virus msbcs

abuissa

Power Member
aki vai o meu log do hijack , suponho ke seja necessario , agradecia novas instrucoes para resolver a kestao
:kfold:
muito obrigado


Logfile of HijackThis v1.99.1
Scan saved at 19:00:39, on 03-09-2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programas\Alwil Software\Avast4\aswUpdSv.exe
C:\Programas\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\system32\sstray.exe
C:\Programas\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programas\Java\jre1.5.0_06\bin\jusched.exe
C:\Programas\Ficheiros comuns\InstallShield\UpdateService\issch.exe
C:\Programas\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\cmrss.exe
C:\WINDOWS\system32\msbcs.exe
C:\WINDOWS\system32\aIg.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programas\Ficheiros comuns\Microsoft Shared\VS7Debug\mdm.exe
C:\Programas\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Programas\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Programas\iPod\bin\iPodService.exe
C:\Programas\Alwil Software\Avast4\ashMaiSv.exe
C:\Programas\Alwil Software\Avast4\ashWebSv.exe
C:\Programas\The All-Seeing Eye\eye.exe
C:\Programas\Internet Explorer\iexplore.exe
C:\Programas\Internet Explorer\iexplore.exe
C:\DOCUME~1\GONALO~1\DEFINI~1\Temp\Directório temporário 1 para hijackthis[1].zip\HijackThis.exe
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pt/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hiperligações
F2 - REG:system.ini: UserInit=userinit.exe
O1 - Hosts: localhost 127.0.0.1
O2 - BHO: DAPHelper Class - {0000CC75-ACF3-4cac-A0A9-DD3868E06852} - C:\Programas\DAP\dapbho.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programas\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKLM\..\Run: [ATIPTA] C:\Programas\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programas\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [CloneCDTray] "C:\Programas\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHEI~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Programas\Ficheiros comuns\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [dmwoq.exe] C:\WINDOWS\system32\dmwoq.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programas\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programas\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [cmrss] C:\WINDOWS\system32\cmrss.exe
O4 - HKLM\..\Run: [msbcs] C:\WINDOWS\system32\msbcs.exe
O4 - HKLM\..\Run: [aIg] C:\WINDOWS\system32\aIg.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programas\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [adobemgr] C:\WINDOWS\system32\adobemgr.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [KillAndClean] "C:\Programas\KillAndClean\KillAndClean.exe"
O4 - HKCU\..\Run: [ADSLKeepAlive] C:\Programas\ADSLKeepAlive\ADSLKeepAlive.exe
O4 - Startup: Atalho para emule.lnk = C:\eMule\emule.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: DSLMON.lnk = C:\Programas\SAGEM\SAGEM F@st 800-840\dslmon.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programas\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Picture Package Menu.lnk = ?
O4 - Global Startup: Picture Package VCD Maker.lnk = ?
O8 - Extra context menu item: &Download with &DAP - C:\Programas\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Programas\DAP\dapextie2.htm
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: MBNet-Sidebar - {C014B140-3835-11d6-BC1D-00C095EEAD5D} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {33288993-5664-11D4-8B5B-00D0B73B3518} (ell Class) - http://www.easports.com/downloads/games/common/ieell.cab
O16 - DPF: {4E592651-4590-11D6-BC20-00C095EEAD5D} (MBNet) - https://www.mbnet.pt/sidebar/mbnetsidebar.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {C014B140-3835-11D6-BC1D-00C095EEAD5D} - https://www.mbnet.pt/sidebar/mbnetrsidebar.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{151F5694-69CD-4444-BE31-FB4D003D9004}: NameServer = 85.255.115.44,85.255.112.200
O17 - HKLM\System\CCS\Services\Tcpip\..\{4E9DA2DD-D295-41AD-8DCD-9EAD69880B78}: NameServer = 85.255.115.44,85.255.112.200
O17 - HKLM\System\CCS\Services\Tcpip\..\{7C3BE2D7-BA61-4B1B-BB05-D887E2435BC7}: NameServer = 85.255.115.44,85.255.112.200
O17 - HKLM\System\CCS\Services\Tcpip\..\{A3E5C29F-CCA8-40F8-8D23-06B0FE93AFF1}: NameServer = 85.255.115.44,85.255.112.200
O17 - HKLM\System\CCS\Services\Tcpip\..\{CEABDD1A-015C-4F11-A325-6A94B9E1D18F}: NameServer = 85.255.115.44 85.255.112.200
O17 - HKLM\System\CS2\Services\Tcpip\..\{151F5694-69CD-4444-BE31-FB4D003D9004}: NameServer = 85.255.115.44,85.255.112.200
O17 - HKLM\System\CS3\Services\Tcpip\..\{151F5694-69CD-4444-BE31-FB4D003D9004}: NameServer = 85.255.115.44,85.255.112.200
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Programas\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Programas\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programas\Ficheiros comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Programas\iPod\bin\iPodService.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Programas\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
 
a primeira vista o q tens de fazer é iniciar o pc em modo de segurança

apagar este file:

C:\WINDOWS\system32\msbcs.exe

ires ao reg edit e apagares a chave de registo


O4 - HKLM\..\Run: [msbcs] C:\WINDOWS\system32\msbcs.exe

corres o msconfig e no separador iniciar procuras todas as referencias a programas que não queiras q arranquem e desligas e se houver alguma ao msbcs apaga-a ...

tudo a unha e em modo de segurança ... na conta de administrador de preferencia
 
e estes nao sao virus ?

C:\WINDOWS\system32\cmrss.exe
C:\WINDOWS\system32\aIg.exe


e estes files nao sao tb virus ? tb os elimino

e obrigado pela rapidez de resposta
obrigado
 
Fas o Download do Prevx1!
(nao o uzes por enquanto)
***************
Faça o Donwload do Killbox
Salve numa pasta em C:\
Abra o KillBox. Marque a opção Delete on Reboot.
Agora copie a entrada abaixo abaixo para área de transferência (selecione e clique em Copiar).

C:\WINDOWS\system32\aIg.exe

C:\Programas\Ficheiros comuns\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\system32\cmrss.exe

Volte ao KillBox. Clique em File/ Paste from clipboard. Clique no botão All Files.
Clique no X. Responda Não à pergunta.



****************
Abra o HijackThis e clique em Do a System Scan Only e marque as entradas abaixo e clique em Fix Checked!

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hiperligações

O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)

O4 - HKLM\..\Run: [cmrss] C:\WINDOWS\system32\cmrss.exe
O4 - HKLM\..\Run: [msbcs] C:\WINDOWS\system32\msbcs.exe
O4 - HKLM\..\Run: [aIg] C:\WINDOWS\system32\aIg.exe

O4 - HKCU\..\Run: [KillAndClean] "C:\Programas\KillAndClean\KillAndClean.exe"

O8 - Extra context menu item: &Download with &DAP - C:\Programas\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Programas\DAP\dapextie2.htm

O17 - HKLM\System\CCS\Services\Tcpip\..\{151F5694-69CD-4444-BE31-FB4D003D9004}: NameServer = 85.255.115.44,85.255.112.200
O17 - HKLM\System\CCS\Services\Tcpip\..\{4E9DA2DD-D295-41AD-8DCD-9EAD69880B78}: NameServer = 85.255.115.44,85.255.112.200
O17 - HKLM\System\CCS\Services\Tcpip\..\{7C3BE2D7-BA61-4B1B-BB05-D887E2435BC7}: NameServer = 85.255.115.44,85.255.112.200
O17 - HKLM\System\CCS\Services\Tcpip\..\{A3E5C29F-CCA8-40F8-8D23-06B0FE93AFF1}: NameServer = 85.255.115.44,85.255.112.200
O17 - HKLM\System\CCS\Services\Tcpip\..\{CEABDD1A-015C-4F11-A325-6A94B9E1D18F}: NameServer = 85.255.115.44 85.255.112.200
O17 - HKLM\System\CS2\Services\Tcpip\..\{151F5694-69CD-4444-BE31-FB4D003D9004}: NameServer = 85.255.115.44,85.255.112.200
O17 - HKLM\System\CS3\Services\Tcpip\..\{151F5694-69CD-4444-BE31-FB4D003D9004}: NameServer = 85.255.115.44,85.255.112.200

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)


****************
Depois, de tudo feito, isntala o Prevx1 e fas o procedimentos que ele pedir!
Abres o programa, e vais há aba Advanced , e clicas em File Scan!

Coloca um Novo Log!
 
Última edição:
Back
Topo