[Resolvido!] Vírus no meu pc, não consigo executar ou instalar ne

[redieu 0]

Olá Antonio!

 

Eu havia feito sim o log do UsbFix, mas esqueci de postar. Desculpe, agora sim, vou postar.

 

Quanto ao log do Ad-Remover, eu somente havia feito o scan, esqueci também de fazer a limpeza. Foi mal de novo.

 

Seguem os logs:

 

Log do Ad-Remover:

 

.

======= LOGFILE OF AD-REMOVER 2.0.0.0,B | ONLY XP/VISTA/7 =======

.

Updated by C_XX on 31/03/10 à 21:30

Contact: AdRemover.contact@gmail.com

Site web: http://pagesperso-orange.fr/NosTools/ad_remover.html

.

Started: 21:17:15 le 02/04/2010 | Normal boot | Option: CLEAN

Executed from: C:\Ad-Remover\ADR.exe

OS: Microsoft® Windows XP™ Service Pack 3 - X86

Computer name: DESKTOP | Current user: User (Administrator)

.

============== FIXED ELEMENTS ==============

.

.

C:\Arquivos de programas\Ask Search Assistant

C:\Documents and Settings\User\Dados de aplicativos\Mozilla\FireFox\Profiles\0qsq6b92.default\searchplugins\mywebsearch.xml

C:\Documents and Settings\User\Menu Iniciar\Programas\Ask Search Assistant

 

(!) -- Deleted temporary files.

.

HKCU\Software\FunWebProducts

HKCU\Software\Microsoft\Internet Explorer\MenuExt\&Search

HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}

HKLM\Software\Classes\CLSID\{799391D3-EB86-4bac-9BD3-CBFEA58A0E15}

HKLM\Software\Classes\CLSID\{D858DAFC-9573-4811-B323-7011A3AA7E61}

HKLM\Software\Classes\Interface\{07B18EAA-A523-4961-B6BB-170DE4475CCA}

HKLM\Software\Classes\Interface\{07B18EAC-A523-4961-B6BB-170DE4475CCA}

HKLM\Software\Classes\Interface\{1093995A-BA37-41D2-836E-091067C4AD17}

HKLM\Software\Classes\Interface\{120927BF-1700-43BC-810F-FAB92549B390}

HKLM\Software\Classes\Interface\{17DE5E5E-BFE3-4E83-8E1F-8755795359EC}

HKLM\Software\Classes\Interface\{1F52A5FA-A705-4415-B975-88503B291728}

HKLM\Software\Classes\Interface\{247A115F-06C2-4FB3-967D-2D62D3CF4F0A}

HKLM\Software\Classes\Interface\{2E3537FC-CF2F-4F56-AF54-5A6A3DD375CC}

HKLM\Software\Classes\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}

HKLM\Software\Classes\Interface\{3E1656ED-F60E-4597-B6AA-B6A58E171495}

HKLM\Software\Classes\Interface\{3E53E2CB-86DB-4A4A-8BD9-FFEB7A64DF82}

HKLM\Software\Classes\Interface\{3E720451-B472-4954-B7AA-33069EB53906}

HKLM\Software\Classes\Interface\{3E720453-B472-4954-B7AA-33069EB53906}

HKLM\Software\Classes\Interface\{63D0ED2B-B45B-4458-8B3B-60C69BBBD83C}

HKLM\Software\Classes\Interface\{63D0ED2D-B45B-4458-8B3B-60C69BBBD83C}

HKLM\Software\Classes\Interface\{6E74766C-4D93-4CC0-96D1-47B8E07FF9CA}

HKLM\Software\Classes\Interface\{72EE7F04-15BD-4845-A005-D6711144D86A}

HKLM\Software\Classes\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}

HKLM\Software\Classes\Interface\{7473D291-B7BB-4F24-AE82-7E2CE94BB6A9}

HKLM\Software\Classes\Interface\{7473D293-B7BB-4F24-AE82-7E2CE94BB6A9}

HKLM\Software\Classes\Interface\{7473D295-B7BB-4F24-AE82-7E2CE94BB6A9}

HKLM\Software\Classes\Interface\{7473D297-B7BB-4F24-AE82-7E2CE94BB6A9}

HKLM\Software\Classes\Interface\{90449521-D834-4703-BB4E-D3AA44042FF8}

HKLM\Software\Classes\Interface\{991AAC62-B100-47CE-8B75-253965244F69}

HKLM\Software\Classes\Interface\{A626CDBD-3D13-4F78-B819-440A28D7E8FC}

HKLM\Software\Classes\Interface\{BBABDC90-F3D5-4801-863A-EE6AE529862D}

HKLM\Software\Classes\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE}

HKLM\Software\Classes\Interface\{D6FF3684-AD3B-48EB-BBB4-B9E6C5A355C1}

HKLM\Software\Classes\Interface\{DE38C398-B328-4F4C-A3AD-1B5E4ED93477}

HKLM\Software\Classes\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25E}

HKLM\Software\Classes\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25F}

HKLM\Software\Classes\Interface\{E79DFBC9-5697-4FBD-94E5-5B2A9C7C1612}

HKLM\Software\Classes\Interface\{E79DFBCB-5697-4FBD-94E5-5B2A9C7C1612}

HKLM\Software\Classes\Interface\{EB9E5C1C-B1F9-4C2B-BE8A-27D6446FDAF8}

HKLM\Software\Classes\Interface\{F87D7FB5-9DC5-4C8C-B998-D8DFE02E2978}

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Ask.com Search Assistant

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser|{D4027C7F-154A-4066-A1AD-4243D8127440}

HKLM\Software\Mozilla\Firefox\Extensions|m3ffxtbr@mywebsearch.com

.

.

============== ADDITIONNAL SCAN ==============

.

* Mozilla FireFox Version 3.5.6 (pt-BR) *

.

C:\Documents and Settings\User\Dados de aplicativos\mozilla\firefox\profiles\0qsq6b92.default\prefs.js - browser.download.lastDir: C:\\Documents and Settings\\User\\Desktop

C:\Documents and Settings\User\Dados de aplicativos\mozilla\firefox\profiles\0qsq6b92.default\prefs.js - browser.search.defaultenginename: Search the web Babylon

C:\Documents and Settings\User\Dados de aplicativos\mozilla\firefox\profiles\0qsq6b92.default\prefs.js - browser.search.defaulturl: hxxp://search.babylon.com/web/{searchTerms}?babsrc=browsersearch

C:\Documents and Settings\User\Dados de aplicativos\mozilla\firefox\profiles\0qsq6b92.default\prefs.js - browser.search.selectedEngine: Google

C:\Documents and Settings\User\Dados de aplicativos\mozilla\firefox\profiles\0qsq6b92.default\prefs.js - browser.startup.homepage: hxxp://www.uol.com.br/

C:\Documents and Settings\User\Dados de aplicativos\mozilla\firefox\profiles\0qsq6b92.default\prefs.js - browser.startup.homepage_override.mstone: rv:1.9.1.6

C:\Documents and Settings\User\Dados de aplicativos\mozilla\firefox\profiles\0qsq6b92.default\prefs.js - keyword.URL: hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=ZKfox000&ptb=sSvKNFhPhbUEmoKueCGn9A&psa=&ind=2010033112&ptnrS=ZKfox000&si=&st=kwd&n=77ceabd8&searchfor=

.

ERASED: C:\Documents and Settings\User\Dados de aplicativos\mozilla\firefox\profiles\0qsq6b92.default\prefs.js - user_pref("extensions.mywebsearch.openSearchURL", "hxxp://search.mywebsearch.com/mywebsearch/opensearch.jhtml?id=ZKfox000&ptb=sSvKNFhPhbUEmoKueCGn9A&ind=2010033112&osp=mws&ptnrS=ZKfox000&si=&st=sb&n=77ceabd8");

ERASED: C:\Documents and Settings\User\Dados de aplicativos\mozilla\firefox\profiles\0qsq6b92.default\prefs.js - user_pref("extensions.mywebsearch.prevKwdEnabled", true);

ERASED: C:\Documents and Settings\User\Dados de aplicativos\mozilla\firefox\profiles\0qsq6b92.default\prefs.js - user_pref("extensions.mywebsearch.prevKwdURL", "chrome://browser-region/locale/region.properties");

ERASED: C:\Documents and Settings\User\Dados de aplicativos\mozilla\firefox\profiles\0qsq6b92.default\prefs.js - user_pref("keyword.URL", "hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=ZKfox000&ptb=sSvKNFhPhbUEmoKueCGn9A&psa=&ind=2010033112&ptnrS=ZKfox000&si=&st=kwd&n=77ceabd8&searchfor=");

.

* Internet Explorer Version 8.0.6001.18702 *

.

[HKCU\Software\Microsoft\Internet Explorer\Main]

.

Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome

Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

Do404Search: 0x01000000

Enable Browser Extensions: yes

Local Page: C:\WINDOWS\system32\blank.htm

Search bar: hxxp://go.microsoft.com/fwlink/?linkid=54896

Show_ToolBar: yes

Start Page: hxxp://fr.msn.com/

.

[HKLM\Software\Microsoft\Internet Explorer\Main]

.

Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome

Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

Delete_Temp_Files_On_Exit: yes

Local Page: C:\WINDOWS\system32\blank.htm

Search bar: hxxp://search.msn.com/spbasic.htm

Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

Start Page: hxxp://fr.msn.com/

.

[HKLM\Software\Microsoft\Internet Explorer\ABOUTURLS]

.

Tabs: res://ieframe.dll/tabswelcome.htm

Blank: res://mshtml.dll/blank.htm

.

========================================

.

C:\DOCUME~1\User\CONFIG~1\Temp: 0 Files, 13 Folders

C:\WINDOWS\temp: 2 Files, 0 Folders

Temporary Internet Files: 2 Files, 7 Folders

.

C:\Ad-Remover\Quarantine: 1 Files

C:\Ad-Remover\Backup: 14 Files

.

C:\Ad-Report-CLEAN[1].txt - 7579 Byte(s)

C:\Ad-Report-SCAN[1].txt - 7462 Byte(s)

.

End at: 21:19:33, 02/04/2010

.

============== E.O.F - CLEAN[1] ==============

 

Log do UsbFix:

 

 

############################## | UsbFix V6.100 |

 

User : User (Administradores) # DESKTOP

Update on 18/03/2010 by El Desaparecido , C_XX & Chimay8

Start at: 21:06:24 | 2/4/2010

Website : http://pagesperso-orange.fr/NosTools/index.html

Contact : FindyKill.Contact@gmail.com

 

Intel® Core2 Duo CPU E4700 @ 2.60GHz

Microsoft Windows XP Professional (5.1.2600 32-bit) # Service Pack 3

Internet Explorer 8.0.6001.18702

Windows Firewall Status : Enabled

AV : AntiVir Desktop 9.0.1.32 [ (!) Disabled | Updated ]

 

C:\ -> Disco fixo local # 78,13 Go (47,78 Go free) # NTFS

D:\ -> Disco fixo local # 219,96 Go (180,77 Go free) # NTFS

E:\ -> Disco CD-ROM

F:\ -> Disco removível

G:\ -> Disco removível

H:\ -> Disco removível

I:\ -> Disco removível

 

################## | Ficheiros # pastas infeciosos |

 

Supprimido ! C:\Recycler\S-1-5-21-823518204-1275210071-1801674531-1003

Supprimido ! D:\Recycler\S-1-5-21-823518204-1275210071-1801674531-1003

 

################## | Registro |

 

 

################## | Mountpoints2 |

 

Supprimido ! HKCU\...\Explorer\MountPoints2\{16dcc296-0e72-11df-84a9-0018370747da}\Shell\aUTOPlAy\Command

Supprimido ! HKCU\...\Explorer\MountPoints2\{4f4854e3-12c2-11df-84b5-0018370747da}\Shell\AutoplAy\Command

Supprimido ! HKCU\...\Explorer\MountPoints2\{4f4854e4-12c2-11df-84b5-0018370747da}\Shell\AuTOPlAY\Command

Supprimido ! HKCU\...\Explorer\MountPoints2\{881a60aa-e41a-11de-8422-0018370747da}\Shell\AUtOplay\Command

 

################## | Listing |

 

[26/11/2009 11:22|--a------|4078] C:\agenda.txt

[07/11/2009 07:43|--a------|0] C:\AUTOEXEC.BAT

[07/11/2009 07:47|--a------|320] C:\Boot.bak

[08/12/2009 19:11|-rahs----|391] C:\boot.ini

[14/04/2008 09:00|-rahs----|4952] C:\Bootfont.bin

[03/08/2004 23:00|--a------|261856] C:\cmldr

[12/12/2009 12:38|--a------|23144] C:\ComboFix.txt

[07/11/2009 07:43|--a------|0] C:\CONFIG.SYS

[07/11/2009 07:43|-rahs----|0] C:\IO.SYS

[07/11/2009 07:43|-rahs----|0] C:\MSDOS.SYS

[17/02/2010 11:31|--a------|101796] C:\nnstl.ini

[14/04/2008 09:00|-rahs----|47564] C:\NTDETECT.COM

[14/04/2008 09:00|-rahs----|251696] C:\ntldr

[?|?|?] C:\pagefile.sys

[29/03/2010 09:25|--a------|928] C:\rmslt.log

[28/03/2010 22:34|--a------|13432] C:\SAFEBOOT_REPAIR.TXT

[29/03/2010 10:13|--a------|65339854] C:\sality.txt

[22/10/2009 14:16|--a------|145672] C:\SalityKiller.exe

[02/04/2010 21:08|--a------|2398] C:\UsbFix.txt

[01/04/2010 19:34|--a------|1511] C:\UsbFix_Upload_Me_DESKTOP.zip

 

################## | Vaccinação |

 

# C:\autorun.inf -> Autorun.inf criado por UsbFix (El Desaparecido).

# D:\autorun.inf -> Autorun.inf criado por UsbFix (El Desaparecido).

 

################## | Upload |

 

Favor enviar o arquivo : C:\UsbFix_Upload_Me_DESKTOP.zip : http://chiquitine.changelog.fr/Sample/Upload.php

Obrigado pela sua contribuição .

 

################## | ! Fim do relatório # UsbFix V6.100 ! |

 

===================================================

 

Log do Hijackthis:

 

Logfile of HijackThis v1.99.1

Scan saved at 21:24:48, on 2/4/2010

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe

C:\Arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe

C:\ARQUIV~1\Nokia\NOKIAP~1\LAUNCH~1.EXE

C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe

C:\WINDOWS\juchecka.exe

C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Arquivos de programas\Nokia\Nokia PC Suite 6\PcSync2.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

C:\ARQUIV~1\ARQUIV~1\PCSuite\Services\SERVIC~1.EXE

C:\ARQUIV~1\ARQUIV~1\Nokia\MPAPI\MPAPI3s.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Documents and Settings\User\Desktop\HijackThis\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.microsoft.com/fwlink/?linkid=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Dados de aplicativos\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Easy Gif Animator Toolbar Helper - {96372AB6-15EB-4316-B497-71C741BC548C} - C:\Arquivos de programas\Easy Gif Animator Extension\v3.3.0.3\EasyGifAnimator_Toolbar.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O3 - Toolbar: Easy Gif Animator Toolbar - {35065594-9169-4A34-B167-FC4865038E53} - C:\Arquivos de programas\Easy Gif Animator Extension\v3.3.0.3\EasyGifAnimator_Toolbar.dll

O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [RemoteControl] "C:\Arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [HP Software Update] C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Arquivos de programas\Arquivos comuns\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime Alternative\qttask.exe" -atboottime

O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\ARQUIV~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -onlytray

O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [juchecka.exe] C:\WINDOWS\juchecka.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [swg] "C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

O4 - HKCU\..\Run: [PcSync] C:\Arquivos de programas\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O11 - Options group: [iNTERNATIONAL] International

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveSystemServices.dll

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Help\hxds.dll

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\ARQUIV~1\ARQUIV~1\MICROS~1\OFFICE12\MSOXMLMF.DLL

O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe

O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: wampapache - Unknown owner - c:\wamp\bin\apache\apache2.2.11\bin\httpd.exe" -k runservice (file missing)

O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.1.36\bin\mysqld.exe

[Power Max 54]

:) Vários outros problemas foram removidos.

_____________________________

 

:seta: Tente novamente seguir as dicas destes tutoriais abaixo e veja se é possível:

 

Tutorial do Dr. Web CureIt

 

'>http://dicasetutoriaisparapc.blogspot.com/2008/09/tutorial-do-antivirus-nod32-online.html"]Tutorial do antivirus Nod32 Online

 

Caso não seja possível seguir estes procedimentos acima, tente estes abaixo:

 

Tutorial do antivírus BitDefender Online

 

Tutorial do F-Secure Online

 

Tutorial do Antivírus Panda Online

 

Tutorial do Antivírus OneCare Online

_________________________________

 

:seta: Caso tenha sido possível executar os procedimentos acima, poste em sua próxima resposta os logs que estarão em C:\Arquivos de programas\Eset\Eset Online Scanner\log.txt, C:\Windows\BDOSCAN8\bdoscan.log, o log do F-Secure Online, o log do Panda Online e o log do Dr. Web CureIt e nos diga como está seu PC depois disto.

 

Ficamos na espera.

[redieu 0]

Olá Antonio!

 

Desculpe pela demora, pois estava em uma semana super corrida e não dava para usar o computador por muito tempo para fazer os scans.

 

Bom, fiz os scans, tudo correu normalmente. Dessa vez consegui fazer o scan do Nod32 Online. Fiz também o do Dr.Web e do Panda, só que não consegui salvar o log deste último.

 

Logs:

 

Log do F-Secure Online:

 

7 malware encontrado

TrackingCookie.Questionmarket (spyware)

 

* Sistema (Desinfectado)

 

TrackingCookie.2o7 (spyware)

 

* Sistema (Desinfectado)

 

TrackingCookie.Atdmt (spyware)

 

* Sistema (Desinfectado)

 

Trojan-Proxy:W32/Agent.DIQR (spyware)

 

* Sistema (Desinfectado)

 

TrackingCookie.Doubleclick (spyware)

 

* Sistema (Desinfectado)

 

Backdoor:W32/Agent (spyware)

 

* Sistema (Desinfectado)

 

Win32.Sality.OG (spyware)

 

* Sistema (Desinfectado)

 

Estatística

Verificado:

 

* Arquivos: 6967

* Sistema: 6967

* Não verificado: 0

 

Ações:

 

* Desinfectado: 7

* Renomeado: 0

* Excluído: 0

* Não foi limpo: 0

* Enviado: 0

 

==============================

 

BDoScan.log:

 

[General]

App = "楂䑴晥湥敤⁲湏楬敮匠慣湮牥 v8"

Date = 05:04:2010

Time = 12:03:25

Scan Path = C:\;D:\;E:\;F:\;G:\;H:\;I:\;

 

[Engines Info]

Virus Definitions = 5587852

Engine build = "AVCORE v2.1 Windows/i386 11.0.0.33 (Feb 25 2010)"

Scan plugins = 17

Archive plugins = 44

Unpack plugins = 8

E-mail plugins = 6

System plugins = 4

 

[scan Statistics]

Folders = 10979

Files = 1051323

Archives = 7962

Packed files = 56323

Identified viruses = 6

Infected files = 319

Warnings = 0

Suspect files = 0

Disinfected files = 298

Deleted files = 22

Copied files = 0

Moved files = 0

Renamed files = 0

I/O Errors = 30

 

[scan Settings]

SecondAction = Delete

FirstAction = Disinfect

Heuristics = 1

Enable Warnings = 1

Exclude Ext =

Extensions = *;

Scan Emails = 1

Scan Archives = 1

Scan Packed = 1

Scan Files = 1

Scan Boot = 1

Verify Memory = 0

 

[scan Results]

Line00000670 = "C:\Ad-Remover\ADR.exe Infected with: Win32.Sality.OG"

Line00000669 = "C:\Ad-Remover\ADR.exe Disinfected"

Line00000668 = "C:\Ad-Remover\Backup\AD-R.exe Infected with: Win32.Sality.OG"

Line00000667 = "C:\Ad-Remover\Backup\AD-R.exe Disinfected"

Line00000666 = "C:\Ad-Remover\Un-ADR.exe Infected with: Win32.Sality.OG"

Line00000665 = "C:\Ad-Remover\Un-ADR.exe Disinfected"

Line00000664 = "C:\Arquivos de programas\Adobe\Adobe Dreamweaver CS4\Dreamweaver.exe Infected with: Win32.Sality.OG"

Line00000663 = "C:\Arquivos de programas\Adobe\Adobe Dreamweaver CS4\Dreamweaver.exe Disinfected"

Line00000662 = "C:\Arquivos de programas\Adobe\Adobe Dreamweaver CS4\JVM\bin\java.exe Infected with: Win32.Sality.OG"

Line00000661 = "C:\Arquivos de programas\Adobe\Adobe Dreamweaver CS4\JVM\bin\java.exe Disinfected"

Line00000660 = "C:\Arquivos de programas\Adobe\Adobe Dreamweaver CS4\JVM\bin\javac.exe Infected with: Win32.Sality.OG"

Line00000659 = "C:\Arquivos de programas\Adobe\Adobe Dreamweaver CS4\JVM\bin\javac.exe Disinfected"

Line00000658 = "C:\Arquivos de programas\Adobe\Adobe Dreamweaver CS4\JVM\bin\javaw.exe Infected with: Win32.Sality.OG"

Line00000657 = "C:\Arquivos de programas\Adobe\Adobe Dreamweaver CS4\JVM\bin\javaw.exe Disinfected"

Line00000656 = "C:\Arquivos de programas\Adobe\Adobe Dreamweaver CS4\JVM\bin\keytool.exe Infected with: Win32.Sality.OG"

Line00000655 = "C:\Arquivos de programas\Adobe\Adobe Dreamweaver CS4\JVM\bin\keytool.exe Disinfected"

Line00000654 = "C:\Arquivos de programas\Adobe\Adobe Dreamweaver CS4\JVM\bin\policytool.exe Infected with: Win32.Sality.OG"

Line00000653 = "C:\Arquivos de programas\Adobe\Adobe Dreamweaver CS4\JVM\bin\policytool.exe Disinfected"

Line00000652 = "C:\Arquivos de programas\Adobe\Adobe Dreamweaver CS4\JVM\bin\rmid.exe Infected with: Win32.Sality.OG"

Line00000651 = "C:\Arquivos de programas\Adobe\Adobe Dreamweaver CS4\JVM\bin\rmid.exe Disinfected"

Line00000650 = "C:\Arquivos de programas\Adobe\Adobe Dreamweaver CS4\JVM\bin\rmiregistry.exe Infected with: Win32.Sality.OG"

Line00000649 = "C:\Arquivos de programas\Adobe\Adobe Dreamweaver CS4\JVM\bin\rmiregistry.exe Disinfected"

Line00000648 = "C:\Arquivos de programas\Adobe\Adobe Dreamweaver CS4\JVM\bin\tnameserv.exe Infected with: Win32.Sality.OG"

Line00000647 = "C:\Arquivos de programas\Adobe\Adobe Dreamweaver CS4\JVM\bin\tnameserv.exe Disinfected"

Line00000646 = "C:\Arquivos de programas\Adobe\Adobe Dreamweaver CS4\LogTransport2.exe Infected with: Win32.Sality.OG"

Line00000645 = "C:\Arquivos de programas\Adobe\Adobe Dreamweaver CS4\LogTransport2.exe Disinfected"

Line00000644 = "C:\Arquivos de programas\Adobe\Adobe Flash CS4\CrashReporterApp.exe Infected with: Win32.Sality.OG"

Line00000643 = "C:\Arquivos de programas\Adobe\Adobe Flash CS4\CrashReporterApp.exe Disinfected"

Line00000642 = "C:\Arquivos de programas\Adobe\Adobe Flash CS4\Flash.exe Infected with: Win32.Sality.OG"

Line00000641 = "C:\Arquivos de programas\Adobe\Adobe Flash CS4\Flash.exe Disinfected"

Line00000640 = "C:\Arquivos de programas\Adobe\Adobe Flash CS4\JVM\bin\java.exe Infected with: Win32.Sality.OG"

Line00000639 = "C:\Arquivos de programas\Adobe\Adobe Flash CS4\JVM\bin\java.exe Disinfected"

Line00000638 = "C:\Arquivos de programas\Adobe\Adobe Flash CS4\JVM\bin\javaw.exe Infected with: Win32.Sality.OG"

Line00000637 = "C:\Arquivos de programas\Adobe\Adobe Flash CS4\JVM\bin\javaw.exe Disinfected"

Line00000636 = "C:\Arquivos de programas\Adobe\Adobe Flash CS4\JVM\bin\javaws.exe Infected with: Win32.Sality.OG"

Line00000635 = "C:\Arquivos de programas\Adobe\Adobe Flash CS4\JVM\bin\javaws.exe Disinfected"

Line00000634 = "C:\Arquivos de programas\Adobe\Adobe Flash CS4\JVM\bin\jucheck.exe Infected with: Win32.Sality.OG"

Line00000633 = "C:\Arquivos de programas\Adobe\Adobe Flash CS4\JVM\bin\jucheck.exe Disinfected"

Line00000632 = "C:\Arquivos de programas\Adobe\Adobe Flash CS4\JVM\bin\jusched.exe Infected with: Win32.Sality.OG"

Line00000631 = "C:\Arquivos de programas\Adobe\Adobe Flash CS4\JVM\bin\jusched.exe Disinfected"

Line00000630 = "C:\Arquivos de programas\Adobe\Adobe Flash CS4\JVM\bin\keytool.exe Infected with: Win32.Sality.OG"

Line00000629 = "C:\Arquivos de programas\Adobe\Adobe Flash CS4\JVM\bin\keytool.exe Disinfected"

Line00000628 = "C:\Arquivos de programas\Adobe\Adobe Flash CS4\JVM\bin\kinit.exe Infected with: Win32.Sality.OG"

Line00000627 = "C:\Arquivos de programas\Adobe\Adobe Flash CS4\JVM\bin\kinit.exe Disinfected"

Line00000626 = "C:\Arquivos de programas\Adobe\Adobe Flash CS4\JVM\bin\klist.exe Infected with: Win32.Sality.OG"

Line00000625 = "C:\Arquivos de programas\Adobe\Adobe Flash CS4\JVM\bin\klist.exe Disinfected"

Line00000624 = "C:\Arquivos de programas\Adobe\Adobe Flash CS4\JVM\bin\ktab.exe Infected with: Win32.Sality.OG"

Line00000623 = "C:\Arquivos de programas\Adobe\Adobe Flash CS4\JVM\bin\ktab.exe Disinfected"

Line00000622 = "C:\Arquivos de programas\Adobe\Adobe Flash CS4\JVM\bin\orbd.exe Infected with: Win32.Sality.OG"

Line00000621 = "C:\Arquivos de programas\Adobe\Adobe Flash CS4\JVM\bin\orbd.exe Disinfected"

Line00000620 = "C:\Arquivos de programas\Adobe\Adobe Flash CS4\LogTransport.exe Infected with: Win32.Sality.OG"

Line00000619 = "C:\Arquivos de programas\Adobe\Adobe Flash CS4\LogTransport.exe Disinfected"

Line00000618 = "C:\Arquivos de programas\Adobe\Adobe Flash CS4\LogTransport2.exe Infected with: Win32.Sality.OG"

Line00000617 = "C:\Arquivos de programas\Adobe\Adobe Flash CS4\LogTransport2.exe Disinfected"

Line00000616 = "C:\Arquivos de programas\Adobe\Adobe Flash CS4\Players\Debug\FlashPlayer.exe Infected with: Win32.Sality.OG"

Line00000615 = "C:\Arquivos de programas\Adobe\Adobe Flash CS4\Players\Debug\FlashPlayer.exe Disinfected"

Line00000614 = "C:\Arquivos de programas\Adobe\Adobe Flash CS4\Players\Debug\Install Flash Player 10 ActiveX.exe Infected with: Win32.Sality.OG"

Line00000613 = "C:\Arquivos de programas\Adobe\Adobe Flash CS4\Players\Debug\Install Flash Player 10 ActiveX.exe Disinfected"

Line00000612 = "C:\Arquivos de programas\Adobe\Adobe Flash CS4\Players\Debug\Install Flash Player 10 Plugin.exe Infected with: Win32.Sality.OG"

Line00000611 = "C:\Arquivos de programas\Adobe\Adobe Flash CS4\Players\Debug\Install Flash Player 10 Plugin.exe Disinfected"

Line00000610 = "C:\Arquivos de programas\Adobe\Adobe Flash CS4\Players\FlashPlayer.exe Infected with: Win32.Sality.OG"

Line00000609 = "C:\Arquivos de programas\Adobe\Adobe Flash CS4\Players\FlashPlayer.exe Disinfected"

Line00000608 = "C:\Arquivos de programas\Adobe\Adobe Flash CS4\Players\Release\FlashPlayer.exe Infected with: Win32.Sality.OG"

Line00000607 = "C:\Arquivos de programas\Adobe\Adobe Flash CS4\Players\Release\FlashPlayer.exe Disinfected"

Line00000606 = "C:\Arquivos de programas\Adobe\Adobe Flash CS4\Players\Release\Install Flash Player 10 ActiveX.exe Infected with: Win32.Sality.OG"

Line00000605 = "C:\Arquivos de programas\Adobe\Adobe Flash CS4\Players\Release\Install Flash Player 10 ActiveX.exe Disinfected"

Line00000604 = "C:\Arquivos de programas\Adobe\Adobe Flash CS4\Players\Release\Install Flash Player 10 Plugin.exe Infected with: Win32.Sality.OG"

Line00000603 = "C:\Arquivos de programas\Adobe\Adobe Flash CS4\Players\Release\Install Flash Player 10 Plugin.exe Disinfected"

Line00000602 = "C:\Arquivos de programas\Adobe\Adobe Photoshop CS3\Photoshop.exe Infected with: Win32.Sality.OG"

Line00000601 = "C:\Arquivos de programas\Adobe\Adobe Photoshop CS3\Photoshop.exe Disinfected"

Line00000600 = "C:\Arquivos de programas\Adobe\Adobe Utilities\Pixel Bender Toolkit\pixel_bender_toolkit.exe Infected with: Win32.Sality.OG"

Line00000599 = "C:\Arquivos de programas\Adobe\Adobe Utilities\Pixel Bender Toolkit\pixel_bender_toolkit.exe Disinfected"

Line00000598 = "C:\Arquivos de programas\Adobe\Adobe Utilities\Pixel Bender Toolkit\sniffer_gpu.exe Infected with: Win32.Sality.OG"

Line00000597 = "C:\Arquivos de programas\Adobe\Adobe Utilities\Pixel Bender Toolkit\sniffer_gpu.exe Disinfected"

Line00000596 = "C:\Arquivos de programas\Antares Audio Technologies\Auto-Tune Evo VST\Authorization Wizard.exe Infected with: Win32.Sality.OG"

Line00000595 = "C:\Arquivos de programas\Antares Audio Technologies\Auto-Tune Evo VST\Authorization Wizard.exe Disinfected"

Line00000594 = "C:\Arquivos de programas\Arquivos comuns\Adobe\CS4ServiceManager\jre\bin\java.exe Infected with: Win32.Sality.OG"

Line00000593 = "C:\Arquivos de programas\Arquivos comuns\Adobe\CS4ServiceManager\jre\bin\java.exe Disinfected"

Line00000592 = "C:\Arquivos de programas\Arquivos comuns\Adobe\CS4ServiceManager\jre\bin\javaw.exe Infected with: Win32.Sality.OG"

Line00000591 = "C:\Arquivos de programas\Arquivos comuns\Adobe\CS4ServiceManager\jre\bin\javaw.exe Disinfected"

Line00000590 = "C:\Arquivos de programas\Arquivos comuns\Adobe\CS4ServiceManager\jre\bin\javaws.exe Infected with: Win32.Sality.OG"

Line00000589 = "C:\Arquivos de programas\Arquivos comuns\Adobe\CS4ServiceManager\jre\bin\javaws.exe Disinfected"

Line00000588 = "C:\Arquivos de programas\Arquivos comuns\Adobe\CS4ServiceManager\jre\bin\jucheck.exe Infected with: Win32.Sality.OG"

Line00000587 = "C:\Arquivos de programas\Arquivos comuns\Adobe\CS4ServiceManager\jre\bin\jucheck.exe Disinfected"

Line00000586 = "C:\Arquivos de programas\Arquivos comuns\Adobe\CS4ServiceManager\jre\bin\jusched.exe Infected with: Win32.Sality.OG"

Line00000585 = "C:\Arquivos de programas\Arquivos comuns\Adobe\CS4ServiceManager\jre\bin\jusched.exe Disinfected"

Line00000584 = "C:\Arquivos de programas\Arquivos comuns\Adobe\CS4ServiceManager\jre\bin\keytool.exe Infected with: Win32.Sality.OG"

Line00000583 = "C:\Arquivos de programas\Arquivos comuns\Adobe\CS4ServiceManager\jre\bin\keytool.exe Disinfected"

Line00000582 = "C:\Arquivos de programas\Arquivos comuns\Adobe\CS4ServiceManager\jre\bin\kinit.exe Infected with: Win32.Sality.OG"

Line00000581 = "C:\Arquivos de programas\Arquivos comuns\Adobe\CS4ServiceManager\jre\bin\kinit.exe Disinfected"

Line00000580 = "C:\Arquivos de programas\Arquivos comuns\Adobe\CS4ServiceManager\jre\bin\klist.exe Infected with: Win32.Sality.OG"

Line00000579 = "C:\Arquivos de programas\Arquivos comuns\Adobe\CS4ServiceManager\jre\bin\klist.exe Disinfected"

Line00000578 = "C:\Arquivos de programas\Arquivos comuns\Adobe\CS4ServiceManager\jre\bin\ktab.exe Infected with: Win32.Sality.OG"

Line00000577 = "C:\Arquivos de programas\Arquivos comuns\Adobe\CS4ServiceManager\jre\bin\ktab.exe Disinfected"

Line00000576 = "C:\Arquivos de programas\Arquivos comuns\Adobe\CS4ServiceManager\jre\bin\orbd.exe Infected with: Win32.Sality.OG"

Line00000575 = "C:\Arquivos de programas\Arquivos comuns\Adobe\CS4ServiceManager\jre\bin\orbd.exe Disinfected"

Line00000574 = "C:\Arquivos de programas\Arquivos comuns\Adobe\dynamiclink\dynamiclinkmanager.exe Infected with: Win32.Sality.OG"

Line00000573 = "C:\Arquivos de programas\Arquivos comuns\Adobe\dynamiclink\dynamiclinkmanager.exe Disinfected"

Line00000572 = "C:\Arquivos de programas\Arquivos comuns\Adobe\dynamiclink\processcoordinationserver.exe Infected with: Win32.Sality.OG"

Line00000571 = "C:\Arquivos de programas\Arquivos comuns\Adobe\dynamiclink\processcoordinationserver.exe Disinfected"

Line00000570 = "C:\Arquivos de programas\Arquivos comuns\Adobe\Installers\a68eec966ce913ddaa63251dc82ed31\Setup.exe Infected with: Win32.Sality.OG"

Line00000569 = "C:\Arquivos de programas\Arquivos comuns\Adobe\Installers\a68eec966ce913ddaa63251dc82ed31\Setup.exe Disinfected"

Line00000568 = "C:\Arquivos de programas\Arquivos comuns\Adobe\Installers\acce07fd2c8fe7f9e3f26243e626578\Setup.exe Infected with: Win32.Sality.OG"

Line00000567 = "C:\Arquivos de programas\Arquivos comuns\Adobe\Installers\acce07fd2c8fe7f9e3f26243e626578\Setup.exe Disinfected"

Line00000566 = "C:\Arquivos de programas\Arquivos comuns\Adobe\Updater6\AdobeUpdaterInstallMgr.exe Infected with: Win32.Sality.OG"

Line00000565 = "C:\Arquivos de programas\Arquivos comuns\Adobe\Updater6\AdobeUpdaterInstallMgr.exe Disinfected"

Line00000564 = "C:\Arquivos de programas\Arquivos comuns\Adobe\Updater6\Adobe_Updater.exe Infected with: Win32.Sality.OG"

Line00000563 = "C:\Arquivos de programas\Arquivos comuns\Adobe\Updater6\Adobe_Updater.exe Disinfected"

Line00000562 = "C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jucheck.exe Infected with: Win32.Sality.OG"

Line00000561 = "C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jucheck.exe Disinfected"

Line00000560 = "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe Infected with: Win32.Sality.OG"

Line00000559 = "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe Disinfected"

Line00000558 = "C:\Arquivos de programas\CyberLink DVD Solution\PowerDVD\PowerDVD.exe Infected with: Win32.Sality.OG"

Line00000557 = "C:\Arquivos de programas\CyberLink DVD Solution\PowerDVD\PowerDVD.exe Disinfected"

Line00000556 = "C:\Arquivos de programas\DivX\DivX Updater\DivXVersionChecker.exe Infected with: Win32.Sality.OG"

Line00000555 = "C:\Arquivos de programas\DivX\DivX Updater\DivXVersionChecker.exe Disinfected"

Line00000554 = "C:\Arquivos de programas\EA SPORTS\Copa do Mundo FIFA 2006\eauninstall.exe Infected with: Win32.Sality.OG"

Line00000553 = "C:\Arquivos de programas\EA SPORTS\Copa do Mundo FIFA 2006\eauninstall.exe Disinfected"

Line00000552 = "C:\Arquivos de programas\EA SPORTS\Copa do Mundo FIFA 2006\Support\2006 FIFA World Cup_code.exe Infected with: Win32.Sality.OG"

Line00000551 = "C:\Arquivos de programas\EA SPORTS\Copa do Mundo FIFA 2006\Support\2006 FIFA World Cup_code.exe Disinfected"

Line00000550 = "C:\Arquivos de programas\EA SPORTS\Copa do Mundo FIFA 2006\Support\2006 FIFA World Cup_uninst.exe Infected with: Win32.Sality.OG"

Line00000549 = "C:\Arquivos de programas\EA SPORTS\Copa do Mundo FIFA 2006\Support\2006 FIFA World Cup_uninst.exe Disinfected"

Line00000548 = "C:\Arquivos de programas\EA SPORTS\Copa do Mundo FIFA 2006\Support\EasyInfo.exe Infected with: Win32.Sality.OG"

Line00000547 = "C:\Arquivos de programas\EA SPORTS\Copa do Mundo FIFA 2006\Support\EasyInfo.exe Disinfected"

Line00000546 = "C:\Arquivos de programas\EA SPORTS\Copa do Mundo FIFA 2006\Support\EReg.exe Infected with: Win32.Sality.OG"

Line00000545 = "C:\Arquivos de programas\EA SPORTS\Copa do Mundo FIFA 2006\Support\EReg.exe Disinfected"

Line00000544 = "C:\Arquivos de programas\ESET\ESET Online Scanner\ESETSmartInstaller.exe Infected with: Win32.Sality.OG"

Line00000543 = "C:\Arquivos de programas\ESET\ESET Online Scanner\ESETSmartInstaller.exe Disinfected"

Line00000542 = "C:\Arquivos de programas\ESET\ESET Online Scanner\OnlineCmdLineScannerA.exe Infected with: Win32.Sality.OG"

Line00000541 = "C:\Arquivos de programas\ESET\ESET Online Scanner\OnlineCmdLineScannerA.exe Disinfected"

Line00000540 = "C:\Arquivos de programas\ESET\ESET Online Scanner\OnlineScannerApp.exe Infected with: Win32.Sality.OG"

Line00000539 = "C:\Arquivos de programas\ESET\ESET Online Scanner\OnlineScannerApp.exe Disinfected"

Line00000538 = "C:\Arquivos de programas\ESET\ESET Online Scanner\OnlineScannerUninstaller.exe Infected with: Win32.Sality.OG"

Line00000537 = "C:\Arquivos de programas\ESET\ESET Online Scanner\OnlineScannerUninstaller.exe Disinfected"

Line00000536 = "C:\Arquivos de programas\Foxit Software\Foxit Reader\Foxit Reader.exe Infected with: Win32.Sality.OG"

Line00000535 = "C:\Arquivos de programas\Foxit Software\Foxit Reader\Foxit Reader.exe Disinfected"

Line00000534 = "C:\Arquivos de programas\Foxit Software\Foxit Reader\Uninstall.exe Infected with: Win32.Sality.OG"

Line00000533 = "C:\Arquivos de programas\Foxit Software\Foxit Reader\Uninstall.exe Disinfected"

Line00000532 = "C:\Arquivos de programas\Foxit Software\Foxit Reader\UnInstallPDFReaderPlugin.exe Infected with: Win32.Sality.OG"

Line00000531 = "C:\Arquivos de programas\Foxit Software\Foxit Reader\UnInstallPDFReaderPlugin.exe Disinfected"

Line00000530 = "C:\Arquivos de programas\Gabest\VobSub\submux.exe Infected with: Win32.Sality.OG"

Line00000529 = "C:\Arquivos de programas\Gabest\VobSub\submux.exe Disinfected"

Line00000528 = "C:\Arquivos de programas\Gabest\VobSub\subresync.exe Infected with: Win32.Sality.OG"

Line00000527 = "C:\Arquivos de programas\Gabest\VobSub\subresync.exe Disinfected"

Line00000526 = "C:\Arquivos de programas\Gabest\VobSub\uninstall.exe Infected with: Win32.Sality.OG"

Line00000525 = "C:\Arquivos de programas\Gabest\VobSub\uninstall.exe Disinfected"

Line00000524 = "C:\Arquivos de programas\Google\Update\1.2.183.13\GoogleCrashHandler.exe Infected with: Win32.Sality.OG"

Line00000523 = "C:\Arquivos de programas\Google\Update\1.2.183.13\GoogleCrashHandler.exe Disinfected"

Line00000522 = "C:\Arquivos de programas\Google\Update\1.2.183.13\GoogleUpdate.exe Infected with: Win32.Sality.OG"

Line00000521 = "C:\Arquivos de programas\Google\Update\1.2.183.13\GoogleUpdate.exe Disinfected"

Line00000520 = "C:\Arquivos de programas\HP\Digital Imaging\bin\DestTest.exe Infected with: Win32.Sality.OG"

Line00000519 = "C:\Arquivos de programas\HP\Digital Imaging\bin\DestTest.exe Disinfected"

Line00000518 = "C:\Arquivos de programas\HP\Digital Imaging\bin\hpfccopy.exe Infected with: Win32.Sality.OG"

Line00000517 = "C:\Arquivos de programas\HP\Digital Imaging\bin\hpfccopy.exe Disinfected"

Line00000516 = "C:\Arquivos de programas\HP\Digital Imaging\bin\hpoews01.exe Infected with: Win32.Sality.OG"

Line00000515 = "C:\Arquivos de programas\HP\Digital Imaging\bin\hpoews01.exe Disinfected"

Line00000514 = "C:\Arquivos de programas\HP\Digital Imaging\bin\hpofxm08.exe Infected with: Win32.Sality.OG"

Line00000513 = "C:\Arquivos de programas\HP\Digital Imaging\bin\hpofxm08.exe Disinfected"

Line00000512 = "C:\Arquivos de programas\HP\Digital Imaging\bin\hpofxs08.exe Infected with: Win32.Sality.OG"

Line00000511 = "C:\Arquivos de programas\HP\Digital Imaging\bin\hpofxs08.exe Disinfected"

Line00000510 = "C:\Arquivos de programas\HP\Digital Imaging\bin\hposfx08.exe Infected with: Win32.Sality.OG"

Line00000509 = "C:\Arquivos de programas\HP\Digital Imaging\bin\hposfx08.exe Disinfected"

Line00000508 = "C:\Arquivos de programas\HP\Digital Imaging\bin\hposid01.exe Infected with: Win32.Sality.OG"

Line00000507 = "C:\Arquivos de programas\HP\Digital Imaging\bin\hposid01.exe Disinfected"

Line00000506 = "C:\Arquivos de programas\HP\Digital Imaging\bin\hpospd08.exe Infected with: Win32.Sality.OG"

Line00000505 = "C:\Arquivos de programas\HP\Digital Imaging\bin\hpospd08.exe Disinfected"

Line00000504 = "C:\Arquivos de programas\HP\Digital Imaging\bin\hposvc08.exe Infected with: Win32.Sality.OG"

Line00000503 = "C:\Arquivos de programas\HP\Digital Imaging\bin\hposvc08.exe Disinfected"

Line00000502 = "C:\Arquivos de programas\HP\Digital Imaging\bin\hpqacdse.exe Infected with: Win32.Sality.OG"

Line00000501 = "C:\Arquivos de programas\HP\Digital Imaging\bin\hpqacdse.exe Disinfected"

Line00000500 = "C:\Arquivos de programas\HP\Digital Imaging\bin\hpqste08.exe Infected with: Win32.Sality.OG"

Line00000499 = "C:\Arquivos de programas\HP\Digital Imaging\bin\hpqste08.exe Disinfected"

Line00000498 = "C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtbx01.exe Infected with: Win32.Sality.OG"

Line00000497 = "C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtbx01.exe Disinfected"

Line00000496 = "C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe Infected with: Win32.Sality.OG"

Line00000495 = "C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe Disinfected"

Line00000494 = "C:\Arquivos de programas\HP\Digital Imaging\devicemanagement\hpzmsi01.exe Infected with: Win32.Sality.OG"

Line00000493 = "C:\Arquivos de programas\HP\Digital Imaging\devicemanagement\hpzmsi01.exe Disinfected"

Line00000492 = "C:\Arquivos de programas\HP\Digital Imaging\devicemanagement\hpzscr01.exe Infected with: Win32.Sality.OG"

Line00000491 = "C:\Arquivos de programas\HP\Digital Imaging\devicemanagement\hpzscr01.exe Disinfected"

Line00000490 = "C:\Arquivos de programas\HP\Digital Imaging\esupport\hpzmsi01.exe Infected with: Win32.Sality.OG"

Line00000489 = "C:\Arquivos de programas\HP\Digital Imaging\esupport\hpzmsi01.exe Disinfected"

Line00000488 = "C:\Arquivos de programas\HP\Digital Imaging\esupport\hpzscr01.exe Infected with: Win32.Sality.OG"

Line00000487 = "C:\Arquivos de programas\HP\Digital Imaging\esupport\hpzscr01.exe Disinfected"

Line00000486 = "C:\Arquivos de programas\HP\Digital Imaging\extcapuninstall\hpzmsi01.exe Infected with: Win32.Sality.OG"

Line00000485 = "C:\Arquivos de programas\HP\Digital Imaging\extcapuninstall\hpzmsi01.exe Disinfected"

Line00000484 = "C:\Arquivos de programas\HP\Digital Imaging\extcapuninstall\hpzscr01.exe Infected with: Win32.Sality.OG"

Line00000483 = "C:\Arquivos de programas\HP\Digital Imaging\extcapuninstall\hpzscr01.exe Disinfected"

Line00000482 = "C:\Arquivos de programas\HP\Digital Imaging\Help\player\fscommand\F300_install_printcart.exe Infected with: Win32.Sality.OG"

Line00000481 = "C:\Arquivos de programas\HP\Digital Imaging\Help\player\fscommand\F300_install_printcart.exe Disinfected"

Line00000480 = "C:\Arquivos de programas\HP\Digital Imaging\Help\player\fscommand\F300_load_env.exe Infected with: Win32.Sality.OG"

Line00000479 = "C:\Arquivos de programas\HP\Digital Imaging\Help\player\fscommand\F300_load_env.exe Disinfected"

Line00000478 = "C:\Arquivos de programas\HP\Digital Imaging\Help\player\fscommand\F300_load_letter.exe Infected with: Win32.Sality.OG"

Line00000477 = "C:\Arquivos de programas\HP\Digital Imaging\Help\player\fscommand\F300_load_letter.exe Disinfected"

Line00000476 = "C:\Arquivos de programas\HP\Digital Imaging\Help\player\fscommand\F300_load_original.exe Infected with: Win32.Sality.OG"

Line00000475 = "C:\Arquivos de programas\HP\Digital Imaging\Help\player\fscommand\F300_load_original.exe Disinfected"

Line00000474 = "C:\Arquivos de programas\HP\Digital Imaging\Help\player\fscommand\F300_load_small.exe Infected with: Win32.Sality.OG"

Line00000473 = "C:\Arquivos de programas\HP\Digital Imaging\Help\player\fscommand\F300_load_small.exe Disinfected"

Line00000472 = "C:\Arquivos de programas\HP\Digital Imaging\Help\player\fscommand\F300_paperjam.exe Infected with: Win32.Sality.OG"

Line00000471 = "C:\Arquivos de programas\HP\Digital Imaging\Help\player\fscommand\F300_paperjam.exe Disinfected"

Line00000470 = "C:\Arquivos de programas\HP\Digital Imaging\Help\player\fscommand\F300_printcart.exe Infected with: Win32.Sality.OG"

Line00000469 = "C:\Arquivos de programas\HP\Digital Imaging\Help\player\fscommand\F300_printcart.exe Disinfected"

Line00000468 = "C:\Arquivos de programas\HP\Digital Imaging\Help\player\fscommand\F300_transfer_scan.exe Infected with: Win32.Sality.OG"

Line00000467 = "C:\Arquivos de programas\HP\Digital Imaging\Help\player\fscommand\F300_transfer_scan.exe Disinfected"

Line00000466 = "C:\Arquivos de programas\HP\Digital Imaging\Product Assistant\bin\hprblog.exe Infected with: Win32.Sality.OG"

Line00000465 = "C:\Arquivos de programas\HP\Digital Imaging\Product Assistant\bin\hprblog.exe Disinfected"

Line00000464 = "C:\Arquivos de programas\HP\Digital Imaging\Product Assistant\bin\hprbui.exe Infected with: Win32.Sality.OG"

Line00000463 = "C:\Arquivos de programas\HP\Digital Imaging\Product Assistant\bin\hprbui.exe Disinfected"

Line00000462 = "C:\Arquivos de programas\HP\Digital Imaging\Product Assistant\bin\hprbUpdate.exe Infected with: Win32.Sality.OG"

Line00000461 = "C:\Arquivos de programas\HP\Digital Imaging\Product Assistant\bin\hprbUpdate.exe Disinfected"

Line00000460 = "C:\Arquivos de programas\HP\Digital Imaging\Product Assistant\scache\hprbhelp\hprbhelp.exe Infected with: Win32.Sality.OG"

Line00000459 = "C:\Arquivos de programas\HP\Digital Imaging\Product Assistant\scache\hprbhelp\hprbhelp.exe Disinfected"

Line00000458 = "C:\Arquivos de programas\HP\Digital Imaging\{BDBE2F3E-42DB-4d4a-8CB1-19BA765DBC6C}\hpzcdl01.exe Infected with: Win32.Sality.OG"

Line00000457 = "C:\Arquivos de programas\HP\Digital Imaging\{BDBE2F3E-42DB-4d4a-8CB1-19BA765DBC6C}\hpzcdl01.exe Disinfected"

Line00000456 = "C:\Arquivos de programas\HP\Digital Imaging\{BDBE2F3E-42DB-4d4a-8CB1-19BA765DBC6C}\hpzsetup.exe Infected with: Win32.Sality.OG"

Line00000455 = "C:\Arquivos de programas\HP\Digital Imaging\{BDBE2F3E-42DB-4d4a-8CB1-19BA765DBC6C}\hpzsetup.exe Disinfected"

Line00000454 = "C:\Arquivos de programas\HP\Digital Imaging\{BDBE2F3E-42DB-4d4a-8CB1-19BA765DBC6C}\setup\hpzcdl01.exe Infected with: Win32.Sality.OG"

Line00000453 = "C:\Arquivos de programas\HP\Digital Imaging\{BDBE2F3E-42DB-4d4a-8CB1-19BA765DBC6C}\setup\hpzcdl01.exe Disinfected"

Line00000452 = "C:\Arquivos de programas\HP\Digital Imaging\{BDBE2F3E-42DB-4d4a-8CB1-19BA765DBC6C}\setup\hpzdui01.exe Infected with: Win32.Sality.OG"

Line00000451 = "C:\Arquivos de programas\HP\Digital Imaging\{BDBE2F3E-42DB-4d4a-8CB1-19BA765DBC6C}\setup\hpzdui01.exe Disinfected"

Line00000450 = "C:\Arquivos de programas\HP\Digital Imaging\{BDBE2F3E-42DB-4d4a-8CB1-19BA765DBC6C}\setup\hpzmsi01.exe Infected with: Win32.Sality.OG"

Line00000449 = "C:\Arquivos de programas\HP\Digital Imaging\{BDBE2F3E-42DB-4d4a-8CB1-19BA765DBC6C}\setup\hpzmsi01.exe Disinfected"

Line00000448 = "C:\Arquivos de programas\HP\Digital Imaging\{BDBE2F3E-42DB-4d4a-8CB1-19BA765DBC6C}\setup\hpzpsl01.exe Infected with: Win32.Sality.OG"

Line00000447 = "C:\Arquivos de programas\HP\Digital Imaging\{BDBE2F3E-42DB-4d4a-8CB1-19BA765DBC6C}\setup\hpzpsl01.exe Disinfected"

Line00000446 = "C:\Arquivos de programas\HP\Digital Imaging\{BDBE2F3E-42DB-4d4a-8CB1-19BA765DBC6C}\setup\hpzrcn01.exe Infected with: Win32.Sality.OG"

Line00000445 = "C:\Arquivos de programas\HP\Digital Imaging\{BDBE2F3E-42DB-4d4a-8CB1-19BA765DBC6C}\setup\hpzrcn01.exe Disinfected"

Line00000444 = "C:\Arquivos de programas\HP\Digital Imaging\{BDBE2F3E-42DB-4d4a-8CB1-19BA765DBC6C}\setup\hpzscr01.exe Infected with: Win32.Sality.OG"

Line00000443 = "C:\Arquivos de programas\HP\Digital Imaging\{BDBE2F3E-42DB-4d4a-8CB1-19BA765DBC6C}\setup\hpzscr01.exe Disinfected"

Line00000442 = "C:\Arquivos de programas\HP\Digital Imaging\{BDBE2F3E-42DB-4d4a-8CB1-19BA765DBC6C}\setup\hpzshl01.exe Infected with: Win32.Sality.OG"

Line00000441 = "C:\Arquivos de programas\HP\Digital Imaging\{BDBE2F3E-42DB-4d4a-8CB1-19BA765DBC6C}\setup\hpzshl01.exe Disinfected"

Line00000440 = "C:\Arquivos de programas\HP\Digital Imaging\{BDBE2F3E-42DB-4d4a-8CB1-19BA765DBC6C}\setup\hpzwrp01.exe Infected with: Win32.Sality.OG"

Line00000439 = "C:\Arquivos de programas\HP\Digital Imaging\{BDBE2F3E-42DB-4d4a-8CB1-19BA765DBC6C}\setup\hpzwrp01.exe Disinfected"

Line00000438 = "C:\Arquivos de programas\HP\Digital Imaging\{BDBE2F3E-42DB-4d4a-8CB1-19BA765DBC6C}\setup.exe Infected with: Win32.Sality.OG"

Line00000437 = "C:\Arquivos de programas\HP\Digital Imaging\{BDBE2F3E-42DB-4d4a-8CB1-19BA765DBC6C}\setup.exe Disinfected"

Line00000436 = "C:\Arquivos de programas\HP\HP Software Update\hpwucli.exe Infected with: Win32.Sality.OG"

Line00000435 = "C:\Arquivos de programas\HP\HP Software Update\hpwucli.exe Disinfected"

Line00000434 = "C:\Arquivos de programas\HP\HP Software Update\hpwuschd2.exe Infected with: Win32.Sality.OG"

Line00000433 = "C:\Arquivos de programas\HP\HP Software Update\hpwuschd2.exe Disinfected"

Line00000432 = "C:\Arquivos de programas\HP\Photosmart Essential\HP_IZE.exe Infected with: Win32.Sality.OG"

Line00000431 = "C:\Arquivos de programas\HP\Photosmart Essential\HP_IZE.exe Disinfected"

Line00000430 = "C:\Arquivos de programas\HP\Temp\{BDBE2F3E-42DB-4d4a-8CB1-19BA765DBC6C}\setup\hpzmsi01.exe Infected with: Win32.Sality.OG"

Line00000429 = "C:\Arquivos de programas\HP\Temp\{BDBE2F3E-42DB-4d4a-8CB1-19BA765DBC6C}\setup\hpzmsi01.exe Disinfected"

Line00000428 = "C:\Arquivos de programas\HP\Temp\{BDBE2F3E-42DB-4d4a-8CB1-19BA765DBC6C}\setup\hpzrcv01.exe Infected with: Win32.Sality.OG"

Line00000427 = "C:\Arquivos de programas\HP\Temp\{BDBE2F3E-42DB-4d4a-8CB1-19BA765DBC6C}\setup\hpzrcv01.exe Disinfected"

Line00000426 = "C:\Arquivos de programas\HP\Temp\{BDBE2F3E-42DB-4d4a-8CB1-19BA765DBC6C}\setup\hpzscr01.exe Infected with: Win32.Sality.OG"

Line00000425 = "C:\Arquivos de programas\HP\Temp\{BDBE2F3E-42DB-4d4a-8CB1-19BA765DBC6C}\setup\hpzscr01.exe Disinfected"

Line00000424 = "C:\Arquivos de programas\InstallShield Installation Information\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\Setup.exe Infected with: Win32.Sality.OG"

Line00000423 = "C:\Arquivos de programas\InstallShield Installation Information\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\Setup.exe Disinfected"

Line00000422 = "C:\Arquivos de programas\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe Infected with: Win32.Sality.OG"

Line00000421 = "C:\Arquivos de programas\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe Disinfected"

Line00000420 = "C:\Arquivos de programas\InstallShield Installation Information\{B97CF5C3-0487-11D8-A36E-0050BAE317E1}\Setup.exe Infected with: Win32.Sality.OG"

Line00000419 = "C:\Arquivos de programas\InstallShield Installation Information\{B97CF5C3-0487-11D8-A36E-0050BAE317E1}\Setup.exe Disinfected"

Line00000418 = "C:\Arquivos de programas\Internet Explorer\ExtExport.exe Infected with: Win32.Sality.OG"

Line00000417 = "C:\Arquivos de programas\Internet Explorer\ExtExport.exe Disinfected"

Line00000416 = "C:\Arquivos de programas\Java\jdk1.6.0_17\bin\appletviewer.exe Infected with: Win32.Sality.OG"

Line00000415 = "C:\Arquivos de programas\Java\jdk1.6.0_17\bin\appletviewer.exe Disinfected"

Line00000414 = "C:\Arquivos de programas\Java\jdk1.6.0_17\bin\apt.exe Infected with: Win32.Sality.OG"

Line00000413 = "C:\Arquivos de programas\Java\jdk1.6.0_17\bin\apt.exe Disinfected"

Line00000412 = "C:\Arquivos de programas\Java\jdk1.6.0_17\bin\extcheck.exe Infected with: Win32.Sality.OG"

Line00000411 = "C:\Arquivos de programas\Java\jdk1.6.0_17\bin\extcheck.exe Disinfected"

Line00000410 = "C:\Arquivos de programas\Java\jdk1.6.0_17\bin\HtmlConverter.exe Infected with: Win32.Sality.OG"

Line00000409 = "C:\Arquivos de programas\Java\jdk1.6.0_17\bin\HtmlConverter.exe Disinfected"

Line00000408 = "C:\Arquivos de programas\Java\jdk1.6.0_17\bin\idlj.exe Infected with: Win32.Sality.OG"

Line00000407 = "C:\Arquivos de programas\Java\jdk1.6.0_17\bin\idlj.exe Disinfected"

Line00000406 = "C:\Arquivos de programas\Java\jdk1.6.0_17\bin\jar.exe Infected with: Win32.Sality.OG"

Line00000405 = "C:\Arquivos de programas\Java\jdk1.6.0_17\bin\jar.exe Disinfected"

Line00000404 = "C:\Arquivos de programas\Java\jdk1.6.0_17\bin\jarsigner.exe Infected with: Win32.Sality.OG"

Line00000403 = "C:\Arquivos de programas\Java\jdk1.6.0_17\bin\jarsigner.exe Disinfected"

Line00000402 = "C:\Arquivos de programas\Java\jdk1.6.0_17\bin\java-rmi.exe Infected with: Win32.Sality.OG"

Line00000401 = "C:\Arquivos de programas\Java\jdk1.6.0_17\bin\java-rmi.exe Disinfected"

Line00000400 = "C:\Arquivos de programas\Java\jdk1.6.0_17\bin\java.exe Infected with: Win32.Sality.OG"

Line00000399 = "C:\Arquivos de programas\Java\jdk1.6.0_17\bin\java.exe Disinfected"

Line00000398 = "C:\Arquivos de programas\Java\jdk1.6.0_17\bin\javac.exe Infected with: Win32.Sality.OG"

Line00000397 = "C:\Arquivos de programas\Java\jdk1.6.0_17\bin\javac.exe Disinfected"

Line00000396 = "C:\Arquivos de programas\Java\jdk1.6.0_17\jre\bin\java-rmi.exe Infected with: Win32.Sality.OG"

Line00000395 = "C:\Arquivos de programas\Java\jdk1.6.0_17\jre\bin\java-rmi.exe Disinfected"

Line00000394 = "C:\Arquivos de programas\Java\jdk1.6.0_17\jre\bin\java.exe Infected with: Win32.Sality.OG"

Line00000393 = "C:\Arquivos de programas\Java\jdk1.6.0_17\jre\bin\java.exe Disinfected"

Line00000392 = "C:\Arquivos de programas\Java\jdk1.6.0_17\jre\bin\javacpl.exe Infected with: Win32.Sality.OG"

Line00000391 = "C:\Arquivos de programas\Java\jdk1.6.0_17\jre\bin\javacpl.exe Disinfected"

Line00000390 = "C:\Arquivos de programas\Java\jdk1.6.0_17\jre\bin\javaw.exe Infected with: Win32.Sality.OG"

Line00000389 = "C:\Arquivos de programas\Java\jdk1.6.0_17\jre\bin\javaw.exe Disinfected"

Line00000388 = "C:\Arquivos de programas\Java\jdk1.6.0_17\jre\bin\javaws.exe Infected with: Win32.Sality.OG"

Line00000387 = "C:\Arquivos de programas\Java\jdk1.6.0_17\jre\bin\javaws.exe Disinfected"

Line00000386 = "C:\Arquivos de programas\Java\jdk1.6.0_17\jre\bin\jbroker.exe Infected with: Win32.Sality.OG"

Line00000385 = "C:\Arquivos de programas\Java\jdk1.6.0_17\jre\bin\jbroker.exe Disinfected"

Line00000384 = "C:\Arquivos de programas\Java\jdk1.6.0_17\jre\bin\jp2launcher.exe Infected with: Win32.Sality.OG"

Line00000383 = "C:\Arquivos de programas\Java\jdk1.6.0_17\jre\bin\jp2launcher.exe Disinfected"

Line00000382 = "C:\Arquivos de programas\Java\jdk1.6.0_17\jre\bin\jqs.exe Infected with: Win32.Sality.OG"

Line00000381 = "C:\Arquivos de programas\Java\jdk1.6.0_17\jre\bin\jqs.exe Disinfected"

Line00000380 = "C:\Arquivos de programas\Java\jdk1.6.0_17\jre\bin\jqsnotify.exe Infected with: Win32.Sality.OG"

Line00000379 = "C:\Arquivos de programas\Java\jdk1.6.0_17\jre\bin\jqsnotify.exe Disinfected"

Line00000378 = "C:\Arquivos de programas\Java\jdk1.6.0_17\jre\bin\jucheck.exe Infected with: Win32.Sality.OG"

Line00000377 = "C:\Arquivos de programas\Java\jdk1.6.0_17\jre\bin\jucheck.exe Disinfected"

Line00000376 = "C:\Arquivos de programas\Java\jdk1.6.0_17\jre\lib\launcher.exe Infected with: Win32.Sality.OG"

Line00000375 = "C:\Arquivos de programas\Java\jdk1.6.0_17\jre\lib\launcher.exe Disinfected"

Line00000374 = "C:\Arquivos de programas\Java\jdk1.6.0_17\lib\visualvm\platform9\lib\nbexec.exe Infected with: Win32.Sality.OG"

Line00000373 = "C:\Arquivos de programas\Java\jdk1.6.0_17\lib\visualvm\platform9\lib\nbexec.exe Disinfected"

Line00000372 = "C:\Arquivos de programas\Java\jre6\bin\java-rmi.exe Infected with: Win32.Sality.OG"

Line00000371 = "C:\Arquivos de programas\Java\jre6\bin\java-rmi.exe Disinfected"

Line00000370 = "C:\Arquivos de programas\Java\jre6\bin\java.exe Infected with: Win32.Sality.OG"

Line00000369 = "C:\Arquivos de programas\Java\jre6\bin\java.exe Disinfected"

Line00000368 = "C:\Arquivos de programas\Java\jre6\bin\javacpl.exe Infected with: Win32.Sality.OG"

Line00000367 = "C:\Arquivos de programas\Java\jre6\bin\javacpl.exe Disinfected"

Line00000366 = "C:\Arquivos de programas\Java\jre6\bin\javaw.exe Infected with: Win32.Sality.OG"

Line00000365 = "C:\Arquivos de programas\Java\jre6\bin\javaw.exe Disinfected"

Line00000364 = "C:\Arquivos de programas\Java\jre6\bin\javaws.exe Infected with: Win32.Sality.OG"

Line00000363 = "C:\Arquivos de programas\Java\jre6\bin\javaws.exe Disinfected"

Line00000362 = "C:\Arquivos de programas\Java\jre6\bin\jbroker.exe Infected with: Win32.Sality.OG"

Line00000361 = "C:\Arquivos de programas\Java\jre6\bin\jbroker.exe Disinfected"

Line00000360 = "C:\Arquivos de programas\Java\jre6\bin\jp2launcher.exe Infected with: Win32.Sality.OG"

Line00000359 = "C:\Arquivos de programas\Java\jre6\bin\jp2launcher.exe Disinfected"

Line00000358 = "C:\Arquivos de programas\Java\jre6\bin\jqs.exe Infected with: Win32.Sality.OG"

Line00000357 = "C:\Arquivos de programas\Java\jre6\bin\jqs.exe Disinfected"

Line00000356 = "C:\Arquivos de programas\Java\jre6\bin\jucheck.exe Infected with: Win32.Sality.OG"

Line00000355 = "C:\Arquivos de programas\Java\jre6\bin\jucheck.exe Disinfected"

Line00000354 = "C:\Arquivos de programas\Java\jre6\bin\jureg.exe Infected with: Win32.Sality.OG"

Line00000353 = "C:\Arquivos de programas\Java\jre6\bin\jureg.exe Disinfected"

Line00000352 = "C:\Arquivos de programas\Java\jre6\bin\jusched.exe Infected with: Win32.Sality.OG"

Line00000351 = "C:\Arquivos de programas\Java\jre6\bin\jusched.exe Disinfected"

Line00000350 = "C:\Arquivos de programas\Java\jre6\bin\keytool.exe Infected with: Win32.Sality.OG"

Line00000349 = "C:\Arquivos de programas\Java\jre6\bin\keytool.exe Disinfected"

Line00000348 = "C:\Arquivos de programas\Java\jre6\bin\kinit.exe Infected with: Win32.Sality.OG"

Line00000347 = "C:\Arquivos de programas\Java\jre6\bin\kinit.exe Disinfected"

Line00000346 = "C:\Arquivos de programas\K-Lite Codec Pack\Filters\Haali\gdsmux.exe Infected with: Win32.Sality.OG"

Line00000345 = "C:\Arquivos de programas\K-Lite Codec Pack\Filters\Haali\gdsmux.exe Disinfected"

Line00000344 = "C:\Arquivos de programas\K-Lite Codec Pack\Media Player Classic\mpc-hc.exe Infected with: Win32.Sality.OG"

Line00000343 = "C:\Arquivos de programas\K-Lite Codec Pack\Media Player Classic\mpc-hc.exe Disinfected"

Line00000342 = "C:\Arquivos de programas\K-Lite Codec Pack\Real\Update_OB\upgrdhlp.exe Infected with: Win32.Sality.OG"

Line00000341 = "C:\Arquivos de programas\K-Lite Codec Pack\Real\Update_OB\upgrdhlp.exe Disinfected"

Line00000340 = "C:\Arquivos de programas\K-Lite Codec Pack\Tools\dsconfig.exe Infected with: Win32.Sality.OG"

Line00000339 = "C:\Arquivos de programas\K-Lite Codec Pack\Tools\dsconfig.exe Disinfected"

Line00000338 = "C:\Arquivos de programas\K-Lite Codec Pack\Tools\graphstudio.exe Infected with: Win32.Sality.OG"

Line00000337 = "C:\Arquivos de programas\K-Lite Codec Pack\Tools\graphstudio.exe Disinfected"

Line00000336 = "C:\Arquivos de programas\K-Lite Codec Pack\Tools\gspot\gspot.exe Infected with: Win32.Sality.OG"

Line00000335 = "C:\Arquivos de programas\K-Lite Codec Pack\Tools\gspot\gspot.exe Disinfected"

Line00000334 = "C:\Arquivos de programas\K-Lite Codec Pack\Tools\minicalc.exe Infected with: Win32.Sality.OG"

Line00000333 = "C:\Arquivos de programas\K-Lite Codec Pack\Tools\minicalc.exe Disinfected"

Line00000332 = "C:\Arquivos de programas\K-Lite Codec Pack\Tools\StatsReader.exe Infected with: Win32.Sality.OG"

Line00000331 = "C:\Arquivos de programas\K-Lite Codec Pack\Tools\StatsReader.exe Disinfected"

Line00000330 = "C:\Arquivos de programas\LHSP\L&H Japanese Translator\Jtej.exe Infected with: Win32.Sality.OG"

Line00000329 = "C:\Arquivos de programas\LHSP\L&H Japanese Translator\Jtej.exe Disinfected"

Line00000328 = "C:\Arquivos de programas\LHSP\L&H Japanese Translator\Jtje.exe Infected with: Win32.Sality.OG"

Line00000327 = "C:\Arquivos de programas\LHSP\L&H Japanese Translator\Jtje.exe Disinfected"

Line00000326 = "C:\Arquivos de programas\LHSP\L&H Power Translator Pro\Barcsrv.exe Infected with: Win32.Sality.OG"

Line00000325 = "C:\Arquivos de programas\LHSP\L&H Power Translator Pro\Barcsrv.exe Disinfected"

Line00000324 = "C:\Arquivos de programas\LHSP\L&H Power Translator Pro\Converse.exe Infected with: Win32.Sality.OG"

Line00000323 = "C:\Arquivos de programas\LHSP\L&H Power Translator Pro\Converse.exe Disinfected"

Line00000322 = "C:\Arquivos de programas\LHSP\L&H Power Translator Pro\DictUtilities.exe Infected with: Win32.Sality.OG"

Line00000321 = "C:\Arquivos de programas\LHSP\L&H Power Translator Pro\DictUtilities.exe Disinfected"

Line00000320 = "C:\Arquivos de programas\LHSP\L&H Power Translator Pro\Ereg\Reg32.exe Infected with: Win32.Sality.OG"

Line00000319 = "C:\Arquivos de programas\LHSP\L&H Power Translator Pro\Ereg\Reg32.exe Disinfected"

Line00000318 = "C:\Arquivos de programas\LHSP\L&H Power Translator Pro\PhBook.exe Infected with: Win32.Sality.OG"

Line00000317 = "C:\Arquivos de programas\LHSP\L&H Power Translator Pro\PhBook.exe Disinfected"

Line00000316 = "C:\Arquivos de programas\LHSP\L&H Power Translator Pro\ptpro.exe Infected with: Win32.Sality.OG"

Line00000315 = "C:\Arquivos de programas\LHSP\L&H Power Translator Pro\ptpro.exe Disinfected"

Line00000314 = "C:\Arquivos de programas\LHSP\L&H Power Translator Pro\Trnsutil.exe Infected with: Win32.Sality.OG"

Line00000313 = "C:\Arquivos de programas\LHSP\L&H Power Translator Pro\Trnsutil.exe Disinfected"

Line00000312 = "C:\Arquivos de programas\LHSP\L&H Power Translator Pro\VerViewer.exe Infected with: Win32.Sality.OG"

Line00000311 = "C:\Arquivos de programas\LHSP\L&H Power Translator Pro\VerViewer.exe Disinfected"

Line00000310 = "C:\Arquivos de programas\LHSP\L&H Power Translator Pro\WordLook.exe Infected with: Win32.Sality.OG"

Line00000309 = "C:\Arquivos de programas\LHSP\L&H Power Translator Pro\WordLook.exe Disinfected"

Line00000308 = "C:\Arquivos de programas\LHSP\L&H Power Translator Pro\Wt32.exe Infected with: Win32.Sality.OG"

Line00000307 = "C:\Arquivos de programas\LHSP\L&H Power Translator Pro\Wt32.exe Disinfected"

Line00000306 = "C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbam.exe Infected with: Win32.Sality.OG"

Line00000305 = "C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbam.exe Disinfected"

Line00000304 = "C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbamgui.exe Infected with: Win32.Sality.OG"

Line00000303 = "C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbamgui.exe Disinfected"

Line00000302 = "C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbamservice.exe Infected with: Win32.Sality.OG"

Line00000301 = "C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbamservice.exe Disinfected"

Line00000300 = "C:\Arquivos de programas\Marvell\Miniport Driver\installu.exe Infected with: Win32.Sality.OG"

Line00000299 = "C:\Arquivos de programas\Marvell\Miniport Driver\installu.exe Disinfected"

Line00000298 = "C:\Arquivos de programas\Marvell\Miniport Driver\Uninst.exe Infected with: Win32.Sality.OG"

Line00000297 = "C:\Arquivos de programas\Marvell\Miniport Driver\Uninst.exe Disinfected"

Line00000296 = "C:\Arquivos de programas\MassTube\ffmpeg.exe Infected with: Win32.Sality.OG"

Line00000295 = "C:\Arquivos de programas\MassTube\ffmpeg.exe Disinfected"

Line00000294 = "C:\Arquivos de programas\Messenger Plus! Live\Log Viewer.exe Infected with: Win32.Sality.OG"

Line00000293 = "C:\Arquivos de programas\Messenger Plus! Live\Log Viewer.exe Disinfected"

Line00000292 = "C:\Arquivos de programas\Messenger Plus! Live\MPTools.exe Infected with: Win32.Sality.OG"

Line00000291 = "C:\Arquivos de programas\Messenger Plus! Live\MPTools.exe Disinfected"

Line00000290 = "C:\Arquivos de programas\Messenger Plus! Live\Uninstall.exe Infected with: Win32.Sality.OG"

Line00000289 = "C:\Arquivos de programas\Messenger Plus! Live\Uninstall.exe Disinfected"

Line00000288 = "C:\Arquivos de programas\Microsoft\Search Enhancement Pack\Choice Guard\CGuard.exe Infected with: Win32.Sality.OG"

Line00000287 = "C:\Arquivos de programas\Microsoft\Search Enhancement Pack\Choice Guard\CGuard.exe Disinfected"

Line00000286 = "C:\Arquivos de programas\Microsoft Office\Office12\1046\ONELEV.EXE Infected with: Win32.Sality.OG"

Line00000285 = "C:\Arquivos de programas\Microsoft Office\Office12\1046\ONELEV.EXE Disinfected"

Line00000284 = "C:\Arquivos de programas\Microsoft Office\Office12\CLVIEW.EXE Infected with: Win32.Sality.OG"

Line00000283 = "C:\Arquivos de programas\Microsoft Office\Office12\CLVIEW.EXE Disinfected"

Line00000282 = "C:\Arquivos de programas\Microsoft Office\Office12\CNFNOT32.EXE Infected with: Win32.Sality.OG"

Line00000281 = "C:\Arquivos de programas\Microsoft Office\Office12\CNFNOT32.EXE Disinfected"

Line00000280 = "C:\Arquivos de programas\Microsoft Office\Office12\DRAT.EXE Infected with: Win32.Sality.OG"

Line00000279 = "C:\Arquivos de programas\Microsoft Office\Office12\DRAT.EXE Disinfected"

Line00000278 = "C:\Arquivos de programas\Microsoft Office\Office12\DSSM.EXE Infected with: Win32.Sality.OG"

Line00000277 = "C:\Arquivos de programas\Microsoft Office\Office12\DSSM.EXE Disinfected"

Line00000276 = "C:\Arquivos de programas\Microsoft Office\Office12\EXCEL.EXE Infected with: Win32.Sality.OG"

Line00000275 = "C:\Arquivos de programas\Microsoft Office\Office12\EXCEL.EXE Disinfected"

Line00000274 = "C:\Arquivos de programas\Microsoft Office\Office12\excelcnv.exe Infected with: Win32.Sality.OG"

Line00000273 = "C:\Arquivos de programas\Microsoft Office\Office12\excelcnv.exe Disinfected"

Line00000272 = "C:\Arquivos de programas\Microsoft Office\Office12\GRAPH.EXE Infected with: Win32.Sality.OG"

Line00000271 = "C:\Arquivos de programas\Microsoft Office\Office12\GRAPH.EXE Disinfected"

Line00000270 = "C:\Arquivos de programas\Microsoft Office\Office12\GROOVE.EXE Infected with: Win32.Sality.OG"

Line00000269 = "C:\Arquivos de programas\Microsoft Office\Office12\GROOVE.EXE Disinfected"

Line00000268 = "C:\Arquivos de programas\Microsoft Office\Office12\GrooveClean.exe Infected with: Win32.Sality.OG"

Line00000267 = "C:\Arquivos de programas\Microsoft Office\Office12\GrooveClean.exe Disinfected"

Line00000266 = "C:\Arquivos de programas\Microsoft Office\Office12\GrooveMigrator.exe Infected with: Win32.Sality.OG"

Line00000265 = "C:\Arquivos de programas\Microsoft Office\Office12\GrooveMigrator.exe Disinfected"

Line00000264 = "C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe Infected with: Win32.Sality.OG"

Line00000263 = "C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe Disinfected"

Line00000262 = "C:\Arquivos de programas\Microsoft Office\Office12\MSPUB.EXE Infected with: Win32.Sality.OG"

Line00000261 = "C:\Arquivos de programas\Microsoft Office\Office12\MSPUB.EXE Disinfected"

Line00000260 = "C:\Arquivos de programas\Microsoft Office\Office12\OIS.EXE Infected with: Win32.Sality.OG"

Line00000259 = "C:\Arquivos de programas\Microsoft Office\Office12\OIS.EXE Disinfected"

Line00000258 = "C:\Arquivos de programas\Microsoft Office\Office12\WINWORD.EXE Infected with: Win32.Sality.OG"

Line00000257 = "C:\Arquivos de programas\Microsoft Office\Office12\WINWORD.EXE Disinfected"

Line00000256 = "C:\Arquivos de programas\Mozilla Firefox\crashreporter.exe Infected with: Win32.Sality.OG"

Line00000255 = "C:\Arquivos de programas\Mozilla Firefox\crashreporter.exe Disinfected"

Line00000254 = "C:\Arquivos de programas\Mozilla Firefox\uninstall\helper.exe Infected with: Win32.Sality.OG"

Line00000253 = "C:\Arquivos de programas\Mozilla Firefox\uninstall\helper.exe Disinfected"

Line00000252 = "C:\Arquivos de programas\Nero\Nero 9\Nero Online Upgrade\NeroOnlineUpgrade.exe Infected with: Win32.Sality.OG"

Line00000251 = "C:\Arquivos de programas\Nero\Nero 9\Nero Online Upgrade\NeroOnlineUpgrade.exe Disinfected"

Line00000250 = "C:\Arquivos de programas\Nero\Nero 9\Nero StartSmart\NeroStartSmart.exe Infected with: Win32.Sality.OG"

Line00000249 = "C:\Arquivos de programas\Nero\Nero 9\Nero StartSmart\NeroStartSmart.exe Disinfected"

Line00000248 = "C:\Arquivos de programas\Nero\Nero 9\Nero StartSmart\NMDllHost.exe Infected with: Win32.Sality.OG"

Line00000247 = "C:\Arquivos de programas\Nero\Nero 9\Nero StartSmart\NMDllHost.exe Disinfected"

Line00000246 = "C:\Arquivos de programas\Nero\Nero ControlCenter 4\ncc.exe Infected with: Win32.Sality.OG"

Line00000245 = "C:\Arquivos de programas\Nero\Nero ControlCenter 4\ncc.exe Disinfected"

Line00000244 = "C:\Arquivos de programas\NetBeans 6.7.1\bin\netbeans.exe Infected with: Win32.Sality.OG"

Line00000243 = "C:\Arquivos de programas\NetBeans 6.7.1\bin\netbeans.exe Disinfected"

Line00000242 = "C:\Arquivos de programas\NetBeans 6.7.1\harness\launchers\app.exe Infected with: Win32.Sality.OG"

Line00000241 = "C:\Arquivos de programas\NetBeans 6.7.1\harness\launchers\app.exe Disinfected"

Line00000240 = "C:\Arquivos de programas\NetBeans 6.7.1\harness\launchers\pre7_app.exe Infected with: Win32.Sality.OG"

Line00000239 = "C:\Arquivos de programas\NetBeans 6.7.1\harness\launchers\pre7_app.exe Disinfected"

Line00000238 = "C:\Arquivos de programas\NetBeans 6.7.1\harness\launchers\pre7_app_w.exe Infected with: Win32.Sality.OG"

Line00000237 = "C:\Arquivos de programas\NetBeans 6.7.1\harness\launchers\pre7_app_w.exe Disinfected"

Line00000236 = "C:\Arquivos de programas\NetBeans 6.7.1\javafx2\javafx-sdk\bin\javafx.exe Infected with: Win32.Sality.OG"

Line00000235 = "C:\Arquivos de programas\NetBeans 6.7.1\javafx2\javafx-sdk\bin\javafx.exe Disinfected"

Line00000234 = "C:\Arquivos de programas\NetBeans 6.7.1\javafx2\javafx-sdk\bin\javafxc.exe Infected with: Win32.Sality.OG"

Line00000233 = "C:\Arquivos de programas\NetBeans 6.7.1\javafx2\javafx-sdk\bin\javafxc.exe Disinfected"

Line00000232 = "C:\Arquivos de programas\NetBeans 6.7.1\javafx2\javafx-sdk\bin\javafxdoc.exe Infected with: Win32.Sality.OG"

Line00000231 = "C:\Arquivos de programas\NetBeans 6.7.1\javafx2\javafx-sdk\bin\javafxdoc.exe Disinfected"

Line00000230 = "C:\Arquivos de programas\NetBeans 6.7.1\javafx2\javafx-sdk\bin\javafxpackager.exe Infected with: Win32.Sality.OG"

Line00000229 = "C:\Arquivos de programas\NetBeans 6.7.1\javafx2\javafx-sdk\bin\javafxpackager.exe Disinfected"

Line00000228 = "C:\Arquivos de programas\NetBeans 6.7.1\javafx2\javafx-sdk\bin\javafxw.exe Infected with: Win32.Sality.OG"

Line00000227 = "C:\Arquivos de programas\NetBeans 6.7.1\javafx2\javafx-sdk\bin\javafxw.exe Disinfected"

Line00000226 = "C:\Arquivos de programas\NetBeans 6.7.1\javafx2\javafx-sdk\emulator\bin\device-address.exe Infected with: Win32.Sality.OG"

Line00000225 = "C:\Arquivos de programas\NetBeans 6.7.1\javafx2\javafx-sdk\emulator\bin\device-address.exe Disinfected"

Line00000224 = "C:\Arquivos de programas\NetBeans 6.7.1\javafx2\javafx-sdk\emulator\bin\device-manager.exe Infected with: Win32.Sality.OG"

Line00000223 = "C:\Arquivos de programas\NetBeans 6.7.1\javafx2\javafx-sdk\emulator\bin\device-manager.exe Disinfected"

Line00000222 = "C:\Arquivos de programas\NetBeans 6.7.1\javafx2\javafx-sdk\emulator\bin\emulator.exe Infected with: Win32.Sality.OG"

Line00000221 = "C:\Arquivos de programas\NetBeans 6.7.1\javafx2\javafx-sdk\emulator\bin\emulator.exe Disinfected"

Line00000220 = "C:\Arquivos de programas\NetBeans 6.7.1\javafx2\javafx-sdk\emulator\bin\mekeytool.exe Infected with: Win32.Sality.OG"

Line00000219 = "C:\Arquivos de programas\NetBeans 6.7.1\javafx2\javafx-sdk\emulator\bin\mekeytool.exe Disinfected"

Line00000218 = "C:\Arquivos de programas\NetBeans 6.7.1\javafx2\javafx-sdk\emulator\bin\memory-profiler.exe Infected with: Win32.Sality.OG"

Line00000217 = "C:\Arquivos de programas\NetBeans 6.7.1\javafx2\javafx-sdk\emulator\bin\memory-profiler.exe Disinfected"

Line00000216 = "C:\Arquivos de programas\NetBeans 6.7.1\javafx2\javafx-sdk\emulator\bin\preverify.exe Infected with: Win32.Sality.OG"

Line00000215 = "C:\Arquivos de programas\NetBeans 6.7.1\javafx2\javafx-sdk\emulator\bin\preverify.exe Disinfected"

Line00000214 = "C:\Arquivos de programas\NetBeans 6.7.1\javafx2\javafx-sdk\emulator\runtimes\cldc-hi-javafx\bin\runMidlet.exe Infected with: Win32.Sality.OG"

Line00000213 = "C:\Arquivos de programas\NetBeans 6.7.1\javafx2\javafx-sdk\emulator\runtimes\cldc-hi-javafx\bin\runMidlet.exe Disinfected"

Line00000212 = "C:\Arquivos de programas\NetBeans 6.7.1\mobility8\Java_ME_platform_SDK_3.0\bin\cref.exe Infected with: Win32.Sality.OG"

Line00000211 = "C:\Arquivos de programas\NetBeans 6.7.1\mobility8\Java_ME_platform_SDK_3.0\bin\cref.exe Disinfected"

Line00000210 = "C:\Arquivos de programas\NetBeans 6.7.1\mobility8\Java_ME_platform_SDK_3.0\bin\device-address.exe Infected with: Win32.Sality.OG"

Line00000209 = "C:\Arquivos de programas\NetBeans 6.7.1\mobility8\Java_ME_platform_SDK_3.0\bin\device-address.exe Disinfected"

Line00000208 = "C:\Arquivos de programas\NetBeans 6.7.1\mobility8\Java_ME_platform_SDK_3.0\bin\device-manager.exe Infected with: Win32.Sality.OG"

Line00000207 = "C:\Arquivos de programas\NetBeans 6.7.1\mobility8\Java_ME_platform_SDK_3.0\bin\device-manager.exe Disinfected"

Line00000206 = "C:\Arquivos de programas\NetBeans 6.7.1\mobility8\Java_ME_platform_SDK_3.0\bin\emulator.exe Infected with: Win32.Sality.OG"

Line00000205 = "C:\Arquivos de programas\NetBeans 6.7.1\mobility8\Java_ME_platform_SDK_3.0\bin\emulator.exe Disinfected"

Line00000204 = "C:\Arquivos de programas\NetBeans 6.7.1\mobility8\Java_ME_platform_SDK_3.0\bin\jadtool.exe Infected with: Win32.Sality.OG"

Line00000203 = "C:\Arquivos de programas\NetBeans 6.7.1\mobility8\Java_ME_platform_SDK_3.0\bin\jadtool.exe Disinfected"

Line00000202 = "C:\Arquivos de programas\NetBeans 6.7.1\mobility8\Java_ME_platform_SDK_3.0\bin\mekeytool.exe Infected with: Win32.Sality.OG"

Line00000201 = "C:\Arquivos de programas\NetBeans 6.7.1\mobility8\Java_ME_platform_SDK_3.0\bin\mekeytool.exe Disinfected"

Line00000200 = "C:\Arquivos de programas\NetBeans 6.7.1\mobility8\Java_ME_platform_SDK_3.0\bin\memory-profiler.exe Infected with: Win32.Sality.OG"

Line00000199 = "C:\Arquivos de programas\NetBeans 6.7.1\mobility8\Java_ME_platform_SDK_3.0\bin\memory-profiler.exe Disinfected"

Line00000198 = "C:\Arquivos de programas\NetBeans 6.7.1\mobility8\Java_ME_platform_SDK_3.0\bin\netmon-console.exe Infected with: Win32.Sality.OG"

Line00000197 = "C:\Arquivos de programas\NetBeans 6.7.1\mobility8\Java_ME_platform_SDK_3.0\bin\netmon-console.exe Disinfected"

Line00000196 = "C:\Arquivos de programas\NetBeans 6.7.1\mobility8\Java_ME_platform_SDK_3.0\bin\payment-console.exe Infected with: Win32.Sality.OG"

Line00000195 = "C:\Arquivos de programas\NetBeans 6.7.1\mobility8\Java_ME_platform_SDK_3.0\bin\payment-console.exe Disinfected"

Line00000194 = "C:\Arquivos de programas\NetBeans 6.7.1\mobility8\Java_ME_platform_SDK_3.0\bin\preverify.exe Infected with: Win32.Sality.OG"

Line00000193 = "C:\Arquivos de programas\NetBeans 6.7.1\mobility8\Java_ME_platform_SDK_3.0\bin\preverify.exe Disinfected"

Line00000192 = "C:\Arquivos de programas\NetBeans 6.7.1\mobility8\Java_ME_platform_SDK_3.0\runtimes\cdc-hi\bin\cvm.exe Infected with: Win32.Sality.OG"

Line00000191 = "C:\Arquivos de programas\NetBeans 6.7.1\mobility8\Java_ME_platform_SDK_3.0\runtimes\cdc-hi\bin\cvm.exe Disinfected"

Line00000190 = "C:\Arquivos de programas\NetBeans 6.7.1\mobility8\Java_ME_platform_SDK_3.0\runtimes\cldc-hi-javafx\bin\runMidlet.exe Infected with: Win32.Sality.OG"

Line00000189 = "C:\Arquivos de programas\NetBeans 6.7.1\mobility8\Java_ME_platform_SDK_3.0\runtimes\cldc-hi-javafx\bin\runMidlet.exe Disinfected"

Line00000188 = "C:\Arquivos de programas\NetBeans 6.7.1\platform10\lib\nbexec.exe Infected with: Win32.Sality.OG"

Line00000187 = "C:\Arquivos de programas\NetBeans 6.7.1\platform10\lib\nbexec.exe Disinfected"

Line00000186 = "C:\Arquivos de programas\Nokia\Nokia PC Suite 6\GetConnected.exe Infected with: Win32.Sality.OG"

Line00000185 = "C:\Arquivos de programas\Nokia\Nokia PC Suite 6\GetConnected.exe Disinfected"

Line00000184 = "C:\Arquivos de programas\Nokia\Nokia PC Suite 6\PcSync2.exe Infected with: Win32.Sality.OG"

Line00000183 = "C:\Arquivos de programas\Nokia\Nokia PC Suite 6\PcSync2.exe Disinfected"

Line00000182 = "C:\Arquivos de programas\Norton Security Scan\SymSupport\Nss.exe Infected with: Win32.Sality.OG"

Line00000181 = "C:\Arquivos de programas\Norton Security Scan\SymSupport\Nss.exe Disinfected"

Line00000180 = "C:\Arquivos de programas\QuickTime Alternative\QTTask.exe Infected with: Win32.Sality.OG"

Line00000179 = "C:\Arquivos de programas\QuickTime Alternative\QTTask.exe Disinfected"

Line00000178 = "C:\Arquivos de programas\Real\RealPlayer\realplay.exe Infected with: Win32.Sality.OG"

Line00000177 = "C:\Arquivos de programas\Real\RealPlayer\realplay.exe Disinfected"

Line00000176 = "C:\Arquivos de programas\Real\RealPlayer\RecordingManager.exe Infected with: Win32.Sality.OG"

Line00000175 = "C:\Arquivos de programas\Real\RealPlayer\RecordingManager.exe Disinfected"

Line00000174 = "C:\Arquivos de programas\VMware\VMware Workstation\vmware.exe Infected with: Win32.Sality.OG"

Line00000173 = "C:\Arquivos de programas\VMware\VMware Workstation\vmware.exe Disinfected"

Line00000172 = "C:\Documents and Settings\All Users\Dados de aplicativos\Avira\AntiVir Desktop\INFECTED\48c5960e.qua=>(Quarantine-8) Infected with: Win32.Sality.OG"

Line00000171 = "C:\Documents and Settings\All Users\Dados de aplicativos\Avira\AntiVir Desktop\INFECTED\48c5960e.qua=>(Quarantine-8) Disinfected"

Line00000170 = "C:\Documents and Settings\All Users\Dados de aplicativos\Avira\AntiVir Desktop\INFECTED\48c5960e.qua Update failed"

Line00000169 = "C:\Documents and Settings\All Users\Dados de aplicativos\Avira\AntiVir Desktop\INFECTED\48d964a5.qua=>(Quarantine-8) Infected with: Win32.Sality.OG"

Line00000168 = "C:\Documents and Settings\All Users\Dados de aplicativos\Avira\AntiVir Desktop\INFECTED\48d964a5.qua=>(Quarantine-8) Disinfected"

Line00000167 = "C:\Documents and Settings\All Users\Dados de aplicativos\Avira\AntiVir Desktop\INFECTED\48d964a5.qua Update failed"

Line00000166 = "C:\Documents and Settings\All Users\Dados de aplicativos\Avira\AntiVir Desktop\INFECTED\48da6f7d.qua=>(Quarantine-8) Infected with: Win32.Sality.OG"

Line00000165 = "C:\Documents and Settings\All Users\Dados de aplicativos\Avira\AntiVir Desktop\INFECTED\48da6f7d.qua=>(Quarantine-8) Disinfected"

Line00000164 = "C:\Documents and Settings\All Users\Dados de aplicativos\Avira\AntiVir Desktop\INFECTED\48da6f7d.qua Update failed"

Line00000163 = "C:\Documents and Settings\All Users\Dados de aplicativos\Avira\AntiVir Desktop\INFECTED\4ae3d94c.qua=>(Quarantine-8) Infected with: Win32.Sality.OG"

Line00000162 = "C:\Documents and Settings\All Users\Dados de aplicativos\Avira\AntiVir Desktop\INFECTED\4ae3d94c.qua=>(Quarantine-8) Disinfected"

Line00000161 = "C:\Documents and Settings\All Users\Dados de aplicativos\Avira\AntiVir Desktop\INFECTED\4ae3d94c.qua Update failed"

Line00000160 = "C:\Documents and Settings\All Users\Dados de aplicativos\Avira\AntiVir Desktop\INFECTED\4af4c672.qua=>(Quarantine-8) Infected with: Win32.Sality.OG"

Line00000159 = "C:\Documents and Settings\All Users\Dados de aplicativos\Avira\AntiVir Desktop\INFECTED\4af4c672.qua=>(Quarantine-8) Disinfected"

Line00000158 = "C:\Documents and Settings\All Users\Dados de aplicativos\Avira\AntiVir Desktop\INFECTED\4af4c672.qua Update failed"

Line00000157 = "C:\Documents and Settings\All Users\Dados de aplicativos\Avira\AntiVir Desktop\INFECTED\4b4e91b4.qua=>(Quarantine-8) Infected with: Win32.Sality.OG"

Line00000156 = "C:\Documents and Settings\All Users\Dados de aplicativos\Avira\AntiVir Desktop\INFECTED\4b4e91b4.qua=>(Quarantine-8) Disinfected"

Line00000155 = "C:\Documents and Settings\All Users\Dados de aplicativos\Avira\AntiVir Desktop\INFECTED\4b4e91b4.qua Update failed"

Line00000154 = "C:\Documents and Settings\All Users\Dados de aplicativos\Avira\AntiVir Desktop\INFECTED\4b55507f.qua=>(Quarantine-8) Infected with: Win32.Sality.OG"

Line00000153 = "C:\Documents and Settings\All Users\Dados de aplicativos\Avira\AntiVir Desktop\INFECTED\4b55507f.qua=>(Quarantine-8) Disinfected"

Line00000152 = "C:\Documents and Settings\All Users\Dados de aplicativos\Avira\AntiVir Desktop\INFECTED\4b55507f.qua Update failed"

Line00000151 = "C:\Documents and Settings\All Users\Dados de aplicativos\Avira\AntiVir Desktop\INFECTED\4b620694.qua=>(Quarantine-8) Infected with: Win32.Sality.OG"

Line00000150 = "C:\Documents and Settings\All Users\Dados de aplicativos\Avira\AntiVir Desktop\INFECTED\4b620694.qua=>(Quarantine-8) Disinfected"

Line00000149 = "C:\Documents and Settings\All Users\Dados de aplicativos\Avira\AntiVir Desktop\INFECTED\4b620694.qua Update failed"

Line00000148 = "C:\Documents and Settings\All Users\Dados de aplicativos\Avira\AntiVir Desktop\INFECTED\4b6b0689.qua=>(Quarantine-8) Infected with: Win32.Sality.OG"

Line00000147 = "C:\Documents and Settings\All Users\Dados de aplicativos\Avira\AntiVir Desktop\INFECTED\4b6b0689.qua=>(Quarantine-8) Disinfected"

Line00000146 = "C:\Documents and Settings\All Users\Dados de aplicativos\Avira\AntiVir Desktop\INFECTED\4b6b0689.qua Update failed"

Line00000145 = "C:\Documents and Settings\All Users\Dados de aplicativos\Avira\AntiVir Desktop\INFECTED\4b6f0693.qua=>(Quarantine-8) Infected with: Win32.Sality.OG"

Line00000144 = "C:\Documents and Settings\All Users\Dados de aplicativos\Avira\AntiVir Desktop\INFECTED\4b6f0693.qua=>(Quarantine-8) Disinfected"

Line00000143 = "C:\Documents and Settings\All Users\Dados de aplicativos\Avira\AntiVir Desktop\INFECTED\4b6f0693.qua Update failed"

Line00000142 = "C:\Documents and Settings\All Users\Dados de aplicativos\Avira\AntiVir Desktop\INFECTED\4b710695.qua=>(Quarantine-8) Infected with: Win32.Sality.OG"

Line00000141 = "C:\Documents and Settings\All Users\Dados de aplicativos\Avira\AntiVir Desktop\INFECTED\4b710695.qua=>(Quarantine-8) Disinfected"

Line00000140 = "C:\Documents and Settings\All Users\Dados de aplicativos\Avira\AntiVir Desktop\INFECTED\4b710695.qua Update failed"

Line00000139 = "C:\Documents and Settings\All Users\Dados de aplicativos\Avira\AntiVir Desktop\INFECTED\4b730689.qua=>(Quarantine-8) Infected with: Win32.Sality.OG"

Line00000138 = "C:\Documents and Settings\All Users\Dados de aplicativos\Avira\AntiVir Desktop\INFECTED\4b730689.qua=>(Quarantine-8) Disinfected"

Line00000137 = "C:\Documents and Settings\All Users\Dados de aplicativos\Avira\AntiVir Desktop\INFECTED\4b730689.qua Update failed"

Line00000136 = "C:\Documents and Settings\All Users\Dados de aplicativos\Avira\AntiVir Desktop\INFECTED\4b74068b.qua=>(Quarantine-8) Infected with: Win32.Sality.OG"

Line00000135 = "C:\Documents and Settings\All Users\Dados de aplicativos\Avira\AntiVir Desktop\INFECTED\4b74068b.qua=>(Quarantine-8) Disinfected"

Line00000134 = "C:\Documents and Settings\All Users\Dados de aplicativos\Avira\AntiVir Desktop\INFECTED\4b74068b.qua Update failed"

Line00000133 = "C:\Documents and Settings\All Users\Dados de aplicativos\Avira\AntiVir Desktop\INFECTED\4b8206b2.qua=>(Quarantine-8) Infected with: Win32.Sality.OG"

Line00000132 = "C:\Documents and Settings\All Users\Dados de aplicativos\Avira\AntiVir Desktop\INFECTED\4b8206b2.qua=>(Quarantine-8) Disinfected"

Line00000131 = "C:\Documents and Settings\All Users\Dados de aplicativos\Avira\AntiVir Desktop\INFECTED\4b8206b2.qua Update failed"

Line00000130 = "C:\Documents and Settings\All Users\Dados de aplicativos\Avira\AntiVir Desktop\INFECTED\4b8206b6.qua=>(Quarantine-8) Infected with: Win32.Sality.OG"

Line00000129 = "C:\Documents and Settings\All Users\Dados de aplicativos\Avira\AntiVir Desktop\INFECTED\4b8206b6.qua=>(Quarantine-8) Disinfected"

Line00000128 = "C:\Documents and Settings\All Users\Dados de aplicativos\Avira\AntiVir Desktop\INFECTED\4b8206b6.qua Update failed"

Line00000127 = "C:\Documents and Settings\All Users\Dados de aplicativos\Avira\AntiVir Desktop\INFECTED\4b8406a8.qua=>(Quarantine-8) Infected with: Win32.Sality.OG"

Line00000126 = "C:\Documents and Settings\All Users\Dados de aplicativos\Avira\AntiVir Desktop\INFECTED\4b8406a8.qua=>(Quarantine-8) Disinfected"

Line00000125 = "C:\Documents and Settings\All Users\Dados de aplicativos\Avira\AntiVir Desktop\INFECTED\4b8406a8.qua Update failed"

Line00000124 = "C:\Documents and Settings\All Users\Dados de aplicativos\Avira\AntiVir Desktop\INFECTED\4b8406a9.qua=>(Quarantine-8) Infected with: Win32.Sality.OG"

Line00000123 = "C:\Documents and Settings\All Users\Dados de aplicativos\Avira\AntiVir Desktop\INFECTED\4b8406a9.qua=>(Quarantine-8) Disinfected"

Line00000122 = "C:\Documents and Settings\All Users\Dados de aplicativos\Avira\AntiVir Desktop\INFECTED\4b8406a9.qua Update failed"

Line00000121 = "C:\Documents and Settings\All Users\Dados de aplicativos\Avira\AntiVir Desktop\INFECTED\4b8606b9.qua=>(Quarantine-8) Infected with: Win32.Sality.OG"

Line00000120 = "C:\Documents and Settings\All Users\Dados de aplicativos\Avira\AntiVir Desktop\INFECTED\4b8606b9.qua=>(Quarantine-8) Disinfected"

Line00000119 = "C:\Documents and Settings\All Users\Dados de aplicativos\Avira\AntiVir Desktop\INFECTED\4b8606b9.qua Update failed"

Line00000118 = "C:\Documents and Settings\All Users\Dados de aplicativos\Avira\AntiVir Desktop\INFECTED\4b8806b3.qua=>(Quarantine-8) Infected with: Win32.Sality.OG"

Line00000117 = "C:\Documents and Settings\All Users\Dados de aplicativos\Avira\AntiVir Desktop\INFECTED\4b8806b3.qua=>(Quarantine-8) Disinfected"

Line00000116 = "C:\Documents and Settings\All Users\Dados de aplicativos\Avira\AntiVir Desktop\INFECTED\4b8806b3.qua Update failed"

Line00000115 = "C:\Documents and Settings\All Users\Dados de aplicativos\Avira\AntiVir Desktop\INFECTED\4b8a06b1.qua=>(Quarantine-8) Infected with: Win32.Sality.OG"

Line00000114 = "C:\Documents and Settings\All Users\Dados de aplicativos\Avira\AntiVir Desktop\INFECTED\4b8a06b1.qua=>(Quarantine-8) Disinfected"

Line00000113 = "C:\Documents and Settings\All Users\Dados de aplicativos\Avira\AntiVir Desktop\INFECTED\4b8a06b1.qua Update failed"

Line00000112 = "C:\Documents and Settings\All Users\Dados de aplicativos\Avira\AntiVir Desktop\INFECTED\4b8a06b5.qua=>(Quarantine-8) Infected with: Win32.Sality.OG"

Line00000111 = "C:\Documents and Settings\All Users\Dados de aplicativos\Avira\AntiVir Desktop\INFECTED\4b8a06b5.qua=>(Quarantine-8) Disinfected"

Line00000110 = "C:\Documents and Settings\All Users\Dados de aplicativos\Avira\AntiVir Desktop\INFECTED\4b8a06b5.qua Update failed"

Line00000109 = "C:\Documents and Settings\All Users\Dados de aplicativos\Avira\AntiVir Desktop\INFECTED\4b8a06b9.qua=>(Quarantine-8) Infected with: Win32.Sality.OG"

Line00000108 = "C:\Documents and Settings\All Users\Dados de aplicativos\Avira\AntiVir Desktop\INFECTED\4b8a06b9.qua=>(Quarantine-8) Disinfected"

Line00000107 = "C:\Documents and Settings\All Users\Dados de aplicativos\Avira\AntiVir Desktop\INFECTED\4b8a06b9.qua Update failed"

Line00000106 = "C:\Documents and Settings\All Users\Dados de aplicativos\Avira\AntiVir Desktop\INFECTED\4b8d06b3.qua=>(Quarantine-8) Infected with: Win32.Sality.OG"

Line00000105 = "C:\Documents and Settings\All Users\Dados de aplicativos\Avira\AntiVir Desktop\INFECTED\4b8d06b3.qua=>(Quarantine-8) Disinfected"

Line00000104 = "C:\Documents and Settings\All Users\Dados de aplicativos\Avira\AntiVir Desktop\INFECTED\4b8d06b3.qua Update failed"

Line00000103 = "C:\Documents and Settings\All Users\Dados de aplicativos\Avira\AntiVir Desktop\INFECTED\4b8d06b7.qua=>(Quarantine-8) Infected with: Win32.Sality.OG"

Line00000102 = "C:\Documents and Settings\All Users\Dados de aplicativos\Avira\AntiVir Desktop\INFECTED\4b8d06b7.qua=>(Quarantine-8) Disinfected"

Line00000101 = "C:\Documents and Settings\All Users\Dados de aplicativos\Avira\AntiVir Desktop\INFECTED\4b8d06b7.qua Update failed"

Line00000100 = "C:\Documents and Settings\All Users\Dados de aplicativos\Avira\AntiVir Desktop\INFECTED\4b9006ac.qua=>(Quarantine-8) Infected with: Win32.Sality.OG"

Line00000099 = "C:\Documents and Settings\All Users\Dados de aplicativos\Avira\AntiVir Desktop\INFECTED\4b9006ac.qua=>(Quarantine-8) Disinfected"

Line00000098 = "C:\Documents and Settings\All Users\Dados de aplicativos\Avira\AntiVir Desktop\INFECTED\4b9006ac.qua Update failed"

Line00000097 = "C:\Documents and Settings\All Users\Dados de aplicativos\Avira\AntiVir Desktop\INFECTED\4b9106b6.qua=>(Quarantine-8) Infected with: Win32.Sality.OG"

Line00000096 = "C:\Documents and Settings\All Users\Dados de aplicativos\Avira\AntiVir Desktop\INFECTED\4b9106b6.qua=>(Quarantine-8) Disinfected"

Line00000095 = "C:\Documents and Settings\All Users\Dados de aplicativos\Avira\AntiVir Desktop\INFECTED\4b9106b6.qua Update failed"

Line00000094 = "C:\Documents and Settings\All Users\Dados de aplicativos\Avira\AntiVir Desktop\INFECTED\4b9306a9.qua=>(Quarantine-8) Infected with: Win32.Sality.OG"

Line00000093 = "C:\Documents and Settings\All Users\Dados de aplicativos\Avira\AntiVir Desktop\INFECTED\4b9306a9.qua=>(Quarantine-8) Disinfected"

Line00000092 = "C:\Documents and Settings\All Users\Dados de aplicativos\Avira\AntiVir Desktop\INFECTED\4b9306a9.qua Update failed"

Line00000091 = "C:\Documents and Settings\All Users\Dados de aplicativos\Avira\AntiVir Desktop\INFECTED\4b9306aa.qua=>(Quarantine-8) Infected with: Win32.Sality.OG"

Line00000090 = "C:\Documents and Settings\All Users\Dados de aplicativos\Avira\AntiVir Desktop\INFECTED\4b9306aa.qua=>(Quarantine-8) Disinfected"

Line00000089 = "C:\Documents and Settings\All Users\Dados de aplicativos\Avira\AntiVir Desktop\INFECTED\4b9306aa.qua Update failed"

Line00000088 = "C:\Documents and Settings\All Users\Dados de aplicativos\Avira\AntiVir Desktop\INFECTED\4b9306ad.qua=>(Quarantine-8) Infected with: Win32.Sality.OG"

Line00000087 = "C:\Documents and Settings\All Users\Dados de aplicativos\Avira\AntiVir Desktop\INFECTED\4b9306ad.qua=>(Quarantine-8) Disinfected"

Line00000086 = "C:\Documents and Settings\All Users\Dados de aplicativos\Avira\AntiVir Desktop\INFECTED\4b9306ad.qua Update failed"

Line00000085 = "C:\Documents and Settings\All Users\Dados de aplicativos\Avira\AntiVir Desktop\INFECTED\4b9606b6.qua=>(Quarantine-8) Infected with: Win32.Sality.OG"

Line00000084 = "C:\Documents and Settings\All Users\Dados de aplicativos\Avira\AntiVir Desktop\INFECTED\4b9606b6.qua=>(Quarantine-8) Disinfected"

Line00000083 = "C:\Documents and Settings\All Users\Dados de aplicativos\Avira\AntiVir Desktop\INFECTED\4b9606b6.qua Update failed"

Line00000082 = "C:\Documents and Settings\All Users\Dados de aplicativos\Avira\AntiVir Desktop\INFECTED\4b961503.qua=>(Quarantine-8) Infected with: Gen:Win32.Sality.Dam"

Line00000081 = "C:\Documents and Settings\All Users\Dados de aplicativos\Avira\AntiVir Desktop\INFECTED\4b961503.qua=>(Quarantine-8) Disinfection failed"

Line00000080 = "C:\Documents and Settings\All Users\Dados de aplicativos\Avira\AntiVir Desktop\INFECTED\4b961503.qua=>(Quarantine-8) Deleted"

Line00000079 = "C:\Documents and Settings\All Users\Dados de aplicativos\Avira\AntiVir Desktop\INFECTED\4b961503.qua Deleted"

Line00000078 = "C:\Documents and Settings\All Users\Dados de aplicativos\Avira\AntiVir Desktop\INFECTED\4b9706a9.qua=>(Quarantine-8) Infected with: Win32.Sality.OG"

Line00000077 = "C:\Documents and Settings\All Users\Dados de aplicativos\Avira\AntiVir Desktop\INFECTED\4b9706a9.qua=>(Quarantine-8) Disinfected"

Line00000076 = "C:\Documents and Settings\All Users\Dados de aplicativos\Avira\AntiVir Desktop\INFECTED\4b9706a9.qua Update failed"

Line00000075 = "C:\Documents and Settings\User\Configurações locais\Temp\kiqhjc.exe Infected with: Generic.Malware.FYdld.BD2FCA8A"

Line00000074 = "C:\Documents and Settings\User\Configurações locais\Temp\kiqhjc.exe Deleted"

Line00000073 = "C:\Documents and Settings\User\Configurações locais\Temp\pmhni.exe Infected with: Generic.Malware.FYdld.BD2FCA8A"

Line00000072 = "C:\Documents and Settings\User\Configurações locais\Temp\pmhni.exe Deleted"

Line00000071 = "C:\Documents and Settings\User\Configurações locais\Temp\w98aa0.exe Infected with: Trojan.Crypt.HO"

Line00000070 = "C:\Documents and Settings\User\Configurações locais\Temp\w98aa0.exe Deleted"

Line00000069 = "C:\Documents and Settings\User\Configurações locais\Temp\wingmcj.exe Infected with: Generic.Malware.FYdld.BD2FCA8A"

Line00000068 = "C:\Documents and Settings\User\Configurações locais\Temp\wingmcj.exe Deleted"

Line00000067 = "C:\Documents and Settings\User\Configurações locais\Temp\winliidx.exe Infected with: Generic.Malware.FYdld.BD2FCA8A"

Line00000066 = "C:\Documents and Settings\User\Configurações locais\Temp\winliidx.exe Deleted"

Line00000065 = "C:\Documents and Settings\User\Configurações locais\Temp\winqdmpox.exe Infected with: Generic.Malware.FYdld.BD2FCA8A"

Line00000064 = "C:\Documents and Settings\User\Configurações locais\Temp\winqdmpox.exe Deleted"

Line00000063 = "C:\Documents and Settings\User\Configurações locais\Temp\winuusf.exe Infected with: Generic.Malware.FYdld.BD2FCA8A"

Line00000062 = "C:\Documents and Settings\User\Configurações locais\Temp\winuusf.exe Deleted"

Line00000061 = "C:\Documents and Settings\User\Configurações locais\Temp\winuyrjhl.exe Infected with: Generic.Malware.FYdld.BD2FCA8A"

Line00000060 = "C:\Documents and Settings\User\Configurações locais\Temp\winuyrjhl.exe Deleted"

Line00000059 = "C:\Documents and Settings\User\Configurações locais\Temp\winwkytwg.exe Infected with: Backdoor.Agent.AANT"

Line00000058 = "C:\Documents and Settings\User\Configurações locais\Temp\winwkytwg.exe Deleted"

Line00000057 = "C:\Documents and Settings\User\Configurações locais\Temp\winyfruc.exe Infected with: Generic.Malware.FYdld.BD2FCA8A"

Line00000056 = "C:\Documents and Settings\User\Configurações locais\Temp\winyfruc.exe Deleted"

Line00000055 = "C:\Documents and Settings\User\Desktop\AD-R.exe Infected with: Win32.Sality.OG"

Line00000054 = "C:\Documents and Settings\User\Desktop\AD-R.exe Disinfected"

Line00000053 = "C:\Documents and Settings\User\Desktop\cureit.exe Infected with: Win32.Sality.OG"

Line00000052 = "C:\Documents and Settings\User\Desktop\cureit.exe Disinfected"

Line00000051 = "C:\Documents and Settings\User\Desktop\esetsmartinstaller_enu.exe Infected with: Win32.Sality.OG"

Line00000050 = "C:\Documents and Settings\User\Desktop\esetsmartinstaller_enu.exe Disinfected"

Line00000049 = "C:\Documents and Settings\User\Desktop\Flash_Disinfector.exe Infected with: Win32.Sality.OG"

Line00000048 = "C:\Documents and Settings\User\Desktop\Flash_Disinfector.exe Disinfected"

Line00000047 = "C:\Documents and Settings\User\Desktop\HijackThis\HijackThis.exe Infected with: Win32.Sality.OG"

Line00000046 = "C:\Documents and Settings\User\Desktop\HijackThis\HijackThis.exe Disinfected"

Line00000045 = "C:\Documents and Settings\User\Desktop\jSMS-311.exe Infected with: Win32.Sality.OG"

Line00000044 = "C:\Documents and Settings\User\Desktop\jSMS-311.exe Disinfected"

Line00000043 = "C:\Documents and Settings\User\Desktop\UsbFix.exe Infected with: Win32.Sality.OG"

Line00000042 = "C:\Documents and Settings\User\Desktop\UsbFix.exe Disinfected"

Line00000041 = "C:\Documents and Settings\User\DoctorWeb\Quarantine\bdvjj.exe Infected with: Trojan.Crypt.HO"

Line00000040 = "C:\Documents and Settings\User\DoctorWeb\Quarantine\bdvjj.exe Deleted"

Line00000039 = "C:\Documents and Settings\User\DoctorWeb\Quarantine\hhuqkt.exe Infected with: Trojan.Crypt.HO"

Line00000038 = "C:\Documents and Settings\User\DoctorWeb\Quarantine\hhuqkt.exe Deleted"

Line00000037 = "C:\Documents and Settings\User\DoctorWeb\Quarantine\lfnjld.exe Infected with: Generic.Malware.FYdld.BD2FCA8A"

Line00000036 = "C:\Documents and Settings\User\DoctorWeb\Quarantine\lfnjld.exe Deleted"

Line00000035 = "C:\Documents and Settings\User\DoctorWeb\Quarantine\NODFB3E.tmp Infected with: Backdoor.Agent.AANT"

Line00000034 = "C:\Documents and Settings\User\DoctorWeb\Quarantine\NODFB3E.tmp Deleted"

Line00000033 = "C:\Documents and Settings\User\DoctorWeb\Quarantine\opluen.exe Infected with: Trojan.Crypt.HO"

Line00000032 = "C:\Documents and Settings\User\DoctorWeb\Quarantine\opluen.exe Deleted"

Line00000031 = "C:\Documents and Settings\User\DoctorWeb\Quarantine\wincwkre.exe Infected with: Trojan.Crypt.HO"

Line00000030 = "C:\Documents and Settings\User\DoctorWeb\Quarantine\wincwkre.exe Deleted"

Line00000029 = "C:\Documents and Settings\User\DoctorWeb\Quarantine\windsor.exe Infected with: Trojan.Crypt.HO"

Line00000028 = "C:\Documents and Settings\User\DoctorWeb\Quarantine\windsor.exe Deleted"

Line00000027 = "C:\Documents and Settings\User\DoctorWeb\Quarantine\winkfelsf.exe Infected with: Trojan.Crypt.HO"

Line00000026 = "C:\Documents and Settings\User\DoctorWeb\Quarantine\winkfelsf.exe Deleted"

Line00000025 = "C:\Documents and Settings\User\DoctorWeb\Quarantine\winouosvt.exe Infected with: Trojan.Crypt.HO"

Line00000024 = "C:\Documents and Settings\User\DoctorWeb\Quarantine\winouosvt.exe Deleted"

Line00000023 = "C:\Documents and Settings\User\DoctorWeb\Quarantine\xcpeii.exe Infected with: Trojan.Crypt.HO"

Line00000022 = "C:\Documents and Settings\User\DoctorWeb\Quarantine\xcpeii.exe Deleted"

Line00000021 = "C:\UsbFix\Go.exe Infected with: Win32.Sality.OG"

Line00000020 = "C:\UsbFix\Go.exe Disinfected"

Line00000019 = "C:\WINDOWS\system32\igfxtray.exe Infected with: Win32.Sality.OG"

Line00000018 = "C:\WINDOWS\system32\igfxtray.exe Disinfected"

Line00000017 = "D:\Programas\Adobe Dreamweaver CS4\payloads\AdobeAMP-mul\AIRApplicationRunner.exe Infected with: Win32.Sality.OG"

Line00000016 = "D:\Programas\Adobe Dreamweaver CS4\payloads\AdobeAMP-mul\AIRApplicationRunner.exe Disinfected"

Line00000015 = "D:\Programas\Adobe Dreamweaver CS4\redist\WindowsInstaller-KB893803-v2-x86.exe Infected with: Win32.Sality.OG"

Line00000014 = "D:\Programas\Adobe Dreamweaver CS4\redist\WindowsInstaller-KB893803-v2-x86.exe Disinfected"

Line00000013 = "D:\Programas\Adobe Dreamweaver CS4\redist\WindowsServer2003-KB898715-ia64-enu.exe Infected with: Win32.Sality.OG"

Line00000012 = "D:\Programas\Adobe Dreamweaver CS4\redist\WindowsServer2003-KB898715-ia64-enu.exe Disinfected"

Line00000011 = "D:\Programas\Adobe Dreamweaver CS4\redist\WindowsServer2003-KB898715-x64-enu.exe Infected with: Win32.Sality.OG"

Line00000010 = "D:\Programas\Adobe Dreamweaver CS4\redist\WindowsServer2003-KB898715-x64-enu.exe Disinfected"

Line00000009 = "D:\Programas\Adobe Dreamweaver CS4\redist\WindowsServer2003-KB898715-x86-enu.exe Infected with: Win32.Sality.OG"

Line00000008 = "D:\Programas\Adobe Dreamweaver CS4\redist\WindowsServer2003-KB898715-x86-enu.exe Disinfected"

Line00000007 = "D:\Programas\Adobe Dreamweaver CS4\redist\WindowsXP-KB898715-x64-enu.exe Infected with: Win32.Sality.OG"

Line00000006 = "D:\Programas\Adobe Dreamweaver CS4\redist\WindowsXP-KB898715-x64-enu.exe Disinfected"

Line00000005 = "D:\Programas\Adobe Dreamweaver CS4\Setup.exe Infected with: Win32.Sality.OG"

Line00000004 = "D:\Programas\Adobe Dreamweaver CS4\Setup.exe Disinfected"

Line00000003 = "D:\Programas\Adobe Flash CS4\AkamaiDownloadManagerInstaller.exe Infected with: Win32.Sality.OG"

Line00000002 = "D:\Programas\Adobe Flash CS4\AkamaiDownloadManagerInstaller.exe Disinfected"

Line00000001 = "D:\Programas\Dreamweaver CS3 Portable\Dreamweaver_CS3_UnzipFiles.exe Infected with: Win32.Sality.OG"

Line00000000 = "D:\Programas\Dreamweaver CS3 Portable\Dreamweaver_CS3_UnzipFiles.exe Disinfected"

 

=============================

 

Log do ESET OnLine:

 

ESETSmartInstaller@High as downloader log:

all ok

# version=7

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.6211

# api_version=3.0.2

# EOSSerial=0bc50b2e54d2c140a04e13e03e329d3a

# end=stopped

# remove_checked=true

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=true

# antistealth_checked=true

# utc_time=2010-04-04 07:56:50

# local_time=2010-04-04 04:56:50 (-0300, Hora oficial do Brasil)

# country="Brazil"

# lang=1033

# osver=5.1.2600 NT Service Pack 3

# compatibility_mode=freeze

# scanned=0

# found=0

# cleaned=0

# scan_time=167

ESETSmartInstaller@High as downloader log:

all ok

esets_scanner_update returned -1 esets_gle=53251

ESETSmartInstaller@High as downloader log:

all ok

esets_scanner_update returned -1 esets_gle=53251

# version=7

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.6211

# api_version=3.0.2

# EOSSerial=0bc50b2e54d2c140a04e13e03e329d3a

# end=finished

# remove_checked=true

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=true

# antistealth_checked=true

# utc_time=2010-04-05 12:07:58

# local_time=2010-04-04 09:07:58 (-0300, Hora oficial do Brasil)

# country="Brazil"

# lang=1033

# osver=5.1.2600 NT Service Pack 3

# compatibility_mode=1792 16777191 100 0 11897421 11897421 0 0

# compatibility_mode=8192 67108863 100 0 0 0 0 0

# scanned=125607

# found=568

# cleaned=566

# scan_time=5468

C:\Ad-Remover\ADR.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Ad-Remover\Un-ADR.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Ad-Remover\Backup\AD-R.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\Adobe\Adobe Dreamweaver CS4\Dreamweaver.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\Adobe\Adobe Dreamweaver CS4\LogTransport2.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\Adobe\Adobe Dreamweaver CS4\JVM\bin\java.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\Adobe\Adobe Dreamweaver CS4\JVM\bin\javac.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\Adobe\Adobe Dreamweaver CS4\JVM\bin\javaw.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\Adobe\Adobe Dreamweaver CS4\JVM\bin\keytool.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\Adobe\Adobe Dreamweaver CS4\JVM\bin\policytool.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\Adobe\Adobe Dreamweaver CS4\JVM\bin\rmid.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\Adobe\Adobe Dreamweaver CS4\JVM\bin\rmiregistry.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\Adobe\Adobe Dreamweaver CS4\JVM\bin\tnameserv.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\Adobe\Adobe Flash CS4\CrashReporterApp.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\Adobe\Adobe Flash CS4\Flash.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\Adobe\Adobe Flash CS4\JVM\bin\java.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\Adobe\Adobe Flash CS4\JVM\bin\javaw.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\Adobe\Adobe Flash CS4\JVM\bin\javaws.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\Adobe\Adobe Flash CS4\JVM\bin\jucheck.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\Adobe\Adobe Flash CS4\JVM\bin\jusched.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\Adobe\Adobe Flash CS4\JVM\bin\keytool.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\Adobe\Adobe Flash CS4\JVM\bin\kinit.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\Adobe\Adobe Flash CS4\JVM\bin\klist.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\Adobe\Adobe Flash CS4\JVM\bin\ktab.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\Adobe\Adobe Flash CS4\JVM\bin\orbd.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\Adobe\Adobe Photoshop CS3\Photoshop.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\OFFICE12\ACECNFLT.EXE Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\OFFICE12\MSE7.EXE Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\OFFICE12\MSOXMLED.EXE Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\OFFICE12\ODSERV.EXE Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\OFFICE12\OFFDIAG.EXE Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\OFFICE12\OFFLB.EXE Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\OFFICE12\Office Setup Controller\ODEPLOY.EXE Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\OFFICE12\Office Setup Controller\SETUP.EXE Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Source Engine\OSE.EXE Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WLLoginProxy.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\Arquivos comuns\Nero\AdvrCntr4\NeroPatentActivation.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\Arquivos comuns\Nero\Nero ProductInstaller 4\ipclog.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\Arquivos comuns\Nero\Nero ProductInstaller 4\LSDriveDetect.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\Arquivos comuns\Nero\Nero ProductInstaller 4\SetupX.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\Arquivos comuns\Nero\Nero ProductInstaller 4\WindowsInstallerKB893803v2x86.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\Arquivos comuns\PCSuite\DataLayer\DataLayer.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\r1puninst.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\RealOneMessageCenter.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\rnxproc.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\upgrdhlp.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\Common Files\VMware\USB\vnetlib.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_2F50&SUBSYS_207C14F1\HXFSetup.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\CyberLink DVD Solution\Multimedia Launcher\PowerBar.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\CyberLink DVD Solution\PowerDVD\CLDMA.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\CyberLink DVD Solution\PowerDVD\cltest.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\CyberLink DVD Solution\PowerDVD\dvdrgn.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\CyberLink DVD Solution\PowerDVD\PowerDVD.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\CyberLink DVD Solution\PowerDVD\OLRSubmission\OLRSubmission.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\DivX\DivX Updater\DivXVersionChecker.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\DivX\Symantec\scstubinstaller.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\EA SPORTS\Copa do Mundo FIFA 2006\eauninstall.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\EA SPORTS\Copa do Mundo FIFA 2006\Support\2006 FIFA World Cup_code.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\EA SPORTS\Copa do Mundo FIFA 2006\Support\2006 FIFA World Cup_uninst.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\EA SPORTS\Copa do Mundo FIFA 2006\Support\EasyInfo.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\EA SPORTS\Copa do Mundo FIFA 2006\Support\EReg.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\Foxit Software\Foxit Reader\Foxit Reader.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\Foxit Software\Foxit Reader\Uninstall.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\Foxit Software\Foxit Reader\UnInstallPDFReaderPlugin.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\Gabest\VobSub\submux.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\Gabest\VobSub\subresync.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\Gabest\VobSub\uninstall.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\Google\Update\1.2.183.13\GoogleCrashHandler.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\Google\Update\1.2.183.13\GoogleUpdate.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\HP\Digital Imaging\bin\DestTest.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\HP\Digital Imaging\bin\hpfccopy.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\HP\Digital Imaging\bin\hpoews01.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\HP\Digital Imaging\bin\hpofxm08.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\HP\Digital Imaging\bin\hpofxs08.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\HP\Digital Imaging\bin\hposfx08.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\HP\Digital Imaging\bin\hposid01.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\HP\Digital Imaging\bin\hpospd08.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\HP\Digital Imaging\bin\hposvc08.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqacdse.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqaol08.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqCopy.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqcsaha.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqdirec.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqdstcp.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqEmlsz.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqirs08.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqisc01.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqise01.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqkiosk.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqkygrp.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqnrs08.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqpprop.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqprntw.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\HP\Digital Imaging\bin\HPQPSXP.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqptc08.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqqpawp.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqscnvw.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqste08.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtax08.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtbx01.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqudc08.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqusgh.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqusgl.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqusgm.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqvpswp.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqvwr08.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqwrg.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\HP\Digital Imaging\bin\hpsjrreg.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\HP\Digital Imaging\bin\hpzwiz01.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\HP\Digital Imaging\bin\ppcue.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\HP\Digital Imaging\devicemanagement\hpzmsi01.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\HP\Digital Imaging\devicemanagement\hpzscr01.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\HP\Digital Imaging\esupport\hpzmsi01.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\HP\Digital Imaging\esupport\hpzscr01.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\HP\Digital Imaging\extcapuninstall\hpzmsi01.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\HP\Digital Imaging\extcapuninstall\hpzscr01.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\HP\Digital Imaging\Help\player\fscommand\F300_install_printcart.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\HP\Digital Imaging\Help\player\fscommand\F300_load_env.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\HP\Digital Imaging\Help\player\fscommand\F300_load_letter.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\HP\Digital Imaging\Help\player\fscommand\F300_load_original.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\HP\Digital Imaging\Help\player\fscommand\F300_load_small.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\HP\Digital Imaging\Help\player\fscommand\F300_paperjam.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\HP\Digital Imaging\Help\player\fscommand\F300_printcart.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\HP\Digital Imaging\Help\player\fscommand\F300_transfer_scan.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\HP\Digital Imaging\Product Assistant\bin\hprblog.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\HP\Digital Imaging\Product Assistant\bin\hprbui.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\HP\Digital Imaging\Product Assistant\bin\hprbUpdate.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\HP\Digital Imaging\Product Assistant\scache\hprbhelp\hprbhelp.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\HP\Digital Imaging\{BDBE2F3E-42DB-4d4a-8CB1-19BA765DBC6C}\hpzcdl01.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\HP\Digital Imaging\{BDBE2F3E-42DB-4d4a-8CB1-19BA765DBC6C}\hpzsetup.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\HP\Digital Imaging\{BDBE2F3E-42DB-4d4a-8CB1-19BA765DBC6C}\setup.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\HP\Digital Imaging\{BDBE2F3E-42DB-4d4a-8CB1-19BA765DBC6C}\setup\hpzcdl01.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\HP\Digital Imaging\{BDBE2F3E-42DB-4d4a-8CB1-19BA765DBC6C}\setup\hpzdui01.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\HP\Digital Imaging\{BDBE2F3E-42DB-4d4a-8CB1-19BA765DBC6C}\setup\hpzmsi01.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\HP\Digital Imaging\{BDBE2F3E-42DB-4d4a-8CB1-19BA765DBC6C}\setup\hpzpsl01.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\HP\Digital Imaging\{BDBE2F3E-42DB-4d4a-8CB1-19BA765DBC6C}\setup\hpzrcn01.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\HP\Digital Imaging\{BDBE2F3E-42DB-4d4a-8CB1-19BA765DBC6C}\setup\hpzscr01.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\HP\Digital Imaging\{BDBE2F3E-42DB-4d4a-8CB1-19BA765DBC6C}\setup\hpzshl01.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\HP\Digital Imaging\{BDBE2F3E-42DB-4d4a-8CB1-19BA765DBC6C}\setup\hpzwrp01.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\HP\HP Software Update\hpwucli.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\HP\HP Software Update\hpwuschd2.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\HP\Photosmart Essential\HP_IZE.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\HP\Temp\{BDBE2F3E-42DB-4d4a-8CB1-19BA765DBC6C}\setup\hpzmsi01.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\HP\Temp\{BDBE2F3E-42DB-4d4a-8CB1-19BA765DBC6C}\setup\hpzrcv01.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\HP\Temp\{BDBE2F3E-42DB-4d4a-8CB1-19BA765DBC6C}\setup\hpzscr01.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\InstallShield Installation Information\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\Setup.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\InstallShield Installation Information\{B97CF5C3-0487-11D8-A36E-0050BAE317E1}\Setup.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\Internet Explorer\ExtExport.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\Java\jdk1.6.0_17\bin\appletviewer.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\Java\jdk1.6.0_17\bin\apt.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\Java\jdk1.6.0_17\bin\extcheck.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\Java\jdk1.6.0_17\bin\HtmlConverter.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\Java\jdk1.6.0_17\bin\idlj.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\Java\jdk1.6.0_17\bin\jar.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\Java\jdk1.6.0_17\bin\jarsigner.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\Java\jdk1.6.0_17\bin\java-rmi.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\Java\jdk1.6.0_17\bin\java.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\Java\jdk1.6.0_17\bin\javac.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\Java\jdk1.6.0_17\bin\javadoc.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\Java\jdk1.6.0_17\bin\javah.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\Java\jdk1.6.0_17\bin\javap.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\Java\jdk1.6.0_17\bin\javaw.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\Java\jdk1.6.0_17\bin\javaws.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\Java\jdk1.6.0_17\bin\jconsole.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\Java\jdk1.6.0_17\bin\jdb.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\Java\jdk1.6.0_17\bin\jhat.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\Java\jdk1.6.0_17\bin\jinfo.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\Java\jdk1.6.0_17\bin\jmap.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\Java\jdk1.6.0_17\bin\jps.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\Java\jdk1.6.0_17\bin\jrunscript.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\Java\jdk1.6.0_17\bin\jstack.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\Java\jdk1.6.0_17\bin\jstat.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\Java\jdk1.6.0_17\bin\jstatd.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\Java\jdk1.6.0_17\bin\jvisualvm.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\Java\jdk1.6.0_17\bin\keytool.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\Java\jdk1.6.0_17\bin\kinit.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\Java\jdk1.6.0_17\bin\klist.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\Java\jdk1.6.0_17\bin\ktab.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\Java\jdk1.6.0_17\bin\native2ascii.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\Java\jdk1.6.0_17\bin\orbd.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\Java\jdk1.6.0_17\bin\pack200.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\Java\jdk1.6.0_17\bin\packager.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\Java\jdk1.6.0_17\bin\policytool.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\Java\jdk1.6.0_17\bin\rmic.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\Java\jdk1.6.0_17\bin\rmid.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\Java\jdk1.6.0_17\bin\rmiregistry.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\Java\jdk1.6.0_17\bin\schemagen.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\Java\jdk1.6.0_17\bin\serialver.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\Java\jdk1.6.0_17\bin\servertool.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\Java\jdk1.6.0_17\bin\tnameserv.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\Java\jdk1.6.0_17\bin\unpack200.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\Java\jdk1.6.0_17\bin\wsgen.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\Java\jdk1.6.0_17\bin\wsimport.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\Java\jdk1.6.0_17\bin\xjc.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\Java\jdk1.6.0_17\jre\bin\java-rmi.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\Java\jdk1.6.0_17\jre\bin\java.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\Java\jdk1.6.0_17\jre\bin\javacpl.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\Java\jdk1.6.0_17\jre\bin\javaw.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\Java\jdk1.6.0_17\jre\bin\javaws.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\Java\jdk1.6.0_17\jre\bin\jbroker.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\Java\jdk1.6.0_17\jre\bin\jp2launcher.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\Java\jdk1.6.0_17\jre\bin\jqs.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\Java\jdk1.6.0_17\jre\bin\jqsnotify.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\Java\jdk1.6.0_17\jre\bin\jucheck.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\Java\jdk1.6.0_17\jre\bin\jureg.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\Java\jdk1.6.0_17\jre\bin\jusched.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\Java\jdk1.6.0_17\jre\bin\keytool.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\Java\jdk1.6.0_17\jre\bin\kinit.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\Java\jdk1.6.0_17\jre\bin\klist.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\Java\jdk1.6.0_17\jre\bin\ktab.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\Java\jdk1.6.0_17\jre\bin\orbd.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\Java\jdk1.6.0_17\jre\bin\pack200.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\Java\jdk1.6.0_17\jre\bin\policytool.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\Java\jdk1.6.0_17\jre\bin\rmid.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\Java\jdk1.6.0_17\jre\bin\rmiregistry.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\Java\jdk1.6.0_17\jre\bin\servertool.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\Java\jdk1.6.0_17\jre\bin\ssvagent.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\Java\jdk1.6.0_17\jre\bin\tnameserv.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\Java\jdk1.6.0_17\jre\bin\unpack200.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\Java\jdk1.6.0_17\jre\lib\launcher.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\Java\jdk1.6.0_17\lib\visualvm\platform9\lib\nbexec.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\Java\jre6\bin\java-rmi.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\Java\jre6\bin\java.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\Java\jre6\bin\javacpl.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\Java\jre6\bin\javaw.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\Java\jre6\bin\javaws.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\Java\jre6\bin\jbroker.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\Java\jre6\bin\jp2launcher.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\Java\jre6\bin\jqs.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\Java\jre6\bin\jucheck.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\Java\jre6\bin\jureg.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\Java\jre6\bin\jusched.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\Java\jre6\bin\keytool.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\Java\jre6\bin\kinit.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\Java\jre6\bin\klist.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\Java\jre6\bin\ktab.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\Java\jre6\bin\orbd.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\Java\jre6\bin\pack200.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\Java\jre6\bin\policytool.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\Java\jre6\bin\rmid.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\Java\jre6\bin\rmiregistry.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\Java\jre6\bin\servertool.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\Java\jre6\bin\ssvagent.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\Java\jre6\bin\tnameserv.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\Java\jre6\bin\unpack200.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\K-Lite Codec Pack\Filters\Haali\gdsmux.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\K-Lite Codec Pack\Media Player Classic\mpc-hc.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\K-Lite Codec Pack\Real\Update_OB\upgrdhlp.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\K-Lite Codec Pack\Tools\dsconfig.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\K-Lite Codec Pack\Tools\graphstudio.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\K-Lite Codec Pack\Tools\minicalc.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\K-Lite Codec Pack\Tools\StatsReader.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\K-Lite Codec Pack\Tools\gspot\gspot.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\Last.fm\CrashReporter.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\Last.fm\iPodScrobbler.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\Last.fm\killer.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\Last.fm\LastFM.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\Last.fm\Updater.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\LHSP\L&H Japanese Translator\Jtej.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\LHSP\L&H Japanese Translator\Jtje.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\LHSP\L&H Power Translator Pro\Barcsrv.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\LHSP\L&H Power Translator Pro\Converse.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\LHSP\L&H Power Translator Pro\DictUtilities.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\LHSP\L&H Power Translator Pro\PhBook.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\LHSP\L&H Power Translator Pro\ptpro.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\LHSP\L&H Power Translator Pro\Trnsutil.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\LHSP\L&H Power Translator Pro\VerViewer.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\LHSP\L&H Power Translator Pro\WordLook.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\LHSP\L&H Power Translator Pro\Wt32.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\LHSP\L&H Power Translator Pro\Ereg\Reg32.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbam.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbamgui.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbamservice.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\Marvell\Miniport Driver\installu.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\Marvell\Miniport Driver\Uninst.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\MassTube\ffmpeg.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\Messenger Plus! Live\Log Viewer.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\Messenger Plus! Live\MPTools.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\Messenger Plus! Live\Uninstall.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\Microsoft\Search Enhancement Pack\Choice Guard\CGuard.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\Microsoft Office\Office12\CLVIEW.EXE Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\Microsoft Office\Office12\CNFNOT32.EXE Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\Microsoft Office\Office12\DRAT.EXE Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\Microsoft Office\Office12\DSSM.EXE Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\Microsoft Office\Office12\EXCEL.EXE Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\Microsoft Office\Office12\excelcnv.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\Microsoft Office\Office12\GRAPH.EXE Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\Microsoft Office\Office12\GROOVE.EXE Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\Microsoft Office\Office12\GrooveClean.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\Microsoft Office\Office12\GrooveMigrator.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\Microsoft Office\Office12\INFOPATH.EXE Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\Microsoft Office\Office12\MSACCESS.EXE Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\Microsoft Office\Office12\MSOHTMED.EXE Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\Microsoft Office\Office12\MSPUB.EXE Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\Microsoft Office\Office12\MSQRY32.EXE Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\Microsoft Office\Office12\MSTORDB.EXE Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\Microsoft Office\Office12\MSTORE.EXE Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\Microsoft Office\Office12\OIS.EXE Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\Microsoft Office\Office12\ONENOTE.EXE Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\Microsoft Office\Office12\ONENOTEM.EXE Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\Microsoft Office\Office12\REGFORM.EXE Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\Microsoft Office\Office12\SCANOST.EXE Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\Microsoft Office\Office12\SCANPST.EXE Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\Microsoft Office\Office12\SELFCERT.EXE Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\Microsoft Office\Office12\SETLANG.EXE Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\Microsoft Office\Office12\VPREVIEW.EXE Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\Microsoft Office\Office12\WINWORD.EXE Win32/Sality.NAR virus (error while cleaning) 00000000000000000000000000000000 I

C:\Arquivos de programas\Microsoft Office\Office12\Wordconv.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\Microsoft Office\Office12\1046\ONELEV.EXE Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\Mozilla Firefox\crashreporter.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\Mozilla Firefox\uninstall\helper.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\Nero\Nero 9\Nero Online Upgrade\NeroOnlineUpgrade.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\Nero\Nero 9\Nero StartSmart\NeroStartSmart.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\Nero\Nero 9\Nero StartSmart\NMDllHost.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\Nero\Nero ControlCenter 4\ncc.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\NetBeans 6.7.1\uninstall.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\NetBeans 6.7.1\bin\netbeans.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\NetBeans 6.7.1\harness\launchers\app.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\NetBeans 6.7.1\harness\launchers\pre7_app.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\NetBeans 6.7.1\harness\launchers\pre7_app_w.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\NetBeans 6.7.1\javafx2\javafx-sdk\bin\javafx.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\NetBeans 6.7.1\javafx2\javafx-sdk\bin\javafxc.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\NetBeans 6.7.1\javafx2\javafx-sdk\bin\javafxdoc.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\NetBeans 6.7.1\javafx2\javafx-sdk\bin\javafxpackager.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\NetBeans 6.7.1\javafx2\javafx-sdk\bin\javafxw.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\NetBeans 6.7.1\javafx2\javafx-sdk\emulator\bin\device-address.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\NetBeans 6.7.1\javafx2\javafx-sdk\emulator\bin\device-manager.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\NetBeans 6.7.1\javafx2\javafx-sdk\emulator\bin\emulator.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\NetBeans 6.7.1\javafx2\javafx-sdk\emulator\bin\mekeytool.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\NetBeans 6.7.1\javafx2\javafx-sdk\emulator\bin\memory-profiler.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\NetBeans 6.7.1\javafx2\javafx-sdk\emulator\bin\preverify.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\NetBeans 6.7.1\javafx2\javafx-sdk\emulator\runtimes\cldc-hi-javafx\bin\runMidlet.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\NetBeans 6.7.1\mobility8\Java_ME_platform_SDK_3.0\bin\cref.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\NetBeans 6.7.1\mobility8\Java_ME_platform_SDK_3.0\bin\device-address.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\NetBeans 6.7.1\mobility8\Java_ME_platform_SDK_3.0\bin\device-manager.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\NetBeans 6.7.1\mobility8\Java_ME_platform_SDK_3.0\bin\emulator.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\NetBeans 6.7.1\mobility8\Java_ME_platform_SDK_3.0\bin\jadtool.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\NetBeans 6.7.1\mobility8\Java_ME_platform_SDK_3.0\bin\mekeytool.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\NetBeans 6.7.1\mobility8\Java_ME_platform_SDK_3.0\bin\memory-profiler.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\NetBeans 6.7.1\mobility8\Java_ME_platform_SDK_3.0\bin\netmon-console.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\NetBeans 6.7.1\mobility8\Java_ME_platform_SDK_3.0\bin\payment-console.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\NetBeans 6.7.1\mobility8\Java_ME_platform_SDK_3.0\bin\preverify.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\NetBeans 6.7.1\mobility8\Java_ME_platform_SDK_3.0\bin\resourcesmanager.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\NetBeans 6.7.1\mobility8\Java_ME_platform_SDK_3.0\bin\runBDJ.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\NetBeans 6.7.1\mobility8\Java_ME_platform_SDK_3.0\bin\wma-tool.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\NetBeans 6.7.1\mobility8\Java_ME_platform_SDK_3.0\bin\wscompile.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\NetBeans 6.7.1\mobility8\Java_ME_platform_SDK_3.0\runtimes\cdc-hi\bin\cvm.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\NetBeans 6.7.1\mobility8\Java_ME_platform_SDK_3.0\runtimes\cldc-hi-javafx\bin\runMidlet.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\NetBeans 6.7.1\platform10\lib\nbexec.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\Nokia\Nokia PC Suite 6\ApplicationInstaller.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\Nokia\Nokia PC Suite 6\ConnectionManager.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\Nokia\Nokia PC Suite 6\ContactsEditor.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\Nokia\Nokia PC Suite 6\ContentCopier.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\Nokia\Nokia PC Suite 6\ImageConverter.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\Nokia\Nokia PC Suite 6\ImageStore.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\Nokia\Nokia PC Suite 6\MultimediaPlayer.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\Nokia\Nokia PC Suite 6\OneTouchAccess.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\Nokia\Nokia PC Suite 6\PcSync2.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\Nokia\Nokia PC Suite 6\PCSyncLV.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\Nokia\Nokia PC Suite 6\SeUpdateDb.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\Nokia\Nokia PC Suite 6\TextMessageEditor.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\Nokia\Nokia PC Suite 6\Btmdm\nbtinst.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\Norton Security Scan\NortonSecurityScan.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\Norton Security Scan\SymSupport\Nss.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\PHP Editor\php\php.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\PluginLetras\uninst.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\Project64 1.6\Project64.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\QuickTime Alternative\PictureViewer.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\QuickTime Alternative\QTInfo.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\QuickTime Alternative\QTTask.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\QuickTime Alternative\Media Player Classic\mplayerc.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\QuickTime Alternative\QTSystem\ExportController.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\QuickTime Alternative\QTSystem\QuickTimeUpdateHelper.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\Real\RealPlayer\realplay.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\Real\RealPlayer\RecordingManager.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\Real\RealPlayer\rphelperapp.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\Real\RealPlayer\converter\convert.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\Real\RealPlayer\converter\RealConverter.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\Real\RealPlayer\converter\RealShare.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\Real\RealPlayer\converter\RealTrimmer.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\Real\RealPlayer\converter\Update\r1puninst.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\Real\RealPlayer\Setup\setup.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\sges-v3-prelude\uninstall.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\Truck_Racing_By_Renault_Trucks\uninst.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\Truck_Racing_By_Renault_Trucks\Bin\RTR.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\VMware\VMware VIX\vmrun.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\VMware\VMware Workstation\ace_upgrade.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\VMware\VMware Workstation\farexec-service.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\VMware\VMware Workstation\hqtray.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\VMware\VMware Workstation\mkisofs.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\VMware\VMware Workstation\unzip.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\VMware\VMware Workstation\vmnat.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\VMware\VMware Workstation\vmnetcfg.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\VMware\VMware Workstation\VMnetDHCP.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\VMware\VMware Workstation\vmplayer-service.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\VMware\VMware Workstation\vmplayer.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\VMware\VMware Workstation\vmrun.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\VMware\VMware Workstation\vmss2core.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\VMware\VMware Workstation\vmUpdateLauncher.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\VMware\VMware Workstation\vmware-acetool.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\VMware\VMware Workstation\vmware-fullscreen.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\VMware\VMware Workstation\vmware-remotemks-debug.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\VMware\VMware Workstation\vmware-remotemks.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\VMware\VMware Workstation\vmware-unity-helper.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\VMware\VMware Workstation\vmware-vdiskmanager.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\VMware\VMware Workstation\vmware-vmx-debug.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\VMware\VMware Workstation\vmware-vmx-stats.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\VMware\VMware Workstation\vmware-vmx.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\VMware\VMware Workstation\vmware.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\VMware\VMware Workstation\vnetlib.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\VMware\VMware Workstation\vnetsniffer.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\VMware\VMware Workstation\vnetstats.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\VMware\VMware Workstation\zip.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\VMware\VMware Workstation\pkg\bulkDeploy.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\VMware\VMware Workstation\pkg\instmsiw.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\VMware\VMware Workstation\pkg\pkt_app.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\VMware\VMware Workstation\pkg\pkt_deploy.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\VMware\VMware Workstation\pkg\pkt_run.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\VMware\VMware Workstation\pkg\setup.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\VMware\VMware Workstation\pkg\vmware-acetool.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\VMware\VMware Workstation\Resources\bootrun.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\VMware\VMware Workstation\Resources\customize.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\VMware\VMware Workstation\Resources\deployPkg.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\VMware\VMware Workstation\Resources\guestcustutil.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\VMware\VMware Workstation\Resources\imgcust-reboot.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\VMware\VMware Workstation\Resources\imgCustFinalization.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\VMware\VMware Workstation\Resources\imgCustPrep.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\VMware\VMware Workstation\Resources\loginblocker.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\VMware\VMware Workstation\tools-upgraders\VMwareToolsUpgrader.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\VMware\VMware Workstation\tools-upgraders\VMwareToolsUpgrader9x.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\VMware\VMware Workstation\tools-upgraders\VMwareToolsUpgraderNT.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\VMware\VMware Workstation\vmware-tools\upgrader.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\Windows Live\Contacts\wlcomm.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\Windows Live\Installer\wlarp.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\Windows Live\Installer\wloobe.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\Windows Live\Messenger\wlcsdk.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\Windows Live\Messenger\wlcstart.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\Windows Media Connect 2\wmccds.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\Windows Media Connect 2\WMCCFG.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\Windows Media Player\wmdbexport.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\Windows Media Player\wmlaunch.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\Windows Media Player\wmpenc.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\Windows Media Player\wmpnscfg.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\Windows Media Player\wmpshare.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\Windows Media Player\wmsetsdk.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Brasfoot2009\teams\uninstall.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Brasfoot2009\Trapaceadores\Cheat BrasWin.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Brasfoot2009\Trapaceadores\Cheat Stop Time.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Brasfoot2010\uninstall.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Brasfoot2010\teams\Uninstal.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Brasfoot2010\teams\uninstall.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\All Users\Dados de aplicativos\VMware\VMware Workstation\Uninstaller\uninstall.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\All Users\Dados de aplicativos\VMware\VMware Workstation\Uninstaller\vnetlib.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\User\Configurações locais\Dados de aplicativos\Adobe\Updater6\Install\AdobeUpdater\AdobeUpdaterInstallMgr.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\User\Configurações locais\Temp\cskl.exe probably a variant of Win32/Agent.HLU trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\User\Configurações locais\Temp\liocpf.exe probably a variant of Win32/Agent.HLU trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\User\Configurações locais\Temp\wb65d8.exe probably a variant of Win32/Genetik trojan (cleaned by deleting (after the next restart) - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\User\Configurações locais\Temp\winaipfe.exe probably a variant of Win32/Agent.HLU trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\User\Configurações locais\Temp\yvpgl.exe probably a variant of Win32/Agent.HLU trojan (cleaned by deleting (after the next restart) - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\User\Dados de aplicativos\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\ARPPRODUCTICON.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\User\Dados de aplicativos\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\NewShortcut1_9559F7CA5E344237A2D9D856464AD727.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\User\Desktop\AD-R.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\User\Desktop\Auto-Tune_evo_VST_PC_v6.09.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\User\Desktop\bf2010.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\User\Desktop\egifan5.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\User\Desktop\esetsmartinstaller_enu.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\User\Desktop\Flash_Disinfector.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\User\Desktop\jSMS-311.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\User\Desktop\KillBox.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\User\Desktop\PenClean.exe probably a variant of Win32/Spy.Agent trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\User\Desktop\PenClean.zip probably a variant of Win32/Spy.Agent trojan (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\User\Desktop\Razor_universobrasfoot.net.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\User\Desktop\tool.cmd HTML/Iframe.B.Gen virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\User\Desktop\UsbFix.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\User\Desktop\DELL\Bateria.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\User\Desktop\DELL\Card Reader.EXE Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\User\Desktop\DELL\Chipset.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\User\Desktop\DELL\DELL_MULTI-DEVICE_A01_R242754.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\User\Desktop\DELL\DELL_WIRELESS-5730-VZW-MOBIL_A00_R239700.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\User\Desktop\DELL\Driver Wireless.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\User\Desktop\DELL\Functions.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\User\Desktop\DELL\Rede.EXE Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\User\Desktop\DELL\Video.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\User\Desktop\DELL\WindowsInstaller-KB893803-v2-x86.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\User\Desktop\DELL\Wireless.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\User\Desktop\DELL\Wirelesss.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\User\Desktop\HijackThis\HijackThis.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\User\DoctorWeb\Quarantine\rbdt.exe probably a variant of Win32/Agent.HLU trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Drivers\Audio Abit I-45CV.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Drivers\Rede Abit I-45CV.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Drivers\Audio Abit I-45CV\ChCfg.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Drivers\Audio Abit I-45CV\SetCDfmt.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Drivers\Audio Abit I-45CV\Setup.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Drivers\Audio Abit I-45CV\MSHDQFE\Win2K3\us\kb888111srvrtm.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Drivers\Audio Abit I-45CV\MSHDQFE\Win2K_XP\us\kb888111w2ksp4.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Drivers\Audio Abit I-45CV\MSHDQFE\Win2K_XP\us\kb888111xpsp1.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Drivers\Audio Abit I-45CV\MSHDQFE\Win2K_XP\us\kb888111xpsp2.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Drivers\Audio Abit I-45CV\Vista\RtHDVCpl.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Drivers\Audio Abit I-45CV\Vista\RtkAudioService.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Drivers\Audio Abit I-45CV\Vista\RtlUpd.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Drivers\Audio Abit I-45CV\Vista\SkyTel.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Drivers\Audio Abit I-45CV\Vista64\SkyTel.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Drivers\Audio Abit I-45CV\WDM\Alcmtr.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Drivers\Audio Abit I-45CV\WDM\RtlUpd.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Drivers\Audio Abit I-45CV\WDM\SkyTel.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Drivers\Audio Abit I-45CV\WDM\SoundMan.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Drivers\modemXP_aztech_msp2980\HXFSetup.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Drivers\modemXP_aztech_msp2980\Setup.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Drivers\Rede Abit I-45CV\setup.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\MSOCache\All Users\{90120000-0030-0000-0000-0000000FF1CE}-C\ose.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\MSOCache\All Users\{90120000-0030-0000-0000-0000000FF1CE}-C\setup.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\MSOCache\All Users\{90120000-006E-0416-0000-0000000FF1CE}-C\DW20.EXE Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\MSOCache\All Users\{90120000-006E-0416-0000-0000000FF1CE}-C\dwtrig20.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Progra~1\Common~1\Micros~1\Replication Manager 4.0\mstrai40.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Progra~1\Common~1\Micros~1\Replication Manager 4.0\mstran40.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Sun\AppServer\uninstall.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Sun\AppServer\imq\bin\certutil.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Sun\AppServer\imq\bin\imqadmin.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Sun\AppServer\imq\bin\imqbrokerd.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Sun\AppServer\imq\bin\imqbrokersvc.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Sun\AppServer\imq\bin\imqcmd.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Sun\AppServer\imq\bin\imqdbmgr.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Sun\AppServer\imq\bin\imqkeytool.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Sun\AppServer\imq\bin\imqobjmgr.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Sun\AppServer\imq\bin\imqsvcadmin.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Sun\AppServer\imq\bin\imqusermgr.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Sun\AppServer\imq\bin\ssltap.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Sun\AppServer\lib\appserv.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Sun\AppServer\lib\appservAgent.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Sun\AppServer\lib\appservDAS.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Sun\AppServer\lib\appservLauncher.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Sun\AppServer\lib\certutil.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Sun\AppServer\lib\pk12util.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Sun\AppServer\lib\upgrade\certutil.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Sun\AppServer\lib\upgrade\pk12util.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\UsbFix\Go.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\UsbFix\Tools\fsum.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\UsbFix\Tools\gsar.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\UsbFix\Tools\Kill.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\UsbFix\Tools\KProcess.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\UsbFix\Tools\sed.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\UsbFix\Tools\setpath.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\UsbFix\Tools\zip.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\wamp\bin\apache\Apache2.2.11\bin\ab.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\wamp\bin\apache\Apache2.2.11\bin\abs.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\wamp\bin\apache\Apache2.2.11\bin\htcacheclean.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\wamp\bin\apache\Apache2.2.11\bin\htdbm.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\wamp\bin\apache\Apache2.2.11\bin\htdigest.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\wamp\bin\apache\Apache2.2.11\bin\htpasswd.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\wamp\bin\apache\Apache2.2.11\bin\httxt2dbm.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\wamp\bin\apache\Apache2.2.11\bin\openssl.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\wamp\bin\apache\Apache2.2.11\bin\rotatelogs.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

C:\WINDOWS\system32\igfxtray.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

D:\Programas\Adobe Dreamweaver CS4\Setup.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

D:\Programas\Adobe Dreamweaver CS4\payloads\AdobeAMP-mul\AIRApplicationRunner.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

D:\Programas\Adobe Dreamweaver CS4\redist\WindowsInstaller-KB893803-v2-x86.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

D:\Programas\Adobe Dreamweaver CS4\redist\WindowsServer2003-KB898715-ia64-enu.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

D:\Programas\Adobe Dreamweaver CS4\redist\WindowsServer2003-KB898715-x64-enu.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

D:\Programas\Adobe Dreamweaver CS4\redist\WindowsServer2003-KB898715-x86-enu.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

D:\Programas\Adobe Dreamweaver CS4\redist\WindowsXP-KB898715-x64-enu.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

D:\Programas\Adobe Flash CS4\AkamaiDownloadManagerInstaller.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

D:\Programas\Dreamweaver CS3 Portable\Dreamweaver_CS3_UnzipFiles.exe Win32/Sality.NAR virus (cleaned - quarantined) 00000000000000000000000000000000 C

${Memory} Win32/Sality.NAR virus 00000000000000000000000000000000 I

 

 

=========================================

 

Log do HijackThis:

 

Logfile of HijackThis v1.99.1

Scan saved at 14:22:13, on 9/4/2010

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe

C:\ARQUIV~1\Nokia\NOKIAP~1\LAUNCH~1.EXE

C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe

C:\Arquivos de programas\VMware\VMware Workstation\vmware-tray.exe

C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Arquivos de programas\Nokia\Nokia PC Suite 6\PcSync2.exe

C:\ARQUIV~1\ARQUIV~1\PCSuite\Services\SERVIC~1.EXE

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

C:\ARQUIV~1\ARQUIV~1\Nokia\MPAPI\MPAPI3s.exe

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqSTE08.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Common Files\VMware\USB\vmware-usbarbitrator.exe

C:\WINDOWS\system32\vmnat.exe

C:\WINDOWS\system32\vmnetdhcp.exe

C:\Arquivos de programas\VMware\VMware Workstation\vmware-authd.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jucheck.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Last.fm\LastFM.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\Documents and Settings\User\Desktop\HijackThis\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.microsoft.com/fwlink/?linkid=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://br.msn.com/

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Dados de aplicativos\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Easy Gif Animator Toolbar Helper - {96372AB6-15EB-4316-B497-71C741BC548C} - C:\Arquivos de programas\Easy Gif Animator Extension\v3.3.0.3\EasyGifAnimator_Toolbar.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O3 - Toolbar: Easy Gif Animator Toolbar - {35065594-9169-4A34-B167-FC4865038E53} - C:\Arquivos de programas\Easy Gif Animator Extension\v3.3.0.3\EasyGifAnimator_Toolbar.dll

O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [HP Software Update] C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Arquivos de programas\Arquivos comuns\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime Alternative\qttask.exe" -atboottime

O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\ARQUIV~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -onlytray

O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [vmware-tray] "C:\Arquivos de programas\VMware\VMware Workstation\vmware-tray.exe"

O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [swg] "C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

O4 - HKCU\..\Run: [PcSync] C:\Arquivos de programas\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\arquivos de programas\vmware\vmware workstation\vsocklib.dll

O10 - Unknown file in Winsock LSP: c:\arquivos de programas\vmware\vmware workstation\vsocklib.dll

O11 - Options group: [iNTERNATIONAL] International

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab

O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6087.cab

O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveSystemServices.dll

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Help\hxds.dll

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\ARQUIV~1\ARQUIV~1\MICROS~1\OFFICE12\MSOXMLMF.DLL

O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: VMware Agent Service (ufad-ws60) - Unknown owner - C:\Arquivos de programas\VMware\VMware Workstation\vmware-ufad.exe" -d "C:\Arquivos de programas\VMware\VMware Workstation\\" -s ufad-p2v.xml (file missing)

O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Arquivos de programas\VMware\VMware Workstation\vmware-authd.exe

O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe

O23 - Service: VMware USB Arbitration Service (VMUSBArbService) - VMware, Inc. - C:\Arquivos de programas\Common Files\VMware\USB\vmware-usbarbitrator.exe

O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe

O23 - Service: wampapache - Unknown owner - c:\wamp\bin\apache\apache2.2.11\bin\httpd.exe" -k runservice (file missing)

O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.1.36\bin\mysqld.exe

[Power Max 54]

Desculpe-me pela demora, tive que fazer uma viagem por causa do falecimento de minha avó e voltei só hoje.

___________________________

 

:) Vários outros problemas foram removidos do seu PC.

______________________________

 

Fiz também o do Dr.Web

:seta: Poste, por gentileza, o log do Dr. Web em sua próxima resposta juntamente com os outros logs pedidos abaixo.

______________________________

 

:seta: Veja também se você já consegue executar o seu antivirus Avira Antivir. Caso não consiga executá-lo, desinstale-o e instale-o novamente. Atualize-o (faça um update) e reinicie o seu computador e entre pelo Modo de Segurança (apertando a tecla F8 (ou a tecla F5 em alguns computadores) repetidas vezes quando o computador estiver reiniciando e escolhendo a opção Modo Seguro ou Modo de Segurança). Aí quando o computador tiver reiniciado, clique com o botão direito do mouse sobre o símbolo do Avira (aquele guarda-chuva vermelho aberto ao lado do relógio do Windows) e escolha a opção Iniciar o AntiVir > clique na opção Verif. sistema agora > e aguarde a conclusão do escaneamento e a medida em que ele for achando os vírus escolha a opção de desinfectar estes arquivos contaminados ou vá enviando eles para a quarentena. E no caso dos arquivos terem sido enviados para a quarentena, depois de algumas semanas, se o seu computador estiver funcionando normalmente sem estes arquivos que foram para a quarentena, você pode ir na quarentena e excluí-los definitivamente.

 

Obs: Caso não seja possível fazer o escaneamento com o Avira Antivir no Modo Seguro do Windows, faça-o no modo normal.

__________________________________

 

:seta: Siga, por gentileza as dicas deste tutorial para fazer uma limpeza de seu PC com o Spyware Doctor:

 

Tutorial do Spyware Doctor Starter Edition

___________________________________

 

:seta: Na sua próxima resposta poste o log do Spyware Doctor juntamente com um novo log do Hijackthis e o log do Avira Antivir e nos diga como está o seu Pc depois disto.

 

Ficamos no aguardo.

[redieu 0]

Olá Antonio! Sem problemas pela demora, eu também demorei a postar a minha última resposta antes dessa.

 

Não tinha postado o log do Dr. Web porque não deu na postagem e depois me esqueci de postar de novo.

 

Mas está aqui: http://www.4shared.com/file/2BOcBLct/CureIt.html

 

Fiz o log do Avira, mas notei que ele ainda detecta alguns arquivos .exe que são programas como vírus, tipo o LastFM.

 

Log do Avira:

 

 

 

Avira AntiVir Personal

Report file date: sábado, 17 de abril de 2010 22:20

 

Scanning for 2011046 virus strains and unwanted programs.

 

Licensee : Avira AntiVir Personal - FREE Antivirus

Serial number : 0000149996-ADJIE-0000001

Platform : Windows XP

Windows version : (Service Pack 3) [5.1.2600]

Boot mode : Normally booted

Username : SYSTEM

Computer name : DESKTOP

 

Version information:

BUILD.DAT : 9.0.0.422 21701 Bytes 9/3/2010 10:29:00

AVSCAN.EXE : 9.0.3.10 466689 Bytes 20/11/2009 16:16:09

AVSCAN.DLL : 9.0.3.0 40705 Bytes 27/2/2009 14:58:24

LUKE.DLL : 9.0.3.2 209665 Bytes 20/2/2009 15:35:49

LUKERES.DLL : 9.0.2.0 12033 Bytes 27/2/2009 14:58:52

VBASE000.VDF : 7.10.0.0 19875328 Bytes 6/11/2009 16:16:08

VBASE001.VDF : 7.10.1.0 1372672 Bytes 19/11/2009 16:16:08

VBASE002.VDF : 7.10.3.1 3143680 Bytes 20/1/2010 13:03:23

VBASE003.VDF : 7.10.3.75 996864 Bytes 26/1/2010 13:15:00

VBASE004.VDF : 7.10.4.203 1579008 Bytes 5/3/2010 13:18:48

VBASE005.VDF : 7.10.6.82 2494464 Bytes 15/4/2010 13:24:58

VBASE006.VDF : 7.10.6.83 2048 Bytes 15/4/2010 13:24:59

VBASE007.VDF : 7.10.6.84 2048 Bytes 15/4/2010 13:24:59

VBASE008.VDF : 7.10.6.85 2048 Bytes 15/4/2010 13:24:59

VBASE009.VDF : 7.10.6.86 2048 Bytes 15/4/2010 13:24:59

VBASE010.VDF : 7.10.6.87 2048 Bytes 15/4/2010 13:25:00

VBASE011.VDF : 7.10.6.88 2048 Bytes 15/4/2010 13:25:01

VBASE012.VDF : 7.10.6.89 2048 Bytes 15/4/2010 13:25:01

VBASE013.VDF : 7.10.6.90 2048 Bytes 15/4/2010 13:25:02

VBASE014.VDF : 7.10.6.91 2048 Bytes 15/4/2010 13:25:02

VBASE015.VDF : 7.10.6.92 2048 Bytes 15/4/2010 13:25:03

VBASE016.VDF : 7.10.6.93 2048 Bytes 15/4/2010 13:25:04

VBASE017.VDF : 7.10.6.94 2048 Bytes 15/4/2010 13:25:04

VBASE018.VDF : 7.10.6.95 2048 Bytes 15/4/2010 13:25:04

VBASE019.VDF : 7.10.6.96 2048 Bytes 15/4/2010 13:25:05

VBASE020.VDF : 7.10.6.97 2048 Bytes 15/4/2010 13:25:05

VBASE021.VDF : 7.10.6.98 2048 Bytes 15/4/2010 13:25:06

VBASE022.VDF : 7.10.6.99 2048 Bytes 15/4/2010 13:25:06

VBASE023.VDF : 7.10.6.100 2048 Bytes 15/4/2010 13:25:06

VBASE024.VDF : 7.10.6.101 2048 Bytes 15/4/2010 13:25:07

VBASE025.VDF : 7.10.6.102 2048 Bytes 15/4/2010 13:25:08

VBASE026.VDF : 7.10.6.103 2048 Bytes 15/4/2010 13:25:08

VBASE027.VDF : 7.10.6.104 2048 Bytes 15/4/2010 13:25:08

VBASE028.VDF : 7.10.6.105 2048 Bytes 15/4/2010 13:25:09

VBASE029.VDF : 7.10.6.106 2048 Bytes 15/4/2010 13:25:10

VBASE030.VDF : 7.10.6.107 2048 Bytes 15/4/2010 13:25:10

VBASE031.VDF : 7.10.6.115 78848 Bytes 16/4/2010 18:35:33

Engineversion : 8.2.1.220

AEVDF.DLL : 8.1.1.3 106868 Bytes 16/4/2010 13:32:00

AESCRIPT.DLL : 8.1.3.26 1286521 Bytes 16/4/2010 13:31:55

AESCN.DLL : 8.1.5.0 127347 Bytes 16/4/2010 13:30:52

AESBX.DLL : 8.1.2.1 254323 Bytes 16/4/2010 13:32:10

AERDL.DLL : 8.1.4.6 541043 Bytes 16/4/2010 13:30:50

AEPACK.DLL : 8.2.1.1 426358 Bytes 16/4/2010 13:30:26

AEOFFICE.DLL : 8.1.0.41 201083 Bytes 16/4/2010 13:29:57

AEHEUR.DLL : 8.1.1.24 2613623 Bytes 16/4/2010 13:29:46

AEHELP.DLL : 8.1.11.3 242039 Bytes 16/4/2010 13:26:22

AEGEN.DLL : 8.1.3.7 373106 Bytes 16/4/2010 13:26:05

AEEMU.DLL : 8.1.1.0 393587 Bytes 7/11/2009 23:10:20

AECORE.DLL : 8.1.13.1 188790 Bytes 16/4/2010 13:25:45

AEBB.DLL : 8.1.0.3 53618 Bytes 9/10/2008 18:32:40

AVWINLL.DLL : 9.0.0.3 18177 Bytes 12/12/2008 12:47:59

AVPREF.DLL : 9.0.3.0 44289 Bytes 7/11/2009 23:11:15

AVREP.DLL : 8.0.0.7 159784 Bytes 16/4/2010 13:33:00

AVREG.DLL : 9.0.0.0 36609 Bytes 5/12/2008 14:32:09

AVARKT.DLL : 9.0.0.3 292609 Bytes 24/3/2009 19:05:41

AVEVTLOG.DLL : 9.0.0.7 167169 Bytes 30/1/2009 14:37:08

SQLITE3.DLL : 3.6.1.0 326401 Bytes 28/1/2009 19:03:49

SMTPLIB.DLL : 9.2.0.25 28417 Bytes 2/2/2009 12:21:33

NETNT.DLL : 9.0.0.0 11521 Bytes 5/12/2008 14:32:10

RCIMAGE.DLL : 9.0.0.25 2438913 Bytes 15/5/2009 19:39:58

RCTEXT.DLL : 9.0.73.0 86785 Bytes 20/11/2009 16:16:08

 

Configuration settings for the scan:

Jobname.............................: Complete system scan

Configuration file..................: c:\arquivos de programas\avira\antivir desktop\sysscan.avp

Logging.............................: low

Primary action......................: interactive

Secondary action....................: ignore

Scan master boot sector.............: on

Scan boot sector....................: on

Boot sectors........................: C:, D:,

Process scan........................: on

Scan registry.......................: on

Search for rootkits.................: on

Integrity checking of system files..: off

Scan all files......................: All files

Scan archives.......................: on

Recursion depth.....................: 20

Smart extensions....................: on

Macro heuristic.....................: on

File heuristic......................: medium

Deviating risk categories...........: +APPL,+GAME,+JOKE,+PCK,+SPR,

 

Start of the scan: sábado, 17 de abril de 2010 22:20

 

Starting search for hidden objects.

'44421' objects were checked, '0' hidden objects were found.

 

The scan of running processes will be started

Scan process 'avscan.exe' - '1' Module(s) have been scanned

Scan process 'wscntfy.exe' - '1' Module(s) have been scanned

Scan process 'firefox.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'emule.exe' - '1' Module(s) have been scanned

Scan process 'vmnetdhcp.exe' - '1' Module(s) have been scanned

Scan process 'wmiprvse.exe' - '1' Module(s) have been scanned

Scan process 'wuauclt.exe' - '1' Module(s) have been scanned

Scan process 'vmware-authd.exe' - '1' Module(s) have been scanned

Scan process 'vmnat.exe' - '1' Module(s) have been scanned

Scan process 'vmware-usbarbitrator.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'avguard.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'hpqste08.exe' - '1' Module(s) have been scanned

Scan process 'mpapi3s.exe' - '1' Module(s) have been scanned

Scan process 'hpqtra08.exe' - '1' Module(s) have been scanned

Scan process 'SERVIC~1.EXE' - '1' Module(s) have been scanned

Scan process 'PcSync2.exe' - '1' Module(s) have been scanned

Scan process 'GoogleToolbarNotifier.exe' - '1' Module(s) have been scanned

Scan process 'ctfmon.exe' - '1' Module(s) have been scanned

Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned

Scan process 'avgnt.exe' - '1' Module(s) have been scanned

Scan process 'vmware-tray.exe' - '1' Module(s) have been scanned

Scan process 'realsched.exe' - '1' Module(s) have been scanned

Scan process 'LAUNCH~1.EXE' - '1' Module(s) have been scanned

Scan process 'jusched.exe' - '1' Module(s) have been scanned

Scan process 'hpwuschd2.exe' - '1' Module(s) have been scanned

Scan process 'RTHDCPL.EXE' - '1' Module(s) have been scanned

Scan process 'GrooveMonitor.exe' - '1' Module(s) have been scanned

Scan process 'igfxpers.exe' - '1' Module(s) have been scanned

Module is infected -> 'C:\WINDOWS\system32\igfxpers.exe'

Scan process 'hkcmd.exe' - '1' Module(s) have been scanned

Module is infected -> 'C:\WINDOWS\system32\hkcmd.exe'

Scan process 'explorer.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'sched.exe' - '1' Module(s) have been scanned

Scan process 'spoolsv.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'lsass.exe' - '1' Module(s) have been scanned

Scan process 'services.exe' - '1' Module(s) have been scanned

Scan process 'winlogon.exe' - '1' Module(s) have been scanned

Scan process 'csrss.exe' - '1' Module(s) have been scanned

Scan process 'smss.exe' - '1' Module(s) have been scanned

Process 'igfxpers.exe' has been terminated

Process 'hkcmd.exe' has been terminated

C:\WINDOWS\system32\igfxpers.exe

[DETECTION] Contains code of the W32/Sality.Y Windows virus

[NOTE] The file was moved to '4c30603e.qua'!

C:\WINDOWS\system32\hkcmd.exe

[DETECTION] Contains code of the W32/Sality.Y Windows virus

[NOTE] The file was moved to '4c2d6045.qua'!

 

48 processes with 46 modules were scanned

 

Starting master boot sector scan:

Master boot sector HD0

[iNFO] No virus was found!

Master boot sector HD1

[iNFO] No virus was found!

Master boot sector HD2

[iNFO] No virus was found!

Master boot sector HD3

[iNFO] No virus was found!

Master boot sector HD4

[iNFO] No virus was found!

 

Start scanning boot sectors:

Boot sector 'C:\'

[iNFO] No virus was found!

Boot sector 'D:\'

[iNFO] No virus was found!

 

Starting to scan executable files (registry).

 

The registry was scanned ( '57' files ).

 

 

Starting the file scan:

 

Begin scan in 'C:\'

C:\pagefile.sys

[WARNING] The file could not be opened!

[NOTE] This file is a Windows system file.

[NOTE] This file cannot be opened for scanning.

C:\Arquivos de programas\VMware\VMware Workstation\mkisofs.exe

[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan

C:\Documents and Settings\User\Configurações locais\Temp\MPSampleSubmit\tempc.exe.xor

[DETECTION] Is the TR/Crypt.CFI.Gen Trojan

C:\Documents and Settings\User\Dados de aplicativos\Sun\Java\Deployment\cache\6.0\39\6ef55d27-23adee44

[DETECTION] Is the TR/Crypt.CFI.Gen Trojan

C:\Documents and Settings\User\Desktop\Razor_universobrasfoot.net.exe

[DETECTION] Is the TR/Agent.220830 Trojan

C:\Documents and Settings\User\DoctorWeb\Quarantine\juchecka.exe

--> Object

[DETECTION] Contains code of the W32/Sality.Y Windows virus

Begin scan in 'D:\'

 

Beginning disinfection:

C:\Arquivos de programas\VMware\VMware Workstation\mkisofs.exe

[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan

[NOTE] The file was moved to '4c336b1d.qua'!

C:\Documents and Settings\User\Configurações locais\Temp\MPSampleSubmit\tempc.exe.xor

[DETECTION] Is the TR/Crypt.CFI.Gen Trojan

[NOTE] The file was moved to '4c376b17.qua'!

C:\Documents and Settings\User\Dados de aplicativos\Sun\Java\Deployment\cache\6.0\39\6ef55d27-23adee44

[DETECTION] Is the TR/Crypt.CFI.Gen Trojan

[NOTE] The file was moved to '4c306b18.qua'!

C:\Documents and Settings\User\Desktop\Razor_universobrasfoot.net.exe

[DETECTION] Is the TR/Agent.220830 Trojan

[NOTE] The file was moved to '4c446b14.qua'!

C:\Documents and Settings\User\DoctorWeb\Quarantine\juchecka.exe

[NOTE] The file was moved to '4c2d6b28.qua'!

 

 

End of the scan: sábado, 17 de abril de 2010 23:13

Used time: 47:48 Minute(s)

 

The scan has been done completely.

 

11326 Scanned directories

872335 Files were scanned

9 Viruses and/or unwanted programs were found

0 Files were classified as suspicious

0 files were deleted

0 Viruses and unwanted programs were repaired

7 Files were moved to quarantine

0 Files were renamed

1 Files cannot be scanned

872325 Files not concerned

11289 Archives were scanned

1 Warnings

8 Notes

44421 Objects were scanned with rootkit scan

0 Hidden objects were found

 

 

====================

 

Log do Spyware Doctor:

 

http://www.4shared.com/document/gx5i0ts5/log.html

 

====================

 

Log do HijackThis:

 

Logfile of HijackThis v1.99.1

Scan saved at 23:45:37, on 18/4/2010

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe

C:\ARQUIV~1\Nokia\NOKIAP~1\LAUNCH~1.EXE

C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe

C:\Arquivos de programas\VMware\VMware Workstation\vmware-tray.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe

C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

C:\ARQUIV~1\ARQUIV~1\PCSuite\Services\SERVIC~1.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Arquivos de programas\Nokia\Nokia PC Suite 6\PcSync2.exe

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

C:\ARQUIV~1\ARQUIV~1\Nokia\MPAPI\MPAPI3s.exe

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqSTE08.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Common Files\VMware\USB\vmware-usbarbitrator.exe

C:\WINDOWS\system32\vmnat.exe

C:\Arquivos de programas\VMware\VMware Workstation\vmware-authd.exe

C:\WINDOWS\system32\vmnetdhcp.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\Arquivos de programas\Spyware Doctor\pctsAuxs.exe

C:\Arquivos de programas\Spyware Doctor\pctsSvc.exe

C:\Arquivos de programas\Spyware Doctor\pctsTray.exe

C:\Arquivos de programas\Windows Live\Contacts\wlcomm.exe

C:\Arquivos de programas\Windows Media Player\wmplayer.exe

C:\Arquivos de programas\Last.fm\LastFM.exe

C:\Documents and Settings\User\Desktop\HijackThis\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.microsoft.com/fwlink/?linkid=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://br.msn.com/

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Dados de aplicativos\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Easy Gif Animator Toolbar Helper - {96372AB6-15EB-4316-B497-71C741BC548C} - C:\Arquivos de programas\Easy Gif Animator Extension\v3.3.0.3\EasyGifAnimator_Toolbar.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O3 - Toolbar: Easy Gif Animator Toolbar - {35065594-9169-4A34-B167-FC4865038E53} - C:\Arquivos de programas\Easy Gif Animator Extension\v3.3.0.3\EasyGifAnimator_Toolbar.dll

O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [HP Software Update] C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Arquivos de programas\Arquivos comuns\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime Alternative\qttask.exe" -atboottime

O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\ARQUIV~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -onlytray

O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [vmware-tray] "C:\Arquivos de programas\VMware\VMware Workstation\vmware-tray.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKLM\..\Run: [iSTray] "C:\Arquivos de programas\Spyware Doctor\pctsTray.exe"

O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [swg] "C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

O4 - HKCU\..\Run: [PcSync] C:\Arquivos de programas\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\arquivos de programas\vmware\vmware workstation\vsocklib.dll

O10 - Unknown file in Winsock LSP: c:\arquivos de programas\vmware\vmware workstation\vsocklib.dll

O11 - Options group: [iNTERNATIONAL] International

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab

O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6087.cab

O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveSystemServices.dll

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Help\hxds.dll

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\ARQUIV~1\ARQUIV~1\MICROS~1\OFFICE12\MSOXMLMF.DLL

O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Arquivos de programas\Spyware Doctor\pctsAuxs.exe

O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Arquivos de programas\Spyware Doctor\pctsSvc.exe

O23 - Service: VMware Agent Service (ufad-ws60) - Unknown owner - C:\Arquivos de programas\VMware\VMware Workstation\vmware-ufad.exe" -d "C:\Arquivos de programas\VMware\VMware Workstation\\" -s ufad-p2v.xml (file missing)

O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Arquivos de programas\VMware\VMware Workstation\vmware-authd.exe

O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe

O23 - Service: VMware USB Arbitration Service (VMUSBArbService) - VMware, Inc. - C:\Arquivos de programas\Common Files\VMware\USB\vmware-usbarbitrator.exe

O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe

O23 - Service: wampapache - Unknown owner - c:\wamp\bin\apache\apache2.2.11\bin\httpd.exe" -k runservice (file missing)

O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.1.36\bin\mysqld.exe

[Power Max 54]

:) Outros problemas foram removidos.

_________________________________

 

:seta: Há programas desnecessários iniciando junto com o Windows, o que torna o seu PC mais lento. Para corrigir isto, siga as dicas deste tutorial:

 

Escolhendo Programas que Iniciam com o PC

 

De preferência deixe apenas os programas de segurança (anti-vírus/anti-spywares/firewall) iniciarem junto com o Windows.

 

Use também o programa Ccleaner, indicado neste tutorial acima, para fazer uma limpeza e otimização do PC agora e de tempos em tempos.

_________________________________

 

:seta: Instale estes programas e use-os agora e semanalmente para fazer uma limpeza do seu PC e para deixá-lo mais eficiente e otimizado:

 

MV RegClean

 

Auslogics Disk Defrag

 

SpywareBlaster

 

Siga também as dicas deste tutorial:

 

Dicas para deixar seu computador mais rápido e eficiente

_______________________________

 

:seta: Mantenha seu antivirus Avira Antivir sempre atualizado e faça escaneamentos frequentes com ele. E à medida em que forem sendo achados vírus e programas espiões escolha a opção de desinfectar estes arquivos contaminados (Reparar (ou Repair, caso seu Avira esteja em inglês) ou vá enviando eles para a quarentena. E no caso dos arquivos terem sido enviados para a quarentena, depois de algumas semanas, se o seu computador estiver funcionando normalmente sem estes arquivos que foram para a quarentena, você pode ir na quarentena e excluí-los definitivamente.

_______________________________

 

:seta: Faça também novamente o escaneamento agora e de tempos em tempos com o Nod32 Online, Bitdefender Online, Malwarebytes e Spyware Doctor.

_______________________________

 

:seta: Depois disso, volte no local: Iniciar - Painel de Controle - Sistema - Clique na aba: Restauração do Sistema - Desmarque a caixinha: Desativar restauração do sistema - Clique no botão: Aplicar e no botão: Ok.

_______________________________

 

:seta: Depois disto nos diga como está seu PC e se os problemas foram removidos.

[redieu 0]

Olá Antonio!

 

Desculpa a demora pela postagem.

 

Uma coisa que observei é que não consegui mais ativar o firewall, nem indo pelo Painel de Controle nem pelo Alertas de Seguranças do Windows.

 

E nem aqueles balãozinhos de mensagens que habitualmente aparecem no canto inferior direito não aparecem, mas o som delas acontece. Quando tiro um pen-drive ele não mostra a mensagem, mas emite o som. É normal?

 

Fiz todos os procedimentos passados, e observei uma melhora na performance e na taxa de downloads.

 

Log do hijackThis:

 

Logfile of HijackThis v1.99.1

Scan saved at 21:11:51, on 25/4/2010

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\RTHDCPL.EXE

C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe

C:\Arquivos de programas\Spyware Doctor\pctsTray.exe

C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe

C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Arquivos de programas\Nokia\Nokia PC Suite 6\PcSync2.exe

C:\WINDOWS\system32\ctfmon.exe

C:\ARQUIV~1\ARQUIV~1\Nokia\MPAPI\MPAPI3s.exe

C:\ARQUIV~1\ARQUIV~1\PCSuite\Services\SERVIC~1.EXE

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\Arquivos de programas\Spyware Doctor\pctsAuxs.exe

C:\Arquivos de programas\Spyware Doctor\pctsSvc.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Common Files\VMware\USB\vmware-usbarbitrator.exe

C:\WINDOWS\system32\vmnat.exe

C:\WINDOWS\system32\vmnetdhcp.exe

C:\Arquivos de programas\VMware\VMware Workstation\vmware-authd.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\Brasfoot2010\brasfoot2010.exe

C:\Documents and Settings\User\Desktop\HijackThis\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.microsoft.com/fwlink/?linkid=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://br.msn.com/

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Dados de aplicativos\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Easy Gif Animator Toolbar Helper - {96372AB6-15EB-4316-B497-71C741BC548C} - C:\Arquivos de programas\Easy Gif Animator Extension\v3.3.0.3\EasyGifAnimator_Toolbar.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O3 - Toolbar: Easy Gif Animator Toolbar - {35065594-9169-4A34-B167-FC4865038E53} - C:\Arquivos de programas\Easy Gif Animator Extension\v3.3.0.3\EasyGifAnimator_Toolbar.dll

O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKLM\..\Run: [iSTray] "C:\Arquivos de programas\Spyware Doctor\pctsTray.exe"

O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot

O4 - HKCU\..\Run: [swg] "C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

O4 - HKCU\..\Run: [PcSync] C:\Arquivos de programas\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\arquivos de programas\vmware\vmware workstation\vsocklib.dll

O10 - Unknown file in Winsock LSP: c:\arquivos de programas\vmware\vmware workstation\vsocklib.dll

O11 - Options group: [iNTERNATIONAL] International

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab

O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6087.cab

O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveSystemServices.dll

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Help\hxds.dll

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\ARQUIV~1\ARQUIV~1\MICROS~1\OFFICE12\MSOXMLMF.DLL

O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Arquivos de programas\Spyware Doctor\pctsAuxs.exe

O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Arquivos de programas\Spyware Doctor\pctsSvc.exe

O23 - Service: VMware Agent Service (ufad-ws60) - Unknown owner - C:\Arquivos de programas\VMware\VMware Workstation\vmware-ufad.exe" -d "C:\Arquivos de programas\VMware\VMware Workstation\\" -s ufad-p2v.xml (file missing)

O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Arquivos de programas\VMware\VMware Workstation\vmware-authd.exe

O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe

O23 - Service: VMware USB Arbitration Service (VMUSBArbService) - VMware, Inc. - C:\Arquivos de programas\Common Files\VMware\USB\vmware-usbarbitrator.exe

O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe

O23 - Service: wampapache - Unknown owner - c:\wamp\bin\apache\apache2.2.11\bin\httpd.exe" -k runservice (file missing)

O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.1.36\bin\mysqld.exe

[Power Max 54]

:seta: Sugiro que você salve ou imprima essas instruções abaixo, pois em alguns momentos você poderá precisar usar o computador sem o acesso à internet:

 

• Faça o download do Superantispyware;

• Dê um duplo clique no ícone do programa e instale-o clicando em (Next > Aceite o contrato > Next > Next > escolha a opção de salvá-lo na pasta de Arquivos de Programas > Next > Next > aguarde a instalação > clique no botão Finish.

• Aparecerá uma caixa pedindo para que seja escolhida o seu idioma, escolha a opção de Portuguese (BR) e clique no botão Ok.

• Aparecerá uma mensagem perguntando: “Você quer que o SUPERAntiSpyware procure as regras e definições atuais agora (Recomendado)? Conecte o computador à Internet e clique no botão Sim. Aguarde a sua atualização

• Surgirá mais uma tela, clique no botão Avançar > – Avançar > – Avançar > - Avançar > – Concluir.

• Aparecerá uma janela perguntando se você deseja proteger a sua página inicial do Internet Explorer contra mudanças. Escolha a opção desejada.

• Reinicie o computador,em Modo de Segurança (apertando a tecla F8 (ou a tecla F5 em alguns computadores) repetidas vezes quando o computador estiver reiniciando e escolhendo a opção Modo Seguro ou Modo de Segurança);

• Caso não seja possível reiniciar o computador em Modo de segurança, faça o escaneamento no modo normal.

• Execute o SuperAntispyware e clique em: Escaneia seu PC...

• Em Local de escaneamento escolha: C:\ Fixed Drive ( NTFS ) e se você tiver outros discos a serem escaneados marque-os também;

• Marque a opção Faz Escaneamento Completo;

• Clique em Avançar. Aguarde!

• Terminando,abrir-se-à a janela: Resumo de Escaneamento SUPERAntiSpyware. Clique no botão Ok. Clique no botão Avançar > para que as ameaças sejam excluídas.

• Poderá aparecer uma mensagem perguntando se você deseja que o computador seja reiniciado para que os itens sejam excluídos. Clique em Sim.

• Após o reinício do PC, clique com o botão direito do mouse sobre o ícone do SUPERAntiSpyware ao lado do relógio do Windows e escolha a opção – Ver Centro de Controle (Preferências/Opções)... – clique na aba: Estatísticas/Arquivos de Log - Dê um duplo clique com o botão esquerdo do mouse sobre o log e será aberta uma tela com o log, então é só selecionar este Log (Clique no menu: Editar » Selecionar Tudo), depois disso volte novamente no menu: Editar » e clique na opção: Copiar).

• Depois disso é só voltar aqui no fórum e postar este log do SUPERAntiSpyware juntamente com um novo log do Hijackthis para que eles possam ser analizados e nos confirme se todos os problemas foram encontrados pelo SuperAntispyware foram removidos.

• Ficamos no aguardo.

[redieu 0]

Olá Antonio!

 

Fiz o scanner do SuperAntiSpyware e, aparentemente, os arquivos maliciosos foram removidos.

 

Mas aquelas situações que citei no post passado persistem.

 

Logs:

 

Log do SuperAntiSpyware:

 

SUPERAntiSpyware Scan Log

http://www.superantispyware.com

 

Generated 04/27/2010 at 10:12 PM

 

Application Version : 4.35.1000

 

Core Rules Database Version : 4859

Trace Rules Database Version: 2671

 

Scan type : Complete Scan

Total Scan Time : 00:27:01

 

Memory items scanned : 604

Memory threats detected : 0

Registry items scanned : 5849

Registry threats detected : 9

File items scanned : 18008

File threats detected : 3

 

Adware.Tracking Cookie

C:\Documents and Settings\User\Cookies\user@atdmt[3].txt

C:\Documents and Settings\User\Cookies\user@atdmt[1].txt

C:\Documents and Settings\User\Cookies\user@doubleclick[1].txt

 

Adware.MyWebSearch/FunWebProducts

HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MYWEBSEARCHSERVICE

HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MYWEBSEARCHSERVICE#NextInstance

HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MYWEBSEARCHSERVICE\0000

HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MYWEBSEARCHSERVICE\0000#Service

HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MYWEBSEARCHSERVICE\0000#Legacy

HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MYWEBSEARCHSERVICE\0000#ConfigFlags

HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MYWEBSEARCHSERVICE\0000#Class

HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MYWEBSEARCHSERVICE\0000#ClassGUID

HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MYWEBSEARCHSERVICE\0000#DeviceDesc

 

==========================

 

Log do HijackThis:

 

Logfile of HijackThis v1.99.1

Scan saved at 22:24:29, on 27/4/2010

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\RTHDCPL.EXE

C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe

C:\Arquivos de programas\Spyware Doctor\pctsTray.exe

C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe

C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Arquivos de programas\Nokia\Nokia PC Suite 6\PcSync2.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

C:\Arquivos de programas\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\ARQUIV~1\ARQUIV~1\Nokia\MPAPI\MPAPI3s.exe

C:\ARQUIV~1\ARQUIV~1\PCSuite\Services\SERVIC~1.EXE

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\Arquivos de programas\Spyware Doctor\pctsAuxs.exe

C:\Arquivos de programas\Spyware Doctor\pctsSvc.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Common Files\VMware\USB\vmware-usbarbitrator.exe

C:\WINDOWS\system32\vmnat.exe

C:\WINDOWS\system32\vmnetdhcp.exe

C:\Arquivos de programas\VMware\VMware Workstation\vmware-authd.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\notepad.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\Documents and Settings\User\Desktop\HijackThis\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.microsoft.com/fwlink/?linkid=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://br.msn.com/

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Dados de aplicativos\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Easy Gif Animator Toolbar Helper - {96372AB6-15EB-4316-B497-71C741BC548C} - C:\Arquivos de programas\Easy Gif Animator Extension\v3.3.0.3\EasyGifAnimator_Toolbar.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O3 - Toolbar: Easy Gif Animator Toolbar - {35065594-9169-4A34-B167-FC4865038E53} - C:\Arquivos de programas\Easy Gif Animator Extension\v3.3.0.3\EasyGifAnimator_Toolbar.dll

O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKLM\..\Run: [iSTray] "C:\Arquivos de programas\Spyware Doctor\pctsTray.exe"

O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot

O4 - HKCU\..\Run: [swg] "C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

O4 - HKCU\..\Run: [PcSync] C:\Arquivos de programas\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Arquivos de programas\SUPERAntiSpyware\SUPERAntiSpyware.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\arquivos de programas\vmware\vmware workstation\vsocklib.dll

O10 - Unknown file in Winsock LSP: c:\arquivos de programas\vmware\vmware workstation\vsocklib.dll

O11 - Options group: [iNTERNATIONAL] International

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab

O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6087.cab

O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveSystemServices.dll

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Help\hxds.dll

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\ARQUIV~1\ARQUIV~1\MICROS~1\OFFICE12\MSOXMLMF.DLL

O20 - Winlogon Notify: !SASWinLogon - C:\Arquivos de programas\SUPERAntiSpyware\SASWINLO.dll

O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Arquivos de programas\Spyware Doctor\pctsAuxs.exe

O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Arquivos de programas\Spyware Doctor\pctsSvc.exe

O23 - Service: VMware Agent Service (ufad-ws60) - Unknown owner - C:\Arquivos de programas\VMware\VMware Workstation\vmware-ufad.exe" -d "C:\Arquivos de programas\VMware\VMware Workstation\\" -s ufad-p2v.xml (file missing)

O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Arquivos de programas\VMware\VMware Workstation\vmware-authd.exe

O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe

O23 - Service: VMware USB Arbitration Service (VMUSBArbService) - VMware, Inc. - C:\Arquivos de programas\Common Files\VMware\USB\vmware-usbarbitrator.exe

O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe

O23 - Service: wampapache - Unknown owner - c:\wamp\bin\apache\apache2.2.11\bin\httpd.exe" -k runservice (file missing)

O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.1.36\bin\mysqld.exe

[Power Max 54]

:seta: Sugiro que você salve ou imprima essas instruções abaixo, pois em alguns momentos você poderá precisar usar o computador sem o acesso à internet:

 

Faça o download do ComboFix

Salve-o no Desktop (área de trabalho).

* Desabilite as proteções residente de: antivírus, antispywares e firewall ( menos o do Windows! )

* Feche todas as janelas e execute a ferramenta.

* Ps: A execução, por comando, também é possível:

* Vá em Iniciar --> Executar --> Digite ou cole:

"%userprofile%\desktop\Combofix.exe" /killall

 

 

* Clique em Ok.

* Na solicitação: "Negação de garantia de software" --> Clique em Sim.

 

 

* Não possuindo o "'>http://support.microsoft.com/kb/307654/pt-br"]Console de Recuperação",aceite optar pela instalação do mesmo.

* Terminando,clique Sim ou Yes. --> Aguarde.

 

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

 

:!: Caso aconteça a notificação de: Aplicativo Win32 inválido ou alguma mensagem parecida com esta, delete a ferramenta ComboFix.exe e faça, novamente, seu download.

* Salve-a no Desktop,renomeada como: Kombo.exe

* Ps: Nomeie durante o salvamento,e não após salvá-la!

* Ps: Surgindo alguma mensagem de erro, rode o ComboFix.exe em "'>http://dicasetutoriaisparapc.blogspot.com/2009/11/ferramentas-para-reparar-o-modo-seguro.html"]Modo Seguro". <-- Link!

* Ps: Na presença de atividades rootkit,teremos a seguinte janela de notificação:

 

 

* Ps: Anote essas detecções, e dê o OK. Neste caso poste estas detecções que você terá anotado em sua próxima resposta juntamente com os logs pedidos.

* Ps: Para completar as remoções, talvez haja necessidade da ferramenta reiniciar o computador. <-- Aguarde!

* Ps: Para evitar problemas, siga todas as recomendações propostas.

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

 

* Abrir-se-á a janela Auto Scan. --> Aguarde!

* Para finalizar remoções, o ComboFix poderá reiniciar o computador.

* Se houver necessidade, digite a opção ( 1 ) --> Aperte Enter! --> Aguarde a conclusão!

* Durante o scan, evite manusear o mouse ou teclado! <-- Importante!

* Caso, por algum motivo de força maior, precise parar ou sair do ComboFix,tecle "N" ou "2" --> Aperte Enter.

<><><><><><><><><><><><>

 

Poste o log do Combofix que estará em C:\ComboFix.txt juntamente com um novo log do Hijackthis em sua próxima resposta e nos diga como está o seu PC depois disto.

 

Ficamos no aguardo.

[redieu 0]

Olá Antonio!

 

Fiz o scan do ComboFix e correu tudo bem, não foi preciso baixar o programa de novo, rodando normal na primeira execução.

 

Sobre o scan, não percebi nenhuma mudança sobre o quadro atual.

 

Log do ComboFix:

 

ComboFix 10-04-28.03 - User 28/04/2010 21:22:41.5.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.2038.1492 [GMT -3:00]

Executando de: c:\documents and settings\User\desktop\Combofix.exe

Comandos utilizados :: /killall

AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\documents and settings\User\28606753.bat

c:\documents and settings\User\loda0703.bin

c:\documents and settings\User\mob103.bin

c:\documents and settings\User\wm0703.bin

c:\windows\system32\vmnat.exe

 

A cópia de c:\windows\system32\mmc.exe foi encontrada e desinfectada

Cópia restaurada de - c:\windows\system32\dllcache\mmc.exe

 

.

(((((((((((((((( Arquivos/Ficheiros criados de 2010-03-28 to 2010-04-29 ))))))))))))))))))))))))))))

.

 

2010-04-28 23:04 . 2010-04-28 23:05 -------- d-----w- c:\windows\system32\XPSViewer

2010-04-28 23:04 . 2010-04-28 23:04 -------- d-----w- c:\arquivos de programas\Reference Assemblies

2010-04-28 23:04 . 2007-03-22 23:24 28160 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll

2010-04-28 23:04 . 2006-06-29 16:07 14048 ------w- c:\windows\system32\spmsg2.dll

2010-04-28 23:04 . 2010-04-28 23:04 -------- d-----w- c:\windows\LastGood.Tmp

2010-04-28 00:42 . 2010-04-28 00:42 52224 ----a-w- c:\documents and settings\User\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll

2010-04-28 00:41 . 2010-04-28 00:41 117760 ----a-w- c:\documents and settings\User\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL

2010-04-28 00:37 . 2010-04-28 00:37 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\SUPERAntiSpyware.com

2010-04-28 00:37 . 2010-04-28 00:37 -------- d-----w- c:\arquivos de programas\SUPERAntiSpyware

2010-04-28 00:37 . 2010-04-28 00:37 -------- d-----w- c:\documents and settings\User\Dados de aplicativos\SUPERAntiSpyware.com

2010-04-28 00:37 . 2010-04-28 00:37 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Wise Installation Wizard

2010-04-26 13:27 . 2010-04-26 13:36 -------- d-----w- c:\arquivos de programas\Poedit

2010-04-19 23:36 . 2010-04-19 23:36 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache

2010-04-19 13:48 . 2010-04-19 13:48 -------- d-----w- c:\arquivos de programas\SpywareBlaster

2010-04-19 13:37 . 2010-04-19 13:37 -------- d-----w- c:\documents and settings\User\Dados de aplicativos\Auslogics

2010-04-19 13:36 . 2010-04-19 13:36 -------- d-----w- c:\arquivos de programas\Auslogics

2010-04-19 13:24 . 2010-04-19 13:24 -------- d-----w- c:\arquivos de programas\CCleaner

2010-04-19 00:09 . 2008-12-11 11:38 159600 ----a-w- c:\windows\system32\drivers\pctgntdi.sys

2010-04-19 00:09 . 2009-04-03 14:18 130936 ----a-w- c:\windows\system32\drivers\PCTCore.sys

2010-04-19 00:09 . 2008-12-18 15:16 73840 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys

2010-04-19 00:09 . 2010-04-19 00:14 -------- d-----w- c:\arquivos de programas\Arquivos comuns\PC Tools

2010-04-19 00:09 . 2008-12-10 14:36 64392 ----a-w- c:\windows\system32\drivers\pctplsg.sys

2010-04-19 00:09 . 2010-04-28 11:44 -------- d-----w- c:\arquivos de programas\Spyware Doctor

2010-04-19 00:09 . 2010-04-19 00:09 -------- d-----w- c:\documents and settings\User\Dados de aplicativos\PC Tools

2010-04-19 00:09 . 2010-04-19 00:09 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\PC Tools

2010-04-15 17:27 . 2010-04-15 17:27 -------- d-----w- c:\documents and settings\User\.astah

2010-04-14 12:44 . 2010-03-10 06:16 420352 -c----w- c:\windows\system32\dllcache\vbscript.dll

2010-04-14 12:34 . 2010-02-16 19:07 2071040 -c----w- c:\windows\system32\dllcache\ntkrnlpa.exe

2010-04-14 12:34 . 2010-02-16 19:07 2150400 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe

2010-04-14 12:34 . 2010-02-16 19:07 2028544 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe

2010-04-14 12:31 . 2010-02-24 13:11 455680 -c----w- c:\windows\system32\dllcache\mrxsmb.sys

2010-04-11 19:30 . 2010-04-19 16:46 155648 ----a-w- c:\windows\system32\NeroCheck.exe

2010-04-10 21:04 . 2010-04-10 21:04 61440 ----a-w- c:\documents and settings\User\Dados de aplicativos\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-7c824382-n\decora-sse.dll

2010-04-10 21:04 . 2010-04-10 21:04 12800 ----a-w- c:\documents and settings\User\Dados de aplicativos\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-7c824382-n\decora-d3d.dll

2010-04-10 21:04 . 2010-04-10 21:04 503808 ----a-w- c:\documents and settings\User\Dados de aplicativos\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-62e1a40a-n\msvcp71.dll

2010-04-10 21:04 . 2010-04-10 21:04 499712 ----a-w- c:\documents and settings\User\Dados de aplicativos\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-62e1a40a-n\jmc.dll

2010-04-10 21:04 . 2010-04-10 21:04 348160 ----a-w- c:\documents and settings\User\Dados de aplicativos\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-62e1a40a-n\msvcr71.dll

2010-04-08 14:05 . 2010-04-09 13:28 -------- d-----w- c:\arquivos de programas\Windows Live Safety Center

2010-04-05 16:55 . 2009-06-30 12:37 28552 ----a-w- c:\windows\system32\drivers\pavboot.sys

2010-04-05 16:55 . 2010-04-05 16:55 -------- d-----w- c:\arquivos de programas\Panda Security

2010-04-05 16:39 . 2010-04-05 16:39 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\F-Secure

2010-04-05 12:24 . 2010-04-19 14:18 -------- d-----w- c:\windows\BDOSCAN8

2010-04-04 18:57 . 2010-04-04 18:57 -------- d-----w- c:\arquivos de programas\ESET

2010-04-03 04:45 . 2010-04-19 12:19 -------- d-----w- c:\documents and settings\User\Dados de aplicativos\VMware

2010-04-03 04:43 . 2010-04-03 04:43 909312 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\VMware\VMware Workstation\Uninstaller\uninstall.exe

2010-04-03 04:43 . 2010-04-03 04:43 625200 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\VMware\VMware Workstation\Uninstaller\instUtils.dll

2010-04-03 04:43 . 2010-04-03 04:39 958000 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\VMware\VMware Workstation\Uninstaller\vnetlib64.dll

2010-04-03 04:43 . 2010-04-03 04:39 922672 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\VMware\VMware Workstation\Uninstaller\vnetlib64.exe

2010-04-03 04:43 . 2010-04-03 04:39 760368 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\VMware\VMware Workstation\Uninstaller\vnetlib.dll

2010-04-03 04:43 . 2010-04-03 04:39 696320 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\VMware\VMware Workstation\Uninstaller\vnetlib.exe

2010-04-03 04:43 . 2010-04-03 04:39 569344 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\VMware\VMware Workstation\Uninstaller\module_core.dll

2010-04-03 04:43 . 2010-04-03 04:39 360448 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\VMware\VMware Workstation\Uninstaller\module_license.dll

2010-04-03 04:43 . 2010-04-03 04:39 331776 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\VMware\VMware Workstation\Uninstaller\module_ws.dll

2010-04-03 04:43 . 2010-04-03 04:39 731696 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\VMware\VMware Workstation\Uninstaller\vminstutil.dll

2010-04-03 04:42 . 2009-10-22 03:13 59952 ----a-r- c:\windows\system32\vnetinst.dll

2010-04-03 04:42 . 2009-10-22 03:13 16560 ----a-r- c:\windows\system32\drivers\vmnetadapter.sys

2010-04-03 04:42 . 2009-10-22 07:59 334384 ----a-w- c:\windows\system32\vmnetdhcp.exe

2010-04-03 04:42 . 2009-10-22 08:00 26288 ----a-w- c:\windows\system32\drivers\vmnetuserif.sys

2010-04-03 04:41 . 2009-10-22 03:13 18736 ----a-r- c:\windows\system32\drivers\vmnet.sys

2010-04-03 04:41 . 2009-10-22 08:00 760368 ----a-w- c:\windows\system32\vnetlib.dll

2010-04-03 04:41 . 2009-10-22 08:00 23216 ----a-w- c:\windows\system32\drivers\VMkbd.sys

2010-04-03 04:41 . 2010-04-29 00:22 -------- d-----w- c:\documents and settings\LocalService\Dados de aplicativos\VMware

2010-04-03 04:41 . 2010-04-03 04:41 -------- d-----w- c:\arquivos de programas\Common Files

2010-04-03 04:40 . 2010-04-28 20:51 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\VMware

2010-04-03 04:40 . 2010-04-03 04:40 -------- d-----w- c:\arquivos de programas\VMware

2010-04-02 05:11 . 2010-04-02 05:11 -------- d-sh--w- c:\documents and settings\User\UserData

2010-04-02 02:26 . 2010-04-02 02:26 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Symantec Shared

2010-04-01 22:47 . 2010-04-04 22:36 -------- d-----w- C:\Ad-Remover

2010-04-01 22:38 . 2010-04-04 23:07 -------- d-----w- c:\arquivos de programas\Norton Security Scan

2010-04-01 22:34 . 2010-04-03 00:08 1486 ----a-w- C:\UsbFix_Upload_Me_DESKTOP.zip

2010-04-01 14:30 . 2010-04-01 14:30 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Java

2010-04-01 04:04 . 2010-04-04 23:33 -------- d-----w- C:\UsbFix

2010-03-30 13:30 . 2010-04-29 00:28 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Akamai

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-04-29 00:29 . 2010-01-14 03:52 -------- d---a-w- c:\documents and settings\All Users\Dados de aplicativos\TEMP

2010-04-28 23:05 . 2008-04-14 12:00 78582 ----a-w- c:\windows\system32\perfc016.dat

2010-04-28 23:05 . 2008-04-14 12:00 471584 ----a-w- c:\windows\system32\perfh016.dat

2010-04-28 23:04 . 2009-11-07 10:56 -------- d-----w- c:\arquivos de programas\MSBuild

2010-04-27 18:16 . 2010-01-28 14:22 -------- d-----w- c:\documents and settings\User\Dados de aplicativos\Image Zone Express

2010-04-27 17:41 . 2009-11-15 02:55 -------- d-----w- c:\arquivos de programas\Messenger Plus! Live

2010-04-26 02:46 . 2010-01-13 22:58 -------- d-----w- c:\documents and settings\User\Dados de aplicativos\MassTube

2010-04-26 01:51 . 2010-01-13 22:58 -------- d-----w- c:\arquivos de programas\MassTube

2010-04-19 13:33 . 2010-01-24 02:46 -------- d-----w- c:\arquivos de programas\eMule

2010-04-19 02:40 . 2009-12-12 18:40 -------- d-----w- c:\arquivos de programas\Last.fm

2010-04-14 18:08 . 2009-11-07 10:53 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Microsoft Help

2010-04-11 19:30 . 2009-11-07 11:06 -------- d-----w- c:\arquivos de programas\Ahead

2010-04-11 19:27 . 2009-12-07 04:57 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Nero

2010-04-11 19:27 . 2009-12-07 04:57 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Nero

2010-04-05 22:45 . 2009-12-23 19:05 -------- d-----w- c:\arquivos de programas\DivX

2010-04-05 14:47 . 2009-11-07 10:51 98304 ----a-w- c:\windows\system32\igfxtray.exe

2010-04-04 23:16 . 2009-11-07 11:06 -------- d-----w- c:\arquivos de programas\Windows Media Connect 2

2010-04-04 23:10 . 2009-12-19 22:49 -------- d-----w- c:\arquivos de programas\Truck_Racing_By_Renault_Trucks

2010-04-04 23:09 . 2009-11-15 00:24 -------- d-----w- c:\arquivos de programas\sges-v3-prelude

2010-04-04 23:08 . 2009-11-30 00:52 -------- d-----w- c:\arquivos de programas\QuickTime Alternative

2010-04-04 23:08 . 2009-11-08 17:12 -------- d-----w- c:\arquivos de programas\Project64 1.6

2010-04-04 23:08 . 2009-12-30 18:21 -------- d-----w- c:\arquivos de programas\PluginLetras

2010-04-04 22:59 . 2009-11-15 00:19 -------- d-----w- c:\arquivos de programas\NetBeans 6.7.1

2010-04-04 22:56 . 2009-12-10 14:50 -------- d-----w- c:\arquivos de programas\Malwarebytes' Anti-Malware

2010-04-01 14:29 . 2009-11-14 21:42 -------- d-----w- c:\arquivos de programas\Java

2010-03-30 17:13 . 2009-11-07 11:01 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Adobe

2010-03-30 03:46 . 2009-12-10 14:50 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-03-30 03:45 . 2009-12-10 14:50 20824 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-03-29 21:18 . 2010-03-29 21:18 -------- d-----w- c:\arquivos de programas\Marcos Velasco Security

2010-03-29 12:45 . 2008-04-14 12:00 141312 ----a-w- c:\windows\system32\taskmgr.exe

2010-03-29 12:45 . 2008-04-14 12:00 33280 ----a-w- c:\windows\system32\rundll32.exe

2010-03-29 12:45 . 2008-04-14 12:00 11776 ----a-w- c:\windows\system32\regsvr32.exe

2010-03-29 12:45 . 2008-04-14 12:00 69632 -c--a-w- c:\windows\system32\odbcconf.exe

2010-03-29 12:45 . 2009-11-07 10:42 12288 -c--a-w- c:\windows\system32\mstinit.exe

2010-03-29 12:45 . 2008-04-14 12:00 45568 ----a-w- c:\windows\system32\mshta.exe

2010-03-29 12:45 . 2008-04-14 12:00 100864 -c--a-w- c:\windows\system32\logagent.exe

2010-03-29 12:45 . 2008-04-14 12:00 39424 -c--a-w- c:\windows\system32\grpconv.exe

2010-03-29 12:45 . 2008-04-14 12:00 400896 ----a-w- c:\windows\system32\cmd.exe

2010-03-29 12:45 . 2008-04-14 12:00 15360 ----a-w- c:\windows\system32\ctfmon.exe

2010-03-29 12:45 . 2009-11-07 10:42 151040 -c--a-w- c:\windows\pchealth\UploadLB\Binaries\UploadM.exe

2010-03-29 12:42 . 2009-11-08 17:12 40960 ----a-w- c:\documents and settings\User\Dados de aplicativos\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\NewShortcut1_9559F7CA5E344237A2D9D856464AD727.exe

2010-03-29 12:42 . 2009-11-08 17:12 40960 ----a-w- c:\documents and settings\User\Dados de aplicativos\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\ARPPRODUCTICON.exe

2010-03-29 12:31 . 2009-11-07 11:05 40960 ----a-w- c:\arquivos de programas\Uninstall_CDS.exe

2010-03-26 16:56 . 2010-03-26 16:56 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\GbPlugin

2010-03-25 13:56 . 2010-03-26 16:56 131360 ----a-w- c:\documents and settings\User\Dados de aplicativos\Mozilla\Firefox\Profiles\0qsq6b92.default\extensions\{87F8774F-B485-47E2-A755-A40A8A5E886C}\components\GbMzhBb.dll

2010-03-19 12:26 . 2010-03-03 17:20 -------- d-----w- c:\arquivos de programas\Charles

2010-03-12 03:42 . 2010-03-12 03:42 300616 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Real\RealPlayer\BrowserRecordPlugin\Common\rpmainbrowserrecordplugin.dll

2010-03-12 03:42 . 2010-03-12 03:42 118784 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimwmp.dll

2010-03-12 03:42 . 2010-03-12 03:42 118784 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimswf.dll

2010-03-12 03:42 . 2010-03-12 03:42 118784 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimrp.dll

2010-03-12 03:42 . 2010-03-12 03:42 118784 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimqt.dll

2010-03-12 03:42 . 2010-03-12 03:42 118784 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\Components\nprpffbrowserrecordext.dll

2010-03-12 03:42 . 2010-03-12 03:42 118784 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchromebrowserrecordhelper.dll

2010-03-12 03:42 . 2010-03-12 03:42 329312 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll

2010-03-12 03:42 . 2009-11-30 00:43 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Real

2010-03-12 03:41 . 2010-03-12 03:41 -------- d-----w- c:\arquivos de programas\Real

2010-03-12 03:41 . 2010-03-12 03:41 -------- d-----w- c:\arquivos de programas\Arquivos comuns\xing shared

2010-03-12 03:41 . 2003-03-18 23:14 499712 ----a-w- c:\windows\system32\msvcp71.dll

2010-03-12 03:41 . 2003-02-21 07:42 348160 ----a-w- c:\windows\system32\msvcr71.dll

2010-03-10 06:16 . 2008-04-14 12:00 420352 ----a-w- c:\windows\system32\vbscript.dll

2010-03-07 05:24 . 2010-02-12 13:47 -------- d-----w- c:\arquivos de programas\K-Lite Codec Pack

2010-03-07 05:03 . 2010-03-07 04:39 -------- d-----w- c:\documents and settings\User\Dados de aplicativos\FileZilla

2010-03-03 17:26 . 2010-03-03 17:20 -------- d-----w- c:\documents and settings\User\Dados de aplicativos\Charles

2010-02-25 06:17 . 2008-04-14 12:00 916480 ----a-w- c:\windows\system32\wininet.dll

2010-02-24 13:11 . 2008-04-14 12:00 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2010-02-16 19:07 . 2008-04-14 12:00 2150400 ------w- c:\windows\system32\ntoskrnl.exe

2010-02-16 19:07 . 2008-04-13 19:00 2028544 ------w- c:\windows\system32\ntkrnlpa.exe

2010-02-12 04:34 . 2008-04-14 12:00 100864 ----a-w- c:\windows\system32\6to4svc.dll

2010-02-11 12:02 . 2008-04-14 12:00 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys

2010-02-02 18:00 . 2010-02-12 13:47 85504 ----a-w- c:\windows\system32\ff_vfw.dll

.

 

------- Sigcheck -------

 

[-] 2010-03-29 . 9BA70E8513FBE68C5D8D7FD006A9E2DD . 15360 . . [5.1.2600.5512] . . c:\windows\system32\ctfmon.exe

[7] 2008-04-14 . 4E486ADFE3A0B9ED0EB0639902E9F64F . 15360 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\ctfmon.exe

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"swg"="c:\arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-12-20 39408]

"PcSync"="c:\arquivos de programas\Nokia\Nokia PC Suite 6\PcSync2.exe" [2010-04-05 1306624]

"msnmsgr"="c:\arquivos de programas\Windows Live\Messenger\msnmsgr.exe" [2010-03-29 3955712]

"SUPERAntiSpyware"="c:\arquivos de programas\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-03-29 2012912]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2010-03-29 15360]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"igfxtray"="c:\windows\system32\igfxtray.exe" [2010-04-05 98304]

"RTHDCPL"="RTHDCPL.EXE" [2008-03-26 16859136]

"SunJavaUpdateSched"="c:\arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe" [2010-02-18 321768]

"avgnt"="c:\arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" [2010-04-16 209153]

"ISTray"="c:\arquivos de programas\Spyware Doctor\pctsTray.exe" [2008-12-08 1173384]

"TkBellExe"="c:\arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" [2010-04-05 196608]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2010-03-29 15360]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"HonorAutoRunSetting"= 0 (0x0)

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"HonorAutoRunSetting"= 0 (0x0)

 

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\arquivos de programas\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

2009-09-03 18:21 548352 ----a-w- c:\arquivos de programas\SUPERAntiSpyware\SASWINLO.dll

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ rmslt.nt\0autocheck autochk *

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]

@=""

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]

@=""

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^HP Digital Imaging Monitor.lnk]

path=c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\HP Digital Imaging Monitor.lnk

backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager]

2008-08-14 10:58 611712 ----a-w- c:\arquivos de programas\Arquivos comuns\Adobe\CS4ServiceManager\CS4ServiceManager.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]

2010-03-29 12:45 15360 ----a-w- c:\windows\system32\ctfmon.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]

2010-04-05 13:49 24064 ----a-w- c:\arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]

2010-04-05 13:34 49152 ----a-w- c:\arquivos de programas\HP\HP Software Update\hpwuschd2.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]

2010-03-29 12:37 3955712 ----a-w- c:\arquivos de programas\Windows Live\Messenger\msnmsgr.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

2010-04-19 16:46 155648 ----a-w- c:\windows\system32\NeroCheck.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2010-04-05 14:18 417792 ----a-w- c:\arquivos de programas\QuickTime Alternative\QTTask.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]

2010-04-05 13:24 196608 ----a-w- c:\arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vmware-tray]

2009-10-22 07:59 129584 ----a-w- c:\arquivos de programas\VMware\VMware Workstation\vmware-tray.exe

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Arquivos de programas\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Arquivos de programas\\Microsoft Office\\Office12\\GROOVE.EXE"=

"c:\\Arquivos de programas\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Arquivos de programas\\Java\\jre6\\bin\\java.exe"=

"c:\\Arquivos de programas\\Java\\jdk1.6.0_17\\bin\\java.exe"=

"c:\\wamp\\bin\\apache\\Apache2.2.11\\bin\\httpd.exe"= c:\\wamp\\bin\\apache\\apache2.2.11\\bin\\httpd.exe

"c:\\Arquivos de programas\\QuickTime Alternative\\qttask.exe"=

"c:\\Arquivos de programas\\Arquivos comuns\\Microsoft Shared\\Windows Live\\WLLoginProxy.exe"=

"c:\\WINDOWS\\system32\\igfxtray.exe"=

"c:\\Documents and Settings\\User\\Desktop\\ComboFix.exe"=

"c:\\Arquivos de programas\\HP\\HP Software Update\\HPWuSchd2.exe"=

"c:\\Arquivos de programas\\Microsoft Office\\Office12\\GrooveMonitor.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqste08.exe"= c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqSTE08.exe

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hposfx08.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hposid01.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpoews01.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=

"c:\\Arquivos de programas\\Arquivos comuns\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=

"c:\\Arquivos de programas\\Truck_Racing_By_Renault_Trucks\\Bin\\RTR.exe"=

"c:\\Arquivos de programas\\Google\\Common\\Google Updater\\GoogleUpdaterService.exe"=

"c:\\WINDOWS\\system32\\wscntfy.exe"=

"c:\\Arquivos de programas\\Arquivos comuns\\Real\\Update_OB\\RealOneMessageCenter.exe"=

"c:\\WINDOWS\\system32\\wuauclt.exe"=

"c:\\Arquivos de programas\\eMule\\emule.exe"=

"c:\\Arquivos de programas\\Last.fm\\LastFM.exe"=

"c:\\ARQUIV~1\\ARQUIV~1\\PCSuite\\DATALA~1\\DATALA~1.EXE"=

"c:\\ARQUIV~1\\ARQUIV~1\\Nokia\\MPAPI\\MPAPI3s.exe"=

"c:\\Arquivos de programas\\Java\\jre6\\bin\\jusched.exe"=

"c:\\Arquivos de programas\\Nokia\\Nokia PC Suite 6\\PcSync2.exe"=

"c:\\Arquivos de programas\\Microsoft Office\\Office12\\msohtmed.exe"=

"c:\\Arquivos de programas\\Real\\RealUpgrade\\realupgrade.exe"=

"c:\\ARQUIV~1\\Nokia\\NOKIAP~1\\LAUNCH~1.EXE"=

"c:\\Arquivos de programas\\Microsoft Office\\Office12\\WINWORD.EXE"=

"c:\\Arquivos de programas\\Arquivos comuns\\Real\\Update_OB\\realsched.exe"=

 

[HKLM\~\Services\\SERVIC~1.EXE"=]

"c:\\WINDOWS\\system32\\cmd.exe"=

"c:\\WINDOWS\\system32\\regsvr32.exe"=

"c:\\Arquivos de programas\\Real\\RealPlayer\\RealPlay.exe"=

"c:\\Arquivos de programas\\VMware\\VMware Workstation\\vmware-authd.exe"=

"c:\\WINDOWS\\RTHDCPL.EXE"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqpprop.exe"=

"c:\\WINDOWS\\system32\\NeroCheck.exe"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"5353:TCP"= 5353:TCP:Adobe CSI CS4

"1031:TCP"= 1031:TCP:Akamai NetSession Interface

"5000:UDP"= 5000:UDP:Akamai NetSession Interface

 

R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [5/4/2010 13:55 28552]

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [18/4/2010 21:09 130936]

R1 SASDIFSV;SASDIFSV;c:\arquivos de programas\SUPERAntiSpyware\sasdifsv.sys [17/2/2010 11:25 12872]

R1 SASKUTIL;SASKUTIL;c:\arquivos de programas\SUPERAntiSpyware\SASKUTIL.SYS [17/2/2010 11:15 66632]

R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [14/4/2008 09:00 14336]

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\arquivos de programas\Avira\AntiVir Desktop\sched.exe [7/11/2009 10:46 108289]

R2 sdAuxService;PC Tools Auxiliary Service;c:\arquivos de programas\Spyware Doctor\pctsAuxs.exe [18/4/2010 21:09 348752]

R2 vmci;VMware vmci;c:\windows\system32\drivers\vmci.sys [22/10/2009 05:00 70704]

R2 VMUSBArbService;VMware USB Arbitration Service;c:\arquivos de programas\Common Files\VMware\USB\vmware-usbarbitrator.exe [22/10/2009 03:47 563760]

R3 SASENUM;SASENUM;c:\arquivos de programas\SUPERAntiSpyware\SASENUM.SYS [17/2/2010 11:15 12872]

S2 gupdate1ca71565e45f57;Google Update Service (gupdate1ca71565e45f57); [x]

S3 NDISKIO;NDISKIO; [x]

S3 nsak;nsak; [x]

 

--- =Outros Serviços/Drivers Na Memória ---

 

*Deregistered* - mchInjDrv

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

Akamai REG_MULTI_SZ Akamai

.

Conteúdo da pasta 'Tarefas Agendadas'

 

2010-04-29 c:\windows\Tasks\OGALogon.job

- c:\windows\system32\OGAEXEC.exe [2009-08-03 18:07]

 

2010-04-29 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-823518204-1275210071-1801674531-1003.job

- c:\arquivos de programas\Real\RealUpgrade\realupgrade.exe [2010-02-25 12:36]

 

2010-04-29 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-823518204-1275210071-1801674531-1003.job

- c:\arquivos de programas\Real\RealUpgrade\realupgrade.exe [2010-02-25 12:36]

.

.

------- Scan Suplementar -------

.

IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~2\Office12\EXCEL.EXE/3000

IE: Google Sidewiki...

LSP: c:\arquivos de programas\VMware\VMware Workstation\vsocklib.dll

FF - ProfilePath - c:\documents and settings\User\Dados de aplicativos\Mozilla\Firefox\Profiles\0qsq6b92.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.babylon.com/web/{searchTerms}?babsrc=browsersearch

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://www.uol.com.br/

FF - component: c:\documents and settings\All Users\Dados de aplicativos\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordext.dll

FF - component: c:\documents and settings\User\Dados de aplicativos\Mozilla\Firefox\Profiles\0qsq6b92.default\extensions\{09ec805c-cb2e-4d53-b0d3-a75a428b81c7}\components\FFExternalAlert.dll

FF - component: c:\documents and settings\User\Dados de aplicativos\Mozilla\Firefox\Profiles\0qsq6b92.default\extensions\{09ec805c-cb2e-4d53-b0d3-a75a428b81c7}\components\RadioWMPCore.dll

FF - component: c:\documents and settings\User\Dados de aplicativos\Mozilla\Firefox\Profiles\0qsq6b92.default\extensions\{87F8774F-B485-47E2-A755-A40A8A5E886C}\components\GbMzhBb.dll

FF - component: c:\documents and settings\User\Dados de aplicativos\Mozilla\Firefox\Profiles\0qsq6b92.default\extensions\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}\components\FFExternalAlert.dll

FF - component: c:\documents and settings\User\Dados de aplicativos\Mozilla\Firefox\Profiles\0qsq6b92.default\extensions\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}\components\RadioWMPCore.dll

FF - component: c:\documents and settings\User\Dados de aplicativos\Mozilla\Firefox\Profiles\0qsq6b92.default\extensions\{f4c23ca5-ed6c-4376-80ad-62f9161a7286}\components\FFExternalAlert.dll

FF - component: c:\documents and settings\User\Dados de aplicativos\Mozilla\Firefox\Profiles\0qsq6b92.default\extensions\{f4c23ca5-ed6c-4376-80ad-62f9161a7286}\components\RadioWMPCore.dll

FF - plugin: c:\arquivos de programas\DivX\DivX Plus Web Player\npdivx32.dll

FF - plugin: c:\arquivos de programas\Google\Update\1.2.183.13\npGoogleOneClick8.dll

FF - plugin: c:\arquivos de programas\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll

FF - plugin: c:\arquivos de programas\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll

FF - plugin: c:\arquivos de programas\Mozilla Firefox\plugins\np-mswmp.dll

FF - plugin: c:\arquivos de programas\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll

FF - plugin: c:\arquivos de programas\Mozilla Firefox\plugins\npOGAPlugin.dll

 

---- FIREFOX POLICIES ----

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");

.

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-04-28 21:29

Windows 5.1.2600 Service Pack 3 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros/arquivos ocultos ...

 

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

 

**************************************************************************

.

--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

 

- - - - - - - > 'winlogon.exe'(840)

c:\arquivos de programas\SUPERAntiSpyware\SASWINLO.dll

c:\windows\system32\WININET.dll

 

- - - - - - - > 'explorer.exe'(2176)

c:\windows\system32\WININET.dll

c:\arquiv~1\WINDOW~2\wmpband.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\arquivos de programas\Nokia\Nokia PC Suite 6\PhoneBrowser.dll

c:\arquivos de programas\Nokia\Nokia PC Suite 6\PCSCM.dll

c:\windows\system32\ConnAPI.DLL

c:\arquivos de programas\Nokia\Nokia PC Suite 6\Lang\PhoneBrowser_por-br.nlr

c:\arquivos de programas\Nokia\Nokia PC Suite 6\Resource\PhoneBrowser_Nokia.ngr

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Outros Processos em Execução ------------------------

.

c:\windows\RTHDCPL.EXE

c:\arquiv~1\ARQUIV~1\Nokia\MPAPI\MPAPI3s.exe

c:\arquiv~1\ARQUIV~1\PCSuite\Services\SERVIC~1.EXE

c:\arquivos de programas\Avira\AntiVir Desktop\avguard.exe

c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

c:\windows\system32\HPZipm12.exe

c:\windows\system32\vmnetdhcp.exe

c:\windows\system32\wscntfy.exe

c:\arquivos de programas\Spyware Doctor\pctsSvc.exe

.

**************************************************************************

.

Tempo para conclusão: 2010-04-28 21:32:42 - Máquina reiniciou

ComboFix-quarantined-files.txt 2010-04-29 00:32

ComboFix2.txt 2009-12-12 15:38

 

Pré-execução: 18 pasta(s) 57.684.930.560 bytes disponíveis

Pós execução: 20 pasta(s) 57.820.561.408 bytes disponíveis

 

- - End Of File - - 3E4F1124CA4FDE96C06EC1EB82CAB3F5

 

================================================

 

Log do HijackThis:

 

Logfile of HijackThis v1.99.1

Scan saved at 21:33:50, on 28/4/2010

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe

C:\Arquivos de programas\Spyware Doctor\pctsTray.exe

C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe

C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Arquivos de programas\Nokia\Nokia PC Suite 6\PcSync2.exe

C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

C:\ARQUIV~1\ARQUIV~1\Nokia\MPAPI\MPAPI3s.exe

C:\ARQUIV~1\ARQUIV~1\PCSuite\Services\SERVIC~1.EXE

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe

C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\Arquivos de programas\Spyware Doctor\pctsAuxs.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Common Files\VMware\USB\vmware-usbarbitrator.exe

C:\WINDOWS\system32\vmnetdhcp.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Spyware Doctor\pctsSvc.exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\system32\notepad.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\Documents and Settings\User\Desktop\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://br.msn.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Dados de aplicativos\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Easy Gif Animator Toolbar Helper - {96372AB6-15EB-4316-B497-71C741BC548C} - C:\Arquivos de programas\Easy Gif Animator Extension\v3.3.0.3\EasyGifAnimator_Toolbar.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O3 - Toolbar: Easy Gif Animator Toolbar - {35065594-9169-4A34-B167-FC4865038E53} - C:\Arquivos de programas\Easy Gif Animator Extension\v3.3.0.3\EasyGifAnimator_Toolbar.dll

O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKLM\..\Run: [iSTray] "C:\Arquivos de programas\Spyware Doctor\pctsTray.exe"

O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot

O4 - HKCU\..\Run: [swg] "C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

O4 - HKCU\..\Run: [PcSync] C:\Arquivos de programas\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog

O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Arquivos de programas\SUPERAntiSpyware\SUPERAntiSpyware.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\arquivos de programas\vmware\vmware workstation\vsocklib.dll

O10 - Unknown file in Winsock LSP: c:\arquivos de programas\vmware\vmware workstation\vsocklib.dll

O11 - Options group: [iNTERNATIONAL] International

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab

O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6087.cab

O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveSystemServices.dll

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Help\hxds.dll

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\ARQUIV~1\ARQUIV~1\MICROS~1\OFFICE12\MSOXMLMF.DLL

O20 - Winlogon Notify: !SASWinLogon - C:\Arquivos de programas\SUPERAntiSpyware\SASWINLO.dll

O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Arquivos de programas\Spyware Doctor\pctsAuxs.exe

O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Arquivos de programas\Spyware Doctor\pctsSvc.exe

O23 - Service: VMware Agent Service (ufad-ws60) - Unknown owner - C:\Arquivos de programas\VMware\VMware Workstation\vmware-ufad.exe" -d "C:\Arquivos de programas\VMware\VMware Workstation\\" -s ufad-p2v.xml (file missing)

O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Arquivos de programas\VMware\VMware Workstation\vmware-authd.exe

O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe

O23 - Service: VMware USB Arbitration Service (VMUSBArbService) - VMware, Inc. - C:\Arquivos de programas\Common Files\VMware\USB\vmware-usbarbitrator.exe

O23 - Service: VMware NAT Service - Unknown owner - C:\WINDOWS\system32\vmnat.exe (file missing)

O23 - Service: wampapache - Unknown owner - c:\wamp\bin\apache\apache2.2.11\bin\httpd.exe" -k runservice (file missing)

O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.1.36\bin\mysqld.exe

[Power Max 54]

Seus logs não estão mostrando nada mais de perigoso.

____________________________

 

Uma coisa que observei é que não consegui mais ativar o firewall, nem indo pelo Painel de Controle nem pelo alertas de Seguranças do Windows.

:seta: Sugiro que você instale um ótimo firewall gratuito como o '>http://freedownloads2000.blogspot.com/2009/06/outpost-firewall-free-2009.html"]Outpost Firewall Free 2009, que é um dos melhores firewalls da atualidade.

____________________________

 

E nem aqueles balãozinhos de mensagens que habitualmente aparecem no canto inferior direito não aparecem, mas o som delas acontece. Quando tiro um pen-drive ele não mostra a mensagem, mas emite o som. É normal?

:seta: Esses balõezinhos são do firewall? Quanto a esta questão do pendrive não sei te dizer porque quase não uso o pendrive. Seria bom neste caso do pendrive criar um novo tópico na área mais específica do fórum para que os assistentes desta área te orientem na solução deste problema.

[redieu 0]

Olá Antonio!

 

Muito obrigado pela ajuda, pela paciência em analisar os logs e pela educação nas respostas. :D

 

Sobre o firewall, já consegui ativá-lo novamente, às vezes ele fica desativado quando a conexão da internet não funciona, pois não aparece que está ativado nas conexões de rede. Não sei dizer o porquê.

 

Sobre os balõezinhos, são de modo geral, porque geralmente quando o firewall não está ativado ou o antivírus está desatualizado, acusa aquela mensagem no canto inferior direito da Central de Segurança por meio daquele balão. Aqui esse recurso não funciona, como te disse, e também quando retiro algum dispositivo usb. Mas acredito que isso é detalhe.

 

No mais, valeu mesmo pela ajuda. E instalarei o firewall sim, obrigado pela dica.

 

Abraços,

Ueider Moraes. B)

[Power Max 54]

Olá Antonio!

 

Muito obrigado pela ajuda, pela paciência em analisar os logs e pela educação nas respostas. :D

 

Sobre o firewall, já consegui ativá-lo novamente, às vezes ele fica desativado quando a conexão da internet não funciona, pois não aparece que está ativado nas conexões de rede. Não sei dizer o porquê.

 

Sobre os balõezinhos, são de modo geral, porque geralmente quando o firewall não está ativado ou o antivírus está desatualizado, acusa aquela mensagem no canto inferior direito da Central de Segurança por meio daquele balão. Aqui esse recurso não funciona, como te disse, e também quando retiro algum dispositivo usb. Mas acredito que isso é detalhe.

 

No mais, valeu mesmo pela ajuda. E instalarei o firewall sim, obrigado pela dica.

 

Abraços,

Ueider Moraes. B)

Ficamos felizes que os problemas principais foram resolvidos. Quanto a estes problemas menores, você poderia também criar um tópico na área mais adequada ao seu problema no Fórum e seguir as dicas que o pessoal de lá te passar, como tinha te dito.

_____________________________

 

:seta: Siga as dicas deste tutorial para fazer uma limpeza com o Tools Cleaner:

 

Tutorial do ToolsCleaner

_____________________________

 

:) Foi um prazer ajudar, conte sempre conosco.

[Power Max 54]

PROBLEMA RESOLVIDO!

 

Caso o autor necessite que o tópico seja reaberto basta enviar uma Mensagem Privada para um Moderador com um link para o tópico.