Olá boa tarde, gostaria de saber como remover este bicho da minha máquinae o que há de errado nela... desde já agradeço a quem me puder ajudar. meu log pelo hijackthis... Logfile of HijackThis v1.99.1 Scan saved at 14:44:20, on 03-09-2006 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\SYSTEM32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programas\Ficheiros comuns\Symantec Shared\ccSetMgr.exe C:\WINDOWS\Explorer.EXE C:\Programas\Ficheiros comuns\Symantec Shared\ccEvtMgr.exe C:\Programas\Ficheiros comuns\Symantec Shared\ccApp.exe C:\WINDOWS\System32\cmrss.exe C:\PROGRA~1\PANICW~1\POP-UP~2\PSFREE.EXE C:\WINDOWS\NCLAUNCH.EXe C:\Programas\Adobe\Acrobat 6.0\Distillr\acrotray.exe C:\Programas\SpywareGuard\sgmain.exe C:\Programas\Microsoft AntiSpyware\gcasDtServ.exe C:\Programas\Ficheiros comuns\Symantec Shared\SPBBC\SPBBCSvc.exe C:\Programas\Ficheiros comuns\Symantec Shared\CCPD-LC\symlcsvc.exe C:\Programas\SpywareGuard\sgbhp.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\drivers\CDAC11BA.EXE C:\WINDOWS\System32\cisvc.exe C:\Programas\ewido anti-spyware 4.0\guard.exe C:\WINDOWS\System32\inetsrv\inetinfo.exe C:\Programas\Firebird\bin\ibguard.exe C:\Programas\Ficheiros comuns\Microsoft Shared\VS7Debug\mdm.exe C:\Programas\Norton SystemWorks\Norton AntiVirus\navapsvc.exe C:\Programas\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE C:\WINDOWS\System32\tcpsvcs.exe C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE C:\WINDOWS\System32\svchost.exe C:\Programas\Firebird\bin\ibserver.exe C:\Programas\Ficheiros comuns\Symantec Shared\Security Console\NSCSRVCE.EXE C:\WINDOWS\System32\cidaemon.exe C:\WINDOWS\System32\cidaemon.exe C:\Programas\Outlook Express\msimn.exe C:\Programas\Internet Explorer\IEXPLORE.EXE D:\hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://clientes.netvisao.pt/jomajero/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://clientes.netvisao.pt/jomajero/ R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer disponibilizado por José Rodrigues R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 210.11.55.112:80 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;<local> R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hiperligações R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Programas\Macrogaming\SweetIMBarForIE\toolbar.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programas\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Programas\Norton SystemWorks\Norton AntiVirus\NavShExt.dll O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programas\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Programas\Norton SystemWorks\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programas\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll O4 - HKLM\..\Run: [gcasServ] "C:\Programas\Microsoft AntiSpyware\gcasServ.exe" O4 - HKLM\..\Run: [ccApp] "C:\Programas\Ficheiros comuns\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [cmrss] C:\WINDOWS\System32\cmrss.exe O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~2\PSFREE.EXE" O4 - HKCU\..\Run: [NCLaunch] C:\WINDOWS\NCLAUNCH.EXe O4 - Startup: SpywareGuard.lnk = C:\Programas\SpywareGuard\sgmain.exe O4 - Global Startup: Acrobat Assistant.lnk = C:\Programas\Adobe\Acrobat 6.0\Distillr\acrotray.exe O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: Download using Download &Express - file://C:\Programas\Download Express\Add_Url.htm O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Programas\Norton SystemWorks\Norton Cleanup\WCQuick.lnk O9 - Extra 'Tools' menuitem: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Programas\Norton SystemWorks\Norton Cleanup\WCQuick.lnk O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Programas\ICQ\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Programas\ICQ\ICQ.exe O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programas\ICQLite\ICQLite.exe O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programas\ICQLite\ICQLite.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\MSMSGS.EXE O12 - Plugin for .djvu: C:\Programas\Internet Explorer\PLUGINS\npdjvu.dll O12 - Plugin for .pdf: C:\Programas\Internet Explorer\PLUGINS\nppdf32.dll O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1134588715146 O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (AcDcToday Control) - file://C:\Programas\AutoCAD 2002\AcDcToday.ocx O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.lizardtech.com/download/files/win/expressview/webinstall/isetup.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {AE563720-B4F5-11D4-A415-00108302FDFD} (NOXLATE-BANR) - file://C:\Programas\AutoCAD 2002\InstBanr.ocx O16 - DPF: {C6637286-300D-11D4-AE0A-0010830243BD} (InstaFred) - file://C:\Programas\AutoCAD 2002\InstFred.ocx O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) - file://C:\Programas\AutoCAD 2002\AcPreview.ocx O23 - Service: Autodesk Licensing Service - Autodesk - C:\Programas\Ficheiros comuns\Autodesk Shared\Service\AdskScSrv.exe O23 - Service: Automatic LiveUpdate Scheduler - Unknown owner - C:\Programas\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing) O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programas\Ficheiros comuns\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programas\Ficheiros comuns\Symantec Shared\ccSetMgr.exe O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Programas\ewido anti-spyware 4.0\guard.exe O23 - Service: Firebird Guardian Service (InterBaseGuardian) - FirebirdSQL Project - C:\Programas\Firebird\bin\ibguard.exe O23 - Service: Firebird Server (InterBaseServer) - FirebirdSQL Project - C:\Programas\Firebird\bin\ibserver.exe O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Programas\Norton SystemWorks\Norton AntiVirus\navapsvc.exe O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Programas\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe O23 - Service: Norton UnErase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Programas\Ficheiros comuns\Symantec Shared\Security Console\NSCSRVCE.EXE O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Programas\Norton SystemWorks\Norton AntiVirus\SAVScan.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programas\Ficheiros comuns\Symantec Shared\SNDSrvc.exe O23 - Service: SPBBCSvc - Symantec Corporation - C:\Programas\Ficheiros comuns\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programas\Ficheiros comuns\Symantec Shared\CCPD-LC\symlcsvc.exe Cumps, José Rodrigues
Faça o Donwload do Killbox Salve numa pasta em C:\ Abra o KillBox. Marque a opção Delete on Reboot. Agora copie a entrada abaixo abaixo para área de transferência (selecione e clique em Copiar). C:\WINDOWS\System32\cmrss.exe Volte ao KillBox. Clique em File/ Paste from clipboard. Clique no botão All Files Clique no X. Responda Não à pergunta. ************************ Abra o HijackThis e clique em Do a System Scan Only e marque as entradas abaixo e clique em Fix Checked! R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = 210.11.55.112:80 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hiperligações O4 - HKLM\..\Run: [cmrss] C:\WINDOWS\System32\cmrss.exe O23 - Service: Automatic LiveUpdate Scheduler - Unknown owner - C:\Programas\Symantec\LiveUpdate\ALUSchedulerSvc.e xe (file missing) ******** Instale, este programa, Anti-Malware! Downoad: A-Squared Actualize-o! Faça um "Full Scan" ou "Profundo"!
Aconselho-te a fazer um search antes de abrires threads novas http://www.techzonept.com/showthread.php?t=84505&highlight=msbcs.exe @evilmota keep up the good work