1. Este site usa cookies. Ao continuar a usar este site está a concordar com o nosso uso de cookies. Saber Mais.

msbcs.exe como remover?

Discussão em 'Dúvidas e Suporte—Internet, Redes, Segurança' iniciada por lobanense, 3 de Setembro de 2006. (Respostas: 2; Visualizações: 1808)

Estado do Tópico:
Fechado a novas mensagens.
  1. Olá boa tarde,

    gostaria de saber como remover este bicho da minha máquinae o que há de errado nela... desde já agradeço a quem me puder ajudar.

    meu log pelo hijackthis...

    Logfile of HijackThis v1.99.1
    Scan saved at 14:44:20, on 03-09-2006
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)
    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\SYSTEM32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Programas\Ficheiros comuns\Symantec Shared\ccSetMgr.exe
    C:\WINDOWS\Explorer.EXE
    C:\Programas\Ficheiros comuns\Symantec Shared\ccEvtMgr.exe
    C:\Programas\Ficheiros comuns\Symantec Shared\ccApp.exe
    C:\WINDOWS\System32\cmrss.exe
    C:\PROGRA~1\PANICW~1\POP-UP~2\PSFREE.EXE
    C:\WINDOWS\NCLAUNCH.EXe
    C:\Programas\Adobe\Acrobat 6.0\Distillr\acrotray.exe
    C:\Programas\SpywareGuard\sgmain.exe
    C:\Programas\Microsoft AntiSpyware\gcasDtServ.exe
    C:\Programas\Ficheiros comuns\Symantec Shared\SPBBC\SPBBCSvc.exe
    C:\Programas\Ficheiros comuns\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\Programas\SpywareGuard\sgbhp.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\System32\drivers\CDAC11BA.EXE
    C:\WINDOWS\System32\cisvc.exe
    C:\Programas\ewido anti-spyware 4.0\guard.exe
    C:\WINDOWS\System32\inetsrv\inetinfo.exe
    C:\Programas\Firebird\bin\ibguard.exe
    C:\Programas\Ficheiros comuns\Microsoft Shared\VS7Debug\mdm.exe
    C:\Programas\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
    C:\Programas\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
    C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
    C:\WINDOWS\System32\tcpsvcs.exe
    C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\Programas\Firebird\bin\ibserver.exe
    C:\Programas\Ficheiros comuns\Symantec Shared\Security Console\NSCSRVCE.EXE
    C:\WINDOWS\System32\cidaemon.exe
    C:\WINDOWS\System32\cidaemon.exe
    C:\Programas\Outlook Express\msimn.exe
    C:\Programas\Internet Explorer\IEXPLORE.EXE
    D:\hijackthis\HijackThis.exe
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://clientes.netvisao.pt/jomajero/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://clientes.netvisao.pt/jomajero/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer disponibilizado por José Rodrigues
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 210.11.55.112:80
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;<local>
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hiperligações
    R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Programas\Macrogaming\SweetIMBarForIE\toolbar.dll
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programas\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Programas\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
    O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programas\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
    O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Programas\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programas\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
    O4 - HKLM\..\Run: [gcasServ] "C:\Programas\Microsoft AntiSpyware\gcasServ.exe"
    O4 - HKLM\..\Run: [ccApp] "C:\Programas\Ficheiros comuns\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [cmrss] C:\WINDOWS\System32\cmrss.exe
    O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~2\PSFREE.EXE"
    O4 - HKCU\..\Run: [NCLaunch] C:\WINDOWS\NCLAUNCH.EXe
    O4 - Startup: SpywareGuard.lnk = C:\Programas\SpywareGuard\sgmain.exe
    O4 - Global Startup: Acrobat Assistant.lnk = C:\Programas\Adobe\Acrobat 6.0\Distillr\acrotray.exe
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O8 - Extra context menu item: Download using Download &Express - file://C:\Programas\Download Express\Add_Url.htm
    O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Programas\Norton SystemWorks\Norton Cleanup\WCQuick.lnk
    O9 - Extra 'Tools' menuitem: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Programas\Norton SystemWorks\Norton Cleanup\WCQuick.lnk
    O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Programas\ICQ\ICQ.exe
    O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Programas\ICQ\ICQ.exe
    O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programas\ICQLite\ICQLite.exe
    O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programas\ICQLite\ICQLite.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\MSMSGS.EXE
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\MSMSGS.EXE
    O12 - Plugin for .djvu: C:\Programas\Internet Explorer\PLUGINS\npdjvu.dll
    O12 - Plugin for .pdf: C:\Programas\Internet Explorer\PLUGINS\nppdf32.dll
    O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
    O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1134588715146
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
    O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (AcDcToday Control) - file://C:\Programas\AutoCAD 2002\AcDcToday.ocx
    O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.lizardtech.com/download/files/win/expressview/webinstall/isetup.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O16 - DPF: {AE563720-B4F5-11D4-A415-00108302FDFD} (NOXLATE-BANR) - file://C:\Programas\AutoCAD 2002\InstBanr.ocx
    O16 - DPF: {C6637286-300D-11D4-AE0A-0010830243BD} (InstaFred) - file://C:\Programas\AutoCAD 2002\InstFred.ocx
    O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) - file://C:\Programas\AutoCAD 2002\AcPreview.ocx
    O23 - Service: Autodesk Licensing Service - Autodesk - C:\Programas\Ficheiros comuns\Autodesk Shared\Service\AdskScSrv.exe
    O23 - Service: Automatic LiveUpdate Scheduler - Unknown owner - C:\Programas\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
    O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programas\Ficheiros comuns\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programas\Ficheiros comuns\Symantec Shared\ccSetMgr.exe
    O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Programas\ewido anti-spyware 4.0\guard.exe
    O23 - Service: Firebird Guardian Service (InterBaseGuardian) - FirebirdSQL Project - C:\Programas\Firebird\bin\ibguard.exe
    O23 - Service: Firebird Server (InterBaseServer) - FirebirdSQL Project - C:\Programas\Firebird\bin\ibserver.exe
    O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Programas\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
    O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Programas\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
    O23 - Service: Norton UnErase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
    O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Programas\Ficheiros comuns\Symantec Shared\Security Console\NSCSRVCE.EXE
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Programas\Norton SystemWorks\Norton AntiVirus\SAVScan.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programas\Ficheiros comuns\Symantec Shared\SNDSrvc.exe
    O23 - Service: SPBBCSvc - Symantec Corporation - C:\Programas\Ficheiros comuns\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programas\Ficheiros comuns\Symantec Shared\CCPD-LC\symlcsvc.exe

    Cumps,
    José Rodrigues
     
  2. Evil Mota

    Evil Mota Power Member

    Faça o Donwload do Killbox
    Salve numa pasta em C:\
    Abra o KillBox. Marque a opção Delete on Reboot.
    Agora copie a entrada abaixo abaixo para área de transferência (selecione e clique em Copiar).

    C:\WINDOWS\System32\cmrss.exe

    Volte ao KillBox. Clique em File/ Paste from clipboard. Clique no botão All Files
    Clique no X. Responda Não à pergunta.



    ********
    ****************
    Abra o HijackThis e clique em Do a System Scan Only e marque as entradas abaixo e clique em Fix Checked!


    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = 210.11.55.112:80

    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hiperligações

    O4 - HKLM\..\Run: [cmrss] C:\WINDOWS\System32\cmrss.exe

    O23 - Service: Automatic LiveUpdate Scheduler - Unknown owner - C:\Programas\Symantec\LiveUpdate\ALUSchedulerSvc.e xe (file missing)


    ********
    Instale, este programa, Anti-Malware!

    Downoad: A-Squared

    Actualize-o!
    Faça um "Full Scan" ou "Profundo"!

     
  3. Triston

    Triston Aku Soku Zan SM

Estado do Tópico:
Fechado a novas mensagens.

Partilhar esta Página