0 Members and 1 Guest are viewing this topic.
tambem tenho o mesmo problema:http://differentia.ru/diff.php e http://disorderstatus.ru/order.php
CreateRestorePoint: HKLM\...\Policies\Explorer\Run: [531646816] => C:\Documents and Settings\All Users\msanz.exe [77920512 2008-04-13] ()CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTIONHKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTIONHKU\S-1-5-21-220523388-484061587-1801674531-1003\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTIONHKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRa0ymfMnbpqxFRcw9bO9KVavhRaCksnt3bQgejRAM4wyQFGqZgzjuGnVQxGaWwMYI1l5afqIQfMk6EkQjYhYci4hrsXKayzX3Zd0vTcrQUOXCk65dOJhmHxpLtSVTxIe_-lLOguhMtVlByKV9Pwd0vlF-6P4iPUTFFNi7A,,HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRa0ymfMnbpqxFRcw9bO9KVavhRaCksnt3bQgejRAM4wyQFGqZgzjuGnVQxGaWwMYI1l5afqIQfMk6EkQjYhYci4hrsXKayzX3Zd0vTcnDR1bT-yVumKxpRvh0Xm9TbrMmT-Kg3bf_ZHZE3Nh34M98dvburXZuysdAQ7VXA,,&q={searchTerms}HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRa0ymfMnbpqxFRcw9bO9KVavhRaCksnt3bQgejRAM4wyQFGqZgzjuGnVQxGaWwMYI1l5afqIQfMk6EkQjYhYci4hrsXKayzX3Zd0vTcnDR1bT-yVumKxpRvh0Xm9TbrMmT-Kg3bf_ZHZE3Nh34M98dvburXZuysdAQ7VXA,,&q={searchTerms}HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRa0ymfMnbpqxFRcw9bO9KVavhRaCksnt3bQgejRAM4wyQFGqZgzjuGnVQxGaWwMYI1l5afqIQfMk6EkQjYhYci4hrsXKayzX3Zd0vTcrQUOXCk65dOJhmHxpLtSVTxIe_-lLOguhMtVlByKV9Pwd0vlF-6P4iPUTFFNi7A,,HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRa0ymfMnbpqxFRcw9bO9KVavhRaCksnt3bQgejRAM4wyQFGqZgzjuGnVQxGaWwMYI1l5afqIQfMk6EkQjYhYci4hrsXKayzX3Zd0vTcnDR1bT-yVumKxpRvh0Xm9TbrMmT-Kg3bf_ZHZE3Nh34M98dvburXZuysdAQ7VXA,,&q={searchTerms}HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRa0ymfMnbpqxFRcw9bO9KVavhRaCksnt3bQgejRAM4wyQFGqZgzjuGnVQxGaWwMYI1l5afqIQfMk6EkQjYhYci4hrsXKayzX3Zd0vTcnDR1bT-yVumKxpRvh0Xm9TbrMmT-Kg3bf_ZHZE3Nh34M98dvburXZuysdAQ7VXA,,&q={searchTerms}HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "about:newtab" <======= ATTENTIONSearchScopes: HKU\S-1-5-19 -> DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRa0ymfMnbpqxFRcw9bO9KVavhRaCksnt3bQgejRAM4wyQFGqZgzjuGnVQxGaWwMYI1l5afqIQfMk6EkQjYhYci4hrsXKayzX3Zd0vTcnDR1bT-yVumKxpRvh0Xm9TbrMmT-Kg3bf_ZHZE3Nh34M98dvburXZuysdAQ7VXA,,&q={searchTerms}SearchScopes: HKU\S-1-5-19 -> {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRa0ymfMnbpqxFRcw9bO9KVavhRaCksnt3bQgejRAM4wyQFGqZgzjuGnVQxGaWwMYI1l5afqIQfMk6EkQjYhYci4hrsXKayzX3Zd0vTcnDR1bT-yVumKxpRvh0Xm9TbrMmT-Kg3bf_ZHZE3Nh34M98dvburXZuysdAQ7VXA,,&q={searchTerms}SearchScopes: HKU\S-1-5-20 -> DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRa0ymfMnbpqxFRcw9bO9KVavhRaCksnt3bQgejRAM4wyQFGqZgzjuGnVQxGaWwMYI1l5afqIQfMk6EkQjYhYci4hrsXKayzX3Zd0vTcnDR1bT-yVumKxpRvh0Xm9TbrMmT-Kg3bf_ZHZE3Nh34M98dvburXZuysdAQ7VXA,,&q={searchTerms}SearchScopes: HKU\S-1-5-20 -> {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRa0ymfMnbpqxFRcw9bO9KVavhRaCksnt3bQgejRAM4wyQFGqZgzjuGnVQxGaWwMYI1l5afqIQfMk6EkQjYhYci4hrsXKayzX3Zd0vTcnDR1bT-yVumKxpRvh0Xm9TbrMmT-Kg3bf_ZHZE3Nh34M98dvburXZuysdAQ7VXA,,&q={searchTerms}SearchScopes: HKU\S-1-5-21-220523388-484061587-1801674531-1003 -> {3AEAD5DA-D308-414D-8F76-0CCCFFAAE25B} URL = hxxp://www.mystartsearch.com/web/?utm_source=b&utm_medium=ima&utm_campaign=install_ie&utm_content=ds&from=ima&uid=ST500DM002-1BD142_S2A4QQCDXXXXS2A4QQCD&ts=1430105075&type=default&q={searchTerms}SearchScopes: HKU\S-1-5-21-220523388-484061587-1801674531-1003 -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.mystartsearch.com/web/?utm_source=b&utm_medium=ima&utm_campaign=install_ie&utm_content=ds&from=ima&uid=ST500DM002-1BD142_S2A4QQCDXXXXS2A4QQCD&ts=1430105075&type=default&q={searchTerms}CHR HomePage: Default -> hxxp://br.hao123.com/?tn=sdkp_inner_protection_02_hao123_brCHR RestoreOnStartup: Default -> "hxxp://br.hao123.com/?tn=sdkp_inner_protection_02_hao123_br"CHR HKLM\...\Chrome\Extension: [jbolfgndggfhhpbnkgnpjkfhinclbigj] - <no Path\update_url>S2 vofohope; C:\Documents and Settings\Samuel.MAQUINA\Dados de aplicativos\FFFFFFFF-1430105201-FFFF-FFFF-FFFFFFFFFFFF\jnsn938.tmp [X]2015-08-20 15:59 - 2015-08-20 15:59 - 00000000 ____D C:\Documents and Settings\Samuel.MAQUINA\Dados de aplicativos\FFFFFFFF-1430497961-FFFF-FFFF-FFFFFFFFFFFF2015-08-20 15:59 - 2015-08-20 15:59 - 00000000 ____D C:\Documents and Settings\Samuel.MAQUINA\Dados de aplicativos\FFFFFFFF-1430105201-FFFF-FFFF-FFFFFFFFFFFF2015-08-20 15:59 - 2015-08-20 15:59 - 00000000 ____D C:\Documents and Settings\Samuel.MAQUINA\Configurações locais\Dados de aplicativos\FFFFFFFF-1430487407-FFFF-FFFF-FFFFFFFFFFFF2015-08-20 15:59 - 2015-08-20 15:59 - 00000000 ____D C:\Documents and Settings\Samuel.MAQUINA\Configurações locais\Dados de aplicativos\FFFFFFFF-1430487393-FFFF-FFFF-FFFFFFFFFFFF2015-08-20 15:59 - 2015-08-20 15:59 - 00000000 ____D C:\Documents and Settings\Samuel.MAQUINA\Configurações locais\Dados de aplicativos\FFFFFFFF-1430487251-FFFF-FFFF-FFFFFFFFFFFF2015-08-20 15:59 - 2015-08-20 15:59 - 00000000 ____D C:\Documents and Settings\Samuel.MAQUINA\Configurações locais\Dados de aplicativos\FFFFFFFF-1430094679-FFFF-FFFF-FFFFFFFFFFFF2015-08-20 15:59 - 2015-08-20 15:59 - 00000000 ____D C:\Documents and Settings\All Users\Dados de aplicativos\{BAF091CA-86C4-4627-ADA1-897E2621C1B0}2015-08-20 15:59 - 2015-08-20 15:59 - 00000000 ____D C:\Documents and Settings\All Users\Dados de aplicativos\{3C5CBD7B-3D1D-411E-96C2-513FFCA84D2D}2008-04-13 18:21 - 2008-04-13 18:21 - 77920512 ___SH () C:\Documents and Settings\All Users\msanz.exeReg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /fReg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /fReg: Reg Delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /FReg: Reg Add "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /FRemoveProxy:EmptyTemp: CMD: bitsadmin /reset /allusers
Meu PC estava com o mesmo problema, então fiz o mesmo procedimento com o FARBAR. Segue em anexos os arquivos gerados pelo mesmo ao fim do escaneamento.
@samuelgrossCAUTION : This fix is only valid for this specific machine, using it on another may break your computer Open notepad and copy/paste the text in the quotebox below into it: QuoteCreateRestorePoint: HKLM\...\Policies\Explorer\Run: [531646816] => C:\Documents and Settings\All Users\msanz.exe [77920512 2008-04-13] ()CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTIONHKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTIONHKU\S-1-5-21-220523388-484061587-1801674531-1003\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTIONHKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRa0ymfMnbpqxFRcw9bO9KVavhRaCksnt3bQgejRAM4wyQFGqZgzjuGnVQxGaWwMYI1l5afqIQfMk6EkQjYhYci4hrsXKayzX3Zd0vTcrQUOXCk65dOJhmHxpLtSVTxIe_-lLOguhMtVlByKV9Pwd0vlF-6P4iPUTFFNi7A,,HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRa0ymfMnbpqxFRcw9bO9KVavhRaCksnt3bQgejRAM4wyQFGqZgzjuGnVQxGaWwMYI1l5afqIQfMk6EkQjYhYci4hrsXKayzX3Zd0vTcnDR1bT-yVumKxpRvh0Xm9TbrMmT-Kg3bf_ZHZE3Nh34M98dvburXZuysdAQ7VXA,,&q={searchTerms}HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRa0ymfMnbpqxFRcw9bO9KVavhRaCksnt3bQgejRAM4wyQFGqZgzjuGnVQxGaWwMYI1l5afqIQfMk6EkQjYhYci4hrsXKayzX3Zd0vTcnDR1bT-yVumKxpRvh0Xm9TbrMmT-Kg3bf_ZHZE3Nh34M98dvburXZuysdAQ7VXA,,&q={searchTerms}HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRa0ymfMnbpqxFRcw9bO9KVavhRaCksnt3bQgejRAM4wyQFGqZgzjuGnVQxGaWwMYI1l5afqIQfMk6EkQjYhYci4hrsXKayzX3Zd0vTcrQUOXCk65dOJhmHxpLtSVTxIe_-lLOguhMtVlByKV9Pwd0vlF-6P4iPUTFFNi7A,,HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRa0ymfMnbpqxFRcw9bO9KVavhRaCksnt3bQgejRAM4wyQFGqZgzjuGnVQxGaWwMYI1l5afqIQfMk6EkQjYhYci4hrsXKayzX3Zd0vTcnDR1bT-yVumKxpRvh0Xm9TbrMmT-Kg3bf_ZHZE3Nh34M98dvburXZuysdAQ7VXA,,&q={searchTerms}HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRa0ymfMnbpqxFRcw9bO9KVavhRaCksnt3bQgejRAM4wyQFGqZgzjuGnVQxGaWwMYI1l5afqIQfMk6EkQjYhYci4hrsXKayzX3Zd0vTcnDR1bT-yVumKxpRvh0Xm9TbrMmT-Kg3bf_ZHZE3Nh34M98dvburXZuysdAQ7VXA,,&q={searchTerms}HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "about:newtab" <======= ATTENTIONSearchScopes: HKU\S-1-5-19 -> DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRa0ymfMnbpqxFRcw9bO9KVavhRaCksnt3bQgejRAM4wyQFGqZgzjuGnVQxGaWwMYI1l5afqIQfMk6EkQjYhYci4hrsXKayzX3Zd0vTcnDR1bT-yVumKxpRvh0Xm9TbrMmT-Kg3bf_ZHZE3Nh34M98dvburXZuysdAQ7VXA,,&q={searchTerms}SearchScopes: HKU\S-1-5-19 -> {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRa0ymfMnbpqxFRcw9bO9KVavhRaCksnt3bQgejRAM4wyQFGqZgzjuGnVQxGaWwMYI1l5afqIQfMk6EkQjYhYci4hrsXKayzX3Zd0vTcnDR1bT-yVumKxpRvh0Xm9TbrMmT-Kg3bf_ZHZE3Nh34M98dvburXZuysdAQ7VXA,,&q={searchTerms}SearchScopes: HKU\S-1-5-20 -> DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRa0ymfMnbpqxFRcw9bO9KVavhRaCksnt3bQgejRAM4wyQFGqZgzjuGnVQxGaWwMYI1l5afqIQfMk6EkQjYhYci4hrsXKayzX3Zd0vTcnDR1bT-yVumKxpRvh0Xm9TbrMmT-Kg3bf_ZHZE3Nh34M98dvburXZuysdAQ7VXA,,&q={searchTerms}SearchScopes: HKU\S-1-5-20 -> {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRa0ymfMnbpqxFRcw9bO9KVavhRaCksnt3bQgejRAM4wyQFGqZgzjuGnVQxGaWwMYI1l5afqIQfMk6EkQjYhYci4hrsXKayzX3Zd0vTcnDR1bT-yVumKxpRvh0Xm9TbrMmT-Kg3bf_ZHZE3Nh34M98dvburXZuysdAQ7VXA,,&q={searchTerms}SearchScopes: HKU\S-1-5-21-220523388-484061587-1801674531-1003 -> {3AEAD5DA-D308-414D-8F76-0CCCFFAAE25B} URL = hxxp://www.mystartsearch.com/web/?utm_source=b&utm_medium=ima&utm_campaign=install_ie&utm_content=ds&from=ima&uid=ST500DM002-1BD142_S2A4QQCDXXXXS2A4QQCD&ts=1430105075&type=default&q={searchTerms}SearchScopes: HKU\S-1-5-21-220523388-484061587-1801674531-1003 -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.mystartsearch.com/web/?utm_source=b&utm_medium=ima&utm_campaign=install_ie&utm_content=ds&from=ima&uid=ST500DM002-1BD142_S2A4QQCDXXXXS2A4QQCD&ts=1430105075&type=default&q={searchTerms}CHR HomePage: Default -> hxxp://br.hao123.com/?tn=sdkp_inner_protection_02_hao123_brCHR RestoreOnStartup: Default -> "hxxp://br.hao123.com/?tn=sdkp_inner_protection_02_hao123_br"CHR HKLM\...\Chrome\Extension: [jbolfgndggfhhpbnkgnpjkfhinclbigj] - <no Path\update_url>S2 vofohope; C:\Documents and Settings\Samuel.MAQUINA\Dados de aplicativos\FFFFFFFF-1430105201-FFFF-FFFF-FFFFFFFFFFFF\jnsn938.tmp [X]2015-08-20 15:59 - 2015-08-20 15:59 - 00000000 ____D C:\Documents and Settings\Samuel.MAQUINA\Dados de aplicativos\FFFFFFFF-1430497961-FFFF-FFFF-FFFFFFFFFFFF2015-08-20 15:59 - 2015-08-20 15:59 - 00000000 ____D C:\Documents and Settings\Samuel.MAQUINA\Dados de aplicativos\FFFFFFFF-1430105201-FFFF-FFFF-FFFFFFFFFFFF2015-08-20 15:59 - 2015-08-20 15:59 - 00000000 ____D C:\Documents and Settings\Samuel.MAQUINA\Configurações locais\Dados de aplicativos\FFFFFFFF-1430487407-FFFF-FFFF-FFFFFFFFFFFF2015-08-20 15:59 - 2015-08-20 15:59 - 00000000 ____D C:\Documents and Settings\Samuel.MAQUINA\Configurações locais\Dados de aplicativos\FFFFFFFF-1430487393-FFFF-FFFF-FFFFFFFFFFFF2015-08-20 15:59 - 2015-08-20 15:59 - 00000000 ____D C:\Documents and Settings\Samuel.MAQUINA\Configurações locais\Dados de aplicativos\FFFFFFFF-1430487251-FFFF-FFFF-FFFFFFFFFFFF2015-08-20 15:59 - 2015-08-20 15:59 - 00000000 ____D C:\Documents and Settings\Samuel.MAQUINA\Configurações locais\Dados de aplicativos\FFFFFFFF-1430094679-FFFF-FFFF-FFFFFFFFFFFF2015-08-20 15:59 - 2015-08-20 15:59 - 00000000 ____D C:\Documents and Settings\All Users\Dados de aplicativos\{BAF091CA-86C4-4627-ADA1-897E2621C1B0}2015-08-20 15:59 - 2015-08-20 15:59 - 00000000 ____D C:\Documents and Settings\All Users\Dados de aplicativos\{3C5CBD7B-3D1D-411E-96C2-513FFCA84D2D}2008-04-13 18:21 - 2008-04-13 18:21 - 77920512 ___SH () C:\Documents and Settings\All Users\msanz.exeReg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /fReg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /fReg: Reg Delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /FReg: Reg Add "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /FRemoveProxy:EmptyTemp: CMD: bitsadmin /reset /allusers Save this as fixlist.txt, in the same location as FRST.exe Run FRST and press FixOn completion a log will be generated please post thatTHENPlease download AdwCleaner by Xplode onto your desktop.Close all open programs and internet browsers.Double click on AdwCleaner.exe to run the tool.Click on Scan.After the scan is complete click on "Clean"Confirm each time with Ok.Your computer will be rebooted automatically. A text file will open after the restart.Please post the content of that logfile with your next answer.You can find the logfile at C:\AdwCleaner[S0].txt as well.