Publicado em 27 de jun.

[Arquivado] Computador Infectado

Olá pessoal. Estou com sérios problemas com esse tal de Sality, ele bloqueou meu acesso ao gerenciador de tarefas, e está infectando tudo quanto é .exe que está no computador. Já testei um tal de Sality remover, com o simbolo do AVG, mas nada de resultados. COmo ja vi infecções como essas, digo que tive sorte que o Avast! estava para me salvar, pois senão ia virar um caos total. O vírus só infectou o Gerenciador de tarefas do meu usuário, pois o Administrador está normal. O que devo fazer?

Logfile of Trend Micro HijackThis v2.0.2Scan saved at 09:54, on 2009-06-27

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2900.2180)

Boot mode: Normal

Running processes:

D:\WINDOWS\System32\smss.exe

D:\WINDOWS\system32\winlogon.exe

D:\WINDOWS\system32\services.exe

D:\WINDOWS\system32\lsass.exe

D:\WINDOWS\system32\Ati2evxx.exe

D:\WINDOWS\system32\svchost.exe

D:\WINDOWS\system32\Ati2evxx.exe

D:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

D:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

D:\WINDOWS\Explorer.EXE

D:\WINDOWS\system32\ctfmon.exe

D:\WINDOWS\system32\spoolsv.exe

D:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

D:\Arquivos de programas\Bonjour\mDNSResponder.exe

D:\Arquivos de programas\eBoostr\EBstrSvc.exe

D:\WINDOWS\sm56hlpr.exe

D:\Arquivos de programas\Vista Drive Icon\DrvIcon.exe

D:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

D:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

D:\WINDOWS\system32\svchost.exe

D:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

D:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

D:\Arquivos de programas\ViOrb\ViOrb.exe

D:\Arquivos de programas\LClock\lclock.exe

D:\Arquivos de programas\ViStart\ViStart.exe

D:\Arquivos de programas\Opera\opera.exe

D:\Arquivos de programas\eBoostr\eBoostrCP.exe

D:\WINDOWS\System32\svchost.exe

D:\HiJackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://s2.br.gladiatus.com/game/index.php?mod=login

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Arquivos de programas\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {6EF05952-B48D-4944-AA91-57A6A1A48EF8} - D:\Arquivos de programas\Puxa Rápido\IEBHO.DLL

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Arquivos de programas\Java\jre6\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - D:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - D:\Arquivos de programas\Styler\TB\StylerTB.dll

O4 - HKLM\..\Run: [avast!] D:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [sMSERIAL] D:\WINDOWS\sm56hlpr.exe

O4 - HKLM\..\Run: [DrvIcon] D:\Arquivos de programas\Vista Drive Icon\DrvIcon.exe

O4 - HKCU\..\Run: [MsnMsgr] "D:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [ViOrb] D:\Arquivos de programas\ViOrb\ViOrb.exe

O4 - HKCU\..\Run: [LClock] D:\Arquivos de programas\LClock\lclock.exe

O4 - HKCU\..\Run: [ViStart] D:\Arquivos de programas\ViStart\ViStart.exe

O4 - HKCU\..\Run: [Opera] D:\Arquivos de programas\Opera\opera.exe

O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: eBoostr Control Panel.lnk = D:\Arquivos de programas\eBoostr\eBoostrCP.exe

O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1

O8 - Extra context menu item: Add to AMV Converter... - D:\Arquivos de programas\MP3 Player Utilities 4.15\AMVConverter\grab.html

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~1\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: MediaManager tool grab multimedia file - D:\Arquivos de programas\MP3 Player Utilities 4.15\MediaManager\grab.html

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~1\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {0FF588E0-0913-4CBC-BEC6-422A2D96B7FB} (AuditionWebCtrl Class) - http://audition.com.br/activex/AuditionWeb.cab

O16 - DPF: {32A155BD-68EC-404E-A14F-72A851C0811D} (WebNG-Uploader Control) - http://cp.webng.com/client/fm/WebNG-Uploader.cab

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/PT-BR/a-UNO1/GAME_UNO1.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab57176.cab

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - D:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - D:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - D:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - D:\WINDOWS\system32\ati2sgag.exe

O23 - Service: avast! Antivirus - ALWIL Software - D:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - D:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - D:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - D:\Arquivos de programas\Bonjour\mDNSResponder.exe

O23 - Service: eBoostr Service (EBOOSTRSVC) - eBoostr.com - D:\Arquivos de programas\eBoostr\EBstrSvc.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - D:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: NBService - Nero AG - D:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - D:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe

O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - D:\WINDOWS\system32\GameMon.des.exe (file missing)

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - D:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

O24 - Desktop Component 1: (no name) - http://s2.br.gladiatus.com/game/index.php?mod=login

End of file - 7779 bytes

Qualquer coisa eu ja estou fazendo o log do Combofix para postar.

Discussão (12)

Entre ou cadastre-se para participar da discussão

Entrar Criar conta

Carregando comentários...