Ir para conteúdo

POWERED BY:

Arquivado

Este tópico foi arquivado e está fechado para novas respostas.

Fabio.costa

[Resolvido!] erro ao ligar o computador

Recommended Posts

Boa noite, estou tendo um problema chato, toda vez que ligo o meu computador recebo um caixa de mensagem, com a seguinte mensagem: "C:\WINDOWS\system32\adspipe.dll não foi possivel encontrar o módulo especificado." Alguem sabe me informar o que pode está ocasionando esta falha. :unsure:

Compartilhar este post


Link para o post
Compartilhar em outros sites

• Vá a este Link,e baixe: < Malwarebytes >

Atualize o programa!

• Escolha o escaneamento Rápido!

Desabilite programas de proteção,ao executar o malwarebytes.

• Procure enviar os ítens detectados para a quarentena,clicando em Remover itens.

• Para maiores detalhes: < Link >

-----------------------

• Poste,os relatórios: mbam-log-2008-xx-xx (00-00-00).txt + HijackThis,atualizado.

Compartilhar este post


Link para o post
Compartilhar em outros sites

se suspeita que possa ser virus post um log conforme topico

 

http://forum.imasters.com.br/index.php?showtopic=165906

Compartilhar este post


Link para o post
Compartilhar em outros sites
Boa noite, estou tendo um problema chato, toda vez que ligo o meu computador recebo um caixa de mensagem, com a seguinte mensagem: "C:\WINDOWS\system32\adspipe.dll não foi possivel encontrar o módulo especificado." Alguem sabe me informar o que pode está ocasionando esta falha. :unsure:

 

 

 

Pessoal conforme foi pedido segue o log do HijackThis + mbamlog

Obs: após rodar o mbamlog o conteudo infectado foi totalmente apagado, rodei pela 2ª vez e não apareceu mais nada.

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 00:06:36, on 16/2/2009

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16791)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

C:\Arquivos de programas\QuickTime\qttask.exe

C:\ARQUIV~1\AVG\AVG8\avgtray.exe

C:\WINDOWS\system32\ctfmon.exe

C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

C:\ARQUIV~1\AVG\AVG8\avgrsx.exe

C:\ARQUIV~1\AVG\AVG8\avgnsx.exe

C:\ARQUIV~1\AVG\AVG8\avgemc.exe

C:\Arquivos de programas\AVG\AVG8\avgcsrvx.exe

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqgalry.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Arquivos de programas\HP\hpcoretech\comp\hpdarc.exe

C:\Hijack\HiJackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Arquivos de programas\AVG\AVG8\avgssie.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Arquivos de programas\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll

O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\ARQUIV~1\AVG\AVG8\AVGTOO~1.DLL

O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\MSN Apps\MSN Toolbar\01.02.5000.1021\pt-br\msntb.dll

O3 - Toolbar: Ver HP - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\Arquivos de programas\HP\Digital Imaging\bin\HPDTLK02.dll

O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\MSN Apps\MSN Toolbar\01.02.5000.1021\pt-br\msntb.dll

O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\ARQUIV~1\AVG\AVG8\AVGTOO~1.DLL

O4 - HKLM\..\Run: [HP Software Update] "C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe"

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe

O4 - HKLM\..\Run: [adstart] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\adspipe.dll" DllVerify

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [AVG8_TRAY] C:\ARQUIV~1\AVG\AVG8\avgtray.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - S-1-5-18 Startup: AutoTBar.exe (User 'SYSTEM')

O4 - .DEFAULT Startup: AutoTBar.exe (User 'Default user')

O4 - .DEFAULT User Startup: AutoTBar.exe (User 'Default user')

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: Inicialização rápida do HP Image Zone.lnk = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqthb08.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~3\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\j2re1.4.2_05\bin\npjpi142_05.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\j2re1.4.2_05\bin\npjpi142_05.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~3\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab56986.cab

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/PT-BR/a-UNO1/GAME_UNO1.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Arquivos de programas\AVG\AVG8\avgpp.dll

O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll

O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\ARQUIV~1\AVG\AVG8\avgemc.exe

O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\hpbpro.exe

O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\hpboid.exe

O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Arquivos de programas\HPQ\SHARED\HPQWMI.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Unknown owner - C:\Arquivos de programas\iPod\bin\iPodService.exe (file missing)

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

 

--

End of file - 7365 bytes

 

 

 

Malwarebytes' Anti-Malware 1.34

Versão do banco de dados: 1764

Windows 5.1.2600 Service Pack 2

 

15/2/2009 16:25:53

mbam-log-2009-02-15 (16-25-53).txt

 

Tipo de Verificação: Rápida

Objetos verificados: 67909

Tempo decorrido: 8 minute(s), 32 second(s)

 

Processos da Memória infectados: 0

Módulos de Memória Infectados: 0

Chaves do Registro infectadas: 36

Valores do Registro infectados: 3

Ítens do Registro infectados: 19

Pastas infectadas: 10

Arquivos infectados: 8

 

Processos da Memória infectados:

(Nenhum ítem malicioso foi detectado)

 

Módulos de Memória Infectados:

(Nenhum ítem malicioso foi detectado)

 

Chaves do Registro infectadas:

HKEY_CLASSES_ROOT\shoppingreport.hbax (Adware.Shopping.Report) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\shoppingreport.hbax.1 (Adware.Shopping.Report) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\shoppingreport.hbinfoband (Adware.Shopping.Report) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\shoppingreport.hbinfoband.1 (Adware.Shopping.Report) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\shoppingreport.iebutton (Adware.Shopping.Report) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\shoppingreport.iebutton.1 (Adware.Shopping.Report) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\shoppingreport.iebuttona (Adware.Shopping.Report) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\shoppingreport.iebuttona.1 (Adware.Shopping.Report) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\shoppingreport.rprtctrl (Adware.Shopping.Report) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\shoppingreport.rprtctrl.1 (Adware.Shopping.Report) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{8ad9ad05-36be-4e40-ba62-5422eb0d02fb} (Adware.Shopping.Report) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{aebf09e2-0c15-43c8-99bf-928c645d98a0} (Adware.Shopping.Report) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{d8560ac2-21b5-4c1a-bdd4-bd12bc83b082} (Adware.Shopping.Report) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{460ac4db-b0de-4626-a0f0-175dd84dcb9b} (Adware.Hotbar) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Typelib\{cdca70d8-c6a6-49ee-9bed-7429d6c477a2} (Adware.Shopping.Report) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Typelib\{d136987f-e1c4-4ccc-a220-893df03ec5df} (Adware.Shopping.Report) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Typelib\{e343edfc-1e6c-4cb5-aa29-e9c922641c80} (Adware.Shopping.Report) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{5ed7d3de-6dbe-4516-8712-01b1b64b7057} (Adware.SmartShopper) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{4b18dd50-c996-44fc-ac52-0fecff82ed58} (Spyware.Hotbar) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{90b5a95a-afd5-4d11-b9bd-a69d53d22226} (Adware.Hotbar) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{100eb1fd-d03e-47fd-81f3-ee91287f9465} (Adware.Shopping.Report) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c5428486-50a0-4a02-9d20-520b59a9f9b2} (Adware.Shopping.Report) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c5428486-50a0-4a02-9d20-520b59a9f9b3} (Adware.Shopping.Report) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b64f4a7c-97c9-11da-8bde-f66bad1e3f3a} (Rogue.WinAntivirus) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{54a3f8b7-228e-4ed8-895b-de832b2c3959} (Adware.Zango) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{bfc08cff-c737-4433-bd5a-0ee7efcfee54} (Adware.Zango) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6fd31ed6-7c94-4bbc-8e95-f927f4d3a949} (Adware.180Solutions) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{f31a5d11-bf0b-4a4e-90af-274f2090aaa6} (Adware.180Solutions) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{100eb1fd-d03e-47fd-81f3-ee91287f9465} (Adware.Shopping.Report) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{90b5a95a-afd5-4d11-b9bd-a69d53d22226} (Adware.Hotbar) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{a7cddcdc-beeb-4685-a062-978f5e07ceee} (Adware.Shopping.Report) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{c5428486-50a0-4a02-9d20-520b59a9f9b2} (Adware.Shopping.Report) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{c5428486-50a0-4a02-9d20-520b59a9f9b3} (Adware.Shopping.Report) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\shoppingreport (Adware.Shopping.Report) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\ShoppingReport (Adware.Shopping.Report) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\ShoppingReport (Adware.Shopping.Report) -> Quarantined and deleted successfully.

 

Valores do Registro infectados:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{07aa283a-43d7-4cbe-a064-32a21112d94d} (Adware.Zango) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\CmdMapping\{c5428486-50a0-4a02-9d20-520b59a9f9b2} (Adware.Shopping.Report) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\CmdMapping\{c5428486-50a0-4a02-9d20-520b59a9f9b3} (Adware.Shopping.Report) -> Quarantined and deleted successfully.

 

Ítens do Registro infectados:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\StartMenuLogOff (Hijack.StartMenu) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.114.98 85.255.112.214 -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{5d155369-64fe-4320-b166-048b3f4392c2}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.114.98,85.255.112.214 -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{5d155369-64fe-4320-b166-048b3f4392c2}\NameServer (Trojan.DNSChanger) -> Data: 85.255.114.98,85.255.112.214 -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{ec5537ea-c096-4e73-822e-38824e4cedcd}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.114.98,85.255.112.214 -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{ec5537ea-c096-4e73-822e-38824e4cedcd}\NameServer (Trojan.DNSChanger) -> Data: 85.255.114.98,85.255.112.214 -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{fc2e61aa-fb7a-411b-92f4-3b4f05b32ffb}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.114.98,85.255.112.214 -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.114.98 85.255.112.214 -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{5d155369-64fe-4320-b166-048b3f4392c2}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.114.98,85.255.112.214 -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{5d155369-64fe-4320-b166-048b3f4392c2}\NameServer (Trojan.DNSChanger) -> Data: 85.255.114.98,85.255.112.214 -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{ec5537ea-c096-4e73-822e-38824e4cedcd}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.114.98,85.255.112.214 -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{ec5537ea-c096-4e73-822e-38824e4cedcd}\NameServer (Trojan.DNSChanger) -> Data: 85.255.114.98,85.255.112.214 -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{fc2e61aa-fb7a-411b-92f4-3b4f05b32ffb}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.114.98,85.255.112.214 -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.114.98 85.255.112.214 -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{5d155369-64fe-4320-b166-048b3f4392c2}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.114.98,85.255.112.214 -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{5d155369-64fe-4320-b166-048b3f4392c2}\NameServer (Trojan.DNSChanger) -> Data: 85.255.114.98,85.255.112.214 -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{ec5537ea-c096-4e73-822e-38824e4cedcd}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.114.98,85.255.112.214 -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{ec5537ea-c096-4e73-822e-38824e4cedcd}\NameServer (Trojan.DNSChanger) -> Data: 85.255.114.98,85.255.112.214 -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{fc2e61aa-fb7a-411b-92f4-3b4f05b32ffb}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.114.98,85.255.112.214 -> Quarantined and deleted successfully.

 

Pastas infectadas:

C:\Documents and Settings\extra\Dados de aplicativos\ShoppingReport (Adware.Shopping.Report) -> Quarantined and deleted successfully.

C:\Documents and Settings\extra\Dados de aplicativos\ShoppingReport\cs (Adware.Shopping.Report) -> Quarantined and deleted successfully.

C:\Documents and Settings\extra\Dados de aplicativos\ShoppingReport\cs\db (Adware.Shopping.Report) -> Quarantined and deleted successfully.

C:\Documents and Settings\extra\Dados de aplicativos\ShoppingReport\cs\dwld (Adware.Shopping.Report) -> Quarantined and deleted successfully.

C:\Documents and Settings\extra\Dados de aplicativos\ShoppingReport\cs\report (Adware.Shopping.Report) -> Quarantined and deleted successfully.

C:\Documents and Settings\extra\Dados de aplicativos\ShoppingReport\cs\res2 (Adware.Shopping.Report) -> Quarantined and deleted successfully.

C:\Arquivos de programas\ShoppingReport (Adware.Shopping.Report) -> Quarantined and deleted successfully.

C:\Arquivos de programas\ShoppingReport\Bin (Adware.Shopping.Report) -> Quarantined and deleted successfully.

C:\Arquivos de programas\ShoppingReport\Bin\2.0.26 (Adware.Shopping.Report) -> Quarantined and deleted successfully.

C:\Arquivos de programas\ShoppingReport\cs (Adware.Shopping.Report) -> Quarantined and deleted successfully.

 

Arquivos infectados:

C:\Documents and Settings\extra\Dados de aplicativos\ShoppingReport\cs\Config.xml (Adware.Shopping.Report) -> Quarantined and deleted successfully.

C:\Documents and Settings\extra\Dados de aplicativos\ShoppingReport\cs\db\Aliases.dbs (Adware.Shopping.Report) -> Quarantined and deleted successfully.

C:\Documents and Settings\extra\Dados de aplicativos\ShoppingReport\cs\db\Sites.dbs (Adware.Shopping.Report) -> Quarantined and deleted successfully.

C:\Documents and Settings\extra\Dados de aplicativos\ShoppingReport\cs\dwld\WhiteList.xip (Adware.Shopping.Report) -> Quarantined and deleted successfully.

C:\Documents and Settings\extra\Dados de aplicativos\ShoppingReport\cs\report\aggr_storage.xml (Adware.Shopping.Report) -> Quarantined and deleted successfully.

C:\Documents and Settings\extra\Dados de aplicativos\ShoppingReport\cs\report\send_storage.xml (Adware.Shopping.Report) -> Quarantined and deleted successfully.

C:\Documents and Settings\extra\Dados de aplicativos\ShoppingReport\cs\res2\WhiteList.dbs (Adware.Shopping.Report) -> Quarantined and deleted successfully.

C:\Arquivos de programas\ShoppingReport\Uninst.exe (Adware.Shopping.Report) -> Quarantined and deleted successfully.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Olá!!

 

abra o programa Malwarebytes e va na aba "quarentena" e remova todos os itens econtrado la.

 

Com o navegador Internet Explorer, acesse o Kaspersky Online Scanner e faça um scan online seguindo o tutorial abaixo.

 

Tutorial Kaspersky Online Scanner

 

Ao término do scan, salve o relatório com a extensão .txt (como mostra no final do tutorial) e poste em sua próxima resposta.

Compartilhar este post


Link para o post
Compartilhar em outros sites
Olá!!

 

abra o programa Malwarebytes e va na aba "quarentena" e remova todos os itens econtrado la.

 

Com o navegador Internet Explorer, acesse o Kaspersky Online Scanner e faça um scan online seguindo o tutorial abaixo.

 

Tutorial Kaspersky Online Scanner

 

Ao término do scan, salve o relatório com a extensão .txt (como mostra no final do tutorial) e poste em sua próxima resposta.

 

 

LOG Kaspersky

 

--------------------------------------------------------------------------------

KASPERSKY ONLINE SCANNER 7 REPORT

Tuesday, February 17, 2009

Operating System: Microsoft Windows XP Professional Service Pack 2 (build 2600)

Kaspersky Online Scanner 7 version: 7.0.25.0

Program database last update: Tuesday, February 17, 2009 17:23:41

Records in database: 1809033

--------------------------------------------------------------------------------

 

Scan settings:

Scan using the following database: extended

Scan archives: yes

Scan mail databases: yes

 

Scan area - My Computer:

C:\

D:\

 

Scan statistics:

Files scanned: 65762

Threat name: 20

Infected objects: 57

Suspicious objects: 0

Duration of the scan: 02:43:56

 

 

File name / Threat name / Threats count

C:\Documents and Settings\All Users\Dados de aplicativos\Symantec\Norton AntiVirus\Quarantine\060241AB.wma Infected: Trojan-Downloader.WMA.Wimad.d 1

C:\Documents and Settings\All Users\Dados de aplicativos\Symantec\Norton AntiVirus\Quarantine\06791BDB.htm Infected: Exploit.JS.ADODB.Stream.e 1

C:\Documents and Settings\All Users\Dados de aplicativos\Symantec\Norton AntiVirus\Quarantine\079F5E98.htm Infected: Exploit.JS.ADODB.Stream.e 1

C:\Documents and Settings\All Users\Dados de aplicativos\Symantec\Norton AntiVirus\Quarantine\081028EA.dll Infected: not-a-virus:AdWare.Win32.TrafficSol.f 1

C:\Documents and Settings\All Users\Dados de aplicativos\Symantec\Norton AntiVirus\Quarantine\0D88221F.tmp Infected: Trojan.Java.ClassLoader.ao 1

C:\Documents and Settings\All Users\Dados de aplicativos\Symantec\Norton AntiVirus\Quarantine\0F762BCE.htm Infected: Exploit.HTML.IframeBof 1

C:\Documents and Settings\All Users\Dados de aplicativos\Symantec\Norton AntiVirus\Quarantine\13276A39.tmp Infected: Trojan.Java.ClassLoader.k 1

C:\Documents and Settings\All Users\Dados de aplicativos\Symantec\Norton AntiVirus\Quarantine\145A26ED.tmp Infected: Trojan.Java.ClassLoader.ao 1

C:\Documents and Settings\All Users\Dados de aplicativos\Symantec\Norton AntiVirus\Quarantine\146424E2.tmp Infected: Trojan.Java.ClassLoader.ao 1

C:\Documents and Settings\All Users\Dados de aplicativos\Symantec\Norton AntiVirus\Quarantine\19CF66CA.exe Infected: Trojan-Downloader.Win32.Agent.auv 1

C:\Documents and Settings\All Users\Dados de aplicativos\Symantec\Norton AntiVirus\Quarantine\1A0363C5.exe Infected: Trojan-Downloader.Win32.Agent.uj 1

C:\Documents and Settings\All Users\Dados de aplicativos\Symantec\Norton AntiVirus\Quarantine\1A4D1546.htm Infected: Exploit.HTML.IframeBof 1

C:\Documents and Settings\All Users\Dados de aplicativos\Symantec\Norton AntiVirus\Quarantine\1B26722F.exe Infected: Trojan-Banker.Win32.Banker.bhu 1

C:\Documents and Settings\All Users\Dados de aplicativos\Symantec\Norton AntiVirus\Quarantine\20EA47C8.wma Infected: Trojan-Downloader.WMA.Wimad.d 1

C:\Documents and Settings\All Users\Dados de aplicativos\Symantec\Norton AntiVirus\Quarantine\2387423A.dll Infected: not-a-virus:AdWare.Win32.Beginto.f 1

C:\Documents and Settings\All Users\Dados de aplicativos\Symantec\Norton AntiVirus\Quarantine\261B4A49.tmp Infected: not-a-virus:AdWare.Win32.BHO.bh 1

C:\Documents and Settings\All Users\Dados de aplicativos\Symantec\Norton AntiVirus\Quarantine\28587509.wma Infected: Trojan-Downloader.WMA.Wimad.d 1

C:\Documents and Settings\All Users\Dados de aplicativos\Symantec\Norton AntiVirus\Quarantine\297D19BF.wma Infected: Trojan-Downloader.WMA.Wimad.d 1

C:\Documents and Settings\All Users\Dados de aplicativos\Symantec\Norton AntiVirus\Quarantine\2C3F74FC.wma Infected: Trojan-Downloader.WMA.Wimad.d 1

C:\Documents and Settings\All Users\Dados de aplicativos\Symantec\Norton AntiVirus\Quarantine\2F9441EB.wma Infected: Trojan-Downloader.WMA.Wimad.d 1

C:\Documents and Settings\All Users\Dados de aplicativos\Symantec\Norton AntiVirus\Quarantine\30C009C9.wma Infected: Trojan-Downloader.WMA.Wimad.d 1

C:\Documents and Settings\All Users\Dados de aplicativos\Symantec\Norton AntiVirus\Quarantine\31453582.tmp Infected: Trojan-Banker.Win32.Bancos.to 1

C:\Documents and Settings\All Users\Dados de aplicativos\Symantec\Norton AntiVirus\Quarantine\32C06831.dll Infected: not-a-virus:AdWare.Win32.Beginto.f 1

C:\Documents and Settings\All Users\Dados de aplicativos\Symantec\Norton AntiVirus\Quarantine\34E94799.tmp Infected: Trojan.Java.ClassLoader.i 1

C:\Documents and Settings\All Users\Dados de aplicativos\Symantec\Norton AntiVirus\Quarantine\34EC7196.tmp Infected: Trojan.Java.ClassLoader.k 1

C:\Documents and Settings\All Users\Dados de aplicativos\Symantec\Norton AntiVirus\Quarantine\375C047E.wma Infected: Trojan-Downloader.WMA.Wimad.d 1

C:\Documents and Settings\All Users\Dados de aplicativos\Symantec\Norton AntiVirus\Quarantine\3A497DDC.wma Infected: Trojan-Downloader.WMA.Wimad.d 1

C:\Documents and Settings\All Users\Dados de aplicativos\Symantec\Norton AntiVirus\Quarantine\41CC3BC8.exe Infected: not-a-virus:AdWare.Win32.BHO.bh 1

C:\Documents and Settings\All Users\Dados de aplicativos\Symantec\Norton AntiVirus\Quarantine\435760F7.wma Infected: Trojan-Downloader.WMA.Wimad.d 1

C:\Documents and Settings\All Users\Dados de aplicativos\Symantec\Norton AntiVirus\Quarantine\469C5A69.tmp Infected: not-a-virus:AdWare.Win32.BHO.bh 1

C:\Documents and Settings\All Users\Dados de aplicativos\Symantec\Norton AntiVirus\Quarantine\4C063839.exe Infected: not-a-virus:AdWare.Win32.BHO.bh 1

C:\Documents and Settings\All Users\Dados de aplicativos\Symantec\Norton AntiVirus\Quarantine\4EBD2C7D.tmp Infected: not-a-virus:AdWare.Win32.BHO.aho 1

C:\Documents and Settings\All Users\Dados de aplicativos\Symantec\Norton AntiVirus\Quarantine\5AA503EB.tmp Infected: Trojan-Downloader.Win32.Banload.ln 1

C:\Documents and Settings\All Users\Dados de aplicativos\Symantec\Norton AntiVirus\Quarantine\5E182884.exe Infected: not-a-virus:AdWare.Win32.Beginto.f 2

C:\Documents and Settings\All Users\Dados de aplicativos\Symantec\Norton AntiVirus\Quarantine\5ED201B7 Infected: not-a-virus:AdWare.Win32.TrafficSol.f 1

C:\Documents and Settings\All Users\Dados de aplicativos\Symantec\Norton AntiVirus\Quarantine\5FE0665A.tmp Infected: not-a-virus:AdWare.Win32.BHO.bh 1

C:\Documents and Settings\All Users\Dados de aplicativos\Symantec\Norton AntiVirus\Quarantine\60457BEB.tmp Infected: not-a-virus:AdWare.Win32.Beginto.i 1

C:\Documents and Settings\All Users\Dados de aplicativos\Symantec\Norton AntiVirus\Quarantine\608A6D9F.exe Infected: Trojan-Downloader.Win32.Agent.eke 1

C:\Documents and Settings\All Users\Dados de aplicativos\Symantec\Norton AntiVirus\Quarantine\608D179C.dll Infected: not-a-virus:AdWare.Win32.Beginto.i 1

C:\Documents and Settings\All Users\Dados de aplicativos\Symantec\Norton AntiVirus\Quarantine\60904198.dll Infected: not-a-virus:AdWare.Win32.Beginto.f 1

C:\Documents and Settings\All Users\Dados de aplicativos\Symantec\Norton AntiVirus\Quarantine\60B4406E.htm Infected: Exploit.HTML.IframeBof 1

C:\Documents and Settings\All Users\Dados de aplicativos\Symantec\Norton AntiVirus\Quarantine\693F3BCF.exe Infected: Trojan.Win32.DNSChanger.hk 2

C:\Documents and Settings\All Users\Dados de aplicativos\Symantec\Norton AntiVirus\Quarantine\69AD631B.wma Infected: Trojan-Downloader.WMA.Wimad.d 1

C:\Documents and Settings\All Users\Dados de aplicativos\Symantec\Norton AntiVirus\Quarantine\6A827A77.wma Infected: Trojan-Downloader.WMA.Wimad.d 1

C:\Documents and Settings\All Users\Dados de aplicativos\Symantec\Norton AntiVirus\Quarantine\70306079.tmp Infected: not-a-virus:AdWare.Win32.BHO.bh 1

C:\Documents and Settings\All Users\Dados de aplicativos\Symantec\Norton AntiVirus\Quarantine\744B6136 Infected: not-a-virus:AdWare.Win32.TrafficSol.f 1

C:\Documents and Settings\All Users\Dados de aplicativos\Symantec\Norton AntiVirus\Quarantine\74BB7D13.exe Infected: Trojan-Banker.Win32.Banker.bhu 1

C:\Documents and Settings\All Users\Dados de aplicativos\Symantec\Norton AntiVirus\Quarantine\75B678BE.wma Infected: Trojan-Downloader.WMA.Wimad.d 1

C:\Documents and Settings\All Users\Dados de aplicativos\Symantec\Norton AntiVirus\Quarantine\767B0415.exe Infected: not-a-virus:AdWare.Win32.SafeSurfing.aa 1

C:\Documents and Settings\All Users\Dados de aplicativos\Symantec\Norton AntiVirus\Quarantine\7699289E.tmp Infected: not-a-virus:AdWare.Win32.BHO.bh 1

C:\Documents and Settings\All Users\Dados de aplicativos\Symantec\Norton AntiVirus\Quarantine\77B95122.htm Infected: Exploit.JS.ADODB.Stream.e 1

C:\Documents and Settings\All Users\Dados de aplicativos\Symantec\Norton AntiVirus\Quarantine\77D07709.htm Infected: Exploit.JS.ADODB.Stream.e 1

C:\Documents and Settings\All Users\Dados de aplicativos\Symantec\Norton AntiVirus\Quarantine\79DA7217.exe Infected: Trojan.Win32.DNSChanger.hk 1

C:\Documents and Settings\All Users\Dados de aplicativos\Symantec\Norton AntiVirus\Quarantine\7E1E627F.tmp Infected: not-a-virus:AdWare.Win32.BHO.bh 1

C:\Documents and Settings\extra\Meus documentos\Minhas músicas\GGinst.exe Infected: not-a-virus:----Tool.Win32.---2Peer.c 1

 

The selected area was scanned.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Remova os virus da quarentena do seu antivirus, feito isso apague o arquivo em questão

 

C:\Documents and Settings\extra\Meus documentos\Minhas músicas\GGinst.exe.

 

realize agora um novo scan online.

Compartilhar este post


Link para o post
Compartilhar em outros sites
Remova os virus da quarentena do seu antivirus, feito isso apague o arquivo em questão

 

C:\Documents and Settings\extra\Meus documentos\Minhas músicas\GGinst.exe.

 

realize agora um novo scan online.

 

 

Uma dúvida adquiri esta maquina de um conhecido, porém o antivirus atual é o AVG e o mesmo não encontra estes files que foram localizados na quarentena do Norton. O que devo fazer? Pois o KASPERSKY ON LIne não tem esta função.

Desde já agradeço pela ajuda e paciência.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Ok, execute novamente o Malwarebytes

Compartilhar este post


Link para o post
Compartilhar em outros sites
Ok, execute novamente o Malwarebytes

 

 

Conforme solicitado:

 

Malwarebytes' Anti-Malware 1.34

Versão do banco de dados: 1764

Windows 5.1.2600 Service Pack 2

 

22/2/2009 01:31:51

mbam-log-2009-02-22 (01-31-51).txt

 

Tipo de Verificação: Rápida

Objetos verificados: 68346

Tempo decorrido: 8 minute(s), 58 second(s)

 

Processos da Memória infectados: 0

Módulos de Memória Infectados: 0

Chaves do Registro infectadas: 0

Valores do Registro infectados: 0

Ítens do Registro infectados: 0

Pastas infectadas: 0

Arquivos infectados: 0

 

Processos da Memória infectados:

(Nenhum ítem malicioso foi detectado)

 

Módulos de Memória Infectados:

(Nenhum ítem malicioso foi detectado)

 

Chaves do Registro infectadas:

(Nenhum ítem malicioso foi detectado)

 

Valores do Registro infectados:

(Nenhum ítem malicioso foi detectado)

 

Ítens do Registro infectados:

(Nenhum ítem malicioso foi detectado)

 

Pastas infectadas:

(Nenhum ítem malicioso foi detectado)

 

Arquivos infectados:

(Nenhum ítem malicioso foi detectado)

Compartilhar este post


Link para o post
Compartilhar em outros sites

Ok, o log estar limpo amigo!

Compartilhar este post


Link para o post
Compartilhar em outros sites
Ok, o log estar limpo amigo!

 

 

ok. mas amensagem de erro continua quando eu inicializo o computador. Será q terei q formatar a maquina para apaga este erro.

C:\WINDOWS\system32\adspipe.dll não foi possivel encontrar o módulo especificado

Compartilhar este post


Link para o post
Compartilhar em outros sites

PROBLEMA RESOLVIDO!

 

Caso o autor necessite que o tópico seja reaberto basta enviar uma Mensagem Privada para um Moderador com um link para o tópico.

Compartilhar este post


Link para o post
Compartilhar em outros sites

×

Informação importante

Ao usar o fórum, você concorda com nossos Termos e condições.