Usamos cookies para medir audiência e melhorar sua experiência. Você pode aceitar ou recusar a qualquer momento. Veja sobre o iMasters.
Saudações. Estou com um problema no computador aqui de casa. De uma hora pra outra, apareceu uma tela azul na inicialização, informando que um problema foi detectado e o computador seria reiniciado.
A descrição é a seguinte:
" PSINFiles.sys
The driver unloaded without cancelling pendind operations"
Já procurei em vários sites, fiz algumas coisas que sugeriram, mas até agora nada deu resultado. TO usando o PC no modo de segurança.
O log do HijackThis é o seguinte:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 16:52:05, on 02/03/2013
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v9.00 (9.00.8112.16464)
Boot mode: Safe mode with network support
Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\ctfmon.exe
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\HijackThis\HiJackThis.exe
C:\Windows\system32\wbem\wmiprvse.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://nmd.msn.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MIF5BA~1\Office14\GROOVEEX.DLL
O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll
O2 - BHO: DealPly - {A6174F27-1FFF-E1D6-A93F-BA48AD5DD448} - C:\Program Files\DealPly\DealPlyIE.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MIF5BA~1\Office14\URLREDIR.DLL
O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\Program Files\GbPlugin\gbiehcef.dll
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [bCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray.exe
O4 - HKLM\..\Run: [PAC7302_Monitor] C:\Windows\PixArt\PAC7302\Monitor.exe
O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Real\RealPlayer\Update\realsched.exe" -osboot
O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe--
End of file - 8437 bytes
Espero que alguém possa me ajudar. Abraços
O Log do AdwCleaner não dá para exibir. Ele pede para reiniciar o pc, mas so consigo acessar via modo de segurança, entao esse relatorio não aparece. Alguma outra sugestão de substituir?? O problema persiste.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.6.6 (02.27.2013:1)
OS: Windows 7 Professional x86
Ran by Lourene on 03/03/2013 at 0:24:14,93
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
Successfully deleted: [Registry Key] hkey_current_user\software\sweetim
Successfully deleted: [Registry Key] hkey_local_machine\software\sweetim
Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\internet explorer\searchscopes\{6a1806cd-94d4-4689-ba73-e35ea1ea9990}
Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\internet explorer\searchscopes\{a531d99c-5a22-449b-83da-872725c6d0ed}
~~~ Files
~~~ Folders
Successfully deleted: [Folder] "C:\ProgramData\speedypc software"
Successfully deleted: [Folder] "C:\Users\Lourene\AppData\Roaming\baidu"
Successfully deleted: [Folder] "C:\Users\Lourene\AppData\Roaming\drivercure"
Successfully deleted: [Folder] "C:\Users\Lourene\AppData\Roaming\speedypc software"
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 03/03/2013 at 0:26:48,76
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
:seta: O log do AdwCleaner localiza-se em C:\AdwCleaner[s1].txt
:seta: Baixe o http://oldtimer.geekstogo.com/OTL.exe'>OTL (...de OldTimer) e salve-o no Desktop (Área de Trabalho)
*Execute-o.
*Selecione:
Verificar All Users
Ignorar Arquivos Microsoft
Verificar Lop
Verificar Purity
http://imgbox.com/absa3KgV'>/applications/core/interface/imageproxy/imageproxy.php?img=http://t.imgbox.com/absa3KgV.jpg&key=95593f2b4014225a698c7433fd3b8f51165e34206afb996a0675a497a6af641d" alt="absa3KgV.jpg" />
*Clique [Verificar]
http://imgbox.com/acdSTihZ'>/applications/core/interface/imageproxy/imageproxy.php?img=http://t.imgbox.com/acdSTihZ.jpg&key=f53c4c8dd268b92a9d0620df54a1ad78fb3943d6a1955292307565be338dd5a5" alt="acdSTihZ.jpg" />
*Ao término, os relatórios OTL.txt e Extras.txt serão criados no Desktop (Área de Trabalho)
:seta: Acesse http://cjoint.com/'>este link
*Clique [selecionar arquivo...]
*Localize o relatório OTL.txt, no Desktop, e clique [Abrir]
*Selecione 4 jours
*Clique [Créer le lien Cjoint]
http://imgbox.com/aby4NIZG'>/applications/core/interface/imageproxy/imageproxy.php?img=http://t.imgbox.com/aby4NIZG.jpg&key=8bf3816371f182a72d841d0367c4940aec70f57b01474c94b59d501f0b68b530" alt="aby4NIZG.jpg" />
*Cole o link criado ao lado de Le lien a été créé:
http://imgbox.com/acrVh6GY'>/applications/core/interface/imageproxy/imageproxy.php?img=http://t.imgbox.com/acrVh6GY.jpg&key=a98031df11d71116e6fc6fe6586a03c4ab49a7be484751ed5881cb409d37ce42" alt="acrVh6GY.jpg" />
*Repita o procedimento para o relatório Extras.txt e cole o link
http://cjoint.com/?3CdnfJmsW45 (OTL)
http://cjoint.com/?3CdnhlFTkiy (Extras)
Log AdwCLeaner
*** [serviços] ***
*** [Arquivos/Pastas] ***
*** [Registro] ***
*** [Navegadores] ***
-\\ Internet Explorer v9.0.8112.16464
[OK] Registro está limpo.
-\\ Mozilla Firefox v14.0.1 (pt-BR)
Arquivo : C:\Users\Lourene\AppData\Roaming\Mozilla\Firefox\Profiles\quckbb5m.default\prefs.js
[OK] Arquivo está limpo.
-\\ Google Chrome v25.0.1364.97
Arquivo : C:\Users\Lourene\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] Arquivo está limpo.
*************************
AdwCleaner[R1].txt - [13995 octets] - [28/02/2013 12:39:14]
AdwCleaner[s1].txt - [13199 octets] - [28/02/2013 12:39:53]
AdwCleaner[s2].txt - [2036 octets] - [03/03/2013 00:04:10]
AdwCleaner[s3].txt - [1035 octets] - [03/03/2013 00:16:33]
########## EOF - C:\AdwCleaner[s3].txt - [1095 octets] ##########
Bom dia
O arquivo referente a tela azul pertence ao Panda Antivírus.
Qual antivírus você usa no momento?
Saudações Wings... Eu utilizo o Avast. Minha irmã instalou o PANDA não sei pra quê, mas faz tempo isso e eu já havia removido tudo. Porém, pelo visto deve ter ficado alguma coisa no pc que ocasionou esse problema todo. Descobri agora a pouco que o MSE tb está instalado nesse PC.... será que somente formatando a máquina??
:seta: Baixe e execute o desinstalador do Panda Cloud
:seta: Reinicie o PC em Modo Normal
:seta: Clique Iniciar > Painel de Controle > Desinstalar programas
*Desinstale:
DealPly
HitmanPro 3.7
**Java 6 Update 35**
**Java 7 Update 13**:seta: Execute novamente o OTL
*Selecione:
Verificar All Users
Ignorar Arquivos Microsoft
Verificar Lop
Verificar Purity
*Clique [Verificar]
http://imgbox.com/acdSTihZ'>/applications/core/interface/imageproxy/imageproxy.php?img=http://t.imgbox.com/acdSTihZ.jpg&key=f53c4c8dd268b92a9d0620df54a1ad78fb3943d6a1955292307565be338dd5a5" alt="acdSTihZ.jpg" />
:seta: Acesse http://cjoint.com/'>este link
*Clique [selecionar arquivo...]
*Localize o relatório OTL.txt, no Desktop, e clique [Abrir]
*Selecione 4 jours
*Clique [Créer le lien Cjoint]
http://imgbox.com/aby4NIZG'>/applications/core/interface/imageproxy/imageproxy.php?img=http://t.imgbox.com/aby4NIZG.jpg&key=8bf3816371f182a72d841d0367c4940aec70f57b01474c94b59d501f0b68b530" alt="aby4NIZG.jpg" />
*Cole o link criado ao lado de Le lien a été créé:
http://imgbox.com/acrVh6GY'>/applications/core/interface/imageproxy/imageproxy.php?img=http://t.imgbox.com/acrVh6GY.jpg&key=a98031df11d71116e6fc6fe6586a03c4ab49a7be484751ed5881cb409d37ce42" alt="acrVh6GY.jpg" />
Wings, não encontrei o DealPly
Todos os outros foram desinstalados
Eis o link do OTL.txt
Pelo visto PC está iniciando em Modo Normal, sem tela azul.
O Panda que sua irmã havia instalado era o Panda Cloud ou Panda Antivírus?
Era o Panda Antivírus... Realmente está tudo funcionando normalmente. Só vou excluir os programas que instalei e fazer uma limpeza no pc. Wings, voce aconselha algum software para fazer isso??
Era o Panda Antivírus...
Por isso que ainda existem resíduos do Panda nos relatórios... :)
:seta: Delete o desinstalador do Panda Cloud
:seta: Execute o AdwCleaner, clique [Desinstalar] > [sim]
:seta: Delete o JRT, seu relatório e a pasta C:\JRT
:seta: Instale a última versão do Java
:seta: Execute o OTL
*Cole as linhas em marrom no espaço abaixo de Exames Personalizados/Correções
:OTL
DRV - [2013/01/09 21:45:52 | 000,095,584 | ---- | M] (Panda Security, S.L.) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\NNSHttps.sys -- (NNSHTTPS)
DRV - [2012/11/28 14:04:00 | 000,060,968 | ---- | M] (Panda Security, S.L.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\NNSPihsw.sys -- (NNSPIHSW)
DRV - [2012/11/26 16:48:51 | 000,108,200 | ---- | M] (Panda Security, S.L.) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\NNSSmtp.sys -- (NNSSMTP)
O4 - HKU\.DEFAULT..\RunOnce: [panda4_0dn] reg.exe delete "HKCU\Software\AppDataLow\Software\panda4_0dn" /f File not found
O4 - HKU\.DEFAULT..\RunOnce: [panda4_0dn_XP] reg.exe delete "HKCU\Software\panda4_0dn" /f File not found
O4 - HKU\S-1-5-18..\RunOnce: [panda4_0dn] reg.exe delete "HKCU\Software\AppDataLow\Software\panda4_0dn" /f File not found
O4 - HKU\S-1-5-18..\RunOnce: [panda4_0dn_XP] reg.exe delete "HKCU\Software\panda4_0dn" /f File not found
[2013/02/28 14:24:20 | 000,000,000 | ---D | C] -- C:\Program Files\HitmanPro
[2013/02/28 14:23:37 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
[2012/07/21 13:54:03 | 000,000,000 | ---D | M] -- C:\Users\Lourene\AppData\Roaming\Panda Security
:Commands
[emptytemp]
*Clique [Consertar]
/applications/core/interface/imageproxy/imageproxy.php?img=http://t.imgbox.com/acdSTihZ.jpg&key=f53c4c8dd268b92a9d0620df54a1ad78fb3943d6a1955292307565be338dd5a5" alt="acdSTihZ.jpg" />
*Clique [OK] para reiniciar o PC
/applications/core/interface/imageproxy/imageproxy.php?img=http://t.imgbox.com/adxebrHU.jpg&key=fbf2b4031f66ef3fc5aa7c8d360f8b9ff45d1602f7d643c10b02af822d339f70" alt="adxebrHU.jpg" />
*Cole o relatório apresentado após a inicialização do Windows
Wings, eis o relatório
All processes killed
========== OTL ==========
Service NNSHTTPS stopped successfully!
Service NNSHTTPS deleted successfully!
C:\Windows\System32\drivers\NNSHttps.sys moved successfully.
Service NNSPIHSW stopped successfully!
Service NNSPIHSW deleted successfully!
C:\Windows\System32\drivers\NNSPihsw.sys moved successfully.
Service NNSSMTP stopped successfully!
Service NNSSMTP deleted successfully!
C:\Windows\System32\drivers\NNSSmtp.sys moved successfully.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce\\panda4_0dn deleted successfully.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce\\panda4_0dn_XP deleted successfully.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce\\panda4_0dn not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce\\panda4_0dn_XP not found.
C:\Program Files\HitmanPro folder moved successfully.
C:\ProgramData\HitmanPro\Quarantine folder moved successfully.
C:\ProgramData\HitmanPro\Logs folder moved successfully.
C:\ProgramData\HitmanPro folder moved successfully.
C:\Users\Lourene\AppData\Roaming\Panda Security\Panda Cloud Antivirus folder moved successfully.
C:\Users\Lourene\AppData\Roaming\Panda Security folder moved successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Lourene
->Temp folder emptied: 319971715 bytes
->Temporary Internet Files folder emptied: 16339774 bytes
->Java cache emptied: 1827039 bytes
->FireFox cache emptied: 59671843 bytes
->Google Chrome cache emptied: 255008615 bytes
->Flash cache emptied: 5537 bytes
User: Public
User: Todos os Usuários
User: Usuário Padrão
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 69543757 bytes
RecycleBin emptied: 2037821516 bytes
Total Files Cleaned = 2.632,00 mb
OTL by OldTimer - Version 3.2.69.0 log created on 03032013_205706
Files\Folders moved on Reboot...
File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
:seta: Execute o OTL
*Clique [Limpeza] > [OK]
*O PC será reiniciado
O PC está limpo.
Um abraço...:bye:
Valeu Wings..... :clap:
Abraços
PROBLEMA RESOLVIDO
Caso o autor necessite que o tópico seja reaberto basta enviar uma Mensagem Privada para um Moderador com um link para o tópico.
Olá Clecio Junior
:seta: Baixe o http://download.bleepingcomputer.com/Xplode/AdwCleaner.exe'>AdwCleaner (...de Xplode) e salve-o no Desktop (Área de Trabalho)
*Execute-o
*Clique [Remover]
http://imgbox.com/adp5cC2y'>/applications/core/interface/imageproxy/imageproxy.php?img=http://t.imgbox.com/adp5cC2y.jpg&key=fd291e0a2654af5f4e675157a38b294f5609577ca677d3e79623ae9e39213ffa" alt="adp5cC2y.jpg" />
*Em alguns casos, o PC será reiniciado para a completa remoção.
*Caso seja solicitado, clique [OK] para reiniciar
*Cole o relatório apresentado
:seta: Baixe o http://thisisudax.org/downloads/JRT.exe'>Junkware Removal Tool (...de Thisisu) e salve-o no Desktop (Área de Trabalho)
*Feche o seu navegador
*Execute-o. Usuários do Windows Vista ou do Windows 7 devem clicar com o botão direito do mouse no arquivo e selecionar Executar como administrador
*Tecle [ENTER]
http://imgbox.com/abf606zR'>/applications/core/interface/imageproxy/imageproxy.php?img=http://t.imgbox.com/abf606zR.jpg&key=e1d4dade8d80839edfccb487759becd47f6a586a1635f0744141b6dc141d766e" alt="abf606zR.jpg" />
*Será feito um backup do registro e, em seguida, o programa será executado automaticamente
http://imgbox.com/adq2T7iE'>/applications/core/interface/imageproxy/imageproxy.php?img=http://t.imgbox.com/adq2T7iE.jpg&key=7d179812a36b9b10b93f02a6e41d6adc6b6d2d8e82e34b5b81fb0569a83ef290" alt="adq2T7iE.jpg" />
*Aguarde...pode demorar.
*Cole o relatório apresentado