Ir ao conteúdo
  • Cadastre-se
Marx

E-mail espião?

Recommended Posts

Tudo bem pessoal?

Estou com um pequeno problema no meu e-mail, pra ser mais objetivo no hotmail.Quando envio um e-email pra qualquer hotmail, ele anexa imagens do meu pc, ou minhas imagens da pasta ou imagens das páginas que visitei na net.

Mas já reparei que só acontece quando eu mando pra um endereço de hotmail.Também notei que acontece quando uso o programa de e-mail, no meu caso uso o incredimail.

O e-email que uso é do yahoo.

Deixo um log pra analise e uma imagem dos anexos "intrusos":

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 21:36:30, on 27/2/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16762)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

C:\ARQUIV~1\AVG\AVG8\avgrsx.exe

C:\ARQUIV~1\AVG\AVG8\avgnsx.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\Analog Devices\SoundMAX\SMTray.exe

C:\WINDOWS\AGRSMMSG.exe

C:\ARQUIV~1\AVG\AVG8\avgtray.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Ares\Ares.exe

C:\Arquivos de programas\Orbitdownloader\orbitdm.exe

C:\Arquivos de programas\Orbitdownloader\orbitnet.exe

C:\Arquivos de programas\Discador iSBT\DiscadorCompiSBT.exe

C:\Arquivos de programas\MSN Messenger\msnmsgr.exe

C:\Arquivos de programas\MSN Messenger\usnsvc.exe

C:\Arquivos de programas\MSN Messenger\msnmsgr.exe

C:\Arquivos de programas\Windows Media Player\wmplayer.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Java\jre6\bin\jusched.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\Arquivos de programas\LimeWire\LimeWire.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\ARQUIV~1\INCRED~1\bin\IncMail.exe

C:\ARQUIV~1\INCRED~1\bin\IMApp.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gazetaesportiva.net/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.isbt.com.br/

O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Arquivos de programas\Orbitdownloader\orbitcth.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Arquivos de programas\AVG\AVG8\avgssie.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\ARQUIV~1\MICROS~2\Office12\GRA8E1~1.DLL

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Arquivos de programas\Orbitdownloader\GrabPro.dll

O4 - HKLM\..\Run: [smapp] C:\Arquivos de programas\Analog Devices\SoundMAX\SMTray.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe

O4 - HKLM\..\Run: [LtMoh] C:\Arquivos de programas\ltmoh\Ltmoh.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [AVG8_TRAY] C:\ARQUIV~1\AVG\AVG8\avgtray.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [ares] "C:\Arquivos de programas\Ares\Ares.exe" -h

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: Stardock ObjectDock.lnk = C:\Arquivos de programas\Stardock\ObjectDock\ObjectDock.exe

O4 - Global Startup: Orbit.lnk = C:\Arquivos de programas\Orbitdownloader\orbitdm.exe

O8 - Extra context menu item: &Download by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/201

O8 - Extra context menu item: &Grab video by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/204

O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/203

O8 - Extra context menu item: Down&load all by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/202

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{D74D5065-5720-42AE-8D5E-FE637DD3DE91}: NameServer = 200.204.0.138 200.204.0.10

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\ARQUIV~1\MICROS~2\Office12\GR99D3~1.DLL

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Arquivos de programas\AVG\AVG8\avgpp.dll

O20 - Winlogon Notify: !SASWinLogon - C:\Arquivos de programas\SUPERAntiSpyware\SASWINLO.dll

O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll

O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Arquivos de programas\Ares\chatServer.exe

O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

--

End of file - 7963 bytes

Neste e-mail, o anexo "amigodeve...pps" foi eu que anexei, os outros foram anexados automáticamente.

Desde já agradeço a atenção.

post-21367-13884950571176_thumb.jpg

Compartilhar este post


Link para o post
Compartilhar em outros sites

Por gentileza, leia o tópico ANTES DE POSTAR:

http://forum.clubedohardware.com.br/leia-antes-postar/597599

Obrigado.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Boa noite Renato, fiz o que me pediu, o DDS me forneceu dois logs:

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-02-01.01)

Microsoft Windows XP Professional

Boot Device: \Device\HarddiskVolume1

Install Date: 12/12/2008 19:31:20

System Uptime: 3/1/2009 19:29:30 (1369 hours ago)

Motherboard: ASUSTeK Computer INC. | | A7V8X-X

Processor: AMD Athlon XP 2800+ | SOCKET A | 1666/133mhz

==== Disk Partitions =========================

A: is Removable

C: is FIXED (NTFS) - 38 GiB total, 26,912 GiB free.

D: is CDROM ()

E: is CDROM ()

==== Disabled Device Manager Items =============

Class GUID: {4D36E96D-E325-11CE-BFC1-08002BE10318}

Description: Agere Systems PCI Soft Modem

Device ID: PCI\VEN_11C1&DEV_0620&SUBSYS_062011C1&REV_00\3&61AAA01&0&70

Manufacturer: Agere

Name: Agere Systems PCI Soft Modem

PNP Device ID: PCI\VEN_11C1&DEV_0620&SUBSYS_062011C1&REV_00\3&61AAA01&0&70

Service: Modem

==== System Restore Points ===================

RP1: 12/12/2008 19:34:26 - Ponto de verificação do sistema

RP2: 12/12/2008 19:57:30 - Installed Windows Media Player 11

RP3: 12/12/2008 19:57:47 - Installed Windows XP Wudf01000.

RP4: 12/12/2008 19:59:26 - Installed Windows XP MSCompPackV1.

RP5: 12/12/2008 20:04:14 - Installed Windows NLSDownlevelMapping.

RP6: 12/12/2008 20:04:28 - Installed Windows IDNMitigationAPIs.

RP7: 12/12/2008 20:05:40 - Windows Internet Explorer 7 Instalado.

RP8: 12/12/2008 20:49:35 - Installed Windows Live Messenger

RP9: 13/12/2008 13:27:05 - Removed Windows Live Messenger

RP10: 13/12/2008 13:27:51 - Instalado Windows Live Messenger

RP11: 15/12/2008 13:33:48 - Installed Microsoft Office Enterprise 2007

RP12: 15/12/2008 13:41:48 - Driver de impressão Send To Microsoft OneNote Driver instalado

RP13: 17/12/2008 12:19:17 - Software Distribution Service 3.0

RP14: 18/12/2008 17:07:39 - Software Distribution Service 3.0

RP15: 19/12/2008 10:24:57 - Instalado Google Earth.

RP16: 20/12/2008 10:57:36 - Software Distribution Service 3.0

RP17: 21/12/2008 20:32:22 - Ponto de verificação do sistema

RP18: 25/12/2008 21:28:56 - Ponto de verificação do sistema

RP19: 26/12/2008 15:11:06 - Installed HP USB Disk Storage Format Tool

RP20: 30/12/2008 18:32:33 - Ponto de verificação do sistema

RP21: 31/12/2008 19:37:55 - Removed HP USB Disk Storage Format Tool

RP22: 31/12/2008 19:40:26 - Installed HP USB Disk Storage Format Tool

RP23: 2/1/2009 18:42:46 - Ponto de verificação do sistema

RP24: 4/1/2009 18:49:28 - Installed Java 2 Runtime Environment, SE v1.4.2_04

RP25: 7/1/2009 15:24:34 - Ponto de verificação do sistema

RP26: 10/1/2009 16:11:47 - Ponto de verificação do sistema

RP27: 16/1/2009 19:31:03 - Ponto de verificação do sistema

RP28: 19/1/2009 16:38:55 - Ponto de verificação do sistema

RP29: 23/1/2009 18:14:38 - Ponto de verificação do sistema

RP30: 26/1/2009 15:57:42 - Ponto de verificação do sistema

RP31: 28/1/2009 15:16:53 - Ponto de verificação do sistema

RP32: 31/1/2009 17:52:54 - Ponto de verificação do sistema

RP33: 4/2/2009 15:44:43 - Software Distribution Service 3.0

RP34: 5/2/2009 16:08:47 - Ponto de verificação do sistema

RP35: 5/2/2009 20:43:35 - Installed SUPERAntiSpyware Free Edition

RP36: 6/2/2009 11:28:30 - Software Distribution Service 3.0

RP37: 7/2/2009 15:07:23 - Software Distribution Service 3.0

RP38: 8/2/2009 17:05:58 - Ponto de verificação do sistema

RP39: 8/2/2009 19:43:43 - Installed AVG Free 8.0

RP40: 9/2/2009 11:28:10 - Software Distribution Service 3.0

RP41: 10/2/2009 20:23:20 - Instalado Opera 9.63

RP42: 11/2/2009 14:37:54 - Software Distribution Service 3.0

RP43: 11/2/2009 16:09:50 - Avg8 Update

RP44: 15/2/2009 09:28:53 - Avg8 Update

RP45: 21/2/2009 15:52:43 - Ponto de verificação do sistema

RP46: 24/2/2009 17:57:56 - Software Distribution Service 3.0

RP47: 26/2/2009 14:00:01 - Software Distribution Service 3.0

RP48: 27/2/2009 14:23:43 - Software Distribution Service 3.0

RP49: 27/2/2009 20:39:21 - Installed Java 6 Update 12

RP50: 28/2/2009 14:17:35 - Software Distribution Service 3.0

==== Installed Programs ======================

Ad-Aware SE Personal

Adobe Flash Player 10 ActiveX

Adobe Flash Player 10 Plugin

Adobe Photoshop 7.0

Agere Systems PCI Soft Modem

Ares 2.0.9

Arquivo do WinRAR

Atualização de Segurança para o Windows Media Player (KB952069)

Atualização de Segurança para o Windows Media Player 11 (KB936782)

Atualização de Segurança para o Windows Media Player 11 (KB954154)

Atualização de Segurança para Windows Internet Explorer 7 (KB938127-v2)

Atualização de Segurança para Windows Internet Explorer 7 (KB958215)

Atualização de Segurança para Windows Internet Explorer 7 (KB960714)

Atualização de Segurança para Windows Internet Explorer 7 (KB961260)

Atualização de Segurança para Windows XP (KB938464)

Atualização de Segurança para Windows XP (KB941569)

Atualização de Segurança para Windows XP (KB946648)

Atualização de Segurança para Windows XP (KB950762)

Atualização de Segurança para Windows XP (KB950974)

Atualização de Segurança para Windows XP (KB951066)

Atualização de Segurança para Windows XP (KB951376-v2)

Atualização de Segurança para Windows XP (KB951698)

Atualização de Segurança para Windows XP (KB951748)

Atualização de Segurança para Windows XP (KB952954)

Atualização de Segurança para Windows XP (KB954211)

Atualização de Segurança para Windows XP (KB954459)

Atualização de Segurança para Windows XP (KB954600)

Atualização de Segurança para Windows XP (KB955069)

Atualização de Segurança para Windows XP (KB956391)

Atualização de Segurança para Windows XP (KB956802)

Atualização de Segurança para Windows XP (KB956803)

Atualização de Segurança para Windows XP (KB956841)

Atualização de Segurança para Windows XP (KB957095)

Atualização de Segurança para Windows XP (KB957097)

Atualização de Segurança para Windows XP (KB958644)

Atualização de Segurança para Windows XP (KB958687)

Atualização de Segurança para Windows XP (KB960715)

Atualização para Windows XP (KB898461)

Atualização para Windows XP (KB951978)

Atualização para Windows XP (KB955839)

Atualização para Windows XP (KB967715)

AVG Free 8.0

DVD Solution

eMule

Google Earth

HijackThis 2.0.2

Hotfix for Windows Media Format 11 SDK (KB929399)

Hotfix para o Windows Media Player 11 (KB939683)

Hotfix para Windows XP (KB952287)

HP USB Disk Storage Format Tool

IncrediMail Xe

Ink Monitor

Java 2 Runtime Environment, SE v1.4.2_04

Java 6 Update 12

LimeWire 5.0.11

Malwarebytes' Anti-Malware

Messenger Plus! Live

Microsoft Compression Client Pack 1.0 for Windows XP

Microsoft Internationalized Domain Names Mitigation APIs

Microsoft National Language Support Downlevel APIs

Microsoft Office Access MUI (Portuguese (Brazil)) 2007

Microsoft Office Enterprise 2007

Microsoft Office Excel MUI (Portuguese (Brazil)) 2007

Microsoft Office Groove MUI (Portuguese (Brazil)) 2007

Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2007

Microsoft Office OneNote MUI (Portuguese (Brazil)) 2007

Microsoft Office Outlook MUI (Portuguese (Brazil)) 2007

Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2007

Microsoft Office Proof (English) 2007

Microsoft Office Proof (Portuguese (Brazil)) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (Portuguese (Brazil)) 2007

Microsoft Office Publisher MUI (Portuguese (Brazil)) 2007

Microsoft Office Shared MUI (Portuguese (Brazil)) 2007

Microsoft Office Word MUI (Portuguese (Brazil)) 2007

Microsoft Software Update for Web Folders (Portuguese (Brazil)) 12

Microsoft User-Mode Driver Framework Feature Pack 1.0

Microsoft Visual C++ 2005 Redistributable

Mozilla Firefox (2.0.0.14)

Multimedia Launcher

Nero Suite

Opera 9.63

Orbit Downloader

Panda ActiveScan 2.0

PCI SoftV92 Modem

PowerDVD

PowerProducer

Software para Impressoras EPSON

SoundMAX

SUPERAntiSpyware Free Edition

WebFldrs XP

Windows Internet Explorer 7

Windows Live Messenger

Windows Media Format 11 runtime

Windows Media Player 11

WinFast® Display Driver

==== End Of File ===========================

Mas acho que é esse que você precisa:

DDS (Ver_09-02-01.01) - NTFSx86

Run by Roberto Marques at 20:39:04,70 on dom 01/03/2009

Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_12

Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.640.303 [GMT -3:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

C:\ARQUIV~1\AVG\AVG8\avgrsx.exe

C:\ARQUIV~1\AVG\AVG8\avgnsx.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\Analog Devices\SoundMAX\SMTray.exe

C:\WINDOWS\AGRSMMSG.exe

C:\Arquivos de programas\Java\jre6\bin\jusched.exe

C:\ARQUIV~1\AVG\AVG8\avgtray.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Ares\Ares.exe

C:\Arquivos de programas\Orbitdownloader\orbitdm.exe

C:\Arquivos de programas\Orbitdownloader\orbitnet.exe

C:\Arquivos de programas\Discador iSBT\DiscadorCompiSBT.exe

C:\Arquivos de programas\MSN Messenger\msnmsgr.exe

C:\Arquivos de programas\MSN Messenger\usnsvc.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\Arquivos de programas\Windows Media Player\wmplayer.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Documents and Settings\Roberto Marques\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.gazetaesportiva.net/

uInternet Connection Wizard,ShellNext = hxxp://www.isbt.com.br/

BHO: Octh Class: {000123b4-9b42-4900-b3f7-f4b073efc214} - c:\arquivos de programas\orbitdownloader\orbitcth.dll

BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\arquivos de programas\avg\avg8\avgssie.dll

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\arquiv~1\micros~2\office12\GRA8E1~1.DLL

BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\arquivos de programas\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\arquivos de programas\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: Grab Pro: {c55bbcd6-41ad-48ad-9953-3609c48eacc7} - c:\arquivos de programas\orbitdownloader\GrabPro.dll

uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe

uRun: [ares] "c:\arquivos de programas\ares\Ares.exe" -h

mRun: [smapp] c:\arquivos de programas\analog devices\soundmax\SMTray.exe

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [nwiz] nwiz.exe /install

mRun: [AGRSMMSG] AGRSMMSG.exe

mRun: [LtMoh] c:\arquivos de programas\ltmoh\Ltmoh.exe

mRun: [sunJavaUpdateSched] "c:\arquivos de programas\java\jre6\bin\jusched.exe"

mRun: [AVG8_TRAY] c:\arquiv~1\avg\avg8\avgtray.exe

dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE

StartupFolder: c:\docume~1\robert~1\menuin~1\progra~1\inicia~1\stardo~1.lnk - c:\arquivos de programas\stardock\objectdock\ObjectDock.exe

StartupFolder: c:\docume~1\alluse~1\menuin~1\progra~1\inicia~1\orbit.lnk - c:\arquivos de programas\orbitdownloader\orbitdm.exe

IE: &Download by Orbit - c:\arquivos de programas\orbitdownloader\orbitmxt.dll/201

IE: &Grab video by Orbit - c:\arquivos de programas\orbitdownloader\orbitmxt.dll/204

IE: Do&wnload selected by Orbit - c:\arquivos de programas\orbitdownloader\orbitmxt.dll/203

IE: Down&load all by Orbit - c:\arquivos de programas\orbitdownloader\orbitmxt.dll/202

IE: E&xportar para o Microsoft Excel - c:\arquiv~1\micros~2\office12\EXCEL.EXE/3000

IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\arquivos de programas\messenger\msmsgs.exe

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\arquiv~1\micros~2\office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\arquiv~1\micros~2\office12\REFIEBAR.DLL

DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} - hxxp://acs.pandasoftware.com/activescan/cabs/as2stubie.cab

DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://download.bitdefender.com/resources/scan8/oscan8.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab

DPF: {CAFEEFAC-0014-0002-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

TCP: {D74D5065-5720-42AE-8D5E-FE637DD3DE91} = 200.204.0.138 200.204.0.10

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\arquiv~1\micros~2\office12\GR99D3~1.DLL

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\arquivos de programas\avg\avg8\avgpp.dll

Notify: !SASWinLogon - c:\arquivos de programas\superantispyware\SASWINLO.dll

Notify: avgrsstarter - avgrsstx.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\arquiv~1\micros~2\office12\GRA8E1~1.DLL

SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\arquivos de programas\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\robert~1\dadosd~1\mozilla\firefox\profiles\1xo5ih9c.default\

============= SERVICES / DRIVERS ===============

R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2009-2-3 28544]

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-2-8 325128]

R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-2-8 27656]

R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-2-8 107272]

R1 SASDIFSV;SASDIFSV;c:\arquivos de programas\superantispyware\sasdifsv.sys [2009-1-15 8944]

R1 SASKUTIL;SASKUTIL;c:\arquivos de programas\superantispyware\SASKUTIL.SYS [2009-1-15 55024]

R2 avg8wd;AVG Free8 WatchDog;c:\arquiv~1\avg\avg8\avgwdsvc.exe [2009-2-8 298264]

S3 SASENUM;SASENUM;c:\arquivos de programas\superantispyware\SASENUM.SYS [2009-1-15 7408]

=============== Created Last 30 ================

2009-02-27 20:41 <DIR> --d----- c:\docume~1\robert~1\dadosd~1\LimeWire

2009-02-27 20:39 73,728 a------- c:\windows\system32\javacpl.cpl

2009-02-27 20:39 410,984 a------- c:\windows\system32\deploytk.dll

2009-02-24 20:01 <DIR> --d----- c:\arquivos de programas\LimeWire

2009-02-20 14:15 <DIR> --dsh--- C:\found.000

2009-02-09 18:28 <DIR> --d----- c:\arquivos de programas\Trend Micro

2009-02-08 21:26 <DIR> --d----- c:\docume~1\robert~1\dadosd~1\Malwarebytes

2009-02-08 21:26 15,504 a------- c:\windows\system32\drivers\mbam.sys

2009-02-08 21:26 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys

2009-02-08 21:26 <DIR> --d----- c:\docume~1\alluse~1\dadosd~1\Malwarebytes

2009-02-08 21:26 <DIR> --d----- c:\arquivos de programas\Malwarebytes' Anti-Malware

2009-02-08 20:57 2,149,376 -c------ c:\windows\system32\dllcache\ntkrnlmp.exe

2009-02-08 20:57 2,070,272 -c------ c:\windows\system32\dllcache\ntkrnlpa.exe

2009-02-08 20:57 2,028,032 -c------ c:\windows\system32\dllcache\ntkrpamp.exe

2009-02-08 20:57 2,193,408 -c------ c:\windows\system32\dllcache\ntoskrnl.exe

2009-02-08 19:31 <DIR> --d-h--- C:\$AVG8.VAULT$

2009-02-08 18:45 10,520 a------- c:\windows\system32\avgrsstx.dll

2009-02-08 18:44 107,272 a------- c:\windows\system32\drivers\avgtdix.sys

2009-02-08 18:44 325,128 a------- c:\windows\system32\drivers\avgldx86.sys

2009-02-08 18:44 <DIR> --d----- c:\windows\system32\drivers\Avg

2009-02-08 18:43 <DIR> --d----- c:\arquivos de programas\AVG

2009-02-08 18:41 <DIR> --d----- c:\docume~1\alluse~1\dadosd~1\avg8

2009-02-08 14:17 <DIR> --d----- c:\arquivos de programas\Stardock

2009-02-08 14:17 <DIR> --d----- c:\arquivos de programas\arquivos comuns\Stardock

2009-02-05 20:15 64 a------- c:\windows\wininit.ini

2009-02-05 19:44 <DIR> --d----- c:\docume~1\alluse~1\dadosd~1\SUPERAntiSpyware.com

2009-02-05 19:43 <DIR> --d----- c:\docume~1\robert~1\dadosd~1\SUPERAntiSpyware.com

2009-02-05 19:43 <DIR> --d----- c:\arquivos de programas\SUPERAntiSpyware

2009-02-05 19:43 <DIR> --d----- c:\arquivos de programas\arquivos comuns\Wise Installation Wizard

2009-02-03 19:21 28,544 a------- c:\windows\system32\drivers\pavboot.sys

2009-02-03 19:21 <DIR> --d----- c:\arquivos de programas\Panda Security

2009-02-02 20:03 <DIR> --d----- c:\arquivos de programas\Lavasoft

2009-01-31 19:23 1,060,864 a------- c:\windows\system32\MFC71.dll

2009-01-31 19:23 499,712 a------- c:\windows\system32\MSVCP71.dll

==================== Find3M ====================

2009-02-25 19:40 0 a------- c:\arquivos de programas\informa.txt

2009-02-15 09:10 347,294 a------- c:\windows\system32\perfh016.dat

2009-02-15 09:10 49,586 a------- c:\windows\system32\perfc016.dat

2009-01-24 20:45 796,672 a------- c:\windows\GPInstall.exe

2008-12-20 19:47 826,368 a------- c:\windows\system32\wininet.dll

2008-12-15 13:37 86,327 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat

2008-12-12 18:23 21,844 a------- c:\windows\system32\emptyregdb.dat

2004-10-01 14:00 40,960 a------- c:\arquivos de programas\Uninstall_CDS.exe

============= FINISH: 20:39:31,12 ===============

O gmer me forneceu o seguinte:

GMER 1.0.14.14536 - http://www.gmer.net

Rootkit scan 2009-03-01 20:55:04

Windows 5.1.2600 Service Pack 3

---- User code sections - GMER 1.0.14 ----

.text C:\Arquivos de programas\MSN Messenger\msnmsgr.exe[2816] kernel32.dll!LoadResource 7C80A045 7 Bytes JMP 28001CD0 C:\Arquivos de programas\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)

.text C:\Arquivos de programas\MSN Messenger\msnmsgr.exe[2816] kernel32.dll!FindResourceExW 7C80AD18 7 Bytes JMP 28001B10 C:\Arquivos de programas\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)

.text C:\Arquivos de programas\MSN Messenger\msnmsgr.exe[2816] kernel32.dll!FindResourceW 7C80BC5E 7 Bytes JMP 28001A90 C:\Arquivos de programas\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)

.text C:\Arquivos de programas\MSN Messenger\msnmsgr.exe[2816] kernel32.dll!SizeofResource 7C80BCF9 7 Bytes JMP 28001D90 C:\Arquivos de programas\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)

.text C:\Arquivos de programas\MSN Messenger\msnmsgr.exe[2816] kernel32.dll!FindResourceA 7C80BF19 7 Bytes JMP 28001BA0 C:\Arquivos de programas\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)

.text C:\Arquivos de programas\MSN Messenger\msnmsgr.exe[2816] kernel32.dll!LockResource 7C80CD27 5 Bytes JMP 28001E00 C:\Arquivos de programas\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)

.text C:\Arquivos de programas\MSN Messenger\msnmsgr.exe[2816] kernel32.dll!CreateEventA 7C83089D 5 Bytes JMP 28001850 C:\Arquivos de programas\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)

.text C:\Arquivos de programas\MSN Messenger\msnmsgr.exe[2816] kernel32.dll!FindResourceExA 7C835F90 7 Bytes JMP 28001C30 C:\Arquivos de programas\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)

.text C:\Arquivos de programas\MSN Messenger\msnmsgr.exe[2816] kernel32.dll!SetUnhandledExceptionFilter 7C8449FD 5 Bytes JMP 004DE392 C:\Arquivos de programas\MSN Messenger\msnmsgr.exe (Messenger/Microsoft Corporation)

.text C:\Arquivos de programas\MSN Messenger\msnmsgr.exe[2816] kernel32.dll!OutputDebugStringW 7C85B335 5 Bytes JMP 28001E60 C:\Arquivos de programas\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)

.text C:\Arquivos de programas\MSN Messenger\msnmsgr.exe[2816] ADVAPI32.dll!CryptDeriveKey 77F69FDD 7 Bytes JMP 28001000 C:\Arquivos de programas\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)

.text C:\Arquivos de programas\MSN Messenger\msnmsgr.exe[2816] ADVAPI32.dll!CryptDecrypt 77F6A109 7 Bytes JMP 28001060 C:\Arquivos de programas\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)

.text C:\Arquivos de programas\MSN Messenger\msnmsgr.exe[2816] USER32.dll!PeekMessageW 7E36929B 5 Bytes JMP 28004430 C:\Arquivos de programas\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)

.text C:\Arquivos de programas\MSN Messenger\msnmsgr.exe[2816] USER32.dll!SetWindowPlacement 7E36DE46 5 Bytes JMP 28005C10 C:\Arquivos de programas\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)

.text C:\Arquivos de programas\MSN Messenger\msnmsgr.exe[2816] USER32.dll!CreateDialogParamW 7E36EA3B 5 Bytes JMP 28005E90 C:\Arquivos de programas\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)

.text C:\Arquivos de programas\MSN Messenger\msnmsgr.exe[2816] USER32.dll!LoadImageW 7E377B97 5 Bytes JMP 280064E0 C:\Arquivos de programas\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)

.text C:\Arquivos de programas\MSN Messenger\msnmsgr.exe[2816] USER32.dll!CreateWindowExW 7E37D0A3 5 Bytes JMP 28003AF0 C:\Arquivos de programas\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)

.text C:\Arquivos de programas\MSN Messenger\msnmsgr.exe[2816] USER32.dll!SetWindowRgn 7E37E528 7 Bytes JMP 28005D50 C:\Arquivos de programas\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)

.text C:\Arquivos de programas\MSN Messenger\msnmsgr.exe[2816] USER32.dll!LoadIconW 7E37E8BC 5 Bytes JMP 280066D0 C:\Arquivos de programas\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)

.text C:\Arquivos de programas\MSN Messenger\msnmsgr.exe[2816] USER32.dll!MessageBoxIndirectW 7E3B64D5 5 Bytes JMP 28006080 C:\Arquivos de programas\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)

.text C:\Arquivos de programas\MSN Messenger\msnmsgr.exe[2816] USER32.dll!TrackPopupMenuEx 7E3BCF62 5 Bytes JMP 28004D10 C:\Arquivos de programas\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)

.text C:\Arquivos de programas\MSN Messenger\msnmsgr.exe[2816] WS2_32.dll!closesocket 71A73E2B 5 Bytes JMP 2800B920 C:\Arquivos de programas\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)

.text C:\Arquivos de programas\MSN Messenger\msnmsgr.exe[2816] WS2_32.dll!send 71A74C27 5 Bytes JMP 2800B500 C:\Arquivos de programas\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)

.text C:\Arquivos de programas\MSN Messenger\msnmsgr.exe[2816] WS2_32.dll!WSARecv 71A74CB5 5 Bytes JMP 2800B2E0 C:\Arquivos de programas\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)

.text C:\Arquivos de programas\MSN Messenger\msnmsgr.exe[2816] WS2_32.dll!recv 71A7676F 5 Bytes JMP 2800B140 C:\Arquivos de programas\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)

.text C:\Arquivos de programas\MSN Messenger\msnmsgr.exe[2816] WS2_32.dll!WSASend 71A768FA 5 Bytes JMP 2800B6E0 C:\Arquivos de programas\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)

.text C:\Arquivos de programas\MSN Messenger\msnmsgr.exe[2816] SHELL32.dll!Shell_NotifyIconW 7CA2A5BF 5 Bytes JMP 280032B0 C:\Arquivos de programas\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)

.text C:\Arquivos de programas\MSN Messenger\msnmsgr.exe[2816] ole32.dll!CoInitializeEx 774DEF7B 5 Bytes JMP 28002110 C:\Arquivos de programas\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)

.text C:\Arquivos de programas\MSN Messenger\msnmsgr.exe[2816] ole32.dll!CoRegisterClassObject 774F7E90 5 Bytes JMP 28002210 C:\Arquivos de programas\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)

.text C:\Arquivos de programas\MSN Messenger\msnmsgr.exe[2816] WININET.dll!InternetCloseHandle 4338DA59 5 Bytes JMP 2800A2A0 C:\Arquivos de programas\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)

.text C:\Arquivos de programas\MSN Messenger\msnmsgr.exe[2816] WININET.dll!HttpOpenRequestA 43394341 5 Bytes JMP 28009F60 C:\Arquivos de programas\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)

.text C:\Arquivos de programas\MSN Messenger\msnmsgr.exe[2816] WININET.dll!InternetReadFile 4339ABB4 5 Bytes JMP 2800A0F0 C:\Arquivos de programas\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)

.text C:\Arquivos de programas\MSN Messenger\msnmsgr.exe[2816] WININET.dll!HttpSendRequestA 4339CD40 5 Bytes JMP 2800A1D0 C:\Arquivos de programas\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)

.text C:\Arquivos de programas\Internet Explorer\iexplore.exe[3372] USER32.dll!DialogBoxParamW 7E3747AB 5 Bytes JMP 4367F341 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Arquivos de programas\Internet Explorer\iexplore.exe[3372] USER32.dll!DialogBoxIndirectParamW 7E382072 5 Bytes JMP 4381187F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Arquivos de programas\Internet Explorer\iexplore.exe[3372] USER32.dll!MessageBoxIndirectA 7E38A082 5 Bytes JMP 43811800 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Arquivos de programas\Internet Explorer\iexplore.exe[3372] USER32.dll!DialogBoxParamA 7E38B144 5 Bytes JMP 43811844 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Arquivos de programas\Internet Explorer\iexplore.exe[3372] USER32.dll!MessageBoxExW 7E3A0838 5 Bytes JMP 4381178C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Arquivos de programas\Internet Explorer\iexplore.exe[3372] USER32.dll!MessageBoxExA 7E3A085C 5 Bytes JMP 438117C6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Arquivos de programas\Internet Explorer\iexplore.exe[3372] USER32.dll!DialogBoxIndirectParamA 7E3A6D7D 5 Bytes JMP 438118BA C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Arquivos de programas\Internet Explorer\iexplore.exe[3372] USER32.dll!MessageBoxIndirectW 7E3B64D5 5 Bytes JMP 436A16F6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

---- User IAT/EAT - GMER 1.0.14 ----

IAT C:\Arquivos de programas\Internet Explorer\iexplore.exe[3372] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!TrackPopupMenu] [1000770B] C:\Arquivos de programas\Orbitdownloader\orbitcth.dll (Orbitcth/Orbitdownloader.com)

IAT C:\Arquivos de programas\Internet Explorer\iexplore.exe[3372] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!TrackPopupMenu] [1000770B] C:\Arquivos de programas\Orbitdownloader\orbitcth.dll (Orbitcth/Orbitdownloader.com)

---- Devices - GMER 1.0.14 ----

AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

AttachedDevice \Driver\Tcpip \Device\Ip ntoskrnl.exe (Núcleo e sistema do NT/Microsoft Corporation)

AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

AttachedDevice \Driver\Tcpip \Device\Tcp ntoskrnl.exe (Núcleo e sistema do NT/Microsoft Corporation)

AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

AttachedDevice \Driver\Tcpip \Device\Udp ntoskrnl.exe (Núcleo e sistema do NT/Microsoft Corporation)

AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

AttachedDevice \Driver\Tcpip \Device\RawIp ntoskrnl.exe (Núcleo e sistema do NT/Microsoft Corporation)

---- EOF - GMER 1.0.14 ----

Bom acho que é isso, obrigado

Compartilhar este post


Link para o post
Compartilhar em outros sites

Faça um Online Scan em kaspersky Virusscanner

  • Clique em Clipboard01-1.jpg
  • Quando questionando para instalar o componente ActiveX, clique em Clipboard015.jpg
  • Aguarde a instalação e a actualização e depois clique em Clipboard013.jpg
  • Clique agora em Clipboard016.jpg
  • Nas opções do scan (settings), certifique-se que as entradas abaixo estão selecionadas:
    • Scan using the following Anti-Virus database:

      Extended (if available otherwise Standard)

    • Scan Options:

      Scan Archives
      Scan Mail Bases

    [*]Clique Clipboard014.jpg

    [*]Clique em My Computer para que seja feito um Scan completo no seu Sistema.

    [*]Será iniciado o scan e poderá demorar um pouco. Seja paciente e aguarde.

    [*]No final do Scan, clique no botão Save as Text

    [*]Salve o log com os resultados e poste na sua próxima resposta.

    [*]Gere e cole também um novo log do HijackThis.

Compartilhar este post


Link para o post
Compartilhar em outros sites





Sobre o Clube do Hardware

No ar desde 1996, o Clube do Hardware é uma das maiores, mais antigas e mais respeitadas publicações sobre tecnologia do Brasil. Leia mais

Direitos autorais

Não permitimos a cópia ou reprodução do conteúdo do nosso site, fórum, newsletters e redes sociais, mesmo citando-se a fonte. Leia mais

×