.:: Análise de logs HijackThis! ::.

[Th3 Gam3]

Antes de mais dizer que estive de férias. Daí a demora nas respostas. Ora vamos lá então:

Boas danwerneck
1º Faz o download e instala o Ewido.

2º Faz o download do KillBox, executa o mesmo e coloca um visto em Delete on reboot. Em Full Path of File to Delete, insere a seguinte linha:

C:\WINDOWS\System32\cmrss.exe

De seguida clica no X a vermelho e de seguida em No.

O teu computador vai reiniciar.

3º Assim que reiniciar pela última vez aproveitas e entras de imediato em Modo de Segurança (é simples, logo que uma imagem do Windows apareça clicas de imediato e de forma repetida na tecla F8 do teu teclado, um Menu vai surgir e escolhes a opção Entrar em Modo de Segurança.

4º Já em Modo de Segurança, executa o HijackThis, Do a system scan only e colocas um visto apenas nas entradas seguintes:

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.atarde.com.br/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
F2 - REG:system.ini: Shell=

O4 - HKLM\..\Run: [cmrss] C:\WINDOWS\System32\cmrss.exe
O4 - HKLM\..\Run: [msbcs] C:\WINDOWS\System32\msbcs.exe

O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

O20 - Winlogon Notify: f3dsl - MSplg7.dll (file missing)

Depois de colocados os vistos clicas em Fix checked.

Os fix's estão dados, é agora altura de fazer um scan completo com o Ewido, e reinicia computador normalmente.

Executa novamente o HijackThis, Do a system scan and a logfile, copia e cola aqui de novo.

Abraço

P.S: É de todo conveniente que guardes todos os passos por forma a que não te esqueças de nenhum.


------------------------------


Boas Estreante
Sim, está tudo bem. Muito tralha no Arranque (só o torna mais lento), mas tirando isso está tudo bem.

Abraço


------------------------------


Boas Ldinis
Agradecia que fizesses a extracção do HijackThis para uma pasta própria e depois então criasses um novo logfile e colocasses aqui. Desta forma a análise será mais fidedigna.
Ah e que copiasses e colasses aqui tal e qual como aparece, ou seja, aquele espaço entre os processos e o resto é mesmo para deixar pois facilita a análise ok.

Abraço

 

[Ldinis]

Logfile HijackThis

Conforme o teu pedido, aqui fica novamente o o logfile:


Logfile of HijackThis v1.99.1
Scan saved at 9:11:15, on 21-08-2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programas\Software Bluetooth\bin\btwdins.exe
C:\Programas\Ficheiros comuns\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Programas\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programas\Ficheiros comuns\Nokia\NCLTools\NclTray.exe
C:\Programas\iTunes\iTunesHelper.exe
C:\Programas\QuickTime\qttask.exe
C:\Programas\Macrogaming\SweetIM\SweetIM.exe
C:\Programas\Ficheiros comuns\Nokia\Services\ServiceLayer.exe
C:\Programas\iPod\bin\iPodService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programas\Skype\Phone\Skype.exe
C:\Programas\Software Bluetooth\BTTray.exe
C:\Programas\Nokia\PC Suite for Nokia 6600\connmngmntbox.exe
C:\Programas\Nokia\PC Suite for Nokia 6600\ectaskscheduler.exe
C:\PROGRA~1\Nokia\PCSUIT~1\Elogerr.exe
C:\Programas\Intuwave\Shared\mRouterRunTime\mRouterRuntime.exe
C:\PROGRA~1\Nokia\PCSUIT~1\BROADC~1.EXE
C:\PROGRA~1\Nokia\PCSUIT~1\SCRFS.exe
C:\WINDOWS\system32\svchost.exe
C:\Programas\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Programas\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Programas\Internet Explorer\IEXPLORE.EXE
C:\Programas\Internet Explorer\IEXPLORE.EXE
C:\Programas\Internet Explorer\IEXPLORE.EXE
C:\Programas\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\svchost.exe
C:\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://192.168.10.251/sinistros/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hiperligações
R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Programas\Macrogaming\SweetIMBarForIE\toolbar.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Programas\Macrogaming\SweetIMBarForIE\toolbar.dll
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Programas\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Nokia Tray Application] C:\Programas\Ficheiros comuns\Nokia\NCLTools\NclTray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programas\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programas\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SweetIM] C:\Programas\Macrogaming\SweetIM\SweetIM.exe
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SweetIM] C:\Programas\Macrogaming\SweetIM\SweetIM.exe
O4 - HKCU\..\Run: [Skype] "C:\Programas\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: PCSuiteForNokia6600 Detect.lnk = ?
O4 - Global Startup: PCSuiteForNokia6600 TS.lnk = ?
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Enviar para &Bluetooth - C:\Programas\Software Bluetooth\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programas\Software Bluetooth\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programas\Software Bluetooth\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe
O16 - DPF: {FFFF0001-0001-101A-A3C9-08002B2F49FC} - http://download.energy-factor.com/dialer/it/activex_1225_it.exe
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = porto.local
O17 - HKLM\Software\..\Telephony: DomainName = porto.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = porto.local
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = porto.local
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: talkto - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: widimg - {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - C:\WINDOWS\system32\btxppanel.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programas\Ficheiros comuns\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation - C:\Programas\Software Bluetooth\bin\btwdins.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programas\Ficheiros comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Programas\iPod\bin\iPodService.exe
O23 - Service: NetOp Helper ver. 8.00 (2005271) (NetOp Host for NT Service) - Danware Data A/S - C:\Programas\Danware Data\NetOp Remote Control\HOST\NHOSTSVC.EXE
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe

 

[Odontogil]

Por Favor anjo da Garda contra msbcs.exe me ajude também

Aqui está meu Logfile, ja fiz o Down do ewido e tudo mais

Logfile of HijackThis v1.99.1
Scan saved at 10:03:08, on 22/8/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe
C:\Arquivos de programas\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Arquivos de programas\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Arquivos de programas\NVIDIA Corporation\NvMixer\NVMixerTray.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\VM_STI.EXE
C:\Arquivos de programas\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\system32\LXSUPMON.EXE
C:\Arquivos de programas\Microsoft IntelliType Pro\type32.exe
C:\Arquivos de programas\Microsoft IntelliPoint\point32.exe
C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe
C:\Arquivos de programas\Ahead\InCD\InCD.exe
C:\WINDOWS\system32\cmrss.exe
C:\Arquivos de programas\ewido anti-spyware 4.0\ewido.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Arquivos de programas\TGTSoft\StyleXP\StyleXP.exe
C:\Arquivos de programas\Microsoft ActiveSync\WCESCOMM.EXE
C:\Arquivos de programas\Skype\Phone\Skype.exe
C:\Arquivos de programas\Avvenu\agent.exe
C:\Arquivos de programas\Avvenu\updater.exe
C:\Arquivos de programas\Avvenu\cachescheduler.exe
C:\Arquivos de programas\Arquivos comuns\DataViz\DvzIncMsgr.exe
C:\Arquivos de programas\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Arquivos de programas\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
C:\Arquivos de programas\palmOne\HOTSYNC.EXE
C:\WINDOWS\system32\ntvdm.exe
C:\Arquivos de programas\WinRAR\WinRAR.exe
C:\DOCUME~1\Gilso\CONFIG~1\Temp\Rar$EX00.594\HijackThis.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Arquivos de programas\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\arquivos de programas\google\googletoolbar1.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\pt-br\msntb.dll
O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\WINDOWS\Downloaded Program Files\gbieh.dll
O2 - BHO: G-Buster Browser Defense ABN AMRO - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\WINDOWS\Downloaded Program Files\gbiehabn.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\pt-br\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NVMixerTray] "C:\Arquivos de programas\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [WheelMouse] C:\WHEELM~1\wh_exec.exe
O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE Web Camera driver
O4 - HKLM\..\Run: [PCLEPCI] C:\ARQUIV~1\Pinnacle\PPE\PPE.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Arquivos de programas\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"
O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\system32\LXSUPMON.EXE RUN
O4 - HKLM\..\Run: [type32] "C:\Arquivos de programas\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Arquivos de programas\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Arquivos de programas\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [cmrss] C:\WINDOWS\system32\cmrss.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Arquivos de programas\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [Avvenu Update] C:\Arquivos de programas\Avvenu\updater.exe
O4 - HKLM\..\Run: [taskmgr] C:\WINDOWS\system32\msbcs.exe
O4 - HKLM\..\Run: [!ewido] "C:\Arquivos de programas\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [STYLEXP] C:\Arquivos de programas\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Arquivos de programas\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [Skype] "C:\Arquivos de programas\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Startup: Gerenciador do HotSync.lnk = C:\Arquivos de programas\palmOne\HOTSYNC.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Avvenu.lnk = C:\Arquivos de programas\Avvenu\agent.exe
O4 - Global Startup: DataViz Inc Messenger.lnk = C:\Arquivos de programas\Arquivos comuns\DataViz\DvzIncMsgr.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Arquivos de programas\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Verificador de Calendário Ulead Photo Express.lnk = C:\Arquivos de programas\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
O8 - Extra context menu item: &Google Search - res://c:\arquivos de programas\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\arquivos de programas\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\arquivos de programas\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\arquivos de programas\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\arquivos de programas\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\arquivos de programas\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Criar Favorito móvel - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Arquivos de programas\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Arquivos de programas\Microsoft ActiveSync\INetRepl.dll
O9 - Extra 'Tools' menuitem: Criar Favorito móvel... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Arquivos de programas\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O12 - Plugin for .UVR: C:\Arquivos de programas\Internet Explorer\Plugins\NPUPano.dll
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://zone.msn.com/bingame/luxr/default/mjolauncher.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/dim2/default/popcaploader_v6.cab
O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399007} (GbPluginObj Class) - https://wwws.realsecureweb.com.br/mpr/plugin/Cab/GbPluginSUD.cab
O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399F83} (GbPluginObj Class) - https://www14.bancobrasil.com.br/plugin/GbPluginBb.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\ARQUIV~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: C:\ARQUIV~1\Google\GOOGLE~2\GOEC62~1.DLL
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Arquivos de programas\ewido anti-spyware 4.0\guard.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: StyleXPService - Unknown owner - C:\Arquivos de programas\TGTSoft\StyleXP\StyleXPService.exe

 

[sudnan]

boas.. quando estou a trabalhar no pc, aparece quase sempre o erro que não percebo o que é, e gostava que vocês me ajudassem. o erro é o seguinte:

hpoevm08.exe - Erro de aplicação

A instrução no "0x774dd8f5" fez referência à memória no "0x00155178". A memória não pôde ser "read".

Clique em 'OK' para terminar programa
Clique em 'Cancelar' para depurar o programa

também tenho outro problema, quase do mesmo género mas desta vez é com o windows media player.. Quando vou ver um filme, ele não dá.

wmplayer.exe - Erro de aplicação

A excepção unknown software exception (0xc0000094) ocorreu na aplicação na localização 0x0254d928.

A seguir a apliacaçao fecha e não consigu ver.

O que é isto?? gostava que me ajudassem a resolver

 

[Th3 Gam3]

Boas Ldinis
O teu logfile está limpo. Não vejo nada de anormal no mesmo.

Abraço


-----------------------------


Boas Odontogil
1º Faz o download do KillBox, executa o mesmo e coloca um visto em Delete on reboot. Em Full Path of File to Delete, insere a seguinte linha:

C:\WINDOWS\system32\msbcs.exe

De seguida clica no X a vermelho e de seguida em No.

O teu computador vai reiniciar. Vais fazer exactamente o mesmo mas desta feita para a seguinte linha:

C:\WINDOWS\system32\cmrss.exe

3º Assim que reiniciar pela última vez aproveitas e entras de imediato em Modo de Segurança (é simples, logo que uma imagem do Windows apareça clicas de imediato e de forma repetida na tecla F8 do teu teclado, um Menu vai surgir e escolhes a opção Entrar em Modo de Segurança.

4º Já em Modo de Segurança, executa o HijackThis, Do a system scan only e colocas um visto apenas nas entradas seguintes:

O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Arquivos de programas\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [cmrss] C:\WINDOWS\system32\cmrss.exe
O4 - HKLM\..\Run: [taskmgr] C:\WINDOWS\system32\msbcs.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe

Depois de colocados os vistos clicas em Fix checked.

Os fix's estão dados, é agora altura de fazer um scan completo com o Ewido. E reiniciar o computador normalmente.

Executa novamente o HijackThis, Do a system scan and a logfile, copia e cola aqui de novo.

Abraço

P.S: É de todo conveniente que guardes todos os passos por forma a que não te esqueças de nenhum.


------------------------------


Boas sudnan
Uma vez que o teu problema não está relacionado com este tópico. Aconselho a que cries um novo tópico e exponhas lá o problema.

Abraço

 

[Ldinis]

Muito obrigado pela ajuda.
Abraço

 

[mmachador]

problemas com AD-WARE

Estou com problemas com msbcs.exe segue as indicativas do site, fiz os downloads, nao consegui o tal Hijackthis, pode me ajudar

 

[Tiamat]

a soluçao final.

meus caros, penso q estejam infectados c o vírus Banker... ele é ainda muito recente e ainda na se sabe muito dele.... cá vai o fix.
http://linhadefensiva.uol.com.br/dl/bankerfix

 

[Evil Mota]

Faça o download do HijackThis 1.99

Ponha o ficheiro .Zip, no seu Disco rigido, em uma pasta [Hijakthis] execute o programa!
Carregue em Do A System scan and save Logfile

Depois, copie o que aparecer no bloco de notas, e em seguida poste ele aqui!

 

[NetEnforcer]

Boas pessoal. Estou com uns probs aqui num pc. Eu ja ponho aqui os logs do HijackThis. Apanhei o msbcs.exe e acho que ele me corrompeu os ficheiros de arranque. Ja os reparei e está tudo ok...mas por exemplo, tento encerrar e/ou reiniciar o PC e ele não me deixa. O que posso fazer? =x

Aqui vai o logfile do hijack this:


-----------------------------------------------------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 16:55:47, on 30-08-2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\Isass.exe
C:\WINDOWS\system32\aIg.exe
C:\Programas\MSN Messenger\msnmsgr.exe
C:\Programas\Samsung\Digimax Viewer 2.1\STImgBrowser.exe
C:\WINDOWS\system32\svchost.exe
C:\Programas\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Telma\Ambiente de trabalho\HiJackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pt/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hiperligações
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programas\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {23A841F5-DA1A-E4CF-16B4-53169ECFAF4D} - C:\DOCUME~1\Sandra\APPLIC~1\BIASDE~1\USER META.exe (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programas\Ficheiros comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Barra de Ferramentas MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programas\MSN Toolbar\01.01.2607.0\pt-br\msntb.dll (file missing)
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [active bird admin default] C:\Documents and Settings\All Users\Application Data\waycoolactivebird\lies tick.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programas\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [system32] C:\WINDOWS\system32\system32.exe
O4 - HKLM\..\Run: [cmrss] C:\WINDOWS\system32\cmrss.exe
O4 - HKLM\..\Run: [msbcs] C:\WINDOWS\system32\msbcs.exe
O4 - HKLM\..\Run: [Isass] C:\WINDOWS\system32\Isass.exe
O4 - HKLM\..\Run: [aIg] C:\WINDOWS\system32\aIg.exe
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Programas\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [VoipBuster] "C:\Programas\VoipBuster.com\VoipBuster\VoipBuster.exe" -nosplash -minimized
O4 - HKCU\..\Run: [msnmsgr] "C:\Programas\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Aviso.txt
O4 - Global Startup: Digimax Viewer 2.1.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Programas\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Testes Teóricos de Exame.lnk = D:\Testescodigo.exe
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {2A0DED63-24F3-4FD6-BEC4-58F8E1F0C205} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/FileSharing/pt-PT/filesharingctrl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {6E2D6932-3885-4FA2-8DD4-DB63FFE33797} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/PhtPkCnv.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/PhtPkMSN.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {A1F2F2CE-06AF-483C-9F12-D3BAA72477D6} (BatchDownloader Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/DigWXMSN.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab31267.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL



Que posso fazer? É um bocadinho urgente! :x

 

[Th3 Gam3]

Boas
Faz o download deste fix. Aplica o mesmo e reinicia o computador.
Coloca um novo logfile já depois de aplicado o fix.

Cumprimentos

 

[Tiamat]

Pela segunda vez... já disse que o pessoal que aqui apresenta logs do hijack, todos tem sinais do vírus Banker! aconselho fortemente a usarem o fix que acima indiquei.

C:\WINDOWS\system32\Isass.exe

tenham atenção a promenores como:
Isass.exe é diferente de Lsass.exe

corram o fix e o fix indica se estão ou não infectados.
Muitos dos antivirus de pessoal cujos pcs reparei não detectavam ou inibiam o virus.
Depois de executar o fix basta arrancarem a firewall. O vírus está em algumas máquinas servidores (zombies) que continuamente tentam infectar os mesmos pc's e outros. O vosso também é um desses zombies.
Boa sorte e façam algo para impedir o alastrar disso.

 

[Evil Mota]

Analizando o Log do NetEnforcer!
*************************
Faça o Donwload do Killbox
Salve numa pasta em C:\
Abra o KillBox. Marque a opção Delete on Reboot.
Agora copie a entrada abaixo abaixo para área de transferência (selecione e clique em Copiar).

C:\WINDOWS\system32\Isass.exe

Volte ao KillBox. Clique em File/ Paste from clipboard. Clique no botão All Files.
Clique no X. Responda Não à pergunta.

Repita o mesmo procediemnto, para os itens abaixo!
C:\WINDOWS\system32\aIg.exe


****************
Abra o HijackThis e clique em Do a System Scan Only e marque as entradas abaixo e clique em Fix Checked!

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hiperligações

O2 - BHO: (no name) - {23A841F5-DA1A-E4CF-16B4-53169ECFAF4D} - C:\DOCUME~1\Sandra\APPLIC~1\BIASDE~1\USER META.exe (file missing)

O3 - Toolbar: Barra de Ferramentas MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programas\MSN Toolbar\01.01.2607.0\pt-br\msntb.dll (file missing)

O4 - HKLM\..\Run: [active bird admin default] C:\Documents and Settings\All Users\Application Data\waycoolactivebird\lies tick.exe
O4 - HKLM\..\Run: [system32] C:\WINDOWS\system32\system32.exe
O4 - HKLM\..\Run: [msbcs] C:\WINDOWS\system32\msbcs.exe
O4 - HKLM\..\Run: [Isass] C:\WINDOWS\system32\Isass.exe


****************
Isntale, este programa, Anti-Malware!
Downoad: A-Squared!

Actualize-o!
Faça um "Full Scan" ou "Profundo"!


****************
Instale um Antivirus!
--> Panda
--> Kasperky
--> NOD32

 

[majo]

Olá a todos eu estou com um virus manhoso no meu pc... o msbcs.exe que está a dar comigo em doida e queria pedir ajuda pois não sei como tirar isto do meu pc.
Obrigado

 

[Evil Mota]

Faça o download do HijackThis 1.99

Ponha o ficheiro .Zip, no seu Disco rigido, em uma pasta [Hijakthis] execute o programa!
Carregue em Do A System scan and save Logfile

Depois, copie o que aparecer no bloco de notas, e em seguida poste ele aqui!

 

[estanka]

Faça o download do HijackThis 1.99

Ponha o ficheiro .Zip, no seu Disco rigido, em uma pasta [Hijakthis] execute o programa!
Carregue em Do A System scan and save Logfile

Depois, copie o que aparecer no bloco de notas, e em seguida poste ele aqui!

olha , eu sei que essa mensagem era para outro user, mas visto que tenho o mesmo problema, e preciso dele resolvido depressa, não há problema em ajudares-nos aos 2 , pois não? , aqui vai o meu log :
Logfile of HijackThis v1.99.1
Scan saved at 14:50:46, on 04-09-2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Programas\APC\APC PowerChute Personal Edition\mainserv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Programas\iolo\System Mechanic Professional 6\IoloSGCtrl.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Programas\Thomson\SpeedTouch USB\Dragdiag.exe
C:\WINDOWS\system32\RunDll32.exe
C:\PROGRA~1\FICHEI~1\PCSuite\DATALA~1\DATALA~1.EXE
C:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE
C:\Programas\Support.com\bin\tgcmd.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programas\iolo\System Mechanic Professional 6\SystemGuardAlerter.exe
C:\Programas\Messenger\msmsgs.exe
C:\Programas\SpeedTouch\Dr SpeedTouch\drst.exe
C:\PROGRA~1\FICHEI~1\PCSuite\Services\SERVIC~1.EXE
C:\Programas\iolo\System Mechanic Professional 6\SMSystemAnalyzer.exe
C:\Programas\Kaspersky Lab\Kaspersky Anti-Hacker\KAVPF.exe
C:\Programas\APC\APC PowerChute Personal Edition\apcsystray.exe
C:\Programas\Mozilla Firefox\firefox.exe
C:\Programas\ewido anti-spyware 4.0\guard.exe
C:\Programas\ewido anti-spyware 4.0\ewido.exe
C:\Documents and Settings\arture\Ambiente de trabalho\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hiperligações
R3 - URLSearchHook: DeskbarBHO - {A8B28872-3324-4CD2-8AA3-7D555C872D96} - C:\Programas\Deskbar\deskbar.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programas\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programas\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programas\Ficheiros comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: DeskbarBHO - {A8B28872-3324-4CD2-8AA3-7D555C872D96} - C:\Programas\Deskbar\deskbar.dll (file missing)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Programas\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [SCANINICIO] "C:\Programas\Panda Software\Panda Platinum 2005 Internet Security\Inicio.exe"
O4 - HKLM\..\Run: [APVXDWIN] "C:\Programas\Panda Software\Panda Platinum 2005 Internet Security\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [DataLayer] C:\PROGRA~1\FICHEI~1\PCSuite\DATALA~1\DATALA~1.EXE
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE
O4 - HKLM\..\Run: [hcenter] "C:\Programas\Support.com\bin\tgcmd.exe" /server /startmonitor
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SystemGuardAlerter] "C:\Programas\iolo\System Mechanic Professional 6\SystemGuardAlerter.exe"
O4 - HKLM\..\Run: [msbcs] C:\WINDOWS\system32\msbcs.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [!ewido] "C:\Programas\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKLM\..\RunServices: [PANDA ANTISPAM SERVER SERVICE] "C:\Programas\Panda Software\Panda Platinum 2005 Internet Security\PasSrv.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Programas\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BlazeServoTool] "C:\Programas\BlazeVideo\BlazeDVD4 Professional\MediaDetector.exe"
O4 - HKCU\..\Run: [winlogons.exe] C:\Programas\KGB Spy\winlogons.exe
O4 - HKCU\..\Run: [STManager] "C:\Programas\SpeedTouch\Dr SpeedTouch\drst.exe" -b
O4 - HKCU\..\Run: [SMSystemAnalyzer] "C:\Programas\iolo\System Mechanic Professional 6\SMSystemAnalyzer.exe"
O4 - Global Startup: APC UPS Status.lnk = ?
O4 - Global Startup: Kaspersky Anti-Hacker.lnk = C:\Programas\Kaspersky Lab\Kaspersky Anti-Hacker\KAVPF.exe
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://p3n3tr4t0r.spaces.live.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://scan.safety.live.com/resource/download/scanner/wlscbase5059.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{DDBF048E-A7E4-4241-A555-C49BAE6A5468}: NameServer = 194.65.100.117
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: APC UPS Service - American Power Conversion Corporation - C:\Programas\APC\APC PowerChute Personal Edition\mainserv.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Programas\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programas\Ficheiros comuns\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iolo System Guard (IOLO_SRV) - Unknown owner - C:\Programas\iolo\System Mechanic Professional 6\IoloSGCtrl.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Panda Antispam Server Service (PASSRV) - Unknown owner - C:\Programas\Panda Software\Panda Platinum 2005 Internet Security\PaSSrv.exe (file missing)
O23 - Service: Panda Firewall Service (PAVFIRES) - Unknown owner - C:\Programas\Panda Software\Panda Platinum 2005 Internet Security\Firewall\PavFires.exe (file missing)
O23 - Service: Panda Function Service (PAVFNSVR) - Unknown owner - C:\Programas\Panda Software\Panda Platinum 2005 Internet Security\PavFnSvr.exe (file missing)
O23 - Service: Panda Process Protection Service (PavPrSrv) - Unknown owner - C:\Programas\Ficheiros comuns\Panda Software\PavShld\pavprsrv.exe (file missing)
O23 - Service: Panda anti-virus service (PAVSRV) - Unknown owner - C:\Programas\Panda Software\Panda Platinum 2005 Internet Security\pavsrv51.exe (file missing)
O23 - Service: Panda Preventium+ Service (PREVSRV) - Unknown owner - C:\Programas\Panda Software\Panda Platinum 2005 Internet Security\prevsrv.exe (file missing)
O23 - Service: Panda IManager Service (PSIMSVC) - Unknown owner - C:\Programas\Panda Software\Panda Platinum 2005 Internet Security\PsImSvc.exe (file missing)

P.S: o programa ewido é mt melhor que o programa antispyware que eu tinha

 

[Evil Mota]

Faça o Donwload do Killbox
Salve numa pasta em C:\
Abra o KillBox. Marque a opção Delete on Reboot.
Agora copie a entrada abaixo abaixo para área de transferência (selecione e clique em Copiar).

C:\WINDOWS\system32\csrss.exe

Volte ao KillBox. Clique em File/ Paste from clipboard. Clique no botão All Files.
Clique no X. Responda Não à pergunta.


********************
Abra o HijackThis e clique em Do a System Scan Only e marque as entradas abaixo e clique em Fix Checked!

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hiperligações

R3 - URLSearchHook: DeskbarBHO - {A8B28872-3324-4CD2-8AA3-7D555C872D96} - C:\Programas\Deskbar\deskbar.dll (file missing)

O2 - BHO: DeskbarBHO - {A8B28872-3324-4CD2-8AA3-7D555C872D96} - C:\Programas\Deskbar\deskbar.dll (file missing)

O4 - HKLM\..\Run: [msbcs] C:\WINDOWS\system32\msbcs.exe
O4 - HKCU\..\Run: [winlogons.exe] C:\Programas\KGB Spy\winlogons.exe

O23 - Service: Panda Antispam Server Service (PASSRV) - Unknown owner - C:\Programas\Panda Software\Panda Platinum 2005 Internet Security\PaSSrv.exe (file missing)
O23 - Service: Panda Firewall Service (PAVFIRES) - Unknown owner - C:\Programas\Panda Software\Panda Platinum 2005 Internet Security\Firewall\PavFires.exe (file missing)
O23 - Service: Panda Function Service (PAVFNSVR) - Unknown owner - C:\Programas\Panda Software\Panda Platinum 2005 Internet Security\PavFnSvr.exe (file missing)
O23 - Service: Panda Process Protection Service (PavPrSrv) - Unknown owner - C:\Programas\Ficheiros comuns\Panda Software\PavShld\pavprsrv.exe (file missing)
O23 - Service: Panda anti-virus service (PAVSRV) - Unknown owner - C:\Programas\Panda Software\Panda Platinum 2005 Internet Security\pavsrv51.exe (file missing)
O23 - Service: Panda Preventium+ Service (PREVSRV) - Unknown owner - C:\Programas\Panda Software\Panda Platinum 2005 Internet Security\prevsrv.exe (file missing)
O23 - Service: Panda IManager Service (PSIMSVC) - Unknown owner - C:\Programas\Panda Software\Panda Platinum 2005 Internet Security\PsImSvc.exe (file missing)


********************
Mude de antivirus!
--> AntiVir
Actualize-o e faça um "Manual scan" (Full Scan)

Coloque um novo Log!

 

[curisco]

Olá a todos eu estou com um virus manhoso no meu pc... o msbcs.exe que está a dar comigo em doida e queria pedir ajuda pois não sei como tirar isto do meu pc.
Obrigado

 

[Evil Mota]

Faça o download do HijackThis 1.99

Ponha o ficheiro .Zip, no seu Disco rigido, em uma pasta [Hijakthis] execute o programa!
Carregue em Do A System scan and save Logfile

Depois, copie o que aparecer no bloco de notas, e em seguida poste ele aqui!

 

[estanka]

desde já te agradeço pela ajuda prestada, a &%$#!! do trojan (msbcs.exe) já não me aparece no computador , mas agora tenho outro problema, é que ao iniciar o windows, ele encrava sempre no logotipo, pelo que tenho de reiniciar, premir a tecla f8 e escolher "ultima configuração correcta" ou "iniciar em modo de segurança" para iniciar correctamente o meu log do hijackthis depois de ter feito aquilo que disseste é :

Logfile of HijackThis v1.99.1
Scan saved at 19:55:14, on 04-09-2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Programas\Thomson\SpeedTouch USB\Dragdiag.exe
C:\WINDOWS\system32\RunDll32.exe
C:\PROGRA~1\FICHEI~1\PCSuite\DATALA~1\DATALA~1.EXE
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE
C:\Programas\Support.com\bin\tgcmd.exe
C:\Programas\iolo\System Mechanic Professional 6\SystemGuardAlerter.exe
C:\Programas\ewido anti-spyware 4.0\ewido.exe
C:\Programas\Messenger\msmsgs.exe
C:\Programas\SpeedTouch\Dr SpeedTouch\drst.exe
C:\Programas\iolo\System Mechanic Professional 6\SMSystemAnalyzer.exe
C:\PROGRA~1\FICHEI~1\PCSuite\Services\SERVIC~1.EXE
C:\Programas\Kaspersky Lab\Kaspersky Anti-Hacker\KAVPF.exe
C:\Programas\APC\APC PowerChute Personal Edition\apcsystray.exe
C:\Programas\APC\APC PowerChute Personal Edition\mainserv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Programas\iolo\System Mechanic Professional 6\IoloSGCtrl.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\WINDOWS\System32\alg.exe
C:\Documents and Settings\arture\Ambiente de trabalho\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programas\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programas\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programas\Ficheiros comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Programas\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [SCANINICIO] "C:\Programas\Panda Software\Panda Platinum 2005 Internet Security\Inicio.exe"
O4 - HKLM\..\Run: [APVXDWIN] "C:\Programas\Panda Software\Panda Platinum 2005 Internet Security\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [DataLayer] C:\PROGRA~1\FICHEI~1\PCSuite\DATALA~1\DATALA~1.EXE
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE
O4 - HKLM\..\Run: [hcenter] "C:\Programas\Support.com\bin\tgcmd.exe" /server /startmonitor
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SystemGuardAlerter] "C:\Programas\iolo\System Mechanic Professional 6\SystemGuardAlerter.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [!ewido] "C:\Programas\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKLM\..\RunServices: [PANDA ANTISPAM SERVER SERVICE] "C:\Programas\Panda Software\Panda Platinum 2005 Internet Security\PasSrv.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Programas\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BlazeServoTool] "C:\Programas\BlazeVideo\BlazeDVD4 Professional\MediaDetector.exe"
O4 - HKCU\..\Run: [STManager] "C:\Programas\SpeedTouch\Dr SpeedTouch\drst.exe" -b
O4 - HKCU\..\Run: [SMSystemAnalyzer] "C:\Programas\iolo\System Mechanic Professional 6\SMSystemAnalyzer.exe"
O4 - Global Startup: APC UPS Status.lnk = ?
O4 - Global Startup: Kaspersky Anti-Hacker.lnk = C:\Programas\Kaspersky Lab\Kaspersky Anti-Hacker\KAVPF.exe
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://p3n3tr4t0r.spaces.live.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://scan.safety.live.com/resource/download/scanner/wlscbase5059.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{DDBF048E-A7E4-4241-A555-C49BAE6A5468}: NameServer = 194.65.100.117
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: APC UPS Service - American Power Conversion Corporation - C:\Programas\APC\APC PowerChute Personal Edition\mainserv.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programas\Ficheiros comuns\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iolo System Guard (IOLO_SRV) - Unknown owner - C:\Programas\iolo\System Mechanic Professional 6\IoloSGCtrl.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Panda Antispam Server Service (PASSRV) - Unknown owner - C:\Programas\Panda Software\Panda Platinum 2005 Internet Security\PaSSrv.exe (file missing)
O23 - Service: Panda Firewall Service (PAVFIRES) - Unknown owner - C:\Programas\Panda Software\Panda Platinum 2005 Internet Security\Firewall\PavFires.exe (file missing)
O23 - Service: Panda Function Service (PAVFNSVR) - Unknown owner - C:\Programas\Panda Software\Panda Platinum 2005 Internet Security\PavFnSvr.exe (file missing)
O23 - Service: Panda Process Protection Service (PavPrSrv) - Unknown owner - C:\Programas\Ficheiros comuns\Panda Software\PavShld\pavprsrv.exe (file missing)
O23 - Service: Panda anti-virus service (PAVSRV) - Unknown owner - C:\Programas\Panda Software\Panda Platinum 2005 Internet Security\pavsrv51.exe (file missing)
O23 - Service: Panda Preventium+ Service (PREVSRV) - Unknown owner - C:\Programas\Panda Software\Panda Platinum 2005 Internet Security\prevsrv.exe (file missing)
O23 - Service: Panda IManager Service (PSIMSVC) - Unknown owner - C:\Programas\Panda Software\Panda Platinum 2005 Internet Security\PsImSvc.exe (file missing)

há algumas cenas tipo "O23 - Service: Panda IManager Service (PSIMSVC) - Unknown owner - C:\Programas\Panda Software\Panda Platinum 2005 Internet Security\PsImSvc.exe (file missing)" que continuam a aparecer depois de ter feito fix ...