    C:\drsmartload1.exe supprimé

    C:\secure32.html supprimé

    C:\winstall.exe supprimé

    C:\WINDOWS\country.exe supprimé

    C:\WINDOWS\secure32.html supprimé

    C:\WINDOWS\tool2.exe supprimé

    C:\WINDOWS\tool4.exe supprimé

    C:\WINDOWS\tool5.exe supprimé

    C:\WINDOWS\toolbar.exe supprimé

    C:\WINDOWS\system32\paytime.exe supprimé

    »»»»»»»»»»»»»»»»»»»»»»»» Nettoyage Fichiers Temporaires

    »»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre

    Nettoyage terminé.

    »»»»»»»»»»»»»»»»»»»»»»»» Fin du rapport

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    betinhatc, não conseguiu deletar o gimmygames.exe?

    Siga agora estas instruções para a remoção do Look2Me, que é outro malware que causa muitos problemas no PC:

    Baixe:

    L2Mfix

    SpySweeper > instale, atualize, mas não use ainda.

    - Dê um duplo-clique no L2Mfix. Clique em Accept e depois em Install.

    Vai ser criada uma pasta chamada L2Mfix.

    Salve ou imprima estas instruções:

    1 - Abra a pasta L2Mfix e dê um duplo-clique em l2mfix.bat, depois dê Enter

    Digite: 2 > clique em Enter.

    No teclado, aperte qualquer tecla para reiniciar o PC.

    2 - Depois que reiniciar rode o SpySweeper.

    3 - Abra novamente a pasta L2Mfix e dê um duplo-clique em l2mfix.bat, depois dê Enter

    Digite: 2 > clique em Enter.

    Espere um pouco, que o Bloco de notas abrirá com o log. Salve este log.

    4 - Abra a pasta l2mfix e copie o arquivo ntrights para o C:\

    Vá em Iniciar > Executar > digite: cmd e dê OK.

    Quando o Prompt de comando aparecer, digite: cd c:\

    Dê Enter e digite:

    ntrights -u Administradores +r SeDebugPrivilege > log.txt

    Faça isso com atenção, pois deve ser exatamente como está acima.

    Depois que fizer isso, clique em Enter.

    5 - Faça um scan com o HijackThis e salve o log.

    Poste o log do L2Mfix (o que salvou ao reiniciar), o log.txt que está em C:\ e o log do HijackThis.

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • Sam!!!

    Não estou conseguindo gerar o log do L2Mfix.

    A tela fica um tempão com a seguinte escrita: killing processes e não gera o log.

    O que estou fazendo de errado?

    não tentei o restante que você disse que era pra fazer. Pois fiquei com medo que interferisse no resultado. Cheguei na parte 3 e não consigo gerar o log. O que eu faço???

    Aguardo sua resposta...

    Obrigado!!!

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    As instruções devem ser seguidas na ordem exata, inclusive quanto ao uso do SpySweeper. Qualquer modificação nesta ordem, pode ocorrer este problema que relata.

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • Olá Sam!!!

    Seguem os logs que você solicitou, não consegui postar antes aqui no fórum.

    Gostaria de tirar uma dúvida também: Tenho o The Sims 2 instalado e o jogo estava salvo. Quando voltei a jogar esta semana o jogo voltou ao início como se eu não tivesse jogado nada ainda. Isso tem a ver com algum procedimento que fizemos?

    O log do L2mfix não cabe aqui, segue os outros logs:

    Log C:\

    Granting SeDebugPrivilege to Administradores ... successful

    Logfile of HijackThis v1.99.1

    Scan saved at 11:54:34, on 11/2/2006

    Platform: Windows XP (WinNT 5.01.2600)

    MSIE: Internet Explorer v6.00 (6.00.2600.0000)

    Running processes:

    C:\WINDOWS\System32\smss.exe

    C:\WINDOWS\system32\winlogon.exe

    C:\WINDOWS\system32\services.exe

    C:\WINDOWS\system32\lsass.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\System32\svchost.exe

    C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccSetMgr.exe

    C:\Arquivos de programas\Arquivos comuns\Symantec Shared\SNDSrvc.exe

    C:\Arquivos de programas\Arquivos comuns\Symantec Shared\SPBBC\SPBBCSvc.exe

    C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccEvtMgr.exe

    C:\WINDOWS\Explorer.EXE

    C:\WINDOWS\system32\spoolsv.exe

    C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe

    C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccApp.exe

    C:\WINDOWS\SOUNDMAN.EXE

    C:\Arquivos de programas\HP\hpcoretech\hpcmpmgr.exe

    C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb10.exe

    C:\Arquivos de programas\Hewlett-Packard\HP Software Update\HPWuSchd2.exe

    C:\Arquivos de programas\Winamp\winampa.exe

    C:\Arquivos de programas\DAEMON Tools\daemon.exe

    C:\WINDOWS\System32\rundll32.exe

    C:\WINDOWS\System32\mpcsvc.exe

    C:\Arquivos de programas\Webroot\Spy Sweeper\SpySweeper.exe

    C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe

    C:\Arquivos de programas\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe

    C:\Arquivos de programas\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe

    C:\Arquivos de programas\Norton AntiVirus\navapsvc.exe

    C:\Arquivos de programas\Norton AntiVirus\IWP\NPFMntor.exe

    C:\WINDOWS\System32\nvsvc32.exe

    C:\Arquivos de programas\Webroot\Spy Sweeper\WRSSSDK.exe

    C:\Arquivos de programas\Arquivos comuns\Symantec Shared\CCPD-LC\symlcsvc.exe

    C:\Betinha\HijackThis\HijackThis.exe

    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Arquivos de programas\Norton AntiVirus\NavShExt.dll

    O3 - Toolbar: &Rádio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

    O4 - HKLM\..\Run: [RemoteControl] "C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe"

    O4 - HKLM\..\Run: [ccApp] "C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccApp.exe"

    O4 - HKLM\..\Run: [sSC_UserPrompt] C:\Arquivos de programas\Arquivos comuns\Symantec Shared\Security Center\UsrPrmpt.exe

    O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\ARQUIV~1\SYMNET~1\SNDMon.exe /Consumer

    O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

    O4 - HKLM\..\Run: [HP Component Manager] "C:\Arquivos de programas\HP\hpcoretech\hpcmpmgr.exe"

    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb10.exe

    O4 - HKLM\..\Run: [HP Software Update] "C:\Arquivos de programas\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"

    O4 - HKLM\..\Run: [WinampAgent] C:\Arquivos de programas\Winamp\winampa.exe

    O4 - HKLM\..\Run: [DAEMON Tools] "C:\Arquivos de programas\DAEMON Tools\daemon.exe" -lang 1033

    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe

    O4 - HKLM\..\Run: [siS Mpc Service] C:\WINDOWS\System32\mpcsvc.exe

    O4 - HKLM\..\Run: [gimmygames] C:\WINDOWS\gimmygames.exe

    O4 - HKLM\..\Run: [spySweeper] "C:\Arquivos de programas\Webroot\Spy Sweeper\SpySweeper.exe" /startintray

    O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe" /background

    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe

    O4 - Global Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office10\OSA.EXE

    O4 - Global Startup: Picture Package Menu.lnk = ?

    O4 - Global Startup: Picture Package VCD Maker.lnk = ?

    O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office10\EXCEL.EXE/3000

    O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

    O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

    O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1139073810357

    O17 - HKLM\System\CCS\Services\Tcpip\..\{85DCB5D9-A26D-4577-B891-4AA2D94BB7C4}: NameServer = 200.180.128.68,200.199.241.17

    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\ARQUIV~1\MSNMES~1\msgrapp.dll" (file missing)

    O20 - Winlogon Notify: IPConfTSP - C:\WINDOWS\system32\fplo0333e.dll (file missing)

    O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll

    O21 - SSODL: UEOywg - {8CFC3DCE-2656-9764-941A-4EFC901421B9} - C:\WINDOWS\System32\fhz.dll (file missing)

    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccEvtMgr.exe

    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccPwdSvc.exe

    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccSetMgr.exe

    O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Arquivos de programas\Norton AntiVirus\navapsvc.exe

    O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Arquivos de programas\Norton AntiVirus\IWP\NPFMntor.exe

    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

    O23 - Service: SAVScan - Symantec Corporation - C:\Arquivos de programas\Norton AntiVirus\SAVScan.exe

    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\ARQUIV~1\ARQUIV~1\SYMANT~1\SCRIPT~1\SBServ.exe

    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\SNDSrvc.exe

    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\SPBBC\SPBBCSvc.exe

    O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Arquivos de programas\Webroot\Spy Sweeper\WRSSSDK.exe

    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\CCPD-LC\symlcsvc.exe

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    Sobre o The Sims 2, pode ter algum ítem que o SpySweeper considerou como spyware e o removeu. Foi instalado de fonte confiável?

    Baixe:

    KillBox

    CCleaner > instale, mas não use ainda.

    Copie e salve no Bloco de notas este texto em azul:

    C:\WINDOWS\System32\mpcsvc.exe

    C:\WINDOWS\gimmygames.exe

    Salve ou imprima estas instruções:

    1 - Copie o texto que salvou no bloco de notas. Rode o KillBox e marque Delete on Reboot, no menu File clique em Paste from Clipboard.

    Depois clique no botão All Files.

    Clique no botão com o X. Responda Sim à pergunta.

    Ao reiniciar o PC, aperte F8 intermitentemente. No menu que vai aparecer, escolha: modo seguro.

    2 - Faça um scan com o HijackThis, marque as entradas abaixo, que ainda encontrar e clique em Fix checked:

    O4 - HKLM\..\Run: [siS Mpc Service] C:\WINDOWS\System32\mpcsvc.exe

    O4 - HKLM\..\Run: [gimmygames] C:\WINDOWS\gimmygames.exe

    O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

    O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

    O20 - Winlogon Notify: IPConfTSP - C:\WINDOWS\system32\fplo0333e.dll (file missing)

    O21 - SSODL: UEOywg - {8CFC3DCE-2656-9764-941A-4EFC901421B9} - C:\WINDOWS\System32\fhz.dll (file missing)

    3 - Feche o HijackThis e rode o CCleaner, clicando em Executar Cleaner. Aguarde o exame acabar.

    4 - Reinicie em modo normal, faça um scan com o HijackThis e salve/poste o log.

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • Olá Sam,

    Estou de ferias e só volto segunda pra casa, dai farei todos os procedimentos que me disse no meu pc.

    Peço que não deixe de me ajudar, assim que possível farei o que me disse.

    Agradeço dsde já a atenção...

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • Olá Sam!!!

    Não consegui postar pois estava sem acesso à internet. A bolinha vermelha sumiu e tinha parado de dar aqueles problemas. Mas depois disso instalei outros programas e agora nem sei se esse log vai valer, só sei lhe dizer que agora tem outro problema, não aparece bolinha vermelha mas fica abrindo dois sites toda hora,http://www.bigdiscountbuy.com/normal/yyy102.html e também http://www.axillsearch.com/pop.php?refcode=MyGeek4 acho que é de 5 em 5 minutos e não consigo usar a net direito. Será que você pode me ajudar de novo??? Agradeço muito a atenção e espero que você não tenha me abandonado!!!

    Um abraço,

    Logfile of HijackThis v1.99.1

    Scan saved at 22:26:40, on 10/3/2006

    Platform: Windows XP (WinNT 5.01.2600)

    MSIE: Internet Explorer v6.00 (6.00.2600.0000)

    Running processes:

    C:\WINDOWS\System32\smss.exe

    C:\WINDOWS\system32\winlogon.exe

    C:\WINDOWS\system32\services.exe

    C:\WINDOWS\system32\lsass.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\System32\svchost.exe

    C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccSetMgr.exe

    C:\Arquivos de programas\Arquivos comuns\Symantec Shared\SNDSrvc.exe

    C:\Arquivos de programas\Arquivos comuns\Symantec Shared\SPBBC\SPBBCSvc.exe

    C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccEvtMgr.exe

    C:\WINDOWS\system32\rundll32.exe

    C:\WINDOWS\system32\spoolsv.exe

    C:\WINDOWS\Explorer.EXE

    C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe

    C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccApp.exe

    C:\Arquivos de programas\Arquivos comuns\Symantec Shared\Security Center\UsrPrmpt.exe

    C:\WINDOWS\SOUNDMAN.EXE

    C:\Arquivos de programas\HP\hpcoretech\hpcmpmgr.exe

    C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb10.exe

    C:\Arquivos de programas\Hewlett-Packard\HP Software Update\HPWuSchd2.exe

    C:\Arquivos de programas\Winamp\winampa.exe

    C:\Arquivos de programas\DAEMON Tools\daemon.exe

    C:\WINDOWS\System32\rundll32.exe

    C:\Arquivos de programas\Java\jre1.5.0_06\bin\jusched.exe

    C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe

    C:\Arquivos de programas\Norton AntiVirus\navapsvc.exe

    C:\Arquivos de programas\Norton AntiVirus\IWP\NPFMntor.exe

    C:\WINDOWS\System32\nvsvc32.exe

    C:\Arquivos de programas\Arquivos comuns\Symantec Shared\CCPD-LC\symlcsvc.exe

    C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE

    C:\WINDOWS\System32\wuauclt.exe

    C:\Betinha\Downloads\HijackThis\HijackThis.exe

    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Arquivos de programas\Norton AntiVirus\NavShExt.dll

    O3 - Toolbar: &Rádio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

    O4 - HKLM\..\Run: [RemoteControl] "C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe"

    O4 - HKLM\..\Run: [ccApp] "C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccApp.exe"

    O4 - HKLM\..\Run: [sSC_UserPrompt] C:\Arquivos de programas\Arquivos comuns\Symantec Shared\Security Center\UsrPrmpt.exe

    O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\ARQUIV~1\SYMNET~1\SNDMon.exe /Consumer

    O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

    O4 - HKLM\..\Run: [HP Component Manager] "C:\Arquivos de programas\HP\hpcoretech\hpcmpmgr.exe"

    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb10.exe

    O4 - HKLM\..\Run: [HP Software Update] "C:\Arquivos de programas\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"

    O4 - HKLM\..\Run: [WinampAgent] C:\Arquivos de programas\Winamp\winampa.exe

    O4 - HKLM\..\Run: [DAEMON Tools] "C:\Arquivos de programas\DAEMON Tools\daemon.exe" -lang 1033

    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe

    O4 - HKLM\..\Run: [userFaultCheck] %systemroot%\system32\dumprep 0 -u

    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

    O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Arquivos de programas\Java\jre1.5.0_06\bin\jusched.exe

    O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe" /background

    O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office10\EXCEL.EXE/3000

    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dll

    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dll

    O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1139073810357

    O17 - HKLM\System\CCS\Services\Tcpip\..\{85DCB5D9-A26D-4577-B891-4AA2D94BB7C4}: NameServer = 200.180.128.68,200.199.241.17

    O17 - HKLM\System\CCS\Services\Tcpip\..\{BCE36879-9B71-4635-9422-F740A6999785}: NameServer = 201.10.1.2 201.10.120.3

    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\ARQUIV~1\MSNMES~1\msgrapp.dll" (file missing)

    O20 - Winlogon Notify: BITS - C:\WINDOWS\system32\l8n40i5qe8.dll

    O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)

    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccEvtMgr.exe

    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccPwdSvc.exe

    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccSetMgr.exe

    O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Arquivos de programas\Norton AntiVirus\navapsvc.exe

    O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Arquivos de programas\Norton AntiVirus\IWP\NPFMntor.exe

    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

    O23 - Service: SAVScan - Symantec Corporation - C:\Arquivos de programas\Norton AntiVirus\SAVScan.exe

    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\ARQUIV~1\ARQUIV~1\SYMANT~1\SCRIPT~1\SBServ.exe

    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\SNDSrvc.exe

    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\SPBBC\SPBBCSvc.exe

    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\CCPD-LC\symlcsvc.exe

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    Vamos lá, betinhatc. O smitfraud que era o responsável pela bolinha vermelha, já foi removido, mas o Look2Me voltou e é o causador dos atuais problemas.

    Verifique se algum destes novos programas que instalou, foi conseguido através de fonte não muito confiável, como baixado por um compartilhador P2P ou de sites desconhecidos.

    Vamos usar uma ferramenta recente contra o Look2Me, que é mais fácil de usar e não precisa do SpySweeper para ajudar na remoção.

    Baixe: Look2Me-Destroyer > salve no desktop.

    Salve ou imprima estas instruções:

    1 - Dê um duplo-clique no Look2Me-Destroyer.exe (todas as janelas e programas deverão estar fechados). Marque Run this program as a task e na mensagem de que o programa vai fechar e reabrir em alguns segundos, clique em OK.

    2 - Quando abrir novamente, clique em Scan for L2M. Faz parte do processo, ícones e desktop desaparecerem. Ao final do scan, clique em Remove L2M. Na mensagem Done Scanning, clique em OK.

    3- Aguarde até aparecer esta mensagem: Done removing infected files! Look2Me-Destroyer will now shutdown your computer e então clique em OK.

    O computador irá desligar e precisará ligá-lo novamente.

    4 - Faça um scan com o HijackThis e salve/poste o log, mais o Look2Me-Destroyer.txt que encontrará no C:\

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • Olá!!!

    Segue os logs:

    Obrigado por enquanto!!!

    Logfile of HijackThis v1.99.1

    Scan saved at 21:41:32, on 17/3/2006

    Platform: Windows XP (WinNT 5.01.2600)

    MSIE: Internet Explorer v6.00 (6.00.2600.0000)

    Running processes:

    C:\WINDOWS\System32\smss.exe

    C:\WINDOWS\system32\winlogon.exe

    C:\WINDOWS\system32\services.exe

    C:\WINDOWS\system32\lsass.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\System32\svchost.exe

    C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccSetMgr.exe

    C:\Arquivos de programas\Arquivos comuns\Symantec Shared\SNDSrvc.exe

    C:\Arquivos de programas\Arquivos comuns\Symantec Shared\SPBBC\SPBBCSvc.exe

    C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccEvtMgr.exe

    C:\WINDOWS\Explorer.EXE

    C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe

    C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccApp.exe

    C:\Arquivos de programas\Arquivos comuns\Symantec Shared\Security Center\UsrPrmpt.exe

    C:\WINDOWS\SOUNDMAN.EXE

    C:\Arquivos de programas\HP\hpcoretech\hpcmpmgr.exe

    C:\WINDOWS\System32\rundll32.exe

    C:\Arquivos de programas\Hewlett-Packard\HP Software Update\HPWuSchd2.exe

    C:\WINDOWS\system32\spoolsv.exe

    C:\Arquivos de programas\Winamp\winampa.exe

    C:\Arquivos de programas\DAEMON Tools\daemon.exe

    C:\Arquivos de programas\Java\jre1.5.0_06\bin\jusched.exe

    C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe

    C:\Arquivos de programas\Norton AntiVirus\navapsvc.exe

    C:\Arquivos de programas\Norton AntiVirus\IWP\NPFMntor.exe

    C:\WINDOWS\System32\nvsvc32.exe

    C:\Arquivos de programas\Arquivos comuns\Symantec Shared\CCPD-LC\symlcsvc.exe

    C:\Betinha\Downloads\HijackThis\HijackThis.exe

    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Arquivos de programas\Norton AntiVirus\NavShExt.dll

    O3 - Toolbar: &Rádio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

    O4 - HKLM\..\Run: [RemoteControl] "C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe"

    O4 - HKLM\..\Run: [ccApp] "C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccApp.exe"

    O4 - HKLM\..\Run: [sSC_UserPrompt] C:\Arquivos de programas\Arquivos comuns\Symantec Shared\Security Center\UsrPrmpt.exe

    O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\ARQUIV~1\SYMNET~1\SNDMon.exe /Consumer

    O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

    O4 - HKLM\..\Run: [HP Component Manager] "C:\Arquivos de programas\HP\hpcoretech\hpcmpmgr.exe"

    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb10.exe

    O4 - HKLM\..\Run: [HP Software Update] "C:\Arquivos de programas\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"

    O4 - HKLM\..\Run: [WinampAgent] C:\Arquivos de programas\Winamp\winampa.exe

    O4 - HKLM\..\Run: [DAEMON Tools] "C:\Arquivos de programas\DAEMON Tools\daemon.exe" -lang 1033

    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe

    O4 - HKLM\..\Run: [userFaultCheck] %systemroot%\system32\dumprep 0 -u

    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

    O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Arquivos de programas\Java\jre1.5.0_06\bin\jusched.exe

    O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe" /background

    O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office10\EXCEL.EXE/3000

    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dll

    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dll

    O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1139073810357

    O17 - HKLM\System\CCS\Services\Tcpip\..\{85DCB5D9-A26D-4577-B891-4AA2D94BB7C4}: NameServer = 200.180.128.68,200.199.241.17

    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\ARQUIV~1\MSNMES~1\msgrapp.dll" (file missing)

    O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)

    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccEvtMgr.exe

    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccPwdSvc.exe

    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccSetMgr.exe

    O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Arquivos de programas\Norton AntiVirus\navapsvc.exe

    O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Arquivos de programas\Norton AntiVirus\IWP\NPFMntor.exe

    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

    O23 - Service: SAVScan - Symantec Corporation - C:\Arquivos de programas\Norton AntiVirus\SAVScan.exe

    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\ARQUIV~1\ARQUIV~1\SYMANT~1\SCRIPT~1\SBServ.exe

    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\SNDSrvc.exe

    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\SPBBC\SPBBCSvc.exe

    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\CCPD-LC\symlcsvc.exe

    Look2Me-Destroyer V1.0.11

    Scanning for infected files.....

    Scan started at 17/3/2006 21:37:19

    Infected! C:\WINDOWS\system32\mvjol9131.dll

    Infected! C:\Betinha\Downloads\l2mfix\dlls\dn8001lme.dll

    Infected! C:\Betinha\Downloads\l2mfix\dlls\fplo0333e.dll

    Infected! C:\Betinha\Downloads\l2mfix\dlls\fpr6039se.dll

    Infected! C:\Betinha\Downloads\l2mfix\dlls\gpj6l31s1.dll

    Infected! C:\Betinha\Downloads\l2mfix\dlls\h24m0ch1ef4.dll

    Infected! C:\Betinha\Downloads\l2mfix\dlls\IoagX7.dll

    Infected! C:\Betinha\Downloads\l2mfix\dlls\ioircl.dll

    Infected! C:\Betinha\Downloads\l2mfix\dlls\ir02l5do1.dll

    Infected! C:\Betinha\Downloads\l2mfix\dlls\jt8s07l7e.dll

    Infected! C:\Betinha\Downloads\l2mfix\dlls\m0pola731d.dll

    Infected! C:\Betinha\Downloads\l2mfix\dlls\mtident.dll

    Infected! C:\Betinha\Downloads\l2mfix\dlls\smnceng.dll

    Infected! C:\Betinha\Downloads\l2mfix\dlls\vqsapi.dll

    Infected! C:\Betinha\Downloads\l2mfix\dlls\xFctsrv.dll

    Infected! C:\System Volume Information\_restore{0793C434-A3AD-4DB8-AEC3-8FBD8FA20FC7}\RP17\A0005959.dll

    Infected! C:\System Volume Information\_restore{0793C434-A3AD-4DB8-AEC3-8FBD8FA20FC7}\RP17\A0005965.dll

    Infected! C:\System Volume Information\_restore{0793C434-A3AD-4DB8-AEC3-8FBD8FA20FC7}\RP17\A0006964.dll

    Infected! C:\System Volume Information\_restore{0793C434-A3AD-4DB8-AEC3-8FBD8FA20FC7}\RP17\A0007964.dll

    Infected! C:\System Volume Information\_restore{0793C434-A3AD-4DB8-AEC3-8FBD8FA20FC7}\RP17\A0008965.dll

    Infected! C:\System Volume Information\_restore{0793C434-A3AD-4DB8-AEC3-8FBD8FA20FC7}\RP17\A0008971.dll

    Infected! C:\System Volume Information\_restore{0793C434-A3AD-4DB8-AEC3-8FBD8FA20FC7}\RP17\A0008976.dll

    Infected! C:\System Volume Information\_restore{0793C434-A3AD-4DB8-AEC3-8FBD8FA20FC7}\RP17\A0008979.dll

    Infected! C:\System Volume Information\_restore{0793C434-A3AD-4DB8-AEC3-8FBD8FA20FC7}\RP17\A0008980.dll

    Infected! C:\System Volume Information\_restore{0793C434-A3AD-4DB8-AEC3-8FBD8FA20FC7}\RP17\A0008997.dll

    Infected! C:\System Volume Information\_restore{0793C434-A3AD-4DB8-AEC3-8FBD8FA20FC7}\RP17\A0009003.dll

    Infected! C:\System Volume Information\_restore{0793C434-A3AD-4DB8-AEC3-8FBD8FA20FC7}\RP18\A0010057.dll

    Infected! C:\System Volume Information\_restore{0793C434-A3AD-4DB8-AEC3-8FBD8FA20FC7}\RP18\A0011058.dll

    Infected! C:\System Volume Information\_restore{0793C434-A3AD-4DB8-AEC3-8FBD8FA20FC7}\RP18\A0011369.dll

    Infected! C:\System Volume Information\_restore{0793C434-A3AD-4DB8-AEC3-8FBD8FA20FC7}\RP18\A0011370.dll

    Infected! C:\System Volume Information\_restore{0793C434-A3AD-4DB8-AEC3-8FBD8FA20FC7}\RP18\A0011371.dll

    Infected! C:\System Volume Information\_restore{0793C434-A3AD-4DB8-AEC3-8FBD8FA20FC7}\RP18\A0011372.dll

    Infected! C:\System Volume Information\_restore{0793C434-A3AD-4DB8-AEC3-8FBD8FA20FC7}\RP18\A0011373.dll

    Infected! C:\System Volume Information\_restore{0793C434-A3AD-4DB8-AEC3-8FBD8FA20FC7}\RP18\A0011374.dll

    Infected! C:\System Volume Information\_restore{0793C434-A3AD-4DB8-AEC3-8FBD8FA20FC7}\RP18\A0011375.dll

    Infected! C:\System Volume Information\_restore{0793C434-A3AD-4DB8-AEC3-8FBD8FA20FC7}\RP18\A0011376.dll

    Infected! C:\System Volume Information\_restore{0793C434-A3AD-4DB8-AEC3-8FBD8FA20FC7}\RP18\A0011377.dll

    Infected! C:\System Volume Information\_restore{0793C434-A3AD-4DB8-AEC3-8FBD8FA20FC7}\RP18\A0011378.dll

    Infected! C:\System Volume Information\_restore{0793C434-A3AD-4DB8-AEC3-8FBD8FA20FC7}\RP18\A0011379.dll

    Infected! C:\System Volume Information\_restore{0793C434-A3AD-4DB8-AEC3-8FBD8FA20FC7}\RP18\A0011380.dll

    Infected! C:\System Volume Information\_restore{0793C434-A3AD-4DB8-AEC3-8FBD8FA20FC7}\RP36\A0018566.dll

    Infected! C:\System Volume Information\_restore{0793C434-A3AD-4DB8-AEC3-8FBD8FA20FC7}\RP36\A0018572.dll

    Infected! C:\System Volume Information\_restore{0793C434-A3AD-4DB8-AEC3-8FBD8FA20FC7}\RP36\A0018589.dll

    Infected! C:\System Volume Information\_restore{0793C434-A3AD-4DB8-AEC3-8FBD8FA20FC7}\RP36\A0018595.dll

    Infected! C:\System Volume Information\_restore{0793C434-A3AD-4DB8-AEC3-8FBD8FA20FC7}\RP36\A0018597.dll

    Infected! C:\System Volume Information\_restore{0793C434-A3AD-4DB8-AEC3-8FBD8FA20FC7}\RP36\A0018601.dll

    Infected! C:\System Volume Information\_restore{0793C434-A3AD-4DB8-AEC3-8FBD8FA20FC7}\RP36\A0018608.dll

    Infected! C:\System Volume Information\_restore{0793C434-A3AD-4DB8-AEC3-8FBD8FA20FC7}\RP36\A0018610.dll

    Infected! C:\System Volume Information\_restore{0793C434-A3AD-4DB8-AEC3-8FBD8FA20FC7}\RP36\A0018806.dll

    Infected! C:\System Volume Information\_restore{0793C434-A3AD-4DB8-AEC3-8FBD8FA20FC7}\RP36\A0018812.dll

    Infected! C:\System Volume Information\_restore{0793C434-A3AD-4DB8-AEC3-8FBD8FA20FC7}\RP36\A0018814.dll

    Infected! C:\System Volume Information\_restore{0793C434-A3AD-4DB8-AEC3-8FBD8FA20FC7}\RP36\A0018820.dll

    Infected! C:\System Volume Information\_restore{0793C434-A3AD-4DB8-AEC3-8FBD8FA20FC7}\RP38\A0019819.dll

    Infected! C:\System Volume Information\_restore{0793C434-A3AD-4DB8-AEC3-8FBD8FA20FC7}\RP39\A0020821.dll

    Infected! C:\System Volume Information\_restore{0793C434-A3AD-4DB8-AEC3-8FBD8FA20FC7}\RP39\A0021822.dll

    Infected! C:\System Volume Information\_restore{0793C434-A3AD-4DB8-AEC3-8FBD8FA20FC7}\RP39\A0021830.dll

    Infected! C:\System Volume Information\_restore{0793C434-A3AD-4DB8-AEC3-8FBD8FA20FC7}\RP39\A0021844.dll

    Infected! C:\System Volume Information\_restore{0793C434-A3AD-4DB8-AEC3-8FBD8FA20FC7}\RP39\A0021852.dll

    Infected! C:\System Volume Information\_restore{0793C434-A3AD-4DB8-AEC3-8FBD8FA20FC7}\RP39\A0021858.dll

    Infected! C:\System Volume Information\_restore{0793C434-A3AD-4DB8-AEC3-8FBD8FA20FC7}\RP40\A0021861.dll

    Infected! C:\System Volume Information\_restore{0793C434-A3AD-4DB8-AEC3-8FBD8FA20FC7}\RP40\A0021869.dll

    Infected! C:\System Volume Information\_restore{0793C434-A3AD-4DB8-AEC3-8FBD8FA20FC7}\RP40\A0021878.dll

    Infected! C:\System Volume Information\_restore{0793C434-A3AD-4DB8-AEC3-8FBD8FA20FC7}\RP40\A0021880.dll

    Infected! C:\System Volume Information\_restore{0793C434-A3AD-4DB8-AEC3-8FBD8FA20FC7}\RP40\A0021887.dll

    Infected! C:\System Volume Information\_restore{0793C434-A3AD-4DB8-AEC3-8FBD8FA20FC7}\RP40\A0021917.dll

    Infected! C:\System Volume Information\_restore{0793C434-A3AD-4DB8-AEC3-8FBD8FA20FC7}\RP40\A0023919.dll

    Infected! C:\System Volume Information\_restore{0793C434-A3AD-4DB8-AEC3-8FBD8FA20FC7}\RP40\A0023949.dll

    Infected! C:\System Volume Information\_restore{0793C434-A3AD-4DB8-AEC3-8FBD8FA20FC7}\RP40\A0024952.dll

    Infected! C:\System Volume Information\_restore{0793C434-A3AD-4DB8-AEC3-8FBD8FA20FC7}\RP40\A0026977.dll

    Infected! C:\System Volume Information\_restore{0793C434-A3AD-4DB8-AEC3-8FBD8FA20FC7}\RP40\A0026992.dll

    Infected! C:\System Volume Information\_restore{0793C434-A3AD-4DB8-AEC3-8FBD8FA20FC7}\RP40\A0028017.dll

    Infected! C:\System Volume Information\_restore{0793C434-A3AD-4DB8-AEC3-8FBD8FA20FC7}\RP40\A0028021.dll

    Infected! C:\System Volume Information\_restore{0793C434-A3AD-4DB8-AEC3-8FBD8FA20FC7}\RP40\A0028049.dll

    Infected! C:\System Volume Information\_restore{0793C434-A3AD-4DB8-AEC3-8FBD8FA20FC7}\RP40\A0028205.dll

    Infected! C:\System Volume Information\_restore{0793C434-A3AD-4DB8-AEC3-8FBD8FA20FC7}\RP40\A0029203.dll

    Infected! C:\System Volume Information\_restore{0793C434-A3AD-4DB8-AEC3-8FBD8FA20FC7}\RP40\A0030271.dll

    Infected! C:\System Volume Information\_restore{0793C434-A3AD-4DB8-AEC3-8FBD8FA20FC7}\RP40\A0030285.dll

    Infected! C:\System Volume Information\_restore{0793C434-A3AD-4DB8-AEC3-8FBD8FA20FC7}\RP40\A0030290.dll

    Infected! C:\System Volume Information\_restore{0793C434-A3AD-4DB8-AEC3-8FBD8FA20FC7}\RP40\A0030296.dll

    Infected! C:\WINDOWS\system32\ajl71.dll

    Infected! C:\WINDOWS\system32\cfbcatex.dll

    Infected! C:\WINDOWS\system32\cLtsrv.dll

    Infected! C:\WINDOWS\system32\dacprop.dll

    Infected! C:\WINDOWS\system32\dmcprop2.dll

    Infected! C:\WINDOWS\system32\dn0o01d3e.dll

    Infected! C:\WINDOWS\system32\dvvvox.dll

    Infected! C:\WINDOWS\system32\e2200cfmef2a0.dll

    Infected! C:\WINDOWS\system32\f82mlif1182.dll

    Infected! C:\WINDOWS\system32\fp4m03h1e.dll

    Infected! C:\WINDOWS\system32\fysrch.dll

    Infected! C:\WINDOWS\system32\gppul3791.dll

    Infected! C:\WINDOWS\system32\hkink.dll

    Infected! C:\WINDOWS\system32\j22q0cf5ef2.dll

    Infected! C:\WINDOWS\system32\jzptb.dll

    Infected! C:\WINDOWS\system32\k4800elmehqa0.dll

    Infected! C:\WINDOWS\system32\ktlsl7371.dll

    Infected! C:\WINDOWS\system32\mdpml9711.dll

    Infected! C:\WINDOWS\system32\mjmtapi.dll

    Infected! C:\WINDOWS\system32\moang.dll

    Attempting to delete infected files...

    Attempting to delete: C:\WINDOWS\system32\mvjol9131.dll

    C:\WINDOWS\system32\mvjol9131.dll could not be deleted!

    Attempting to delete: C:\Betinha\Downloads\l2mfix\dlls\dn8001lme.dll

    C:\Betinha\Downloads\l2mfix\dlls\dn8001lme.dll could not be deleted!

    Attempting to delete: C:\Betinha\Downloads\l2mfix\dlls\fplo0333e.dll

    C:\Betinha\Downloads\l2mfix\dlls\fplo0333e.dll could not be deleted!

    Attempting to delete: C:\Betinha\Downloads\l2mfix\dlls\fpr6039se.dll

    C:\Betinha\Downloads\l2mfix\dlls\fpr6039se.dll could not be deleted!

    Attempting to delete: C:\Betinha\Downloads\l2mfix\dlls\gpj6l31s1.dll

    C:\Betinha\Downloads\l2mfix\dlls\gpj6l31s1.dll could not be deleted!

    Attempting to delete: C:\Betinha\Downloads\l2mfix\dlls\h24m0ch1ef4.dll

    C:\Betinha\Downloads\l2mfix\dlls\h24m0ch1ef4.dll could not be deleted!

    Attempting to delete: C:\Betinha\Downloads\l2mfix\dlls\IoagX7.dll

    C:\Betinha\Downloads\l2mfix\dlls\IoagX7.dll could not be deleted!

    Attempting to delete: C:\Betinha\Downloads\l2mfix\dlls\ioircl.dll

    C:\Betinha\Downloads\l2mfix\dlls\ioircl.dll could not be deleted!

    Attempting to delete: C:\Betinha\Downloads\l2mfix\dlls\ir02l5do1.dll

    C:\Betinha\Downloads\l2mfix\dlls\ir02l5do1.dll could not be deleted!

    Attempting to delete: C:\Betinha\Downloads\l2mfix\dlls\jt8s07l7e.dll

    C:\Betinha\Downloads\l2mfix\dlls\jt8s07l7e.dll could not be deleted!

    Attempting to delete: C:\Betinha\Downloads\l2mfix\dlls\m0pola731d.dll

    C:\Betinha\Downloads\l2mfix\dlls\m0pola731d.dll could not be deleted!

    Attempting to delete: C:\Betinha\Downloads\l2mfix\dlls\mtident.dll

    C:\Betinha\Downloads\l2mfix\dlls\mtident.dll could not be deleted!

    Attempting to delete: C:\Betinha\Downloads\l2mfix\dlls\smnceng.dll

    C:\Betinha\Downloads\l2mfix\dlls\smnceng.dll could not be deleted!

    Attempting to delete: C:\Betinha\Downloads\l2mfix\dlls\vqsapi.dll

    C:\Betinha\Downloads\l2mfix\dlls\vqsapi.dll could not be deleted!

    Attempting to delete: C:\Betinha\Downloads\l2mfix\dlls\xFctsrv.dll

    C:\Betinha\Downloads\l2mfix\dlls\xFctsrv.dll could not be deleted!

    Attempting to delete: C:\System Volume Information\_restore{0793C434-A3AD-4DB8-AEC3-8FBD8FA20FC7}\RP17\A0005959.dll

    C:\System Volume Information\_restore{0793C434-A3AD-4DB8-AEC3-8FBD8FA20FC7}\RP17\A0005959.dll could not be deleted!

    Attempting to delete: C:\System Volume Information\_restore{0793C434-A3AD-4DB8-AEC3-8FBD8FA20FC7}\RP17\A0005965.dll

    C:\System Volume Information\_restore{0793C434-A3AD-4DB8-AEC3-8FBD8FA20FC7}\RP17\A0005965.dll could not be deleted!

    Attempting to delete: C:\System Volume Information\_restore{0793C434-A3AD-4DB8-AEC3-8FBD8FA20FC7}\RP17\A0006964.dll

    C:\System Volume Information\_restore{0793C434-A3AD-4DB8-AEC3-8FBD8FA20FC7}\RP17\A0006964.dll could not be deleted!

    Attempting to delete: C:\System Volume Information\_restore{0793C434-A3AD-4DB8-AEC3-8FBD8FA20FC7}\RP17\A0007964.dll

    C:\System Volume Information\_restore{0793C434-A3AD-4DB8-AEC3-8FBD8FA20FC7}\RP17\A0007964.dll could not be deleted!

    Attempting to delete: C:\System Volume Information\_restore{0793C434-A3AD-4DB8-AEC3-8FBD8FA20FC7}\RP17\A0008965.dll

    C:\System Volume Information\_restore{0793C434-A3AD-4DB8-AEC3-8FBD8FA20FC7}\RP17\A0008965.dll could not be deleted!

    Attempting to delete: C:\System Volume Information\_restore{0793C434-A3AD-4DB8-AEC3-8FBD8FA20FC7}\RP17\A0008971.dll

    C:\System Volume Information\_restore{0793C434-A3AD-4DB8-AEC3-8FBD8FA20FC7}\RP17\A0008971.dll could not be deleted!

    Attempting to delete: C:\System Volume Information\_restore{0793C434-A3AD-4DB8-AEC3-8FBD8FA20FC7}\RP17\A0008976.dll

    C:\System Volume Information\_restore{0793C434-A3AD-4DB8-AEC3-8FBD8FA20FC7}\RP17\A0008976.dll could not be deleted!

    Attempting to delete: C:\System Volume Information\_restore{0793C434-A3AD-4DB8-AEC3-8FBD8FA20FC7}\RP17\A0008979.dll

    C:\System Volume Information\_restore{0793C434-A3AD-4DB8-AEC3-8FBD8FA20FC7}\RP17\A0008979.dll could not be deleted!

    Attempting to delete: C:\System Volume Information\_restore{0793C434-A3AD-4DB8-AEC3-8FBD8FA20FC7}\RP17\A0008980.dll

    C:\System Volume Information\_restore{0793C434-A3AD-4DB8-AEC3-8FBD8FA20FC7}\RP17\A0008980.dll could not be deleted!

    Attempting to delete: C:\System Volume Information\_restore{0793C434-A3AD-4DB8-AEC3-8FBD8FA20FC7}\RP17\A0008997.dll

    C:\System Volume Information\_restore{0793C434-A3AD-4DB8-AEC3-8FBD8FA20FC7}\RP17\A0008997.dll could not be deleted!

    Attempting to delete: C:\System Volume Information\_restore{0793C434-A3AD-4DB8-AEC3-8FBD8FA20FC7}\RP17\A0009003.dll

    C:\System Volume Information\_restore{0793C434-A3AD-4DB8-AEC3-8FBD8FA20FC7}\RP17\A0009003.dll could not be deleted!

    Attempting to delete: C:\System Volume Information\_restore{0793C434-A3AD-4DB8-AEC3-8FBD8FA20FC7}\RP18\A0010057.dll

    C:\System Volume Information\_restore{0793C434-A3AD-4DB8-AEC3-8FBD8FA20FC7}\RP18\A0010057.dll could not be deleted!

    Attempting to delete: C:\System Volume Information\_restore{0793C434-A3AD-4DB8-AEC3-8FBD8FA20FC7}\RP18\A0011058.dll

    C:\System Volume Information\_restore{0793C434-A3AD-4DB8-AEC3-8FBD8FA20FC7}\RP18\A0011058.dll could not be deleted!

    Attempting to delete: C:\System Volume Information\_restore{0793C434-A3AD-4DB8-AEC3-8FBD8FA20FC7}\RP18\A0011369.dll

    C:\System Volume Information\_restore{0793C434-A3AD-4DB8-AEC3-8FBD8FA20FC7}\RP18\A0011369.dll could not be deleted!

    Attempting to delete: C:\System Volume Information\_restore{0793C434-A3AD-4DB8-AEC3-8FBD8FA20FC7}\RP18\A0011370.dll

    C:\System Volume Information\_restore{0793C434-A3AD-4DB8-AEC3-8FBD8FA20FC7}\RP18\A0011370.dll could not be deleted!

    Attempting to delete: C:\System Volume Information\_restore{0793C434-A3AD-4DB8-AEC3-8FBD8FA20FC7}\RP18\A0011371.dll

    C:\System Volume Information\_restore{0793C434-A3AD-4DB8-AEC3-8FBD8FA20FC7}\RP18\A0011371.dll could not be deleted!

    Attempting to delete: C:\System Volume Information\_restore{0793C434-A3AD-4DB8-AEC3-8FBD8FA20FC7}\RP18\A0011372.dll

    C:\System Volume Information\_restore{0793C434-A3AD-4DB8-AEC3-8FBD8FA20FC7}\RP18\A0011372.dll could not be deleted!

    Attempting to delete: C:\System Volume Information\_restore{0793C434-A3AD-4DB8-AEC3-8FBD8FA20FC7}\RP18\A0011373.dll

    C:\System Volume Information\_restore{0793C434-A3AD-4DB8-AEC3-8FBD8FA20FC7}\RP18\A0011373.dll could not be deleted!

    Attempting to delete: C:\System Volume Information\_restore{0793C434-A3AD-4DB8-AEC3-8FBD8FA20FC7}\RP18\A0011374.dll

    C:\System Volume Information\_restore{0793C434-A3AD-4DB8-AEC3-8FBD8FA20FC7}\RP18\A0011374.dll could not be deleted!

    Attempting to delete: C:\System Volume Information\_restore{0793C434-A3AD-4DB8-AEC3-8FBD8FA20FC7}\RP18\A0011375.dll

    C:\System Volume Information\_restore{0793C434-A3AD-4DB8-AEC3-8FBD8FA20FC7}\RP18\A0011375.dll could not be deleted!

    Attempting to delete: C:\System Volume Information\_restore{0793C434-A3AD-4DB8-AEC3-8FBD8FA20FC7}\RP18\A0011376.dll

    C:\System Volume Information\_restore{0793C434-A3AD-4DB8-AEC3-8FBD8FA20FC7}\RP18\A0011376.dll could not be deleted!

    Attempting to delete: C:\System Volume Information\_restore{0793C434-A3AD-4DB8-AEC3-8FBD8FA20FC7}\RP18\A0011377.dll

    C:\System Volume Information\_restore{0793C434-A3AD-4DB8-AEC3-8FBD8FA20FC7}\RP18\A0011377.dll could not be deleted!

    Attempting to delete: C:\System Volume Information\_restore{0793C434-A3AD-4DB8-AEC3-8FBD8FA20FC7}\RP18\A0011378.dll

    C:\System Volume Information\_restore{0793C434-A3AD-4DB8-AEC3-8FBD8FA20FC7}\RP18\A0011378.dll could not be deleted!

    Attempting to delete: C:\System Volume Information\_restore{0793C434-A3AD-4DB8-AEC3-8FBD8FA20FC7}\RP18\A0011379.dll

    C:\System Volume Information\_restore{0793C434-A3AD-4DB8-AEC3-8FBD8FA20FC7}\RP18\A0011379.dll could not be deleted!

    Attempting to delete: C:\System Volume Information\_restore{0793C434-A3AD-4DB8-AEC3-8FBD8FA20FC7}\RP18\A0011380.dll

    C:\System Volume Information\_restore{0793C434-A3AD-4DB8-AEC3-8FBD8FA20FC7}\RP18\A0011380.dll could not be deleted!

    Attempting to delete: C:\System Volume Information\_restore{0793C434-A3AD-4DB8-AEC3-8FBD8FA20FC7}\RP36\A0018566.dll

    C:\System Volume Information\_restore{0793C434-A3AD-4DB8-AEC3-8FBD8FA20FC7}\RP36\A0018566.dll could not be deleted!

    Attempting to delete: C:\System Volume Information\_restore{0793C434-A3AD-4DB8-AEC3-8FBD8FA20FC7}\RP36\A0018572.dll

    C:\System Volume Information\_restore{0793C434-A3AD-4DB8-AEC3-8FBD8FA20FC7}\RP36\A0018572.dll could not be deleted!

    Attempting to delete: C:\System Volume Information\_restore{0793C434-A3AD-4DB8-AEC3-8FBD8FA20FC7}\RP36\A0018589.dll

    C:\System Volume Information\_restore{0793C434-A3AD-4DB8-AEC3-8FBD8FA20FC7}\RP36\A0018589.dll could not be deleted!

    Attempting to delete: C:\System Volume Information\_restore{0793C434-A3AD-4DB8-AEC3-8FBD8FA20FC7}\RP36\A0018595.dll

    C:\System Volume Information\_restore{0793C434-A3AD-4DB8-AEC3-8FBD8FA20FC7}\RP36\A0018595.dll could not be deleted!

    Attempting to delete: C:\System Volume Information\_restore{0793C434-A3AD-4DB8-AEC3-8FBD8FA20FC7}\RP36\A0018597.dll

    C:\System Volume Information\_restore{0793C434-A3AD-4DB8-AEC3-8FBD8FA20FC7}\RP36\A0018597.dll could not be deleted!

    Attempting to delete: C:\System Volume Information\_restore{0793C434-A3AD-4DB8-AEC3-8FBD8FA20FC7}\RP36\A0018601.dll

    C:\System Volume Information\_restore{0793C434-A3AD-4DB8-AEC3-8FBD8FA20FC7}\RP36\A0018601.dll could not be deleted!

    Attempting to delete: C:\System Volume Information\_restore{0793C434-A3AD-4DB8-AEC3-8FBD8FA20FC7}\RP36\A0018608.dll

    C:\System Volume Information\_restore{0793C434-A3AD-4DB8-AEC3-8FBD8FA20FC7}\RP36\A0018608.dll could not be deleted!

    Attempting to delete: C:\System Volume Information\_restore{0793C434-A3AD-4DB8-AEC3-8FBD8FA20FC7}\RP36\A0018610.dll

    C:\System Volume Information\_restore{0793C434-A3AD-4DB8-AEC3-8FBD8FA20FC7}\RP36\A0018610.dll could not be deleted!

    Attempting to delete: C:\System Volume Information\_restore{0793C434-A3AD-4DB8-AEC3-8FBD8FA20FC7}\RP36\A0018806.dll

    C:\System Volume Information\_restore{0793C434-A3AD-4DB8-AEC3-8FBD8FA20FC7}\RP36\A0018806.dll could not be deleted!

    Attempting to delete: C:\System Volume Information\_restore{0793C434-A3AD-4DB8-AEC3-8FBD8FA20FC7}\RP36\A0018812.dll

    C:\System Volume Information\_restore{0793C434-A3AD-4DB8-AEC3-8FBD8FA20FC7}\RP36\A0018812.dll could not be deleted!

    Attempting to delete: C:\System Volume Information\_restore{0793C434-A3AD-4DB8-AEC3-8FBD8FA20FC7}\RP36\A0018814.dll

    C:\System Volume Information\_restore{0793C434-A3AD-4DB8-AEC3-8FBD8FA20FC7}\RP36\A0018814.dll could not be deleted!

    Attempting to delete: C:\System Volume Information\_restore{0793C434-A3AD-4DB8-AEC3-8FBD8FA20FC7}\RP36\A0018820.dll

    C:\System Volume Information\_restore{0793C434-A3AD-4DB8-AEC3-8FBD8FA20FC7}\RP36\A0018820.dll could not be deleted!

    Attempting to delete: C:\System Volume Information\_restore{0793C434-A3AD-4DB8-AEC3-8FBD8FA20FC7}\RP38\A0019819.dll

    C:\System Volume Information\_restore{0793C434-A3AD-4DB8-AEC3-8FBD8FA20FC7}\RP38\A0019819.dll could not be deleted!

    Attempting to delete: C:\System Volume Information\_restore{0793C434-A3AD-4DB8-AEC3-8FBD8FA20FC7}\RP39\A0020821.dll

    C:\System Volume Information\_restore{0793C434-A3AD-4DB8-AEC3-8FBD8FA20FC7}\RP39\A0020821.dll could not be deleted!

    Attempting to delete: C:\System Volume Information\_restore{0793C434-A3AD-4DB8-AEC3-8FBD8FA20FC7}\RP39\A0021822.dll

    C:\System Volume Information\_restore{0793C434-A3AD-4DB8-AEC3-8FBD8FA20FC7}\RP39\A0021822.dll could not be deleted!

    Attempting to delete: C:\System Volume Information\_restore{0793C434-A3AD-4DB8-AEC3-8FBD8FA20FC7}\RP39\A0021830.dll

    C:\System Volume Information\_restore{0793C434-A3AD-4DB8-AEC3-8FBD8FA20FC7}\RP39\A0021830.dll could not be deleted!

    Attempting to delete: C:\System Volume Information\_restore{0793C434-A3AD-4DB8-AEC3-8FBD8FA20FC7}\RP39\A0021844.dll

    C:\System Volume Information\_restore{0793C434-A3AD-4DB8-AEC3-8FBD8FA20FC7}\RP39\A0021844.dll could not be deleted!

    Attempting to delete: C:\System Volume Information\_restore{0793C434-A3AD-4DB8-AEC3-8FBD8FA20FC7}\RP39\A0021852.dll

    C:\System Volume Information\_restore{0793C434-A3AD-4DB8-AEC3-8FBD8FA20FC7}\RP39\A0021852.dll could not be deleted!

    Attempting to delete: C:\System Volume Information\_restore{0793C434-A3AD-4DB8-AEC3-8FBD8FA20FC7}\RP39\A0021858.dll

    C:\System Volume Information\_restore{0793C434-A3AD-4DB8-AEC3-8FBD8FA20FC7}\RP39\A0021858.dll could not be deleted!

    Attempting to delete: C:\System Volume Information\_restore{0793C434-A3AD-4DB8-AEC3-8FBD8FA20FC7}\RP40\A0021861.dll

    C:\System Volume Information\_restore{0793C434-A3AD-4DB8-AEC3-8FBD8FA20FC7}\RP40\A0021861.dll could not be deleted!

    Attempting to delete: C:\System Volume Information\_restore{0793C434-A3AD-4DB8-AEC3-8FBD8FA20FC7}\RP40\A0021869.dll

    C:\System Volume Information\_restore{0793C434-A3AD-4DB8-AEC3-8FBD8FA20FC7}\RP40\A0021869.dll could not be deleted!

    Attempting to delete: C:\System Volume Information\_restore{0793C434-A3AD-4DB8-AEC3-8FBD8FA20FC7}\RP40\A0021878.dll

    C:\System Volume Information\_restore{0793C434-A3AD-4DB8-AEC3-8FBD8FA20FC7}\RP40\A0021878.dll could not be deleted!

    Attempting to delete: C:\System Volume Information\_restore{0793C434-A3AD-4DB8-AEC3-8FBD8FA20FC7}\RP40\A0021880.dll

    C:\System Volume Information\_restore{0793C434-A3AD-4DB8-AEC3-8FBD8FA20FC7}\RP40\A0021880.dll could not be deleted!

    Attempting to delete: C:\System Volume Information\_restore{0793C434-A3AD-4DB8-AEC3-8FBD8FA20FC7}\RP40\A0021887.dll

    C:\System Volume Information\_restore{0793C434-A3AD-4DB8-AEC3-8FBD8FA20FC7}\RP40\A0021887.dll could not be deleted!

    Attempting to delete: C:\System Volume Information\_restore{0793C434-A3AD-4DB8-AEC3-8FBD8FA20FC7}\RP40\A0021917.dll

    C:\System Volume Information\_restore{0793C434-A3AD-4DB8-AEC3-8FBD8FA20FC7}\RP40\A0021917.dll could not be deleted!

    Attempting to delete: C:\System Volume Information\_restore{0793C434-A3AD-4DB8-AEC3-8FBD8FA20FC7}\RP40\A0023919.dll

    C:\System Volume Information\_restore{0793C434-A3AD-4DB8-AEC3-8FBD8FA20FC7}\RP40\A0023919.dll could not be deleted!

    Attempting to delete: C:\System Volume Information\_restore{0793C434-A3AD-4DB8-AEC3-8FBD8FA20FC7}\RP40\A0023949.dll

    C:\System Volume Information\_restore{0793C434-A3AD-4DB8-AEC3-8FBD8FA20FC7}\RP40\A0023949.dll could not be deleted!

    Attempting to delete: C:\System Volume Information\_restore{0793C434-A3AD-4DB8-AEC3-8FBD8FA20FC7}\RP40\A0024952.dll

    C:\System Volume Information\_restore{0793C434-A3AD-4DB8-AEC3-8FBD8FA20FC7}\RP40\A0024952.dll could not be deleted!

    Attempting to delete: C:\System Volume Information\_restore{0793C434-A3AD-4DB8-AEC3-8FBD8FA20FC7}\RP40\A0026977.dll

    C:\System Volume Information\_restore{0793C434-A3AD-4DB8-AEC3-8FBD8FA20FC7}\RP40\A0026977.dll could not be deleted!

    Attempting to delete: C:\System Volume Information\_restore{0793C434-A3AD-4DB8-AEC3-8FBD8FA20FC7}\RP40\A0026992.dll

    C:\System Volume Information\_restore{0793C434-A3AD-4DB8-AEC3-8FBD8FA20FC7}\RP40\A0026992.dll could not be deleted!

    Attempting to delete: C:\System Volume Information\_restore{0793C434-A3AD-4DB8-AEC3-8FBD8FA20FC7}\RP40\A0028017.dll

    C:\System Volume Information\_restore{0793C434-A3AD-4DB8-AEC3-8FBD8FA20FC7}\RP40\A0028017.dll could not be deleted!

    Attempting to delete: C:\System Volume Information\_restore{0793C434-A3AD-4DB8-AEC3-8FBD8FA20FC7}\RP40\A0028021.dll

    C:\System Volume Information\_restore{0793C434-A3AD-4DB8-AEC3-8FBD8FA20FC7}\RP40\A0028021.dll could not be deleted!

    Attempting to delete: C:\System Volume Information\_restore{0793C434-A3AD-4DB8-AEC3-8FBD8FA20FC7}\RP40\A0028049.dll

    C:\System Volume Information\_restore{0793C434-A3AD-4DB8-AEC3-8FBD8FA20FC7}\RP40\A0028049.dll could not be deleted!

    Attempting to delete: C:\System Volume Information\_restore{0793C434-A3AD-4DB8-AEC3-8FBD8FA20FC7}\RP40\A0028205.dll

    C:\System Volume Information\_restore{0793C434-A3AD-4DB8-AEC3-8FBD8FA20FC7}\RP40\A0028205.dll could not be deleted!

    Attempting to delete: C:\System Volume Information\_restore{0793C434-A3AD-4DB8-AEC3-8FBD8FA20FC7}\RP40\A0029203.dll

    C:\System Volume Information\_restore{0793C434-A3AD-4DB8-AEC3-8FBD8FA20FC7}\RP40\A0029203.dll could not be deleted!

    Attempting to delete: C:\System Volume Information\_restore{0793C434-A3AD-4DB8-AEC3-8FBD8FA20FC7}\RP40\A0030271.dll

    C:\System Volume Information\_restore{0793C434-A3AD-4DB8-AEC3-8FBD8FA20FC7}\RP40\A0030271.dll could not be deleted!

    Attempting to delete: C:\System Volume Information\_restore{0793C434-A3AD-4DB8-AEC3-8FBD8FA20FC7}\RP40\A0030285.dll

    C:\System Volume Information\_restore{0793C434-A3AD-4DB8-AEC3-8FBD8FA20FC7}\RP40\A0030285.dll could not be deleted!

    Attempting to delete: C:\System Volume Information\_restore{0793C434-A3AD-4DB8-AEC3-8FBD8FA20FC7}\RP40\A0030290.dll

    C:\System Volume Information\_restore{0793C434-A3AD-4DB8-AEC3-8FBD8FA20FC7}\RP40\A0030290.dll could not be deleted!

    Attempting to delete: C:\System Volume Information\_restore{0793C434-A3AD-4DB8-AEC3-8FBD8FA20FC7}\RP40\A0030296.dll

    C:\System Volume Information\_restore{0793C434-A3AD-4DB8-AEC3-8FBD8FA20FC7}\RP40\A0030296.dll could not be deleted!

    Attempting to delete: C:\WINDOWS\system32\ajl71.dll

    C:\WINDOWS\system32\ajl71.dll could not be deleted!

    Attempting to delete: C:\WINDOWS\system32\cfbcatex.dll

    C:\WINDOWS\system32\cfbcatex.dll could not be deleted!

    Attempting to delete: C:\WINDOWS\system32\cLtsrv.dll

    C:\WINDOWS\system32\cLtsrv.dll could not be deleted!

    Attempting to delete: C:\WINDOWS\system32\dacprop.dll

    C:\WINDOWS\system32\dacprop.dll could not be deleted!

    Attempting to delete: C:\WINDOWS\system32\dmcprop2.dll

    C:\WINDOWS\system32\dmcprop2.dll could not be deleted!

    Attempting to delete: C:\WINDOWS\system32\dn0o01d3e.dll

    C:\WINDOWS\system32\dn0o01d3e.dll could not be deleted!

    Attempting to delete: C:\WINDOWS\system32\dvvvox.dll

    C:\WINDOWS\system32\dvvvox.dll could not be deleted!

    Attempting to delete: C:\WINDOWS\system32\e2200cfmef2a0.dll

    C:\WINDOWS\system32\e2200cfmef2a0.dll could not be deleted!

    Attempting to delete: C:\WINDOWS\system32\f82mlif1182.dll

    C:\WINDOWS\system32\f82mlif1182.dll could not be deleted!

    Attempting to delete: C:\WINDOWS\system32\fp4m03h1e.dll

    C:\WINDOWS\system32\fp4m03h1e.dll could not be deleted!

    Attempting to delete: C:\WINDOWS\system32\fysrch.dll

    C:\WINDOWS\system32\fysrch.dll could not be deleted!

    Attempting to delete: C:\WINDOWS\system32\gppul3791.dll

    C:\WINDOWS\system32\gppul3791.dll could not be deleted!

    Attempting to delete: C:\WINDOWS\system32\hkink.dll

    C:\WINDOWS\system32\hkink.dll could not be deleted!

    Attempting to delete: C:\WINDOWS\system32\j22q0cf5ef2.dll

    C:\WINDOWS\system32\j22q0cf5ef2.dll could not be deleted!

    Attempting to delete: C:\WINDOWS\system32\jzptb.dll

    C:\WINDOWS\system32\jzptb.dll could not be deleted!

    Attempting to delete: C:\WINDOWS\system32\k4800elmehqa0.dll

    C:\WINDOWS\system32\k4800elmehqa0.dll could not be deleted!

    Attempting to delete: C:\WINDOWS\system32\ktlsl7371.dll

    C:\WINDOWS\system32\ktlsl7371.dll could not be deleted!

    Attempting to delete: C:\WINDOWS\system32\mdpml9711.dll

    C:\WINDOWS\system32\mdpml9711.dll could not be deleted!

    Attempting to delete: C:\WINDOWS\system32\mjmtapi.dll

    C:\WINDOWS\system32\mjmtapi.dll could not be deleted!

    Attempting to delete: C:\WINDOWS\system32\moang.dll

    C:\WINDOWS\system32\moang.dll could not be deleted!

    Making registry repairs.

    Removing: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Extensions

    Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{B3BEF457-0550-4F5A-A9D1-4D2ED7D6E136}"

    HKCR\Clsid\{B3BEF457-0550-4F5A-A9D1-4D2ED7D6E136}

    Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{032327DA-F961-4B1F-9E3B-53CE35A702BA}"

    HKCR\Clsid\{032327DA-F961-4B1F-9E3B-53CE35A702BA}

    Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{FA8FAB99-21DE-42B1-B44D-4A8DD2C4B98F}"

    HKCR\Clsid\{FA8FAB99-21DE-42B1-B44D-4A8DD2C4B98F}

    Restoring Windows certificates.

    Replaced hosts file with default windows hosts file

    Restoring SeDebugPrivilege for Administradores - Succeeded

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    Baixe > L2MRemover

    Extraia os arquivos para uma pasta própria. Rode o L2MRemover.

    1 - Clique em Scan e aguarde que liste as chaves do malware no Registro.

    2 - Faça um backup de segurança, clicando em Save before delete, que salvará estas chaves que serão removidas em um arquivo *.reg.

    3 - Clique em Delete Keys para limpar as chaves do malware. Copie e salve no Bloco de Notas, as informações constantes do Data Log.

    Poste o resultado.

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • Não aguento mais estas propagandas. Quando faço os passos que você me diz, elas param por um tempo, mas quando vejo, sei la se instalo elas de novo sem querer, elas estão de volta. Dai não consigo conectar sem essas porcarias ficarem abrindo. Se não fosse você ir me ajudando sei la o que teria dado no pc já!!!

    Segue o log:

    19:26:31 -> Start scanning procedures...

    19:26:31 -> Suspected Registry Key found. Key added to list.

    19:26:31 -> Start checking running tasks...

    19:27:44 -> End of the scan process.

    19:27:53 -> No ACTIVE virus/trojan found in Memory but the Registry contains suspected voices! The voices are listed in the Registry Key Found box. We suggest you to delete them using the Delete Keys button!

    19:28:03 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ModuleUsage deleted!

    19:28:05 -> Key(s) deleted! Please, reboot the machine now!

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    Vamos verificar se realmente o Look2me foi removido. Saiu uma nova versão do look2Me-Destroyer, dia 27 março.

    Salve ou imprima estas instruções:

    1 - Dê um duplo-clique no Look2Me-Destroyer.exe (todas as janelas e programas deverão estar fechados). Marque Run this program as a task e na mensagem de que o programa vai fechar e reabrir em alguns segundos, clique em OK.

    2 - Quando abrir novamente, clique em Scan for L2M. Faz parte do processo, ícones e desktop desaparecerem. Ao final do scan, clique em Remove L2M. Na mensagem Done Scanning, clique em OK.

    3- Aguarde até aparecer esta mensagem: Done removing infected files! Look2Me-Destroyer will now shutdown your computer e então clique em OK.

    O computador irá desligar e precisará ligá-lo novamente.

    4 - Faça um scan com o HijackThis e salve/poste o log, mais o Look2Me-Destroyer.txt que encontrará no C:\

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    parada ta mals ai ein!

    para de entra em site porno e de POP UPS q aparecem

    você vai ter uma grande melhora no seu pc@!!!

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • Pior é q eu não entro em site porno, ninguém usa meu pc e nem entro em qualquer site, uso pouco o pc em casa, mas esses trecos estão me irritando já.

    Espero que isso consiga ter solução.

    Segue os logs:

    Logfile of HijackThis v1.99.1

    Scan saved at 20:56:44, on 3/4/2006

    Platform: Windows XP (WinNT 5.01.2600)

    MSIE: Internet Explorer v6.00 (6.00.2600.0000)

    Running processes:

    C:\WINDOWS\System32\smss.exe

    C:\WINDOWS\system32\winlogon.exe

    C:\WINDOWS\system32\services.exe

    C:\WINDOWS\system32\lsass.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\System32\svchost.exe

    C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccSetMgr.exe

    C:\Arquivos de programas\Arquivos comuns\Symantec Shared\SNDSrvc.exe

    C:\Arquivos de programas\Arquivos comuns\Symantec Shared\SPBBC\SPBBCSvc.exe

    C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccEvtMgr.exe

    C:\WINDOWS\Explorer.EXE

    C:\WINDOWS\system32\spoolsv.exe

    C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe

    C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccApp.exe

    C:\Arquivos de programas\Arquivos comuns\Symantec Shared\Security Center\UsrPrmpt.exe

    C:\WINDOWS\SOUNDMAN.EXE

    C:\Arquivos de programas\HP\hpcoretech\hpcmpmgr.exe

    C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb10.exe

    C:\Arquivos de programas\Hewlett-Packard\HP Software Update\HPWuSchd2.exe

    C:\WINDOWS\System32\rundll32.exe

    C:\Arquivos de programas\Winamp\winampa.exe

    C:\Arquivos de programas\Java\jre1.5.0_06\bin\jusched.exe

    C:\Arquivos de programas\DAEMON Tools\daemon.exe

    C:\Arquivos de programas\SlySoft\CloneCD\CloneCDTray.exe

    C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe

    C:\Arquivos de programas\Symantec\LiveUpdate\ALUSchedulerSvc.exe

    C:\Arquivos de programas\Norton AntiVirus\navapsvc.exe

    C:\Arquivos de programas\Norton AntiVirus\IWP\NPFMntor.exe

    C:\WINDOWS\System32\nvsvc32.exe

    C:\Arquivos de programas\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

    C:\Arquivos de programas\Arquivos comuns\Symantec Shared\CCPD-LC\symlcsvc.exe

    C:\WINDOWS\System32\wuauclt.exe

    C:\Betinha\Downloads\HijackThis\HijackThis.exe

    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Arquivos de programas\Norton AntiVirus\NavShExt.dll

    O3 - Toolbar: &Rádio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

    O3 - Toolbar: Alcohol Soft - Alcohol 120% Toolbar - {1CE4EE89-2D5C-4361-AF3B-D902AB545381} - C:\Arquivos de programas\Alcohol Soft\Alcohol 120% Toolbar\a120_tb.dll

    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

    O4 - HKLM\..\Run: [RemoteControl] "C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe"

    O4 - HKLM\..\Run: [ccApp] "C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccApp.exe"

    O4 - HKLM\..\Run: [sSC_UserPrompt] C:\Arquivos de programas\Arquivos comuns\Symantec Shared\Security Center\UsrPrmpt.exe

    O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\ARQUIV~1\SYMNET~1\SNDMon.exe /Consumer

    O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

    O4 - HKLM\..\Run: [HP Component Manager] "C:\Arquivos de programas\HP\hpcoretech\hpcmpmgr.exe"

    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb10.exe

    O4 - HKLM\..\Run: [HP Software Update] "C:\Arquivos de programas\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"

    O4 - HKLM\..\Run: [WinampAgent] C:\Arquivos de programas\Winamp\winampa.exe

    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe

    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

    O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Arquivos de programas\Java\jre1.5.0_06\bin\jusched.exe

    O4 - HKLM\..\Run: [DAEMON Tools] "C:\Arquivos de programas\DAEMON Tools\daemon.exe" -lang 1033

    O4 - HKLM\..\Run: [CloneCDTray] "C:\Arquivos de programas\SlySoft\CloneCD\CloneCDTray.exe" /s

    O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe" /background

    O4 - Startup: BitTorrent.lnk = C:\Arquivos de programas\BitTorrent\bittorrent.exe

    O4 - Startup: Ubisoft register.lnk = D:\Register\register\schedule.exe

    O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office10\EXCEL.EXE/3000

    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dll

    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dll

    O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1139073810357

    O17 - HKLM\System\CCS\Services\Tcpip\..\{85DCB5D9-A26D-4577-B891-4AA2D94BB7C4}: NameServer = 200.180.128.68,200.199.241.17

    O17 - HKLM\System\CCS\Services\Tcpip\..\{BCE36879-9B71-4635-9422-F740A6999785}: NameServer = 201.10.1.2 201.10.120.3

    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\ARQUIV~1\MSNMES~1\msgrapp.dll" (file missing)

    O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)

    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Arquivos de programas\Symantec\LiveUpdate\ALUSchedulerSvc.exe

    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccEvtMgr.exe

    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccPwdSvc.exe

    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccSetMgr.exe

    O23 - Service: LiveUpdate - Symantec Corporation - C:\ARQUIV~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

    O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Arquivos de programas\Norton AntiVirus\navapsvc.exe

    O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Arquivos de programas\Norton AntiVirus\IWP\NPFMntor.exe

    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

    O23 - Service: SAVScan - Symantec Corporation - C:\Arquivos de programas\Norton AntiVirus\SAVScan.exe

    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\ARQUIV~1\ARQUIV~1\SYMANT~1\SCRIPT~1\SBServ.exe

    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\SNDSrvc.exe

    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\SPBBC\SPBBCSvc.exe

    O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Arquivos de programas\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\CCPD-LC\symlcsvc.exe

    Look2Me-Destroyer V1.0.12

    Scanning for infected files.....

    Scan started at 3/4/2006 20:50:04

    Infected! C:\WINDOWS\system32\hr0s05d7e.dll

    Infected! C:\System Volume Information\_restore{0793C434-A3AD-4DB8-AEC3-8FBD8FA20FC7}\RP40\A0030304.dll

    Infected! C:\System Volume Information\_restore{0793C434-A3AD-4DB8-AEC3-8FBD8FA20FC7}\RP40\A0030305.dll

    Infected! C:\System Volume Information\_restore{0793C434-A3AD-4DB8-AEC3-8FBD8FA20FC7}\RP40\A0030306.dll

    Infected! C:\System Volume Information\_restore{0793C434-A3AD-4DB8-AEC3-8FBD8FA20FC7}\RP40\A0030307.dll

    Infected! C:\System Volume Information\_restore{0793C434-A3AD-4DB8-AEC3-8FBD8FA20FC7}\RP40\A0030308.dll

    Infected! C:\System Volume Information\_restore{0793C434-A3AD-4DB8-AEC3-8FBD8FA20FC7}\RP40\A0030309.dll

    Infected! C:\System Volume Information\_restore{0793C434-A3AD-4DB8-AEC3-8FBD8FA20FC7}\RP40\A0030310.dll

    Infected! C:\System Volume Information\_restore{0793C434-A3AD-4DB8-AEC3-8FBD8FA20FC7}\RP40\A0030311.dll

    Infected! C:\System Volume Information\_restore{0793C434-A3AD-4DB8-AEC3-8FBD8FA20FC7}\RP40\A0030312.dll

    Infected! C:\System Volume Information\_restore{0793C434-A3AD-4DB8-AEC3-8FBD8FA20FC7}\RP40\A0030313.dll

    Infected! C:\System Volume Information\_restore{0793C434-A3AD-4DB8-AEC3-8FBD8FA20FC7}\RP40\A0030314.dll

    Infected! C:\System Volume Information\_restore{0793C434-A3AD-4DB8-AEC3-8FBD8FA20FC7}\RP40\A0030315.dll

    Infected! C:\System Volume Information\_restore{0793C434-A3AD-4DB8-AEC3-8FBD8FA20FC7}\RP40\A0030316.dll

    Infected! C:\System Volume Information\_restore{0793C434-A3AD-4DB8-AEC3-8FBD8FA20FC7}\RP40\A0030317.dll

    Infected! C:\System Volume Information\_restore{0793C434-A3AD-4DB8-AEC3-8FBD8FA20FC7}\RP40\A0030318.dll

    Infected! C:\System Volume Information\_restore{0793C434-A3AD-4DB8-AEC3-8FBD8FA20FC7}\RP40\A0030319.dll

    Infected! C:\System Volume Information\_restore{0793C434-A3AD-4DB8-AEC3-8FBD8FA20FC7}\RP40\A0030320.dll

    Infected! C:\System Volume Information\_restore{0793C434-A3AD-4DB8-AEC3-8FBD8FA20FC7}\RP40\A0030321.dll

    Infected! C:\System Volume Information\_restore{0793C434-A3AD-4DB8-AEC3-8FBD8FA20FC7}\RP40\A0030322.dll

    Infected! C:\System Volume Information\_restore{0793C434-A3AD-4DB8-AEC3-8FBD8FA20FC7}\RP40\A0030323.dll

    Infected! C:\System Volume Information\_restore{0793C434-A3AD-4DB8-AEC3-8FBD8FA20FC7}\RP40\A0030324.dll

    Infected! C:\System Volume Information\_restore{0793C434-A3AD-4DB8-AEC3-8FBD8FA20FC7}\RP40\A0030325.dll

    Infected! C:\System Volume Information\_restore{0793C434-A3AD-4DB8-AEC3-8FBD8FA20FC7}\RP40\A0030326.dll

    Infected! C:\System Volume Information\_restore{0793C434-A3AD-4DB8-AEC3-8FBD8FA20FC7}\RP40\A0030327.dll

    Infected! C:\System Volume Information\_restore{0793C434-A3AD-4DB8-AEC3-8FBD8FA20FC7}\RP40\A0030328.dll

    Infected! C:\System Volume Information\_restore{0793C434-A3AD-4DB8-AEC3-8FBD8FA20FC7}\RP40\A0030329.dll

    Infected! C:\System Volume Information\_restore{0793C434-A3AD-4DB8-AEC3-8FBD8FA20FC7}\RP40\A0030330.dll

    Infected! C:\System Volume Information\_restore{0793C434-A3AD-4DB8-AEC3-8FBD8FA20FC7}\RP40\A0030331.dll

    Infected! C:\System Volume Information\_restore{0793C434-A3AD-4DB8-AEC3-8FBD8FA20FC7}\RP40\A0030332.dll

    Infected! C:\System Volume Information\_restore{0793C434-A3AD-4DB8-AEC3-8FBD8FA20FC7}\RP40\A0030333.dll

    Infected! C:\System Volume Information\_restore{0793C434-A3AD-4DB8-AEC3-8FBD8FA20FC7}\RP40\A0030334.dll

    Infected! C:\System Volume Information\_restore{0793C434-A3AD-4DB8-AEC3-8FBD8FA20FC7}\RP40\A0030335.dll

    Infected! C:\System Volume Information\_restore{0793C434-A3AD-4DB8-AEC3-8FBD8FA20FC7}\RP40\A0030336.dll

    Infected! C:\System Volume Information\_restore{0793C434-A3AD-4DB8-AEC3-8FBD8FA20FC7}\RP58\A0034177.dll

    Infected! C:\System Volume Information\_restore{0793C434-A3AD-4DB8-AEC3-8FBD8FA20FC7}\RP58\A0034186.dll

    Infected! C:\System Volume Information\_restore{0793C434-A3AD-4DB8-AEC3-8FBD8FA20FC7}\RP58\A0034197.dll

    Infected! C:\System Volume Information\_restore{0793C434-A3AD-4DB8-AEC3-8FBD8FA20FC7}\RP58\A0034200.dll

    Infected! C:\System Volume Information\_restore{0793C434-A3AD-4DB8-AEC3-8FBD8FA20FC7}\RP58\A0035205.dll

    Infected! C:\System Volume Information\_restore{0793C434-A3AD-4DB8-AEC3-8FBD8FA20FC7}\RP59\A0035215.dll

    Infected! C:\System Volume Information\_restore{0793C434-A3AD-4DB8-AEC3-8FBD8FA20FC7}\RP59\A0036222.dll

    Infected! C:\System Volume Information\_restore{0793C434-A3AD-4DB8-AEC3-8FBD8FA20FC7}\RP59\A0036240.dll

    Infected! C:\System Volume Information\_restore{0793C434-A3AD-4DB8-AEC3-8FBD8FA20FC7}\RP59\A0037228.dll

    Infected! C:\System Volume Information\_restore{0793C434-A3AD-4DB8-AEC3-8FBD8FA20FC7}\RP59\A0037235.dll

    Infected! C:\System Volume Information\_restore{0793C434-A3AD-4DB8-AEC3-8FBD8FA20FC7}\RP59\A0037243.dll

    Infected! C:\WINDOWS\system32\cfmsvcs.dll

    Infected! C:\WINDOWS\system32\f42m0ef1eh2.dll

    Infected! C:\WINDOWS\system32\g422lefo1h2c.dll

    Infected! C:\WINDOWS\system32\gp2ql3f51.dll

    Infected! C:\WINDOWS\System32\guard.tmp

    Attempting to delete infected files...

    Attempting to delete: C:\WINDOWS\system32\hr0s05d7e.dll

    C:\WINDOWS\system32\hr0s05d7e.dll could not be deleted!

    Attempting to delete: C:\System Volume Information\_restore{0793C434-A3AD-4DB8-AEC3-8FBD8FA20FC7}\RP40\A0030304.dll

    C:\System Volume Information\_restore{0793C434-A3AD-4DB8-AEC3-8FBD8FA20FC7}\RP40\A0030304.dll could not be deleted!

    Attempting to delete: C:\System Volume Information\_restore{0793C434-A3AD-4DB8-AEC3-8FBD8FA20FC7}\RP40\A0030305.dll

    C:\System Volume Information\_restore{0793C434-A3AD-4DB8-AEC3-8FBD8FA20FC7}\RP40\A0030305.dll could not be deleted!

    Attempting to delete: C:\System Volume Information\_restore{0793C434-A3AD-4DB8-AEC3-8FBD8FA20FC7}\RP40\A0030306.dll

    C:\System Volume Information\_restore{0793C434-A3AD-4DB8-AEC3-8FBD8FA20FC7}\RP40\A0030306.dll could not be deleted!

    Attempting to delete: C:\System Volume Information\_restore{0793C434-A3AD-4DB8-AEC3-8FBD8FA20FC7}\RP40\A0030307.dll

    C:\System Volume Information\_restore{0793C434-A3AD-4DB8-AEC3-8FBD8FA20FC7}\RP40\A0030307.dll could not be deleted!

    Attempting to delete: C:\System Volume Information\_restore{0793C434-A3AD-4DB8-AEC3-8FBD8FA20FC7}\RP40\A0030308.dll

    C:\System Volume Information\_restore{0793C434-A3AD-4DB8-AEC3-8FBD8FA20FC7}\RP40\A0030308.dll could not be deleted!

    Attempting to delete: C:\System Volume Information\_restore{0793C434-A3AD-4DB8-AEC3-8FBD8FA20FC7}\RP40\A0030309.dll

    C:\System Volume Information\_restore{0793C434-A3AD-4DB8-AEC3-8FBD8FA20FC7}\RP40\A0030309.dll could not be deleted!

    Attempting to delete: C:\System Volume Information\_restore{0793C434-A3AD-4DB8-AEC3-8FBD8FA20FC7}\RP40\A0030310.dll

    C:\System Volume Information\_restore{0793C434-A3AD-4DB8-AEC3-8FBD8FA20FC7}\RP40\A0030310.dll could not be deleted!

    Attempting to delete: C:\System Volume Information\_restore{0793C434-A3AD-4DB8-AEC3-8FBD8FA20FC7}\RP40\A0030311.dll

    C:\System Volume Information\_restore{0793C434-A3AD-4DB8-AEC3-8FBD8FA20FC7}\RP40\A0030311.dll could not be deleted!

    Attempting to delete: C:\System Volume Information\_restore{0793C434-A3AD-4DB8-AEC3-8FBD8FA20FC7}\RP40\A0030312.dll

    C:\System Volume Information\_restore{0793C434-A3AD-4DB8-AEC3-8FBD8FA20FC7}\RP40\A0030312.dll could not be deleted!

    Attempting to delete: C:\System Volume Information\_restore{0793C434-A3AD-4DB8-AEC3-8FBD8FA20FC7}\RP40\A0030313.dll

    C:\System Volume Information\_restore{0793C434-A3AD-4DB8-AEC3-8FBD8FA20FC7}\RP40\A0030313.dll could not be deleted!

    Attempting to delete: C:\System Volume Information\_restore{0793C434-A3AD-4DB8-AEC3-8FBD8FA20FC7}\RP40\A0030314.dll

    C:\System Volume Information\_restore{0793C434-A3AD-4DB8-AEC3-8FBD8FA20FC7}\RP40\A0030314.dll could not be deleted!

    Attempting to delete: C:\System Volume Information\_restore{0793C434-A3AD-4DB8-AEC3-8FBD8FA20FC7}\RP40\A0030315.dll

    C:\System Volume Information\_restore{0793C434-A3AD-4DB8-AEC3-8FBD8FA20FC7}\RP40\A0030315.dll could not be deleted!

    Attempting to delete: C:\System Volume Information\_restore{0793C434-A3AD-4DB8-AEC3-8FBD8FA20FC7}\RP40\A0030316.dll

    C:\System Volume Information\_restore{0793C434-A3AD-4DB8-AEC3-8FBD8FA20FC7}\RP40\A0030316.dll could not be deleted!

    Attempting to delete: C:\System Volume Information\_restore{0793C434-A3AD-4DB8-AEC3-8FBD8FA20FC7}\RP40\A0030317.dll

    C:\System Volume Information\_restore{0793C434-A3AD-4DB8-AEC3-8FBD8FA20FC7}\RP40\A0030317.dll could not be deleted!

    Attempting to delete: C:\System Volume Information\_restore{0793C434-A3AD-4DB8-AEC3-8FBD8FA20FC7}\RP40\A0030318.dll

    C:\System Volume Information\_restore{0793C434-A3AD-4DB8-AEC3-8FBD8FA20FC7}\RP40\A0030318.dll could not be deleted!

    Attempting to delete: C:\System Volume Information\_restore{0793C434-A3AD-4DB8-AEC3-8FBD8FA20FC7}\RP40\A0030319.dll

    C:\System Volume Information\_restore{0793C434-A3AD-4DB8-AEC3-8FBD8FA20FC7}\RP40\A0030319.dll could not be deleted!

    Attempting to delete: C:\System Volume Information\_restore{0793C434-A3AD-4DB8-AEC3-8FBD8FA20FC7}\RP40\A0030320.dll

    C:\System Volume Information\_restore{0793C434-A3AD-4DB8-AEC3-8FBD8FA20FC7}\RP40\A0030320.dll could not be deleted!

    Attempting to delete: C:\System Volume Information\_restore{0793C434-A3AD-4DB8-AEC3-8FBD8FA20FC7}\RP40\A0030321.dll

    C:\System Volume Information\_restore{0793C434-A3AD-4DB8-AEC3-8FBD8FA20FC7}\RP40\A0030321.dll could not be deleted!

    Attempting to delete: C:\System Volume Information\_restore{0793C434-A3AD-4DB8-AEC3-8FBD8FA20FC7}\RP40\A0030322.dll

    C:\System Volume Information\_restore{0793C434-A3AD-4DB8-AEC3-8FBD8FA20FC7}\RP40\A0030322.dll could not be deleted!

    Attempting to delete: C:\System Volume Information\_restore{0793C434-A3AD-4DB8-AEC3-8FBD8FA20FC7}\RP40\A0030323.dll

    C:\System Volume Information\_restore{0793C434-A3AD-4DB8-AEC3-8FBD8FA20FC7}\RP40\A0030323.dll could not be deleted!

    Attempting to delete: C:\System Volume Information\_restore{0793C434-A3AD-4DB8-AEC3-8FBD8FA20FC7}\RP40\A0030324.dll

    C:\System Volume Information\_restore{0793C434-A3AD-4DB8-AEC3-8FBD8FA20FC7}\RP40\A0030324.dll could not be deleted!

    Attempting to delete: C:\System Volume Information\_restore{0793C434-A3AD-4DB8-AEC3-8FBD8FA20FC7}\RP40\A0030325.dll

    C:\System Volume Information\_restore{0793C434-A3AD-4DB8-AEC3-8FBD8FA20FC7}\RP40\A0030325.dll could not be deleted!

    Attempting to delete: C:\System Volume Information\_restore{0793C434-A3AD-4DB8-AEC3-8FBD8FA20FC7}\RP40\A0030326.dll

    C:\System Volume Information\_restore{0793C434-A3AD-4DB8-AEC3-8FBD8FA20FC7}\RP40\A0030326.dll could not be deleted!

    Attempting to delete: C:\System Volume Information\_restore{0793C434-A3AD-4DB8-AEC3-8FBD8FA20FC7}\RP40\A0030327.dll

    C:\System Volume Information\_restore{0793C434-A3AD-4DB8-AEC3-8FBD8FA20FC7}\RP40\A0030327.dll could not be deleted!

    Attempting to delete: C:\System Volume Information\_restore{0793C434-A3AD-4DB8-AEC3-8FBD8FA20FC7}\RP40\A0030328.dll

    C:\System Volume Information\_restore{0793C434-A3AD-4DB8-AEC3-8FBD8FA20FC7}\RP40\A0030328.dll could not be deleted!

    Attempting to delete: C:\System Volume Information\_restore{0793C434-A3AD-4DB8-AEC3-8FBD8FA20FC7}\RP40\A0030329.dll

    C:\System Volume Information\_restore{0793C434-A3AD-4DB8-AEC3-8FBD8FA20FC7}\RP40\A0030329.dll could not be deleted!

    Attempting to delete: C:\System Volume Information\_restore{0793C434-A3AD-4DB8-AEC3-8FBD8FA20FC7}\RP40\A0030330.dll

    C:\System Volume Information\_restore{0793C434-A3AD-4DB8-AEC3-8FBD8FA20FC7}\RP40\A0030330.dll could not be deleted!

    Attempting to delete: C:\System Volume Information\_restore{0793C434-A3AD-4DB8-AEC3-8FBD8FA20FC7}\RP40\A0030331.dll

    C:\System Volume Information\_restore{0793C434-A3AD-4DB8-AEC3-8FBD8FA20FC7}\RP40\A0030331.dll could not be deleted!

    Attempting to delete: C:\System Volume Information\_restore{0793C434-A3AD-4DB8-AEC3-8FBD8FA20FC7}\RP40\A0030332.dll

    C:\System Volume Information\_restore{0793C434-A3AD-4DB8-AEC3-8FBD8FA20FC7}\RP40\A0030332.dll could not be deleted!

    Attempting to delete: C:\System Volume Information\_restore{0793C434-A3AD-4DB8-AEC3-8FBD8FA20FC7}\RP40\A0030333.dll

    C:\System Volume Information\_restore{0793C434-A3AD-4DB8-AEC3-8FBD8FA20FC7}\RP40\A0030333.dll could not be deleted!

    Attempting to delete: C:\System Volume Information\_restore{0793C434-A3AD-4DB8-AEC3-8FBD8FA20FC7}\RP40\A0030334.dll

    C:\System Volume Information\_restore{0793C434-A3AD-4DB8-AEC3-8FBD8FA20FC7}\RP40\A0030334.dll could not be deleted!

    Attempting to delete: C:\System Volume Information\_restore{0793C434-A3AD-4DB8-AEC3-8FBD8FA20FC7}\RP40\A0030335.dll

    C:\System Volume Information\_restore{0793C434-A3AD-4DB8-AEC3-8FBD8FA20FC7}\RP40\A0030335.dll could not be deleted!

    Attempting to delete: C:\System Volume Information\_restore{0793C434-A3AD-4DB8-AEC3-8FBD8FA20FC7}\RP40\A0030336.dll

    C:\System Volume Information\_restore{0793C434-A3AD-4DB8-AEC3-8FBD8FA20FC7}\RP40\A0030336.dll could not be deleted!

    Attempting to delete: C:\System Volume Information\_restore{0793C434-A3AD-4DB8-AEC3-8FBD8FA20FC7}\RP58\A0034177.dll

    C:\System Volume Information\_restore{0793C434-A3AD-4DB8-AEC3-8FBD8FA20FC7}\RP58\A0034177.dll could not be deleted!

    Attempting to delete: C:\System Volume Information\_restore{0793C434-A3AD-4DB8-AEC3-8FBD8FA20FC7}\RP58\A0034186.dll

    C:\System Volume Information\_restore{0793C434-A3AD-4DB8-AEC3-8FBD8FA20FC7}\RP58\A0034186.dll could not be deleted!

    Attempting to delete: C:\System Volume Information\_restore{0793C434-A3AD-4DB8-AEC3-8FBD8FA20FC7}\RP58\A0034197.dll

    C:\System Volume Information\_restore{0793C434-A3AD-4DB8-AEC3-8FBD8FA20FC7}\RP58\A0034197.dll could not be deleted!

    Attempting to delete: C:\System Volume Information\_restore{0793C434-A3AD-4DB8-AEC3-8FBD8FA20FC7}\RP58\A0034200.dll

    C:\System Volume Information\_restore{0793C434-A3AD-4DB8-AEC3-8FBD8FA20FC7}\RP58\A0034200.dll could not be deleted!

    Attempting to delete: C:\System Volume Information\_restore{0793C434-A3AD-4DB8-AEC3-8FBD8FA20FC7}\RP58\A0035205.dll

    C:\System Volume Information\_restore{0793C434-A3AD-4DB8-AEC3-8FBD8FA20FC7}\RP58\A0035205.dll could not be deleted!

    Attempting to delete: C:\System Volume Information\_restore{0793C434-A3AD-4DB8-AEC3-8FBD8FA20FC7}\RP59\A0035215.dll

    C:\System Volume Information\_restore{0793C434-A3AD-4DB8-AEC3-8FBD8FA20FC7}\RP59\A0035215.dll could not be deleted!

    Attempting to delete: C:\System Volume Information\_restore{0793C434-A3AD-4DB8-AEC3-8FBD8FA20FC7}\RP59\A0036222.dll

    C:\System Volume Information\_restore{0793C434-A3AD-4DB8-AEC3-8FBD8FA20FC7}\RP59\A0036222.dll could not be deleted!

    Attempting to delete: C:\System Volume Information\_restore{0793C434-A3AD-4DB8-AEC3-8FBD8FA20FC7}\RP59\A0036240.dll

    C:\System Volume Information\_restore{0793C434-A3AD-4DB8-AEC3-8FBD8FA20FC7}\RP59\A0036240.dll could not be deleted!

    Attempting to delete: C:\System Volume Information\_restore{0793C434-A3AD-4DB8-AEC3-8FBD8FA20FC7}\RP59\A0037228.dll

    C:\System Volume Information\_restore{0793C434-A3AD-4DB8-AEC3-8FBD8FA20FC7}\RP59\A0037228.dll could not be deleted!

    Attempting to delete: C:\System Volume Information\_restore{0793C434-A3AD-4DB8-AEC3-8FBD8FA20FC7}\RP59\A0037235.dll

    C:\System Volume Information\_restore{0793C434-A3AD-4DB8-AEC3-8FBD8FA20FC7}\RP59\A0037235.dll could not be deleted!

    Attempting to delete: C:\System Volume Information\_restore{0793C434-A3AD-4DB8-AEC3-8FBD8FA20FC7}\RP59\A0037243.dll

    C:\System Volume Information\_restore{0793C434-A3AD-4DB8-AEC3-8FBD8FA20FC7}\RP59\A0037243.dll could not be deleted!

    Attempting to delete: C:\WINDOWS\system32\cfmsvcs.dll

    C:\WINDOWS\system32\cfmsvcs.dll could not be deleted!

    Attempting to delete: C:\WINDOWS\system32\f42m0ef1eh2.dll

    C:\WINDOWS\system32\f42m0ef1eh2.dll could not be deleted!

    Attempting to delete: C:\WINDOWS\system32\g422lefo1h2c.dll

    C:\WINDOWS\system32\g422lefo1h2c.dll could not be deleted!

    Attempting to delete: C:\WINDOWS\system32\gp2ql3f51.dll

    C:\WINDOWS\system32\gp2ql3f51.dll could not be deleted!

    Attempting to delete: C:\WINDOWS\System32\guard.tmp

    C:\WINDOWS\System32\guard.tmp could not be deleted!

    Making registry repairs.

    Removing: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WindowsUpdate

    Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{F8793528-F132-4A70-894A-7B7ABC20E153}"

    HKCR\Clsid\{F8793528-F132-4A70-894A-7B7ABC20E153}

    Restoring Windows certificates.

    Replaced hosts file with default windows hosts file

    Restoring SeDebugPrivilege for Administradores - Succeeded

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    betinhatc, estas instruções só serão válidas, se não desligou ou reiniciou o PC. Se fez isso as dlls mudaram de nome.

    Copie e salve no Bloco de notas este texto em azul:

    C:\WINDOWS\system32\hr0s05d7e.dll

    C:\WINDOWS\system32\cfmsvcs.dll

    C:\WINDOWS\system32\f42m0ef1eh2.dll

    C:\WINDOWS\system32\g422lefo1h2c.dll

    C:\WINDOWS\system32\gp2ql3f51.dll

    C:\WINDOWS\System32\guard.tmp

    Salve ou imprima estas instruções:

    1 - Copie o texto que salvou no bloco de notas. Rode o KillBox e marque Delete on Reboot, no menu File clique em Paste from Clipboard.

    Depois clique no botão All Files.

    Clique no botão com o X. Responda Sim à pergunta. Reinicie o PC normalmente.

    2 - Dê um duplo-clique no Look2Me-Destroyer.exe (todas as janelas e programas deverão estar fechados). Marque Run this program as a task e na mensagem de que o programa vai fechar e reabrir em alguns segundos, clique em OK.

    3 - Quando abrir novamente, clique em Scan for L2M. Faz parte do processo, ícones e desktop desaparecerem. Ao final do scan, clique em Remove L2M. Na mensagem Done Scanning, clique em OK.

    4- Aguarde até aparecer esta mensagem: Done removing infected files! Look2Me-Destroyer will now shutdown your computer e então clique em OK.

    O computador irá desligar e precisará ligá-lo novamente.

    5 - Faça um scan com o HijackThis e salve/poste o log, mais o Look2Me-Destroyer.txt que encontrará no C:\

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
    Entre para seguir isso  





    Sobre o Clube do Hardware

    No ar desde 1996, o Clube do Hardware é uma das maiores, mais antigas e mais respeitadas publicações sobre tecnologia do Brasil. Leia mais

    Direitos autorais

    Não permitimos a cópia ou reprodução do conteúdo do nosso site, fórum, newsletters e redes sociais, mesmo citando-se a fonte. Leia mais

    ×