I'd really appreciate some help.
Here is Combofix log file:
ComboFix 10-08-30.02 - Eduardo 30/08/2010 22:27:21.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.2046.1465 [GMT -3:00]
Executando de: c:\documents and settings\Eduardo\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1368 [VPS 100830-1] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
ADS - drivers: deleted 216 bytes in 2 streams.
((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\_000016_.tmp.dll
.
(((((((((((((((( Arquivos/Ficheiros criados de 2010-07-28 to 2010-08-31 ))))))))))))))))))))))))))))
.
2010-08-30 09:38 . 2010-08-30 09:38 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2010-08-28 12:35 . 2010-08-30 00:23 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Spybot - Search & Destroy
2010-08-28 12:30 . 2010-08-29 04:30 -------- d-----w- C:\3a833a6c60e90c0c5fa631
2010-08-28 12:25 . 2010-08-28 12:25 -------- d-----w- c:\arquivos de programas\MSXML 4.0
2010-08-28 12:08 . 2010-08-28 12:08 6144 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Spyware Terminator\sp_rsdel.exe
2010-08-28 12:08 . 2010-08-28 12:08 5632 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Spyware Terminator\fileobjinfo.sys
2010-08-28 12:08 . 2010-08-28 12:08 142592 ----a-w- c:\windows\system32\drivers\sp_rsdrv2.sys
2010-08-28 12:08 . 2010-08-30 11:08 -------- d-----w- c:\documents and settings\Eduardo\Dados de aplicativos\Spyware Terminator
2010-08-28 12:08 . 2010-08-30 00:48 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Spyware Terminator
2010-08-28 12:02 . 2009-11-21 15:58 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2010-08-28 12:02 . 2010-06-14 14:31 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe
2010-08-28 12:02 . 2010-06-24 12:24 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2010-08-28 12:01 . 2010-06-18 13:36 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe
.
((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-31 00:38 . 2001-09-06 13:00 84812 ----a-w- c:\windows\system32\perfc016.dat
2010-08-31 00:38 . 2001-09-06 13:00 484912 ----a-w- c:\windows\system32\perfh016.dat
2010-08-30 01:28 . 2009-11-09 20:47 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Microsoft Help
2010-08-30 01:21 . 2009-12-04 23:26 -------- d-----w- c:\arquivos de programas\Microsoft Works
2010-08-23 01:13 . 2010-06-19 15:22 -------- d-----w- c:\documents and settings\Eduardo\Dados de aplicativos\ZoomBrowser EX
2010-07-27 11:20 . 2009-11-06 21:00 45472 ----a-w- c:\windows\system32\drivers\gbpkm.sys
2010-07-15 12:54 . 2010-07-15 12:47 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\PhotoStitch
2010-07-15 00:39 . 2010-06-19 15:11 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\ZoomBrowser
2010-07-06 01:30 . 2009-12-24 13:38 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Nokia
2010-07-06 01:30 . 2010-07-06 01:26 -------- d-----w- c:\arquivos de programas\Nokia
2010-07-06 00:18 . 2010-04-14 02:03 -------- d-----w- c:\documents and settings\Eduardo\Dados de aplicativos\Skype
2010-06-30 12:32 . 2004-08-04 03:45 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-24 12:24 . 2004-08-04 03:45 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-24 09:02 . 2004-08-04 03:38 1852032 ----a-w- c:\windows\system32\win32k.sys
2010-06-21 15:27 . 2004-08-04 02:14 354304 ----a-w- c:\windows\system32\drivers\srv.sys
2010-06-17 14:03 . 2004-08-04 03:45 80384 ----a-w- c:\windows\system32\iccvid.dll
2010-06-14 21:56 . 2010-06-14 21:56 1078 ----a-r- c:\documents and settings\Eduardo\Dados de aplicativos\Microsoft\Installer\{DE0F5F48-B60F-4E7D-9B81-17CA3872A260}\_9c511b6.exe
2010-06-14 14:31 . 2009-10-29 03:17 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-14 07:42 . 2004-08-04 03:45 1172480 ----a-w- c:\windows\system32\msxml3.dll
2010-06-03 02:41 . 2010-06-03 02:41 3600384 ----a-w- c:\windows\system32\GPhotos.scr
.
(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))
.
.
*Nota* entradas vazias e legítimas por defeito não são mostradas.
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2006-07-21 16261632]
"GBB36X Configure"="c:\windows\system32\JMRaidTool.exe" [2006-07-12 356352]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-03-10 7557120]
"nwiz"="nwiz.exe" [2006-03-10 1519616]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-03-10 86016]
"avast!"="d:\arquiv~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-25 81000]
"SunJavaUpdateSched"="d:\arquivos de programas\Java\jre6_2\bin\jusched.exe" [2009-11-07 149280]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2003-09-01 176128]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginBb]
2010-07-27 11:18 335136 ----a-w- c:\arquivos de programas\GbPlugin\gbieh.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKLM\~\startupfolder\C:^Documents and Settings^Eduardo^Menu Iniciar^Programas^Inicializar^Recorte de tela e Iniciador do OneNote 2007.lnk]
path=c:\documents and settings\Eduardo\Menu Iniciar\Programas\Inicializar\Recorte de tela e Iniciador do OneNote 2007.lnk
backup=c:\windows\pss\Recorte de tela e Iniciador do OneNote 2007.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaMServer]
c:\arquivos de programas\Arquivos comuns\Nokia\MPlatform\NokiaMServer [X]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-03-24 18:17 952768 ----a-w- c:\arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-04-04 05:42 36272 ----a-w- c:\arquivos de programas\Adobe\Reader 9.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DeviceDiscovery]
2003-05-21 20:37 229437 ----a-w- c:\arquivos de programas\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2009-10-29 23:51 133104 ----atw- c:\documents and settings\Eduardo\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
2003-10-23 21:51 233472 ----a-w- c:\arquivos de programas\HP\hpcoretech\hpcmpmgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2003-06-25 13:24 49152 ----a-w- c:\arquivos de programas\Hewlett-Packard\HP Software Update\hpwuSchd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
2006-12-06 00:55 54832 ------w- d:\arquivos de programas\CyberLink\PowerDVD\Language\Language.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 13:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2006-11-23 17:10 56928 ------w- d:\arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2009-10-30 02:55 198160 ----a-w- c:\arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"ose"=3 (0x3)
"odserv"=3 (0x3)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Google Update"="c:\documents and settings\Eduardo\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe" /c
"SpybotSD TeaTimer"=d:\arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"NokiaMServer"=c:\arquivos de programas\Arquivos comuns\Nokia\MPlatform\NokiaMServer /watchfiles startup
"NokiaMusic FastStart"="c:\arquivos de programas\Nokia\Ovi Player\NokiaOviPlayer.exe" /command:faststart
"Adobe ARM"="c:\arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe"
"Adobe Reader Speed Launcher"="c:\arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"SkyTel"=SkyTel.EXE
"TkBellExe"="c:\arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Arquivos de programas\\Messenger\\msmsgs.exe"=
"c:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=
"d:\\Arquivos de Programas\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"d:\\Arquivos de Programas\\eMule\\emule.exe"=
"c:\\Arquivos de programas\\Skype\\Plugin Manager\\skypePM.exe"=
"d:\\Arquivos de Programas\\Java\\jre6_2\\bin\\javaw.exe"=
"c:\\Arquivos de programas\\Skype\\Phone\\Skype.exe"=
"d:\\Arquivos de Programas\\Spyware Terminator\\SpywareTerminatorUpdate.exe"=
R0 GbpKm;Gbp KernelMode;c:\windows\system32\drivers\gbpkm.sys [6/11/2009 18:00 45472]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [31/10/2009 02:12 114768]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [28/8/2010 09:08 142592]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [31/10/2009 02:12 20560]
R2 GbpSv;Gbp Service;c:\arquiv~1\GbPlugin\GbpSv.exe [6/11/2009 18:00 55072]
--- =Outros Serviços/Drivers Na Memória ---
*NewlyCreated* - KLMD24
*Deregistered* - klmd24
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Conteúdo da pasta 'Tarefas Agendadas'
.
.
------- Scan Suplementar -------
.
uStart Page = hxxp://www.globo.com/
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~3\Office12\EXCEL.EXE/3000
TCP: {94438815-11E2-4842-9881-4CC7D0FC57B4} = 200.149.55.142 200.165.132.154
DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} - hxxps://www14.bancobrasil.com.br/plugin/GbpDist.cab
.
- - - - ORFÃOS REMOVIDOS - - - -
MSConfigStartUp-NokiaMusic FastStart - d:\arquivos de programas\Nokia\Ovi Player\NokiaOviPlayer.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-30 22:29
Windows 5.1.2600 Service Pack 3 NTFS
Procurando processos ocultos ...
Procurando entradas auto inicializáveis ocultas ...
Procurando ficheiros/arquivos ocultos ...
Varredura completada com sucesso
arquivos/ficheiros ocultos: 0
**************************************************************************
.
--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------
- - - - - - - > 'winlogon.exe'(772)
c:\arquivos de programas\GBPLUGIN\gbieh.dll
.
Tempo para conclusão: 2010-08-30 22:30:55
ComboFix-quarantined-files.txt 2010-08-31 01:30
Pré-execução: 7 pasta(s) 47.513.829.376 bytes disponíveis
Pós execução: 8 pasta(s) 47.805.988.864 bytes disponíveis
WindowsXP-KB310994-SP2-Pro-BootDisk-PTG.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
- - End Of File - - 246D898D1999844A97CFEA5BDCC3CC14
Sign In
Create Account
