[Arquivado] WEB FLDRS XP

milenacampos · Junho 19, 2007

Olá pessoal...estou com um problemaaa.. fui tentar desinstalar o MSN do meu computador e quando abri o adicionar/remover programas do Painel de Controle, a lista de programas tinha sumido e tava so aparecendo 2 ou 3 programas e mais um 'intruso' WEB FLDRS XP... e outro que tb parece ser intruso PLATAFORM. Eu nao instalei nenhum desses dois... o pc ta funcionando normalmente, mas eu kero minha lista de voltaaa... Aí eu executei o CCleaner e ele corrigiu um montao de erros, e deu a opçao de eu desinstalar o tal web fldrs..e eu acabei desinstalando...mas mesmo assim a lista dos programas nao voltou ao normal...eu tenho o anti virus AVAST...sera q eh algum virus q pegou?? Tem soluçao para esse problema sem recorrrer a uma formatação?? Aguardo contato...

obrigada

Milena

Logfile of HijackThis v1.99.1

Scan saved at 03:33:30, on 19/6/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Arquivos de programas\Analog Devices\Core\smax4pnp.exe

C:\Arquivos de programas\Analog Devices\SoundMAX\Smax4.exe

C:\Arquivos de programas\Java\jre1.5.0_06\bin\jusched.exe

C:\Arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\WINDOWS\vsnpstd.exe

C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe

C:\Arquivos de programas\MessengerDiscovery\MessengerDiscovery Live.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\MSN Messenger\usnsvc.exe

C:\WINDOWS\system32\rsvp.exe

C:\WINDOWS\system32\WISPTIS.EXE

C:\Documents and Settings\Administrador\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.uol.com.br/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\WINDOWS\Downloaded Program Files\gbieh.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe

O4 - HKLM\..\Run: [soundMAXPnP] C:\Arquivos de programas\Analog Devices\Core\smax4pnp.exe

O4 - HKLM\..\Run: [soundMAX] "C:\Arquivos de programas\Analog Devices\SoundMAX\Smax4.exe" /tray

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Arquivos de programas\Java\jre1.5.0_06\bin\jusched.exe

O4 - HKLM\..\Run: [RemoteControl] "C:\Arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - Startup: Ferramenta de Verificação de Mídia do Cyber-shot Viewer.lnk = C:\Arquivos de programas\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O11 - Options group: [iNTERNATIONAL] International*

O12 - Plugin for .spop: C:\Arquivos de programas\Internet Explorer\Plugins\NPDocBox.dll

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813

O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by141fd.bay141.hotmail.msn.com/resources/MsnPUpld.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1179250905562

O16 - DPF: {65E8E2DC-186A-4AAC-9E56-FDC683055A9E} (CNetOnlineInstall Control) - http://www.download.com/html/dl/bug211623/...lineInstall.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1179253024671

O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://www14.bancobrasil.com.br/plugin/GbpDist.cab

O16 - DPF: {FE5B9F54-7764-4C01-89F0-4862601EE954} (DigWebHelper Class) - http://photos.msn.com/resources/neutral/co....cab?10,0,910,0

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: Gbp Service (GbpSv) - GAS Tecnologia LTDA - C:\Arquivos de programas\GbPlugin\GbpSv.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

jgarcia · Junho 20, 2007

Opa milenacampos,

Baixe o ComboFix em:

ComboFix

1) Dê um duplo-clique no combofix.exe e tecle "Y" para prosseguir. O processo vai durar, em média, 10 minutos;

2) O ComboFix reiniciará o PC automaticamente, a fim de que o processo de remoção seja finalizado;

3) Quando a varredura acabar, será gerado um log, que estará em C:\ComboFix.txt;

4) Não clique na janela do ComboFix, nem feche clicando no X, enquanto a ferramenta estiver sendo executada, pois isto implicará na desconfiguração de seu desktop (ele ficará todo branco);

5) Para parar ou sair do ComboFix, tecle "N";

6) Preciso que você cole o conteúdo do ComboFix.txt em sua próxima resposta.

Abraços.

milenacampos · Junho 20, 2007

Olá, desde já agradeço sua atençao...o log q apareceu foi esse...

(p.s.: o pc nao reiniciou...somente desativou os icones de inicializaçao rapida, ao q percebi ate agora.. :thumbsup:

abraços

ComboFix 07-06-18.2 - C:\Documents and Settings\Administrador\Desktop\ComboFix.exe

"Administrador" - 2007-06-20 16:28:38 - Service Pack 2 NTFS

((((((((((((((((((((((((( Files Created from 2007-05-20 to 2007-06-20 )))))))))))))))))))))))))))))))

2007-06-20 16:28 49,152 --a------ C:\WINDOWS\nircmd.exe

2007-06-20 11:38 <DIR> d-------- C:\WINDOWS\system32\Panda Software

2007-06-20 11:38 <DIR> d-------- C:\WINDOWS\LastGood

2007-06-19 03:32 218,112 --a------ C:\HijackThis.exe

2007-06-19 02:51 <DIR> d-------- C:\Arquivos de programas\CCleaner

2007-06-11 13:56 <DIR> d-------- C:\Arquivos de programas\Windows Live

2007-06-11 13:08 127,720 --a------ C:\WINDOWS\system32\mucltui.dll

2007-05-29 14:34 <DIR> d-------- C:\DOCUME~1\ADMINI~1\Incomplete

2007-05-29 14:33 <DIR> d-------- C:\DOCUME~1\ADMINI~1\DADOSD~1\LimeWire

2007-05-29 14:27 <DIR> d-------- C:\Arquivos de programas\LimeWire

2007-05-28 11:34 <DIR> d-------- C:\DOCUME~1\ADMINI~1\DADOSD~1\Sony Corporation

2007-05-26 17:48 <DIR> d-------- C:\Arquivos de programas\MessengerDiscovery

2007-05-25 11:56 <DIR> d-------- C:\Arquivos de programas\GbPlugin

2007-05-25 11:55 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DADOSD~1\GbPlugin

2007-05-21 14:58 6,097 --a------ C:\WINDOWS\system32\drivers\sonyhcb.sys

2007-05-21 14:58 53,248 --a------ C:\WINDOWS\system32\SONYHCY.DLL

2007-05-21 14:58 38,739 --a------ C:\WINDOWS\system32\drivers\sonyhcc.sys

2007-05-21 14:58 3,654 --a------ C:\WINDOWS\system32\drivers\Sonyhcp.dll

2007-05-21 14:58 299,923 --a------ C:\WINDOWS\system32\drivers\sonyhcs.sys

2007-05-21 14:58 102,220 --a------ C:\WINDOWS\system32\drivers\sonypvs1.sys

2007-05-21 14:58 <DIR> d-------- C:\Drivers

2007-05-21 14:58 <DIR> d-------- C:\Arquivos de programas\Sony

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-06-16 05:02:42 -------- d-----w C:\Arquivos de programas\MSN Messenger

2007-06-11 06:38:22 -------- d-----w C:\Arquivos de programas\Microsoft Works

2007-06-06 16:36:23 -------- d-----w C:\DOCUME~1\ADMINI~1\DADOSD~1\Yahoo!

2007-06-05 19:05:35 -------- d-----w C:\Arquivos de programas\Yahoo!

2007-05-21 17:58:46 -------- d--h--w C:\Arquivos de programas\InstallShield Installation Information

2007-05-16 15:13:54 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll

2007-05-15 20:25:13 48,628 ----a-w C:\WINDOWS\system32\perfc016.dat

2007-05-15 20:25:13 344,380 ----a-w C:\WINDOWS\system32\perfh016.dat

2007-05-15 20:19:52 -------- d-----w C:\Arquivos de programas\Messenger

2007-05-15 18:55:25 -------- d-----w C:\Arquivos de programas\Windows Media Connect 2

2007-05-14 19:42:35 -------- d-----w C:\Arquivos de programas\Arquivos comuns\snpstd

2007-05-14 14:39:39 -------- d-----w C:\Arquivos de programas\Arquivos comuns\DirectX

2007-05-14 14:17:05 -------- d-----w C:\DOCUME~1\ADMINI~1\DADOSD~1\CyberLink

2007-05-14 14:11:03 -------- d-----w C:\DOCUME~1\ADMINI~1\DADOSD~1\InterTrust

2007-05-14 14:08:40 -------- d-----w C:\Arquivos de programas\Ahead

2007-05-14 14:08:13 -------- d-----w C:\Arquivos de programas\Arquivos comuns\Ahead

2007-05-14 14:07:31 -------- d-----w C:\Arquivos de programas\CyberLink

2007-05-14 14:07:26 -------- d-----w C:\Arquivos de programas\CyberLink DVD Solution

2007-05-14 14:07:03 -------- d-----w C:\Arquivos de programas\Arquivos comuns\InstallShield

2007-05-14 13:44:04 -------- d-----w C:\Arquivos de programas\Winamp

2007-05-14 13:41:42 -------- d-----w C:\Arquivos de programas\DVD Shrink

2007-05-14 13:38:18 -------- d-----w C:\Arquivos de programas\Alwil Software

2007-05-14 13:34:17 -------- d-----w C:\Arquivos de programas\Microsoft.NET

2007-05-14 13:26:29 -------- d-----w C:\Arquivos de programas\Analog Devices

2007-05-14 13:23:39 -------- d-----w C:\Arquivos de programas\VIA

2007-05-14 12:50:41 -------- d-----w C:\Arquivos de programas\microsoft frontpage

2007-05-14 12:50:24 0 --sha-r C:\MSDOS.SYS

2007-05-14 12:50:24 0 --sha-r C:\IO.SYS

2007-05-14 12:50:24 0 ----a-w C:\CONFIG.SYS

2007-05-14 12:50:24 0 ----a-w C:\AUTOEXEC.BAT

2007-05-14 12:49:19 -------- d--h--w C:\Arquivos de programas\WindowsUpdate

2007-05-14 12:49:16 -------- d-----w C:\Arquivos de programas\Serviços on-line

2007-05-14 12:48:30 -------- d-----w C:\Arquivos de programas\Arquivos comuns\Serviços

2007-05-14 12:48:26 -------- d-----w C:\Arquivos de programas\Arquivos comuns\MSSoap

2007-05-14 12:48:16 -------- d-----w C:\Arquivos de programas\Movie Maker

2007-05-14 12:47:27 21,844 ----a-w C:\WINDOWS\system32\emptyregdb.dat

2007-05-14 12:46:57 -------- d-----w C:\Arquivos de programas\MSN Gaming Zone

2007-05-14 12:46:49 -------- d-----w C:\Arquivos de programas\Windows NT

2007-05-14 09:42:43 -------- d-----w C:\Arquivos de programas\Arquivos comuns\ODBC

2007-05-14 09:42:40 -------- d-----w C:\Arquivos de programas\Arquivos comuns\SpeechEngines

2007-04-30 15:46:10 745,600 ----a-w C:\WINDOWS\system32\aswBoot.exe

2007-04-30 15:41:55 85,952 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys

2007-04-30 15:41:42 94,552 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys

2007-04-30 15:39:41 23,416 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys

2007-04-30 15:38:51 43,176 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys

2007-04-30 15:37:23 26,888 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys

2007-04-30 15:35:28 95,872 ----a-w C:\WINDOWS\system32\AVASTSS.scr

2007-04-25 14:22:27 144,896 ----a-w C:\WINDOWS\system32\schannel.dll

2007-04-18 16:13:00 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}=C:\Arquivos de programas\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx [2001-04-16 16:39]

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dll [2005-11-10 13:22]

{C41A1C0E-EA6C-11D4-B1B8-444553540000}=C:\WINDOWS\Downloaded Program Files\gbieh.dll [2007-02-22 15:00]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"nwiz"="nwiz.exe" [2006-03-17 09:31 C:\WINDOWS\system32\nwiz.exe]

"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2004-10-27 15:21 C:\WINDOWS\system32\HdAShCut.exe]

"SoundMAXPnP"="C:\Arquivos de programas\Analog Devices\Core\smax4pnp.exe" [2005-05-20 06:11]

"SoundMAX"="C:\Arquivos de programas\Analog Devices\SoundMAX\Smax4.exe" [2005-09-07 15:35]

"SunJavaUpdateSched"="C:\Arquivos de programas\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 13:03]

"RemoteControl"="C:\Arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" [2004-11-02 20:24]

"avast!"="C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe" [2007-04-30 12:42]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MsnMsgr"="C:\Arquivos de programas\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:45]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]

"{E37CB5F0-51F5-4395-A808-5FA49E399F83}"="C:\WINDOWS\Downloaded Program Files\gbieh.dll" [2007-02-22 15:00]

**************************************************************************

catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net

Rootkit scan 2007-06-20 16:29:19

Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

Completion time: 2007-06-20 16:29:37

--- E O F ---

jgarcia · Junho 21, 2007

Opa milenacampos,

Poste um novo log do HijackThis.

Abraços.

milenacampos · Junho 21, 2007

Aki estááá... :thumbsup:

Logfile of HijackThis v1.99.1

Scan saved at 15:06:08, on 21/6/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Analog Devices\Core\smax4pnp.exe

C:\Arquivos de programas\Analog Devices\SoundMAX\Smax4.exe

C:\Arquivos de programas\Java\jre1.5.0_06\bin\jusched.exe

C:\Arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe

C:\Arquivos de programas\MessengerDiscovery\MessengerDiscovery Live.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\MSN Messenger\usnsvc.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\HijackThis.exe