Publicité
Publicité
Format du document : text/plain
Prévisualisation
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 26-04-2014
Ran by Arnaldo at 2014-04-25 23:49:20 Run:1
Running from C:\Users\Arnaldo\Downloads
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
start
Task: {D8840BC1-1358-4166-8C96-756F057C28F5} - System32\Tasks\060184C3-9766-46a0-B258-F4518A0B2633 => Cscript.exe "C:\ProgramData\Baidu Security\Duplicaterecord.js"
AlternateDataStreams: C:\Users\Arnaldo\Downloads\noname.eml:OECustomProperty
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {92001F8A-C36B-473A-91E7-5BE0C81CF2B3} URL = http://home.psafe.com/Search.aspx?q={searchTerms}&utm_source=browser+addressbar&utm_medium=browser+addressbar&utm_campaign=browser+addressbar
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
R1 avgtp; C:\Windows\system32\drivers\avgtpx86.sys [42272 2014-03-21] (AVG Technologies)
S3 BdApiUtil; \??\C:\Program Files\Baidu Security\Baidu Antivirus\BdApiUtil.sys [X]
S3 BdCameraProtect; \??\C:\Program Files\Baidu Security\Baidu Antivirus\BdCameraProtect.sys [X]
S1 Bfilter; \??\C:\Windows\System32\drivers\Bfilter.sys [X]
S1 Bfmon; \??\C:\Windows\System32\drivers\Bfmon.sys [X]
S0 Bhbase; System32\drivers\Bhbase.sys [X]
S1 Bprotect; \??\C:\Windows\System32\drivers\Bprotect.sys [X]
S3 BprotectEx; \??\C:\Windows\System32\drivers\BprotectEx.sys [X]
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
S3 PCFApiUtil; \??\C:\Program Files\Baidu Security\PC Faster\4.0.0.0\PCFApiUtil.sys [X]
2014-04-11 10:53 - 2014-04-11 10:53 - 00000000 ____D () C:\Program Files\Enigma Software Group
2014-04-14 22:06 - 2014-01-22 10:02 - 00000000 ____D () C:\Users\Todos os Usuários\Baidu Security
2014-04-14 22:06 - 2014-01-22 10:02 - 00000000 ____D () C:\ProgramData\Baidu Security
end
*****************
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{D8840BC1-1358-4166-8C96-756F057C28F5} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D8840BC1-1358-4166-8C96-756F057C28F5} => Key deleted successfully.
C:\Windows\System32\Tasks\060184C3-9766-46a0-B258-F4518A0B2633 => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\060184C3-9766-46a0-B258-F4518A0B2633 => Key deleted successfully.
C:\Users\Arnaldo\Downloads\noname.eml => ":OECustomProperty" ADS removed successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{92001F8A-C36B-473A-91E7-5BE0C81CF2B3} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{92001F8A-C36B-473A-91E7-5BE0C81CF2B3} => Key deleted successfully.
HKLM\SOFTWARE\Policies\Google => Key deleted successfully.
avgtp => Service stopped successfully.
avgtp => Service deleted successfully.
BdApiUtil => Service deleted successfully.
BdCameraProtect => Service deleted successfully.
Bfilter => Service deleted successfully.
Bfmon => Service deleted successfully.
Bhbase => Service deleted successfully.
Bprotect => Service deleted successfully.
BprotectEx => Service deleted successfully.
esgiguard => Service deleted successfully.
PCFApiUtil => Service deleted successfully.
C:\Program Files\Enigma Software Group => Moved successfully.
C:\Users\Todos os Usuários\Baidu Security => Moved successfully.
"C:\ProgramData\Baidu Security" => File/Directory not found.
==== End of Fixlog ====
Ran by Arnaldo at 2014-04-25 23:49:20 Run:1
Running from C:\Users\Arnaldo\Downloads
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
start
Task: {D8840BC1-1358-4166-8C96-756F057C28F5} - System32\Tasks\060184C3-9766-46a0-B258-F4518A0B2633 => Cscript.exe "C:\ProgramData\Baidu Security\Duplicaterecord.js"
AlternateDataStreams: C:\Users\Arnaldo\Downloads\noname.eml:OECustomProperty
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {92001F8A-C36B-473A-91E7-5BE0C81CF2B3} URL = http://home.psafe.com/Search.aspx?q={searchTerms}&utm_source=browser+addressbar&utm_medium=browser+addressbar&utm_campaign=browser+addressbar
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
R1 avgtp; C:\Windows\system32\drivers\avgtpx86.sys [42272 2014-03-21] (AVG Technologies)
S3 BdApiUtil; \??\C:\Program Files\Baidu Security\Baidu Antivirus\BdApiUtil.sys [X]
S3 BdCameraProtect; \??\C:\Program Files\Baidu Security\Baidu Antivirus\BdCameraProtect.sys [X]
S1 Bfilter; \??\C:\Windows\System32\drivers\Bfilter.sys [X]
S1 Bfmon; \??\C:\Windows\System32\drivers\Bfmon.sys [X]
S0 Bhbase; System32\drivers\Bhbase.sys [X]
S1 Bprotect; \??\C:\Windows\System32\drivers\Bprotect.sys [X]
S3 BprotectEx; \??\C:\Windows\System32\drivers\BprotectEx.sys [X]
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
S3 PCFApiUtil; \??\C:\Program Files\Baidu Security\PC Faster\4.0.0.0\PCFApiUtil.sys [X]
2014-04-11 10:53 - 2014-04-11 10:53 - 00000000 ____D () C:\Program Files\Enigma Software Group
2014-04-14 22:06 - 2014-01-22 10:02 - 00000000 ____D () C:\Users\Todos os Usuários\Baidu Security
2014-04-14 22:06 - 2014-01-22 10:02 - 00000000 ____D () C:\ProgramData\Baidu Security
end
*****************
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{D8840BC1-1358-4166-8C96-756F057C28F5} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D8840BC1-1358-4166-8C96-756F057C28F5} => Key deleted successfully.
C:\Windows\System32\Tasks\060184C3-9766-46a0-B258-F4518A0B2633 => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\060184C3-9766-46a0-B258-F4518A0B2633 => Key deleted successfully.
C:\Users\Arnaldo\Downloads\noname.eml => ":OECustomProperty" ADS removed successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{92001F8A-C36B-473A-91E7-5BE0C81CF2B3} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{92001F8A-C36B-473A-91E7-5BE0C81CF2B3} => Key deleted successfully.
HKLM\SOFTWARE\Policies\Google => Key deleted successfully.
avgtp => Service stopped successfully.
avgtp => Service deleted successfully.
BdApiUtil => Service deleted successfully.
BdCameraProtect => Service deleted successfully.
Bfilter => Service deleted successfully.
Bfmon => Service deleted successfully.
Bhbase => Service deleted successfully.
Bprotect => Service deleted successfully.
BprotectEx => Service deleted successfully.
esgiguard => Service deleted successfully.
PCFApiUtil => Service deleted successfully.
C:\Program Files\Enigma Software Group => Moved successfully.
C:\Users\Todos os Usuários\Baidu Security => Moved successfully.
"C:\ProgramData\Baidu Security" => File/Directory not found.
==== End of Fixlog ====