[Resolvido!]Janela do IE abre sozinha no site: "CID: Mercado

Evandrorr · Abril 19, 2008

Estou tendo 2 problemas aki no pc...

1º - eu uso Firefox... e do nada abre uma janela do Internet Explorer no Mercado livre.

2º - Quando abro um programa q usa som (ex: winamp) e ao mesmo tempo abro outro (realplayer) ele funciona o som dos 2 ao mesmo tempo normal. Se eu fechar os 2... ou mesmo depois de um tempo de execução, eles não funcionam mais...

Nem um programa que usa som funciona... dae tenho q reiniciar o pc para poder fazer funcionar..

alguém pode me ajudar???

log logo abaixo

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 01:23:20, on 19/4/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Arquivos de programas\Java\jre1.6.0_05\bin\jusched.exe

C:\WINDOWS\ZSSnp211.exe

C:\WINDOWS\Domino.exe

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\Arquivos de programas\Nokia\Nokia PC Suite 6\LaunchApplication.exe

C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe

C:\WINDOWS\RTHDCPL.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Messenger\msmsgs.exe

C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\Arquivos de programas\PC Connectivity Solution\ServiceLayer.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe

C:\WINDOWS\system32\wuauclt.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bne.com.br/manut/publica_curr/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.powerquest.com/register.asp?Pro...amp;Language=EN

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\ARQUIV~1\MEGAUP~1\MEGAUP~1.DLL

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll

O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\ARQUIV~1\MEGAUP~1\MEGAUP~1.DLL

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [skyTel] SkyTel.EXE

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_05\bin\jusched.exe"

O4 - HKLM\..\Run: [ZSSnp211] C:\WINDOWS\ZSSnp211.exe

O4 - HKLM\..\Run: [Domino] C:\WINDOWS\Domino.exe

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Arquivos de programas\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [Curbhtm] C:\DOCUME~1\ADMINI~1\DADOSD~1\AUDIOC~1\Gpl Comp.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Lookup on Merriam Webster - file://C:\Arquivos de programas\ieSpell\Merriam Webster.HTM

O8 - Extra context menu item: Lookup on Wikipedia - file://C:\Arquivos de programas\ieSpell\wikipedia.HTM

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/PT-BR/a-UNO1/GAME_UNO1.cab

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: ServiceLayer - Nokia. - C:\Arquivos de programas\PC Connectivity Solution\ServiceLayer.exe

--

End of file - 7113 bytes

Silas Martins · Abril 19, 2008

Siga as instruções abaixo:

Baixe o Combofix e salve no desktop.

Feche todas as janelas e programas.

Dê um duplo-clique no Combofix.exe e tecle "1" em seguida Enter para prosseguir o Fix.

O ComboFix reiniciará o PC automaticamente para completar o processo de remoção.

Quando acabar, será gerado um log, que vai estar em C:\ComboFix.txt.

Atenção:

Não clique na Janela do ComboFix, nem o feche clicando no X, enquanto estiver rodando, pois senão irá parar e seu desktop ficará em branco.

Para parar ou sair do ComboFix, tecle "2" e Enter.

Depois gere um novo log com o HijackThis e poste, juntamente com o ComboFix.txt.

Aguardo Retorno.

Evandrorr · Abril 19, 2008

Cara... estou postando o que você pediu...

depois quando for explicar o que fazer explique detalhadamente para q eu possa fazer direito.

obrigado.

ComboFix 08-04-18.3 - Administrador 2008-04-19 15:26:56.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.590 [GMT -3:00]

Executando de: C:\Documents and Settings\Administrador\Desktop\ComboFix.exe

* Criado um novo ponto de restauro

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

((((((((((((((((((((((( Ficheiros criados de 2008-03-19 to 2008-04-19 ))))))))))))))))))))))))))))))))

.

5408-01-30 18:22 . 2008-02-11 02:48 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE

5408-01-30 18:22 . 2008-02-11 02:48 <DIR> d-------- C:\Arquivos de programas\DIFX

5408-01-30 18:22 . 2006-07-01 22:12 43,520 --a------ C:\WINDOWS\system32\drivers\AmdK8.sys

5408-01-30 18:19 . 1980-01-01 08:28 14,696 --a------ C:\WINDOWS\Ascd_tmp.ini

5408-01-30 18:19 . 2006-10-11 00:33 10,288 --a------ C:\WINDOWS\system32\drivers\ASUSHWIO.SYS

5408-01-30 18:19 . 2004-08-11 13:00 5,810 -ra------ C:\WINDOWS\system32\drivers\ASACPI.sys

2008-04-19 00:52 . 2005-05-03 18:43 69,632 --a------ C:\WINDOWS\Alcmtr.exe

2008-04-18 00:08 . 2008-04-18 00:08 <DIR> d-------- C:\Arquivos de programas\IObit

2008-04-17 19:18 . 2008-04-17 19:18 <DIR> d-------- C:\Arquivos de programas\Trend Micro

2008-04-17 04:02 . 2008-04-18 03:04 54,156 --ah----- C:\WINDOWS\QTFont.qfn

2008-04-17 04:02 . 2008-04-17 04:02 1,409 --a------ C:\WINDOWS\QTFont.for

2008-04-17 01:44 . 2008-04-17 01:45 <DIR> d-------- C:\Documents and Settings\Administrador\Dados de aplicativos\RapidGet

2008-04-16 23:57 . 2008-04-17 00:52 <DIR> d-------- C:\WINDOWS\BDOSCAN8

2008-04-15 03:58 . 2008-04-15 03:58 <DIR> d-------- C:\Documents and Settings\Administrador\Dados de aplicativos\ieSpell

2008-04-14 19:02 . 2008-04-14 19:02 <DIR> d--h----- C:\WINDOWS\PIF

2008-04-14 03:21 . 2008-04-14 03:21 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Handy Software Lab

2008-04-14 03:21 . 2008-04-14 03:21 <DIR> d-------- C:\Documents and Settings\Administrador\Dados de aplicativos\Handy Software Lab

2008-04-14 03:21 . 2008-04-14 03:21 <DIR> d-------- C:\Arquivos de programas\Handy Software Lab

2008-04-11 01:59 . 2008-04-15 00:54 12,008 --a------ C:\WINDOWS\system\scs1.pda

2008-04-11 01:59 . 2008-04-15 00:54 12,008 --a------ C:\WINDOWS\scs1.bmp

2008-04-11 01:58 . 2008-04-11 05:11 <DIR> d-------- C:\Arquivos de programas\Dicionário de Sinônimos -completo-

2008-04-11 01:57 . 2008-04-11 01:57 258,048 --------- C:\WINDOWS\Setup1.exe

2008-04-11 01:57 . 2008-04-11 01:57 73,216 --a------ C:\WINDOWS\ST6UNST.EXE

2008-04-11 00:48 . 2008-04-11 00:48 <DIR> d-------- C:\Arquivos de programas\URUSoft

2008-04-11 00:39 . 2008-04-11 00:39 <DIR> d-------- C:\Arquivos de programas\AviSynth 2.5

2008-04-11 00:39 . 2008-04-11 00:39 <DIR> d-------- C:\Arquivos de programas\AC3Filter

2008-04-11 00:39 . 2004-05-25 12:06 417,792 --a------ C:\WINDOWS\system32\ac3filter.cpl

2008-04-11 00:38 . 2008-04-19 00:02 <DIR> d-------- C:\Arquivos de programas\Easy RealMedia Tools

2008-04-10 19:39 . 2008-04-10 19:39 <DIR> d-------- C:\Arquivos de programas\Unity

2008-04-08 19:53 . 2008-04-08 19:53 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Time Dead Warn Default

2008-04-08 19:52 . 2008-04-08 19:54 <DIR> d-------- C:\Documents and Settings\Administrador\Dados de aplicativos\audiocreativeball

2008-04-08 19:52 . 2008-04-17 00:13 <DIR> d-------- C:\Arquivos de programas\Circle Developement

2008-04-08 19:52 . 2008-04-08 19:52 <DIR> d-------- C:\Arquivos de programas\audiocreativeball

2008-04-05 16:07 . 2008-04-05 16:09 <DIR> d-------- C:\Arquivos de programas\Ultra QuickTime Converter

2008-04-05 16:07 . 2006-09-26 13:57 28,672 --a------ C:\WINDOWS\system32\AVEQT.dll

2008-04-02 17:20 . 2008-04-02 17:20 <DIR> d-------- C:\Program Files

2008-04-02 16:54 . 2008-04-02 16:54 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared

2008-03-27 16:39 . 2008-03-27 16:39 <DIR> d-------- C:\WINDOWS\Sun

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

5408-01-30 06:25 --------- d-----w C:\Arquivos de programas\microsoft frontpage

5408-01-30 06:24 --------- d-----w C:\Arquivos de programas\Serviços on-line

5408-01-30 06:23 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Serviços

2008-04-19 03:52 --------- d-----w C:\Arquivos de programas\Realtek

2008-04-18 02:55 --------- d-----w C:\Arquivos de programas\Java

2008-04-08 22:52 --------- d-----w C:\Arquivos de programas\Messenger Plus! Live

2008-04-02 19:54 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Adobe

2008-03-25 16:30 --------- d-----w C:\Documents and Settings\Administrador\Dados de aplicativos\Nokia

2008-03-25 16:28 --------- d-----w C:\Documents and Settings\Administrador\Dados de aplicativos\Nokia Multimedia Player

2008-03-21 08:54 --------- d-----w C:\Documents and Settings\Administrador\Dados de aplicativos\MegauploadToolbar

2008-03-08 22:42 --------- d-----w C:\Arquivos de programas\EA Sports

2008-02-25 02:21 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll

2008-02-25 02:21 --------- d--h--r C:\Documents and Settings\Administrador\Dados de aplicativos\SecuROM

2008-02-21 19:11 --------- d-----w C:\Arquivos de programas\ImTOO

2008-02-20 21:57 --------- d-----w C:\Documents and Settings\Administrador\Dados de aplicativos\Winamp

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

REGEDIT4

*Nota* entradas vazias & legítimas por defeito não são mostradas.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:45 15360]

"Curbhtm"="C:\DOCUME~1\ADMINI~1\DADOSD~1\AUDIOC~1\Gpl Comp.exe" [2008-04-08 19:52 383488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-10-30 19:35 7634944]

"nwiz"="nwiz.exe" [2006-10-30 19:35 1622016 C:\WINDOWS\system32\nwiz.exe]

"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-10-30 19:35 86016]

"SkyTel"="SkyTel.EXE" [2007-06-15 16:45 1826816 C:\WINDOWS\SkyTel.exe]

"ZSSnp211"="C:\WINDOWS\ZSSnp211.exe" [2007-04-06 10:06 57344]

"avast!"="C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe" [2008-03-29 15:37 79224]

"RTHDCPL"="RTHDCPL.EXE" [2007-06-13 14:49 16377344 C:\WINDOWS\RTHDCPL.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:45 15360]

"Nokia.PCSync"="C:\Arquivos de programas\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-06-19 10:17 1241088]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"NoResolveSearch"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"C:\\Arquivos de programas\\Windows Live\\Messenger\\livecall.exe"=

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-03-29 15:31]

R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-03-29 15:35]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cea6af62-cf98-11dc-9277-001bfcb0cb33}]

\Shell\Auto\command - adp.exe

\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL adp.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f41c0ec3-d515-11dc-928e-001bfcb0cb33}]

\Shell\Auto\command - G:\adp.exe

\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL adp.exe

*Newly Created Service* - CATCHME

.

Conteúdo da pasta 'Tarefas Agendadas'

"2008-04-19 18:00:00 C:\WINDOWS\Tasks\AD9AB2149189256C.job"

- c:\docume~1\admini~1\dadosd~1\audioc~1\twodashfor.exe

.

**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-04-19 15:28:01

Windows 5.1.2600 Service Pack 2 NTFS

Procurando processos ocultos ...

Procurando entradas auto inicializáveis ocultas ...

Procurando ficheiros ocultos ...

folder error: C:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\

Varredura completada com sucesso

Ficheiros ocultos: 0

**************************************************************************

.

Tempo para conclusão: 2008-04-19 15:28:58

ComboFix-quarantined-files.txt 2008-04-19 18:28:36

Pre-Run: 26,509,484,032 bytes disponíveis

Post-Run: 26,547,490,816 bytes disponíveis

120

Hijackthis

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 15:30:02, on 19/4/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\WINDOWS\ZSSnp211.exe

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\WINDOWS\RTHDCPL.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Windows Live\Messenger\usnsvc.exe

C:\WINDOWS\system32\notepad.exe

C:\WINDOWS\explorer.exe