Ir ao conteúdo
  • Cadastre-se
Entre para seguir isso  
netrap

Log hijack

Posts recomendados

bom pessoal não consigo retirar um malware que fica abrindo paginas poup ups do Iexplorer.

já tentei retirar com scan de antivirus (mcafee, avg, e nod32). nenhum deles detectam o virus. somente o nod 32 que evita que ele seja iniciado causando um crash no explorer.exe...

instalei um firewall (sygate) que esta bloqueando o acesso do arquivo em vermelho no link.

toda vez que uso o killbox para deletar o "C:\WINDOWS\Crystal\IEXPLORE.EXE" ele volta novamente apos a inicializacao do programa com o mesmo nome so que dentro de outra pasta randomizada criada por ele dentro de "c:/windows/.../iexplore.exe

ai esta o log:

___________________________________________________

Logfile of HijackThis v1.99.1

Scan saved at 00:54:14, on 10/9/2006

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\Java\jre1.5.0_06\bin\jusched.exe

C:\Arquivos de programas\Eset\nod32kui.exe

C:\Arquivos de programas\CyberLink\PowerVCRII\RemoteAgent.exe

C:\WINDOWS\PowerS.exe

C:\Arquivos de programas\iTunes\iTunesHelper.exe

C:\Arquivos de programas\Ahead\InCD\InCD.exe

C:\Arquivos de programas\CyberLink\PowerVCRII\Agent.exe

C:\Program Files\ASUS\Probe\AsusProb.exe

C:\Arquivos de programas\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe

C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

C:\WINDOWS\system32\cisvc.exe

C:\Arquivos de programas\Prolink\PlayTV MPEG2\TVRMVCR.EXE

C:\WINDOWS\Crystal\IEXPLORE.EXE

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Arquivos de programas\Eset\nod32krn.exe

C:\Arquivos de programas\Sygate\SPF\smc.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\iPod\bin\iPodService.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\Arquivos de programas\eMule047\emule.exe

D:\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :8080

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - (no file)

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Arquivos de programas\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dll

O2 - BHO: (no name) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - (no file)

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\arquivos de programas\google\googletoolbar3.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\MSDXM.ocx

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar3.dll

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Arquivos de programas\Java\jre1.5.0_06\bin\jusched.exe

O4 - HKLM\..\Run: [smcService] C:\ARQUIV~1\Sygate\SPF\smc.exe -startgui

O4 - HKLM\..\Run: [nod32kui] "C:\Arquivos de programas\Eset\nod32kui.exe" /WAITSERVICE

O4 - HKLM\..\Run: [Remote_Agent] "C:\Arquivos de programas\CyberLink\PowerVCRII\RemoteAgent.exe"

O4 - HKLM\..\Run: [PowerS] C:\WINDOWS\PowerS.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [iTunesHelper] "C:\Arquivos de programas\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [inCD] C:\Arquivos de programas\Ahead\InCD\InCD.exe

O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\system32\taskswitch.exe

O4 - HKLM\..\Run: [bSplayer_WhenUSave_Installer] C:\Arquivos de programas\BSplayer_WhenUSave_Installer\BSplayer_WhenUSave_Installer.exe

O4 - HKLM\..\Run: [Agent] "C:\Arquivos de programas\CyberLink\PowerVCRII\Agent.exe"

O4 - HKLM\..\Run: [ASUS Probe] C:\Program Files\ASUS\Probe\AsusProb.exe

O4 - HKCU\..\Run: [swg] C:\Arquivos de programas\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\Run: [MessengerDiscovery] C:\Arquivos de programas\MessengerDiscovery\msgdiscoveryx.exe

O4 - Startup: Adobe Gamma.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: K-Lite2006.lnk = C:\Arquivos de programas\K-Lite2006\klrun.exe

O4 - Global Startup: Remote.lnk = C:\Arquivos de programas\Prolink\PlayTV MPEG2\TVRMVCR.EXE

O8 - Extra context menu item: &Google Search - res://c:\arquivos de programas\google\GoogleToolbar3.dll/cmsearch.html

O8 - Extra context menu item: &Translate English Word - res://c:\arquivos de programas\google\GoogleToolbar3.dll/cmwordtrans.html

O8 - Extra context menu item: Backward Links - res://c:\arquivos de programas\google\GoogleToolbar3.dll/cmbacklinks.html

O8 - Extra context menu item: Cached Snapshot of Page - res://c:\arquivos de programas\google\GoogleToolbar3.dll/cmcache.html

O8 - Extra context menu item: Download with GetRight Pro - C:\Arquivos de programas\GetRight\GRdownload.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~1\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Open with GetRight Pro Browser - C:\Arquivos de programas\GetRight\GRbrowse.htm

O8 - Extra context menu item: Similar Pages - res://c:\arquivos de programas\google\GoogleToolbar3.dll/cmsimilar.html

O8 - Extra context menu item: Translate Page into English - res://c:\arquivos de programas\google\GoogleToolbar3.dll/cmtrans.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~1\OFFICE11\REFIEBAR.DLL

O10 - Broken Internet access because of LSP provider 'c:\arquivos de programas\newdotnet\newdotnet7_22.dll' missing

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} -

O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Help\hxds.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: DirectX Service (DirectNyck) - Unknown owner - c:\windows\system32\directx.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe

O23 - Service: iPodService - Apple Computer, Inc. - C:\Arquivos de programas\iPod\bin\iPodService.exe

O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Arquivos de programas\Eset\nod32krn.exe

O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)

O23 - Service: Sygate Personal Firewall Pro (SmcService) - Sygate Technologies, Inc. - C:\Arquivos de programas\Sygate\SPF\smc.exe

Compartilhar este post


Link para o post
Compartilhar em outros sites

Olá Netrap :D

Baixe o LSPfix

Descompacte e execute

Marque "I know what I'm doing".

Mova todas as referências do newdotnet6_38.dll, newdotnet7_22.dll ou sememelhante para a coluna REMOVE.

> Clique em Finish.

Abra o Hijackthis:

  • Clique em Open the misc tools section;
  • Clique em Delete a File on Reboot;
  • Copie e cole a seguinte linha no espaço arquivo: C:\WINDOWS\Crystal\IEXPLORE.EXE;
  • Clique em Ok, o computador irá reiniciar.

Reinicie o computador em Modo de Segurança:

Execute o Hijackthis, clique em Do a System Scan Only e marque as seguintes entradas.

O2 - BHO: (no name) - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - (no file)

O2 - BHO: (no name) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - (no file)

O4 - HKLM\..\Run: [bSplayer_WhenUSave_Installer] C:\Arquivos de programas\BSplayer_WhenUSave_Installer\BSplayer_WhenUSave_Installer.exe

O10 - Broken Internet access because of LSP provider 'c:\arquivos de programas\newdotnet\newdotnet7_22.dll' missing

Clique em htfixnl8.png

Reinicie o computador em modo normal, faça um scan online no Panda cole o resultado junto com um novo log do hijackthis.

Até Mais.

Compartilhar este post


Link para o post
Compartilhar em outros sites

seguirei os passos passados logo em seguida.

o problema e que toda vez que o SO reinicia ele cria uma nova pasta.

agora ele esta nesta "C:\WINDOWS\assembly\IEXPLORE.EXE - uma variante modificada de Win32/Rukap.BS trojan"

este e o log do antivirus nod32

Compartilhar este post


Link para o post
Compartilhar em outros sites

aqui esta o log do activescan!

Incident Status Location

Virus:Bck/DService.HI Disinfected Operating system

Dialer:dialer.xd Not disinfected c:\windows\system32\vbsys2.dll

Spyware:spyware/new.net Not disinfected Windows Registry

Adware:adware/alexa-toolbar Not disinfected Windows Registry

Adware:Adware/PurityScan Not disinfected C:\!KillBox\vbsys2.dll

________________________

Abaixo o log do hijackthis...

Logfile of HijackThis v1.99.1

Scan saved at 05:16:10, on 10/9/2006

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\Java\jre1.5.0_06\bin\jusched.exe

C:\Arquivos de programas\Eset\nod32kui.exe

C:\Arquivos de programas\CyberLink\PowerVCRII\RemoteAgent.exe

C:\Arquivos de programas\Webroot\Spy Sweeper\SpySweeperUI.exe

C:\Arquivos de programas\Ahead\InCD\InCD.exe

C:\Arquivos de programas\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Arquivos de programas\Eset\nod32krn.exe

C:\Arquivos de programas\Sygate\SPF\smc.exe

C:\Arquivos de programas\Webroot\Spy Sweeper\SpySweeper.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\Arquivos de programas\GetRight\GetRight.exe

C:\Arquivos de programas\Webroot\Spy Sweeper\SSU.EXE

C:\WINDOWS\system32\NOTEPAD.EXE

D:\hijackthis\HijackThis.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - (no file)

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Arquivos de programas\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\arquivos de programas\google\googletoolbar3.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\MSDXM.ocx

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar3.dll

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.5.0_06\bin\jusched.exe"

O4 - HKLM\..\Run: [smcService] "C:\ARQUIV~1\Sygate\SPF\smc.exe" -startgui

O4 - HKLM\..\Run: [nod32kui] "C:\Arquivos de programas\Eset\nod32kui.exe" /WAITSERVICE

O4 - HKLM\..\Run: [Remote_Agent] "C:\Arquivos de programas\CyberLink\PowerVCRII\RemoteAgent.exe"

O4 - HKLM\..\Run: [spySweeper] "C:\Arquivos de programas\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray

O4 - HKLM\..\Run: [inCD] "C:\Arquivos de programas\Ahead\InCD\InCD.exe"

O4 - HKCU\..\Run: [swg] "C:\Arquivos de programas\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe"

O8 - Extra context menu item: &Google Search - res://c:\arquivos de programas\google\GoogleToolbar3.dll/cmsearch.html

O8 - Extra context menu item: &Translate English Word - res://c:\arquivos de programas\google\GoogleToolbar3.dll/cmwordtrans.html

O8 - Extra context menu item: Backward Links - res://c:\arquivos de programas\google\GoogleToolbar3.dll/cmbacklinks.html

O8 - Extra context menu item: Cached Snapshot of Page - res://c:\arquivos de programas\google\GoogleToolbar3.dll/cmcache.html

O8 - Extra context menu item: Download with GetRight Pro - C:\Arquivos de programas\GetRight\GRdownload.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~1\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Open with GetRight Pro Browser - C:\Arquivos de programas\GetRight\GRbrowse.htm

O8 - Extra context menu item: Similar Pages - res://c:\arquivos de programas\google\GoogleToolbar3.dll/cmsimilar.html

O8 - Extra context menu item: Translate Page into English - res://c:\arquivos de programas\google\GoogleToolbar3.dll/cmtrans.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~1\OFFICE11\REFIEBAR.DLL

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Help\hxds.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: DirectX Service (DirectNyck) - Unknown owner - c:\windows\system32\directx.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe

O23 - Service: iPodService - Apple Computer, Inc. - C:\Arquivos de programas\iPod\bin\iPodService.exe

O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Arquivos de programas\Eset\nod32krn.exe

O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)

O23 - Service: Sygate Personal Firewall Pro (SmcService) - Sygate Technologies, Inc. - C:\Arquivos de programas\Sygate\SPF\smc.exe

O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Arquivos de programas\Webroot\Spy Sweeper\SpySweeper.exe

_____________________________________________________

Compartilhar este post


Link para o post
Compartilhar em outros sites

alguem ai?

Compartilhar este post


Link para o post
Compartilhar em outros sites

Olá Netrap :

Abra o Killbox

Marque a opção Delete on Reboot. Selecione e Copie, as seguintes linhas em vermelho:

c:\windows\system32\vbsys2.dll

c:\windows\system32\directx.exe

> No Killbox Clique em File

> Clique em Paste from clipboard.

> Clique no botão All Files.

> Clique em killboxpf6.png e responda Não à pergunta.

Reinicie o computador em Modo de Segurança:

Execute o Hijackthis, clique em Do a System Scan Only e marque as seguintes entradas.

O2 - BHO: (no name) - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - (no file)

O23 - Service: DirectX Service (DirectNyck) - Unknown owner - c:\windows\system32\directx.exe

Clique em htfixnl8.png

Reinicie em Modo Normal:

  • Configure seu computador para mostrar todos os arquivos;
  • Iniciar
  • Painel de Controle;
  • Opções de Pasta;
  • Modo de Exibição;
  • Desmarque Ocultar arquivos protegidos do sistema;
  • Marque Mostrar pastas e arquivos Ocultos.

Gere um novo log do Hijackthis.

Até Mais.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Ola novamente Hudson.

Bom depois dos procedimentos seguitos ai esta o novo log:

_______________________________________

Logfile of HijackThis v1.99.1

Scan saved at 02:11:56, on 11/9/2006

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\Java\jre1.5.0_06\bin\jusched.exe

C:\Arquivos de programas\Eset\nod32kui.exe

C:\Arquivos de programas\Ahead\InCD\InCD.exe

C:\Arquivos de programas\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Arquivos de programas\Eset\nod32krn.exe

C:\Arquivos de programas\Sygate\SPF\smc.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\wuauclt.exe

D:\hijackthis\HijackThis.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Arquivos de programas\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\arquivos de programas\google\googletoolbar3.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\MSDXM.ocx

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar3.dll

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.5.0_06\bin\jusched.exe"

O4 - HKLM\..\Run: [smcService] "C:\ARQUIV~1\Sygate\SPF\smc.exe" -startgui

O4 - HKLM\..\Run: [nod32kui] "C:\Arquivos de programas\Eset\nod32kui.exe" /WAITSERVICE

O4 - HKLM\..\Run: [inCD] "C:\Arquivos de programas\Ahead\InCD\InCD.exe"

O4 - HKCU\..\Run: [swg] "C:\Arquivos de programas\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe"

O8 - Extra context menu item: &Google Search - res://c:\arquivos de programas\google\GoogleToolbar3.dll/cmsearch.html

O8 - Extra context menu item: &Translate English Word - res://c:\arquivos de programas\google\GoogleToolbar3.dll/cmwordtrans.html

O8 - Extra context menu item: Backward Links - res://c:\arquivos de programas\google\GoogleToolbar3.dll/cmbacklinks.html

O8 - Extra context menu item: Cached Snapshot of Page - res://c:\arquivos de programas\google\GoogleToolbar3.dll/cmcache.html

O8 - Extra context menu item: Download with GetRight Pro - C:\Arquivos de programas\GetRight\GRdownload.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~1\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Open with GetRight Pro Browser - C:\Arquivos de programas\GetRight\GRbrowse.htm

O8 - Extra context menu item: Similar Pages - res://c:\arquivos de programas\google\GoogleToolbar3.dll/cmsimilar.html

O8 - Extra context menu item: Translate Page into English - res://c:\arquivos de programas\google\GoogleToolbar3.dll/cmtrans.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~1\OFFICE11\REFIEBAR.DLL

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Help\hxds.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: DirectX Service (DirectNyck) - Unknown owner - c:\windows\system32\directx.exe (file missing)

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe

O23 - Service: iPodService - Apple Computer, Inc. - C:\Arquivos de programas\iPod\bin\iPodService.exe

O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Arquivos de programas\Eset\nod32krn.exe

O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)

O23 - Service: Sygate Personal Firewall Pro (SmcService) - Sygate Technologies, Inc. - C:\Arquivos de programas\Sygate\SPF\smc.exe

Compartilhar este post


Link para o post
Compartilhar em outros sites

Execute o Hijackthis, clique em Do a System Scan Only e marque a seguinte entrada.

O23 - Service: DirectX Service (DirectNyck) - Unknown owner - c:\windows\system32\directx.exe (file missing)

Clique em htfixnl8.png

Baixe o Ccleaner, instale e execute. Veja como neste tutorial. Clique Aqui.

Informe se o problema persisti.

Até Mais.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Ola hudson.

Bom não esta adiantando usar o hijack para remover esta entrada.

toda vez que a maquina e reiniciada o problema volta.

já executei o ccleaner, dois antivirus e eles não encontram nada de suspeito.

O log novamente!

--------------------------

Logfile of HijackThis v1.99.1

Scan saved at 13:20:00, on 11/9/2006

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\Java\jre1.5.0_06\bin\jusched.exe

C:\Arquivos de programas\Eset\nod32kui.exe

C:\Arquivos de programas\Ahead\InCD\InCD.exe

C:\Arquivos de programas\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Arquivos de programas\Eset\nod32krn.exe

C:\Arquivos de programas\Sygate\SPF\smc.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

D:\hijackthis\HijackThis.exe

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Arquivos de programas\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\arquivos de programas\google\googletoolbar3.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\MSDXM.ocx

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar3.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.5.0_06\bin\jusched.exe"

O4 - HKLM\..\Run: [smcService] "C:\ARQUIV~1\Sygate\SPF\smc.exe" -startgui

O4 - HKLM\..\Run: [nod32kui] "C:\Arquivos de programas\Eset\nod32kui.exe" /WAITSERVICE

O4 - HKLM\..\Run: [inCD] "C:\Arquivos de programas\Ahead\InCD\InCD.exe"

O4 - HKCU\..\Run: [swg] "C:\Arquivos de programas\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe"

O8 - Extra context menu item: &Google Search - res://c:\arquivos de programas\google\GoogleToolbar3.dll/cmsearch.html

O8 - Extra context menu item: &Translate English Word - res://c:\arquivos de programas\google\GoogleToolbar3.dll/cmwordtrans.html

O8 - Extra context menu item: Backward Links - res://c:\arquivos de programas\google\GoogleToolbar3.dll/cmbacklinks.html

O8 - Extra context menu item: Cached Snapshot of Page - res://c:\arquivos de programas\google\GoogleToolbar3.dll/cmcache.html

O8 - Extra context menu item: Download with GetRight Pro - C:\Arquivos de programas\GetRight\GRdownload.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~1\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Open with GetRight Pro Browser - C:\Arquivos de programas\GetRight\GRbrowse.htm

O8 - Extra context menu item: Similar Pages - res://c:\arquivos de programas\google\GoogleToolbar3.dll/cmsimilar.html

O8 - Extra context menu item: Translate Page into English - res://c:\arquivos de programas\google\GoogleToolbar3.dll/cmtrans.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~1\OFFICE11\REFIEBAR.DLL

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Help\hxds.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: DirectX Service (DirectNyck) - Unknown owner - c:\windows\system32\directx.exe (file missing)

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe

O23 - Service: iPodService - Apple Computer, Inc. - C:\Arquivos de programas\iPod\bin\iPodService.exe

O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Arquivos de programas\Eset\nod32krn.exe

O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)

O23 - Service: Sygate Personal Firewall Pro (SmcService) - Sygate Technologies, Inc. - C:\Arquivos de programas\Sygate\SPF\smc.exe

Compartilhar este post


Link para o post
Compartilhar em outros sites

Vamos lá, faça o seguinte.

> Iniciar

> Executar

> Digite msconfig

> Na aba Serviços procure DirectX Service (DirectNyck) e Desmarque.

Faça um scan online no Ewido.

Até Mais.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Ola Hudson:

esta ai mais um log.

parece que o problema do DirectX Service (DirectNyck) foi resolvido.

espero não ter mais problemas neste log.

abraço;

ate +.

---------------------------------------------------------

Logfile of HijackThis v1.99.1

Scan saved at 02:30:56, on 12/9/2006

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\Java\jre1.5.0_06\bin\jusched.exe

C:\Arquivos de programas\Eset\nod32kui.exe

C:\Arquivos de programas\Ahead\InCD\InCD.exe

C:\Arquivos de programas\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe

C:\Arquivos de programas\Eset\nod32krn.exe

C:\Arquivos de programas\Sygate\SPF\smc.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZENG04.EXE

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\WINDOWS\system32\wuauclt.exe

D:\hijackthis\HijackThis.exe

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - (no file)

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Arquivos de programas\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\arquivos de programas\google\googletoolbar3.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\MSDXM.ocx

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar3.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.5.0_06\bin\jusched.exe"

O4 - HKLM\..\Run: [smcService] "C:\ARQUIV~1\Sygate\SPF\smc.exe" -startgui

O4 - HKLM\..\Run: [nod32kui] "C:\Arquivos de programas\Eset\nod32kui.exe" /WAITSERVICE

O4 - HKLM\..\Run: [inCD] "C:\Arquivos de programas\Ahead\InCD\InCD.exe"

O4 - HKCU\..\Run: [swg] "C:\Arquivos de programas\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe"

O8 - Extra context menu item: &Google Search - res://c:\arquivos de programas\google\GoogleToolbar3.dll/cmsearch.html

O8 - Extra context menu item: &Translate English Word - res://c:\arquivos de programas\google\GoogleToolbar3.dll/cmwordtrans.html

O8 - Extra context menu item: Backward Links - res://c:\arquivos de programas\google\GoogleToolbar3.dll/cmbacklinks.html

O8 - Extra context menu item: Cached Snapshot of Page - res://c:\arquivos de programas\google\GoogleToolbar3.dll/cmcache.html

O8 - Extra context menu item: Download with GetRight Pro - C:\Arquivos de programas\GetRight\GRdownload.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~1\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Open with GetRight Pro Browser - C:\Arquivos de programas\GetRight\GRbrowse.htm

O8 - Extra context menu item: Similar Pages - res://c:\arquivos de programas\google\GoogleToolbar3.dll/cmsimilar.html

O8 - Extra context menu item: Translate Page into English - res://c:\arquivos de programas\google\GoogleToolbar3.dll/cmtrans.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~1\OFFICE11\REFIEBAR.DLL

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Help\hxds.dll

O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe

O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Arquivos de programas\Eset\nod32krn.exe

O23 - Service: Sygate Personal Firewall Pro (SmcService) - Sygate Technologies, Inc. - C:\Arquivos de programas\Sygate\SPF\smc.exe

Compartilhar este post


Link para o post
Compartilhar em outros sites

Ok! Netrap ! :D

O Log está Limpo :joia:

Desative a Restauração do Sistema, para os pontos antigos serem excluídos, e ative novamente:

  • Clique com o botão direito do mouse sobe Meu Computador;
  • Clique em Propriedades;
  • Clique na aba Restauração do Sistema;
  • Marque Desativar Restauração do Sistema;
  • Clique em OK;
  • Clique em Sim.

<div align="center">Saiba como proteger seu PC.Clique Aqui.</div>

<div align="center">199xtd7.jpg</div>

<div align="center">Conheça Avira Antivir Free Clique Aqui.</div>

Compartilhar este post


Link para o post
Compartilhar em outros sites

Ola Hudson

:-BEER obrigado pela ajuda novamente. o prblema do Iexplorer parou de funcionar.

foi de grande ajuda.

problema resolvido.

obrigado !!! :bye:

Compartilhar este post


Link para o post
Compartilhar em outros sites

CASO RESOLVIDO!

Caso o autor do tópico necessite, o mesmo será reaberto, para isso o mesmo deverá procurar um Moderador da área e solicitar o desbloqueio!

Compartilhar este post


Link para o post
Compartilhar em outros sites
Visitante
Este tópico está impedido de receber novos posts.
Entre para seguir isso  





Sobre o Clube do Hardware

No ar desde 1996, o Clube do Hardware é uma das maiores, mais antigas e mais respeitadas comunidades sobre tecnologia do Brasil. Leia mais

Direitos autorais

Não permitimos a cópia ou reprodução do conteúdo do nosso site, fórum, newsletters e redes sociais, mesmo citando-se a fonte. Leia mais

×
×
  • Criar novo...

celulares-popup.jpg

iPhone + Android + troca de vidro + reparo em placa + hard reset + instalação de ROM + e mais!

CLIQUE AQUI E CONFIRA AGORA MESMO!