Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Latest News:    0Day Windows JET Database Vulnerability disclosed by Zero Day Initiative

Featured Deal: Get 95% off The Ultimate MCSE Certification Training Bundle

Photo

COMBO FIX

Started by Joyce Pereira , Jan 29 2010 07:25 AM

  • This topic is locked This topic is locked
2 replies to this topic

#1 Joyce Pereira

Joyce Pereira

  • Members
  • 1 posts
  • OFFLINE
    •  
  • Gender:Female
  • Local time:01:37 PM

Posted 29 January 2010 - 07:25 AM

ComboFix 10-01-28.05 - PC Contec 29/01/2010 8:50.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.895.517 [GMT -3:00]
Executando de: c:\documents and settings\PC Contec\Meus documentos\ComboFix.exe
AV: Symantec AntiVirus Corporate Edition *On-access scanning disabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}
* AV residente está ativo

.

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Dados de aplicativos\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Dados de aplicativos\Microsoft\Network\Downloader\qmgr1.dat
c:\documents and settings\PC Contec\Dados de aplicativos\inst.exe
c:\windows\msa.exe
c:\windows\msb.exe
c:\windows\system32\Thumbs.db
c:\windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job

----- BITS: Sites possivelmente infectados -----

hxxp://armmf.adobe.com
.
((((((((((((((((((((((((((((((((((((((( Drivers/Serviços )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_SSHNAS


(((((((((((((((( Arquivos/Ficheiros criados de 2009-12-28 to 2010-01-29 ))))))))))))))))))))))))))))
.

2010-01-29 12:01 . 2010-01-29 12:01 27665 ----a-w- c:\temp\Italian.bin
2010-01-29 12:01 . 2010-01-29 12:01 27425 ----a-w- c:\temp\French.bin
2010-01-29 12:01 . 2010-01-29 12:01 26314 ----a-w- c:\temp\Russian.bin
2010-01-29 12:01 . 2010-01-29 12:01 25943 ----a-w- c:\temp\Dutch.bin
2010-01-29 12:01 . 2010-01-29 12:01 25927 ----a-w- c:\temp\German.bin
2010-01-29 12:01 . 2010-01-29 12:01 24523 ----a-w- c:\temp\Japanese.bin
2010-01-29 12:01 . 2010-01-29 12:01 22970 ----a-w- c:\temp\Danish.bin
2010-01-29 12:01 . 2010-01-29 12:01 20307 ----a-w- c:\temp\Korean.bin
2010-01-29 12:01 . 2010-01-29 12:01 17090 ----a-w- c:\temp\TradChin.bin
2010-01-28 14:47 . 2010-01-28 14:47 75612 ----a-w- C:\18100102540369_200908_20100128.Zip
2010-01-27 11:03 . 2010-01-27 11:04 -------- d-----w- C:\ztx4h
2010-01-25 16:44 . 2010-01-25 16:44 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\SUPERAntiSpyware.com
2010-01-25 16:43 . 2010-01-25 17:01 -------- d-----w- c:\arquivos de programas\SUPERAntiSpyware
2010-01-25 16:43 . 2010-01-25 16:43 -------- d-----w- c:\documents and settings\PC Contec\Dados de aplicativos\SUPERAntiSpyware.com
2010-01-20 15:15 . 2007-04-12 17:19 129024 ----a-w- c:\windows\system32\AVERM.dll
2010-01-20 15:15 . 2010-01-20 15:15 -------- d-----w- c:\arquivos de programas\Allok RM RMVB to AVI MPEG DVD Converter
2010-01-20 15:00 . 2010-01-20 15:00 -------- d-----w- c:\documents and settings\PC Contec\Dados de aplicativos\Media Player Classic
2010-01-20 12:11 . 2010-01-20 12:31 -------- d-----w- c:\arquivos de programas\Aglare DVD Ripper Platinum
2010-01-20 12:03 . 2010-01-20 12:03 34 ---ha-w- c:\windows\system32\DVDRipperDiamond_sysquict.dat
2010-01-20 12:03 . 2010-01-20 12:31 -------- d-----w- c:\arquivos de programas\Aglare DVD to Zune Converter
2010-01-20 11:51 . 2010-01-20 11:51 34 ---ha-w- c:\windows\system32\VideoConverter_sysquict.dat
2010-01-20 11:50 . 2010-01-20 12:30 -------- d-----w- c:\arquivos de programas\Aglare Mp4 to AVI Converter
2010-01-19 16:14 . 2010-01-19 16:29 -------- d-----w- c:\arquivos de programas\AutocompletePro
2010-01-19 15:58 . 2010-01-20 16:48 -------- d---a-w- c:\documents and settings\All Users\Dados de aplicativos\TEMP
2010-01-19 15:58 . 2010-01-20 16:49 -------- d-----w- c:\arquivos de programas\DAP
2010-01-15 14:20 . 2010-01-15 14:20 134062 ----a-w- C:\18100101493286_200912_20100115.Zip
2010-01-15 10:56 . 2010-01-15 10:56 113943 ----a-w- C:\18100102693343_200912_20100115.Zip
2010-01-15 10:55 . 2010-01-15 10:55 29289 ----a-w- C:\18141003094290_200912_20100115.Zip
2010-01-15 10:55 . 2010-01-15 10:55 29199 ----a-w- C:\18100103579536_200912_20100115.Zip
2010-01-15 10:55 . 2010-01-15 15:04 243161 ----a-w- C:\18100102749039_200912_20100115.Zip
2010-01-15 10:55 . 2010-01-15 10:55 29262 ----a-w- C:\18100102630261_200912_20100115.Zip
2010-01-15 10:55 . 2010-01-15 10:55 230087 ----a-w- C:\18100102276475_200912_20100115.Zip
2010-01-15 10:55 . 2010-01-15 10:55 38493 ----a-w- C:\18100101765600_200910_20100115.Zip
2010-01-14 12:29 . 2008-12-17 19:00 621056 ----a-w- c:\windows\system32\drivers\mod7700.sys
2010-01-14 12:29 . 2008-12-17 19:00 24448 ----a-w- c:\windows\system32\drivers\ewdcsc.sys
2010-01-14 12:29 . 2008-12-17 19:00 103168 ----a-w- c:\windows\system32\drivers\ewusbfake.sys
2010-01-14 12:29 . 2008-12-17 19:00 101120 ----a-w- c:\windows\system32\drivers\ewusbmdm.sys
2010-01-14 12:29 . 2008-12-17 19:00 100992 ----a-w- c:\windows\system32\drivers\ewusbnet.sys
2010-01-14 12:29 . 2010-01-14 12:29 -------- d-----w- c:\documents and settings\PC Contec\Dados de aplicativos\TIM
2010-01-14 12:29 . 2010-01-14 12:29 -------- d-----w- c:\arquivos de programas\TIM
2010-01-05 20:32 . 2010-01-29 11:01 -------- d-----w- c:\arquivos de programas\uTorrent
2010-01-05 20:32 . 2010-01-29 12:02 -------- d-----w- c:\documents and settings\PC Contec\Dados de aplicativos\uTorrent
2010-01-04 18:15 . 2010-01-04 18:38 -------- d--h--w- c:\arquivos de programas\Scpad
2009-12-30 17:21 . 2009-12-30 18:30 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Norton
2009-12-30 17:21 . 2009-12-30 17:21 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\NortonInstaller
2009-12-30 14:18 . 2009-12-30 14:18 -------- d-----w- c:\windows\system32\Adobe

.
((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-29 12:00 . 2002-02-28 16:27 -------- d-----w- c:\arquivos de programas\Symantec AntiVirus
2010-01-28 19:34 . 2009-10-30 14:01 -------- d-----w- c:\documents and settings\PC Contec\Dados de aplicativos\vlc
2010-01-28 14:01 . 2009-10-30 10:50 -------- d-----w- c:\arquivos de programas\Lx_cats
2010-01-25 16:45 . 2010-01-25 16:45 52224 ----a-w- c:\documents and settings\PC Contec\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-01-25 16:45 . 2010-01-25 16:45 117760 ----a-w- c:\documents and settings\PC Contec\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-01-20 16:50 . 2009-10-29 17:21 -------- d-----w- c:\arquivos de programas\Microsoft Silverlight
2010-01-20 14:30 . 2009-11-23 13:50 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Microsoft Help
2010-01-20 14:28 . 2009-11-23 14:14 -------- d-----w- c:\arquivos de programas\Microsoft Works
2010-01-18 17:29 . 2009-11-03 15:04 -------- d-----w- c:\documents and settings\PC Contec\Dados de aplicativos\dvdcss
2010-01-15 11:09 . 2009-10-29 17:24 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Adobe
2010-01-14 12:31 . 2008-04-14 12:00 79980 ----a-w- c:\windows\system32\perfc016.dat
2010-01-14 12:31 . 2008-04-14 12:00 471022 ----a-w- c:\windows\system32\perfh016.dat
2010-01-06 13:58 . 2009-10-29 17:44 -------- d-----w- c:\arquivos de programas\EditPlus 2
2010-01-04 15:37 . 2009-11-20 12:51 -------- d-----w- c:\arquivos de programas\Windows Media Connect 2
2009-12-28 20:48 . 2009-12-28 20:48 -------- d-----w- c:\arquivos de programas\ATnotes
2009-12-28 20:48 . 2009-10-30 10:46 -------- d-----w- c:\arquivos de programas\Lexmark 2500 Series
2009-12-21 19:08 . 2008-04-14 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2009-12-14 17:34 . 2009-12-14 17:34 -------- d-----w- c:\arquivos de programas\Validador TEF
2009-12-14 17:31 . 2009-10-29 17:15 -------- d-----w- c:\arquivos de programas\Sefaz-PE
2009-12-09 11:49 . 2008-04-14 12:00 219648 ----a-w- c:\windows\system32\uxtheme.dll
2009-12-01 10:54 . 2009-10-30 15:06 -------- d-----w- c:\documents and settings\PC Contec\Dados de aplicativos\FaxCtr
2009-11-30 18:58 . 2009-10-30 11:53 -------- d-----w- c:\documents and settings\PC Contec\Dados de aplicativos\Vso
2009-11-30 18:58 . 2009-10-30 11:53 47360 ----a-w- c:\documents and settings\PC Contec\Dados de aplicativos\pcouffin.sys
2009-11-30 18:58 . 2009-10-30 11:53 47360 ----a-w- c:\documents and settings\PC Contec\Dados de aplicativos\pcouffin.sys
2009-11-27 10:41 . 2009-11-27 10:41 45056 ----a-r- c:\documents and settings\PC Contec\Dados de aplicativos\Microsoft\Installer\{05A4E199-C009-4E32-A860-0F33471A8610}\NewShortcut2_DF0CCA89BE294B7D9A229DB872E01239.exe
2009-11-27 10:41 . 2009-11-27 10:41 40960 ----a-r- c:\documents and settings\PC Contec\Dados de aplicativos\Microsoft\Installer\{05A4E199-C009-4E32-A860-0F33471A8610}\NewShortcut8_DF0CCA89BE294B7D9A229DB872E01239.exe
2009-11-27 10:41 . 2009-11-27 10:41 40960 ----a-r- c:\documents and settings\PC Contec\Dados de aplicativos\Microsoft\Installer\{05A4E199-C009-4E32-A860-0F33471A8610}\NewShortcut3_DF0CCA89BE294B7D9A229DB872E01239.exe
2009-11-21 15:58 . 2008-04-14 12:00 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
2009-11-20 13:50 . 2009-11-20 13:50 152576 ----a-w- c:\documents and settings\PC Contec\Dados de aplicativos\Sun\Java\jre1.6.0_17\lzma.dll
2009-11-20 13:50 . 2009-11-18 18:08 79488 ----a-w- c:\documents and settings\PC Contec\Dados de aplicativos\Sun\Java\jre1.6.0_17\gtapi.dll
2009-11-17 17:55 . 2009-11-17 17:55 131072 ----a-w- c:\documents and settings\PC Contec\Dados de aplicativos\Netscape\Plugins\npPxPlay.dll
2009-11-17 17:55 . 2009-11-17 17:55 131072 ----a-w- c:\documents and settings\PC Contec\Dados de aplicativos\Mozilla\Plugins\npPxPlay.dll
2009-11-17 17:53 . 2009-11-17 17:53 17994384 ----a-w- c:\documents and settings\PC Contec\Dados de aplicativos\pspro_40_2477.exe
2009-11-17 17:53 . 2009-11-17 17:53 17994384 ----a-w- c:\documents and settings\PC Contec\Dados de aplicativos\pspro_40_2477.exe
2009-11-17 17:02 . 2009-11-17 17:02 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))
.
.
*Nota* entradas vazias e legítimas por defeito não são mostradas.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-11-20 39408]
"msnmsgr"="c:\arquivos de programas\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883840]
"uTorrent"="c:\arquivos de programas\uTorrent\uTorrent.exe" [2010-01-28 319280]
"Google Update"="c:\documents and settings\PC Contec\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe" [2010-01-19 135664]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2008-11-17 17676288]
"D-Link D-Link Wireless G DWA-510"="c:\arquivos de programas\D-Link\D-Link Wireless G DWA-510\AirGCFG.exe" [2007-08-02 1667072]
"ccApp"="c:\arquivos de programas\Arquivos comuns\Symantec Shared\ccApp.exe" [2006-07-19 52896]
"vptray"="c:\arquiv~1\SYMANT~1\VPTray.exe" [2006-09-27 125168]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-01-21 13680640]
"Adobe Reader Speed Launcher"="c:\arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
"GrooveMonitor"="c:\arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\PC Contec\Menu Iniciar\Programas\Inicializar\
Atalho para ATnotes.lnk - c:\arquivos de programas\ATnotes\ATnotes.exe [2009-12-28 1015808]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Arquivos de programas\\Lexmark 2500 Series\\lxddamon.exe"=
"c:\\Arquivos de programas\\Lexmark 2500 Series\\App4R.exe"=
"c:\\WINDOWS\\system32\\lxddcoms.exe"=
"c:\\WINDOWS\\system32\\lxddcfg.exe"=
"c:\\WINDOWS\\system32\\dllhost.exe"=
"c:\\Arquivos de programas\\Messenger\\msmsgs.exe"=
"c:\\Arquivos de programas\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Arquivos de programas\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Arquivos de programas\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Arquivos de programas\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Arquivos de programas\\Sefaz-PE\\SEFAZNET\\SefazNet.exe"=
"c:\\Arquivos de programas\\ATnotes\\ATnotes.exe"=
"c:\\Arquivos de programas\\Windows Media Player\\wmplayer.exe"=
"c:\\Arquivos de programas\\uTorrent\\uTorrent.exe"=
"c:\\Arquivos de programas\\Lexmark 2500 Series\\lxddmon.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxddpswx.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxddtime.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxddjswx.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"135:TCP"= 135:TCP:TCP Port 135
"5000:TCP"= 5000:TCP:TCP Port 5000
"5001:TCP"= 5001:TCP:TCP Port 5001
"5002:TCP"= 5002:TCP:TCP Port 5002
"5003:TCP"= 5003:TCP:TCP Port 5003
"5004:TCP"= 5004:TCP:TCP Port 5004
"5005:TCP"= 5005:TCP:TCP Port 5005
"5006:TCP"= 5006:TCP:TCP Port 5006
"5007:TCP"= 5007:TCP:TCP Port 5007
"5008:TCP"= 5008:TCP:TCP Port 5008
"5009:TCP"= 5009:TCP:TCP Port 5009
"5010:TCP"= 5010:TCP:TCP Port 5010
"5011:TCP"= 5011:TCP:TCP Port 5011
"5012:TCP"= 5012:TCP:TCP Port 5012
"5013:TCP"= 5013:TCP:TCP Port 5013
"5014:TCP"= 5014:TCP:TCP Port 5014
"5015:TCP"= 5015:TCP:TCP Port 5015
"5016:TCP"= 5016:TCP:TCP Port 5016
"5017:TCP"= 5017:TCP:TCP Port 5017
"5018:TCP"= 5018:TCP:TCP Port 5018
"5019:TCP"= 5019:TCP:TCP Port 5019
"5020:TCP"= 5020:TCP:TCP Port 5020

R0 TwkMs;CHIPDRIVE Mouse Adapter;c:\windows\system32\drivers\TWKMS.sys [24/4/2003 01:14 4828]
R2 lxdd_device;lxdd_device;c:\windows\system32\lxddcoms.exe -service --> c:\windows\system32\lxddcoms.exe -service [?]
R2 wksauto;wksauto;c:\wkradar\Pgms\Radar\WKSAuto.exe [19/10/2009 14:30 147456]
R3 CHIPDRIVE USB SmartCardReader;CHIPDRIVE USB SmartCardReader;c:\windows\system32\drivers\TwkUsb2K.sys [10/9/2004 02:06 35336]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\arquivos de programas\Arquivos comuns\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [19/1/2010 13:18 102448]
S2 lxddCATSCustConnectService;lxddCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxddserv.exe [30/10/2009 07:50 99248]
S3 PERTO38U;PertoSmart EMV - Leitor USB de Cartoes Inteligentes;c:\windows\system32\drivers\perto38u.sys [10/10/2006 14:06 33408]
S3 SavRoam;SAVRoam;c:\arquivos de programas\Symantec AntiVirus\SavRoam.exe [27/9/2006 20:33 116464]
S3 TWKSER2K;CHIPDRIVE Serial SmartCardReader;c:\windows\system32\drivers\TWKSER2K.sys [25/8/2004 14:06 185611]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\aetsprov]
2008-03-26 14:09 81920 ----a-w- c:\windows\system32\aetsprov.dll
.
Conteúdo da pasta 'Tarefas Agendadas'

2010-01-29 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAEXEC.exe [2009-08-03 18:07]

2010-01-29 c:\windows\Tasks\User_Feed_Synchronization-{B225CF32-67C8-4438-BBE2-5477AE701BED}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 06:31]
.
.
------- Scan Suplementar -------
.
uStart Page = hxxp://www.google.com.br/
uInternet Connection Wizard,ShellNext = iexplore
IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~2\Office12\EXCEL.EXE/3000
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-29 09:03
Windows 5.1.2600 Service Pack 3 NTFS

Procurando processos ocultos ...

Procurando entradas auto inicializáveis ocultas ...

Procurando ficheiros/arquivos ocultos ...

Varredura completada com sucesso
arquivos/ficheiros ocultos: 0

**************************************************************************
.
--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------

[HKEY_USERS\S-1-5-21-57989841-308236825-1801674531-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:b8,89,92,5e,9a,b7,67,14,5d,08,af,a0,d8,2b,f7,58,e0,67,ca,89,6f,eb,07,
a8,ef,14,31,f6,76,ee,df,0e,72,7f,f7,04,c7,8f,65,a0,87,9a,1f,3a,59,2b,47,99,\
"??"=hex:b5,21,27,62,3b,c8,c8,02,17,42,6e,0f,33,5f,ff,e6

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\h–€|ÿÿÿÿ¤â€¢â‚¬|ù•6~*]
"6140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

- - - - - - - > 'explorer.exe'(3128)
c:\windows\system32\WININET.dll
c:\arquiv~1\WINDOW~2\wmpband.dll
c:\windows\system32\webcheck.dll
c:\arquivos de programas\Scpad\scpLIB.dll
c:\arquivos de programas\Scpad\scpMIB.dll
c:\arquivos de programas\Scpad\sshib.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Outros Processos em Execução ------------------------
.
c:\arquivos de programas\Arquivos comuns\Symantec Shared\ccSetMgr.exe
c:\arquivos de programas\Arquivos comuns\Symantec Shared\ccEvtMgr.exe
c:\arquivos de programas\Arquivos comuns\Symantec Shared\SPBBC\SPBBCSvc.exe
c:\windows\System32\SCardSvr.exe
c:\arquivos de programas\Symantec AntiVirus\DefWatch.exe
c:\arquivos de programas\Java\jre6\bin\jqs.exe
c:\windows\system32\lxddcoms.exe
c:\windows\system32\nvsvc32.exe
c:\arquivos de programas\Symantec AntiVirus\Rtvscan.exe
c:\windows\RTHDCPL.EXE
c:\documents and settings\PC Contec\Configurações locais\Dados de aplicativos\Google\Update\1.2.183.13\GoogleCrashHandler.exe
.
**************************************************************************
.
Tempo para conclusão: 2010-01-29 09:12:00 - Máquina reiniciou
ComboFix-quarantined-files.txt 2010-01-29 12:11

Pré-execução: 13 pasta(s) 139.443.286.016 bytes disponíveis
Pós execução: 17 pasta(s) 139.381.444.608 bytes disponíveis

WindowsXP-KB310994-SP2-Pro-BootDisk-PTG.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /usepmtimer

- - End Of File - - B78538AF14CFED471643227A01AC7694

Edit: Moved topic from Windows 95/98/ME to the more appropriate forum. ~ Animal

BC AdBot (Login to Remove)

 

#2 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
    •  
  • Gender:Male
  • Local time:02:37 PM

Posted 06 February 2010 - 07:16 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted logs, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

We also need a new log from the GMER anti-rootkit scanner. Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice

Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log



Also, please subscribe to this topic, so you are notified when someone replies. Please continue to check manually on occasion, as every now and then the email may be caught by your spam filter.
To enable topic notifications you should do the following:
  1. Click on the My Controls link at the top of the page to enter your control panel.
  2. Scroll down to the Options category in the left hand side menu bar and click on the Email Settings link.
  3. Put a checkmark in the checkbox labeled Enable 'Email Notification' by default?.
  4. Set the If ticked, choose default type: menu option to Immediate Email Notification to have an email sent immediately when someone replied.

Information on A/V control HERE


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 

#3 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 4,150 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:07:37 PM

Posted 11 February 2010 - 07:24 PM

Due to the lack of feedback, this Topic will now be closed.

If you need this topic reopened, please request this by sending one of the Moderating team or an Administrator
a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.

BBPP6nz.png

Back to Virus, Trojan, Spyware, and Malware Removal Help


0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users


  1. BleepingComputer.com
  2. Security
  3. Virus, Trojan, Spyware, and Malware Removal Help
  4. Privacy Policy
  5. Rules ·