[Resolvido!]IE abrindo janelas sozinho

Buga · Setembro 20, 2008

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 10:27 Fabiano, on 20/9/2008

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16705)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\WLTRYSVC.EXE

C:\WINDOWS\System32\bcmwltry.exe

C:\Arquivos de programas\GbPlugin\GbpSv.exe

C:\WINDOWS\system32\spoolsv.exe

C:\ARQUIV~1\Grisoft\AVG7\avgcc.exe

C:\Arquivos de programas\Spyware Doctor\pctsTray.exe

C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Documents and Settings\Fabiano\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe

C:\WINDOWS\system32\ctfmon.exe

C:\ARQUIV~1\Grisoft\AVG7\avgamsvr.exe

C:\ARQUIV~1\Grisoft\AVG7\avgupsvc.exe

C:\ARQUIV~1\Grisoft\AVG7\avgemc.exe

C:\Arquivos de programas\WIDCOMM\Bluetooth Software\bin\btwdins.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Arquivos de programas\Spyware Doctor\pctsAuxs.exe

C:\Arquivos de programas\Spyware Doctor\pctsSvc.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\System32\svchost.exe

C:\Hijack\HiJackThis.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.uol.com.br/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://farejador.ig.com.br/ie/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O1 - Hosts: 85.17.237.8 www.filewarez.nl

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Arquivos de programas\FlashGet\jccatch.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Skype Control Class - {9018F6A8-2495-45DF-9F16-C738F8F3C8FF} - C:\WINDOWS\system32\SkypeComm.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\arquivos de programas\google\googletoolbar1.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\Arquivos de programas\GbPlugin\gbieh.dll

O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\Arquivos de programas\GbPlugin\gbiehcef.dll

O2 - BHO: G-Buster Browser Defense Unibanco - {C41A1C0E-EA6C-11D4-B1B8-444553540008} - C:\Arquivos de programas\GbPlugin\gbiehuni.dll

O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Arquivos de programas\FlashGet\getflash.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar1.dll

O4 - HKLM\..\Run: [AVG7_CC] C:\ARQUIV~1\Grisoft\AVG7\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [iNPROCOMMWireless] C:\Arquivos de programas\Atheros\Wireless\Utility\WlanUtil.exe

O4 - HKLM\..\Run: [iSTray] "C:\Arquivos de programas\Spyware Doctor\pctsTray.exe"

O4 - HKCU\..\Run: [swg] C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Fabiano\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe" /c

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKLM\..\Policies\Explorer\Run: [dljj_df] C:\WINDOWS\system\llzjy080813.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\ARQUIV~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: &Descarregar tudo com o FlashGet - C:\Arquivos de programas\FlashGet\jc_all.htm

O8 - Extra context menu item: &Descarregar utilizando o FlashGet - C:\Arquivos de programas\FlashGet\jc_link.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Enviar para Dispositivo &Bluetooth... - C:\Arquivos de programas\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Arquivos de programas\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Arquivos de programas\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Arquivos de programas\FlashGet\FlashGet.exe

O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Arquivos de programas\FlashGet\FlashGet.exe

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1205289319906

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399003} (GbPluginObj Class) - https://imagem.caixa.gov.br/cab/GbPluginCef.cab

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399008} (GbPluginObj Class) - https://clickbanking.unibanco.com.br/GbPlug...GbPluginUni.cab

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O20 - Winlogon Notify: GbPluginCef - C:\Arquivos de programas\GbPlugin\gbiehcef.dll

O20 - Winlogon Notify: GbPluginUni - C:\Arquivos de programas\GbPlugin\gbiehuni.dll

O20 - Winlogon Notify: PremierOpinion - C:\WINDOWS\system32\pmls.dll

O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Arquivos de programas\Ares\chatServer.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgemc.exe

O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Arquivos de programas\WIDCOMM\Bluetooth Software\bin\btwdins.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: MySql - Unknown owner - C:/MYSQL/bin/mysqld-opt.exe (file missing)

O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe

O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - NetGroup - Politecnico di Torino - C:\Arquivos de programas\WinPcap\rpcapd.exe

O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Arquivos de programas\Spyware Doctor\pctsAuxs.exe

O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Arquivos de programas\Spyware Doctor\pctsSvc.exe

O23 - Service: ServiceLayer - Nokia. - C:\Arquivos de programas\PC Connectivity Solution\ServiceLayer.exe

O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--

End of file - 9677 bytes

DigRam · Setembro 21, 2008

Bom Dia! Buga

<@> Baixe: < ComboFix.exe >

<@> Salve-o no Desktop!

<@> Desabilite as proteções residente de: antivírus,antispywares e firewall. ( Menos o do Windows! )

<@> Feche todas as janelas e execute a ferramenta!

Caso aconteça a notificação de: Aplicativo Win32 inválido,delete a ferramenta e faça,novamente,o download.
Salve-a no desktop,renomeada como: Kombo.exe

Ps: Nomeie durante o salvamento,e não após salvá-la!

Ps: Caso ocorra alguma mensagem de erro,rode o ComboFix.exe em Modo de Segurança.

<@> Abrirá a janela Auto Scan. Aguarde!

<@> Digite a opção para continuar! >> Enter

<@> Aguarde a conclusão!

<@> Durante o scan,evite manusear o mouse ou teclado!

<@> Para parar ou sair do ComboFix,tecle "N".

----------------------

<@> Poste os relatórios: C:\ComboFix.txt + Log do HJT,atualizado.

Abraços!

Buga · Setembro 21, 2008

Bom dia!

DigRam,

Obrigado pelo suporte!

Fiz o que pediu, NAO tive notificação do Win32.

Qdo rodei o ComboFix deu algum erro e o pc deu aquela tela azul de erro do windows e deu boot, tentei novamente no modo de segurança e deu certo.

[]´s

Segue o log.

ComboFix 08-09-20.05 - Fabiano 2008-09-21 8:58:42.1 - NTFSx86 MINIMAL

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1046.18.753 [GMT -3:00]

Executando de: C:\Documents and Settings\Fabiano\Desktop\ComboFix.exe

ATENÇAO - ESTA MAQUINA NAO TEM A CONSOLE DE RECUPERAÇÃO INSTALADA !!

.

((((((((((((((((((((((((((((((((((((( Outras Exclusäes )))))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\Autorun.inf

C:\Documents and Settings\All Users\lljydf16.ini

C:\WINDOWS\system32\drivers\npf.sys

C:\WINDOWS\system32\model.dat

C:\WINDOWS\system32\packet.dll

C:\WINDOWS\system32\pthreadVC.dll

C:\WINDOWS\system32\SkypeComm.dll

C:\WINDOWS\system32\wanpacket.dll

C:\WINDOWS\system32\wpcap.dll

D:\Autorun.inf

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Legacy_NPF

-------\Service_NPF

((((((((((((((((((((((( Ficheiros criados de 2008-08-21 to 2008-09-21 ))))))))))))))))))))))))))))))))

.

2008-09-21 09:07 . 2008-09-21 09:07 <DIR> d-------- C:\TEMP\WPDNSE

2008-09-21 09:07 . 2008-09-21 09:07 53,248 --a------ C:\TEMP\catchme.dll

2008-09-20 16:27 . 2008-09-20 16:27 <DIR> d-------- C:\Documents and Settings\Fabiano\Dados de aplicativos\Nokia Multimedia Player

2008-09-20 16:26 . 2008-09-20 16:26 <DIR> d-------- C:\Documents and Settings\Fabiano\Dados de aplicativos\NSeries

2008-09-20 13:21 . 2008-09-20 13:26 <DIR> d-------- C:\Documents and Settings\Fabiano\Dados de aplicativos\JustVoip

2008-09-20 13:19 . 2008-09-20 13:19 <DIR> d-------- C:\Arquivos de programas\JustVoip.com

2008-09-20 10:24 . 2008-09-20 19:08 <DIR> d-------- C:\Hijack

2008-09-20 10:01 . 2008-09-20 10:01 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\PC Tools

2008-09-20 10:01 . 2008-09-20 09:59 160,792 --a------ C:\WINDOWS\system32\drivers\pctfw2.sys

2008-09-20 09:50 . 2008-09-20 09:51 <DIR> d-------- C:\TEMP\plugtmp-30

2008-09-20 09:43 . 2008-09-20 10:01 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\PC Tools

2008-09-20 09:24 . 2008-09-21 09:07 <DIR> d-------- C:\TEMP\is-9UDPH.tmp

2008-09-20 09:24 . 2008-09-21 09:07 <DIR> d-------- C:\TEMP\is-7JA8V.tmp

2008-09-20 09:24 . 2008-09-20 09:24 <DIR> d-------- C:\Documents and Settings\Fabiano\Dados de aplicativos\PC Tools

2008-09-20 09:24 . 2008-09-21 08:56 <DIR> d-a------ C:\Documents and Settings\All Users\Dados de aplicativos\TEMP

2008-09-20 09:24 . 2008-09-21 08:56 <DIR> d-------- C:\Arquivos de programas\Spyware Doctor

2008-09-20 09:24 . 2008-08-25 11:36 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys

2008-09-20 09:24 . 2008-08-25 11:36 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys

2008-09-20 09:24 . 2008-08-25 11:36 40,840 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys

2008-09-20 09:24 . 2008-06-02 15:19 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys

2008-09-20 08:44 . 2008-04-13 15:45 26,112 --a------ C:\WINDOWS\system32\drivers\usbser.sys

2008-09-20 08:44 . 2008-04-13 15:45 26,112 --a--c--- C:\WINDOWS\system32\dllcache\usbser.sys

2008-09-20 08:44 . 2008-09-20 08:44 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_ccdcmb_01005.Wdf

2008-09-20 08:32 . 2008-05-07 07:38 659,968 --a------ C:\WINDOWS\system32\nmwcdcocls.dll

2008-09-20 08:32 . 2008-02-01 16:17 138,112 --a------ C:\WINDOWS\system32\drivers\nmwcdnsu.sys

2008-09-20 08:32 . 2008-05-07 07:38 20,864 --a------ C:\WINDOWS\system32\drivers\ccdcmbo.sys

2008-09-20 08:32 . 2008-05-07 07:38 17,536 --a------ C:\WINDOWS\system32\drivers\ccdcmb.sys

2008-09-20 08:32 . 2008-02-01 16:17 8,320 --a------ C:\WINDOWS\system32\drivers\nmwcdnsuc.sys

2008-09-20 08:32 . 2008-05-07 07:38 8,064 --a------ C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys

2008-09-20 08:32 . 2008-06-06 09:24 8,064 --a------ C:\WINDOWS\system32\drivers\usbser_lowerflt.sys

2008-09-20 08:31 . 2008-09-20 08:31 <DIR> d-------- C:\Arquivos de programas\MSXML 6.0

2008-09-20 08:29 . 2008-09-20 08:29 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Nokia

2008-09-20 08:28 . 2008-09-20 08:28 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Installations

2008-09-20 08:16 . 2008-09-21 09:07 <DIR> d-------- C:\TEMP\NSU_dd8a433c6461481212dbe0

2008-09-20 08:13 . 2008-09-20 08:13 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Nokia

2008-09-20 08:01 . 2008-09-20 08:14 <DIR> d-------- C:\Documents and Settings\Fabiano\Dados de aplicativos\Nokia

2008-09-20 08:01 . 2008-09-20 08:04 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\PC Suite

2008-09-20 08:00 . 2008-09-20 08:00 <DIR> d-------- C:\WINDOWS\Downloaded Installations

2008-09-20 08:00 . 2008-09-21 09:07 <DIR> d-------- C:\TEMP\_is34

2008-09-20 07:51 . 2008-09-20 07:51 <DIR> d-------- C:\Documents and Settings\Fabiano\Dados de aplicativos\PC Suite

2008-09-20 07:51 . 2008-09-20 07:51 <DIR> d-------- C:\Arquivos de programas\PC Connectivity Solution

2008-09-20 07:51 . 2008-09-20 08:32 <DIR> d-------- C:\Arquivos de programas\Nokia

2008-09-20 07:51 . 2008-09-20 07:51 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\PCSuite

2008-09-20 07:51 . 2008-05-07 07:38 90,624 --a------ C:\WINDOWS\system32\nmwcdcls.dll

2008-09-20 07:49 . 2008-09-21 09:07 <DIR> d-------- C:\TEMP\Nokia NSeries Update Manager

2008-09-19 20:05 . 2008-09-19 20:05 118,784 --a------ C:\WINDOWS\system32\sprint.dll

2008-09-18 23:30 . 2008-09-18 23:30 <DIR> d-------- C:\TEMP\plugtmp-29

2008-09-14 20:47 . 2008-09-14 20:47 8,382 --a------ C:\WINDOWS\system32\mstmpxmlfun.xml

2008-09-07 07:58 . 2008-09-07 07:58 <DIR> d-------- C:\TEMP\GUM86.tmp

2008-09-04 20:18 . 2008-09-04 20:18 <DIR> d-------- C:\WINDOWS\SUYIN NB Cam

2008-09-04 20:18 . 2008-09-04 20:18 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\snp2std

2008-09-04 20:18 . 2006-04-07 10:33 147,456 --a------ C:\WINDOWS\rsnp2std.dll

2008-09-04 20:17 . 2008-09-21 09:07 <DIR> d-------- C:\TEMP\isp59.tmp

2008-09-04 20:09 . 2006-08-11 17:52 11,985,920 --a------ C:\WINDOWS\system32\drivers\snp2sxp.sys

2008-09-04 20:09 . 2006-08-09 16:18 675,840 --a------ C:\WINDOWS\vsnp2std.exe

2008-09-04 20:09 . 2006-05-04 11:14 61,440 --a------ C:\WINDOWS\vsnp2std.dll

2008-09-04 20:09 . 2005-11-23 13:55 53,248 --a------ C:\WINDOWS\system32\csnp2std.dll

2008-09-04 20:09 . 2006-04-27 20:43 24,832 --a------ C:\WINDOWS\system32\drivers\sncamd.sys

2008-09-04 20:09 . 2004-12-09 17:23 15,497 --a------ C:\WINDOWS\snp2std.ini

2008-09-04 20:09 . 2004-12-09 17:23 13,022 --a------ C:\WINDOWS\snp2std.src

2008-09-04 19:54 . 2008-09-21 09:07 <DIR> d-------- C:\TEMP\isp48.tmp

2008-09-04 19:54 . 2008-09-04 19:54 <DIR> d-------- C:\TEMP\bye4B.tmp

2008-09-04 19:54 . 2008-09-04 19:54 <DIR> d-------- C:\TEMP\bye45.tmp

2008-09-03 19:35 . 2008-09-03 19:35 <DIR> d-------- C:\TEMP\plugtmp-28

.

((((((((((((((((((((((((((((((((((((( Relat¢rio Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-09-21 11:37 --------- d-----w C:\Documents and Settings\Fabiano\Dados de aplicativos\AVG7

2008-09-21 09:34 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\GbPlugin

2008-09-20 16:25 --------- d-----w C:\Documents and Settings\Fabiano\Dados de aplicativos\Skype

2008-09-20 15:42 --------- d-----w C:\Documents and Settings\Fabiano\Dados de aplicativos\skypePM

2008-09-20 10:51 --------- d-----w C:\Arquivos de programas\DIFX

2008-09-13 21:55 --------- d-----w C:\Arquivos de programas\FlashGet

2008-09-04 23:18 --------- d--h--w C:\Arquivos de programas\InstallShield Installation Information

2008-08-03 19:35 --------- d-----w C:\Arquivos de programas\RadarSync

2008-08-02 18:36 --------- d-----w C:\Arquivos de programas\Tracksource

2008-08-02 17:30 --------- d-----w C:\Arquivos de programas\CloneDVD

2008-08-02 12:15 --------- d-----w C:\Arquivos de programas\Ant Movie Catalog

2008-07-26 15:02 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Skype

2008-07-26 15:02 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Skype

2008-07-26 15:02 --------- d-----r C:\Arquivos de programas\Skype

2007-09-30 15:10 24,192 -c--a-w C:\Documents and Settings\Fabiano\usbsermptxp.sys

2007-09-30 15:10 22,768 -c--a-w C:\Documents and Settings\Fabiano\usbsermpt.sys

2007-09-11 00:05 81,920 -c--a-w C:\Documents and Settings\Fabiano\Dados de aplicativos\ezpinst.exe

2007-09-11 00:05 47,360 -c--a-w C:\Documents and Settings\Fabiano\Dados de aplicativos\pcouffin.sys

2004-10-01 18:00 40,960 ----a-w C:\Arquivos de programas\Uninstall_CDS.exe

2008-06-17 02:54 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Configurações locais\Histórico\History.IE5\MSHist012008061620080617\index.dat

.

------- Sigcheck -------

2004-08-04 00:45 543744 3550bfe59972a67ac2f7781041d28ea7 C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe

2008-04-13 23:21 549376 b0c0bf2504b830bfc1e93ca39f3c75fe C:\WINDOWS\ServicePackFiles\i386\winlogon.exe

2008-04-13 23:21 549376 b0c0bf2504b830bfc1e93ca39f3c75fe C:\WINDOWS\system32\winlogon.exe

2008-04-13 23:21 509952 71d440f79b711627b12b567fb2eadb42 C:\WINDOWS\VistaMizer\old\winlogon.exe

2005-03-02 15:13 2061184 aed7b3aa86ad031cf39c6e4bba37e818 C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\ntkrnlpa.exe

2007-02-28 13:08 2063616 d027f0097b8f099c09369b8cc97d7c32 C:\WINDOWS\$hf_mig$\KB931784\SP2QFE\ntkrnlpa.exe

2007-02-28 13:02 2224384 4d6247a172c8f10886b19e70f2d8499d C:\WINDOWS\$NtServicePackUninstall$\ntkrnlpa.exe

2004-08-04 00:55 2061056 c9bae5544b8aa39454c50d8ff83ae5a8 C:\WINDOWS\$NtUninstallKB890859$\ntkrnlpa.exe

2005-03-02 15:08 2061056 d5ed391b213fa2a6ee25de5ab8512360 C:\WINDOWS\$NtUninstallKB931784$\ntkrnlpa.exe

2008-04-13 23:00 2326912 c7b4aa4cb4776496c7f09e96159b5831 C:\WINDOWS\ServicePackFiles\i386\ntkrnlpa.exe

2008-04-13 23:00 2326912 c7b4aa4cb4776496c7f09e96159b5831 C:\WINDOWS\system32\ntkrnlpa.exe

2008-04-13 23:00 2070144 f84054bfd1d688b901ad907499879bbd C:\WINDOWS\VistaMizer\old\ntkrnlpa.exe

2005-03-02 15:13 2183808 6e3ab4241e058b248cb7cdc5157449c3 C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe

2007-02-28 13:08 2186368 bfb4c8761976cce0b544d557b4c70825 C:\WINDOWS\$hf_mig$\KB931784\SP2QFE\ntoskrnl.exe

2007-02-28 13:02 2347136 c670713edeff7d175f42fc16987e8d25 C:\WINDOWS\$NtServicePackUninstall$\ntoskrnl.exe

2004-08-04 00:40 2185216 3b72a63f230dfb276fc96a99173a81be C:\WINDOWS\$NtUninstallKB890859$\ntoskrnl.exe

2005-03-02 15:09 2183552 0da99d0cbd578ad96effd3a571ce8437 C:\WINDOWS\$NtUninstallKB931784$\ntoskrnl.exe

2008-04-13 23:01 2450048 a572d9bdb7bc906650ff9105ff475135 C:\WINDOWS\ServicePackFiles\i386\ntoskrnl.exe

2008-04-13 23:01 2450048 a572d9bdb7bc906650ff9105ff475135 C:\WINDOWS\system32\ntoskrnl.exe

2008-04-13 23:01 2193280 185f6c64734019e7e9f626e53cc37fb4 C:\WINDOWS\VistaMizer\old\ntoskrnl.exe

2008-04-13 23:20 1554432 7b198d92210d9da9d4e0db1e4855b727 C:\WINDOWS\explorer.exe

2007-06-13 10:10 1035264 45d521506825a10b80833b4e9621ccf6 C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe

2007-06-13 10:21 1035264 dccbf18e94d651393a3ffa060f88e0a0 C:\WINDOWS\$NtServicePackUninstall$\explorer.exe

2004-08-04 00:45 1552896 9da14fe20c421e7f45dbe3d04b4c4fc9 C:\WINDOWS\$NtUninstallKB938828$\explorer.exe

2008-04-13 23:20 1554432 7b198d92210d9da9d4e0db1e4855b727 C:\WINDOWS\ServicePackFiles\i386\explorer.exe

2008-04-13 23:20 1035776 064ec7ff5f58b928c3e119402977fa6d C:\WINDOWS\VistaMizer\old\explorer.exe

2004-08-04 00:45 25088 a3f0971dbba9657034c303b39464ea5b C:\WINDOWS\$NtServicePackUninstall$\ctfmon.exe

2008-04-13 23:20 25088 d67945a2290e98bb54d7792f09e7504e C:\WINDOWS\ServicePackFiles\i386\ctfmon.exe

2008-04-13 23:20 25088 d67945a2290e98bb54d7792f09e7504e C:\WINDOWS\system32\ctfmon.exe

2008-04-13 23:20 15360 4e486adfe3a0b9ed0eb0639902e9f64f C:\WINDOWS\VistaMizer\old\ctfmon.exe

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

*Nota* entradas vazias & leg¡timas por defeito nÆo sÆo mostradas.

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 25088]

"swg"="C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-05 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"AVG7_CC"="C:\ARQUIV~1\Grisoft\AVG7\avgcc.exe" [2008-04-18 579584]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-13 25088]

"AVG7_Run"="C:\ARQUIV~1\Grisoft\AVG7\avgw.exe" [2007-10-28 219136]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{E37CB5F0-51F5-4395-A808-5FA49E399003}"= "C:\Arquivos de programas\GbPlugin\gbiehcef.dll" [2007-11-29 337992]

"{E37CB5F0-51F5-4395-A808-5FA49E399F83}"= "C:\Arquivos de programas\GbPlugin\gbieh.dll" [2007-08-08 209224]

"{E37CB5F0-51F5-4395-A808-5FA49E399008}"= "C:\Arquivos de programas\GbPlugin\gbiehuni.dll" [2008-05-19 368032]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginCef]

2007-11-29 11:41 337992 C:\Arquivos de programas\GbPlugin\gbiehcef.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginUni]

2008-05-19 15:10 368032 C:\Arquivos de programas\GbPlugin\gbiehuni.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PremierOpinion]

2008-03-30 17:18 368640 C:\WINDOWS\system32\pmls.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"VIDC.YV12"= yv12vfw.dll

"msacm.ac3filter"= ac3filter.acm

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Adobe Reader Speed Launch.lnk]

path=C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\Adobe Reader Speed Launch.lnk

backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Fabiano^Menu Iniciar^Programas^Inicializar^Winmysqladmin.LNK]

path=C:\Documents and Settings\Fabiano\Menu Iniciar\Programas\Inicializar\Winmysqladmin.LNK

backup=C:\WINDOWS\pss\Winmysqladmin.LNKStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]

C:\WINDOWS\system32\dumprep 0 -k [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck]

C:\WINDOWS\system32\dumprep 0 -u [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Broadcom Wireless Manager UI]

--a------ 2006-08-16 11:24 1236992 C:\WINDOWS\system32\WLTRAY.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]

--a------ 2008-04-13 23:20 25088 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Flashget]

--a------ 2007-06-29 08:44 1990704 C:\Arquivos de programas\FlashGet\flashget.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISTray]

--a------ 2008-08-25 11:36 1168264 C:\Arquivos de programas\Spyware Doctor\pctsTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\JustVoip]

--a------ 2008-09-17 13:29 8963888 C:\Arquivos de programas\JustVoip.com\JustVoip\JustVoip.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

--a------ 2004-10-13 13:24 1825792 C:\Arquivos de programas\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

--a--c--- 2007-03-01 15:57 153136 C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NSLauncher]

--a------ 2007-09-07 14:44 3100672 C:\Arquivos de programas\Nokia\Nokia Software Launcher\NSLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]

-ra------ 2008-07-01 20:46 25504040 C:\Arquivos de programas\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\snp2std]

--a------ 2006-08-09 16:18 675840 C:\WINDOWS\vsnp2std.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

--a--c--- 2008-02-22 04:25 144784 C:\Arquivos de programas\Java\jre1.6.0_05\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]

--a------ 2007-08-05 08:55 68856 C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusDisableNotify"=dword:00000001

"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Arquivos de programas\\Grisoft\\AVG7\\avginet.exe"=

"C:\\Arquivos de programas\\Grisoft\\AVG7\\avgamsvr.exe"=

"C:\\Arquivos de programas\\Grisoft\\AVG7\\avgcc.exe"=

"C:\\Arquivos de programas\\Grisoft\\AVG7\\avgemc.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"C:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=

"C:\\Arquivos de programas\\FlashGet\\flashget.exe"=

"C:\\Arquivos de programas\\MSN Messenger\\msnmsgr.exe"=

"C:\\Arquivos de programas\\MSN Messenger\\livecall.exe"=

"C:\\Arquivos de programas\\Skype\\Phone\\Skype.exe"=

"C:\\Arquivos de programas\\JustVoip.com\\JustVoip\\JustVoip.exe"=

R1 amdtools;AMD Special Tools Driver;C:\WINDOWS\system32\DRIVERS\amdtools.sys [2005-05-06 21632]

R1 pctfw2;pctfw2;C:\WINDOWS\system32\drivers\pctfw2.sys [2008-09-20 160792]

R3 SNP2STD;USB2.0 PC Camera (SNP2STD);C:\WINDOWS\system32\DRIVERS\snp2sxp.sys [2006-08-11 11985920]

S3 nmwcdnsu;Nokia USB Flashing Phone Parent;C:\WINDOWS\system32\drivers\nmwcdnsu.sys [2008-02-01 138112]

S3 nmwcdnsuc;Nokia USB Flashing Generic;C:\WINDOWS\system32\drivers\nmwcdnsuc.sys [2008-02-01 8320]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d1566fdf-ea11-11dc-b530-001636d18ad2}]

\Shell\Auto\command - MicrosoftPowerPoint.exe

\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL MicrosoftPowerPoint.exe

.

Conte£do da pasta 'Tarefas Agendadas'

.

- - - - ORFAOS REMOVIDOS - - - -

HKLM-Run-INPROCOMMWireless - C:\Arquivos de programas\Atheros\Wireless\Utility\WlanUtil.exe

HKLM-Explorer_Run-dljj_df - C:\WINDOWS\system\llzjy080813.exe

MSConfigStartUp-Discador iG - C:\Arquivos de programas\iGv6\Discador iG.exe

MSConfigStartUp-Google Update - C:\Documents and Settings\Fabiano\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe

MSConfigStartUp-INPROCOMMWireless - C:\Arquivos de programas\Atheros\Wireless\Utility\WlanUtil.exe

MSConfigStartUp-M2SAtualiza - C:\Arquivos de programas\M2S\Instalação M2S\M2SAtualiza.exe

MSConfigStartUp-SandboxieControl - C:\Arquivos de programas\Sandboxie\Control.exe

.

------- Ccan Suplementar -------

.

FireFox -: Profile - C:\Documents and Settings\Fabiano\Dados de aplicativos\Mozilla\Firefox\Profiles\be7ceqy5.default\

FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.orkut.com.br/Communities.aspx|http://www.orkut.com.br/Community.aspx?cmm=41874917|http://www.jacotei.com.br/

.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-09-21 09:07:40

Windows 5.1.2600 Service Pack 3 NTFS

Procurando processos ocultos ...

Procurando entradas auto inicializ veis ocultas ...

Procurando ficheiros ocultos ...

Varredura completada com sucesso

Ficheiros ocultos: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MySql]

"ImagePath"="C:/MYSQL/bin/mysqld-opt.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MySql]

"ImagePath"="C:/MYSQL/bin/mysqld-opt.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\GbpSv]

"ImagePath"="C:\Arquivos de programas\GbPlugin\GbpSv.exe"

.

------------------------ Outros Processos em Execu‡Æo ------------------------

.

C:\WINDOWS\system32\ati2evxx.exe

C:\WINDOWS\system32\WLTRYSVC.EXE

C:\WINDOWS\system32\BCMWLTRY.EXE

C:\ARQUIV~1\GbPlugin\gbpsv.exe

C:\ARQUIV~1\Grisoft\AVG7\avgamsvr.exe

C:\ARQUIV~1\Grisoft\AVG7\avgupsvc.exe

C:\ARQUIV~1\Grisoft\AVG7\avgemc.exe

C:\Arquivos de programas\WIDCOMM\Bluetooth Software\bin\btwdins.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\wscntfy.exe

C:\ComboFix\pv.cfexe

.

**************************************************************************

.

Tempo para conclusÆo: 2008-09-21 9:10:52 - Maquina reiniciou [Fabiano]

ComboFix-quarantined-files.txt 2008-09-21 12:10:49

Pre-Run: 13 pasta(s) 11,215,503,360 bytes disponíveis

Post-Run: 16 pasta(s) 11,307,593,728 bytes dispon¡veis

285 --- E O F --- 2008-09-10 02:49:37

DigRam · Setembro 21, 2008

Bom Dia! Buga

<@> Vá a este Link,e baixe:

< Malwarebytes >

<@> Atualize o programa!

<@> Escolha o escaneamento Rápido!

<@> Desabilite programas de proteção,ao executar o malwarebytes.

<@> Procure enviar os ítens,detectados,para a quarentena.

<@> Para maiores detalhes: < Link >

-----------------------

<@> Poste,os relatórios: mbam-log-9-21-2008 (00-00-00).txt + HijackThis,atualizado.

Abraços!

Buga · Setembro 21, 2008

Bom dia!

O IE parou de abri sozinho apos passar o ComboFix, fiz o que mandou e o Malwarebytes acusou 3 Malwares e eles estão na quarentena...

Segue o log do Malwarebytes:

Malwarebytes' Anti-Malware 1.28

Versão do banco de dados: 1184

Windows 5.1.2600 Service Pack 3

21/9/2008 11:45:41 Fabiano

mbam-log-2008-09-21 (11-45-41).txt

Tipo de Verificação: Rápida

Objetos verificados: 65893

Tempo decorrido: 2 minute(s), 49 second(s)

Processos da Memória infectados: 0

Módulos de Memória Infectados: 0

Chaves do Registro infectadas: 2

Valores do Registro infectados: 0

Ítens do Registro infectados: 0

Pastas infectadas: 0

Arquivos infectados: 1

Processos da Memória infectados:

(Nenhum ítem malicioso foi detectado)

Módulos de Memória Infectados:

(Nenhum ítem malicioso foi detectado)

Chaves do Registro infectadas:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c41a1c0e-ea6c-11d4-b1b8-444553540003} (Trojan.BHO) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{c41a1c0e-ea6c-11d4-b1b8-444553540003} (Trojan.BHO) -> Quarantined and deleted successfully.

Valores do Registro infectados:

(Nenhum ítem malicioso foi detectado)

Ítens do Registro infectados:

(Nenhum ítem malicioso foi detectado)

Pastas infectadas:

(Nenhum ítem malicioso foi detectado)

Arquivos infectados:

C:\Arquivos de programas\GbPlugin\gbiehcef.dll (Trojan.BHO) -> Delete on reboot.

Buga · Setembro 21, 2008

Segue o log do Hijack:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 11:49 Fabiano, on 21/9/2008

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16705)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\System32\WLTRYSVC.EXE

C:\WINDOWS\System32\bcmwltry.exe

C:\Arquivos de programas\GbPlugin\GbpSv.exe

C:\WINDOWS\system32\spoolsv.exe

C:\ARQUIV~1\Grisoft\AVG7\avgcc.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\ARQUIV~1\Grisoft\AVG7\avgamsvr.exe

C:\ARQUIV~1\Grisoft\AVG7\avgupsvc.exe

C:\ARQUIV~1\Grisoft\AVG7\avgemc.exe

C:\Arquivos de programas\WIDCOMM\Bluetooth Software\bin\btwdins.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\alg.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\WINDOWS\system32\wuauclt.exe