[Resolvido] GbiehBSB Internet Explorer

Luci@n@ · Abril 11, 2008

Sempre quando abro uma janela do internet explorer, abre uma janela que só é visualizada clicando no alt tab de iexplore com o nome GbiehBSB, eu nao consigo finalizar o processo e o ie trava.

Segue log do hijack

Logfile of HijackThis v1.99.1

Scan saved at 10:11:37, on 11/4/2008

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:

C:\WINDOWS\System32\HPZipm12.exe

C:\WINDOWS\System32\WgaTray.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\System32\ctfmon.exe

C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\WINDOWS\system32\notepad.exe

C:\Documents and Settings\luciana\Desktop\HijackThis.exe

O2 - BHO: Banco do Brasil S.A. - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\ARQUIV~1\GBPLUG~1\gbiehcef.dll

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe

O4 - HKCU\..\Run: [swg] C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O8 - Extra context menu item: &Windows Live Search - res://C:\Arquivos de programas\Windows Live Toolbar\msntb.dll/search.htm

O8 - Extra context menu item: Abrir em uma nova guia do plano de fundo - res://C:\Arquivos de programas\Windows Live Toolbar\Components\pt-br\msntabres.dll.mui/229?cce017ffdfca46c4b6b7f8e5ae173ae1

O8 - Extra context menu item: Abrir em uma nova guia do primeiro plano - res://C:\Arquivos de programas\Windows Live Toolbar\Components\pt-br\msntabres.dll.mui/230?cce017ffdfca46c4b6b7f8e5ae173ae1

O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx

O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert to existing PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll (file missing)

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll (file missing)

O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\MSMSGS.EXE

O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\MSMSGS.EXE

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O15 - Trusted Zone: *.unifacs.com.br

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - http://ipgweb.cce.hp.com/rdqlar/downloads/sysinfo.cab

O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn2/inst...ctDetection.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399003} (GbPluginObj Class) - https://imagem.caixa.gov.br/cab/GbPluginCef.cab

O16 - DPF: {EBF85371-A38F-485B-B28F-0B4C82D25937} (CUpdateCtl Object) - http://update.hpphoto.com/download/HPSWUpdate.ocx

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O20 - Winlogon Notify: GbiehCef - C:\ARQUIV~1\GBPLUG~1\gbiehcef.dll

O20 - Winlogon Notify: GbPluginCef - C:\Arquivos de programas\GbPlugin\gbiehcef.dll (file missing)

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: Gbp Service (GbpSv) - Unknown owner - C:\ARQUIV~1\GbPlugin\GbpSv.exe (file missing)

O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

DigRam · Abril 12, 2008

Bom Dia! Luci@n@

Logfile of HijackThis v1.99.1
Scan saved at 10:11:37, on 11/4/2008

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

>@< O seu sistema operativo,está desatualizado.Pois,já estamos no SP2 e o Internet Explorer,na versão 7.00.

______________________________

>@< Este site preferencial,foi voçê quem o estabeleceu? < *.unifacs.com.br >

______________________________

>@< Abra o HijackThis >> Clique: Do a system scan only >> Abaixo,marque as entradas!

O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

O20 - Winlogon Notify: GbPluginCef - C:\Arquivos de programas\GbPlugin\gbiehcef.dll (file missing)

>@< Finalize-as clicando em,Fix checked.

______________________________

>@< Faça o download do ComboFix.

>@< Baixe-o para o Desktop!

>@< Desabilite as proteções residente de: antivírus,antispywares e Firewall.

>@< Feche todas as janelas e execute a ferramenta!

Caso aconteça a notificação de: Aplicativo Win32 inválido,delete a ferramenta e faça,novamente,o download.
Salve-a no Desktop,renomeada como: Kombo.exe

Ps: Nomeie durante o salvamento,e não após salvá-la!

>@< Abrirá a janela Auto Scan. Aguarde!

>@< Digite a opção para continuar e < Enter >

>@< Aguarde a conclusão! Durante o scan,evite tocar no mouse ou teclado!

______________________________

>@< Poste o relatório: C:\ComboFix.txt,na sua resposta + Log do HJT,atualizado.

Abraços!

Luci@n@ · Abril 19, 2008

Bom Dia! Luci@n@

Logfile of HijackThis v1.99.1
Scan saved at 10:11:37, on 11/4/2008

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

>@< O seu sistema operativo,está desatualizado.Pois,já estamos no SP2 e o Internet Explorer,na versão 7.00.

______________________________

>@< Este site preferencial,foi voçê quem o estabeleceu? < *.unifacs.com.br >

______________________________

>@< Abra o HijackThis >> Clique: Do a system scan only >> Abaixo,marque as entradas!

O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

O20 - Winlogon Notify: GbPluginCef - C:\Arquivos de programas\GbPlugin\gbiehcef.dll (file missing)

>@< Finalize-as clicando em,Fix checked.

______________________________

>@< Faça o download do ComboFix.

>@< Baixe-o para o Desktop!

>@< Desabilite as proteções residente de: antivírus,antispywares e Firewall.

>@< Feche todas as janelas e execute a ferramenta!

Caso aconteça a notificação de: Aplicativo Win32 inválido,delete a ferramenta e faça,novamente,o download.
Salve-a no Desktop,renomeada como: Kombo.exe

Ps: Nomeie durante o salvamento,e não após salvá-la!

>@< Abrirá a janela Auto Scan. Aguarde!

>@< Digite a opção para continuar e < Enter >

>@< Aguarde a conclusão! Durante o scan,evite tocar no mouse ou teclado!

______________________________

>@< Poste o relatório: C:\ComboFix.txt,na sua resposta + Log do HJT,atualizado.

Abraços!

Esse site *.unifacs.com.br foi eu que estabeleci como seguro.

Segue log com ComboFix

ComboFix 08-04-18.3 - Adm 2008-04-19 18:59:05.2 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.1.1252.1.1046.18.214 [GMT -3:00]

Executando de: C:\Documents and Settings\Adm\Desktop\kombo.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

The following files were disabled during the run:

C:\ARQUIV~1\GBPLUG~1\gbpdist.dll

((((((((((((((((((((((((((((((((((((( Outras Exclusäes )))))))))))))))))))))))))))))))))))))))))))))))))))

.

---- Previous Run -------

.

C:\Documents and Settings\Adm\Configurações locais\Temporary Internet Files\PSE_205_ptb.exe

C:\WINDOWS\system32\_003840_.tmp.dll

C:\WINDOWS\system32\_004005_.tmp.dll

C:\WINDOWS\system32\_004006_.tmp.dll

C:\WINDOWS\system32\_004007_.tmp.dll

C:\WINDOWS\system32\_004008_.tmp.dll

C:\WINDOWS\system32\_004015_.tmp.dll

C:\WINDOWS\system32\_004016_.tmp.dll

C:\WINDOWS\system32\_004017_.tmp.dll

C:\WINDOWS\system32\_004019_.tmp.dll

C:\WINDOWS\system32\_004020_.tmp.dll

C:\WINDOWS\system32\_004023_.tmp.dll

C:\WINDOWS\system32\_004024_.tmp.dll

C:\WINDOWS\system32\_004026_.tmp.dll

C:\WINDOWS\system32\_004027_.tmp.dll

C:\WINDOWS\system32\_004028_.tmp.dll

C:\WINDOWS\system32\_004030_.tmp.dll

C:\WINDOWS\system32\_004031_.tmp.dll

C:\WINDOWS\system32\_004033_.tmp.dll

C:\WINDOWS\system32\_004037_.tmp.dll

C:\WINDOWS\system32\_004038_.tmp.dll

C:\WINDOWS\system32\_004040_.tmp.dll

C:\WINDOWS\system32\_004041_.tmp.dll

C:\WINDOWS\system32\_004042_.tmp.dll

C:\WINDOWS\system32\_004043_.tmp.dll

C:\WINDOWS\system32\_004045_.tmp.dll

C:\WINDOWS\system32\_004046_.tmp.dll

C:\WINDOWS\system32\_004047_.tmp.dll

C:\WINDOWS\system32\_004048_.tmp.dll

C:\WINDOWS\system32\_004051_.tmp.dll

C:\WINDOWS\system32\_004053_.tmp.dll

C:\WINDOWS\system32\_004054_.tmp.dll

C:\WINDOWS\system32\_004055_.tmp.dll

C:\WINDOWS\system32\_004059_.tmp.dll

C:\WINDOWS\system32\Walcult.exe

.

((((((((((((((((((((((( Ficheiros criados de 2008-03-19 to 2008-04-19 ))))))))))))))))))))))))))))))))

.

2008-04-19 18:42 . 2008-04-19 18:59 6,736 --a------ C:\WINDOWS\system32\drivers\PROCEXP90.SYS

2008-04-19 18:38 . 2008-04-19 18:38 <DIR> d-------- C:\ComboFix

2008-04-19 17:58 . 2008-04-19 17:58 3,488 --a------ C:\WINDOWS\svchost

2008-04-18 14:34 . 2008-04-17 15:21 63,488 -ra------ C:\WINDOWS\system\imagens016.exe

2008-04-17 14:42 . 2002-09-09 14:09 286,720 --a------ C:\WINDOWS\system32\msh263.drv

2008-04-17 14:42 . 2002-10-01 03:43 119,798 -ra------ C:\WINDOWS\system32\drivers\SPCA561.SYS

2008-04-17 14:42 . 2002-09-09 14:08 50,688 --a------ C:\WINDOWS\system32\vfwwdm32.dll

2008-04-17 14:42 . 2002-09-09 14:08 50,688 --a--c--- C:\WINDOWS\system32\dllcache\vfwwdm32.dll

2008-04-17 14:42 . 2001-09-05 23:50 45,568 --a------ C:\WINDOWS\system32\iyuv_32.dll

2008-04-17 14:42 . 2001-09-05 23:50 45,568 --a--c--- C:\WINDOWS\system32\dllcache\iyuv_32.dll

2008-04-17 14:42 . 2002-09-20 08:44 14,336 -ra------ C:\WINDOWS\system32\dshow508.ax

2008-04-17 14:42 . 2001-09-05 23:50 8,192 --a------ C:\WINDOWS\system32\tsbyuv.dll

2008-04-17 14:42 . 2001-09-05 23:50 8,192 --a--c--- C:\WINDOWS\system32\dllcache\tsbyuv.dll

2008-04-17 14:37 . 2008-04-17 14:37 <DIR> d-------- C:\WINDOWS\Setup2K

2008-04-17 14:37 . 2002-11-22 15:56 118,784 --a------ C:\WINDOWS\ShowBmp.exe

2008-04-17 14:37 . 2002-08-13 18:01 53,248 --a------ C:\WINDOWS\ap561.exe

2008-04-17 14:37 . 2002-08-13 18:01 14,385 --a------ C:\WINDOWS\Tw561a.ini

2008-04-17 14:37 . 2002-08-13 18:01 7,431 --a------ C:\WINDOWS\Tw561a.src

2008-04-17 14:37 . 2002-03-19 14:11 81 --a------ C:\WINDOWS\Setup8a.ini

2008-04-08 07:15 . 2008-04-08 07:15 <DIR> d-------- C:\Nova pasta

2008-04-06 12:24 . 2008-04-06 12:24 7 ---hs---- C:\WINDOWS\system32\smss24.ini

2008-04-06 12:23 . 2008-04-06 12:24 22,528 --a------ C:\WINDOWS\system32\partizan12rCGfJAN.exe

2008-04-05 23:50 . 2008-04-19 18:50 <DIR> d-------- C:\Arquivos de programas\GbPluggin

2008-04-04 20:14 . 2008-04-04 20:14 <DIR> d-------- C:\WINDOWS\LastGood

2008-03-19 19:46 . 2008-03-19 19:47 <DIR> d-------- C:\WINDOWS\LastGood.Tmp

2008-03-19 10:15 . 2008-03-19 10:49 <DIR> d-------- C:\Loto

.

((((((((((((((((((((((((((((((((((((( Relat¢rio Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-04-17 17:37 --------- d--h--w C:\Arquivos de programas\InstallShield Installation Information

2008-04-08 14:54 --------- d-----w C:\Arquivos de programas\Windows Live Toolbar

2008-04-07 00:24 --------- d-----w C:\Arquivos de programas\GbPlugin

2008-03-25 09:52 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\GbPlugin

2008-03-21 19:44 --------- d-----w C:\Documents and Settings\luciana\Dados de aplicativos\uTorrent

2008-03-21 15:44 --------- d-----w C:\Documents and Settings\luciana\Dados de aplicativos\Image Zone Express

2008-03-09 17:05 --------- d-----w C:\Arquivos de programas\Programas RFB

2008-03-09 16:51 --------- d-----w C:\Arquivos de programas\Java

2008-03-09 16:45 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Java

2008-02-24 21:46 --------- d-----w C:\Arquivos de programas\Alwil Software

2008-02-21 22:25 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Panda Software

2007-12-07 00:10 20,360 ----a-w C:\Documents and Settings\luciana\Dados de aplicativos\GDIPFONTCACHEV1.DAT

2007-06-08 15:41 19,968 ----a-w C:\Documents and Settings\Adm\Dados de aplicativos\GDIPFONTCACHEV1.DAT

2004-10-01 18:00 40,960 ----a-w C:\Arquivos de programas\Uninstall_CDS.exe

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

REGEDIT4

*Nota* entradas vazias & leg¡timas por defeito nÆo sÆo mostradas.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FCAAAC14-BC46-40CA-9CB2-CBB12C6739EB}]

2008-04-18 14:35 734208 --a------ C:\ARQUIV~1\GBPLUG~1\gbiehdst.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Acrobat Assistant 7.0"="C:\Arquivos de programas\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2004-12-14 02:12 483328]

"@"="" []

"KernelFaultCheck"="C:\WINDOWS\system32\dumprep 0 -k" [ ]

"ALUAlert"="C:\Arquivos de programas\Symantec\LiveUpdate\ALUNOTIFY.EXE" [ ]

"HP Software Update"="C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 21:34 49152]

"hpqSRMon"="C:\Arquivos de programas\HP\Digital Imaging\bin\hpqSRMon.exe" [2007-08-22 16:31 80896]

"SunJavaUpdateSched"="C:\Arquivos de programas\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2002-09-09 14:08 13312]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]

"gbieh.1"= rundll32 "C:\ARQUIV~1\GBPLUG~1\gbiehcef.dll" SpecialFunction

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]

"{E37CB5F0-51F5-4395-A808-5FA49E399F83}"= C:\WINDOWS\Downloaded Program Files\gbieh.dll [ ]

"{E37CB5F0-51F5-4395-A808-5FA49E399003}"= C:\Arquivos de programas\GbPlugin\gbiehcef.dll [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbiehAbn]

C:\ARQUIV~1\GBPLUG~1\gbiehdst.dll 2008-04-18 14:35 734208 C:\ARQUIV~1\GBPLUG~1\gbiehdst.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbiehCef]

C:\ARQUIV~1\GBPLUG~1\gbiehcef.dll 2008-04-05 23:50 739840 C:\ARQUIV~1\GBPLUG~1\gbiehcef.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Notification Packages REG_MULTI_SZ scecli scecli

S3 usb2vcom;USB Data Cable;C:\WINDOWS\System32\DRIVERS\usb2vcom.sys [2005-12-21 00:32]

.

**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-04-19 19:06:33

Windows 5.1.2600 Service Pack 1 NTFS

Procurando processos ocultos ...

Procurando entradas auto inicializ veis ocultas ...

Procurando ficheiros ocultos ...

Varredura completada com sucesso

Ficheiros ocultos: 1

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe

-> C:\ARQUIV~1\GBPLUG~1\gbiehdst.dll

-> C:\ARQUIV~1\GBPLUG~1\gbiehcef.dll