1. Este site usa cookies. Ao continuar a usar este site está a concordar com o nosso uso de cookies. Saber Mais.

virus msbcs

Discussão em 'Dúvidas e Suporte—Internet, Redes, Segurança' iniciada por abuissa, 5 de Setembro de 2006. (Respostas: 3; Visualizações: 716)

  1. abuissa

    abuissa Power Member

    aki vai o meu log do hijack , suponho ke seja necessario , agradecia novas instrucoes para resolver a kestao
    :kfold:
    muito obrigado


    Logfile of HijackThis v1.99.1
    Scan saved at 19:00:39, on 03-09-2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Programas\Alwil Software\Avast4\aswUpdSv.exe
    C:\Programas\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\drivers\CDAC11BA.EXE
    C:\WINDOWS\system32\sstray.exe
    C:\Programas\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\Programas\Java\jre1.5.0_06\bin\jusched.exe
    C:\Programas\Ficheiros comuns\InstallShield\UpdateService\issch.exe
    C:\Programas\iTunes\iTunesHelper.exe
    C:\WINDOWS\system32\cmrss.exe
    C:\WINDOWS\system32\msbcs.exe
    C:\WINDOWS\system32\aIg.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Programas\Ficheiros comuns\Microsoft Shared\VS7Debug\mdm.exe
    C:\Programas\SAGEM\SAGEM [email protected] 800-840\dslmon.exe
    C:\Programas\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\MsPMSPSv.exe
    C:\Programas\iPod\bin\iPodService.exe
    C:\Programas\Alwil Software\Avast4\ashMaiSv.exe
    C:\Programas\Alwil Software\Avast4\ashWebSv.exe
    C:\Programas\The All-Seeing Eye\eye.exe
    C:\Programas\Internet Explorer\iexplore.exe
    C:\Programas\Internet Explorer\iexplore.exe
    C:\DOCUME~1\GONALO~1\DEFINI~1\Temp\Directório temporário 1 para hijackthis[1].zip\HijackThis.exe
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pt/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hiperligações
    F2 - REG:system.ini: UserInit=userinit.exe
    O1 - Hosts: localhost 127.0.0.1
    O2 - BHO: DAPHelper Class - {0000CC75-ACF3-4cac-A0A9-DD3868E06852} - C:\Programas\DAP\dapbho.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programas\Java\jre1.5.0_06\bin\ssv.dll
    O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
    O4 - HKLM\..\Run: [ATIPTA] C:\Programas\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programas\Java\jre1.5.0_06\bin\jusched.exe
    O4 - HKLM\..\Run: [CloneCDTray] "C:\Programas\SlySoft\CloneCD\CloneCDTray.exe" /s
    O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHEI~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Programas\Ficheiros comuns\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [dmwoq.exe] C:\WINDOWS\system32\dmwoq.exe
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Programas\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Programas\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [cmrss] C:\WINDOWS\system32\cmrss.exe
    O4 - HKLM\..\Run: [msbcs] C:\WINDOWS\system32\msbcs.exe
    O4 - HKLM\..\Run: [aIg] C:\WINDOWS\system32\aIg.exe
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Programas\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [adobemgr] C:\WINDOWS\system32\adobemgr.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [KillAndClean] "C:\Programas\KillAndClean\KillAndClean.exe"
    O4 - HKCU\..\Run: [ADSLKeepAlive] C:\Programas\ADSLKeepAlive\ADSLKeepAlive.exe
    O4 - Startup: Atalho para emule.lnk = C:\eMule\emule.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: DSLMON.lnk = C:\Programas\SAGEM\SAGEM [email protected] 800-840\dslmon.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Programas\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: Picture Package Menu.lnk = ?
    O4 - Global Startup: Picture Package VCD Maker.lnk = ?
    O8 - Extra context menu item: &Download with &DAP - C:\Programas\DAP\dapextie.htm
    O8 - Extra context menu item: Download &all with DAP - C:\Programas\DAP\dapextie2.htm
    O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: MBNet-Sidebar - {C014B140-3835-11d6-BC1D-00C095EEAD5D} - C:\WINDOWS\system32\shdocvw.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe
    O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
    O16 - DPF: {33288993-5664-11D4-8B5B-00D0B73B3518} (ell Class) - http://www.easports.com/downloads/games/common/ieell.cab
    O16 - DPF: {4E592651-4590-11D6-BC20-00C095EEAD5D} (MBNet) - https://www.mbnet.pt/sidebar/mbnetsidebar.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
    O16 - DPF: {C014B140-3835-11D6-BC1D-00C095EEAD5D} - https://www.mbnet.pt/sidebar/mbnetrsidebar.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{151F5694-69CD-4444-BE31-FB4D003D9004}: NameServer = 85.255.115.44,85.255.112.200
    O17 - HKLM\System\CCS\Services\Tcpip\..\{4E9DA2DD-D295-41AD-8DCD-9EAD69880B78}: NameServer = 85.255.115.44,85.255.112.200
    O17 - HKLM\System\CCS\Services\Tcpip\..\{7C3BE2D7-BA61-4B1B-BB05-D887E2435BC7}: NameServer = 85.255.115.44,85.255.112.200
    O17 - HKLM\System\CCS\Services\Tcpip\..\{A3E5C29F-CCA8-40F8-8D23-06B0FE93AFF1}: NameServer = 85.255.115.44,85.255.112.200
    O17 - HKLM\System\CCS\Services\Tcpip\..\{CEABDD1A-015C-4F11-A325-6A94B9E1D18F}: NameServer = 85.255.115.44 85.255.112.200
    O17 - HKLM\System\CS2\Services\Tcpip\..\{151F5694-69CD-4444-BE31-FB4D003D9004}: NameServer = 85.255.115.44,85.255.112.200
    O17 - HKLM\System\CS3\Services\Tcpip\..\{151F5694-69CD-4444-BE31-FB4D003D9004}: NameServer = 85.255.115.44,85.255.112.200
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Programas\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: avast! Antivirus - Unknown owner - C:\Programas\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
    O23 - Service: avast! Web Scanner - Unknown owner - C:\Programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
    O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programas\Ficheiros comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Programas\iPod\bin\iPodService.exe
    O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Programas\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
     
  2. apoc

    apoc Power Member

    a primeira vista o q tens de fazer é iniciar o pc em modo de segurança

    apagar este file:

    C:\WINDOWS\system32\msbcs.exe

    ires ao reg edit e apagares a chave de registo


    O4 - HKLM\..\Run: [msbcs] C:\WINDOWS\system32\msbcs.exe

    corres o msconfig e no separador iniciar procuras todas as referencias a programas que não queiras q arranquem e desligas e se houver alguma ao msbcs apaga-a ...

    tudo a unha e em modo de segurança ... na conta de administrador de preferencia
     
  3. abuissa

    abuissa Power Member

    e estes nao sao virus ?

    C:\WINDOWS\system32\cmrss.exe
    C:\WINDOWS\system32\aIg.exe


    e estes files nao sao tb virus ? tb os elimino

    e obrigado pela rapidez de resposta
    obrigado
     
  4. Evil Mota

    Evil Mota Power Member

    Fas o Download do Prevx1!
    (nao o uzes por enquanto)
    ***************
    Faça o Donwload do Killbox
    Salve numa pasta em C:\
    Abra o KillBox. Marque a opção Delete on Reboot.
    Agora copie a entrada abaixo abaixo para área de transferência (selecione e clique em Copiar).

    C:\WINDOWS\system32\aIg.exe

    C:\Programas\Ficheiros comuns\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\system32\cmrss.exe

    Volte ao KillBox. Clique em File/ Paste from clipboard. Clique no botão All Files.
    Clique no X. Responda Não à pergunta.



    ****************
    Abra o HijackThis e clique em Do a System Scan Only e marque as entradas abaixo e clique em Fix Checked!

    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hiperligações

    O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)

    O4 - HKLM\..\Run: [cmrss] C:\WINDOWS\system32\cmrss.exe
    O4 - HKLM\..\Run: [msbcs] C:\WINDOWS\system32\msbcs.exe
    O4 - HKLM\..\Run: [aIg] C:\WINDOWS\system32\aIg.exe

    O4 - HKCU\..\Run: [KillAndClean] "C:\Programas\KillAndClean\KillAndClean.exe"

    O8 - Extra context menu item: &Download with &DAP - C:\Programas\DAP\dapextie.htm
    O8 - Extra context menu item: Download &all with DAP - C:\Programas\DAP\dapextie2.htm

    O17 - HKLM\System\CCS\Services\Tcpip\..\{151F5694-69CD-4444-BE31-FB4D003D9004}: NameServer = 85.255.115.44,85.255.112.200
    O17 - HKLM\System\CCS\Services\Tcpip\..\{4E9DA2DD-D295-41AD-8DCD-9EAD69880B78}: NameServer = 85.255.115.44,85.255.112.200
    O17 - HKLM\System\CCS\Services\Tcpip\..\{7C3BE2D7-BA61-4B1B-BB05-D887E2435BC7}: NameServer = 85.255.115.44,85.255.112.200
    O17 - HKLM\System\CCS\Services\Tcpip\..\{A3E5C29F-CCA8-40F8-8D23-06B0FE93AFF1}: NameServer = 85.255.115.44,85.255.112.200
    O17 - HKLM\System\CCS\Services\Tcpip\..\{CEABDD1A-015C-4F11-A325-6A94B9E1D18F}: NameServer = 85.255.115.44 85.255.112.200
    O17 - HKLM\System\CS2\Services\Tcpip\..\{151F5694-69CD-4444-BE31-FB4D003D9004}: NameServer = 85.255.115.44,85.255.112.200
    O17 - HKLM\System\CS3\Services\Tcpip\..\{151F5694-69CD-4444-BE31-FB4D003D9004}: NameServer = 85.255.115.44,85.255.112.200

    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
    O23 - Service: avast! Web Scanner - Unknown owner - C:\Programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)


    ****************
    Depois, de tudo feito, isntala o Prevx1 e fas o procedimentos que ele pedir!
    Abres o programa, e vais há aba Advanced , e clicas em File Scan!

    Coloca um Novo Log!
     
    Última edição: 5 de Setembro de 2006

Partilhar esta Página