[Resolvido] &nbspSera que pode ser um malware ou algo do tipo?

[Bond2006 0]

Ola pessoal eu nao consigo abrir o IE toda vez que tento aparece uma mensagem dizendo que o Ie encontrou um erro e em seguida aparece o relatorio de erros e depois que eu clico nele para envia-lo e ele termina de enviar o relatorio e eu clico nele para fechar,na sequencia a pagina do IE some e se eu tento abri-la recebo a mensagem novamente e volto a estaca zero,por favor me ajudem,abaixo segue o log,ate breve.

 

 

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 00:34:38, on 08/12/10

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\AVG\AVG9\avgchsvx.exe

C:\Arquivos de programas\AVG\AVG9\avgrsx.exe

C:\Arquivos de programas\AVG\AVG9\avgcsrvx.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\AVG\AVG9\avgwdsvc.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\AVG\AVG9\avgnsx.exe

C:\ARQUIV~1\AVG\AVG9\avgtray.exe

C:\Documents and Settings\home\Local Settings\Apps\F.lux\flux.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Documents and Settings\home\Configurações locais\Dados de aplicativos\Google\Update\1.2.183.39\GoogleCrashHandler.exe

C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

C:\Arquivos de programas\Click21\DialUP.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

C:\Arquivos de programas\Windows Live\Messenger\usnsvc.exe

C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

C:\WINDOWS\system32\taskmgr.exe

C:\Arquivos de programas\AVG\AVG9\avgupd.exe

C:\HiJackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.uol.com.br/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Arquivos de programas\AVG\AVG9\avgssie.dll

O2 - BHO: IERetObj Class - {4F01A5CD-45EC-4395-BD4F-A9AA6556A19E} - C:\Arquivos de programas\HalogenWare\Retriever\plugins\IECapture\IERetriever.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll

O2 - BHO: Mininova Toolbar - {f592709f-ff4a-4862-b659-4afabda56312} - C:\Arquivos de programas\Mininova\tbMin0.dll

O3 - Toolbar: Mininova Toolbar - {f592709f-ff4a-4862-b659-4afabda56312} - C:\Arquivos de programas\Mininova\tbMin0.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar_32.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [AVG9_TRAY] C:\ARQUIV~1\AVG\AVG9\avgtray.exe

O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\home\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe" /c

O4 - HKCU\..\Run: [F.lux] "C:\Documents and Settings\home\Local Settings\Apps\F.lux\flux.exe" /noshow

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [bitComet] "C:\Arquivos de programas\BitComet\BitComet.exe" /tray

O4 - HKCU\..\Run: [swg] "C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: is-A6V1Q.lnk = C:\Documents and Settings\home\Meus documentos\Virus Removal Tool\is-A6V1Q\startup.exe

O8 - Extra context menu item: Google Sidewiki... - res://C:\Arquivos de programas\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1213471087570

O17 - HKLM\System\CCS\Services\Tcpip\..\{E325F22B-DE66-460A-9689-034B6AFD963F}: NameServer = 200.227.128.21 200.227.128.20

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Arquivos de programas\AVG\AVG9\avgpp.dll

O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll

O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Arquivos de programas\AVG\AVG9\avgwdsvc.exe

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

 

--

End of file - 7386 bytes

[wings 22]

Olá Bond2006

 

 

*Baixe o MalwareBytes Anti-malware e salve-o no desktop

 

*Instale o programa e aguarde a atualização

*O programa será aberto automaticamente

*Selecione [Verificação completa] e clique [Verificar] > [Verificar]

*Ao finalizar o scan, clique [sIM] > [OK] > [Ver Resultados]

*Clique [Remover Selecionados]

*Cole o relatório apresentado

[Bond2006 0]

Ola obrigado por responder, segue abaixo o log :

 

 

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

 

Versão da Base de Dados: 5284

 

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

 

10/12/10 04:27:56

mbam-log-2010-12-10 (04-27-56).txt

 

Tipo de Verificação: Verificação Completa (C:\|)

Objetos escaneados: 197362

Tempo decorrido: 1 hora(s), 55 minuto(s), 29 segundo(s)

 

Processos de Memória Infectados: 0

Módulos de Memória Infectados: 0

Chaves de Registro Infectadas: 0

Valores de Registro Infectados: 0

Itens de Dados no Registro Infectados: 0

Pastas Infectadas: 0

Arquivos Infectados: 0

 

Processos de Memória Infectados:

(Não foram detectados ítens maliciosos)

 

Módulos de Memória Infectados:

(Não foram detectados ítens maliciosos)

 

Chaves de Registro Infectadas:

(Não foram detectados ítens maliciosos)

 

Valores de Registro Infectados:

(Não foram detectados ítens maliciosos)

 

Itens de Dados no Registro Infectados:

(Não foram detectados ítens maliciosos)

 

Pastas Infectadas:

(Não foram detectados ítens maliciosos)

 

Arquivos Infectados:

(Não foram detectados ítens maliciosos)

 

 

 

PS:O problema continua.

[wings 22]

*Desative temporariamente seu antivírus

Clique em [iniciar] > [Programas] > [AVG]

Abra a Interface do usuário do AVG

Duplo clique na Proteção Residente

Desmarque a opção "Proteção Residente ativa"

Salve as alterações

*Baixe o ComboFix e salve-o no desktop

 

*Execute o Combofix e aceite o contrato

 

*Se o console de recuperação do Windows já estiver instalado, o ComboFix continuará o processo automaticamente. Caso contrário, clique [sIM] para instalar e depois [sIM] para continuar.

 

 

 

*Aguarde a conclusão de todas as etapas

 

 

*Não use o mouse e o teclado durante a execução do Combofix!!..... Para interromper o procedimento tecle [N] ou [2] e depois [ENTER]

 

*Cole o relatório C:\combofix.txt

[Bond2006 0]

Ola baixei o ComboFix,fiz o procedimento descrito para parar o AVG e tentei rodar o Combo ,mais abriu-se uma caixa de dialogo em ingles dizendo que o Combo nao pode rodar ate o AVG ser fechado,procurei a opçao Fechar no AVG e nao encontrei entao tentei desinstala-lo mais deu erro no final e nao consegui,entao a minha duvida é:Posso executar o Combo em modo de segurança e depois postar o log aqui,ou isso afetaria o resultado final do diagnostico dele?

[wings 22]

Pode fazer em Modo de Segurança...

[Bond2006 0]

Olá tentei rodar o Combo pelo modo de segurança mais recebi essa mensagem na caixa de dialogo:"ComboFix cannot run when AVG is installed.

This is due to AVG's targeting of ComboFix's files/processes.

It would be dangerous to continue.

 

Please uninstall AVG or use another tool"

 

É possivel fechar o AVG de algum modo pra que ele nao venha a interferir no exame do COmbo?

Ha algum modo de desinstalar o AVG sem que de erro no final?

[wings 22]

1.

Clique em Iniciar > Executar > copie e cole:

"%userprofile%\desktop\combofix.exe" /killall

 

Clique [OK] > [Executar]....aguarde a execução do programa

[Bond2006 0]

Ola abaixo segue o log e eu gostaria de aproveitar para te pedir uma indicaçao de um bom Antivirus Free porque esse Avg que eu usava se mostrou ineficaz,obrigado.

 

 

 

 

 

 

ComboFix 10-12-09.04 - home 13/12/10 11:33:32.61.1 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.446.137 [GMT -2:00]

Executando de: c:\documents and settings\home\Desktop\ComboFix.exe

.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\windows\ST6UNST.000

c:\windows\system32\arp.exe

.

---- Execuções precedente -------

.

c:\arquivos de programas\Mozilla Firefox\plc4.dll

 

.

((((((((((((((((((((((((((((((((((((((( Drivers/Serviços )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

-------\Legacy_USNJSVC

-------\Service_usnjsvc

 

 

(((((((((((((((( Arquivos/Ficheiros criados de 2010-11-13 to 2010-12-13 ))))))))))))))))))))))))))))

.

 

2010-12-11 14:42 . 2010-12-11 14:42 -------- d-sh--w- c:\documents and settings\Administrador\IETldCache

2010-12-10 03:57 . 2010-12-10 03:57 -------- d-----w- c:\documents and settings\home\Dados de aplicativos\Malwarebytes

2010-12-10 03:56 . 2010-04-29 17:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-12-10 03:56 . 2010-12-10 03:56 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Malwarebytes

2010-12-10 03:56 . 2010-04-29 17:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-12-10 03:56 . 2010-12-10 03:57 -------- d-----w- c:\arquivos de programas\Malwarebytes' Anti-Malware

2010-11-29 07:28 . 2010-11-29 07:28 -------- d-----w- c:\documents and settings\NetworkService\Configurações locais\Dados de aplicativos\Google

2010-11-29 07:23 . 2010-11-29 07:23 -------- d-----w- c:\documents and settings\LocalService\Configurações locais\Dados de aplicativos\Google

2010-11-29 03:15 . 2010-12-13 13:03 -------- d-----w- c:\documents and settings\home\Dados de aplicativos\BitComet

2010-11-29 03:15 . 2010-11-29 12:58 -------- d-----w- c:\arquivos de programas\BitComet

2010-11-29 03:15 . 2010-11-29 07:21 -------- d-----w- c:\arquivos de programas\Google

2010-11-28 21:21 . 2010-11-28 21:32 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\MFAData

2010-11-24 00:59 . 2010-12-11 08:01 -------- d-----w- c:\arquivos de programas\iG

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-09-18 14:23 . 2004-08-04 03:45 974848 ----a-w- c:\windows\system32\mfc42u.dll

2010-09-18 06:53 . 2004-08-04 03:45 974848 ----a-w- c:\windows\system32\mfc42.dll

2010-09-18 06:53 . 2001-10-28 18:06 954368 ----a-w- c:\windows\system32\mfc40.dll

2010-09-18 06:53 . 2001-10-28 18:06 953856 ------w- c:\windows\system32\mfc40u.dll

2010-08-31 04:01 . 2010-08-31 04:01 384000 ----a-w- c:\arquivos de programas\MSN Virus Remover-Baixaki.exe

2009-11-14 19:26 . 2009-11-14 19:26 3351265 -c--a-w- c:\arquivos de programas\webblocker.exe

2009-04-05 21:36 . 2009-04-05 05:46 37319392 -c--a-w- c:\arquivos de programas\setup_7.0.0.290_05.04.2009_08-12.exe

2008-08-23 18:28 . 2008-08-23 18:19 1495112 -c--a-w- c:\arquivos de programas\install_flash_player.exe

2008-01-05 19:47 . 2009-01-19 02:07 60696 -c--a-w- c:\arquivos de programas\STXDLL.DLL

2008-01-05 19:47 . 2009-01-19 02:07 40240 -c--a-w- c:\arquivos de programas\RUNSTX.EXE

2008-01-05 19:47 . 2009-01-19 02:07 236816 ----a-w- c:\arquivos de programas\SysTrayX.EXE

1999-04-01 15:53 . 1999-04-01 15:53 99840 -c--a-w- c:\arquivos de programas\Arquivos comuns\IRAABOUT.DLL

1998-12-09 01:53 . 1998-12-09 01:53 70144 -c--a-w- c:\arquivos de programas\Arquivos comuns\IRAMDMTR.DLL

1998-12-09 01:53 . 1998-12-09 01:53 48640 -c--a-w- c:\arquivos de programas\Arquivos comuns\IRALPTTR.DLL

1998-12-09 01:53 . 1998-12-09 01:53 31744 -c--a-w- c:\arquivos de programas\Arquivos comuns\IRAWEBTR.DLL

1998-12-09 01:53 . 1998-12-09 01:53 186368 -c--a-w- c:\arquivos de programas\Arquivos comuns\IRAREG.DLL

1998-12-09 01:53 . 1998-12-09 01:53 17920 -c--a-w- c:\arquivos de programas\Arquivos comuns\IRASRIAL.DLL

.

 

------- Sigcheck -------

 

[7] 2008-04-14 . 698F9583D1EB213B09F12DD5826A46E2 . 1571840 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\sfcfiles.dll

[7] 2004-08-04 . 1DD4FC7EEE3A45257528A34FDF7BC689 . 1548288 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\sfcfiles.dll

 

c:\windows\System32\sfcfiles.dll ... está faltando !!

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{f592709f-ff4a-4862-b659-4afabda56312}]

2010-09-07 11:04 2735200 ----a-w- c:\arquivos de programas\Mininova\tbMin0.dll

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{f592709f-ff4a-4862-b659-4afabda56312}"= "c:\arquivos de programas\Mininova\tbMin0.dll" [2010-09-07 2735200]

 

[HKEY_CLASSES_ROOT\clsid\{f592709f-ff4a-4862-b659-4afabda56312}]

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{F592709F-FF4A-4862-B659-4AFABDA56312}"= "c:\arquivos de programas\Mininova\tbMin0.dll" [2010-09-07 2735200]

 

[HKEY_CLASSES_ROOT\clsid\{f592709f-ff4a-4862-b659-4afabda56312}]

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Google Update"="c:\documents and settings\home\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe" [2009-04-25 133104]

"F.lux"="c:\documents and settings\home\Local Settings\Apps\F.lux\flux.exe" [2009-08-29 966656]

"msnmsgr"="c:\arquivos de programas\Windows Live\Messenger\msnmsgr.exe" [2009-05-30 5724184]

"BitComet"="c:\arquivos de programas\BitComet\BitComet.exe" [2010-11-11 10720048]

"swg"="c:\arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-11-29 39408]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-31 7634944]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

 

c:\documents and settings\home\Menu Iniciar\Programas\Inicializar\

is-A6V1Q.lnk - c:\documents and settings\home\Meus documentos\Virus Removal Tool\is-A6V1Q\startup.exe [2009-4-5 65536]

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Discador iG.lnk]

path=c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\Discador iG.lnk

backup=c:\windows\pss\Discador iG.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Microsoft Office.lnk]

path=c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\Microsoft Office.lnk

backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Symantec Fax Starter Edition Port.lnk]

path=c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\Symantec Fax Starter Edition Port.lnk

backup=c:\windows\pss\Symantec Fax Starter Edition Port.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^home^Menu Iniciar^Programas^Inicializar^SYSTRAYX.LNK]

path=c:\documents and settings\home\Menu Iniciar\Programas\Inicializar\SYSTRAYX.LNK

backup=c:\windows\pss\SYSTRAYX.LNKStartup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2008-01-12 01:16 39792 -c--a-w- c:\arquivos de programas\Adobe\Reader 8.0\Reader\reader_sl.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitComet]

2010-11-11 08:59 10720048 ----a-w- c:\arquivos de programas\BitComet\BitComet.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]

2008-04-14 02:20 15360 ----a-w- c:\windows\system32\ctfmon.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]

2009-04-25 16:49 133104 ----atw- c:\documents and settings\home\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

2008-04-14 02:21 1695232 ----a-w- c:\arquivos de programas\Messenger\msmsgs.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]

2009-05-30 16:39 5724184 ----a-w- c:\arquivos de programas\Windows Live\Messenger\msnmsgr.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

2001-07-09 14:50 155648 -c--a-w- c:\windows\system32\NeroCheck.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]

2006-10-31 06:35 7634944 ----a-w- c:\windows\system32\nvcpl.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]

2006-10-31 06:35 86016 -c--a-w- c:\windows\system32\nvmctray.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]

2006-10-31 06:35 1622016 -c--a-w- c:\windows\system32\nwiz.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2010-07-23 18:49 155648 ----a-w- c:\arquivos de programas\QuickTime\qttask.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]

2007-07-05 08:08 16380416 -c----r- c:\windows\RTHDCPL.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]

2007-06-15 08:45 1826816 -c----r- c:\windows\SkyTel.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2008-06-10 07:27 144784 -c--a-w- c:\arquivos de programas\Java\jre1.6.0_07\bin\jusched.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]

2010-11-29 07:21 39408 ----a-w- c:\arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Timer]

2003-10-06 13:40 913408 -c--a-w- c:\arquivos de programas\Timer-Net 2.3 - Grátis\Timer-net.exe

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Arquivos de programas\\Messenger\\msmsgs.exe"=

"c:\\Arquivos de programas\\Click21\\DialUP.exe"=

"c:\\Arquivos de programas\\Mozilla Firefox\\firefox.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\livecall.exe"=

"c:\\Arquivos de programas\\BitComet\\BitComet.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"26714:TCP"= 26714:TCP:BitComet 26714 TCP

"26714:UDP"= 26714:UDP:BitComet 26714 UDP

"22923:TCP"= 22923:TCP:BitComet 22923 TCP

"22923:UDP"= 22923:UDP:BitComet 22923 UDP

"17966:TCP"= 17966:TCP:BitComet 17966 TCP

"17966:UDP"= 17966:UDP:BitComet 17966 UDP

"23709:TCP"= 23709:TCP:BitComet 23709 TCP

"23709:UDP"= 23709:UDP:BitComet 23709 UDP

 

R1 is-A6V1Qdrv;is-A6V1Qdrv;c:\windows\system32\drivers\59527679.sys [05/04/09 19:38 148496]

S2 gupdate;Google Update Service (gupdate);c:\arquivos de programas\Google\Update\GoogleUpdate.exe [29/11/10 05:22 135664]

S3 uteznzg1;AVZ Kernel Driver;\??\c:\windows\system32\Drivers\uteznzg1.sys --> c:\windows\system32\Drivers\uteznzg1.sys [?]

.

Conteúdo da pasta 'Tarefas Agendadas'

 

2010-12-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2010-11-29 07:21]

 

2010-12-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2010-11-29 07:21]

.

.

------- Scan Suplementar -------

.

uStart Page = hxxp://www.uol.com.br/

IE: Google Sidewiki... - c:\arquivos de programas\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html

Trusted Zone: com.br\www.google

Trusted Zone: com.br\www.ig

Trusted Zone: com.br\www.orkut

Trusted Zone: com.br\www.uol

Trusted Zone: hotmail.com\www

Trusted Zone: live.com\www

Trusted Zone: msn.com\www

Trusted Zone: passport.com\www

FF - ProfilePath - c:\documents and settings\home\Dados de aplicativos\Mozilla\Firefox\Profiles\ojcdcd48.default\

FF - component: c:\documents and settings\home\Dados de aplicativos\Mozilla\Firefox\Profiles\ojcdcd48.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}\components\IBitCometExtension.dll

FF - plugin: c:\arquivos de programas\Google\Update\1.2.183.39\npGoogleOneClick8.dll

FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\arquivos de programas\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Extension: Java Console: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - c:\arquivos de programas\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}

FF - Extension: Firebug: firebug@software.joehewitt.com - c:\documents and settings\home\Dados de aplicativos\Mozilla\Firefox\Profiles\ojcdcd48.default\extensions\firebug@software.joehewitt.com

FF - Extension: BitComet Video Downloader: {B042753D-F57E-4e8e-A01B-7379A6D4CEFB} - c:\documents and settings\home\Dados de aplicativos\Mozilla\Firefox\Profiles\ojcdcd48.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}

.

- - - - ORFÃOS REMOVIDOS - - - -

 

Notify-avgrsstarter - avgrsstx.dll

MSConfigStartUp-AVG9_TRAY - c:\arquiv~1\AVG\AVG9\avgtray.exe

 

 

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-12-13 11:45

Windows 5.1.2600 Service Pack 3 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros/arquivos ocultos ...

 

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

 

**************************************************************************

.

--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

 

- - - - - - - > 'explorer.exe'(2956)

c:\windows\system32\WININET.dll

c:\windows\system32\webcheck.dll

.

------------------------ Outros Processos em Execução ------------------------

.

c:\windows\system32\nvsvc32.exe

c:\windows\system32\wscntfy.exe

c:\documents and settings\home\Configurações locais\Dados de aplicativos\Google\Update\1.2.183.39\GoogleCrashHandler.exe

.

**************************************************************************

.

Tempo para conclusão: 2010-12-13 11:50:59 - Máquina reiniciou

ComboFix-quarantined-files.txt 2010-12-13 13:50

ComboFix2.txt 2010-01-30 21:14

ComboFix3.txt 2010-01-11 12:59

ComboFix4.txt 2010-01-04 14:24

ComboFix5.txt 2010-02-15 12:17

 

Pré-execução: 26 pasta(s) 20.695.547.904 bytes disponíveis

Pós execução: 28 pasta(s) 21.235.613.696 bytes disponíveis

 

WindowsXP-KB310994-SP2-Pro-BootDisk-PTG.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

UnsupportedDebug="do not select this" /debug

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

 

- - End Of File - - 24181DBD1961A937ED00C13CDBE406B9

[wings 22]

OK...o log está limpo. :)

 

 

1.

*Clique [iniciar] > [Executar] > copie e cole: Combofix /uninstall

 

 

*Clique [OK] > [Executar]

*Aguarde surgir a mensagem: "ComboFix está desinstalado"

*Clique [OK]

 

 

Quanto ao antivírus instale o Avira. Seguem dois tutoriais:

http://dicasetutoriaisparapc.blogspot.com/2009/03/tutorial-de-instalacao-e-configuracao.html

http://dicasetutoriaisparapc.blogspot.com/2009/03/escaneando-seu-computador-com-o-avira.html

 

 

Um abraço e Feliz Natal.

[Bond2006 0]

Ola apesar do log nao constar nada, o meu problema continua,será que seria uma boa baixar uma versao mais recente do IE? Ah outra coisa segue abaixo um novo log de 5 minutos atras,será que por ele voce poderia verificar tambem se houve alguma tentativa de invasao no meu micro?

 

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 00:23:27, on 15/12/10

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\Documents and Settings\home\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe

C:\Documents and Settings\home\Local Settings\Apps\F.lux\flux.exe

C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

C:\Documents and Settings\home\Configurações locais\Dados de aplicativos\Google\Update\1.2.183.39\GoogleCrashHandler.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Arquivos de programas\iG\Discador.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

C:\HiJackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.uol.com.br/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)

O2 - BHO: IERetObj Class - {4F01A5CD-45EC-4395-BD4F-A9AA6556A19E} - C:\Arquivos de programas\HalogenWare\Retriever\plugins\IECapture\IERetriever.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll

O2 - BHO: Mininova Toolbar - {f592709f-ff4a-4862-b659-4afabda56312} - C:\Arquivos de programas\Mininova\tbMin0.dll

O3 - Toolbar: Mininova Toolbar - {f592709f-ff4a-4862-b659-4afabda56312} - C:\Arquivos de programas\Mininova\tbMin0.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar_32.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\home\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe" /c

O4 - HKCU\..\Run: [F.lux] "C:\Documents and Settings\home\Local Settings\Apps\F.lux\flux.exe" /noshow

O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [bitComet] "C:\Arquivos de programas\BitComet\BitComet.exe" /tray

O4 - HKCU\..\Run: [swg] "C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: is-A6V1Q.lnk = C:\Documents and Settings\home\Meus documentos\Virus Removal Tool\is-A6V1Q\startup.exe

O8 - Extra context menu item: Google Sidewiki... - res://C:\Arquivos de programas\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1213471087570

O17 - HKLM\System\CCS\Services\Tcpip\..\{E325F22B-DE66-460A-9689-034B6AFD963F}: NameServer = 200.227.128.21 200.227.128.20

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

 

--

End of file - 6662 bytes

[wings 22]

1.

*Clique em [iniciar] > [Executar] > digite: sfc /scannow

 

 

*Clique OK

*Será solicitado o cd do Windows

*Coloque-o no CD-Rom e aguarde o término....

*Retire o CD e reinicie o PC

 

Informe se corrigiu.

[Bond2006 0]

Ola tentei fazer o que foi pedido,mais assim que cliquei no OK percebi que surgiu uma tela semelhante aquela do DOS e que sumiu em um segundo,até achei que tinha que estar online mais assim que me conectei tentei novamente e o resultado foi o mesmo,aguardo novo contato.

[wings 22]

1.

*Baixe o Avenger e salve-o no desktop

*Extraia para o desktop

*Selecione e copie (Ctrl+c) o código:

Files to move:

c:\windows\ServicePackFiles\i386\sfcfiles.dll | c:\windows\System32\sfcfiles.dll

 

*Execute o Avenger

*Clique [Load Script] > [Paste from Clipboard]

*Clique [Execute] > [OK]

*O PC será reiniciado

*Cole o relatório C:\avenger.txt

 

2.

*Faça um scan online com o NOD32

 

 

*Ao término cole o relatório criado em C:\Arquivos de programas\EsetOnlineScanner\log

[Bond2006 0]

Ola fiz a 1ª parte mais a minha conexao é discada e eu nao consegui baixar o banco de dados de virus e nem fazer o scan online,se voce puder me sugerir outra soluçao eu fico grato,uma vez que meu problema continua.

 

 

 

 

//////////////////////////////////////////

Avenger Pre-Processor log

//////////////////////////////////////////

 

Platform: Windows XP (build 2600, Service Pack 3)

Fri Dec 17 13:05:48 2010

 

13:05:48: Error: Invalid script. A valid script must begin with a command directive.

Aborting execution!

 

 

//////////////////////////////////////////

 

 

//////////////////////////////////////////

Avenger Pre-Processor log

//////////////////////////////////////////

 

Platform: Windows XP (build 2600, Service Pack 3)

Fri Dec 17 13:12:01 2010

 

13:12:01: Error: Invalid script. A valid script must begin with a command directive.

Aborting execution!

 

 

//////////////////////////////////////////

 

 

//////////////////////////////////////////

Avenger Pre-Processor log

//////////////////////////////////////////

 

Platform: Windows XP (build 2600, Service Pack 3)

Fri Dec 17 13:13:34 2010

 

13:13:34: Error: Invalid script. A valid script must begin with a command directive.

Aborting execution!

 

 

//////////////////////////////////////////

 

 

Logfile of The Avenger Version 2.0, © by Swandog46

http://swandog46.geekstogo.com

 

Platform: Windows XP

 

*******************

 

Script file opened successfully.

Script file read successfully.

 

Backups directory opened successfully at C:\Avenger

 

*******************

 

Beginning to process script file:

 

Rootkit scan active.

No rootkits found!

 

 

Completed script processing.

 

*******************

 

Finished! Terminate.

[wings 22]

*Baixe o AVZ e salve-o no desktop

*Extraia para o desktop

*Na pasta avz4, execute o avz

*Clique [File] > [Database Update] e aguarde o final da atualização.

*Selecione a partição onde o Windows está instalado. Geralmente é:

[] Disco local (C:)

*Clique [File] > [Custom Scripts]

*Cole o código no espaço em branco

begin

ExecuteStdScr(2);

end.

*Ao término, uma janela será apresentada informando: "Script executed susccessfully"

*Clique [OK] e feche a janela

*Na tela principal do AVZ, clique no botão e salve o relatório (avz_log) no desktop

*Feche o programa

*Cole o relatório

 

Informe também o que diz na mensagem do IE, assim como o relatório. Não envie o mesmo, mas sim abra o relatório.

[Bond2006 0]

Ola segue abaixo o relatório do AVZ:

 

 

Attention !!! Database was last updated 08/07/10 it is necessary to update the database (via File - Database update)

AVZ Antiviral Toolkit log; AVZ version is 4.34

Scanning started at 18/12/10 16:24:00

Database loaded: signatures - 275419, NN profile(s) - 2, malware removal microprograms - 56, signature database released 08.07.2010 09:40

Heuristic microprograms loaded: 383

PVS microprograms loaded: 9

Digital signatures of system files loaded: 213048

Heuristic analyzer mode: Medium heuristics mode

Malware removal mode: disabled

Windows version is: 5.1.2600, Service Pack 3 ; AVZ is run with administrator rights

System Restore: enabled

1. Searching for Rootkits and other software intercepting API functions

1.1 Searching for user-mode API hooks

Analysis: kernel32.dll, export table found in section .text

Analysis: ntdll.dll, export table found in section .text

Analysis: user32.dll, export table found in section .text

Analysis: advapi32.dll, export table found in section .text

Analysis: ws2_32.dll, export table found in section .text

Analysis: wininet.dll, export table found in section .text

Analysis: rasapi32.dll, export table found in section .text

Analysis: urlmon.dll, export table found in section .text

Analysis: netapi32.dll, export table found in section .text

1.2 Searching for kernel-mode API hooks

Driver loaded successfully

SDT found (RVA=07C020)

Kernel ntkrnlpa.exe found in memory at address 804D7000

SDT = 80553020

KiST = 80501BBC (284)

Functions checked: 284, intercepted: 0, restored: 0

1.3 Checking IDT and SYSENTER

Analyzing CPU 1

Checking IDT and SYSENTER - complete

1.4 Searching for masking processes and drivers

Checking not performed: extended monitoring driver (AVZPM) is not installed

1.5 Checking IRP handlers

Driver loaded successfully

Checking - complete

2. Scanning RAM

Number of processes found: 44

Number of modules loaded: 346

Scanning RAM - complete

3. Scanning disks

C:\Arquivos de programas\On-line Help Console\DetectOS.dll >>> suspicion for Trojan.Win32.Delf.bkl ( 07CF890C 0374B343 002074FF 0023E175 374784)

Direct reading: C:\Documents and Settings\home\Configurações locais\temp\~DF30E9.tmp

Direct reading: C:\Documents and Settings\home\Configurações locais\temp\~DF50FC.tmp

Direct reading: C:\Documents and Settings\home\Configurações locais\temp\~DF6DF9.tmp

Direct reading: C:\Documents and Settings\home\Configurações locais\temp\~DF6FAA.tmp

Direct reading: C:\Documents and Settings\home\Configurações locais\temp\~DF98D.tmp

Direct reading: C:\Documents and Settings\home\Configurações locais\temp\~DFB256.tmp

Direct reading: C:\Documents and Settings\home\Configurações locais\temp\~DFB6E6.tmp

Direct reading: C:\Documents and Settings\home\Configurações locais\temp\~DFB778.tmp

Direct reading: C:\Documents and Settings\home\Configurações locais\temp\~DFE7C6.tmp

Direct reading: C:\Documents and Settings\home\Configurações locais\temp\~DFFE47.tmp

Direct reading: C:\WINDOWS\SoftwareDistribution\Download\f4963d95146b350edb75e96429fccc67\BIT27.tmp

4. Checking Winsock Layered Service Provider (SPI/LSP)

LSP settings checked. No errors detected

5. Searching for keyboard/mouse/windows events hooks (Keyloggers, Trojan DLLs)

6. Searching for opened TCP/UDP ports used by malicious software

Checking - disabled by user

7. Heuristic system check

Checking - complete

8. Searching for vulnerabilities

>> Services: potentially dangerous service allowed: RemoteRegistry (Registro remoto)

>> Services: potentially dangerous service allowed: TermService (Serviços de terminal)

>> Services: potentially dangerous service allowed: SSDPSRV (Serviço de descoberta SSDP)

>> Services: potentially dangerous service allowed: TlntSvr (Telnet)

>> Services: potentially dangerous service allowed: Schedule (Agendador de tarefas)

>> Services: potentially dangerous service allowed: mnmsrvc (Compartilhamento remoto da área de trabalho do NetMeeting)

>> Services: potentially dangerous service allowed: RDSessMgr (Gerenciador de sessão de ajuda de área de trabalho remota)

> Services: please bear in mind that the set of services depends on the use of the PC (home PC, office PC connected to corporate network, etc)!

>> Security: disk drives' autorun is enabled

>> Security: administrative shares (C$, D$ ...) are enabled

>> Security: anonymous user access is enabled

>> Security: sending Remote Assistant queries is enabled

Script error: Incompatible types: 'Integer', 'String', position [7:39]

Microprogram error: 8

Checking - complete

9. Troubleshooting wizard

>> HDD autorun is allowed

>> Network drives autorun is allowed

>> Removable media autorun is allowed

Checking - complete

Files scanned: 101442, extracted from archives: 82179, malicious software found 0, suspicions - 1

Scanning finished at 18/12/10 17:57:00

Time of scanning: 01:33:02

If you have a suspicion on presence of viruses or questions on the suspected objects,

you can address http://virusinfo.info conference

System Analysis in progress

System Analysis - complete

 

 

Quanto ao IE a mensagem diz : O Internet Explorer encontrou um problema e precisa ser fechado e o conteúdo do relatório segue abaixo :

 

 

<?xml version="1.0" encoding="UTF-16"?>

<DATABASE>

<EXE NAME="IEXPLORE.EXE" FILTER="GRABMI_FILTER_PRIVACY">

<MATCHING_FILE NAME="ExtExport.exe" SIZE="144384" CHECKSUM="0xE4CFFC5E" BIN_FILE_VERSION="8.0.6001.18702" BIN_PRODUCT_VERSION="8.0.6001.18702" PRODUCT_VERSION="8.00.6001.18702" FILE_DESCRIPTION="Internet Explorer ImpExp FF exporter" COMPANY_NAME="Microsoft Corporation" PRODUCT_NAME="Windows® Internet Explorer" FILE_VERSION="8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)" ORIGINAL_FILENAME="extexport.exe" INTERNAL_NAME="extexport" LEGAL_COPYRIGHT="© Microsoft Corporation. All rights reserved." VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x40004" VERFILETYPE="0x2" MODULE_TYPE="WIN32" PE_CHECKSUM="0x2C47C" LINKER_VERSION="0x60000" UPTO_BIN_FILE_VERSION="8.0.6001.18702" UPTO_BIN_PRODUCT_VERSION="8.0.6001.18702" LINK_DATE="03/08/2009 11:35:03" UPTO_LINK_DATE="03/08/2009 11:35:03" VER_LANGUAGE="Inglês (Estados Unidos) [0x409]" />

<MATCHING_FILE NAME="hmmapi.dll" SIZE="68608" CHECKSUM="0x3639B01C" BIN_FILE_VERSION="8.0.6001.18702" BIN_PRODUCT_VERSION="8.0.6001.18702" PRODUCT_VERSION="8.00.6001.18702" FILE_DESCRIPTION="Microsoft HTTP Mail Simple MAPI" COMPANY_NAME="Microsoft Corporation" PRODUCT_NAME="Windows® Internet Explorer" FILE_VERSION="8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)" ORIGINAL_FILENAME="HMMAPI.DLL" INTERNAL_NAME="HMMAPI" LEGAL_COPYRIGHT="© Microsoft Corporation. All rights reserved." VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x40004" VERFILETYPE="0x2" MODULE_TYPE="WIN32" PE_CHECKSUM="0x1713E" LINKER_VERSION="0x60000" UPTO_BIN_FILE_VERSION="8.0.6001.18702" UPTO_BIN_PRODUCT_VERSION="8.0.6001.18702" LINK_DATE="03/08/2009 11:24:27" UPTO_LINK_DATE="03/08/2009 11:24:27" VER_LANGUAGE="Inglês (Estados Unidos) [0x409]" />

<MATCHING_FILE NAME="iecompat.dll" SIZE="2048" CHECKSUM="0xBB531699" BIN_FILE_VERSION="8.0.6001.18702" BIN_PRODUCT_VERSION="8.0.6001.18702" PRODUCT_VERSION="8.00.6001.18702" FILE_DESCRIPTION="Internet Explorer Compatibility Data" COMPANY_NAME="Microsoft Corporation" PRODUCT_NAME="Windows® Internet Explorer" FILE_VERSION="8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)" ORIGINAL_FILENAME="iecompat.dll" INTERNAL_NAME="iecompat" LEGAL_COPYRIGHT="© Microsoft Corporation. All rights reserved." VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x40004" VERFILETYPE="0x2" MODULE_TYPE="WIN32" PE_CHECKSUM="0xD321" LINKER_VERSION="0x60000" UPTO_BIN_FILE_VERSION="8.0.6001.18702" UPTO_BIN_PRODUCT_VERSION="8.0.6001.18702" LINK_DATE="03/08/2009 11:35:02" UPTO_LINK_DATE="03/08/2009 11:35:02" VER_LANGUAGE="Inglês (Estados Unidos) [0x409]" />

<MATCHING_FILE NAME="iedvtool.dll" SIZE="743424" CHECKSUM="0xE228E733" BIN_FILE_VERSION="8.0.6001.18968" BIN_PRODUCT_VERSION="8.0.6001.18968" PRODUCT_VERSION="8.00.6001.18968" FILE_DESCRIPTION="Internet Explorer Developer Tools" COMPANY_NAME="Microsoft Corporation" PRODUCT_NAME="Windows® Internet Explorer" FILE_VERSION="8.00.6001.18968 (longhorn_ie8_gdr.100824-1830)" ORIGINAL_FILENAME="iedvtool.dll" INTERNAL_NAME="iedvtool.dll" LEGAL_COPYRIGHT="© Microsoft Corporation. All rights reserved." VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x40004" VERFILETYPE="0x2" MODULE_TYPE="WIN32" PE_CHECKSUM="0xB81F9" LINKER_VERSION="0x60000" UPTO_BIN_FILE_VERSION="8.0.6001.18968" UPTO_BIN_PRODUCT_VERSION="8.0.6001.18968" LINK_DATE="09/10/2010 05:51:06" UPTO_LINK_DATE="09/10/2010 05:51:06" VER_LANGUAGE="Inglês (Estados Unidos) [0x409]" />

<MATCHING_FILE NAME="iedw.exe" SIZE="18432" CHECKSUM="0x34DF3370" BIN_FILE_VERSION="5.1.2600.5512" BIN_PRODUCT_VERSION="5.1.2600.5512" PRODUCT_VERSION="5.1.2600.5512" FILE_DESCRIPTION="IE Crash Detection" COMPANY_NAME="Microsoft Corporation" PRODUCT_NAME="Microsoft® Windows® Operating System" FILE_VERSION="5.1.2600.5512 (xpsp.080413-2105)" ORIGINAL_FILENAME="iedw.exe" INTERNAL_NAME="iedw.exe" LEGAL_COPYRIGHT="© Microsoft Corporation. All rights reserved." VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x40004" VERFILETYPE="0x1" MODULE_TYPE="WIN32" PE_CHECKSUM="0xC607" LINKER_VERSION="0x50001" UPTO_BIN_FILE_VERSION="5.1.2600.5512" UPTO_BIN_PRODUCT_VERSION="5.1.2600.5512" LINK_DATE="04/13/2008 18:34:47" UPTO_LINK_DATE="04/13/2008 18:34:47" VER_LANGUAGE="Inglês (Estados Unidos) [0x409]" />

<MATCHING_FILE NAME="ieproxy.dll" SIZE="247808" CHECKSUM="0xECA45746" BIN_FILE_VERSION="8.0.6001.18968" BIN_PRODUCT_VERSION="8.0.6001.18968" PRODUCT_VERSION="8.00.6001.18968" FILE_DESCRIPTION="IE ActiveX Interface Marshaling Library" COMPANY_NAME="Microsoft Corporation" PRODUCT_NAME="Windows® Internet Explorer" FILE_VERSION="8.00.6001.18968 (longhorn_ie8_gdr.100824-1830)" ORIGINAL_FILENAME="ieproxy.dll" INTERNAL_NAME="ieproxy.dll" LEGAL_COPYRIGHT="© Microsoft Corporation. All rights reserved." VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x40004" VERFILETYPE="0x2" MODULE_TYPE="WIN32" PE_CHECKSUM="0x3FB4B" LINKER_VERSION="0x60000" UPTO_BIN_FILE_VERSION="8.0.6001.18968" UPTO_BIN_PRODUCT_VERSION="8.0.6001.18968" LINK_DATE="09/10/2010 05:51:09" UPTO_LINK_DATE="09/10/2010 05:51:09" VER_LANGUAGE="Inglês (Estados Unidos) [0x409]" />

<MATCHING_FILE NAME="iexplore.exe" SIZE="638816" CHECKSUM="0x3532A3B9" BIN_FILE_VERSION="8.0.6001.18702" BIN_PRODUCT_VERSION="8.0.6001.18702" PRODUCT_VERSION="8.00.6001.18702" FILE_DESCRIPTION="Internet Explorer" COMPANY_NAME="Microsoft Corporation" PRODUCT_NAME="Windows® Internet Explorer" FILE_VERSION="8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)" ORIGINAL_FILENAME="IEXPLORE.EXE" INTERNAL_NAME="iexplore" LEGAL_COPYRIGHT="© Microsoft Corporation. All rights reserved." VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x40004" VERFILETYPE="0x1" MODULE_TYPE="WIN32" PE_CHECKSUM="0xA0294" LINKER_VERSION="0x60000" UPTO_BIN_FILE_VERSION="8.0.6001.18702" UPTO_BIN_PRODUCT_VERSION="8.0.6001.18702" LINK_DATE="03/08/2009 11:34:06" UPTO_LINK_DATE="03/08/2009 11:34:06" VER_LANGUAGE="Inglês (Estados Unidos) [0x409]" />

<MATCHING_FILE NAME="jsdbgui.dll" SIZE="521216" CHECKSUM="0xB07B9783" BIN_FILE_VERSION="8.0.6001.18702" BIN_PRODUCT_VERSION="8.0.6001.18702" PRODUCT_VERSION="8.00.6001.18702" FILE_DESCRIPTION="Script Debugger" COMPANY_NAME="Microsoft Corporation" PRODUCT_NAME="Windows® Internet Explorer" FILE_VERSION="8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)" ORIGINAL_FILENAME="jsdbgui.dll" INTERNAL_NAME="jsdbgui.dll" LEGAL_COPYRIGHT="© Microsoft Corporation. All rights reserved." VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x40004" VERFILETYPE="0x2" MODULE_TYPE="WIN32" PE_CHECKSUM="0x8B81B" LINKER_VERSION="0x60000" UPTO_BIN_FILE_VERSION="8.0.6001.18702" UPTO_BIN_PRODUCT_VERSION="8.0.6001.18702" LINK_DATE="03/08/2009 11:34:59" UPTO_LINK_DATE="03/08/2009 11:34:59" VER_LANGUAGE="Inglês (Estados Unidos) [0x409]" />

<MATCHING_FILE NAME="jsdebuggeride.dll" SIZE="121344" CHECKSUM="0xD614AFBB" BIN_FILE_VERSION="8.0.6001.18702" BIN_PRODUCT_VERSION="8.0.6001.18702" PRODUCT_VERSION="8.00.6001.18702" FILE_DESCRIPTION="JScript Debugger IDE" COMPANY_NAME="Microsoft Corporation" PRODUCT_NAME="Windows® Internet Explorer" FILE_VERSION="8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)" ORIGINAL_FILENAME="jsdebuggeride.dll" INTERNAL_NAME="jsdebuggeride.dll" LEGAL_COPYRIGHT="© Microsoft Corporation. All rights reserved." VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x40004" VERFILETYPE="0x2" MODULE_TYPE="WIN32" PE_CHECKSUM="0x24B51" LINKER_VERSION="0x60000" UPTO_BIN_FILE_VERSION="8.0.6001.18702" UPTO_BIN_PRODUCT_VERSION="8.0.6001.18702" LINK_DATE="03/08/2009 11:34:58" UPTO_LINK_DATE="03/08/2009 11:34:58" VER_LANGUAGE="Inglês (Estados Unidos) [0x409]" />

<MATCHING_FILE NAME="JSProfilerCore.dll" SIZE="118272" CHECKSUM="0x5A1D31D" BIN_FILE_VERSION="8.0.6001.18702" BIN_PRODUCT_VERSION="8.0.6001.18702" PRODUCT_VERSION="8.00.6001.18702" FILE_DESCRIPTION="IE Dev Toolbar JScript Profiler" COMPANY_NAME="Microsoft Corporation" PRODUCT_NAME="Windows® Internet Explorer" FILE_VERSION="8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)" ORIGINAL_FILENAME="JSProfilerCore.dll" INTERNAL_NAME="JSProfilerCore.dll" LEGAL_COPYRIGHT="© Microsoft Corporation. All rights reserved." VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x40004" VERFILETYPE="0x2" MODULE_TYPE="WIN32" PE_CHECKSUM="0x212B0" LINKER_VERSION="0x60000" UPTO_BIN_FILE_VERSION="8.0.6001.18702" UPTO_BIN_PRODUCT_VERSION="8.0.6001.18702" LINK_DATE="03/08/2009 11:35:01" UPTO_LINK_DATE="03/08/2009 11:35:01" VER_LANGUAGE="Inglês (Estados Unidos) [0x409]" />

<MATCHING_FILE NAME="jsprofilerui.dll" SIZE="233984" CHECKSUM="0x8DCE4301" BIN_FILE_VERSION="8.0.6001.18702" BIN_PRODUCT_VERSION="8.0.6001.18702" PRODUCT_VERSION="8.00.6001.18702" FILE_DESCRIPTION="Script Profiler" COMPANY_NAME="Microsoft Corporation" PRODUCT_NAME="Windows® Internet Explorer" FILE_VERSION="8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)" ORIGINAL_FILENAME="jsprofilerui.dll" INTERNAL_NAME="jsprofilerui.dll" LEGAL_COPYRIGHT="© Microsoft Corporation. All rights reserved." VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x40004" VERFILETYPE="0x2" MODULE_TYPE="WIN32" PE_CHECKSUM="0x42482" LINKER_VERSION="0x60000" UPTO_BIN_FILE_VERSION="8.0.6001.18702" UPTO_BIN_PRODUCT_VERSION="8.0.6001.18702" LINK_DATE="03/08/2009 11:35:05" UPTO_LINK_DATE="03/08/2009 11:35:05" VER_LANGUAGE="Inglês (Estados Unidos) [0x409]" />

<MATCHING_FILE NAME="pdm.dll" SIZE="355832" CHECKSUM="0xA49AB6D6" BIN_FILE_VERSION="9.0.30729.1" BIN_PRODUCT_VERSION="9.0.30729.1" PRODUCT_VERSION="9.0.30729.1" FILE_DESCRIPTION="Process Debug Manager" COMPANY_NAME="Microsoft Corporation" PRODUCT_NAME="Microsoft® Visual Studio® 2008" FILE_VERSION="9.0.30729.1 built by: SP" ORIGINAL_FILENAME="pdm.dll" INTERNAL_NAME="pdm.dll" LEGAL_COPYRIGHT="© Microsoft Corporation. All rights reserved." VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x4" VERFILETYPE="0x2" MODULE_TYPE="WIN32" PE_CHECKSUM="0x663E0" LINKER_VERSION="0x90000" UPTO_BIN_FILE_VERSION="9.0.30729.1" UPTO_BIN_PRODUCT_VERSION="9.0.30729.1" LINK_DATE="07/29/2008 14:46:11" UPTO_LINK_DATE="07/29/2008 14:46:11" VER_LANGUAGE="Inglês (Estados Unidos) [0x409]" />

<MATCHING_FILE NAME="sqmapi.dll" SIZE="134144" CHECKSUM="0x8299BD40" BIN_FILE_VERSION="6.0.6000.16386" BIN_PRODUCT_VERSION="6.0.6000.16386" PRODUCT_VERSION="6.0.6000.16386" FILE_DESCRIPTION="SQM Client" COMPANY_NAME="Microsoft Corporation" PRODUCT_NAME="Microsoft® Windows® Operating System" FILE_VERSION="6.0.6000.16386 (vista_rtm.061101-2205)" ORIGINAL_FILENAME="sqmapi.dll" INTERNAL_NAME="sqmapi" LEGAL_COPYRIGHT="© Microsoft Corporation. All rights reserved." VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x40004" VERFILETYPE="0x2" MODULE_TYPE="WIN32" PE_CHECKSUM="0x24A81" LINKER_VERSION="0x60000" UPTO_BIN_FILE_VERSION="6.0.6000.16386" UPTO_BIN_PRODUCT_VERSION="6.0.6000.16386" LINK_DATE="11/02/2006 09:44:16" UPTO_LINK_DATE="11/02/2006 09:44:16" VER_LANGUAGE="Inglês (Estados Unidos) [0x409]" />

<MATCHING_FILE NAME="xpshims.dll" SIZE="12800" CHECKSUM="0xE086C1A" BIN_FILE_VERSION="8.0.6001.18968" BIN_PRODUCT_VERSION="8.0.6001.18968" PRODUCT_VERSION="8.00.6001.18968" FILE_DESCRIPTION="Internet Explorer Compatibility Shims for XP" COMPANY_NAME="Microsoft Corporation" PRODUCT_NAME="Windows® Internet Explorer" FILE_VERSION="8.00.6001.18968 (longhorn_ie8_gdr.100824-1830)" ORIGINAL_FILENAME="xpshims.dll" INTERNAL_NAME="xpshims.dll" LEGAL_COPYRIGHT="© Microsoft Corporation. All rights reserved." VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x40004" VERFILETYPE="0x2" MODULE_TYPE="WIN32" PE_CHECKSUM="0x78E8" LINKER_VERSION="0x60000" UPTO_BIN_FILE_VERSION="8.0.6001.18968" UPTO_BIN_PRODUCT_VERSION="8.0.6001.18968" LINK_DATE="09/10/2010 05:51:13" UPTO_LINK_DATE="09/10/2010 05:51:13" VER_LANGUAGE="Inglês (Estados Unidos) [0x409]" />

<MATCHING_FILE NAME="Connection Wizard\icwconn.dll" SIZE="61440" CHECKSUM="0x328406CE" BIN_FILE_VERSION="6.0.2900.5512" BIN_PRODUCT_VERSION="6.0.2900.5512" PRODUCT_VERSION="6.00.2900.5512" FILE_DESCRIPTION="Internet Connection Wizard" COMPANY_NAME="Microsoft Corporation" PRODUCT_NAME="Microsoft® Windows® Operating System" FILE_VERSION="6.00.2900.5512 (xpsp.080413-2105)" ORIGINAL_FILENAME="icwconn.dll" INTERNAL_NAME="icwconn" LEGAL_COPYRIGHT="© Microsoft Corporation. All rights reserved." VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x40004" VERFILETYPE="0x1" MODULE_TYPE="WIN32" PE_CHECKSUM="0x14025" LINKER_VERSION="0x50001" UPTO_BIN_FILE_VERSION="6.0.2900.5512" UPTO_BIN_PRODUCT_VERSION="6.0.2900.5512" LINK_DATE="04/14/2008 02:18:38" UPTO_LINK_DATE="04/14/2008 02:18:38" VER_LANGUAGE="Inglês (Estados Unidos) [0x409]" />

<MATCHING_FILE NAME="Connection Wizard\icwconn1.exe" SIZE="217600" CHECKSUM="0xE49CEE86" BIN_FILE_VERSION="6.0.2900.5512" BIN_PRODUCT_VERSION="6.0.2900.5512" PRODUCT_VERSION="6.00.2900.5512" FILE_DESCRIPTION="Assistente para conexão com a Internet" COMPANY_NAME="Microsoft Corporation" PRODUCT_NAME="Sistema operacional Microsoft® Windows®" FILE_VERSION="6.00.2900.5512 (xpsp.080413-2105)" ORIGINAL_FILENAME="icwconn1.exe" INTERNAL_NAME="icwconn1" LEGAL_COPYRIGHT="© Microsoft Corporation. Todos os direitos reservados." VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x40004" VERFILETYPE="0x1" MODULE_TYPE="WIN32" PE_CHECKSUM="0x40F18" LINKER_VERSION="0x50001" UPTO_BIN_FILE_VERSION="6.0.2900.5512" UPTO_BIN_PRODUCT_VERSION="6.0.2900.5512" LINK_DATE="04/13/2008 18:31:35" UPTO_LINK_DATE="04/13/2008 18:31:35" VER_LANGUAGE="Português (Brasil) [0x416]" />

<MATCHING_FILE NAME="Connection Wizard\icwconn2.exe" SIZE="86016" CHECKSUM="0x30DA10A5" BIN_FILE_VERSION="6.0.2900.5512" BIN_PRODUCT_VERSION="6.0.2900.5512" PRODUCT_VERSION="6.00.2900.5512" FILE_DESCRIPTION="Assistente para conexão com a Internet" COMPANY_NAME="Microsoft Corporation" PRODUCT_NAME="Sistema operacional Microsoft® Windows®" FILE_VERSION="6.00.2900.5512 (xpsp.080413-2105)" ORIGINAL_FILENAME="ICWCONN2.EXE" INTERNAL_NAME="ICWCONN2" LEGAL_COPYRIGHT="© Microsoft Corporation. Todos os direitos reservados." VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x40004" VERFILETYPE="0x1" MODULE_TYPE="WIN32" PE_CHECKSUM="0x1A890" LINKER_VERSION="0x50001" UPTO_BIN_FILE_VERSION="6.0.2900.5512" UPTO_BIN_PRODUCT_VERSION="6.0.2900.5512" LINK_DATE="04/13/2008 18:31:39" UPTO_LINK_DATE="04/13/2008 18:31:39" VER_LANGUAGE="Português (Brasil) [0x416]" />

<MATCHING_FILE NAME="Connection Wizard\icwdl.dll" SIZE="32768" CHECKSUM="0x54606E4D" BIN_FILE_VERSION="6.0.2900.5512" BIN_PRODUCT_VERSION="6.0.2900.5512" PRODUCT_VERSION="6.00.2900.5512" FILE_DESCRIPTION="Transferência de seções múltiplas de MIME para serviços de Internet" COMPANY_NAME="Microsoft Corporation" PRODUCT_NAME="Sistema operacional Microsoft® Windows®" FILE_VERSION="6.00.2900.5512 (xpsp.080413-2105)" ORIGINAL_FILENAME="ICWDL.DLL" INTERNAL_NAME="ICWDL" LEGAL_COPYRIGHT="© Microsoft Corporation. Todos os direitos reservados." VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x40004" VERFILETYPE="0x2" MODULE_TYPE="WIN32" PE_CHECKSUM="0x137C4" LINKER_VERSION="0x50001" UPTO_BIN_FILE_VERSION="6.0.2900.5512" UPTO_BIN_PRODUCT_VERSION="6.0.2900.5512" LINK_DATE="04/14/2008 02:18:40" UPTO_LINK_DATE="04/14/2008 02:18:40" VER_LANGUAGE="Português (Brasil) [0x416]" />

<MATCHING_FILE NAME="Connection Wizard\icwhelp.dll" SIZE="176128" CHECKSUM="0xEA5BD294" BIN_FILE_VERSION="6.0.2900.5512" BIN_PRODUCT_VERSION="6.0.2900.5512" PRODUCT_VERSION="6.00.2900.5512" FILE_DESCRIPTION="Funções de ajuda do 'Assistente para conexão com a Internet'" COMPANY_NAME="Microsoft Corporation" PRODUCT_NAME="Sistema operacional Microsoft® Windows®" FILE_VERSION="6.00.2900.5512 (xpsp.080413-2105)" ORIGINAL_FILENAME="icwhelp.dll" INTERNAL_NAME="icwhelp" LEGAL_COPYRIGHT="© Microsoft Corporation. Todos os direitos reservados." VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x40004" VERFILETYPE="0x1" MODULE_TYPE="WIN32" PE_CHECKSUM="0x3019C" LINKER_VERSION="0x50001" UPTO_BIN_FILE_VERSION="6.0.2900.5512" UPTO_BIN_PRODUCT_VERSION="6.0.2900.5512" LINK_DATE="04/14/2008 02:18:41" UPTO_LINK_DATE="04/14/2008 02:18:41" VER_LANGUAGE="Português (Brasil) [0x416]" />

<MATCHING_FILE NAME="Connection Wizard\icwres.dll" SIZE="65536" CHECKSUM="0x47F8A8C3" BIN_FILE_VERSION="6.0.2600.0" BIN_PRODUCT_VERSION="6.0.2600.0" PRODUCT_VERSION="6.00.2600.0000" FILE_DESCRIPTION="Assistente para conexão com a Internet" COMPANY_NAME="Microsoft Corporation" PRODUCT_NAME="Sistema operacional Microsoft® Windows®" FILE_VERSION="6.00.2600.0000 (xpclient.010817-1148)" ORIGINAL_FILENAME="icwres.dll" INTERNAL_NAME="icwres" LEGAL_COPYRIGHT="© Microsoft Corporation. Todos os direitos reservados." VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x40004" VERFILETYPE="0x1" MODULE_TYPE="WIN32" PE_CHECKSUM="0x1BAAF" LINKER_VERSION="0x50001" UPTO_BIN_FILE_VERSION="6.0.2600.0" UPTO_BIN_PRODUCT_VERSION="6.0.2600.0" LINK_DATE="09/05/2001 22:49:04" UPTO_LINK_DATE="09/05/2001 22:49:04" VER_LANGUAGE="Português (Brasil) [0x416]" />

<MATCHING_FILE NAME="Connection Wizard\icwrmind.exe" SIZE="24576" CHECKSUM="0xEC7EB19C" BIN_FILE_VERSION="6.0.2900.5512" BIN_PRODUCT_VERSION="6.0.2900.5512" PRODUCT_VERSION="6.00.2900.5512" FILE_DESCRIPTION="Lembrete do 'Assistente para conexão com a Internet'" COMPANY_NAME="Microsoft Corporation" PRODUCT_NAME="Sistema operacional Microsoft® Windows®" FILE_VERSION="6.00.2900.5512 (xpsp.080413-2105)" ORIGINAL_FILENAME="ICWRMIND.EXE" INTERNAL_NAME="ICWRMIND" LEGAL_COPYRIGHT="© Microsoft Corporation. Todos os direitos reservados." VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x40004" VERFILETYPE="0x1" MODULE_TYPE="WIN32" PE_CHECKSUM="0xDF13" LINKER_VERSION="0x50001" UPTO_BIN_FILE_VERSION="6.0.2900.5512" UPTO_BIN_PRODUCT_VERSION="6.0.2900.5512" LINK_DATE="04/13/2008 18:31:25" UPTO_LINK_DATE="04/13/2008 18:31:25" VER_LANGUAGE="Português (Brasil) [0x416]" />

<MATCHING_FILE NAME="Connection Wizard\icwtutor.exe" SIZE="73728" CHECKSUM="0xB570D784" BIN_FILE_VERSION="6.0.2600.0" BIN_PRODUCT_VERSION="6.0.2600.0" PRODUCT_VERSION="6.00.2600.0000" FILE_DESCRIPTION="Assistente para conexão com a Internet" COMPANY_NAME="Microsoft Corporation" PRODUCT_NAME="Sistema operacional Microsoft® Windows®" FILE_VERSION="6.00.2600.0000 (xpclient.010817-1148)" ORIGINAL_FILENAME="icwtutor.exe" INTERNAL_NAME="icwtutor" LEGAL_COPYRIGHT="© Microsoft Corporation. Todos os direitos reservados." VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x40004" VERFILETYPE="0x1" MODULE_TYPE="WIN32" PE_CHECKSUM="0x1A16A" LINKER_VERSION="0x50001" UPTO_BIN_FILE_VERSION="6.0.2600.0" UPTO_BIN_PRODUCT_VERSION="6.0.2600.0" LINK_DATE="08/17/2001 20:49:08" UPTO_LINK_DATE="08/17/2001 20:49:08" VER_LANGUAGE="Português (Brasil) [0x416]" />

<MATCHING_FILE NAME="Connection Wizard\icwutil.dll" SIZE="49152" CHECKSUM="0xC3FA7190" BIN_FILE_VERSION="6.0.2900.5512" BIN_PRODUCT_VERSION="6.0.2900.5512" PRODUCT_VERSION="6.00.2900.5512" FILE_DESCRIPTION="Assistente para conexão com a Internet" COMPANY_NAME="Microsoft Corporation" PRODUCT_NAME="Sistema operacional Microsoft® Windows®" FILE_VERSION="6.00.2900.5512 (xpsp.080413-2105)" ORIGINAL_FILENAME="icwutil.dll" INTERNAL_NAME="icwutil" LEGAL_COPYRIGHT="© Microsoft Corporation. Todos os direitos reservados." VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x40004" VERFILETYPE="0x1" MODULE_TYPE="WIN32" PE_CHECKSUM="0x12A70" LINKER_VERSION="0x50001" UPTO_BIN_FILE_VERSION="6.0.2900.5512" UPTO_BIN_PRODUCT_VERSION="6.0.2900.5512" LINK_DATE="04/14/2008 02:18:43" UPTO_LINK_DATE="04/14/2008 02:18:43" VER_LANGUAGE="Português (Brasil) [0x416]" />

<MATCHING_FILE NAME="Connection Wizard\inetwiz.exe" SIZE="20480" CHECKSUM="0xFD53813D" BIN_FILE_VERSION="6.0.2900.5512" BIN_PRODUCT_VERSION="6.0.2900.5512" PRODUCT_VERSION="6.00.2900.5512" FILE_DESCRIPTION="Assistente para conexão com a Internet" COMPANY_NAME="Microsoft Corporation" PRODUCT_NAME="Sistema operacional Microsoft® Windows®" FILE_VERSION="6.00.2900.5512 (xpsp.080413-2105)" ORIGINAL_FILENAME="INETWIZ.EXE" INTERNAL_NAME="INETWIZ" LEGAL_COPYRIGHT="© Microsoft Corporation. Todos os direitos reservados." VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x40004" VERFILETYPE="0x1" MODULE_TYPE="WIN32" PE_CHECKSUM="0x107B9" LINKER_VERSION="0x50001" UPTO_BIN_FILE_VERSION="6.0.2900.5512" UPTO_BIN_PRODUCT_VERSION="6.0.2900.5512" LINK_DATE="04/13/2008 18:31:41" UPTO_LINK_DATE="04/13/2008 18:31:41" VER_LANGUAGE="Português (Brasil) [0x416]" />

<MATCHING_FILE NAME="Connection Wizard\isignup.exe" SIZE="16384" CHECKSUM="0xEE8C70F2" BIN_FILE_VERSION="6.0.2600.0" BIN_PRODUCT_VERSION="6.0.2600.0" PRODUCT_VERSION="6.00.2600.0000" FILE_DESCRIPTION="Internet Signup" COMPANY_NAME="Microsoft Corporation" PRODUCT_NAME="Microsoft® Windows® Operating System" FILE_VERSION="6.00.2600.0000 (xpclient.010817-1148)" ORIGINAL_FILENAME="ISIGNUP.EXE" INTERNAL_NAME="ISIGNUP" LEGAL_COPYRIGHT="© Microsoft Corporation. All rights reserved." VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x40004" VERFILETYPE="0x1" MODULE_TYPE="WIN32" PE_CHECKSUM="0x9EEC" LINKER_VERSION="0x50001" UPTO_BIN_FILE_VERSION="6.0.2600.0" UPTO_BIN_PRODUCT_VERSION="6.0.2600.0" LINK_DATE="08/17/2001 20:48:46" UPTO_LINK_DATE="08/17/2001 20:48:46" VER_LANGUAGE="Inglês (Estados Unidos) [0x409]" />

<MATCHING_FILE NAME="Connection Wizard\trialoc.dll" SIZE="40960" CHECKSUM="0x187FEDED" BIN_FILE_VERSION="6.0.2600.0" BIN_PRODUCT_VERSION="6.0.2600.0" PRODUCT_VERSION="6.00.2600.0000" FILE_DESCRIPTION="Internet Connection Wizard Trial Reminder Helper" COMPANY_NAME="Microsoft Corporation" PRODUCT_NAME="Microsoft® Windows® Operating System" FILE_VERSION="6.00.2600.0000 (xpclient.010817-1148)" ORIGINAL_FILENAME="trialoc.dll" INTERNAL_NAME="trialoc" LEGAL_COPYRIGHT="© Microsoft Corporation. All rights reserved." VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x40004" VERFILETYPE="0x1" MODULE_TYPE="WIN32" PE_CHECKSUM="0xB866" LINKER_VERSION="0x50001" UPTO_BIN_FILE_VERSION="6.0.2600.0" UPTO_BIN_PRODUCT_VERSION="6.0.2600.0" LINK_DATE="09/05/2001 22:49:49" UPTO_LINK_DATE="09/05/2001 22:49:49" VER_LANGUAGE="Inglês (Estados Unidos) [0x409]" />

<MATCHING_FILE NAME="PLUGINS\nppdf32.dll" SIZE="95864" CHECKSUM="0x4EA71330" BIN_FILE_VERSION="8.1.0.137" BIN_PRODUCT_VERSION="8.1.0.137" PRODUCT_VERSION="8.1.0.2007051000" FILE_DESCRIPTION="Adobe PDF Plug-In For Firefox and Netscape" COMPANY_NAME="Adobe Systems Inc." PRODUCT_NAME="Adobe Acrobat" FILE_VERSION="8.1.0.2007051000" ORIGINAL_FILENAME="NPPDF32.DLL" LEGAL_COPYRIGHT="Copyright 1984-2007 Adobe Systems Incorporated and its licensors. All rights reserved." VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x10001" VERFILETYPE="0x2" MODULE_TYPE="WIN32" PE_CHECKSUM="0x23F99" LINKER_VERSION="0x0" UPTO_BIN_FILE_VERSION="8.1.0.137" UPTO_BIN_PRODUCT_VERSION="8.1.0.137" LINK_DATE="05/11/2007 06:52:26" UPTO_LINK_DATE="05/11/2007 06:52:26" VER_LANGUAGE="Inglês (Estados Unidos) [0x409]" />

<MATCHING_FILE NAME="PLUGINS\npqtplugin.dll" SIZE="126976" CHECKSUM="0xEDE0CEAA" BIN_FILE_VERSION="7.0.4.80" BIN_PRODUCT_VERSION="7.0.4.80" PRODUCT_VERSION="QuickTime 7.0.4" FILE_DESCRIPTION="The QuickTime Plugin allows you to view a wide variety of multimedia content in Web pages. For more information, visit the <A HREF=http://www.apple.com/quicktime/>QuickTime</A> Web site." COMPANY_NAME="Apple Computer, Inc." PRODUCT_NAME="QuickTime Plug-in 7.0.4" FILE_VERSION="7.0.4" ORIGINAL_FILENAME="npqtplugin.dll" INTERNAL_NAME="QuickTime Plug-In" LEGAL_COPYRIGHT="Copyright Apple Computer, Inc. 1989-2006" VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x4" VERFILETYPE="0x2" MODULE_TYPE="WIN32" PE_CHECKSUM="0x0" LINKER_VERSION="0x0" UPTO_BIN_FILE_VERSION="7.0.4.80" UPTO_BIN_PRODUCT_VERSION="7.0.4.80" LINK_DATE="12/08/2005 21:42:10" UPTO_LINK_DATE="12/08/2005 21:42:10" VER_LANGUAGE="Inglês (Estados Unidos) [0x409]" />

<MATCHING_FILE NAME="PLUGINS\npqtplugin2.dll" SIZE="126976" CHECKSUM="0xEDE0CEAA" BIN_FILE_VERSION="7.0.4.80" BIN_PRODUCT_VERSION="7.0.4.80" PRODUCT_VERSION="QuickTime 7.0.4" FILE_DESCRIPTION="The QuickTime Plugin allows you to view a wide variety of multimedia content in Web pages. For more information, visit the <A HREF=http://www.apple.com/quicktime/>QuickTime</A> Web site." COMPANY_NAME="Apple Computer, Inc." PRODUCT_NAME="QuickTime Plug-in 7.0.4" FILE_VERSION="7.0.4" ORIGINAL_FILENAME="npqtplugin.dll" INTERNAL_NAME="QuickTime Plug-In" LEGAL_COPYRIGHT="Copyright Apple Computer, Inc. 1989-2006" VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x4" VERFILETYPE="0x2" MODULE_TYPE="WIN32" PE_CHECKSUM="0x0" LINKER_VERSION="0x0" UPTO_BIN_FILE_VERSION="7.0.4.80" UPTO_BIN_PRODUCT_VERSION="7.0.4.80" LINK_DATE="12/08/2005 21:42:10" UPTO_LINK_DATE="12/08/2005 21:42:10" VER_LANGUAGE="Inglês (Estados Unidos) [0x409]" />

<MATCHING_FILE NAME="PLUGINS\npqtplugin3.dll" SIZE="126976" CHECKSUM="0xEDE0CEAA" BIN_FILE_VERSION="7.0.4.80" BIN_PRODUCT_VERSION="7.0.4.80" PRODUCT_VERSION="QuickTime 7.0.4" FILE_DESCRIPTION="The QuickTime Plugin allows you to view a wide variety of multimedia content in Web pages. For more information, visit the <A HREF=http://www.apple.com/quicktime/>QuickTime</A> Web site." COMPANY_NAME="Apple Computer, Inc." PRODUCT_NAME="QuickTime Plug-in 7.0.4" FILE_VERSION="7.0.4" ORIGINAL_FILENAME="npqtplugin.dll" INTERNAL_NAME="QuickTime Plug-In" LEGAL_COPYRIGHT="Copyright Apple Computer, Inc. 1989-2006" VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x4" VERFILETYPE="0x2" MODULE_TYPE="WIN32" PE_CHECKSUM="0x0" LINKER_VERSION="0x0" UPTO_BIN_FILE_VERSION="7.0.4.80" UPTO_BIN_PRODUCT_VERSION="7.0.4.80" LINK_DATE="12/08/2005 21:42:10" UPTO_LINK_DATE="12/08/2005 21:42:10" VER_LANGUAGE="Inglês (Estados Unidos) [0x409]" />

<MATCHING_FILE NAME="PLUGINS\npqtplugin4.dll" SIZE="126976" CHECKSUM="0xEDE0CEAA" BIN_FILE_VERSION="7.0.4.80" BIN_PRODUCT_VERSION="7.0.4.80" PRODUCT_VERSION="QuickTime 7.0.4" FILE_DESCRIPTION="The QuickTime Plugin allows you to view a wide variety of multimedia content in Web pages. For more information, visit the <A HREF=http://www.apple.com/quicktime/>QuickTime</A> Web site." COMPANY_NAME="Apple Computer, Inc." PRODUCT_NAME="QuickTime Plug-in 7.0.4" FILE_VERSION="7.0.4" ORIGINAL_FILENAME="npqtplugin.dll" INTERNAL_NAME="QuickTime Plug-In" LEGAL_COPYRIGHT="Copyright Apple Computer, Inc. 1989-2006" VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x4" VERFILETYPE="0x2" MODULE_TYPE="WIN32" PE_CHECKSUM="0x0" LINKER_VERSION="0x0" UPTO_BIN_FILE_VERSION="7.0.4.80" UPTO_BIN_PRODUCT_VERSION="7.0.4.80" LINK_DATE="12/08/2005 21:42:10" UPTO_LINK_DATE="12/08/2005 21:42:10" VER_LANGUAGE="Inglês (Estados Unidos) [0x409]" />

<MATCHING_FILE NAME="PLUGINS\npqtplugin5.dll" SIZE="126976" CHECKSUM="0xEDE0CEAA" BIN_FILE_VERSION="7.0.4.80" BIN_PRODUCT_VERSION="7.0.4.80" PRODUCT_VERSION="QuickTime 7.0.4" FILE_DESCRIPTION="The QuickTime Plugin allows you to view a wide variety of multimedia content in Web pages. For more information, visit the <A HREF=http://www.apple.com/quicktime/>QuickTime</A> Web site." COMPANY_NAME="Apple Computer, Inc." PRODUCT_NAME="QuickTime Plug-in 7.0.4" FILE_VERSION="7.0.4" ORIGINAL_FILENAME="npqtplugin.dll" INTERNAL_NAME="QuickTime Plug-In" LEGAL_COPYRIGHT="Copyright Apple Computer, Inc. 1989-2006" VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x4" VERFILETYPE="0x2" MODULE_TYPE="WIN32" PE_CHECKSUM="0x0" LINKER_VERSION="0x0" UPTO_BIN_FILE_VERSION="7.0.4.80" UPTO_BIN_PRODUCT_VERSION="7.0.4.80" LINK_DATE="12/08/2005 21:42:10" UPTO_LINK_DATE="12/08/2005 21:42:10" VER_LANGUAGE="Inglês (Estados Unidos) [0x409]" />

<MATCHING_FILE NAME="PLUGINS\npqtplugin6.dll" SIZE="126976" CHECKSUM="0xEDE0CEAA" BIN_FILE_VERSION="7.0.4.80" BIN_PRODUCT_VERSION="7.0.4.80" PRODUCT_VERSION="QuickTime 7.0.4" FILE_DESCRIPTION="The QuickTime Plugin allows you to view a wide variety of multimedia content in Web pages. For more information, visit the <A HREF=http://www.apple.com/quicktime/>QuickTime</A> Web site." COMPANY_NAME="Apple Computer, Inc." PRODUCT_NAME="QuickTime Plug-in 7.0.4" FILE_VERSION="7.0.4" ORIGINAL_FILENAME="npqtplugin.dll" INTERNAL_NAME="QuickTime Plug-In" LEGAL_COPYRIGHT="Copyright Apple Computer, Inc. 1989-2006" VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x4" VERFILETYPE="0x2" MODULE_TYPE="WIN32" PE_CHECKSUM="0x0" LINKER_VERSION="0x0" UPTO_BIN_FILE_VERSION="7.0.4.80" UPTO_BIN_PRODUCT_VERSION="7.0.4.80" LINK_DATE="12/08/2005 21:42:10" UPTO_LINK_DATE="12/08/2005 21:42:10" VER_LANGUAGE="Inglês (Estados Unidos) [0x409]" />

<MATCHING_FILE NAME="PLUGINS\npqtplugin7.dll" SIZE="126976" CHECKSUM="0xEDE0CEAA" BIN_FILE_VERSION="7.0.4.80" BIN_PRODUCT_VERSION="7.0.4.80" PRODUCT_VERSION="QuickTime 7.0.4" FILE_DESCRIPTION="The QuickTime Plugin allows you to view a wide variety of multimedia content in Web pages. For more information, visit the <A HREF=http://www.apple.com/quicktime/>QuickTime</A> Web site." COMPANY_NAME="Apple Computer, Inc." PRODUCT_NAME="QuickTime Plug-in 7.0.4" FILE_VERSION="7.0.4" ORIGINAL_FILENAME="npqtplugin.dll" INTERNAL_NAME="QuickTime Plug-In" LEGAL_COPYRIGHT="Copyright Apple Computer, Inc. 1989-2006" VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x4" VERFILETYPE="0x2" MODULE_TYPE="WIN32" PE_CHECKSUM="0x0" LINKER_VERSION="0x0" UPTO_BIN_FILE_VERSION="7.0.4.80" UPTO_BIN_PRODUCT_VERSION="7.0.4.80" LINK_DATE="12/08/2005 21:42:10" UPTO_LINK_DATE="12/08/2005 21:42:10" VER_LANGUAGE="Inglês (Estados Unidos) [0x409]" />

</EXE>

<EXE NAME="tbMin0.dll" FILTER="GRABMI_FILTER_THISFILEONLY">

<MATCHING_FILE NAME="tbMin0.dll" SIZE="2735200" CHECKSUM="0xB8A2FDD7" BIN_FILE_VERSION="5.7.3.1" BIN_PRODUCT_VERSION="5.7.3.1" PRODUCT_VERSION="5, 7, 3, 1" FILE_DESCRIPTION="Conduit Toolbar" COMPANY_NAME="Conduit Ltd." PRODUCT_NAME="Conduit Toolbar" FILE_VERSION="5, 7, 3, 1" INTERNAL_NAME="Conduit Toolbar" LEGAL_COPYRIGHT="Copyright © Conduit Ltd. 2008" VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x40004" VERFILETYPE="0x2" MODULE_TYPE="WIN32" PE_CHECKSUM="0x2A38BC" LINKER_VERSION="0x0" UPTO_BIN_FILE_VERSION="5.7.3.1" UPTO_BIN_PRODUCT_VERSION="5.7.3.1" LINK_DATE="08/31/2010 08:01:56" UPTO_LINK_DATE="08/31/2010 08:01:56" VER_LANGUAGE="Inglês (Estados Unidos) [0x409]" />

</EXE>

<EXE NAME="kernel32.dll" FILTER="GRABMI_FILTER_THISFILEONLY">

<MATCHING_FILE NAME="kernel32.dll" SIZE="1028608" CHECKSUM="0x63EAC374" BIN_FILE_VERSION="5.1.2600.5781" BIN_PRODUCT_VERSION="5.1.2600.5781" PRODUCT_VERSION="5.1.2600.5781" FILE_DESCRIPTION="DLL cliente da API BASE do Windows NT" COMPANY_NAME="Microsoft Corporation" PRODUCT_NAME="Sistema operacional Microsoft® Windows®" FILE_VERSION="5.1.2600.5781 (xpsp_sp3_gdr.090321-1317)" ORIGINAL_FILENAME="kernel32" INTERNAL_NAME="kernel32" LEGAL_COPYRIGHT="© Microsoft Corporation. Todos os direitos reservados." VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x40004" VERFILETYPE="0x2" MODULE_TYPE="WIN32" PE_CHECKSUM="0x105C8B" LINKER_VERSION="0x50001" UPTO_BIN_FILE_VERSION="5.1.2600.5781" UPTO_BIN_PRODUCT_VERSION="5.1.2600.5781" LINK_DATE="03/21/2009 14:08:53" UPTO_LINK_DATE="03/21/2009 14:08:53" VER_LANGUAGE="Português (Brasil) [0x416]" />

</EXE>

</DATABASE>

[wings 22]

Nada de anormal no log do AVZ.

 

1.

*Execute o AVZ

*Clique [File] > [Custom Scripts]

*Cole o código no espaço em branco

begin

ExecuteStdScr(6);

RebootWindows(true);

end.

*Clique [Run]

*O PC será reiniciado

*Delete a pasta avz4 e o arquivo avz_log localizados no desktop.

 

2.

*Baixe o SystemLook e salve-o no desktop

*Execute o SystemLook

*Cole o código no espaço em branco:

:filefind

sfcfiles.dll

*Clique [Look]

*Cole o relatório SystemLook.txt localizado no desktop

[Bond2006 0]

Ola apaguei a pasta do avz4 juntamente com o arquivo avz_log e baixei o Systemlook mais quando cliquei em executar apareceu uma caixa de dialogo escrito :

 

C:Documents and Setings\home\Desktop\SystemLook.exe

 

 

 

Falha na inicializaçao do aplicativo devido a configuração incorreta.A reinstalaçao do aplicativo pode resolver o problema.

 

 

Cliquei em Ok deletei e baixei novamente mais recebi a mensagem acima novamente,aguardo novo contato.

[wings 22]

1.

*Delete o SystemLook

 

2.

*Delete o Avenger, a pasta C:\avenger e o arquivo C:\avenger.txt

 

3.

*Baixe o Fix IE Utility e extraia o conteúdo para o desktop

*Feche o Internet Explorer

*Execute o Fix IE Utility e clique [Run Utility]

 

 

Caso o problema persista...

 

4.

*Dê boot com o cd do Windows.

*Na tela inicial, tecle R > [Enter] para fazer uma reparação do Windows.

 

 

Seu problema não tem relação com malwares.