19-10-2011, 17:07
19-10-2011, 17:18
nao porque nao usei o combofix. se este (hijackthis) resultasse melhor. mas para isso precisava de ajuda.
19-10-2011, 17:33
Usa o combofix. Ele verifica o sistema e se encontrar o problema corrige logo.
O hijackthis, utilizei uma vez e pelo que me apercebi ele só corre o sistema à procura do problema mas não o resolve. O combofix por si corrige.
Corre.
O hijackthis, utilizei uma vez e pelo que me apercebi ele só corre o sistema à procura do problema mas não o resolve. O combofix por si corrige.
Corre.
20-10-2011, 11:18
acabei de usar o combofix, mas o problema nao ficou resolvido. mas guardei o log. podem-me ajudar a descobrir o melhor a fazer neste caso?
20-10-2011, 11:22
Faz upload do log.
20-10-2011, 11:25
Bom dia.
Sugiro também pelo menos só para despiste da possibilidade, experimentares correr o combofix em Modo de Segurança sem rede.
Cumprimentos.
Sugiro também pelo menos só para despiste da possibilidade, experimentares correr o combofix em Modo de Segurança sem rede.
Cumprimentos.
20-10-2011, 13:27
Ha alguma forma de colocar aqui o ficheiro log sem ser colar o texto?
vou colar entao o texto aqui do log, aguardando q me possam ajudar.
entretanto tambem experimentei o spyware doctor(trial) que identificou ameaças e infecçoes mas para as corrigir teria de ter licença (paga).
ComboFix 11-10-19.04 - nuno 20-10-2011 10:52:10.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.351.1033.18.2047.1498 [GMT 1:00]
Executando de: c:\documents and settings\nuno\Desktop\ComboFix.exe
* AV residente está ativo
.
.
.
((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\nuno\Recent\result_2008.mat
c:\program files\gar2005.exe
c:\program files\installer-46811-847-XP-Codec-Pack-Portuguese.exe
c:\program files\messenger\msmsgsin.exe
c:\program files\msn\msncorefiles\custdial.dll
c:\program files\msn\msncorefiles\logonmgr.dll
C:\start.bat
c:\windows\dasetup.log
c:\windows\Help\svhost.txt
c:\windows\sysedir.dat
c:\windows\system32\d3d9caps.dat
c:\windows\system32\WinSys.exe
.
.
(((((((((((((((( Arquivos/Ficheiros criados de 2011-09-20 to 2011-10-20 ))))))))))))))))))))))))))))
.
.
2011-10-19 15:37 . 2011-10-19 15:37 388096 ----a-r- c:\documents and settings\nuno\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-10-19 15:37 . 2011-10-19 15:37 -------- d-----w- c:\program files\Trend Micro
.
.
.
((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-05-31 13:51 . 2007-05-31 13:51 6010424 ----a-w- c:\program files\Firefox Setup 2.0.0.4.exe
2007-05-23 09:55 . 2007-05-23 09:51 18029424 ----a-w- c:\program files\Install_Messenger.exe
2007-04-20 16:27 . 2007-04-20 16:28 2863832 ----a-w- c:\program files\DeepBurner1.exe
2007-03-02 11:37 . 2007-03-02 11:33 14898028 ----a-w- c:\program files\FreePrimoPDF32Setup.exe
2006-06-01 10:42 . 2006-06-01 10:42 1591163 ----a-w- c:\program files\ConTEXTsetup.exe
2006-02-08 18:29 . 2006-02-08 18:29 36488456 ----a-w- c:\program files\iTunesSetup.exe
2006-02-01 14:28 . 2006-02-01 14:28 3976295 ----a-w- c:\program files\pix33be.exe
2006-02-01 14:18 . 2006-02-01 14:18 163840 ----a-w- c:\program files\colorfix.exe
2002-10-22 00:37 . 2005-10-14 14:12 4737900 ----a-w- c:\program files\Swish 2 + Keygen.exe
2011-10-19 13:46 . 2011-03-24 10:24 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))
.
.
*Nota* entradas vazias e legítimas por padrão não são apresentadas.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\nuno\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\nuno\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\nuno\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\nuno\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-02-08 155648]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-04-16 3872080]
"OfficeSyncProcess"="f:\office14\MSOSYNC.EXE" [2010-03-16 718208]
"{120556A7-04A2-D1D1-126D-73469C0D9C34}"="c:\documents and settings\nuno\Mocui\inity.exe" [2011-05-28 114176]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoftPerfect Personal Firewall"="c:\program files\SoftPerfect Personal Firewall\fw.exe" [2004-10-08 1314816]
"msnappau"="c:\program files\MSN Apps\Updater\01.02.3000.1001\pt-pt\msnappau.exe" [2004-08-13 86016]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-02-08 155648]
"ShStatEXE"="c:\program files\Network Associates\VirusScan\SHSTAT.EXE" [2004-09-22 94208]
"McAfeeUpdaterUI"="c:\program files\Network Associates\Common Framework\UpdaterUI.exe" [2005-12-07 131072]
"Network Associates Error Reporting Service"="c:\program files\Common Files\Network Associates\TalkBack\TBMon.exe" [2003-10-07 147514]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"BCSSync"="f:\office14\BCSSync.exe" [2010-03-13 91520]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"TSClientMSIUninstaller"="c:\windows\Installer\TSClientMsiTrans\tscuinst.vbs" [2007-10-30 13801]
"TSClientAXDisabler"="c:\windows\Installer\TSClientMsiTrans\tscdsbl.bat" [2008-01-18 2247]
.
c:\documents and settings\nuno\Start Menu\Programs\Startup\
Dropbox.lnk - c:\documents and settings\nuno\Application Data\Dropbox\bin\Dropbox.exe [2011-5-25 24176560]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-4-23 29696]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\OCS Inventory Agent\\OcsService.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Network Associates\\Common Framework\\FrameworkService.exe"=
"c:\\WINDOWS\\system32\\java.exe"=
"c:\\Program Files\\Java\\jre1.6.0_03\\bin\\javaw.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Documents and Settings\\nuno\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
"c:\\Program Files\\Common Files\\SafeNet Sentinel\\Sentinel Protection Server\\WinNT\\spnsrvnt.exe"=
"c:\\Program Files\\Common Files\\SafeNet Sentinel\\Sentinel Keys Server\\sntlkeyssrvr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"f:\\Office14\\GROOVE.EXE"=
"f:\\Office14\\ONENOTE.EXE"=
"f:\\Office14\\OUTLOOK.EXE"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
.
R1 NaiAvTdi1;NaiAvTdi1;c:\windows\system32\drivers\mvstdi5x.sys [06-11-2006 17:00 58464]
R2 OCS INVENTORY;OCS INVENTORY SERVICE;c:\program files\OCS Inventory Agent\OcsService.exe [01-08-2006 15:45 57344]
R2 SentinelKeysServer;Sentinel Keys Server;c:\program files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe [11-07-2008 2:02 328992]
R2 SSIPDDP;SSIPDDP: Parallel port device driver;c:\windows\system32\drivers\SSIPDDP.SYS [04-11-2005 11:48 54784]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;f:\office14\GROOVE.EXE [25-03-2010 10:25 30969208]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [09-01-2010 21:37 4640000]
.
--- =Outros Serviços/Drivers Na Memória ---
.
*Deregistered* - SPFDRV
.
Conteúdo da pasta 'Tarefas Agendadas'
.
.
------- Scan Suplementar -------
.
uStart Page = hxxp://bwrk.startya.com/?cfg=2-490-0-0&engine_id=3&provider_id=3&product_id=490&country=PT
uInternet Settings,ProxyServer = proxy.inescn.pt:3128
IE: E&xport to Microsoft Excel - f:\office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - f:\office14\ONBttnIE.dll/105
TCP: Interfaces\{7D2D2483-A8C5-44C1-8BAF-3A247BA7FA2D}: NameServer = 192.35.246.1,192.35.246.2
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\nuno\Application Data\Mozilla\Firefox\Profiles\crjh795d.default\
FF - prefs.js: browser.startup.homepage - hxxp://www2.inescporto.pt/
FF - prefs.js: keyword.URL - hxxp://bwrk.startya.com/s/?src=FF-Address&site=Yahoo!&cfg=2-490-0-0&q=
FF - prefs.js: network.proxy.ftp - proxy.inescporto.pt
FF - prefs.js: network.proxy.ftp_port - 3128
FF - prefs.js: network.proxy.gopher - proxy.inescporto.pt
FF - prefs.js: network.proxy.gopher_port - 3128
FF - prefs.js: network.proxy.http - proxy.inescporto.pt
FF - prefs.js: network.proxy.http_port - 3128
FF - prefs.js: network.proxy.socks - proxy.inescporto.pt
FF - prefs.js: network.proxy.socks_port - 3128
FF - prefs.js: network.proxy.ssl - proxy.inescporto.pt
FF - prefs.js: network.proxy.ssl_port - 3128
FF - prefs.js: network.proxy.type - 1
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - ORFÃOS REMOVIDOS - - - -
.
MSConfigStartUp-MessengerPlus3 - c:\program files\Messenger Plus! 3\MsgPlus.exe
AddRemove-Reserva_is1 - f:\reserva\unins000.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-10-20 11:01
Windows 5.1.2600 Service Pack 3 NTFS
.
Procurando processos ocultos ...
.
Procurando entradas auto inicializáveis ocultas ...
.
Procurando ficheiros/arquivos ocultos ...
.
Varredura completada com sucesso
arquivos/ficheiros ocultos: 0
.
**************************************************************************
.
--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------
.
- - - - - - - > 'lsass.exe'(744)
c:\windows\system32\EntApi.dll
c:\windows\system32\WININET.dll
.
Tempo para conclusão: 2011-10-20 11:07:00
ComboFix-quarantined-files.txt 2011-10-20 10:06
.
Pré-execução: 3 581 452 288 bytes free
Pós execução: 5 991 075 840 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-PTB.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn
.
- - End Of File - - BA7011340F99787794426B34B29D7552
vou colar entao o texto aqui do log, aguardando q me possam ajudar.
entretanto tambem experimentei o spyware doctor(trial) que identificou ameaças e infecçoes mas para as corrigir teria de ter licença (paga).
ComboFix 11-10-19.04 - nuno 20-10-2011 10:52:10.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.351.1033.18.2047.1498 [GMT 1:00]
Executando de: c:\documents and settings\nuno\Desktop\ComboFix.exe
* AV residente está ativo
.
.
.
((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\nuno\Recent\result_2008.mat
c:\program files\gar2005.exe
c:\program files\installer-46811-847-XP-Codec-Pack-Portuguese.exe
c:\program files\messenger\msmsgsin.exe
c:\program files\msn\msncorefiles\custdial.dll
c:\program files\msn\msncorefiles\logonmgr.dll
C:\start.bat
c:\windows\dasetup.log
c:\windows\Help\svhost.txt
c:\windows\sysedir.dat
c:\windows\system32\d3d9caps.dat
c:\windows\system32\WinSys.exe
.
.
(((((((((((((((( Arquivos/Ficheiros criados de 2011-09-20 to 2011-10-20 ))))))))))))))))))))))))))))
.
.
2011-10-19 15:37 . 2011-10-19 15:37 388096 ----a-r- c:\documents and settings\nuno\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-10-19 15:37 . 2011-10-19 15:37 -------- d-----w- c:\program files\Trend Micro
.
.
.
((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-05-31 13:51 . 2007-05-31 13:51 6010424 ----a-w- c:\program files\Firefox Setup 2.0.0.4.exe
2007-05-23 09:55 . 2007-05-23 09:51 18029424 ----a-w- c:\program files\Install_Messenger.exe
2007-04-20 16:27 . 2007-04-20 16:28 2863832 ----a-w- c:\program files\DeepBurner1.exe
2007-03-02 11:37 . 2007-03-02 11:33 14898028 ----a-w- c:\program files\FreePrimoPDF32Setup.exe
2006-06-01 10:42 . 2006-06-01 10:42 1591163 ----a-w- c:\program files\ConTEXTsetup.exe
2006-02-08 18:29 . 2006-02-08 18:29 36488456 ----a-w- c:\program files\iTunesSetup.exe
2006-02-01 14:28 . 2006-02-01 14:28 3976295 ----a-w- c:\program files\pix33be.exe
2006-02-01 14:18 . 2006-02-01 14:18 163840 ----a-w- c:\program files\colorfix.exe
2002-10-22 00:37 . 2005-10-14 14:12 4737900 ----a-w- c:\program files\Swish 2 + Keygen.exe
2011-10-19 13:46 . 2011-03-24 10:24 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))
.
.
*Nota* entradas vazias e legítimas por padrão não são apresentadas.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\nuno\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\nuno\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\nuno\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\nuno\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-02-08 155648]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-04-16 3872080]
"OfficeSyncProcess"="f:\office14\MSOSYNC.EXE" [2010-03-16 718208]
"{120556A7-04A2-D1D1-126D-73469C0D9C34}"="c:\documents and settings\nuno\Mocui\inity.exe" [2011-05-28 114176]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoftPerfect Personal Firewall"="c:\program files\SoftPerfect Personal Firewall\fw.exe" [2004-10-08 1314816]
"msnappau"="c:\program files\MSN Apps\Updater\01.02.3000.1001\pt-pt\msnappau.exe" [2004-08-13 86016]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-02-08 155648]
"ShStatEXE"="c:\program files\Network Associates\VirusScan\SHSTAT.EXE" [2004-09-22 94208]
"McAfeeUpdaterUI"="c:\program files\Network Associates\Common Framework\UpdaterUI.exe" [2005-12-07 131072]
"Network Associates Error Reporting Service"="c:\program files\Common Files\Network Associates\TalkBack\TBMon.exe" [2003-10-07 147514]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"BCSSync"="f:\office14\BCSSync.exe" [2010-03-13 91520]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"TSClientMSIUninstaller"="c:\windows\Installer\TSClientMsiTrans\tscuinst.vbs" [2007-10-30 13801]
"TSClientAXDisabler"="c:\windows\Installer\TSClientMsiTrans\tscdsbl.bat" [2008-01-18 2247]
.
c:\documents and settings\nuno\Start Menu\Programs\Startup\
Dropbox.lnk - c:\documents and settings\nuno\Application Data\Dropbox\bin\Dropbox.exe [2011-5-25 24176560]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-4-23 29696]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\OCS Inventory Agent\\OcsService.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Network Associates\\Common Framework\\FrameworkService.exe"=
"c:\\WINDOWS\\system32\\java.exe"=
"c:\\Program Files\\Java\\jre1.6.0_03\\bin\\javaw.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Documents and Settings\\nuno\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
"c:\\Program Files\\Common Files\\SafeNet Sentinel\\Sentinel Protection Server\\WinNT\\spnsrvnt.exe"=
"c:\\Program Files\\Common Files\\SafeNet Sentinel\\Sentinel Keys Server\\sntlkeyssrvr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"f:\\Office14\\GROOVE.EXE"=
"f:\\Office14\\ONENOTE.EXE"=
"f:\\Office14\\OUTLOOK.EXE"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
.
R1 NaiAvTdi1;NaiAvTdi1;c:\windows\system32\drivers\mvstdi5x.sys [06-11-2006 17:00 58464]
R2 OCS INVENTORY;OCS INVENTORY SERVICE;c:\program files\OCS Inventory Agent\OcsService.exe [01-08-2006 15:45 57344]
R2 SentinelKeysServer;Sentinel Keys Server;c:\program files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe [11-07-2008 2:02 328992]
R2 SSIPDDP;SSIPDDP: Parallel port device driver;c:\windows\system32\drivers\SSIPDDP.SYS [04-11-2005 11:48 54784]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;f:\office14\GROOVE.EXE [25-03-2010 10:25 30969208]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [09-01-2010 21:37 4640000]
.
--- =Outros Serviços/Drivers Na Memória ---
.
*Deregistered* - SPFDRV
.
Conteúdo da pasta 'Tarefas Agendadas'
.
.
------- Scan Suplementar -------
.
uStart Page = hxxp://bwrk.startya.com/?cfg=2-490-0-0&engine_id=3&provider_id=3&product_id=490&country=PT
uInternet Settings,ProxyServer = proxy.inescn.pt:3128
IE: E&xport to Microsoft Excel - f:\office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - f:\office14\ONBttnIE.dll/105
TCP: Interfaces\{7D2D2483-A8C5-44C1-8BAF-3A247BA7FA2D}: NameServer = 192.35.246.1,192.35.246.2
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\nuno\Application Data\Mozilla\Firefox\Profiles\crjh795d.default\
FF - prefs.js: browser.startup.homepage - hxxp://www2.inescporto.pt/
FF - prefs.js: keyword.URL - hxxp://bwrk.startya.com/s/?src=FF-Address&site=Yahoo!&cfg=2-490-0-0&q=
FF - prefs.js: network.proxy.ftp - proxy.inescporto.pt
FF - prefs.js: network.proxy.ftp_port - 3128
FF - prefs.js: network.proxy.gopher - proxy.inescporto.pt
FF - prefs.js: network.proxy.gopher_port - 3128
FF - prefs.js: network.proxy.http - proxy.inescporto.pt
FF - prefs.js: network.proxy.http_port - 3128
FF - prefs.js: network.proxy.socks - proxy.inescporto.pt
FF - prefs.js: network.proxy.socks_port - 3128
FF - prefs.js: network.proxy.ssl - proxy.inescporto.pt
FF - prefs.js: network.proxy.ssl_port - 3128
FF - prefs.js: network.proxy.type - 1
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - ORFÃOS REMOVIDOS - - - -
.
MSConfigStartUp-MessengerPlus3 - c:\program files\Messenger Plus! 3\MsgPlus.exe
AddRemove-Reserva_is1 - f:\reserva\unins000.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-10-20 11:01
Windows 5.1.2600 Service Pack 3 NTFS
.
Procurando processos ocultos ...
.
Procurando entradas auto inicializáveis ocultas ...
.
Procurando ficheiros/arquivos ocultos ...
.
Varredura completada com sucesso
arquivos/ficheiros ocultos: 0
.
**************************************************************************
.
--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------
.
- - - - - - - > 'lsass.exe'(744)
c:\windows\system32\EntApi.dll
c:\windows\system32\WININET.dll
.
Tempo para conclusão: 2011-10-20 11:07:00
ComboFix-quarantined-files.txt 2011-10-20 10:06
.
Pré-execução: 3 581 452 288 bytes free
Pós execução: 5 991 075 840 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-PTB.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn
.
- - End Of File - - BA7011340F99787794426B34B29D7552
20-10-2011, 14:20
Pelo que vi alguns ficheiros foram excluidos.
Ainda tens o mesmo problema?
Ainda tens o mesmo problema?
20-10-2011, 14:30
Sim, ainda tenho o mesmo problema
20-10-2011, 14:42
Já experimentas-te correr o combofix em Modo de Segurança sem rede?