Fórum SecSecurity

Implementando Limpeza e Seguranca em seu computador!

Palavras chave

Últimos assuntos

» ResetBrowser ( ... de Nicolas Coolman )
Ter Maio 31, 2016 5:58 am por joram

» herdProtectScan ( ... by herdprotect.com )
Seg Mar 07, 2016 10:58 pm por joram

» Emsisoft Emergency Kit ( ... by Emsisoft.com )
Dom Fev 28, 2016 5:40 am por joram

» Dr.WEB Link Checker ( ... by Doctor Web.Ltd )
Qui Fev 11, 2016 9:51 am por joram

» Computador com erros no navegador
Sab Ago 29, 2015 8:04 pm por joram

» Justiça determina que PSafe retire alertas desleais
Qua Ago 19, 2015 6:58 am por joram

» Google vai fazer buscas offline internas no desktop do seu PC
Ter Ago 18, 2015 8:19 am por joram

» Baidu lança buscador no Brasil!
Seg Ago 17, 2015 12:25 pm por joram

» Kaspersky é acusada de inventar vírus!
Sex Ago 14, 2015 3:32 pm por joram

Dezembro 2016

SegTerQuaQuiSexSabDom
   1234
567891011
12131415161718
19202122232425
262728293031 

Calendário Calendário

Parceiros

Fórum grátis

Os membros mais marcados


    Quando acesso o IE abre varias paginas

    Compartilhe

    Edvan
    Membro
    Membro

    Mensagens : 428
    Data de inscrição : 14/02/2013
    Idade : 36
    Localização : Natal/RN

    Quando acesso o IE abre varias paginas

    Mensagem por Edvan em Ter Jun 04, 2013 9:50 pm

    # AdwCleaner v2.301 - Relatório criado em 03/06/2013 às 04:18:45
    # Atualizado em 16/05/2013 por Xplode
    # Sistema Operacional : Microsoft Windows XP Service Pack 3 (32 bits)
    # Usuário : Paulinho - PAULINHO-778192
    # Modo de Boot : Normal
    # Executado de : C:\Documents and Settings\Paulinho\Meus documentos\Downloads\adwcleaner.exe
    # Opção [Remover]


    ***** [Serviços] *****

    Encerrado & Removido : BrowserProtect
    Encerrado & Removido : Yontoo Desktop Updater

    ***** [Arquivos/Pastas] *****

    Arquivo Removido : C:\Arquivos de programas\Mozilla Firefox\searchplugins\babylon.xml
    Arquivo Removido : C:\Documents and Settings\Paulinho\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\bProtector Web Data
    Arquivo Removido : C:\Documents and Settings\Paulinho\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\bprotectorpreferences
    Arquivo Removido : C:\Documents and Settings\Paulinho\Dados de aplicativos\BabMaint.exe
    Arquivo Removido : C:\Documents and Settings\Paulinho\Dados de aplicativos\Mozilla\Firefox\Profiles\pge0mysw.default\bprotector_extensions.sqlite
    Arquivo Removido : C:\Documents and Settings\Paulinho\Dados de aplicativos\Mozilla\Firefox\Profiles\pge0mysw.default\bprotector_prefs.js
    Arquivo Removido : C:\Documents and Settings\Paulinho\Dados de aplicativos\Mozilla\Firefox\Profiles\pge0mysw.default\searchplugins\Askcom.xml
    Arquivo Removido : C:\Documents and Settings\Paulinho\Dados de aplicativos\Mozilla\Firefox\Profiles\pge0mysw.default\searchplugins\Babylon.xml
    Arquivo Removido : C:\Documents and Settings\Paulinho\Dados de aplicativos\Mozilla\Firefox\Profiles\pge0mysw.default\searchplugins\BrowserProtect.xml
    Arquivo Removido : C:\Documents and Settings\Paulinho\Dados de aplicativos\Mozilla\Firefox\Profiles\pge0mysw.default\searchplugins\delta.xml
    Arquivo Removido : C:\Documents and Settings\Paulinho\Dados de aplicativos\Mozilla\Firefox\Profiles\pge0mysw.default\searchplugins\my-web-search.xml
    Arquivo Removido : C:\WINDOWS\Tasks\EPUpdater.job
    Pasta Removido : C:\Arquivos de programas\DealPly
    Pasta Removido : C:\Arquivos de programas\Delta
    Pasta Removido : C:\Arquivos de programas\Yontoo
    Pasta Removido : C:\Documents and Settings\All Users\Dados de aplicativos\Babylon
    Pasta Removido : C:\Documents and Settings\All Users\Dados de aplicativos\Tarma Installer
    Pasta Removido : C:\Documents and Settings\Paulinho\Configurações locais\Dados de aplicativos\APN
    Pasta Removido : C:\Documents and Settings\Paulinho\Dados de aplicativos\BabSolution
    Pasta Removido : C:\Documents and Settings\Paulinho\Dados de aplicativos\Babylon
    Pasta Removido : C:\Documents and Settings\Paulinho\Dados de aplicativos\DealPly
    Pasta Removido : C:\Documents and Settings\Paulinho\Dados de aplicativos\Delta
    Pasta Removido : C:\Documents and Settings\Paulinho\Dados de aplicativos\Mozilla\Firefox\Profiles\pge0mysw.default\extensions\amo@dealplyshopping.com
    Pasta Removido : C:\Documents and Settings\Paulinho\Dados de aplicativos\Mozilla\Firefox\Profiles\pge0mysw.default\extensions\ffxtlbr@delta.com
    Pasta Removido : C:\Documents and Settings\Paulinho\Dados de aplicativos\Mozilla\Firefox\Profiles\pge0mysw.default\extensions\plugin@yontoo.com
    Pasta Removido : C:\Documents and Settings\Paulinho\Dados de aplicativos\Yontoo
    Pasta Removido : C:\Documents and Settings\Paulinho\Menu Iniciar\Programas\DealPly
    Removido Durante o reboot : C:\Documents and Settings\All Users\Dados de aplicativos\BrowserProtect

    ***** [Registro] *****

    Chave Removida : HKCU\Software\5928adfb66fee48
    Chave Removida : HKCU\Software\BabylonToolbar
    Chave Removida : HKCU\Software\DataMngr
    Chave Removida : HKCU\Software\DataMngr_Toolbar
    Chave Removida : HKCU\Software\DealPly
    Chave Removida : HKCU\Software\Delta
    Chave Removida : HKCU\Software\delta LTD
    Chave Removida : HKCU\Software\InstallCore
    Chave Removida : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
    Chave Removida : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
    Chave Removida : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{82E1477C-B154-48D3-9891-33D83C26BCD3}
    Chave Removida : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}
    Chave Removida : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF7BD87A-8024-11E2-F316-F3E56188709B}
    Chave Removida : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
    Chave Removida : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{312F84FB-8970-4FD3-BDDB-7012EAC4AFC9}
    Chave Removida : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{82E1477C-B154-48D3-9891-33D83C26BCD3}
    Chave Removida : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}
    Chave Removida : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C547C6C2-561B-4169-A2A5-20BA771CA93B}
    Chave Removida : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
    Chave Removida : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF7BD87A-8024-11E2-F316-F3E56188709B}
    Chave Removida : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
    Chave Removida : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\DealPly
    Chave Removida : HKLM\SOFTWARE\5928adfb66fee48
    Chave Removida : HKLM\Software\Babylon
    Chave Removida : HKLM\Software\BabylonToolbar
    Chave Removida : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
    Chave Removida : HKLM\SOFTWARE\Classes\AppID\{39CB8175-E224-4446-8746-00566302DF8D}
    Chave Removida : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
    Chave Removida : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
    Chave Removida : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
    Chave Removida : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
    Chave Removida : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
    Chave Removida : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
    Chave Removida : HKLM\SOFTWARE\Classes\AppID\escort.DLL
    Chave Removida : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
    Chave Removida : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
    Chave Removida : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
    Chave Removida : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
    Chave Removida : HKLM\SOFTWARE\Classes\AppID\secman.DLL
    Chave Removida : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL
    Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
    Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{261DD098-8A3E-43D4-87AA-63324FA897D8}
    Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{4FCB4630-2A1C-4AA1-B422-345E8DC8A6DE}
    Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
    Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{7E84186E-B5DE-4226-8A66-6E49C6B511B4}
    Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
    Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
    Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{82E1477C-B154-48D3-9891-33D83C26BCD3}
    Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{86838207-681D-469D-9511-D0DCC6F19F9B}
    Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{99066096-8989-4612-841F-621A01D54AD7}
    Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}
    Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
    Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{E97A663B-81A6-49C5-A6D3-BCB05BA1DE26}
    Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{EF7BD87A-8024-11E2-F316-F3E56188709B}
    Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
    Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
    Chave Removida : HKLM\SOFTWARE\Classes\delta.deltaappCore
    Chave Removida : HKLM\SOFTWARE\Classes\delta.deltaappCore.1
    Chave Removida : HKLM\SOFTWARE\Classes\delta.deltadskBnd
    Chave Removida : HKLM\SOFTWARE\Classes\delta.deltadskBnd.1
    Chave Removida : HKLM\SOFTWARE\Classes\delta.deltaHlpr
    Chave Removida : HKLM\SOFTWARE\Classes\delta.deltaHlpr.1
    Chave Removida : HKLM\SOFTWARE\Classes\escort.escortIEPane
    Chave Removida : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
    Chave Removida : HKLM\SOFTWARE\Classes\esrv.deltaESrvc
    Chave Removida : HKLM\SOFTWARE\Classes\esrv.deltaESrvc.1
    Chave Removida : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
    Chave Removida : HKLM\SOFTWARE\Classes\Interface\{1231839B-064E-4788-B865-465A1B5266FD}
    Chave Removida : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
    Chave Removida : HKLM\SOFTWARE\Classes\Interface\{2DAC2231-CC35-482B-97C5-CED1D4185080}
    Chave Removida : HKLM\SOFTWARE\Classes\Interface\{3F1CD84C-04A3-4EA0-9EA1-7D134FD66C82}
    Chave Removida : HKLM\SOFTWARE\Classes\Interface\{3F83A9CA-B5F0-44EC-9357-35BB3E84B07F}
    Chave Removida : HKLM\SOFTWARE\Classes\Interface\{47E520EA-CAD2-4F51-8F30-613B3A1C33EB}
    Chave Removida : HKLM\SOFTWARE\Classes\Interface\{57C91446-8D81-4156-A70E-624551442DE9}
    Chave Removida : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
    Chave Removida : HKLM\SOFTWARE\Classes\Interface\{70AFB7B2-9FB5-4A70-905B-0E9576142E1D}
    Chave Removida : HKLM\SOFTWARE\Classes\Interface\{7AD65FD1-79E0-406D-B03C-DD7C14726D69}
    Chave Removida : HKLM\SOFTWARE\Classes\Interface\{97DD820D-2E20-40AD-B01E-6730B2FCE630}
    Chave Removida : HKLM\SOFTWARE\Classes\Interface\{B177446D-54A4-4869-BABC-8566110B4BE0}
    Chave Removida : HKLM\SOFTWARE\Classes\Interface\{D9D1DFC5-502D-43E4-B1BB-4D0B7841489A}
    Chave Removida : HKLM\SOFTWARE\Classes\Interface\{E0B07188-A528-4F9E-B2F7-C7FDE8680AE4}
    Chave Removida : HKLM\SOFTWARE\Classes\Interface\{F05B12E1-ADE8-4485-B45B-898748B53C37}
    Chave Removida : HKLM\SOFTWARE\Classes\Prod.cap
    Chave Removida : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
    Chave Removida : HKLM\SOFTWARE\Classes\TypeLib\{39CB8175-E224-4446-8746-00566302DF8D}
    Chave Removida : HKLM\SOFTWARE\Classes\TypeLib\{4599D05A-D545-4069-BB42-5895B4EAE05B}
    Chave Removida : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
    Chave Removida : HKLM\SOFTWARE\Classes\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}
    Chave Removida : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
    Chave Removida : HKLM\SOFTWARE\Classes\YontooIEClient.Api
    Chave Removida : HKLM\SOFTWARE\Classes\YontooIEClient.Api.1
    Chave Removida : HKLM\SOFTWARE\Classes\YontooIEClient.Layers
    Chave Removida : HKLM\SOFTWARE\Classes\YontooIEClient.Layers.1
    Chave Removida : HKLM\Software\DataMngr
    Chave Removida : HKLM\Software\DealPly
    Chave Removida : HKLM\Software\Delta
    Chave Removida : HKLM\SOFTWARE\Google\Chrome\Extensions\eooncjejnppfjjklapaamhcdmjbilmde
    Chave Removida : HKLM\SOFTWARE\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc
    Chave Removida : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{348C2DF3-1191-4C3E-92A6-B3A89A9D9C85}
    Chave Removida : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}
    Chave Removida : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EF7BD87A-8024-11E2-F316-F3E56188709B}
    Chave Removida : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
    Chave Removida : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
    Chave Removida : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}
    Chave Removida : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
    Chave Removida : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DealPly
    Chave Removida : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Delta
    Chave Removida : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Delta Chrome Toolbar
    Chave Removida : HKLM\Software\Tarma Installer
    Chave Removida : HKU\S-1-5-21-1801674531-1060284298-839522115-1003\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
    Dados Removida : HKLM\..\Windows [AppInit_DLLs] = c:\docume~1\alluse~1\dadosd~1\browse~1\261339~1.144\{c16c1~1\browse~1.dll
    Valor Removida : HKCU\Software\Microsoft\Internet Explorer\Main [bprotector start page]
    Valor Removida : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [bProtectorDefaultScope]
    Valor Removida : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Yontoo Desktop]
    Valor Removida : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{82E1477C-B154-48D3-9891-33D83C26BCD3}]

    ***** [Navegadores] *****

    -\\ Internet Explorer v8.0.6001.18702

    [OK] Registro está limpo.

    -\\ Mozilla Firefox v21.0 (pt-BR)

    Arquivo : C:\Documents and Settings\Paulinho\Dados de aplicativos\Mozilla\Firefox\Profiles\pge0mysw.default\prefs.js

    C:\Documents and Settings\Paulinho\Dados de aplicativos\Mozilla\Firefox\Profiles\pge0mysw.default\user.js ... Removido !

    Removida : user_pref("browser.search.defaultengine", "Ask.com");
    Removida : user_pref("browser.search.defaultenginename", "My Web Search");
    Removida : user_pref("browser.search.order.1", "Ask.com");
    Removida : user_pref("extensions.delta.bbDpng", "2");
    Removida : user_pref("extensions.delta.cntry", "BR");
    Removida : user_pref("extensions.delta.hdrMd5", "");
    Removida : user_pref("extensions.delta.lastVrsnTs", "");
    Removida : user_pref("extensions.delta.sg", "er");
    Removida : user_pref("extensions.delta.smplGrp", "er");
    Removida : user_pref("extensions.mywebsearch.prevDefaultEngine", "Ask.com");
    Removida : user_pref("extensions.mywebsearch.prevKwdEnabled", true);
    Removida : user_pref("extensions.mywebsearch.prevSelectedEngine", "Google");
    Removida : user_pref("extensions.toolbar.mindspark._4zMembers_.homepage", "hxxp://home.mywebsearch.com/index.jh[...]
    Removida : user_pref("extentions.y2layers.installId", "C2057465-C420-8471-E07D-FEDD4EF2FCA3");
    Removida : user_pref("extentions.y2layers.installId_backup", "C2057465-C420-8471-E07D-FEDD4EF2FCA3");
    Removida : user_pref("keyword.URL", "hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?st=kwd&ptb=666AFD43[...]

    -\\ Google Chrome v27.0.1453.94

    Arquivo : C:\Documents and Settings\Paulinho\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\Preferences

    [OK] Arquivo está limpo.

    *************************

    AdwCleaner[S2].txt - [14806 octets] - [03/06/2013 04:18:45]

    ########## EOF - C:\AdwCleaner[S2].txt - [14867 octets] ##########




    ComboFix 13-06-03.06 - Paulinho 04/06/2013 18:30:40.1.1 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.959.624 [GMT -3:00]
    Executando de: c:\documents and settings\Paulinho\Desktop\ComboFix.exe
    AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
    FW: avast! Antivirus *Disabled* {7591DB91-41F0-48A3-B128-1A293FD8233D}
    .
    .
    ((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\arquivos de programas\YTKaraoke\ytKAraoke.dll
    .
    .
    (((((((((((((((( Arquivos/Ficheiros criados de 2013-05-04 to 2013-06-04 ))))))))))))))))))))))))))))
    .
    .
    2013-06-04 20:29 . 2013-06-04 20:29 -------- d-sh--w- c:\documents and settings\Paulinho\IECompatCache
    2013-06-03 08:09 . 2013-05-09 08:59 49376 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
    2013-06-03 08:09 . 2013-05-09 08:59 174664 ----a-w- c:\windows\system32\drivers\aswVmm.sys
    2013-06-03 08:09 . 2013-05-09 08:59 66336 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
    2013-05-26 02:11 . 2013-05-26 02:11 262552 ----a-w- c:\arquivos de programas\Mozilla Firefox\browser\components\browsercomps.dll
    2013-05-23 01:44 . 2013-06-04 21:35 -------- d-----w- c:\arquivos de programas\YTKaraoke
    .
    .
    .
    ((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2013-05-13 09:04 . 2012-03-29 23:10 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2013-05-13 09:04 . 2012-03-29 23:10 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2013-05-09 08:59 . 2012-07-02 11:09 765736 ----a-w- c:\windows\system32\drivers\aswSnx.sys
    2013-05-09 08:59 . 2012-03-27 21:01 368944 ----a-w- c:\windows\system32\drivers\aswSP.sys
    2013-05-09 08:59 . 2012-03-27 21:01 56080 ----a-w- c:\windows\system32\drivers\aswTdi.sys
    2013-05-09 08:59 . 2012-03-27 21:01 49760 ----a-w- c:\windows\system32\drivers\aswRdr.sys
    2013-05-09 08:59 . 2012-03-27 21:01 29816 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
    2013-05-09 08:58 . 2012-07-02 11:09 41664 ----a-w- c:\windows\avastSS.scr
    2013-05-09 08:58 . 2012-03-27 21:00 229648 ----a-w- c:\windows\system32\aswBoot.exe
    .
    .
    (((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))
    .
    .
    *Nota* entradas vazias e legítimas por padrão não são apresentadas.
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
    @="{472083B0-C522-11CF-8763-00608CC02F24}"
    [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
    2013-05-09 08:58 121968 ----a-w- c:\arquivos de programas\Alwil Software\Avast5\ashShell.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "swg"="c:\arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-03-28 39408]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^HP Digital Imaging Monitor.lnk]
    path=c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\HP Digital Imaging Monitor.lnk
    backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^McAfee Security Scan Plus.lnk]
    path=c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\McAfee Security Scan Plus.lnk
    backup=c:\windows\pss\McAfee Security Scan Plus.lnkCommon Startup
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    2007-05-11 06:06 40048 ----a-w- c:\arquivos de programas\Adobe\Reader 8.0\Reader\reader_sl.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
    2008-04-13 22:20 15360 ----a-w- c:\windows\system32\ctfmon.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HDAudDeck]
    2007-05-11 07:47 790528 ----a-w- c:\arquivos de programas\VIA\VIAudioi\HDADeck\HDeck.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
    2010-04-17 01:12 3872080 ----a-w- c:\arquivos de programas\Windows Live\Messenger\msnmsgr.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\S3Trayp]
    2007-02-05 23:30 176128 ----a-w- c:\windows\system32\S3Trayp.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
    2012-11-09 13:27 17877168 ----a-r- c:\arquivos de programas\Skype\Phone\Skype.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    2012-01-18 17:02 254696 ----a-w- c:\arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
    2012-03-28 14:15 39408 ----a-w- c:\arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTimer]
    2006-09-21 08:36 53248 ----a-w- c:\windows\system32\VTTimer.exe
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe"=
    "c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=
    "c:\\Arquivos de programas\\HP2\\Digital Imaging\\bin\\hpqtra08.exe"=
    "c:\\Arquivos de programas\\HP2\\Digital Imaging\\bin\\hpqste08.exe"=
    "c:\\Arquivos de programas\\HP2\\Digital Imaging\\bin\\hposid01.exe"=
    "c:\\Arquivos de programas\\HP2\\Digital Imaging\\bin\\hpqkygrp.exe"=
    "c:\\Arquivos de programas\\HP2\\Digital Imaging\\bin\\hpqcopy2.exe"=
    "c:\\Arquivos de programas\\HP2\\Digital Imaging\\bin\\hpfcCopy.exe"=
    "c:\\Arquivos de programas\\HP2\\Digital Imaging\\bin\\hpoews01.exe"=
    "c:\\Arquivos de programas\\HP2\\Digital Imaging\\bin\\hpiscnapp.exe"=
    "c:\\Arquivos de programas\\HP2\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
    "c:\\Arquivos de programas\\HP2\\Digital Imaging\\bin\\hpqgpc01.exe"=
    "c:\\Arquivos de programas\\HP2\\Digital Imaging\\bin\\hpqusgm.exe"=
    "c:\\Arquivos de programas\\HP2\\Digital Imaging\\bin\\hpqusgh.exe"=
    "c:\\Arquivos de programas\\HP2\\Digital Imaging\\smart web printing\\SmartWebPrintExe.exe"=
    "c:\\Arquivos de programas\\Skype\\Phone\\Skype.exe"=
    "c:\\WINDOWS\\system32\\muzapp.exe"=
    .
    R0 360HookOem;360HookOem;c:\windows\system32\drivers\360HookOem.sys [15/08/2012 17:01 54912]
    R0 aswRvrt;aswRvrt;c:\windows\system32\drivers\aswRvrt.sys [03/06/2013 05:09 49376]
    R0 aswVmm;aswVmm;c:\windows\system32\drivers\aswVmm.sys [03/06/2013 05:09 174664]
    R0 ViBus;ViBus;c:\windows\system32\drivers\ViBus.sys [27/03/2012 18:34 16896]
    R0 ViPrt;VIA SATA IDE Device Driver;c:\windows\system32\drivers\ViPrt.sys [27/03/2012 18:34 52224]
    R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [02/07/2012 08:09 765736]
    R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [27/03/2012 18:01 368944]
    R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [27/03/2012 18:01 29816]
    R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [03/06/2013 05:09 66336]
    S2 Skype C2C Service;Skype C2C Service;c:\documents and settings\All Users\Dados de aplicativos\Skype\Toolbars\Skype C2C Service\c2c_service.exe [02/10/2012 11:13 3064000]
    S2 SkypeUpdate;Skype Updater;c:\arquivos de programas\Skype\Updater\Updater.exe [09/11/2012 10:21 160944]
    S3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys --> c:\windows\system32\drivers\dgderdrv.sys [?]
    S3 WJ2160A;EZ-XDVR Audio Capture Device Ver1.0;c:\windows\system32\drivers\WJ2160A.sys [28/03/2012 11:11 13056]
    S3 WJ2160V;EZ-XDVR Video Capture Device Ver1.0;c:\windows\system32\drivers\WJ2160V.sys [28/03/2012 11:11 24832]
    .
    --- =Outros Serviços/Drivers Na Memória ---
    .
    *NewlyCreated* - ASWMONFLT
    *NewlyCreated* - ASWRVRT
    *NewlyCreated* - ASWVMM
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
    hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
    2013-05-23 07:14 1165776 ----a-w- c:\arquivos de programas\Google\Chrome\Application\27.0.1453.94\Installer\chrmstp.exe
    .
    Conteúdo da pasta 'Tarefas Agendadas'
    .
    2013-06-04 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-29 09:04]
    .
    2013-06-04 c:\windows\Tasks\avast! Emergency Update.job
    - c:\arquivos de programas\Alwil Software\Avast5\AvastEmUpdate.exe [2012-07-02 08:58]
    .
    2013-06-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2012-03-28 14:15]
    .
    2013-06-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2012-03-28 14:15]
    .
    2013-06-04 c:\windows\Tasks\PandaUSBVaccine.job
    - c:\arquivos de programas\Panda USB Vaccine\RunInteractiveWin.exe [2012-03-28 19:45]
    .
    2013-06-04 c:\windows\Tasks\User_Feed_Synchronization-{D356E591-98FE-4E2D-8991-DE70561FCF20}.job
    - c:\windows\system32\msfeedssync.exe [2009-03-08 07:31]
    .
    .
    ------- Scan Suplementar -------
    .
    uStart Page = [Você precisa estar registrado e conectado para ver este link.]
    mStart Page = [Você precisa estar registrado e conectado para ver este link.]
    uInternet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
    IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~2\Office12\EXCEL.EXE/3000
    TCP: DhcpNameServer = 189.124.128.32 189.124.128.33 189.124.128.34
    FF - ProfilePath - c:\documents and settings\Paulinho\Dados de aplicativos\Mozilla\Firefox\Profiles\pge0mysw.default\
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - ExtSQL: 2013-04-08 00:59; [Você precisa estar registrado e conectado para ver este link.]; c:\arquivos de programas\LyricsFinder\FF
    FF - ExtSQL: 2013-04-08 00:59; [Você precisa estar registrado e conectado para ver este link.]; c:\documents and settings\Paulinho\Dados de aplicativos\Mozilla\Firefox\Profiles\pge0mysw.default\extensions\amo@dealplyshopping.com
    FF - ExtSQL: 2013-04-08 01:00; [Você precisa estar registrado e conectado para ver este link.]; c:\documents and settings\Paulinho\Dados de aplicativos\Mozilla\Firefox\Profiles\pge0mysw.default\extensions\plugin@yontoo.com
    FF - ExtSQL: 2013-04-08 01:00; [Você precisa estar registrado e conectado para ver este link.]; c:\documents and settings\Paulinho\Dados de aplicativos\Mozilla\Firefox\Profiles\pge0mysw.default\extensions\ffxtlbr@delta.com
    FF - ExtSQL: 2013-04-22 13:58; [Você precisa estar registrado e conectado para ver este link.]; c:\arquivos de programas\FindLyrics\FF
    FF - ExtSQL: !HIDDEN! 2012-08-15 17:19; [Você precisa estar registrado e conectado para ver este link.]; c:\arquivos de programas\HP2\Digital Imaging\Smart Web Printing\MozillaAddOn3
    .
    - - - - ORFÃOS REMOVIDOS - - - -
    .
    MSConfigStartUp-InCD - c:\arquivos de programas\Nero\Tools\InCD\InCD.exe
    MSConfigStartUp-NBHGui - c:\arquivos de programas\Nero\Tools\InCD\NBHGui.exe
    AddRemove-Video Converter Packages 19 - c:\documents and settings\Paulinho\Dados de aplicativos\Video Converter Packages\uninstaller.exe
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [Você precisa estar registrado e conectado para ver este link.]
    Rootkit scan 2013-06-04 18:35
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    Procurando processos ocultos ...
    .
    Procurando entradas auto inicializáveis ocultas ...
    .
    Procurando ficheiros/arquivos ocultos ...
    .
    Varredura completada com sucesso
    arquivos/ficheiros ocultos: 0
    .
    **************************************************************************
    .
    --------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    Tempo para conclusão: 2013-06-04 18:37:36
    ComboFix-quarantined-files.txt 2013-06-04 21:37
    .
    Pré-execução: 4 pasta(s) 32.927.244.288 bytes disponíveis
    Pós execução: 7 pasta(s) 33.005.223.936 bytes disponíveis
    .
    WindowsXP-KB310994-SP2-Pro-BootDisk-PTG.exe
    [Boot Loader]
    Timeout=2
    Default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
    [Operating Systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    UnsupportedDebug="do not select this" /debug
    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows" /noexecute=optin /fastdetect
    .
    - - End Of File - - 31BF1A1C2DAA5175E678C1D4BAC3CCEC




    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Thisisu
    Version: 4.9.4 (05.06.2013:1)
    OS: Microsoft Windows XP x86
    Ran by Paulinho on 04/06/2013 at 19:44:03,29
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




    ~~~ Services



    ~~~ Registry Values

    Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName
    Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL



    ~~~ Registry Keys

    Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{1BAFF3E4-2F3F-4886-BCB1-31ECEDB59E71}



    ~~~ Files



    ~~~ Folders



    ~~~ FireFox

    Successfully deleted: [File] C:\Documents and Settings\Paulinho\Dados de aplicativos\mozilla\firefox\profiles\pge0mysw.default\invalidprefs.js
    Successfully deleted: [File] C:\Documents and Settings\Paulinho\Dados de aplicativos\mozilla\firefox\profiles\pge0mysw.default\searchplugins\babylon.xml
    Successfully deleted the following from C:\Documents and Settings\Paulinho\Dados de aplicativos\mozilla\firefox\profiles\pge0mysw.default\prefs.js

    user_pref("extensions.toolbar.mindspark._4zMembers_.hp.enabled", true);
    user_pref("extensions.toolbar.mindspark._4zMembers_.initialized", true);
    user_pref("extensions.toolbar.mindspark._4zMembers_.installation.contextKey", "");
    user_pref("extensions.toolbar.mindspark._4zMembers_.installation.installDate", "2012112705");
    user_pref("extensions.toolbar.mindspark._4zMembers_.installation.partnerId", "HJxdm022YYbr");
    user_pref("extensions.toolbar.mindspark._4zMembers_.installation.partnerSubId", "pconverter");
    user_pref("extensions.toolbar.mindspark._4zMembers_.installation.success", true);
    user_pref("extensions.toolbar.mindspark._4zMembers_.installation.toolbarId", "666AFD43-C318-4647-946B-5911C9F6149C");
    user_pref("extensions.toolbar.mindspark._4zMembers_.lastActivePing", "1354000254630");
    user_pref("extensions.toolbar.mindspark._4zMembers_.options.defaultSearch", true);
    user_pref("extensions.toolbar.mindspark._4zMembers_.options.homePageEnabled", true);
    user_pref("extensions.toolbar.mindspark._4zMembers_.options.keywordEnabled", true);
    user_pref("extensions.toolbar.mindspark._4zMembers_.options.tabEnabled", true);
    user_pref("extensions.toolbar.mindspark._4zMembers_.weather.location", "10001");
    user_pref("extensions.toolbar.mindspark.hp.enabled", true);
    user_pref("extensions.toolbar.mindspark.hp.enabled.guid", "[Você precisa estar registrado e conectado para ver este link.]");
    user_pref("extensions.toolbar.mindspark.lastInstalled", "[Você precisa estar registrado e conectado para ver este link.]");





    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on 04/06/2013 at 19:49:32,65
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    Edvan
    Membro
    Membro

    Mensagens : 428
    Data de inscrição : 14/02/2013
    Idade : 36
    Localização : Natal/RN

    Re: Quando acesso o IE abre varias paginas

    Mensagem por Edvan em Ter Jun 04, 2013 10:04 pm

    Log [Você precisa estar registrado e conectado para ver este link.]

    joram
    Administrador Fundador
    Administrador Fundador

    Mensagens : 608
    Data de inscrição : 14/08/2012
    Idade : 63
    Localização : Rio de Janeiro

    Re: Quando acesso o IE abre varias paginas

    Mensagem por joram em Qua Jun 05, 2013 10:29 am

    Bom Dia! Edvan

    |- O ComboFix.exe está em diretório incorreto.
    |- Ps: Tente movê-lo para o desktop,para que possa utilizar o procedimento de script.

    -/-

    |- Selecione e copie,o conteúdo que está em "vermelho",para o Bloco de Notas.
    |- Salve-o,no desktop,com o nome: CFScript << Texto!

    KillAll::
    Firefox::
    FF - ExtSQL: 2013-04-08 00:59; [Você precisa estar registrado e conectado para ver este link.]; c:\arquivos de programas\LyricsFinder\FF
    FF - ExtSQL: 2013-04-08 00:59; [Você precisa estar registrado e conectado para ver este link.]; c:\documents and settings\Paulinho\Dados de aplicativos\Mozilla\Firefox\Profiles\pge0mysw.default\extensions\amo@dealplyshopping.com
    FF - ExtSQL: 2013-04-08 01:00; [Você precisa estar registrado e conectado para ver este link.]; c:\documents and settings\Paulinho\Dados de aplicativos\Mozilla\Firefox\Profiles\pge0mysw.default\extensions\plugin@yontoo.com
    FF - ExtSQL: 2013-04-08 01:00; [Você precisa estar registrado e conectado para ver este link.]; c:\documents and settings\Paulinho\Dados de aplicativos\Mozilla\Firefox\Profiles\pge0mysw.default\extensions\ffxtlbr@delta.com
    FF - ExtSQL: 2013-04-22 13:58; [Você precisa estar registrado e conectado para ver este link.]; c:\arquivos de programas\FindLyrics\FF

    Folder::
    c:\arquivos de programas\FindLyrics
    ClearJavaCache::

    Quit::
    |- Ps: Desabilite,temporariamente,seu antivírus.
    |- Ps: Não utilizem este script em outra máquina!
    |- Arraste,o CFScript.txt para o ícone/interior do ComboFix.
    |- Veja a demonstração!

    [Você precisa estar registrado e conectado para ver esta imagem.]

    |- Atenda à solicitação,que deverá surgir,para rodar o ComboFix.
    |- Ps: Faça o arraste,até surgir essa solicitação! ( janela )
    |- Caso apareça alguma mensagem para atualizar a ferramenta,clique Sim!
    |- Concluindo,poste: C:\ComboFix.txt <<

    -/-

    |- Feche programas/pastas que estejam abertas.
    |- Feche,também,o navegador!
    |- Para Windows Vista,desabilite a [Você precisa estar registrado e conectado para ver este link.].

    [Você precisa estar registrado e conectado para ver esta imagem.]

    |- Para Windows Vista ou 7,clique direito em ZHPFix.exe e execute-o como administrador.
    |- Selecione e copie estas informações,que estão em vermelho,para o "Bloco de Notas".

    [HKLM\Software\360Safe]
    [HKCU\Software\findlyrics]

    c:\documents and settings\Paulinho\Dados de aplicativos\Mozilla\Firefox\Profiles\pge0mysw.default\extensions\ffxtlbr@delta.com
    c:\documents and settings\Paulinho\Dados de aplicativos\Mozilla\Firefox\Profiles\pge0mysw.default\extensions\plugin@yontoo.com
    c:\documents and settings\Paulinho\Dados de aplicativos\Mozilla\Firefox\Profiles\pge0mysw.default\extensions\amo@dealplyshopping.com
    c:\arquivos de programas\LyricsFinder

    proxyfix
    emptytemp
    emptyclsid
    emptyflash
    firewallraz
    sysrestore
    |- Estando com o Bloco de Notas aberto,acione os atalhos: "Ctrl+A" -> "Ctrl+C"
    |- Minimize o Bloco de Notas.

    [Você precisa estar registrado e conectado para ver esta imagem.]

    |- Clique no menu,"Paste ClipBoard".
    |- Evite a opção "Colar" ( Ctrl+V ),no campo amarelo claro,que não habilita o botão "Go".

    [Você precisa estar registrado e conectado para ver este link.]

    |- Clique "GO" -> Oui.

    [Você precisa estar registrado e conectado para ver esta imagem.]

    |- Ps: Temos,àcima,sequência de imagens para maior exclarecimento.
    |- Poste o relatório: C:\ZHP\ZHPFix[R1].txt

    Abs!

    Edvan
    Membro
    Membro

    Mensagens : 428
    Data de inscrição : 14/02/2013
    Idade : 36
    Localização : Natal/RN

    Re: Quando acesso o IE abre varias paginas

    Mensagem por Edvan em Qua Jun 05, 2013 10:27 pm

    Estou fazendo os procedimentos remotamente, então perdi a conexão, esperei um pouco tentei novamente a conexão remota, quando abrir não tinha nenhum relatório, daí executei novamente o script e perdi novamente a conexão, esperei uns 10 minutos e tentei fazer a conexão e tinha esse relatório na tela.


    ComboFix 13-06-05.05 - Paulinho 05/06/2013 23:07:52.2.1 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.959.572 [GMT -3]
    Executando de: c:\documents and settings\Paulinho\Desktop\ComboFix.exe
    Comandos utilizados :: c:\documents and settings\Paulinho\Desktop\CFScript.txt
    AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
    FW: avast! Antivirus *Disabled* {7591DB91-41F0-48A3-B128-1A293FD8233D}
    .
    .
    (((((((((((((((( Arquivos/Ficheiros criados de 2013-05-06 to 2013-06-06 ))))))))))))))))))))))))))))
    .
    .
    2013-06-05 02:02 . 2013-06-05 02:02 512 ----a-w- C:\PhysicalDisk0_MBR.bin
    2013-06-05 01:58 . 2013-06-05 02:02 -------- d-----w- C:\ZHP
    2013-06-05 01:58 . 2013-06-05 02:02 -------- d-----w- c:\arquivos de programas\ZHPDiag
    2013-06-04 22:51 . 2013-06-04 22:51 -------- d-----w- c:\arquivos de programas\TeamViewer
    2013-06-04 22:44 . 2013-06-04 22:44 -------- d-----w- c:\windows\ERUNT
    2013-06-04 22:43 . 2013-06-04 22:43 -------- d-----w- C:\JRT
    2013-06-04 22:36 . 2013-06-04 22:36 -------- d-----w- c:\documents and settings\Paulinho\Configurações locais\Dados de aplicativos\Vitalwerks
    2013-06-04 22:31 . 2013-06-04 22:31 -------- d-----w- c:\arquivos de programas\MSBuild
    2013-06-04 22:31 . 2013-06-04 22:33 -------- d-----w- c:\windows\system32\XPSViewer
    2013-06-04 22:31 . 2013-06-04 22:31 -------- d-----w- c:\arquivos de programas\Reference Assemblies
    2013-06-04 22:30 . 2007-03-22 23:24 28160 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll
    2013-06-04 22:30 . 2006-06-29 16:07 14048 ------w- c:\windows\system32\spmsg2.dll
    2013-06-04 21:53 . 2013-06-04 22:36 -------- d-----w- c:\arquivos de programas\No-IP
    2013-06-04 20:29 . 2013-06-04 20:29 -------- d-sh--w- c:\documents and settings\Paulinho\IECompatCache
    2013-06-03 08:09 . 2013-05-09 08:59 49376 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
    2013-06-03 08:09 . 2013-05-09 08:59 174664 ----a-w- c:\windows\system32\drivers\aswVmm.sys
    2013-06-03 08:09 . 2013-05-09 08:59 66336 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
    2013-05-26 02:11 . 2013-05-26 02:11 262552 ----a-w- c:\arquivos de programas\Mozilla Firefox\browser\components\browsercomps.dll
    2013-05-23 01:44 . 2013-06-04 21:35 -------- d-----w- c:\arquivos de programas\YTKaraoke
    .
    .
    .
    ((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2013-05-13 09:04 . 2012-03-29 23:10 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2013-05-13 09:04 . 2012-03-29 23:10 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2013-05-09 08:59 . 2012-07-02 11:09 765736 ----a-w- c:\windows\system32\drivers\aswSnx.sys
    2013-05-09 08:59 . 2012-03-27 21:01 368944 ----a-w- c:\windows\system32\drivers\aswSP.sys
    2013-05-09 08:59 . 2012-03-27 21:01 56080 ----a-w- c:\windows\system32\drivers\aswTdi.sys
    2013-05-09 08:59 . 2012-03-27 21:01 49760 ----a-w- c:\windows\system32\drivers\aswRdr.sys
    2013-05-09 08:59 . 2012-03-27 21:01 29816 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
    2013-05-09 08:58 . 2012-07-02 11:09 41664 ----a-w- c:\windows\avastSS.scr
    2013-05-09 08:58 . 2012-03-27 21:00 229648 ----a-w- c:\windows\system32\aswBoot.exe
    .
    .
    (((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))
    .
    .
    *Nota* entradas vazias e legítimas por padrão não são apresentadas.
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
    @="{472083B0-C522-11CF-8763-00608CC02F24}"
    [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
    2013-05-09 08:58 121968 ----a-w- c:\arquivos de programas\Alwil Software\Avast5\ashShell.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "swg"="c:\arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-03-28 39408]
    "NoIPDUCv4"="c:\arquivos de programas\No-IP\DUC40.exe" [2013-01-24 270336]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^HP Digital Imaging Monitor.lnk]
    path=c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\HP Digital Imaging Monitor.lnk
    backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^McAfee Security Scan Plus.lnk]
    path=c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\McAfee Security Scan Plus.lnk
    backup=c:\windows\pss\McAfee Security Scan Plus.lnkCommon Startup
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    2007-05-11 06:06 40048 ----a-w- c:\arquivos de programas\Adobe\Reader 8.0\Reader\reader_sl.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
    2008-04-13 22:20 15360 ----a-w- c:\windows\system32\ctfmon.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HDAudDeck]
    2007-05-11 07:47 790528 ----a-w- c:\arquivos de programas\VIA\VIAudioi\HDADeck\HDeck.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
    2010-04-17 01:12 3872080 ----a-w- c:\arquivos de programas\Windows Live\Messenger\msnmsgr.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\S3Trayp]
    2007-02-05 23:30 176128 ----a-w- c:\windows\system32\S3Trayp.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
    2012-11-09 13:27 17877168 ----a-r- c:\arquivos de programas\Skype\Phone\Skype.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    2012-01-18 17:02 254696 ----a-w- c:\arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
    2012-03-28 14:15 39408 ----a-w- c:\arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTimer]
    2006-09-21 08:36 53248 ----a-w- c:\windows\system32\VTTimer.exe
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe"=
    "c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=
    "c:\\Arquivos de programas\\HP2\\Digital Imaging\\bin\\hpqtra08.exe"=
    "c:\\Arquivos de programas\\HP2\\Digital Imaging\\bin\\hpqste08.exe"=
    "c:\\Arquivos de programas\\HP2\\Digital Imaging\\bin\\hposid01.exe"=
    "c:\\Arquivos de programas\\HP2\\Digital Imaging\\bin\\hpqkygrp.exe"=
    "c:\\Arquivos de programas\\HP2\\Digital Imaging\\bin\\hpqcopy2.exe"=
    "c:\\Arquivos de programas\\HP2\\Digital Imaging\\bin\\hpfcCopy.exe"=
    "c:\\Arquivos de programas\\HP2\\Digital Imaging\\bin\\hpoews01.exe"=
    "c:\\Arquivos de programas\\HP2\\Digital Imaging\\bin\\hpiscnapp.exe"=
    "c:\\Arquivos de programas\\HP2\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
    "c:\\Arquivos de programas\\HP2\\Digital Imaging\\bin\\hpqgpc01.exe"=
    "c:\\Arquivos de programas\\HP2\\Digital Imaging\\bin\\hpqusgm.exe"=
    "c:\\Arquivos de programas\\HP2\\Digital Imaging\\bin\\hpqusgh.exe"=
    "c:\\Arquivos de programas\\HP2\\Digital Imaging\\smart web printing\\SmartWebPrintExe.exe"=
    "c:\\Arquivos de programas\\Skype\\Phone\\Skype.exe"=
    "c:\\WINDOWS\\system32\\muzapp.exe"=
    "c:\\Arquivos de programas\\TeamViewer\\Version8\\TeamViewer.exe"=
    "c:\\Arquivos de programas\\TeamViewer\\Version8\\TeamViewer_Service.exe"=
    .
    R0 360HookOem;360HookOem;c:\windows\system32\drivers\360HookOem.sys [15/08/2012 17:01 54912]
    R0 aswRvrt;aswRvrt;c:\windows\system32\drivers\aswRvrt.sys [03/06/2013 05:09 49376]
    R0 aswVmm;aswVmm;c:\windows\system32\drivers\aswVmm.sys [03/06/2013 05:09 174664]
    R0 ViBus;ViBus;c:\windows\system32\drivers\ViBus.sys [27/03/2012 18:34 16896]
    R0 ViPrt;VIA SATA IDE Device Driver;c:\windows\system32\drivers\ViPrt.sys [27/03/2012 18:34 52224]
    R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [02/07/2012 08:09 765736]
    R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [27/03/2012 18:01 368944]
    R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [27/03/2012 18:01 29816]
    R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [03/06/2013 05:09 66336]
    R2 Skype C2C Service;Skype C2C Service;c:\documents and settings\All Users\Dados de aplicativos\Skype\Toolbars\Skype C2C Service\c2c_service.exe [02/10/2012 11:13 3064000]
    R2 TeamViewer8;TeamViewer 8;c:\arquivos de programas\TeamViewer\Version8\TeamViewer_Service.exe [04/06/2013 19:51 3574624]
    S2 SkypeUpdate;Skype Updater;c:\arquivos de programas\Skype\Updater\Updater.exe [09/11/2012 10:21 160944]
    S3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys --> c:\windows\system32\drivers\dgderdrv.sys [?]
    S3 WJ2160A;EZ-XDVR Audio Capture Device Ver1.0;c:\windows\system32\drivers\WJ2160A.sys [28/03/2012 11:11 13056]
    S3 WJ2160V;EZ-XDVR Video Capture Device Ver1.0;c:\windows\system32\drivers\WJ2160V.sys [28/03/2012 11:11 24832]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
    hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
    2013-05-23 07:14 1165776 ----a-w- c:\arquivos de programas\Google\Chrome\Application\27.0.1453.94\Installer\chrmstp.exe
    .
    Conteúdo da pasta 'Tarefas Agendadas'
    .
    2013-06-06 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-29 09:04]
    .
    2013-06-06 c:\windows\Tasks\avast! Emergency Update.job
    - c:\arquivos de programas\Alwil Software\Avast5\AvastEmUpdate.exe [2012-07-02 08:58]
    .
    2013-06-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2012-03-28 14:15]
    .
    2013-06-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2012-03-28 14:15]
    .
    2013-06-06 c:\windows\Tasks\PandaUSBVaccine.job
    - c:\arquivos de programas\Panda USB Vaccine\RunInteractiveWin.exe [2012-03-28 19:45]
    .
    2013-06-06 c:\windows\Tasks\User_Feed_Synchronization-{D356E591-98FE-4E2D-8991-DE70561FCF20}.job
    - c:\windows\system32\msfeedssync.exe [2009-03-08 07:31]
    .
    .
    ------- Scan Suplementar -------
    .
    uStart Page = [Você precisa estar registrado e conectado para ver este link.]
    mStart Page = [Você precisa estar registrado e conectado para ver este link.]
    uInternet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
    IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~2\Office12\EXCEL.EXE/3000
    TCP: DhcpNameServer = 189.124.128.32 189.124.128.33 189.124.128.34
    DPF: {748E146C-5842-4AD4-8A01-ACA7E61C6FCE} - [Você precisa estar registrado e conectado para ver este link.]
    FF - ProfilePath - c:\documents and settings\Paulinho\Dados de aplicativos\Mozilla\Firefox\Profiles\pge0mysw.default\
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - ExtSQL: 2013-05-23 11:20; [Você precisa estar registrado e conectado para ver este link.]; c:\arquivos de programas\YTKaraoke\FF
    FF - ExtSQL: !HIDDEN! 2012-08-15 17:19; [Você precisa estar registrado e conectado para ver este link.]; c:\arquivos de programas\HP2\Digital Imaging\Smart Web Printing\MozillaAddOn3
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [Você precisa estar registrado e conectado para ver este link.]
    Rootkit scan 2013-06-05 23:17
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    Procurando processos ocultos ...
    .
    Procurando entradas auto inicializáveis ocultas ...
    .
    Procurando ficheiros/arquivos ocultos ...
    .
    Varredura completada com sucesso
    arquivos/ficheiros ocultos: 0
    .
    **************************************************************************
    .
    --------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    --------------------- DLLs Carregadas Sob os Processos em Execução ---------------------
    .
    - - - - - - - > 'explorer.exe'(3792)
    c:\windows\system32\WININET.dll
    c:\windows\system32\webcheck.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    .
    ------------------------ Outros Processos em Execução ------------------------
    .
    c:\arquivos de programas\Alwil Software\Avast5\AvastSvc.exe
    c:\arquivos de programas\Panda USB Vaccine\USBVaccine.exe
    c:\arquivos de programas\Java\jre6\bin\jqs.exe
    c:\arquivos de programas\TeamViewer\Version8\TeamViewer.exe
    c:\arquivos de programas\TeamViewer\Version8\tv_w32.exe
    .
    **************************************************************************
    .
    Tempo para conclusão: 2013-06-05 23:22:30 - Máquina reiniciou
    ComboFix-quarantined-files.txt 2013-06-06 02:22
    ComboFix2.txt 2013-06-04 21:37
    .
    Pré-execução: 8 pasta(s) 32.067.629.056 bytes disponíveis
    Pós execução: 9 pasta(s) 32.104.300.544 bytes disponíveis
    .
    - - End Of File - - 720999E531BFB7514A86850CB1749042

    ######//######

    Rapport de ZHPFix 2013.5.24.2 par Nicolas Coolman, Update du 24/05/2013
    Fichier d'export Registre :
    Run by Paulinho at 05/06/2013 23:28:53
    High Elevated Privileges : OK
    Windows XP Professional Service Pack 3 (Build 2600)

    Recycle Files Deleted

    ========== Registry Key ==========
    DELETED Key: HKLM\Software\360Safe
    DELETED Key: HKCU\Software\findlyrics

    ========== Registry Value ==========
    ProxyFix : Proxy killed successfully
    DELETED ProxyServer Value
    DELETED ProxyEnable Value
    DELETED EnableHttp1_1 Value
    DELETED ProxyHttp1.1 Value
    DELETED ProxyOverride Value
    DELETED FirewallRaz (SP) : %windir%\system32\sessmgr.exe
    DELETED FirewallRaz (SP) : %windir%\Network Diagnostic\xpnetdiag.exe
    DELETED FirewallRaz (DP) : %windir%\system32\sessmgr.exe
    DELETED FirewallRaz (DP) : %windir%\Network Diagnostic\xpnetdiag.exe
    No Value in Firewall Exception Register Key (FirewallRaz)

    ========== Repertory ==========
    No Empty CLSID Directories
    DELETED Flash Cookies

    ========== File ==========
    NOT FOUND Folder/File: c:\documents and settings\paulinho\dados de aplicativos\mozilla\firefox\profiles\pge0mysw.default\extensions\ffxtlbr@delta.com
    NOT FOUND Folder/File: c:\documents and settings\paulinho\dados de aplicativos\mozilla\firefox\profiles\pge0mysw.default\extensions\plugin@yontoo.com
    NOT FOUND Folder/File: c:\documents and settings\paulinho\dados de aplicativos\mozilla\firefox\profiles\pge0mysw.default\extensions\amo@dealplyshopping.com
    DELETED Window Temporary
    DELETED Flash Cookies

    ========== Restoration ==========
    Restore System Point created succefully


    ========== Summary ==========
    2 : Registry Key
    11 : Registry Value
    2 : Repertory
    5 : File
    1 : Restoration


    End of clean in 00mn 09s

    ========== Report File ==========
    C:\ZHP\ZHPFix[R1].txt - 05/06/2013 23:28:53 [1783]

    joram
    Administrador Fundador
    Administrador Fundador

    Mensagens : 608
    Data de inscrição : 14/08/2012
    Idade : 63
    Localização : Rio de Janeiro

    Re: Quando acesso o IE abre varias paginas

    Mensagem por joram em Qui Jun 06, 2013 9:32 am

    Bom Dia! Edvan

    |- Baixe: < [Você precisa estar registrado e conectado para ver este link.] > ( ... de g3n-h@ckm@n )
    |- Salve-o no desktop ou disco local.
    |- Para Windows Vista ou 7,execute Shortcut_Module.exe como administrador.
    |- Ps: Mantenha seu navegador fechado!
    |- Ao concluir,poste o relatório! ( rapport.txt )

    -/-

    |- Baixe: |[Você precisa estar registrado e conectado para ver este link.]| ( ... de Xplode )

    [Você precisa estar registrado e conectado para ver esta imagem.]

    |- Estando na página,clique na seta verde para o download.
    |- Salve-a em um local conveniente! ( desktop! )
    |- Feche aplicativos que estejam abertos.

    [Você precisa estar registrado e conectado para ver este link.]

    |- Execute-a!
    |- Com as duas checkbox marcadas!
    |- Clique "Run".
    |- Poste o relatório!
    |- Tudo Ok?

    A+

    Edvan
    Membro
    Membro

    Mensagens : 428
    Data de inscrição : 14/02/2013
    Idade : 36
    Localização : Natal/RN

    Re: Quando acesso o IE abre varias paginas

    Mensagem por Edvan em Qui Jun 06, 2013 10:26 pm

    Está tudo ok meu amigo.

    ¤¤¤¤¤¤¤¤¤¤ | Shortcut_Module 04.06.2013 - [email=g3n-h@ckm@n]g3n-h@ckm@n[/email]

    23:24:22 - 06/06/2013



    # DelFix v10.2 - Logfile created 06/06/2013 at 23:22:30
    # Updated 02/04/2013 by Xplode
    # Username : Paulinho - PAULINHO-778192
    # Operating System : Microsoft Windows XP Service Pack 3 (32 bits)

    ~ Removing disinfection tools ...

    Deleted : C:\Qoobox
    Deleted : C:\JRT
    Deleted : C:\ZHP
    Deleted : C:\Arquivos de programas\ZHPDiag
    Deleted : C:\AdwCleaner[S2].txt
    Deleted : C:\ComboFix.txt
    Deleted : C:\PhysicalDisk0_MBR.bin
    Deleted : C:\rapport.txt
    Deleted : C:\Documents and Settings\Paulinho\Desktop\ComboFix.exe
    Deleted : C:\Documents and Settings\Paulinho\Desktop\JRT.exe
    Deleted : C:\Documents and Settings\Paulinho\Desktop\MBRCheck.lnk
    Deleted : C:\Documents and Settings\Paulinho\Desktop\rapport.txt
    Deleted : C:\Documents and Settings\Paulinho\Desktop\ZHPDiag.lnk
    Deleted : C:\Documents and Settings\Paulinho\Desktop\ZHPDiag2.exe
    Deleted : C:\Documents and Settings\Paulinho\Desktop\ZHPFix.lnk
    Deleted : C:\Documents and Settings\Paulinho\Meus documentos\Downloads\adwcleaner.exe
    Deleted : C:\WINDOWS\grep.exe
    Deleted : C:\WINDOWS\PEV.exe
    Deleted : C:\WINDOWS\NIRCMD.exe
    Deleted : C:\WINDOWS\MBR.exe
    Deleted : C:\WINDOWS\SED.exe
    Deleted : C:\WINDOWS\SWREG.exe
    Deleted : C:\WINDOWS\SWSC.exe
    Deleted : C:\WINDOWS\SWXCACLS.exe
    Deleted : C:\WINDOWS\Zip.exe
    Deleted : HKLM\SOFTWARE\AdwCleaner
    Deleted : HKLM\SOFTWARE\Swearware
    Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ZHPDiag_is1
    Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\combofix.exe

    ~ Cleaning system restore ...

    Deleted : RP #175 [Ponto de verificação do sistema | 03/31/2013 03:43:51]
    Deleted : RP #176 [Ponto de verificação do sistema | 04/02/2013 03:19:20]
    Deleted : RP #177 [Ponto de verificação do sistema | 04/03/2013 04:12:41]
    Deleted : RP #178 [Ponto de verificação do sistema | 04/05/2013 02:57:26]
    Deleted : RP #179 [Ponto de verificação do sistema | 04/07/2013 01:11:12]
    Deleted : RP #180 [Ponto de verificação do sistema | 04/10/2013 04:30:38]
    Deleted : RP #181 [Ponto de verificação do sistema | 04/11/2013 05:33:30]
    Deleted : RP #182 [Ponto de verificação do sistema | 04/13/2013 21:29:17]
    Deleted : RP #183 [Ponto de verificação do sistema | 04/17/2013 05:05:16]
    Deleted : RP #184 [Ponto de verificação do sistema | 04/18/2013 05:45:44]
    Deleted : RP #185 [Ponto de verificação do sistema | 04/21/2013 00:59:33]
    Deleted : RP #186 [Ponto de verificação do sistema | 04/23/2013 11:32:26]
    Deleted : RP #187 [Ponto de verificação do sistema | 04/25/2013 03:36:52]
    Deleted : RP #188 [Ponto de verificação do sistema | 04/26/2013 05:03:14]
    Deleted : RP #189 [Ponto de verificação do sistema | 04/28/2013 03:05:00]
    Deleted : RP #190 [Ponto de verificação do sistema | 04/29/2013 04:48:05]
    Deleted : RP #191 [Ponto de verificação do sistema | 04/30/2013 04:55:48]
    Deleted : RP #192 [Ponto de verificação do sistema | 05/04/2013 21:46:18]
    Deleted : RP #193 [Ponto de verificação do sistema | 05/06/2013 03:50:39]
    Deleted : RP #194 [Ponto de verificação do sistema | 05/08/2013 03:53:08]
    Deleted : RP #195 [Ponto de verificação do sistema | 05/10/2013 04:19:10]
    Deleted : RP #196 [Ponto de verificação do sistema | 05/13/2013 03:29:08]
    Deleted : RP #197 [Ponto de verificação do sistema | 05/14/2013 06:32:07]
    Deleted : RP #198 [Ponto de verificação do sistema | 05/15/2013 07:32:08]
    Deleted : RP #199 [Ponto de verificação do sistema | 05/19/2013 03:49:26]
    Deleted : RP #200 [Ponto de verificação do sistema | 05/22/2013 00:22:06]
    Deleted : RP #201 [Ponto de verificação do sistema | 05/23/2013 03:13:25]
    Deleted : RP #202 [Ponto de verificação do sistema | 05/24/2013 03:53:46]
    Deleted : RP #203 [Ponto de verificação do sistema | 05/26/2013 03:55:46]
    Deleted : RP #204 [Ponto de verificação do sistema | 05/28/2013 04:09:06]
    Deleted : RP #205 [Ponto de verificação do sistema | 05/30/2013 01:46:42]
    Deleted : RP #206 [Ponto de verificação do sistema | 06/02/2013 01:11:23]
    Deleted : RP #207 [Ponto de verificação do sistema | 06/03/2013 03:17:34]
    Deleted : RP #208 [Removed EZ-XDVR SD | 06/03/2013 08:04:51]
    Deleted : RP #209 [Removed Samsung Kies | 06/03/2013 08:08:12]
    Deleted : RP #210 [Installed %1 %2. | 06/04/2013 22:30:29]
    Deleted : RP #211 [Driver de impressão Microsoft XPS Document Writer instalado | 06/04/2013 22:30:35]
    Deleted : RP #212 [Installed %1 %2. | 06/04/2013 22:33:48]
    Deleted : RP #213 [P | 06/06/2013 02:28:49]

    New restore point created !

    ########## - EOF - ##########

    joram
    Administrador Fundador
    Administrador Fundador

    Mensagens : 608
    Data de inscrição : 14/08/2012
    Idade : 63
    Localização : Rio de Janeiro

    Re: Quando acesso o IE abre varias paginas

    Mensagem por joram em Sex Jun 07, 2013 8:13 am

    CASO RESOLVIDO!

    Necessitando novo auxílio para este computador,basta abrir "Novo Tópico" e relatar o problema.

    Conteúdo patrocinado

    Re: Quando acesso o IE abre varias paginas

    Mensagem por Conteúdo patrocinado Hoje à(s) 12:54 pm


      Data/hora atual: Sex Dez 02, 2016 12:54 pm