Ir ao conteúdo
  • Cadastre-se
Entre para seguir isso  
Beth Jacomini

JS/FakeAlert e TR/Dropper.gen - Log

Recommended Posts

Eis o meu log: (não consegui executar o Gmer, porque aparece uma tela azul com a seguinte mensagem de erro: Driver_IRQL_Not_Less-Or_Equal

Log do DDS:

DDS (Ver_09-05-14.01) - NTFSx86

Run by usuario at 19:01:23,00 on 25/05/2009

Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_13

Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.1015.470 [GMT -3:00]

AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

============== Running Processes ===============

C:\ARQUIV~1\GbPlugin\GbpSv.exe

C:\WINDOWS\system32\svchost -k DcomLaunch

C:\WINDOWS\system32\svchost -k rpcss

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\System32\svchost.exe -k NetworkService

C:\WINDOWS\System32\svchost.exe -k LocalService

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe

C:\WINDOWS\System32\svchost.exe -k LocalService

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\RTHDCPL.EXE

C:\WINDOWS\system32\igfxpers.exe

C:\WINDOWS\VM303_STI.EXE

C:\Arquivos de programas\HP\HP Software Update\HPWuSchd.exe

C:\Arquivos de programas\Java\jre6\bin\jusched.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Windows Media Player\WMPNSCFG.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe

C:\WINDOWS\System32\svchost.exe -k HTTPFilter

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\WINDOWS\System32\svchost.exe -k imgsvc

C:\Arquivos de programas\Windows Media Player\WMPNetwk.exe

C:\WINDOWS\System32\alg.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\Documents and Settings\usuario\Desktop\dds.scr

C:\WINDOWS\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.uol.com.br/

uSearch Page = hxxp://www.google.com

uSearch Bar = hxxp://www.google.com/ie

uDefault_Search_URL = hxxp://www.google.com/ie

mDefault_Page_URL = hxxp://br.yahoo.com

mStart Page = hxxp://br.yahoo.com

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

uURLSearchHooks: H - No File

uURLSearchHooks: H - No File

BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File

BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\arquivos de programas\adobe\acrobat 7.0\activex\AcroIEHelper.dll

BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\arquivos de programas\skype\toolbars\internet explorer\SkypeIEPlugin.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: Auxiliar de Conexão do Windows Live: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\arquivos de programas\arquivos comuns\microsoft shared\windows

live\WindowsLiveLogin.dll

BHO: GbIehObj Class: {c41a1c0e-ea6c-11d4-b1b8-444553540000} - c:\arquiv~1\gbplugin\gbieh.dll

BHO: GbIehObj Class: {c41a1c0e-ea6c-11d4-b1b8-444553540007} - c:\arquiv~1\gbplugin\gbiehabn.dll

BHO: GbIehObj Class: {c41a1c0e-ea6c-11d4-b1b8-444553540008} - c:\arquivos de programas\gbplugin\gbiehuni.dll

BHO: CescrtHlpr Object: {d286e828-e6b9-484d-a058-d7323666de33} - c:\arquivos de programas\recfree.com\recfreetoolbar\1.2.1.0\escort.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\arquivos de programas\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\arquivos de programas\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

BHO: {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - No File

TB: {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - No File

TB: RecFree Toolbar: {0508f8f1-08e3-43ee-aaa8-09ad09803084} - c:\arquivos de programas\recfree.com\recfreetoolbar\1.2.1.0\escorTlbr.dll

TB: {E3EA4FD9-CADE-4AE5-84F7-086EEE888BE4} - No File

TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File

EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [WMPNSCFG] c:\arquivos de programas\windows media player\WMPNSCFG.exe

uRun: [copy save] c:\docume~1\usuario\dadosd~1\axisid~1\movemanagerplus.exe

mRun: [DXDllRegExe] dxdllreg.exe

mRun: [RTHDCPL] RTHDCPL.EXE

mRun: [Alcmtr] ALCMTR.EXE

mRun: [igfxtray] c:\windows\system32\igfxtray.exe

mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe

mRun: [igfxpers] c:\windows\system32\igfxpers.exe

mRun: [PCSuiteTrayApplication] c:\arquivos de programas\nokia\nokia pc suite 6\LaunchApplication.exe -startup

mRun: [TkBellExe] "realsched.exe" -osboot

mRun: [skyTel] SkyTel.EXE

mRun: [nwiz] nwiz.exe /install

mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [bigDog303] c:\windows\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)

mRun: [HP Software Update] "c:\arquivos de programas\hp\hp software update\HPWuSchd.exe"

mRun: [sunJavaUpdateSched] "c:\arquivos de programas\java\jre6\bin\jusched.exe"

mRun: [avgnt] "c:\arquivos de programas\avira\antivir desktop\avgnt.exe" /min

dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE

dRun: [Nokia.PCSync] c:\arquivos de programas\nokia\nokia pc suite 6\PcSync2.exe /NoDialog

IE: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZNfox000

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: Download with NetPumper - c:\arquivos de programas\netpumper\AddUrl.htm

IE: E&xportar para o Microsoft Excel - c:\arquiv~1\micros~2\office11\EXCEL.EXE/3000

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\arquivos de programas\messenger\msmsgs.exe

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\arquivos de programas\windows

live\writer\WriterBrowserExtension.dll

IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\arquivos de programas\skype\toolbars\internet

explorer\SkypeIEPlugin.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\arquiv~1\micros~2\office11\REFIEBAR.DLL

DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab

DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab

Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\arquivos de programas\hp\hpcoretech\comp\hpuiprot.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\arquiv~1\arquiv~1\skype\SKYPE4~1.DLL

Notify: GbPluginAbn - c:\arquiv~1\gbplugin\gbiehabn.dll

Notify: GbPluginBb - c:\arquiv~1\gbplugin\gbieh.dll

Notify: GbPluginUni - c:\arquivos de programas\gbplugin\gbiehuni.dll

Notify: igfxcui - igfxdev.dll

Notify: __c005A55A - c:\windows\system32\__c005A55A.dat

Notify: __GbPluginAbn - c:\arquivos de programas\gbplugin\gbiehabn.dll

Notify: __GbPluginBb - c:\arquivos de programas\gbplugin\gbieh.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: GbPluginObj Class: {e37cb5f0-51f5-4395-a808-5fa49e399f83} - c:\arquiv~1\gbplugin\gbieh.dll

SEH: GbPluginObj Class: {e37cb5f0-51f5-4395-a808-5fa49e399008} - c:\arquivos de programas\gbplugin\gbiehuni.dll

SEH: GbPluginObj Class: {e37cb5f0-51f5-4395-a808-5fa49e399007} - c:\arquiv~1\gbplugin\gbiehabn.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\usuario\dadosd~1\mozilla\firefox\profiles\ks3z88ro.default\

FF - prefs.js: browser.search.selectedEngine - Ask

FF - prefs.js: browser.startup.homepage - hxxp://www.uol.com.br/

FF - prefs.js: keyword.URL -

hxxp://www.mywebsearch.com/jsp/cfg_redir2.jsp?id=ZNfox000&fl=0&ptb=_91lB.9LmW2PSruq3KOM0A&st=kwd&o=kwd&url=http://search.mywebsearch.com/mywebsearch

/dft_redir.jhtml&searchfor=

FF - component: c:\arquivos de programas\recfree.com\recfreetoolbar\1.2.1.0\components\FFHst.dll

FF - plugin: c:\arquivos de programas\google\picasa3\npPicasa3.dll

FF - plugin: c:\arquivos de programas\mozilla firefox\plugins\npzylomgamesplayer.dll

FF - plugin: c:\documents and settings\all users\dados de aplicativos\zylom\zylomgamesplayer\npzylomgamesplayer.dll

---- FIREFOX POLICIES ----

c:\arquivos de programas\mozilla firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");

============= SERVICES / DRIVERS ===============

R0 GbpKm;Gbp KernelMode;c:\windows\system32\drivers\GbpKm.sys [2008-12-9 26320]

R1 avgio;avgio;c:\arquivos de programas\avira\antivir desktop\avgio.sys [2009-5-19 11608]

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\arquivos de programas\avira\antivir desktop\sched.exe [2009-5-19 108289]

R2 AntiVirService;Avira AntiVir Guard;c:\arquivos de programas\avira\antivir desktop\avguard.exe [2009-5-19 185089]

R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2009-5-19 55640]

R2 GbpSv;Gbp Service;c:\arquiv~1\gbplugin\GbpSv.exe [2007-6-26 52560]

S3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller;c:\windows\system32\drivers\atl01_xp.sys [2008-2-12 35840]

S3 tgiul50;tgiul50;c:\windows\system32\drivers\tgiulnt5.sys [2005-1-22 138528]

S4 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0;c:\arquivos de programas\arquivos comuns\nero\nero backitup 4\nbservice.exe --> c:\arquivos de

programas\arquivos comuns\nero\nero backitup 4\NBService.exe [?]

=============== Created Last 30 ================

2009-05-23 17:05 <DIR> --d----- c:\docume~1\usuario\dadosd~1\recfree.com

2009-05-23 17:04 <DIR> --d----- c:\arquivos de programas\RecFree.com

2009-05-22 20:07 <DIR> --d----- c:\docume~1\alluse~1\dadosd~1\GameHouse

2009-05-22 07:51 <DIR> --d----- C:\Gmer

2009-05-21 15:59 <DIR> --d----- c:\docume~1\alluse~1\dadosd~1\Playrix Entertainment

2009-05-21 15:52 <DIR> --d----- c:\arquivos de programas\bfgclient

2009-05-21 15:52 <DIR> --d----- c:\docume~1\alluse~1\dadosd~1\BigFishGamesCache

2009-05-19 18:16 55,640 a------- c:\windows\system32\drivers\avgntflt.sys

2009-05-19 18:15 <DIR> --d----- c:\docume~1\alluse~1\dadosd~1\Avira

2009-05-19 18:15 <DIR> --d----- c:\arquivos de programas\Avira

2009-05-19 16:14 119,167 a------- c:\windows\system32\__c00CE740.exe

2009-05-19 16:13 119,167 a------- c:\windows\system32\__c0011F01.exe

2009-05-18 15:13 119,167 a------- c:\windows\system32\__c0028410.exe

2009-05-18 15:12 119,167 a------- c:\windows\system32\__c00401E1.exe

2009-05-16 16:18 <DIR> --d----- c:\arquivos de programas\NetPumper

2009-05-16 16:18 119,167 a------- c:\windows\system32\__c006F037.exe

2009-05-16 16:18 <DIR> --d----- c:\arquivos de programas\Axis Idle

2009-05-16 16:18 <DIR> --d----- c:\docume~1\usuario\dadosd~1\Axis Idle

2009-05-16 15:15 <DIR> --d----- c:\docume~1\usuario\dadosd~1\Zylom

2009-05-16 15:13 <DIR> --d----- c:\docume~1\alluse~1\dadosd~1\Zylom

2009-05-16 15:11 119,167 a------- c:\windows\system32\__c00EA2C9.exe

2009-05-16 15:11 25,600 a------- c:\windows\system32\__c005A55A.dat

2009-05-13 00:00 217 a------- c:\windows\system32\MRT.INI

==================== Find3M ====================

2009-05-02 22:32 454,584 a------- c:\windows\system32\perfh016.dat

2009-05-02 22:32 79,622 a------- c:\windows\system32\perfc016.dat

2009-04-17 19:21 182,656 a------- c:\windows\system32\drivers\ndis.sys

2009-03-09 05:19 410,984 a------- c:\windows\system32\deploytk.dll

2009-03-06 11:20 286,208 a------- c:\windows\system32\pdh.dll

2009-03-02 21:06 826,368 a------- c:\windows\system32\wininet.dll

2008-03-06 20:55 32 a------- c:\docume~1\alluse~1\dadosd~1\ezsid.dat

2007-07-13 19:59 87,608 ac------ c:\docume~1\usuario\dadosd~1\inst.exe

2007-07-13 19:59 47,360 ac------ c:\docume~1\usuario\dadosd~1\pcouffin.sys

2008-10-15 07:38 32,768 a--sh--- c:\windows\system32\config\systemprofile\configurações locais\histórico\history.ie5\mshist012008101520081016\index.dat

============= FINISH: 19:02:00,18 ===============

Compartilhar este post


Link para o post
Compartilhar em outros sites

Faça o download do Malwarebytes Anti-Malware:

Link1

Link alternativo

Duplo-clique em mbam-setup.exe, escolha a linguagem e siga as instruções para o software ser instalado.

  • Certifique-se que marca a caixa Atualizar Malwarebytes Anti-Malware e Executar Malwarebytes Anti-Malware, e clique em concluir.
  • Se existirem atualizações, elas serão baixadas e instaladas.
  • Quando as atualizações terminarem, abrirá uma janela do programa. Marque "Verificação Rápida", e depois clique no botão Verificar.
  • O scan iniciará e poderá ser demorado. Por favor seja paciente.
  • Quando o scan estiver completo, clique em Ok, depois em Mostrar Resultados para ver o log.
  • Se algo for encontrado, certifique-se que tudo está marcado e clique em Remover.
  • Quando a desinfecção terminar, automaticamente um log surgirá aberto num documento do Bloco de Notas e pode ser questionado para reiniciar o PC. (Leia a nota)
  • O log é automaticamente guardado e pode ser consultado clicando na tab Logs do menu principal.
  • Copie e cole o conteúdo desse log na sua próxima resposta.

Nota: Em infecções mais complicadas, poderá haver a necessidade de reiniciar o PC. Caso lhe seja pedido para reiniciar o PC, por favor, faça-o imediatamente.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Fiz conforme indicado e reiniciei o micro no final.... eis o log:

Malwarebytes' Anti-Malware 1.37

Versão do banco de dados: 2183

Windows 5.1.2600 Service Pack 3

26/05/2009 21:20:14

mbam-log-2009-05-26 (21-20-14).txt

Tipo de Verificação: Rápida

Objetos verificados: 108042

Tempo decorrido: 4 minute(s), 10 second(s)

Processos da Memória infectados: 0

Módulos de Memória Infectados: 1

Chaves do Registro infectadas: 27

Valores do Registro infectados: 3

Ítens do Registro infectados: 1

Pastas infectadas: 17

Arquivos infectados: 200

Processos da Memória infectados:

(Nenhum ítem malicioso foi detectado)

Módulos de Memória Infectados:

C:\WINDOWS\system32\__c005A55A.dat (Trojan.Agent) -> Delete on reboot.

Chaves do Registro infectadas:

HKEY_CLASSES_ROOT\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{741de825-a6f0-4497-9aa6-8023cf9b0fff} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{cf54be1c-9359-4395-8533-1657cf209cfe} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Typelib\{d518921a-4a03-425e-9873-b9a71756821e} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59c7fc09-1c83-4648-b3e6-003d2bbc7481} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68af847f-6e91-45dd-9b68-d6a12c30e5d7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170b96c-28d4-4626-8358-27e6caeef907} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{d1a71fa0-ff48-48dd-9b6d-7a13a3e42127} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ddb1968e-ead6-40fd-8dae-ff14757f60c7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{f138d901-86f0-4383-99b6-9cdd406036da} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\MenuExt\Download with NetPumper (Adware.NetPumper) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\MIME\Database\Content Type\application/x-netpumper-detector (Adware.NetPumper) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\NetPumper (Adware.NetPumper) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\__c005a55a (Trojan.Vundo) -> Delete on reboot.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\__gbpluginbb (Trojan.Vundo) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWay) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\AGprotect (Malware.Trace) -> Quarantined and deleted successfully.

Valores do Registro infectados:

HKEY_CURRENT_USER\SOFTWARE\Netscape\Netscape Navigator\Automation Protocols\ftp (Adware.NetPumper) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Netscape\Netscape Navigator\Automation Protocols\http (Adware.NetPumper) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\MenuExt\&Search\ (Adware.Hotbar) -> Quarantined and deleted successfully.

Ítens do Registro infectados:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Pastas infectadas:

C:\Arquivos de programas\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\arquivos de programas\mywebsearch\bar (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Arquivos de programas\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\arquivos de programas\funwebproducts\ScreenSaver (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\arquivos de programas\funwebproducts\screensaver\Images (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\arquivos de programas\funwebproducts\Shared (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Arquivos de programas\NetPumper (Adware.NetPumper) -> Quarantined and deleted successfully.

c:\arquivos de programas\netpumper\help (Adware.NetPumper) -> Quarantined and deleted successfully.

c:\arquivos de programas\netpumper\help\images (Adware.NetPumper) -> Quarantined and deleted successfully.

c:\arquivos de programas\netpumper\help\images\.svn (Adware.NetPumper) -> Quarantined and deleted successfully.

c:\arquivos de programas\netpumper\help\images\.svn\prop-base (Adware.NetPumper) -> Quarantined and deleted successfully.

c:\arquivos de programas\netpumper\help\images\.svn\props (Adware.NetPumper) -> Quarantined and deleted successfully.

c:\arquivos de programas\netpumper\help\images\.svn\text-base (Adware.NetPumper) -> Quarantined and deleted successfully.

c:\arquivos de programas\netpumper\help\images\.svn\tmp (Adware.NetPumper) -> Quarantined and deleted successfully.

c:\arquivos de programas\netpumper\help\images\.svn\tmp\prop-base (Adware.NetPumper) -> Quarantined and deleted successfully.

c:\arquivos de programas\netpumper\help\images\.svn\tmp\props (Adware.NetPumper) -> Quarantined and deleted successfully.

c:\arquivos de programas\netpumper\help\images\.svn\tmp\text-base (Adware.NetPumper) -> Quarantined and deleted successfully.

Arquivos infectados:

c:\arquivos de programas\netpumper\AddUrl.htm (Adware.NetPumper) -> Quarantined and deleted successfully.

c:\arquivos de programas\netpumper\NetPumper.url (Adware.NetPumper) -> Quarantined and deleted successfully.

c:\arquivos de programas\netpumper\help\commonheadfoot.htm (Adware.NetPumper) -> Quarantined and deleted successfully.

c:\arquivos de programas\netpumper\help\compat.htm (Adware.NetPumper) -> Quarantined and deleted successfully.

c:\arquivos de programas\netpumper\help\details.htm (Adware.NetPumper) -> Quarantined and deleted successfully.

c:\arquivos de programas\netpumper\help\features.htm (Adware.NetPumper) -> Quarantined and deleted successfully.

c:\arquivos de programas\netpumper\help\index.htm (Adware.NetPumper) -> Quarantined and deleted successfully.

c:\arquivos de programas\netpumper\help\mainwin.htm (Adware.NetPumper) -> Quarantined and deleted successfully.

c:\arquivos de programas\netpumper\help\nphelp.css (Adware.NetPumper) -> Quarantined and deleted successfully.

c:\arquivos de programas\netpumper\help\prefwindow.htm (Adware.NetPumper) -> Quarantined and deleted successfully.

c:\arquivos de programas\netpumper\help\register.htm (Adware.NetPumper) -> Quarantined and deleted successfully.

c:\arquivos de programas\netpumper\help\schedwin.htm (Adware.NetPumper) -> Quarantined and deleted successfully.

c:\arquivos de programas\netpumper\help\tips.htm (Adware.NetPumper) -> Quarantined and deleted successfully.

c:\arquivos de programas\netpumper\help\images\apllimit.gif (Adware.NetPumper) -> Quarantined and deleted successfully.

c:\arquivos de programas\netpumper\help\images\bandwidthpanel.gif (Adware.NetPumper) -> Quarantined and deleted successfully.

c:\arquivos de programas\netpumper\help\images\buttons.gif (Adware.NetPumper) -> Quarantined and deleted successfully.

c:\arquivos de programas\netpumper\help\images\cmdadd.gif (Adware.NetPumper) -> Quarantined and deleted successfully.

c:\arquivos de programas\netpumper\help\images\cmdaddtoschedule.gif (Adware.NetPumper) -> Quarantined and deleted successfully.

c:\arquivos de programas\netpumper\help\images\cmddetails.gif (Adware.NetPumper) -> Quarantined and deleted successfully.

c:\arquivos de programas\netpumper\help\images\cmdeditschedule.gif (Adware.NetPumper) -> Quarantined and deleted successfully.

c:\arquivos de programas\netpumper\help\images\cmdfolder.gif (Adware.NetPumper) -> Quarantined and deleted successfully.

c:\arquivos de programas\netpumper\help\images\cmdhelp.gif (Adware.NetPumper) -> Quarantined and deleted successfully.

c:\arquivos de programas\netpumper\help\images\cmdopen.gif (Adware.NetPumper) -> Quarantined and deleted successfully.

c:\arquivos de programas\netpumper\help\images\cmdopenfolder.gif (Adware.NetPumper) -> Quarantined and deleted successfully.

c:\arquivos de programas\netpumper\help\images\cmdpause.gif (Adware.NetPumper) -> Quarantined and deleted successfully.

c:\arquivos de programas\netpumper\help\images\cmdprefs.gif (Adware.NetPumper) -> Quarantined and deleted successfully.

c:\arquivos de programas\netpumper\help\images\cmdremove.gif (Adware.NetPumper) -> Quarantined and deleted successfully.

c:\arquivos de programas\netpumper\help\images\cmdresume.gif (Adware.NetPumper) -> Quarantined and deleted successfully.

c:\arquivos de programas\netpumper\help\images\cmdselectall.gif (Adware.NetPumper) -> Quarantined and deleted successfully.

c:\arquivos de programas\netpumper\help\images\detailwin-wide.gif (Adware.NetPumper) -> Quarantined and deleted successfully.

c:\arquivos de programas\netpumper\help\images\detailwin.gif (Adware.NetPumper) -> Quarantined and deleted successfully.

c:\arquivos de programas\netpumper\help\images\droptoschedule.gif (Adware.NetPumper) -> Quarantined and deleted successfully.

c:\arquivos de programas\netpumper\help\images\editbandwidth.gif (Adware.NetPumper) -> Quarantined and deleted successfully.

c:\arquivos de programas\netpumper\help\images\ignlimit.gif (Adware.NetPumper) -> Quarantined and deleted successfully.

c:\arquivos de programas\netpumper\help\images\limserver.gif (Adware.NetPumper) -> Quarantined and deleted successfully.

c:\arquivos de programas\netpumper\help\images\limservergold.gif (Adware.NetPumper) -> Quarantined and deleted successfully.

c:\arquivos de programas\netpumper\help\images\limuser.gif (Adware.NetPumper) -> Quarantined and deleted successfully.

c:\arquivos de programas\netpumper\help\images\mainwin.gif (Adware.NetPumper) -> Quarantined and deleted successfully.

c:\arquivos de programas\netpumper\help\images\moveicons.gif (Adware.NetPumper) -> Quarantined and deleted successfully.

c:\arquivos de programas\netpumper\help\images\prefw-bandwidth.gif (Adware.NetPumper) -> Quarantined and deleted successfully.

c:\arquivos de programas\netpumper\help\images\prefw-connections.gif (Adware.NetPumper) -> Quarantined and deleted successfully.

c:\arquivos de programas\netpumper\help\images\prefw-general.gif (Adware.NetPumper) -> Quarantined and deleted successfully.

c:\arquivos de programas\netpumper\help\images\prefw-login.gif (Adware.NetPumper) -> Quarantined and deleted successfully.

c:\arquivos de programas\netpumper\help\images\prefw-monitoring.gif (Adware.NetPumper) -> Quarantined and deleted successfully.

c:\arquivos de programas\netpumper\help\images\prefw-proxy-ftp.gif (Adware.NetPumper) -> Quarantined and deleted successfully.

c:\arquivos de programas\netpumper\help\images\prefw-proxy-http.gif (Adware.NetPumper) -> Quarantined and deleted successfully.

c:\arquivos de programas\netpumper\help\images\register-1.gif (Adware.NetPumper) -> Quarantined and deleted successfully.

c:\arquivos de programas\netpumper\help\images\register-2.gif (Adware.NetPumper) -> Quarantined and deleted successfully.

c:\arquivos de programas\netpumper\help\images\register-3-1.gif (Adware.NetPumper) -> Quarantined and deleted successfully.

c:\arquivos de programas\netpumper\help\images\register-3-2.gif (Adware.NetPumper) -> Quarantined and deleted successfully.

c:\arquivos de programas\netpumper\help\images\schedulewin.gif (Adware.NetPumper) -> Quarantined and deleted successfully.

c:\arquivos de programas\netpumper\help\images\scnoresume.bmp (Adware.NetPumper) -> Quarantined and deleted successfully.

c:\arquivos de programas\netpumper\help\images\scnoresume.gif (Adware.NetPumper) -> Quarantined and deleted successfully.

c:\arquivos de programas\netpumper\help\images\scresumes.bmp (Adware.NetPumper) -> Quarantined and deleted successfully.

c:\arquivos de programas\netpumper\help\images\scresumes.gif (Adware.NetPumper) -> Quarantined and deleted successfully.

c:\arquivos de programas\netpumper\help\images\scunk.bmp (Adware.NetPumper) -> Quarantined and deleted successfully.

c:\arquivos de programas\netpumper\help\images\scunk.gif (Adware.NetPumper) -> Quarantined and deleted successfully.

c:\arquivos de programas\netpumper\help\images\stanalyzing.gif (Adware.NetPumper) -> Quarantined and deleted successfully.

c:\arquivos de programas\netpumper\help\images\starticon.gif (Adware.NetPumper) -> Quarantined and deleted successfully.

c:\arquivos de programas\netpumper\help\images\stcompleted.gif (Adware.NetPumper) -> Quarantined and deleted successfully.

c:\arquivos de programas\netpumper\help\images\stfatal.gif (Adware.NetPumper) -> Quarantined and deleted successfully.

c:\arquivos de programas\netpumper\help\images\stinpro.gif (Adware.NetPumper) -> Quarantined and deleted successfully.

c:\arquivos de programas\netpumper\help\images\stnhelp-old.gif (Adware.NetPumper) -> Quarantined and deleted successfully.

c:\arquivos de programas\netpumper\help\images\stnhelp.gif (Adware.NetPumper) -> Quarantined and deleted successfully.

c:\arquivos de programas\netpumper\help\images\stopicon.gif (Adware.NetPumper) -> Quarantined and deleted successfully.

c:\arquivos de programas\netpumper\help\images\stpaused.gif (Adware.NetPumper) -> Quarantined and deleted successfully.

c:\arquivos de programas\netpumper\help\images\stqueued.gif (Adware.NetPumper) -> Quarantined and deleted successfully.

c:\arquivos de programas\netpumper\help\images\stretrying.gif (Adware.NetPumper) -> Quarantined and deleted successfully.

c:\arquivos de programas\netpumper\help\images\stscheduled.gif (Adware.NetPumper) -> Quarantined and deleted successfully.

c:\arquivos de programas\netpumper\help\images\summary.gif (Adware.NetPumper) -> Quarantined and deleted successfully.

c:\arquivos de programas\netpumper\help\images\throtdn.gif (Adware.NetPumper) -> Quarantined and deleted successfully.

c:\arquivos de programas\netpumper\help\images\zoombtn.gif (Adware.NetPumper) -> Quarantined and deleted successfully.

c:\arquivos de programas\netpumper\help\images\.svn\entries (Adware.NetPumper) -> Quarantined and deleted successfully.

c:\arquivos de programas\netpumper\help\images\.svn\format (Adware.NetPumper) -> Quarantined and deleted successfully.

c:\arquivos de programas\netpumper\help\images\.svn\prop-base\apllimit.gif.svn-base (Adware.NetPumper) -> Quarantined and deleted successfully.

c:\arquivos de programas\netpumper\help\images\.svn\prop-base\bandwidthpanel.gif.svn-base (Adware.NetPumper) -> Quarantined and deleted successfully.

c:\arquivos de programas\netpumper\help\images\.svn\prop-base\buttons.gif.svn-base (Adware.NetPumper) -> Quarantined and deleted successfully.

c:\arquivos de programas\netpumper\help\images\.svn\prop-base\cmdadd.gif.svn-base (Adware.NetPumper) -> Quarantined and deleted successfully.

c:\arquivos de programas\netpumper\help\images\.svn\prop-base\cmdaddtoschedule.gif.svn-base (Adware.NetPumper) -> Quarantined and deleted successfully.

c:\arquivos de programas\netpumper\help\images\.svn\prop-base\cmddetails.gif.svn-base (Adware.NetPumper) -> Quarantined and deleted successfully.

c:\arquivos de programas\netpumper\help\images\.svn\prop-base\cmdeditschedule.gif.svn-base (Adware.NetPumper) -> Quarantined and deleted successfully.

c:\arquivos de programas\netpumper\help\images\.svn\prop-base\cmdfolder.gif.svn-base (Adware.NetPumper) -> Quarantined and deleted successfully.

c:\arquivos de programas\netpumper\help\images\.svn\prop-base\cmdhelp.gif.svn-base (Adware.NetPumper) -> Quarantined and deleted successfully.

c:\arquivos de programas\netpumper\help\images\.svn\prop-base\cmdopen.gif.svn-base (Adware.NetPumper) -> Quarantined and deleted successfully.

c:\arquivos de programas\netpumper\help\images\.svn\prop-base\cmdopenfolder.gif.svn-base (Adware.NetPumper) -> Quarantined and deleted successfully.

c:\arquivos de programas\netpumper\help\images\.svn\prop-base\cmdpause.gif.svn-base (Adware.NetPumper) -> Quarantined and deleted successfully.

c:\arquivos de programas\netpumper\help\images\.svn\prop-base\cmdprefs.gif.svn-base (Adware.NetPumper) -> Quarantined and deleted successfully.

c:\arquivos de programas\netpumper\help\images\.svn\prop-base\cmdremove.gif.svn-base (Adware.NetPumper) -> Quarantined and deleted successfully.

c:\arquivos de programas\netpumper\help\images\.svn\prop-base\cmdresume.gif.svn-base (Adware.NetPumper) -> Quarantined and deleted successfully.

c:\arquivos de programas\netpumper\help\images\.svn\prop-base\cmdselectall.gif.svn-base (Adware.NetPumper) -> Quarantined and deleted successfully.

c:\arquivos de programas\netpumper\help\images\.svn\prop-base\detailwin-wide.gif.svn-base (Adware.NetPumper) -> Quarantined and deleted successfully.

c:\arquivos de programas\netpumper\help\images\.svn\prop-base\detailwin.gif.svn-base (Adware.NetPumper) -> Quarantined and deleted successfully.

c:\arquivos de programas\netpumper\help\images\.svn\prop-base\droptoschedule.gif.svn-base (Adware.NetPumper) -> Quarantined and deleted successfully.

c:\arquivos de programas\netpumper\help\images\.svn\prop-base\editbandwidth.gif.svn-base (Adware.NetPumper) -> Quarantined and deleted successfully.

c:\arquivos de programas\netpumper\help\images\.svn\prop-base\ignlimit.gif.svn-base (Adware.NetPumper) -> Quarantined and deleted successfully.

c:\arquivos de programas\netpumper\help\images\.svn\prop-base\limserver.gif.svn-base (Adware.NetPumper) -> Quarantined and deleted successfully.

c:\arquivos de programas\netpumper\help\images\.svn\prop-base\limservergold.gif.svn-base (Adware.NetPumper) -> Quarantined and deleted successfully.

c:\arquivos de programas\netpumper\help\images\.svn\prop-base\limuser.gif.svn-base (Adware.NetPumper) -> Quarantined and deleted successfully.

c:\arquivos de programas\netpumper\help\images\.svn\prop-base\mainwin.gif.svn-base (Adware.NetPumper) -> Quarantined and deleted successfully.

c:\arquivos de programas\netpumper\help\images\.svn\prop-base\moveicons.gif.svn-base (Adware.NetPumper) -> Quarantined and deleted successfully.

c:\arquivos de programas\netpumper\help\images\.svn\prop-base\prefw-bandwidth.gif.svn-base (Adware.NetPumper) -> Quarantined and deleted successfully.

c:\arquivos de programas\netpumper\help\images\.svn\prop-base\prefw-connections.gif.svn-base (Adware.NetPumper) -> Quarantined and deleted successfully.

c:\arquivos de programas\netpumper\help\images\.svn\prop-base\prefw-general.gif.svn-base (Adware.NetPumper) -> Quarantined and deleted successfully.

c:\arquivos de programas\netpumper\help\images\.svn\prop-base\prefw-login.gif.svn-base (Adware.NetPumper) -> Quarantined and deleted successfully.

c:\arquivos de programas\netpumper\help\images\.svn\prop-base\prefw-monitoring.gif.svn-base (Adware.NetPumper) -> Quarantined and deleted successfully.

c:\arquivos de programas\netpumper\help\images\.svn\prop-base\prefw-proxy-ftp.gif.svn-base (Adware.NetPumper) -> Quarantined and deleted successfully.

c:\arquivos de programas\netpumper\help\images\.svn\prop-base\prefw-proxy-http.gif.svn-base (Adware.NetPumper) -> Quarantined and deleted successfully.

c:\arquivos de programas\netpumper\help\images\.svn\prop-base\register-1.gif.svn-base (Adware.NetPumper) -> Quarantined and deleted successfully.

c:\arquivos de programas\netpumper\help\images\.svn\prop-base\register-2.gif.svn-base (Adware.NetPumper) -> Quarantined and deleted successfully.

c:\arquivos de programas\netpumper\help\images\.svn\prop-base\register-3-1.gif.svn-base (Adware.NetPumper) -> Quarantined and deleted successfully.

c:\arquivos de programas\netpumper\help\images\.svn\prop-base\register-3-2.gif.svn-base (Adware.NetPumper) -> Quarantined and deleted successfully.

c:\arquivos de programas\netpumper\help\images\.svn\prop-base\schedulewin.gif.svn-base (Adware.NetPumper) -> Quarantined and deleted successfully.

c:\arquivos de programas\netpumper\help\images\.svn\prop-base\scnoresume.bmp.svn-base (Adware.NetPumper) -> Quarantined and deleted successfully.

c:\arquivos de programas\netpumper\help\images\.svn\prop-base\scnoresume.gif.svn-base (Adware.NetPumper) -> Quarantined and deleted successfully.

c:\arquivos de programas\netpumper\help\images\.svn\prop-base\scresumes.bmp.svn-base (Adware.NetPumper) -> Quarantined and deleted successfully.

c:\arquivos de programas\netpumper\help\images\.svn\prop-base\scresumes.gif.svn-base (Adware.NetPumper) -> Quarantined and deleted successfully.

c:\arquivos de programas\netpumper\help\images\.svn\prop-base\scunk.bmp.svn-base (Adware.NetPumper) -> Quarantined and deleted successfully.

c:\arquivos de programas\netpumper\help\images\.svn\prop-base\scunk.gif.svn-base (Adware.NetPumper) -> Quarantined and deleted successfully.

c:\arquivos de programas\netpumper\help\images\.svn\prop-base\stanalyzing.gif.svn-base (Adware.NetPumper) -> Quarantined and deleted successfully.

c:\arquivos de programas\netpumper\help\images\.svn\prop-base\starticon.gif.svn-base (Adware.NetPumper) -> Quarantined and deleted successfully.

c:\arquivos de programas\netpumper\help\images\.svn\prop-base\stcompleted.gif.svn-base (Adware.NetPumper) -> Quarantined and deleted successfully.

c:\arquivos de programas\netpumper\help\images\.svn\prop-base\stfatal.gif.svn-base (Adware.NetPumper) -> Quarantined and deleted successfully.

c:\arquivos de programas\netpumper\help\images\.svn\prop-base\stinpro.gif.svn-base (Adware.NetPumper) -> Quarantined and deleted successfully.

c:\arquivos de programas\netpumper\help\images\.svn\prop-base\stnhelp-old.gif.svn-base (Adware.NetPumper) -> Quarantined and deleted successfully.

c:\arquivos de programas\netpumper\help\images\.svn\prop-base\stnhelp.gif.svn-base (Adware.NetPumper) -> Quarantined and deleted successfully.

c:\arquivos de programas\netpumper\help\images\.svn\prop-base\stopicon.gif.svn-base (Adware.NetPumper) -> Quarantined and deleted successfully.

c:\arquivos de programas\netpumper\help\images\.svn\prop-base\stpaused.gif.svn-base (Adware.NetPumper) -> Quarantined and deleted successfully.

c:\arquivos de programas\netpumper\help\images\.svn\prop-base\stqueued.gif.svn-base (Adware.NetPumper) -> Quarantined and deleted successfully.

c:\arquivos de programas\netpumper\help\images\.svn\prop-base\stretrying.gif.svn-base (Adware.NetPumper) -> Quarantined and deleted successfully.

c:\arquivos de programas\netpumper\help\images\.svn\prop-base\stscheduled.gif.svn-base (Adware.NetPumper) -> Quarantined and deleted successfully.

c:\arquivos de programas\netpumper\help\images\.svn\prop-base\summary.gif.svn-base (Adware.NetPumper) -> Quarantined and deleted successfully.

c:\arquivos de programas\netpumper\help\images\.svn\prop-base\throtdn.gif.svn-base (Adware.NetPumper) -> Quarantined and deleted successfully.

c:\arquivos de programas\netpumper\help\images\.svn\prop-base\zoombtn.gif.svn-base (Adware.NetPumper) -> Quarantined and deleted successfully.

c:\arquivos de programas\netpumper\help\images\.svn\text-base\apllimit.gif.svn-base (Adware.NetPumper) -> Quarantined and deleted successfully.

c:\arquivos de programas\netpumper\help\images\.svn\text-base\bandwidthpanel.gif.svn-base (Adware.NetPumper) -> Quarantined and deleted successfully.

c:\arquivos de programas\netpumper\help\images\.svn\text-base\buttons.gif.svn-base (Adware.NetPumper) -> Quarantined and deleted successfully.

c:\arquivos de programas\netpumper\help\images\.svn\text-base\cmdadd.gif.svn-base (Adware.NetPumper) -> Quarantined and deleted successfully.

c:\arquivos de programas\netpumper\help\images\.svn\text-base\cmdaddtoschedule.gif.svn-base (Adware.NetPumper) -> Quarantined and deleted successfully.

c:\arquivos de programas\netpumper\help\images\.svn\text-base\cmddetails.gif.svn-base (Adware.NetPumper) -> Quarantined and deleted successfully.

c:\arquivos de programas\netpumper\help\images\.svn\text-base\cmdeditschedule.gif.svn-base (Adware.NetPumper) -> Quarantined and deleted successfully.

c:\arquivos de programas\netpumper\help\images\.svn\text-base\cmdfolder.gif.svn-base (Adware.NetPumper) -> Quarantined and deleted successfully.

c:\arquivos de programas\netpumper\help\images\.svn\text-base\cmdhelp.gif.svn-base (Adware.NetPumper) -> Quarantined and deleted successfully.

c:\arquivos de programas\netpumper\help\images\.svn\text-base\cmdopen.gif.svn-base (Adware.NetPumper) -> Quarantined and deleted successfully.

c:\arquivos de programas\netpumper\help\images\.svn\text-base\cmdopenfolder.gif.svn-base (Adware.NetPumper) -> Quarantined and deleted successfully.

c:\arquivos de programas\netpumper\help\images\.svn\text-base\cmdpause.gif.svn-base (Adware.NetPumper) -> Quarantined and deleted successfully.

c:\arquivos de programas\netpumper\help\images\.svn\text-base\cmdprefs.gif.svn-base (Adware.NetPumper) -> Quarantined and deleted successfully.

c:\arquivos de programas\netpumper\help\images\.svn\text-base\cmdremove.gif.svn-base (Adware.NetPumper) -> Quarantined and deleted successfully.

c:\arquivos de programas\netpumper\help\images\.svn\text-base\cmdresume.gif.svn-base (Adware.NetPumper) -> Quarantined and deleted successfully.

c:\arquivos de programas\netpumper\help\images\.svn\text-base\cmdselectall.gif.svn-base (Adware.NetPumper) -> Quarantined and deleted successfully.

c:\arquivos de programas\netpumper\help\images\.svn\text-base\detailwin-wide.gif.svn-base (Adware.NetPumper) -> Quarantined and deleted successfully.

c:\arquivos de programas\netpumper\help\images\.svn\text-base\detailwin.gif.svn-base (Adware.NetPumper) -> Quarantined and deleted successfully.

c:\arquivos de programas\netpumper\help\images\.svn\text-base\droptoschedule.gif.svn-base (Adware.NetPumper) -> Quarantined and deleted successfully.

c:\arquivos de programas\netpumper\help\images\.svn\text-base\editbandwidth.gif.svn-base (Adware.NetPumper) -> Quarantined and deleted successfully.

c:\arquivos de programas\netpumper\help\images\.svn\text-base\ignlimit.gif.svn-base (Adware.NetPumper) -> Quarantined and deleted successfully.

c:\arquivos de programas\netpumper\help\images\.svn\text-base\limserver.gif.svn-base (Adware.NetPumper) -> Quarantined and deleted successfully.

c:\arquivos de programas\netpumper\help\images\.svn\text-base\limservergold.gif.svn-base (Adware.NetPumper) -> Quarantined and deleted successfully.

c:\arquivos de programas\netpumper\help\images\.svn\text-base\limuser.gif.svn-base (Adware.NetPumper) -> Quarantined and deleted successfully.

c:\arquivos de programas\netpumper\help\images\.svn\text-base\mainwin.gif.svn-base (Adware.NetPumper) -> Quarantined and deleted successfully.

c:\arquivos de programas\netpumper\help\images\.svn\text-base\moveicons.gif.svn-base (Adware.NetPumper) -> Quarantined and deleted successfully.

c:\arquivos de programas\netpumper\help\images\.svn\text-base\prefw-bandwidth.gif.svn-base (Adware.NetPumper) -> Quarantined and deleted successfully.

c:\arquivos de programas\netpumper\help\images\.svn\text-base\prefw-connections.gif.svn-base (Adware.NetPumper) -> Quarantined and deleted successfully.

c:\arquivos de programas\netpumper\help\images\.svn\text-base\prefw-general.gif.svn-base (Adware.NetPumper) -> Quarantined and deleted successfully.

c:\arquivos de programas\netpumper\help\images\.svn\text-base\prefw-login.gif.svn-base (Adware.NetPumper) -> Quarantined and deleted successfully.

c:\arquivos de programas\netpumper\help\images\.svn\text-base\prefw-monitoring.gif.svn-base (Adware.NetPumper) -> Quarantined and deleted successfully.

c:\arquivos de programas\netpumper\help\images\.svn\text-base\prefw-proxy-ftp.gif.svn-base (Adware.NetPumper) -> Quarantined and deleted successfully.

c:\arquivos de programas\netpumper\help\images\.svn\text-base\prefw-proxy-http.gif.svn-base (Adware.NetPumper) -> Quarantined and deleted successfully.

c:\arquivos de programas\netpumper\help\images\.svn\text-base\register-1.gif.svn-base (Adware.NetPumper) -> Quarantined and deleted successfully.

c:\arquivos de programas\netpumper\help\images\.svn\text-base\register-2.gif.svn-base (Adware.NetPumper) -> Quarantined and deleted successfully.

c:\arquivos de programas\netpumper\help\images\.svn\text-base\register-3-1.gif.svn-base (Adware.NetPumper) -> Quarantined and deleted successfully.

c:\arquivos de programas\netpumper\help\images\.svn\text-base\register-3-2.gif.svn-base (Adware.NetPumper) -> Quarantined and deleted successfully.

c:\arquivos de programas\netpumper\help\images\.svn\text-base\schedulewin.gif.svn-base (Adware.NetPumper) -> Quarantined and deleted successfully.

c:\arquivos de programas\netpumper\help\images\.svn\text-base\scnoresume.bmp.svn-base (Adware.NetPumper) -> Quarantined and deleted successfully.

c:\arquivos de programas\netpumper\help\images\.svn\text-base\scnoresume.gif.svn-base (Adware.NetPumper) -> Quarantined and deleted successfully.

c:\arquivos de programas\netpumper\help\images\.svn\text-base\scresumes.bmp.svn-base (Adware.NetPumper) -> Quarantined and deleted successfully.

c:\arquivos de programas\netpumper\help\images\.svn\text-base\scresumes.gif.svn-base (Adware.NetPumper) -> Quarantined and deleted successfully.

c:\arquivos de programas\netpumper\help\images\.svn\text-base\scunk.bmp.svn-base (Adware.NetPumper) -> Quarantined and deleted successfully.

c:\arquivos de programas\netpumper\help\images\.svn\text-base\scunk.gif.svn-base (Adware.NetPumper) -> Quarantined and deleted successfully.

c:\arquivos de programas\netpumper\help\images\.svn\text-base\stanalyzing.gif.svn-base (Adware.NetPumper) -> Quarantined and deleted successfully.

c:\arquivos de programas\netpumper\help\images\.svn\text-base\starticon.gif.svn-base (Adware.NetPumper) -> Quarantined and deleted successfully.

c:\arquivos de programas\netpumper\help\images\.svn\text-base\stcompleted.gif.svn-base (Adware.NetPumper) -> Quarantined and deleted successfully.

c:\arquivos de programas\netpumper\help\images\.svn\text-base\stfatal.gif.svn-base (Adware.NetPumper) -> Quarantined and deleted successfully.

c:\arquivos de programas\netpumper\help\images\.svn\text-base\stinpro.gif.svn-base (Adware.NetPumper) -> Quarantined and deleted successfully.

c:\arquivos de programas\netpumper\help\images\.svn\text-base\stnhelp-old.gif.svn-base (Adware.NetPumper) -> Quarantined and deleted successfully.

c:\arquivos de programas\netpumper\help\images\.svn\text-base\stnhelp.gif.svn-base (Adware.NetPumper) -> Quarantined and deleted successfully.

c:\arquivos de programas\netpumper\help\images\.svn\text-base\stopicon.gif.svn-base (Adware.NetPumper) -> Quarantined and deleted successfully.

c:\arquivos de programas\netpumper\help\images\.svn\text-base\stpaused.gif.svn-base (Adware.NetPumper) -> Quarantined and deleted successfully.

c:\arquivos de programas\netpumper\help\images\.svn\text-base\stqueued.gif.svn-base (Adware.NetPumper) -> Quarantined and deleted successfully.

c:\arquivos de programas\netpumper\help\images\.svn\text-base\stretrying.gif.svn-base (Adware.NetPumper) -> Quarantined and deleted successfully.

c:\arquivos de programas\netpumper\help\images\.svn\text-base\stscheduled.gif.svn-base (Adware.NetPumper) -> Quarantined and deleted successfully.

c:\arquivos de programas\netpumper\help\images\.svn\text-base\summary.gif.svn-base (Adware.NetPumper) -> Quarantined and deleted successfully.

c:\arquivos de programas\netpumper\help\images\.svn\text-base\throtdn.gif.svn-base (Adware.NetPumper) -> Quarantined and deleted successfully.

c:\arquivos de programas\netpumper\help\images\.svn\text-base\zoombtn.gif.svn-base (Adware.NetPumper) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\__c005A55A.dat (Trojan.Vundo) -> Delete on reboot.

C:\ARQUIVOS DE PROGRAMAS\GbPlugin\gbieh.dll (Trojan.Vundo) -> Delete on reboot.

c:\WINDOWS\system32\__c0011F01.exe (Trojan.Vundo) -> Quarantined and deleted successfully.

c:\WINDOWS\system32\__c0028410.exe (Trojan.Vundo) -> Quarantined and deleted successfully.

c:\WINDOWS\system32\__c00401E1.exe (Trojan.Vundo) -> Quarantined and deleted successfully.

c:\WINDOWS\system32\__c006F037.exe (Trojan.Vundo) -> Quarantined and deleted successfully.

c:\WINDOWS\system32\__c00CE740.exe (Trojan.Vundo) -> Quarantined and deleted successfully.

c:\WINDOWS\system32\__c00EA2C9.exe (Trojan.Vundo) -> Quarantined and deleted successfully.

Compartilhar este post


Link para o post
Compartilhar em outros sites

O antivírus continua acusando infecção?

Compartilhar este post


Link para o post
Compartilhar em outros sites

Ola Renato,

Passei mais uma vez a verificação rápida e continuou acusando virus sim. Esperei um dia, atualizei o Malearebytes e passei a verificação completa. Acusou mais alguns virus e pediu que eu reiniciasse o micro. Fiz assim, passei de novo a completa e agora está tudo limpo, ao que parece. Veja o log:

Malwarebytes' Anti-Malware 1.37

Versão do banco de dados: 2198

Windows 5.1.2600 Service Pack 3

30/05/2009 21:55:25

mbam-log-2009-05-30 (21-55-25).txt

Tipo de Verificação: Completa (C:\|)

Objetos verificados: 224550

Tempo decorrido: 55 minute(s), 20 second(s)

Processos da Memória infectados: 0

Módulos de Memória Infectados: 0

Chaves do Registro infectadas: 0

Valores do Registro infectados: 0

Ítens do Registro infectados: 0

Pastas infectadas: 0

Arquivos infectados: 0

Processos da Memória infectados:

(Nenhum ítem malicioso foi detectado)

Módulos de Memória Infectados:

(Nenhum ítem malicioso foi detectado)

Chaves do Registro infectadas:

(Nenhum ítem malicioso foi detectado)

Valores do Registro infectados:

(Nenhum ítem malicioso foi detectado)

Ítens do Registro infectados:

(Nenhum ítem malicioso foi detectado)

Pastas infectadas:

(Nenhum ítem malicioso foi detectado)

Arquivos infectados:

(Nenhum ítem malicioso foi detectado)

Muito obrigada!

Compartilhar este post


Link para o post
Compartilhar em outros sites

Temporariamente desative antivirus de seu computador!

Faça um Online Scan em kaspersky Virusscanner

  • Clique em Clipboard01-1.jpg
  • Clique em accept.
  • Surgirá uma janela, clique em Run.
  • O programa será instalado e depois começará a fazer as atualizações (updates). Aguarde...
  • Quando completar as atualizações (100%), clique no botão 3507611311_825f7c7183_o.jpg
  • Verifique, no painel à direita, se estão marcados as seguintes caixas:
  • Em: Detect malicious programs of the following categories:
    • Viruses, Worms, Trojan Horses, Rootkits (por default já vem selecionada)
    • Spyware, Adware, Dialers, and other potentially dangerous programs

    [*]Em: Scan compound files (doesn't apply to the File scan area):

    • Archives
    • Mail databases
  • Clique em My Computer para começar o scan. Aguarde...
  • Ao fim do scan clique no link View scan report.
  • Clique no botão 3508421676_e090b1e383_o.jpg
  • Na janela que abrir em Files of type escolha a extensão Text file (.txt), escolha um local e dê um nome para o arquivo.
  • Pode fechar a página do Kaspersky.
  • Abra o arquivo em que salvou o relatório, selecione todo o conteúdo (ctr + a), copie (ctrl + c) e cole (ctrl + v) em sua próxima resposta.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Renato, veja o resultado:

--------------------------------------------------------------------------------

KASPERSKY ONLINE SCANNER 7.0 REPORT

Monday, June 1, 2009

Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600)

Kaspersky Online Scanner version: 7.0.26.13

Program database last update: Monday, June 01, 2009 23:50:12

Records in database: 2293625

--------------------------------------------------------------------------------

Scan settings:

Scan using the following database: extended

Scan archives: yes

Scan mail databases: yes

Scan area - My Computer:

A:\

C:\

D:\

Scan statistics:

Files scanned: 114719

Threat name: 4

Infected objects: 4

Suspicious objects: 0

Duration of the scan: 02:04:12

File name / Threat name / Threats count

C:\RECYCLER\S-1-5-21-861567501-1708537768-839522115-1003\Dc1.zip Infected: not-a-virus:AdWare.Win32.Agent.lzd 1

C:\RECYCLER\S-1-5-21-861567501-1708537768-839522115-1003\Dc1.zip Infected: Trojan-Downloader.Win32.BHO.lvc 1

C:\RECYCLER\S-1-5-21-861567501-1708537768-839522115-1003\Dc1.zip Infected: not-a-virus:AdWare.Win32.Agent.nji 1

C:\RECYCLER\S-1-5-21-861567501-1708537768-839522115-1003\Dc1.zip Infected: not-a-virus:AdWare.Win32.Agent.njj 1

The selected area was scanned.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Todas as infecções na lixeira, basta limpá-la.

Como está o computador?

Compartilhar este post


Link para o post
Compartilhar em outros sites
Será que agora estou livre dos virus??

Seus logs dizem que sim.

Parabéns, seu log está limpo.

De agora em diante fique ALERTA!

Para finalizar faça o seguinte:

Faça download do OTCleanIt by OldTimer

  • Salve no seu desktop (área/ambiente de trabalho).
  • Duplo-clique no icone otcleanitdesktopicon.png
  • Clique no botão "Cleanup" 8gehxg0.gif
  • Permita que o seu computador seja reiniciado.

Sugiro que rode o CCleaner para fazer uma limpeza em sua máquina. Faça o download dele aqui CCleaner

  • Abra o programa e clique em Executar Limpeza;
  • Após isto, clique em Erros >> Procurar erros >> Corrigir Erros

Sugiro também que consulte este artigo: Proteja seu PC

Mais algum problema com o computador?

Compartilhar este post


Link para o post
Compartilhar em outros sites

Caso o autor do tópico necessite, o mesmo será reaberto, para isso deverá entrar em contato com a moderação solicitando o desbloqueio.

Compartilhar este post


Link para o post
Compartilhar em outros sites
Visitante
Este tópico está impedido de receber novos posts.
Entre para seguir isso  





Sobre o Clube do Hardware

No ar desde 1996, o Clube do Hardware é uma das maiores, mais antigas e mais respeitadas publicações sobre tecnologia do Brasil. Leia mais

Direitos autorais

Não permitimos a cópia ou reprodução do conteúdo do nosso site, fórum, newsletters e redes sociais, mesmo citando-se a fonte. Leia mais

×