[Arquivado] Erro ao iniciar: gbiehbsb.dll

[dre_carbonyc 0]

Assim que iniciava o pc aparecia uma mensagem de erro "C:\WINDOWS\gbiehbsb.dll"

Procurei em outros tópicos e vi que algumas pessoas tinham solucionado este problema através de um script do combofix, daí utilizei-o, porém enquanto o programa rodava, a cada etapa abria uma janela pra selecionar um programa pra rodar um aplicativo "pv.cfexe" (detalhe, quando iniciei o programa o Spyware doctor tentou bloqueá-lo, daí desativei-o e continuei)

Bem, o erro sumiu, mas queria ter certeza de que realmente estou livre de ameaças!

Segue o log do HijackThis e do Combofix:

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 15:42:44, on 31/5/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16640)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\ESET\ESET NOD32 Antivirus\ekrn.exe

C:\Arquivos de programas\Spyware Doctor\pctsAuxs.exe

C:\Arquivos de programas\Spyware Doctor\pctsSvc.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\alg.exe

C:\Arquivos de programas\Spyware Doctor\pctsTray.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\SOUNDMAN.EXE

C:\WINDOWS\system32\VTTimer.exe

C:\WINDOWS\system32\VTtrayp.exe

C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe

C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe

C:\Arquivos de programas\ESET\ESET NOD32 Antivirus\egui.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Messenger\msmsgs.exe

C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe

C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Arquivos de programas\Windows Sidebar\sidebar_clear.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

C:\Arquivos de programas\Windows Sidebar\sidebar_clear.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqSTE08.exe

C:\HijackThis\HijackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Arquivos de programas\Winamp Toolbar\winamptb.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Arquivos de programas\AVG\AVG8\avgssie.dll (file missing)

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\Windows Live Toolbar\msntb.dll

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\Windows Live Toolbar\msntb.dll

O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)

O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Arquivos de programas\Winamp Toolbar\winamptb.dll

O4 - HKLM\..\Run: [sMSERIAL] sm56hlpr.exe

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [VTTimer] VTTimer.exe

O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [RemoteControl] "C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [HP Software Update] C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [iSTray] "C:\Arquivos de programas\Spyware Doctor\pctsTray.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [egui] "C:\Arquivos de programas\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [RSetting] c:\windows\inf\grydr.exe

O4 - HKCU\..\Run: [userTools] c:\arquivos de programas\arquivos comuns\iozxz.exe

O4 - HKCU\..\Run: [CheckS] c:\windows\config\qgzlg.exe

O4 - HKCU\..\Run: [DeviceSys] c:\windows\system32\ngbqg.exe

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [swg] C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [sidebar] C:\Arquivos de programas\Windows Sidebar\sidebar_clear.exe /autoRun

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: &Windows Live Search - res://C:\Arquivos de programas\Windows Live Toolbar\msntb.dll/search.htm

O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O23 - Service: Eset HTTP Server (EhttpSrv) - Unknown owner - C:\Arquivos de programas\ESET\ESET NOD32 Antivirus\EHttpSrv.exe

O23 - Service: Eset Service (ekrn) - ESET - C:\Arquivos de programas\ESET\ESET NOD32 Antivirus\ekrn.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Arquivos de programas\Spyware Doctor\pctsAuxs.exe

O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Arquivos de programas\Spyware Doctor\pctsSvc.exe

 

--

End of file - 7066 bytes

 

 

ComboFix 08-05-29.1 - Família 2008-05-31 15:32:22.2 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.75 [GMT -3:00]

Executando de: C:\Documents and Settings\Família\Desktop\ComboFix.exe

Command switches used :: C:\Documents and Settings\Família\Desktop\CFScript.txt

* Criado um novo ponto de restauro

* Resident AV is active

 

 

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

 

FILE ::

C:\install.dat

C:\WINDOWS\gbiehbsb.dll

C:\WINDOWS\mssnmsgr.dll

C:\WINDOWS\ping.exe

C:\WINDOWS\svchost

C:\WINDOWS\svcpool.dll

.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\WINDOWS\_tmp

C:\WINDOWS\mssnmsgr.dll

C:\WINDOWS\svchost

.

---- Previous Run -------

.

C:\Documents and Settings\Família\ravmonlog

C:\WINDOWS\winhlp.dll

 

.

((((((((((((((((((((((( Ficheiros criados de 2008-04-28 to 2008-05-31 ))))))))))))))))))))))))))))))))

.

 

2008-05-31 14:40 . 2008-05-31 14:40 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\ESET

2008-05-31 14:40 . 2008-05-31 14:40 <DIR> d-------- C:\Arquivos de programas\ESET

2008-05-31 14:35 . 2008-05-31 14:35 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Avg8

2008-05-31 14:25 . 2008-05-31 14:25 <DIR> d-a------ C:\VAIO

2008-05-31 14:25 . 2008-05-31 15:06 <DIR> d-a------ C:\Arquivos de programas\Windows Sidebar

2008-05-31 14:04 . 2008-05-31 14:04 <DIR> d--hsc--- C:\Arquivos de programas\Arquivos comuns\WindowsLiveInstaller

2008-05-31 14:02 . 2008-05-31 14:02 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\WLInstaller

2008-05-31 13:49 . 2008-05-31 15:26 <DIR> d-------- C:\HijackThis

2008-05-31 13:44 . 2008-05-31 13:44 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Adobe

2008-05-29 10:30 . 2008-05-29 10:30 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Messenger Plus!

2008-05-28 20:57 . 2008-05-31 14:03 <DIR> d-------- C:\Arquivos de programas\Windows Live

2008-05-28 20:57 . 2008-05-28 21:11 <DIR> d-------- C:\Arquivos de programas\Messenger Plus! Live

2008-05-28 20:57 . 2008-05-28 20:57 <DIR> d-------- C:\Arquivos de programas\Circle Developement

2008-05-21 01:07 . 2008-05-21 01:13 <DIR> d-------- C:\Documents and Settings\Família\Dados de aplicativos\Winamp

2008-05-18 10:09 . 2008-05-18 10:10 <DIR> d-------- C:\Arquivos de programas\Winamp

2008-05-18 10:03 . 2008-05-18 10:03 <DIR> d-------- C:\Arquivos de programas\MSECache

2008-05-17 21:47 . 2008-05-17 21:47 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Winamp Toolbar

2008-05-17 21:47 . 2008-05-17 21:47 <DIR> d-------- C:\Arquivos de programas\Winamp Toolbar

2008-05-17 21:08 . 2008-05-17 21:08 <DIR> d-------- C:\Arquivos de programas\XP Codec Pack

2008-05-17 21:08 . 2007-08-18 03:54 380,928 --a------ C:\WINDOWS\system32\ac3filter.acm

2008-05-17 13:10 . 2008-01-12 19:18 <DIR> d--h----- C:\Documents and Settings\Administrador\Modelos

2008-05-17 13:10 . 2008-01-12 16:51 <DIR> d-------- C:\Documents and Settings\Administrador\Meus documentos

2008-05-17 13:10 . 2008-01-12 16:51 <DIR> dr------- C:\Documents and Settings\Administrador\Menu Iniciar

2008-05-17 13:10 . 2008-01-12 16:51 <DIR> d-------- C:\Documents and Settings\Administrador\Favoritos

2008-05-17 13:10 . 2008-01-12 16:51 <DIR> dr-h----- C:\Documents and Settings\Administrador\Dados de aplicativos

2008-05-17 13:10 . 2008-05-31 15:36 <DIR> d--h----- C:\Documents and Settings\Administrador\Configurações locais

2008-05-17 13:10 . 2008-01-12 16:51 <DIR> d--h----- C:\Documents and Settings\Administrador\Ambiente de rede

2008-05-17 13:10 . 2008-01-12 16:51 <DIR> d--h----- C:\Documents and Settings\Administrador\Ambiente de impressão

2008-05-17 13:10 . 2008-05-17 13:10 <DIR> d-------- C:\Documents and Settings\Administrador

2008-05-17 12:55 . 2008-05-17 12:55 <DIR> d-------- C:\Arquivos de programas\AVG

2008-05-17 12:23 . 2008-05-17 12:23 <DIR> d-------- C:\Arquivos de programas\Windows Media Connect 2

2008-05-17 12:20 . 2008-05-17 12:20 <DIR> d-------- C:\WINDOWS\system32\LogFiles

2008-05-17 12:20 . 2008-05-17 12:22 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF

2008-05-17 10:22 . 2008-05-17 10:22 0 --a------ C:\WINDOWS\nsreg.dat

2008-05-16 17:46 . 2008-05-27 01:32 21,032 --a------ C:\Documents and Settings\Família\Dados de aplicativos\GDIPFONTCACHEV1.DAT

2008-05-16 16:00 . 2008-03-01 10:02 6,066,176 --a------ C:\WINDOWS\system32\SETD1.tmp

2008-05-16 16:00 . 2008-03-01 10:02 1,159,680 --a------ C:\WINDOWS\system32\SETC2.tmp

2008-05-16 16:00 . 2008-03-01 10:02 826,368 --a------ C:\WINDOWS\system32\SETC0.tmp

2008-05-16 16:00 . 2008-03-01 10:02 459,264 --a------ C:\WINDOWS\system32\SETCB.tmp

2008-05-16 16:00 . 2008-03-01 10:02 383,488 --a------ C:\WINDOWS\system32\SETD3.tmp

2008-05-16 16:00 . 2008-03-01 10:02 267,776 --a------ C:\WINDOWS\system32\SETCF.tmp

2008-05-16 16:00 . 2008-03-01 10:02 124,928 --a------ C:\WINDOWS\system32\SETDB.tmp

2008-05-16 16:00 . 2008-03-01 10:02 105,984 --a------ C:\WINDOWS\system32\SETC3.tmp

2008-05-16 16:00 . 2008-03-01 10:02 63,488 --a------ C:\WINDOWS\system32\SETD8.tmp

2008-05-16 16:00 . 2008-03-01 10:02 52,224 --a------ C:\WINDOWS\system32\SETCA.tmp

2008-05-16 14:14 . 2008-05-16 14:14 268 --ah----- C:\sqmdata08.sqm

2008-05-16 14:14 . 2008-05-16 14:14 244 --ah----- C:\sqmnoopt08.sqm

2008-05-15 07:06 . 2008-05-15 07:06 268 --ah----- C:\sqmdata07.sqm

2008-05-15 07:06 . 2008-05-15 07:06 244 --ah----- C:\sqmnoopt07.sqm

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-05-31 18:31 --------- d---a-w C:\Documents and Settings\All Users\Dados de aplicativos\TEMP

2008-05-31 17:08 --------- d-----w C:\Arquivos de programas\MSN Messenger

2008-05-29 12:10 --------- d-----w C:\Arquivos de programas\Spyware Doctor

2008-05-17 15:56 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Grisoft

2008-01-31 22:23 12,794,880 ----a-w C:\Arquivos de programas\MP10Setup.exe

2008-01-31 22:14 4,718,008 ----a-w C:\Arquivos de programas\Silverlight.1.1.AlphaRefresh.exe

.

 

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Nota* entradas vazias & legítimas por defeito não são mostradas.

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}]

2008-03-19 19:36 1267040 --a------ C:\Arquivos de programas\Winamp Toolbar\winamptb.dll

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}"= "C:\Arquivos de programas\Winamp Toolbar\winamptb.dll" [2008-03-19 19:36 1267040]

 

[HKEY_CLASSES_ROOT\clsid\{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}]

[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]

[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]

[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]

"{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}"= C:\Arquivos de programas\Winamp Toolbar\winamptb.dll [2008-03-19 19:36 1267040]

 

[HKEY_CLASSES_ROOT\clsid\{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}]

[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]

[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]

[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:45 15360]

"MSMSGS"="C:\Arquivos de programas\Messenger\msmsgs.exe" [2004-10-13 13:24 1694208]

"RSetting"="c:\windows\inf\grydr.exe" [ ]

"UserTools"="c:\arquivos de programas\arquivos comuns\iozxz.exe" [ ]

"CheckS"="c:\windows\config\qgzlg.exe" [ ]

"DeviceSys"="c:\windows\system32\ngbqg.exe" [ ]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe" [2006-06-01 13:32 94208]

"swg"="C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-02-11 23:38 68856]

"Sidebar"="C:\Arquivos de programas\Windows Sidebar\sidebar_clear.exe" [2008-05-31 15:06 1249280]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SMSERIAL"="sm56hlpr.exe" [2005-07-05 17:47 544768 C:\WINDOWS\sm56hlpr.exe]

"SoundMan"="SOUNDMAN.EXE" [2005-12-27 04:58 577536 C:\WINDOWS\SOUNDMAN.EXE]

"VTTimer"="VTTimer.exe" [2005-03-07 16:33 53248 C:\WINDOWS\system32\VTTimer.exe]

"VTTrayp"="VTtrayp.exe" [2005-03-11 06:33 147456 C:\WINDOWS\system32\VTTrayp.exe]

"NWEReboot"="" []

"NeroFilterCheck"="C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe" [2006-01-12 16:40 155648]

"RemoteControl"="C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe" [2005-01-12 03:01 32768]

"HP Software Update"="C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 02:41 49152]

"ISTray"="C:\Arquivos de programas\Spyware Doctor\pctsTray.exe" [2007-12-10 14:53 1103752]

"Adobe Reader Speed Launcher"="C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]

"egui"="C:\Arquivos de programas\ESET\ESET NOD32 Antivirus\egui.exe" [2007-11-08 16:13 1410304]

 

C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\

HP Digital Imaging Monitor.lnk - C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 04:21:22 288472]

Microsoft Office.lnk - C:\Arquivos de programas\Microsoft Office\Office10\OSA.EXE [2001-02-13 09:01:04 83360]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"vidc.ffds"= ffdshow.ax

"msacm.ac3filter"= ac3filter.acm

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=

"C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqste08.exe"=

"C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=

"C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hposfx08.exe"=

"C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hposid01.exe"=

"C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=

"C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=

"C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=

"C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=

"C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=

"C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpoews01.exe"=

"C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=

"C:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"C:\\Arquivos de programas\\Windows Live\\Messenger\\livecall.exe"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"17526:TCP"= 17526:TCP:NortonAV

"15351:TCP"= 15351:TCP:NortonAV

"16901:TCP"= 16901:TCP:NortonAV

"15103:TCP"= 15103:TCP:NortonAV

"15499:TCP"= 15499:TCP:NortonAV

"13297:TCP"= 13297:TCP:NortonAV

"18376:TCP"= 18376:TCP:NortonAV

"18187:TCP"= 18187:TCP:NortonAV

"14269:TCP"= 14269:TCP:NortonAV

 

R1 epfwtdir;epfwtdir;C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2007-11-08 16:17]

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{05c92f10-2414-11dd-8473-001617af7737}]

\Shell\Auto\Command - program.exe e

\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL program.exe e

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{23306268-c146-11dc-b97b-806d6172696f}]

\Shell\Auto\Command - program.exe e

\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL program.exe e

 

.

Conteúdo da pasta 'Tarefas Agendadas'

"2008-05-31 18:28:00 C:\WINDOWS\Tasks\Verificar Atualizações para a Barra de Ferramentas do Windows Live.job"

- C:\Arquivos de programas\Windows Live Toolbar\MSNTBUP.EXE

.

**************************************************************************

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros ocultos ...

 

 

**************************************************************************

.

Tempo para conclusão: 2008-05-31 15:38:37

ComboFix-quarantined-files.txt 2008-05-31 18:38:27

 

Pre-Run: 19,460,243,456 bytes disponíveis

Post-Run: 19,455,410,176 bytes disponíveis

 

183 --- E O F --- 2008-05-28 03:03:59

 

Grato!

[Silas Martins 0]

Quanto ao dbiehbsb.dll já não existe mais nenhum rastro dele em seu pc (resolvido)

Mas gostaria que você realizasse um scan onlnei com os seguindo as instruções abaixo:

 

Abra o bloco de notas e copie as entradas abaixo e as cole:

c:\windows\inf\grydr.exe

c:\windows\config\qgzlg.exe

c:\windows\system32\ngbqg.exe

Salve como Teste.txt

 

Acesse VirusTotal depois clique em arquivo selecio o arquivo que você acabou de gerar com o bloco de notas "teste.txt" e clique em Enviar Arquivo

 

Poste o relatório aqui.

 

Aguardo Retorno

[dre_carbonyc 0]

Antivírus Versão Última Atualização Resultado

AhnLab-V3 2008.5.30.1 2008.06.03 -

AntiVir 7.8.0.26 2008.06.03 -

Authentium 5.1.0.4 2008.06.02 -

Avast 4.8.1195.0 2008.06.03 -

AVG 7.5.0.516 2008.06.03 -

BitDefender 7.2 2008.06.03 -

CAT-QuickHeal 9.50 2008.06.02 -

ClamAV 0.92.1 2008.06.03 -

DrWeb 4.44.0.09170 2008.06.03 -

eSafe 7.0.15.0 2008.06.02 -

eTrust-Vet 31.4.5845 2008.06.03 -

Ewido 4.0 2008.06.02 -

F-Prot 4.4.4.56 2008.06.02 -

F-Secure 6.70.13260.0 2008.06.03 -

Fortinet 3.14.0.0 2008.06.03 -

GData 2.0.7306.1023 2008.06.03 -

Ikarus T3.1.1.26.0 2008.06.03 -

Kaspersky 7.0.0.125 2008.06.03 -

McAfee 5308 2008.06.02 -

Microsoft 1.3604 2008.06.03 -

NOD32v2 3153 2008.06.03 -

Norman 5.80.02 2008.06.02 -

Panda 9.0.0.4 2008.06.02 -

Rising 20.47.11.00 2008.06.03 -

Sophos 4.29.0 2008.06.03 -

Sunbelt 3.0.1143.1 2008.06.03 -

Symantec 10 2008.06.03 -

TheHacker 6.2.92.332 2008.06.03 -

VBA32 3.12.6.7 2008.06.03 -

VirusBuster 4.3.26:9 2008.06.02 -

Webwasher-Gateway 6.6.2 2008.06.03 -

Informações adicionais

File size: 84 bytes

MD5...: 8a2ae892a9a66ae523b003fba6c681dd

SHA1..: 60f88601ec1bee3ee40d379d8eeecdc67293d3b5

SHA256: 91e3ed9e46c00a2f9bc55f65a58fb9de1792a4292812b79772f49d4e0dfb94e2

SHA512: 4cf0ff0a6f0a4df15226501e6e95fc5e1672bb6c8e1a36a89b634c173f3b0883

47eac0ee646163099e9875759ec5b0434fcda45a89be2e4e6969decc5e87ed6b

PEiD..: -

PEInfo: -

[Silas Martins 0]

o relatório está incompleto falta o resultado

[Mário Monteiro 179]

Tópico Arquivado

 

Como o autor não respondeu por mais de 20 dias, o tópico foi arquivado.

 

Caso você seja o autor do tópico e quer reabrir, envie uma mensagem privada para um moderador da área juntamente com o link para este tópico e explique o motivo da reabertura.