Ir para conteúdo

POWERED BY:

Arquivado

Este tópico foi arquivado e está fechado para novas respostas.

MasterFuxi

[Resolvido] Navegador não funciona e infecção

Recommended Posts

Boa tarde, estou com um problema no notebook onde ao tentar abrir o navegador, recebo a seguinte mensagem:

 

"Falha na inicialização do aplicativo devido a configuração lado a lado incorreta. Consulte o log de eventos do aplicativo ou use a ferramenta de linha de comando sxstrace.exe para obter mais informações."

 

Além disso, ele está com muitos arquivos maliciosos. Gostaria de uma análise no log, por gentileza.

 

HiJackThis

 

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 10:15:25, on 22/11/2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17344)
Boot mode: Normal
Running processes:
C:\ProgramData\DatacardService\DCSHelper.exe
C:\Program Files\V-bates\notifier.exe
C:\Program Files\AVAST Software\Avast\avastui.exe
C:\Program Files\Sony\VAIO Care\listener.exe
C:\Program Files (x86)\Baidu Security\MoboMarket\1.2.8.3611\bas_helper.exe
C:\Windows\SysWOW64\notepad.exe
D:\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.baixaki.com.br/portal/?utm_source=core&utm_medium=ppi&utm_campaign=portal
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.oquefazernainternet.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O3 - Toolbar: (no name) - {6eae9e03-3a85-41c0-b1f8-099c252df40a} - (no file)
O3 - Toolbar: (no name) - {48586425-6bb7-4f51-8dc6-38c88e3ebb58} - (no file)
O4 - HKLM\..\Run: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
O4 - HKLM\..\Run: [iSBMgr.exe] "C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe"
O4 - HKLM\..\Run: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKLM\..\Run: [baidu Antivirus] "C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BavTray.exe" -auto
O4 - HKCU\..\Run: [Elbserver] C:\Program Files (x86)\Sony\Media Gallery\ElbServer.exe /Stay
O4 - HKCU\..\Run: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
O4 - HKCU\..\Run: [HW_OPENEYE_OUC_Claro] "C:\Program Files (x86)\Claro\UpdateDog\ouc.exe"
O4 - HKCU\..\Run: [Google+ Auto Backup] "C:\Users\Leonardo Alves\AppData\Local\Programs\Google\Google+ Auto Backup\Google+ Auto Backup.exe" /autostart
O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO DE REDE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO DE REDE')
O4 - Global Startup: SoftwareUpdater.lnk = C:\Program Files (x86)\Software Updater\SoftwareUpdater.exe
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (file missing)
O10 - Broken Internet access because of LSP provider 'c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll' missing
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (file missing)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (file missing)
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - Unknown owner - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (file missing)
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Unknown owner - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (file missing)
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Unknown owner - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (file missing)
O23 - Service: Atheros Bt&Wlan Coex Agent - Unknown owner - C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe (file missing)
O23 - Service: AtherosSvc - Unknown owner - C:\Program Files (x86)\Bluetooth Suite\adminservice.exe (file missing)
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Baidu MoboMarket Service (BASSVC) - Baidu, Inc. - C:\Program Files (x86)\Baidu Security\MoboMarket\1.2.8.3611\bassvc.exe
O23 - Service: Baidu Antivirus Service (BAVSvc) - Unknown owner - C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BAVSvc.exe (file missing)
O23 - Service: Baidu BdSandbox Virtual Service (BdSandboxSrv) - Unknown owner - C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BdSandboxSrv64.exe (file missing)
O23 - Service: Baidu Hips Service (BHipsSvc) - Unknown owner - C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BHipsSvc.exe (file missing)
O23 - Service: Serviço do Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Skype Click to Call Updater (c2cautoupdatesvc) - Unknown owner - C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe (file missing)
O23 - Service: Skype Click to Call PNR Service (c2cpnrsvc) - Unknown owner - C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Unknown owner - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (file missing)
O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Unknown owner - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
O23 - Service: HWDeviceService64.exe - Unknown owner - C:\ProgramData\DatacardService\HWDeviceService64.exe
O23 - Service: Intel® Rapid Storage Technology (IAStorDataMgrSvc) - Unknown owner - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe (file missing)
O23 - Service: IconMan_R - Unknown owner - C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Unknown owner - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (file missing)
O23 - Service: MaintainerSvc4.07.4104264 - Unknown owner - C:\ProgramData\398c0b96-ebd3-4f67-a5c7-1899a15c12be\maintainer.exe
O23 - Service: Mext Guard - Wajamu - C:\Program Files\V-bates\guardsvc.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Unknown owner - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Messenger Plus! Service (MsgPlusService) - Unknown owner - C:\Program Files (x86)\Yuna Software\Messenger Plus! for Skype\MsgPlusForSkypeService.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Oasis2Service - Unknown owner - C:\Program Files (x86)\DDNi\Oasis2Service 1.0\Oasis2Service.exe (file missing)
O23 - Service: Baidu PC App Store Service 4.5.1.6024 (PCAppStoreSvc_{PCAppStore_4.5.1.6024}) - Unknown owner - C:\Program Files (x86)\Baidu Security\PC App Store\4.5.1.6024\PCAppStoreSvc.exe (file missing)
O23 - Service: PMBDeviceInfoProvider - Unknown owner - C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Unknown owner - C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (file missing)
O23 - Service: RealNetworks Downloader Resolver Service - Unknown owner - C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe (file missing)
O23 - Service: Reimage Real Time Protector (ReimageRealTimeProtector) - Reimage® - C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: VAIO Care Performance Service (SampleCollector) - Sony Corporation - C:\Program Files\Sony\VAIO Care\VCPerfService.exe
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: VAIO Content Importer (SOHCImp) - Unknown owner - C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe (file missing)
O23 - Service: VAIO Device Searcher (SOHDs) - Unknown owner - C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe (file missing)
O23 - Service: Baidu Spark Service (SparkSvc) - Unknown owner - C:\Program Files (x86)\baidu\Spark\sparkservice.exe (file missing)
O23 - Service: Baidu Spark Updater (SparkUpdater) - Unknown owner - C:\Program Files (x86)\Baidu\SparkUpdate\Sparkupdate.exe (file missing)
O23 - Service: VAIO Entertainment Common Service (SpfService) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: SwitchBoard - Unknown owner - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (file missing)
O23 - Service: CamMonitor (uCamMonitor) - Unknown owner - C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel® Management and Security Application User Notification Service (UNS) - Unknown owner - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe (file missing)
O23 - Service: Update Greener Web - Unknown owner - C:\Program Files (x86)\Greener Web\updateGreenerWeb.exe (file missing)
O23 - Service: Util Greener Web - Unknown owner - C:\Program Files (x86)\Greener Web\bin\utilGreenerWeb.exe (file missing)
O23 - Service: V-bates Updater - Unknown owner - C:\Program Files\V-bates\ExtensionUpdaterService.exe
O23 - Service: VAIO Event Service - Unknown owner - C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: VAIO Content Folder Watcher (VCFw) - Unknown owner - C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe (file missing)
O23 - Service: VAIO Content Metadata Intelligent Analyzing Manager (VcmIAlzMgr) - Sony Corporation - C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
O23 - Service: VAIO Content Metadata Intelligent Network Service Manager (VcmINSMgr) - Sony Corporation - C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe
O23 - Service: VAIO Content Metadata XML Interface (VcmXmlIfHelper) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe
O23 - Service: VCService - Sony Corporation - C:\Program Files\Sony\VAIO Care\VCService.exe
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: VSNService - Sony Corporation - C:\Program Files\Sony\VAIO Smart Network\VSNService.exe
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: VUAgent - Sony Corporation - C:\Program Files\Sony\VAIO Update\VUAgent.exe
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 15659 bytes

Compartilhar este post


Link para o post
Compartilhar em outros sites

Bom Dia! MaxterFuxi

 

> Baixe: < FRST_Logo.jpg > ( ... by Farbar )
> Ou aqui...
> Ou aqui,para sistemas 64bit!
> Salve-o no desktop! (Área de trabalho ...)
> Execute a ferramenta! Clique "Yes" >> "Scan".
FRST_Addition_Scan_zpsa9fe21c8.jpg
> Antes de clicar "Scan",verifique se as caixinhas em "Whitelist" estão assinaladas.
> Em "Optional Scan",deixe marcada a checkbox "Addition.txt".
> Ps: Será gerado,também,o relatório "Addition.txt" que estará disponibilizado na execução da ferramenta.
> Poste o relatório! (FRST.txt + Addition.txt)
> Como o log será extenso,envie-o à Pjjoint.malekal.
> Ou acesse: < Cjoint_Logo.jpg >
acrVh6GY.jpg
> O link ao relatório,que é este assinalado,deverá ser colado em seu Post.
A+

Compartilhar este post


Link para o post
Compartilhar em outros sites
Boa Tarde! MasterFuxi


> Copie estas informações que estão em vermelho,para o Bloco de Notas.

> Salve-a com o nome fixlist. << Texto!

> Salve-a na unidade D:\ << Disco local!


start

CloseProcesses:

(Baidu, Inc.) C:\Program Files (x86)\Baidu Security\MoboMarket\1.2.8.3611\bassvc.exe

(Baidu, Inc.) C:\Program Files (x86)\Baidu Security\MoboMarket\1.2.8.3611\bas_helper.exe

HKLM-x32\...\Run: [] => [X]

HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [3890208 2014-10-29] (AVAST Software)

HKU\S-1-5-21-1061505648-1413863901-4016012325-1000\...\MountPoints2: {5f5f917a-b36c-11e1-aacd-642737bd94de} - D:\AutoRun.exe

HKU\S-1-5-21-1061505648-1413863901-4016012325-1000\...\MountPoints2: {5f5f917e-b36c-11e1-aacd-642737bd94de} - D:\AutoRun.exe

HKU\S-1-5-21-1061505648-1413863901-4016012325-1000\...\MountPoints2: {6ecddfa5-66ad-11e3-8a95-642737bd94de} - D:\AutoRun.exe

HKU\S-1-5-21-1061505648-1413863901-4016012325-1000\...\MountPoints2: {b8efa4d1-9097-11e1-bcf6-806e6f6e6963} - D:\AutoRun.exe

HKU\S-1-5-21-1061505648-1413863901-4016012325-1000\...\MountPoints2: {b8efa4e3-9097-11e1-bcf6-642737bd94de} - D:\AutoRun.exe

HKU\S-1-5-21-1061505648-1413863901-4016012325-1000\...\MountPoints2: {b99aa726-ef48-11e2-aa14-642737bd94de} - D:\AutoRun.exe

HKU\S-1-5-21-1061505648-1413863901-4016012325-1000\...\MountPoints2: {cdc23d61-9083-11e1-be18-642737bd94de} - D:\AutoRun.exe

HKU\S-1-5-21-1061505648-1413863901-4016012325-1000\...\MountPoints2: {cdc23d65-9083-11e1-be18-642737bd94de} - D:\AutoRun.exe

HKU\S-1-5-21-1061505648-1413863901-4016012325-1000\...\MountPoints2: {ddccbc57-e960-11e1-919f-642737bd94de} - D:\AutoRun.exe

HKU\S-1-5-21-1061505648-1413863901-4016012325-1000\...\MountPoints2: {f01fdddf-b76d-11e1-85a1-642737bd94de} - D:\AutoRun.exe

HKU\S-1-5-21-1061505648-1413863901-4016012325-1000\...\MountPoints2: {f01fddee-b76d-11e1-85a1-642737bd94de} - D:\AutoRun.exe

AppInit_DLLs: C:\PROGRA~2\OPTIMI~1\OPTPRO~3.DLL => C:\PROGRA~2\OPTIMI~1\OPTPRO~3.DLL File Not Found

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SoftwareUpdater.lnk

ShortcutTarget: SoftwareUpdater.lnk -> C:\Program Files (x86)\Software Updater\SoftwareUpdater.exe (No File)

ShellIconOverlayIdentifiers: [baiduAntivirusIconLock] -> {0A93904A-BB1E-4a0c-9753-B57B9AE272CC} => No File

GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

CHR HKU\S-1-5-21-1061505648-1413863901-4016012325-1000\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

HKU\S-1-5-21-1061505648-1413863901-4016012325-1000\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages =


HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.baixaki.com.br/portal/?utm_source=core&utm_medium=ppi&utm_campaign=portal


HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.qone8.com/web/?type=ds&ts=1398614448&from=air&uid=TOSHIBAXMK5059GSXP_Z1E7P1ONTXXZ1E7P1ONT&q={searchTerms}

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.baixaki.com.br/portal/?utm_source=core&utm_medium=ppi&utm_campaign=portal






SearchScopes: HKLM-x32 -> Backup.Old.DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2431}

SearchScopes: HKU\S-1-5-21-1061505648-1413863901-4016012325-1000 -> Backup.Old.DefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}

SearchScopes: HKU\S-1-5-21-1061505648-1413863901-4016012325-1000 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =

SearchScopes: HKU\S-1-5-21-1061505648-1413863901-4016012325-1000 -> {77AA745B-F4F8-45DA-9B14-61D2D95054C8} URL =

SearchScopes: HKU\S-1-5-21-1061505648-1413863901-4016012325-1000 -> {86c83f9e-48a4-4cd2-a763-64fea5df35f7} URL =

SearchScopes: HKU\S-1-5-21-1061505648-1413863901-4016012325-1000 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2431} URL =

BHO: No Name -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> No File

BHO: No Name -> {9D717F81-9148-4f12-8568-69135F087DB0} -> No File

Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File

Toolbar: HKLM-x32 - No Name - {6eae9e03-3a85-41c0-b1f8-099c252df40a} - No File

Toolbar: HKLM-x32 - No Name - {48586425-6bb7-4f51-8dc6-38c88e3ebb58} - No File

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - No File

FF Keyword.URL: hxxp://apype.com/results.php?q=

FF Homepage: hxxp://www.baixaki.com.br/portal/?utm_source=core&utm_medium=ppi&utm_campaign=portal

FF HKU\S-1-5-21-1061505648-1413863901-4016012325-1000\...\Firefox\Extensions: [e98t09xI3ia@skywebsearch.com] - C:\PROGRA~2\YUOTUB~1\YuoTubeDownloader.xpi

FF HKU\S-1-5-21-1061505648-1413863901-4016012325-1000\...\Firefox\Extensions: [findlyrics@findlyrics.co] - C:\Program Files (x86)\FindLyrics\FF

CHR HKLM\...\Chrome\Extension: [cjpglkicenollcignonpgiafdgfeehoj] - C:\Users\LEONAR~1\AppData\Local\funmoods-speeddial.crx []

CHR HKLM-x32\...\Chrome\Extension: [bpeeepmahhfjiediknjejcmcfmjcjdck] - C:\Program Files (x86)\Google\Chrome\User Data\Default\Extensions\serach.crx []

CHR HKLM-x32\...\Chrome\Extension: [dkdkpmmkgdbglmfmmmmehbkmnkopingb] - C:\Program Files (x86)\Google\Chrome\User Data\Default\Extensions\v9-toolbar.crx []

R2 BASSVC; C:\Program Files (x86)\Baidu Security\MoboMarket\1.2.8.3611\bassvc.exe [208928 2014-11-07] (Baidu, Inc.)

S2 BAVSvc; "C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BAVSvc.exe" [X]

S2 BHipsSvc; "C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BHipsSvc.exe" [X]

S2 PCAppStoreSvc_{PCAppStore_4.5.1.6024}; C:\Program Files (x86)\Baidu Security\PC App Store\4.5.1.6024\PCAppStoreSvc.exe [X]

S2 SparkSvc; "C:\Program Files (x86)\baidu\Spark\sparkservice.exe" -r [X]

S2 VCFw; "C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe" [X]

S3 BdSandbox; C:\Windows\System32\drivers\BdSandbox.sys [201536 2014-10-29] (Baidu, Inc.)

R1 Bfilter; C:\Windows\System32\drivers\Bfilter.sys [59712 2014-10-29] (Baidu, Inc.)

R1 Bfmon; C:\Windows\System32\drivers\Bfmon.sys [38208 2014-10-29] (Baidu, Inc.)

R1 Bnbase; C:\Windows\System32\drivers\bnba---64.sys [66720 2014-10-29] (Baidu, Inc.)

R1 Bndef; C:\Windows\System32\drivers\bndef64.sys [481696 2014-10-29] (Baidu, Inc.)

R1 Bprotect; C:\Windows\System32\drivers\Bprotect.sys [164096 2014-10-29] (Baidu, Inc.)

R1 {a3f28269-ad17-41a8-b032-3e0313ef8979}Gw64; C:\Windows\System32\drivers\{a3f28269-ad17-41a8-b032-3e0313ef8979}Gw64.sys [61016 2014-06-09] (StdLib)

R1 {a3f28269-ad17-41a8-b032-3e0313ef8979}w64; C:\Windows\System32\drivers\{a3f28269-ad17-41a8-b032-3e0313ef8979}w64.sys [61120 2014-06-11] (StdLib)

S3 Baidu PC Faster FileShredder; \??\C:\Program Files (x86)\Baidu Security\PC Faster\FileKill_x64.sys [X]

S3 BNmon; \??\C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BNmon64.sys [X]

S3 BprotectEx; \??\C:\Windows\System32\drivers\BprotectEx.sys [X]

U3 DfSdkS; No ImagePath

S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]

S3 PCFApiUtil; \??\C:\Program Files (x86)\Baidu Security\PC Faster\PCFApiUtil64.sys [X]

S3 Spring; \??\C:\Program Files (x86)\Baidu Security\Baidu Antivirus\Spring64.sys [X]

2014-11-22 10:35 - 2014-11-22 10:35 - 00000594 _____ () C:\Windows\PFRO.log

2014-11-22 10:35 - 2014-11-22 10:35 - 00000056 _____ () C:\Windows\setupact.log

2014-11-22 10:35 - 2014-11-22 10:35 - 00000000 _____ () C:\Windows\setuperr.log

2014-11-22 10:12 - 2014-11-22 10:12 - 00053464 _____ () C:\Users\Leonardo Alves\Desktop\JRT.txt

2014-10-29 00:21 - 2014-10-29 00:21 - 00201536 _____ (Baidu, Inc.) C:\Windows\system32\Drivers\BdSandbox.sys

2014-10-27 21:02 - 2014-10-27 22:02 - 00000000 _____ () C:\Windows\system32\ExtraInfo.txt

2014-11-22 10:39 - 2012-06-11 01:42 - 01302319 _____ () C:\Windows\WindowsUpdate.log

2014-11-22 10:36 - 2012-12-26 22:55 - 00000804 _____ () C:\Windows\Tasks\Ginyas Update Checker.job

2014-11-22 10:09 - 2013-09-11 21:22 - 00000000 ____D () C:\Program Files (x86)\Baidu Security

2014-11-22 10:08 - 2014-06-08 20:53 - 00000000 ____D () C:\Users\Todos os Usuários\Baidu

2014-11-22 10:08 - 2014-06-08 20:53 - 00000000 ____D () C:\ProgramData\Baidu

2014-11-22 10:08 - 2014-03-07 01:06 - 00000000 ____D () C:\Users\Todos os Usuários\Baidu Security

2014-11-22 10:08 - 2014-03-07 01:06 - 00000000 ____D () C:\ProgramData\Baidu Security

2014-11-22 09:44 - 2013-09-11 21:22 - 00000000 ____D () C:\Users\Public\Documents\Baidu Security

2014-10-29 00:21 - 2014-06-08 21:24 - 00481696 _____ (Baidu, Inc.) C:\Windows\system32\Drivers\bndef64.sys

2014-10-29 00:21 - 2014-06-08 21:24 - 00164096 _____ (Baidu, Inc.) C:\Windows\system32\Drivers\Bprotect.sys

2014-10-29 00:21 - 2014-06-08 21:24 - 00066720 _____ (Baidu, Inc.) C:\Windows\system32\Drivers\bnba---64.sys

2014-10-29 00:21 - 2014-06-08 21:24 - 00059712 _____ (Baidu, Inc.) C:\Windows\system32\Drivers\Bfilter.sys

2014-10-29 00:21 - 2014-06-08 21:24 - 00038208 _____ (Baidu, Inc.) C:\Windows\system32\Drivers\Bfmon.sys

2014-10-27 22:51 - 2013-02-19 11:52 - 00000000 ____D () C:\Program Files (x86)\PSafe

2014-11-07 05:08 - 2014-11-07 05:08 - 02257952 _____ () C:\Program Files (x86)\Baidu Security\MoboMarket\1.2.8.3611\skiax.dll

2014-11-07 05:08 - 2014-11-07 05:08 - 00141856 _____ () C:\Program Files (x86)\Baidu Security\MoboMarket\1.2.8.3611\zlib1.dll

Task: {04D671BC-F205-4387-BA6A-DEAF35AE89E8} - System32\Tasks\060184C3-9766-46a0-B258-F4518A0B2633 => Cscript.exe "C:\ProgramData\Duplicaterecord.js" <==== ATTENTION

Task: {3CF4D5AF-CBFA-4C28-980B-2FAA282620F6} - System32\Tasks\Ginyas Stats Report => C:\ProgramData\GinyasBrowserCompanion\tbhcn.exe <==== ATTENTION

Task: {4BB2BABB-2CBC-492A-8E4B-6CECC3DA9BAA} - \DealPly No Task File <==== ATTENTION

Task: {4F33A2AB-1F3D-4477-86FE-A149DC6E6CCF} - System32\Tasks\pricemeterdownloader => C:\Users\Leonardo Alves\AppData\Local\PriceMeter\pricemeterd.exe <==== ATTENTION

Task: {5221FEB2-8DB9-4FFE-A530-BA3F3586B677} - System32\Tasks\Activeris AntiMalware_startup => C:\Program Files (x86)\Activeris AntiMalware\ActiverisAntiMalware.exe <==== ATTENTION

Task: {62310ED3-881E-44B2-9058-9FA9EB4FEBD6} - System32\Tasks\Ginyas Update Checker => C:\ProgramData\GinyasBrowserCompanion\tbhcn.exe <==== ATTENTION

Task: {73FD7FFB-99DB-4E27-AE00-685366BA079A} - System32\Tasks\ReimageUpdater => C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe [2014-07-28] (Reimage®) <==== ATTENTION

Task: {789A0FB4-BEC1-4AE9-9224-559957D4CDDF} - System32\Tasks\Ginyas FireFox Watcher => C:\ProgramData\GinyasBrowserCompanion\tbhcn.exe <==== ATTENTION

Task: {B4FA00B2-7436-4899-BFBB-0581322E6581} - System32\Tasks\Ginyas Chrome Watcher => C:\ProgramData\GinyasBrowserCompanion\tbhcn.exe <==== ATTENTION

Task: C:\Windows\Tasks\Ginyas Chrome Watcher.job => C:\ProgramData\GinyasBrowserCompanion\tbhcn.exe <==== ATTENTION

Task: C:\Windows\Tasks\Ginyas FireFox Watcher.job => C:\ProgramData\GinyasBrowserCompanion\tbhcn.exe <==== ATTENTION

Task: C:\Windows\Tasks\Ginyas Stats Report.job => C:\ProgramData\GinyasBrowserCompanion\tbhcn.exe <==== ATTENTION

Task: C:\Windows\Tasks\Ginyas Update Checker.job => C:\ProgramData\GinyasBrowserCompanion\tbhcn.exe <==== ATTENTION

AlternateDataStreams: C:\ProgramData\TEMP:373E1720

AlternateDataStreams: C:\Users\Todos os Usuários\TEMP:373E1720

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BavSvc => "Service"=""

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BavSvc => "Service"=""

emptytemp:

end


> Execute FRST/FRST64 >> Clique "Fix" << Aguarde!

> Na mensagem,clique Executar.

> Poste o relatório! (Fixlog.txt)


A+


Compartilhar este post


Link para o post
Compartilhar em outros sites

Boa tarde.

 

Enquanto o programa estava fixando, ocorreu a tela azul. Tentei uma segunda vez, e novamente ocorreu. Então não consigo postar o relatório.

 

Fora isso, a máquina está OK. Se não houver mais nada a mudar, pode fechar como resolvido.

 

 

 

8B3r2Zy.jpg

Compartilhar este post


Link para o post
Compartilhar em outros sites

Boa Tarde! MasterFuxi

 

> Foi um serviço da Baidu a causa da BSOD.

 

> Baixe: < AdwCleaner_Logo2_zps580bcd78.jpg > ( ... par Xplode )
>
> Ou daqui: < AdwCleaner >
> Ao acessar,clique em "Download Now".
>
> Salve-o no desktop!
< Executar_Administrador.jpg >
> Clique direito em adwcleaner.exe,e escolha sua execução como administrador.
AdwCleaner_Examinar_zps828ed634.jpg
> Ps: Dê início ao scan,clicando em "Examinar".
< AdwCleaner_Limpar_zps06005ae9.jpg >
> Ao concluir,clique "Limpar" >> Ok >> Ok >> Ok.
> Copie o log ou clique "Relatório".
> Poste: < C:\AdwCleaner\AdwCleaner[s0].txt >
A+

Compartilhar este post


Link para o post
Compartilhar em outros sites

Boa Tarde.

 

AdwCleaner

 

# AdwCleaner v4.101 - Relatório criado 22/11/2014 às 13:50:55
# Atualizado 09/11/2014 por Xplode
# Database : 2014-11-16.1 [Live]
# Sistema Operacional : Windows 7 Home Basic Service Pack 1 (64 bits)
# Usuário : Leonardo Alves - LEONARDOALVES
# Executando de : C:\Users\Leonardo Alves\Downloads\AdwCleaner.exe
# Opção : Limpar
***** [ Serviços ] *****
***** [ Arquivos / Pastas ] *****
Pasta Deletada : C:\ProgramData\Activeris
Pasta Deletada : C:\ProgramData\baidu
Pasta Deletada : C:\ProgramData\WPM
Pasta Deletada : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Activeris AntiMalware
Pasta Deletada : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Software Updater
Pasta Deletada : C:\Program Files (x86)\Greener Web
Pasta Deletada : C:\Program Files\Reimage
Pasta Deletada : C:\Program Files\V-bates
Pasta Deletada : C:\Users\Leonardo Alves\AppData\Local\PriceMeter
Pasta Deletada : C:\Users\Leonardo Alves\AppData\Roaming\Activeris
Pasta Deletada : C:\Users\Leonardo Alves\AppData\Roaming\eCyber
Pasta Deletada : C:\Users\Leonardo Alves\AppData\Roaming\qone8
Pasta Deletada : C:\Users\Public\Documents\baidu
Pasta Deletada : C:\Users\Leonardo Alves\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl
Arquivo Deletada : C:\Windows\System32\acrisnative64.exe
Arquivo Deletada : C:\Windows\System32\drivers\iSafeKrnlBoot.sys
Arquivo Deletada : C:\Windows\System32\log\iSafeKrnlCall.log
Arquivo Deletada : C:\Users\Leonardo Alves\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Hao123.lnk
Arquivo Deletada : C:\Users\Leonardo Alves\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_www.superfish.com_0.localstorage-journal
***** [ Tarefas ] *****
Tarefa Deletedo : Activeris AntiMalware_startup
Tarefa Deletedo : Dealply
Tarefa Deletedo : pricemeterdownloader
Tarefa Deletedo : ReimageUpdater
***** [ Atalhos ] *****
***** [ Registro ] *****
Valor Deletedo : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{21EAF666-26B3-4a3c-ABD0-CA2F5A326744}]
Valor Deletedo : [x64] HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{21EAF666-26B3-4a3c-ABD0-CA2F5A326744}]
Valor Deletedo : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [quick_start@gmail.com]
Valor Deletedo : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [support@2yourface.com]
Chave Deletedo : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj
Chave Deletedo : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\ejocekekgcaldnmjngfdbmbeebcekelc
Chave Deletedo : HKLM\SOFTWARE\Google\Chrome\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl
Chave Deletedo : HKLM\SOFTWARE\MozillaPlugins\@VideoDownloadConverter_4z.com/Plugin
Chave Deletedo : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\IePluginService
Chave Deletedo : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Wpm
Chave Deletedo : HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\Update Greener Web
Chave Deletedo : HKCU\Software\a48bdae03bed40
Chave Deletedo : HKLM\SOFTWARE\a48bdae03bed40
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{00B11DA2-75ED-4364-ABA5-9A95B1F5E946}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{459DD0F7-0D55-D3DC-67BC-E6BE37E9D762}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{1AD2049E-E483-4425-8555-8E0775ACB631}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{2D73F2D0-2FAB-458E-977D-2F9050E0ED60}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{3E9469AF-E866-4476-B767-810630F1F6E7}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{47700C35-9E3E-4DAD-934C-0CE28A87237C}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{716E443D-7CAA-44F1-866B-F45D00E712CC}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{72063D77-7590-4DA9-A7F8-F5ECAF3632C4}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{7FC87AC5-FA93-476E-A32C-A941229DED0B}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{D95E57C2-53B3-4C38-BA1E-7980CB5E1803}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Chave Deletedo : HKLM\SOFTWARE\Classes\TypeLib\{192F487E-E812-40C0-B0DE-CB4BFA20F37B}
Chave Deletedo : HKLM\SOFTWARE\Classes\TypeLib\{2D3826A1-F3E8-45D6-94B5-C26D8EC0073B}
Chave Deletedo : HKLM\SOFTWARE\Classes\TypeLib\{37923200-6887-4B44-95D4-CAE8F83ECFEE}
Chave Deletedo : HKLM\SOFTWARE\Classes\TypeLib\{3A1BEABE-0DC5-4615-8099-83973B843C06}
Chave Deletedo : HKLM\SOFTWARE\Classes\TypeLib\{3EE17DD1-E28B-4AED-A3B2-9C29CB2C19D6}
Chave Deletedo : HKLM\SOFTWARE\Classes\TypeLib\{886F93AD-3CBB-4424-8442-A7340243540F}
Chave Deletedo : HKLM\SOFTWARE\Classes\TypeLib\{968EDCE0-C10A-47BB-B3B6-FDF09F2A417D}
Chave Deletedo : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
Chave Deletedo : HKLM\SOFTWARE\Classes\TypeLib\{AA289DBC-59B6-40A5-AC7D-C90DF850289C}
Chave Deletedo : HKLM\SOFTWARE\Classes\TypeLib\{BC153A3C-0BB7-4EED-83AE-28E6E398F56E}
Chave Deletedo : HKLM\SOFTWARE\Classes\TypeLib\{CA723163-6FAD-43D4-8B93-0D8C52BD9974}
Chave Deletedo : HKLM\SOFTWARE\Classes\TypeLib\{F1F328EB-F5A5-432B-A54C-05F3EF5B0BD8}
Chave Deletedo : HKLM\SOFTWARE\Classes\TypeLib\{FE8DBB09-C3D3-4477-80CB-D38914B94BB8}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9D717F81-9148-4F12-8568-69135F087DB0}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A86782D8-7B41-452F-A217-1854F72DBA54}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{1185823F-F22F-4027-80E5-4F68ACD5DE5E}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1F6F39C1-00A8-4752-A94C-D0EA92D978B6}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{5354D921-3F52-47C5-938D-77A2FB6DEFE7}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{71144427-1368-4D18-8DC9-2AE3CC4C4F83}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A86782D8-7B41-452F-A217-1854F72DBA54}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{ED345812-2722-4DCA-9976-D01832DB44EE}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3D429207-4689-492D-A0E5-CDC5DFBB5005}
Valor Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{48586425-6BB7-4F51-8DC6-38C88E3EBB58}]
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{1AD2049E-E483-4425-8555-8E0775ACB631}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{2D73F2D0-2FAB-458E-977D-2F9050E0ED60}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{3E9469AF-E866-4476-B767-810630F1F6E7}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{47700C35-9E3E-4DAD-934C-0CE28A87237C}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{716E443D-7CAA-44F1-866B-F45D00E712CC}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{72063D77-7590-4DA9-A7F8-F5ECAF3632C4}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{7FC87AC5-FA93-476E-A32C-A941229DED0B}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{D95E57C2-53B3-4C38-BA1E-7980CB5E1803}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Chave Deletedo : HKCU\Software\Greener Web
Chave Deletedo : HKCU\Software\InstallCore
Chave Deletedo : HKCU\Software\SmartBar
Chave Deletedo : HKCU\Software\SoftwareUpdater
Chave Deletedo : HKCU\Software\V9
Chave Deletedo : HKCU\Software\VideoDownloadConverter_4z
Chave Deletedo : HKCU\Software\yuna software
Chave Deletedo : HKCU\Software\Reimage
Chave Deletedo : HKCU\Software\AppDataLow\Software\VideoDownloadConverter_4z
Chave Deletedo : HKLM\SOFTWARE\Greener Web
Chave Deletedo : HKLM\SOFTWARE\PriceMeterLiveUpdate
Chave Deletedo : HKLM\SOFTWARE\VideoDownloadConverter_4z
Chave Deletedo : HKLM\SOFTWARE\yuna software
Chave Deletedo : [x64] HKLM\SOFTWARE\DataMngr
Chave Deletedo : [x64] HKLM\SOFTWARE\DeviceVM
Chave Deletedo : [x64] HKLM\SOFTWARE\Tarma Installer
Chave Deletedo : [x64] HKLM\SOFTWARE\Reimage
Chave Deletedo : HKLM\SOFTWARE\Classes\Installer\Features\3192AA38321C641458DBDAF83979D193
Chave Deletedo : HKLM\SOFTWARE\Classes\Installer\Products\3192AA38321C641458DBDAF83979D193
Chave Deletedo : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5
Chave Deletedo : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0CFE535C35F99574E8340BFA75BF92C2
Chave Deletedo : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E
Chave Deletedo : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6
Chave Deletedo : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\261F213D1F55267499B1F87D0CC3BCF7
Chave Deletedo : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375
Chave Deletedo : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852
Chave Deletedo : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0
Chave Deletedo : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4B2468513CA2D6943A1A233CD3F88CE7
Chave Deletedo : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA
Chave Deletedo : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96
Chave Deletedo : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\741B4ADF27276464790022C965AB6DA8
Chave Deletedo : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7DE196B10195F5647A2B21B761F3DE01
Chave Deletedo : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59
Chave Deletedo : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9D4F5849367142E4685ED8C25E44C5ED
Chave Deletedo : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A5875B04372C19545BEB90D4D606C472
Chave Deletedo : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A876D9E80B896EC44A8620248CC79296
Chave Deletedo : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B66FFAB725B92594C986DE826A867888
Chave Deletedo : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC
Chave Deletedo : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA
Chave Deletedo : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E
Chave Deletedo : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF
Chave Deletedo : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E
Chave Deletedo : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094
Chave Deletedo : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\3192AA38321C641458DBDAF83979D193
Chave Deletedo : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Chave Deletedo : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\F928123A039649549966D4C29D35B1C9
***** [ Navegadores ] *****
-\\ Internet Explorer v11.0.9600.17344
Configurações Restauradas : HKLM\SOFTWARE\Microsoft\Internet Explorer\Search [CustomizeSearch]
Configurações Restauradas : HKLM\SOFTWARE\Microsoft\Internet Explorer\Search [searchAssistant]
-\\ Mozilla Firefox v33.1.1 (x86 pt-BR)
-\\ Google Chrome v39.0.2171.65
*************************
AdwCleaner[R0].txt - [18299 octets] - [22/11/2014 12:05:44]
AdwCleaner[R1].txt - [15459 octets] - [22/11/2014 13:45:52]
AdwCleaner[s0].txt - [573 octets] - [22/11/2014 12:30:07]
AdwCleaner[s1].txt - [13692 octets] - [22/11/2014 13:50:55]
########## EOF - C:\AdwCleaner\AdwCleaner[s1].txt - [13753 octets] ##########

Compartilhar este post


Link para o post
Compartilhar em outros sites

Boa Tarde! MaxterFuxi

 

> Baixe: < 1268r49.png > ( ... by Oleg N. Scherbakov )
> Salve-o no desktop!
> Desabilite seu antivírus!
> Para Windows 7,clique direito em JRT.exe e execute-o ...
Executar_Administrador.jpg
KRBKDhB8.jpg
> Aguarde a conclusão e poste o relatório. ( JRT.txt )
A+

Compartilhar este post


Link para o post
Compartilhar em outros sites

Boa Tarde.

 

JRT

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu
Version: 6.3.9 (11.15.2014:2)
OS: Windows 7 Home Basic x64
Ran by Leonardo Alves on 22/11/2014 at 14:00:46,54
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
~~~ Files
~~~ Folders
Failed to delete: [Folder] "C:\ProgramData\baidu security"
Successfully deleted: [Folder] "C:\Program Files (x86)\baidu security"
~~~ FireFox
Successfully deleted: [File] C:\user.js
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 22/11/2014 at 14:06:47,98
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Compartilhar este post


Link para o post
Compartilhar em outros sites
Boa Tarde! MasterFuxi


zx4ZII3H.jpg


> Abra a ferramenta AdwCleaner e clique em "Desinstalar".

> Confirme a solicitação!

> Poste novo relatório da ferramenta FRST onde,desta vez,não teremos o Addition.txt.


A+

Compartilhar este post


Link para o post
Compartilhar em outros sites
Boa Tarde! MasterFuxi


> Copie estas informações que estão em vermelho,para o Bloco de Notas.

> Salve-a com o nome fixlist. << Texto!

> Salve-a na unidade D:\ ( Disco local D:)


start

CloseProcesses:

Toolbar: HKLM-x32 - No Name - {6eae9e03-3a85-41c0-b1f8-099c252df40a} - No File

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - No File

FF HKU\S-1-5-21-1061505648-1413863901-4016012325-1000\...\Firefox\Extensions: [e98t09xI3ia@skywebsearch.com] - C:\PROGRA~2\YUOTUB~1\YuoTubeDownloader.xpi

FF HKU\S-1-5-21-1061505648-1413863901-4016012325-1000\...\Firefox\Extensions: [findlyrics@findlyrics.co] - C:\Program Files (x86)\FindLyrics\FF

CHR HKLM-x32\...\Chrome\Extension: [dkdkpmmkgdbglmfmmmmehbkmnkopingb] - C:\Program Files (x86)\Google\Chrome\User Data\Default\Extensions\v9-toolbar.crx []

S2 SparkSvc; "C:\Program Files (x86)\baidu\Spark\sparkservice.exe" -r [X]

S2 VCFw; "C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe" [X]

S3 BdSandbox; C:\Windows\System32\drivers\BdSandbox.sys [201536 2014-10-29] (Baidu, Inc.)

R1 Bfilter; C:\Windows\System32\drivers\Bfilter.sys [59712 2014-10-29] (Baidu, Inc.)

R1 Bfmon; C:\Windows\System32\drivers\Bfmon.sys [38208 2014-10-29] (Baidu, Inc.)

R1 Bnbase; C:\Windows\System32\drivers\bnba---64.sys [66720 2014-10-29] (Baidu, Inc.)

R1 Bndef; C:\Windows\System32\drivers\bndef64.sys [481696 2014-10-29] (Baidu, Inc.)

R1 Bprotect; C:\Windows\System32\drivers\Bprotect.sys [164096 2014-10-29] (Baidu, Inc.)

S3 Baidu PC Faster FileShredder; \??\C:\Program Files (x86)\Baidu Security\PC Faster\FileKill_x64.sys [X]

S3 BNmon; \??\C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BNmon64.sys [X]

S3 BprotectEx; \??\C:\Windows\System32\drivers\BprotectEx.sys [X]

U3 DfSdkS; No ImagePath

S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]

S3 PCFApiUtil; \??\C:\Program Files (x86)\Baidu Security\PC Faster\PCFApiUtil64.sys [X]

S3 Spring; \??\C:\Program Files (x86)\Baidu Security\Baidu Antivirus\Spring64.sys [X]

2014-11-22 14:06 - 2014-11-22 14:06 - 00000828 _____ () C:\Users\Leonardo Alves\Desktop\JRT.txt

2014-11-22 14:00 - 2014-11-22 14:00 - 01707532 _____ (Thisisu) C:\Users\Leonardo Alves\Downloads\JRT.exe

2014-11-22 13:02 - 2014-11-22 13:01 - 00011861 _____ () C:\fixlist.txt

2014-11-22 10:35 - 2014-11-22 13:52 - 00000224 _____ () C:\Windows\setupact.log

2014-11-22 10:35 - 2014-11-22 13:51 - 00000912 _____ () C:\Windows\PFRO.log

2014-11-22 10:35 - 2014-11-22 10:35 - 00000000 _____ () C:\Windows\setuperr.log

2014-10-29 00:21 - 2014-10-29 00:21 - 00201536 _____ (Baidu, Inc.) C:\Windows\system32\Drivers\BdSandbox.sys

2014-10-27 21:02 - 2014-10-27 22:02 - 00000000 _____ () C:\Windows\system32\ExtraInfo.txt

2014-11-22 14:01 - 2012-06-11 01:42 - 01325870 _____ () C:\Windows\WindowsUpdate.log

2014-11-22 13:52 - 2012-12-26 22:55 - 00000872 _____ () C:\Windows\Tasks\Ginyas Stats Report.job

2014-11-22 13:52 - 2012-12-26 22:55 - 00000872 _____ () C:\Windows\Tasks\Ginyas FireFox Watcher.job

2014-11-22 13:52 - 2012-12-26 22:55 - 00000872 _____ () C:\Windows\Tasks\Ginyas Chrome Watcher.job

2014-11-22 13:52 - 2012-12-26 22:55 - 00000804 _____ () C:\Windows\Tasks\Ginyas Update Checker.job

2014-11-22 13:52 - 2009-07-14 03:08 - 00032608 _____ () C:\Windows\Tasks\SCHEDLGU.TXT

2014-11-22 10:08 - 2014-03-07 01:06 - 00000000 ____D () C:\Users\Todos os Usuários\Baidu Security

2014-11-22 10:08 - 2014-03-07 01:06 - 00000000 ____D () C:\ProgramData\Baidu Security

2014-11-22 09:44 - 2013-09-11 21:22 - 00000000 ____D () C:\Users\Public\Documents\Baidu Security

2014-10-29 00:21 - 2014-06-08 21:24 - 00481696 _____ (Baidu, Inc.) C:\Windows\system32\Drivers\bndef64.sys

2014-10-29 00:21 - 2014-06-08 21:24 - 00164096 _____ (Baidu, Inc.) C:\Windows\system32\Drivers\Bprotect.sys

2014-10-29 00:21 - 2014-06-08 21:24 - 00066720 _____ (Baidu, Inc.) C:\Windows\system32\Drivers\bnba---64.sys

2014-10-29 00:21 - 2014-06-08 21:24 - 00059712 _____ (Baidu, Inc.) C:\Windows\system32\Drivers\Bfilter.sys

2014-10-29 00:21 - 2014-06-08 21:24 - 00038208 _____ (Baidu, Inc.) C:\Windows\system32\Drivers\Bfmon.sys

2014-10-27 22:51 - 2013-02-19 11:52 - 00000000 ____D () C:\Program Files (x86)\PSafe

emptytemp:

end


> Execute FRST/FRST64 >> Clique "Fix" << Aguarde!

> Na mensagem,clique Executar.

> Poste o relatório! (Fixlog.txt)


A+


Compartilhar este post


Link para o post
Compartilhar em outros sites

Boa tarde.

 

Ocorreu a tela azul novamente com o mesmo nome da anterior.

Olá! MasterFuxi

 

----

R1 Bnbase; C:\Windows\System32\drivers\bnba---64.sys [66720 2014-10-29] (Baidu, Inc.)

----

 

> Este erro no editor do Fórum está impedindo a remoção do driver.

> No lugar do tracejado está escrito a palavra: "s" "e" "x" ,mas sem as aspas!

 

 

> Baixe: < ZHPCleaner_zps71d274df.jpg > ( ... de Nicolas Coolman )
> Estando na página,clique 53cb8e11d3f80.jpg
> Salve-a no desktop!
> Execute-a e ao abrir,clique "J'accept/I Agree".
ZHPCleaner_Tous_zpsae2ad662.jpg
> Para correções mais abrangentes,marque todas as opções disponíveis.
> Clique Réparer.
> Clique Rapport.
> Poste o relatório!
A+

Compartilhar este post


Link para o post
Compartilhar em outros sites

Boa Tarde.

 

 

 

ZHPCleaner

 

~ ZHPCleaner v2014.11.21.234 by Nicolas Coolman (21/11/2014)
~ Run by Leonardo Alves (Administrator) (22/11/2014 15:44:23)
~ State version : Version OK
~ Type : Scan
~ Report : C:\Users\Leonardo Alves\Desktop\ZHPCleaner.txt
~ Quarantine : C:\Users\Leonardo Alves\AppData\Roaming\ZHP\ZHPCleaner_Quarantine.txt
~ UAC : Activate
~ Windows 7, 64-bit Service Pack 1 (Build 7601)
---\\ Services (0)
~ No malicious items found.
---\\ Browser Internet (6)
FOUND Proxy: ProxyHttp1.1 ( 1 )
FOUND IE Params: Search Bar ( Preserve )
FOUND IE Params: Default_Search_URL ( hxxp://www.oquefazernainternet.com/ )
FOUND IE Params: Tabs ( res://ieframe.dll/tabswelcome.htm )
FOUND FF: C:\Users\Leonardo Alves\AppData\Roaming\Mozilla\Firefox\Profiles\uuptrgob.default-1416663296159\prefs.js
FOUND Chrome URL: "hxxps://br.yahoo.com/?fr=hp-avast&type=avastbcl"]
---\\ Hosts file (1)
~ The hosts file is legitimate (21)
---\\ Scheduled automatic tasks. (0)
~ No malicious items found.
---\\ Explorer ( Files, Folders) (3)
FOUND: C:\Windows\System32\Drivers\{a3f28269-ad17-41a8-b032-3e0313ef8979}Gw64.sys (PUP.LinkiDoo)
FOUND: C:\Users\Leonardo Alves\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_api.greenerweb.info_0.localstorage-journal (PUP.GreenerWeb)
FOUND: C:\Users\Leonardo Alves\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_f.v-batesjs.info_0.localstorage-journal (Adware.Incredibar)
---\\ Registry ( Keys, Values, Datas) (15)
FOUND: [X64] HKLM\SYSTEM\CurrentControlSet\Services\MaintainerSvc4.07.4104264 ["C:\ProgramData\398c0b96-ebd3-4f67-a5c7-1899a15c12be\maintainer.exe"] (PUP.MaintainerSvc)
FOUND: [X64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{100EB1FD-D03E-47FD-81F3-EE91287F9465} [shopperReports.dll] (Adware.ShopperReports)
FOUND: [X64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{258C9770-1713-4021-8D7E-1F184A2BD754} [shoppingReport.dll] (Adware.ShoppingReport)
FOUND: [X64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B} [babylonToolbar.dll] (PUP.Babylon)
FOUND: [X64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E} [babylonToolbar.dll] (PUP.Babylon)
FOUND: [X64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC} [babylonToolbarTlbr.dll] (PUP.Babylon)
FOUND: [X64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{BDEA95CF-F0E6-41E0-BD3D-B00F39A4E939} [shoppingReport.dll] (Adware.ShoppingReport)
FOUND: HKCU\Software\Activeris (PUP.Activeris)
FOUND: [X64] HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ApnUpdater (Toolbar.AskBar)
FOUND: [X64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Ginyas Chrome Watcher (PUP.Blabbers)
FOUND: [X64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Ginyas FireFox Watcher (PUP.Blabbers)
FOUND: [X64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Ginyas Stats Report (PUP.Blabbers)
FOUND: [X64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Ginyas Update Checker (PUP.Blabbers)
FOUND: [X64] HKLM\SOFTWARE\Wow6432Node\Activeris (PUP.Activeris)
FOUND: [X64] HKLM\SOFTWARE\Wow6432Node\Ginyas (PUP.Blabbers)
---\\ Result of repair
~ Any repair made
~ No browser found (Opera Software)
End of clean at 15:47:59

Compartilhar este post


Link para o post
Compartilhar em outros sites

Boa Tarde! MasterFuxi

 

 

 

Devo então alterar aquelas palavras para a correta e fixar novamente?

> Sim! Mas não precisa ser a fixlist completa.

 

start
R1 Bnbase; C:\Windows\System32\drivers\bnba---64.sys [66720 2014-10-29] (Baidu, Inc.)
emptytemp:
end
> Salve,apenas,estas informações no Bloco de Notas,com o nome fixlist.
> Substitua o tracejado,pela palavra que o editor bloqueia.
> Se tiver êxito,poste o Fixlog.
A+

Compartilhar este post


Link para o post
Compartilhar em outros sites

Boa Tarde.

 

Agora funcionou!

 

Fixlog

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 22-11-2014
Ran by Leonardo Alves at 2014-11-22 16:15:15 Run:2
Running from C:\
Loaded Profile: Leonardo Alves (Available profiles: Leonardo Alves)
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
start
R1 Bnbase; C:\Windows\System32\drivers\bnbasex64.sys [66720 2014-10-29] (Baidu, Inc.)
emptytemp:
end
*****************
Bnbase => Service stopped successfully.
Bnbase => Service deleted successfully.
EmptyTemp: => Removed 132.9 MB temporary data.
The system needed a reboot.
==== End of Fixlog ====

Compartilhar este post


Link para o post
Compartilhar em outros sites

Boa Tarde! MasterFuxi

 

> Farei a comunicação ao Administrador Mário Monteiro,para liberar a palavra bloqueada,pois impede a completa remoção do Baidu.

> Reparei que foram detectados PUPs pela ferramenta ZHPCleaner,onde a Malwarebytes seria mais eficiente na remoção de PUPs.

> Caso queira,pode executá-la!

 

> Baixe: < Malwarebytes >
> Instale o antimalware,com duplo-clique em seu executável! ( mbam-setup.exe )
adtCRpOM.jpg
> Desmarque a caixa: "Ativar trial gratuito do Malwarebytes Anti-Malware PRO"
> Marque as checkbox:
<1> Atualizar Malwarebytes Anti-Malware
<2> Executar Malwarebytes Anti-Malware
> Clique em "Concluir".
> Caso haja atualizações,elas serão baixadas e instaladas.
> Clique em "Settings" e no campo Language,coloque: Portuguese (Brasil)
> Clique em "Detecção e proteção".
> Marque: Verificar por Rootkits
> Em "Detecções PUP",selecione: Tratar detecções como malware
> Clique em Verificar >> Verificar ameaça.
> Clique em "Verificar agora".
> Aguarde a conclusão do scan!
> Caso haja detecções,clique no botão "Mover todos para a Quarentena".
> Clique em "Aplicar ações".
> Ao concluir,aceite a solicitação ao reboot,que pode ocorrer 2 vezes.
> Poste o relatório! ( Aba Histórico >> Logs de aplicativos )
> Ps: Utilize o formato ".txt" para exportar o relatório.
A+

Compartilhar este post


Link para o post
Compartilhar em outros sites

Boa Tarde.

 

Realmente, o Malwarebytes fez diferença na remoção.

 

Malwarebytes

 

Malwarebytes Anti-Malware
www.malwarebytes.org
Data da Verificação: 22/11/2014
Hora da Verificação: 16:42:25
Arquivo de Log: malware bytes.txt
Administrador: Sim
Versão: 2.00.3.1025
Base de Dados de Malware: v2014.11.22.10
Base de Dados de Rootkit: v2014.11.21.01
Licença: Grátis
Proteção de Malware: Desabilitado
Proteção de Site Malicioso: Desabilitado
Auto-Proteção: Desabilitado
SO: Windows 7 Service Pack 1
Processador: x64
Sistema de Arquivos: NTFS
Usuário: Leonardo Alves
Tipo da Verificação: Verificar Ameaça
Resultado: Terminado
Objetos Verificados: 329369
Tempo Decorrido: 20 min, 43 seg
Memória: Habilitado
Inicialização: Habilitado
Sistema de Arquivos: Habilitado
Arquivos Compactados: Habilitado
Rootkits: Habilitado
Heurística: Habilitado
PUP: Habilitado
PUM: Habilitado
Processos: 1
PUP.Optional.MaintainerSvc.A, C:\ProgramData\398c0b96-ebd3-4f67-a5c7-1899a15c12be\maintainer.exe, 1764, Apagar ao Reiniciar, [2348d26c1d5fbb7b7ad1ae3349b86a96]
Módulos: 0
(Nenhum item malicioso detectado)
Chaves de Registro: 2
PUP.Optional.MaintainerSvc.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\MaintainerSvc4.07.4104264, Quarentena, [2348d26c1d5fbb7b7ad1ae3349b86a96],
PUP.Optional.Qone8, HKU\S-1-5-21-1061505648-1413863901-4016012325-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}, Quarentena, [3d2e53eb3b4190a6ff344555ef158977],
Valores de Registro: 3
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY|AppPath, C:\Program Files (x86)\Mysearchdial\1.8.29.0\, Quarentena, [5c0f2c12fd7f4fe719dabfee0004d42c]
PUP.Optional.QuickStart.A, HKU\S-1-5-21-1061505648-1413863901-4016012325-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MOZILLA\EXTENDS|appid, quick_start@gmail.com, Quarentena, [6dfe73cbcab21125b95c292e689b5ba5]
PUP.Optional.AdLyrics.A, HKU\S-1-5-21-1061505648-1413863901-4016012325-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MOZILLA\FIREFOX\EXTENSIONS|findlyrics@findlyrics.co, C:\Program Files (x86)\FindLyrics\FF\, Quarentena, [b7b460de0d6fa4924596e079d62de21e]
Dados de Registro: 0
(Nenhum item malicioso detectado)
Pastas: 1
PUP.Optional.FunMoods.A, C:\Users\Leonardo Alves\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cjpglkicenollcignonpgiafdgfeehoj, Quarentena, [a4c73707ea9285b1651ab06abe459868],
Arquivos: 12
PUP.Optional.Sanbreel.A, C:\Windows\System32\drivers\{a3f28269-ad17-41a8-b032-3e0313ef8979}Gw64.sys, Apagar ao Reiniciar, [29c50636fa1886d819cd95ff1fe2b5df],
PUP.Optional.Sanbreel.A, C:\Windows\System32\drivers\{a3f28269-ad17-41a8-b032-3e0313ef8979}w64.sys, Apagar ao Reiniciar, [003baa98f36495adea36bf1f4123f381],
PUP.Optional.MaintainerSvc.A, C:\ProgramData\398c0b96-ebd3-4f67-a5c7-1899a15c12be\maintainer.exe, Apagar ao Reiniciar, [2348d26c1d5fbb7b7ad1ae3349b86a96],
PUP.Optional.Vbates.A, C:\Users\Leonardo Alves\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ljmibnagodajacnnbifpamhggcohblip_0.localstorage, Quarentena, [6b00ae90fd7f142209f8312157ac9e62],
PUP.Optional.Searchqu.A, C:\Users\Leonardo Alves\AppData\Roaming\Mozilla\Extensions\{1FD91A9C-410C-4090-BBCC-55D3450EF433}, Quarentena, [b2b9b68880fc9a9cbc51fa956f95639d],
PUP.Optional.QuickStart.A, C:\Users\Leonardo Alves\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_pelmeidfhdlhlbjimpabfcbnnojbboma_0.localstorage, Quarentena, [8ddeb7870a7259ddb2af8c21020204fc],
PUP.Optional.CrossRider.A, C:\Windows\System32\Tasks\060184C3-9766-46a0-B258-F4518A0B2633, Quarentena, [a5c661dd88f48babfca0842d55afab55],
PUP.Optional.FunMoods.A, C:\Users\Leonardo Alves\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cjpglkicenollcignonpgiafdgfeehoj\000003.log, Quarentena, [a4c73707ea9285b1651ab06abe459868],
PUP.Optional.FunMoods.A, C:\Users\Leonardo Alves\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cjpglkicenollcignonpgiafdgfeehoj\CURRENT, Quarentena, [a4c73707ea9285b1651ab06abe459868],
PUP.Optional.FunMoods.A, C:\Users\Leonardo Alves\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cjpglkicenollcignonpgiafdgfeehoj\LOCK, Quarentena, [a4c73707ea9285b1651ab06abe459868],
PUP.Optional.FunMoods.A, C:\Users\Leonardo Alves\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cjpglkicenollcignonpgiafdgfeehoj\LOG, Quarentena, [a4c73707ea9285b1651ab06abe459868],
PUP.Optional.FunMoods.A, C:\Users\Leonardo Alves\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cjpglkicenollcignonpgiafdgfeehoj\MANIFEST-000002, Quarentena, [a4c73707ea9285b1651ab06abe459868],
Setores Físicos: 0
(Nenhum item malicioso detectado)
(end)

Compartilhar este post


Link para o post
Compartilhar em outros sites

Boa Tarde! MasterFuxi

 

> Vamos remover as ferramentas que foram utilizadas na desinfecção!
> Baixe: < delfix_108_zps75ef8ba4.jpg > ( ... de Xplode )
DelFix_Download_zpsb5d944c7.jpg
> Estando na página,clique em Download Now.
> Salve-a em um local conveniente! ( desktop! )
> Feche aplicativos que estejam abertos.
DelFix_RCL_zpscdf4940b.jpg
> Remover ferramentas de desinfecção
> Criar backup do registro
> Limpar pontos da restauração do sistema
> Com estas caixinhas marcadas,clique Executar!
> Reinicie o computador ao concluir!
> Tudo Ok?
A+

Compartilhar este post


Link para o post
Compartilhar em outros sites
Visitante
Este tópico está impedido de receber novos posts.

×

Informação importante

Ao usar o fórum, você concorda com nossos Termos e condições.