Usamos cookies para medir audiência e melhorar sua experiência. Você pode aceitar ou recusar a qualquer momento. Veja sobre o iMasters.
Boa tarde, estou com um problema no notebook onde ao tentar abrir o navegador, recebo a seguinte mensagem:
"Falha na inicialização do aplicativo devido a configuração lado a lado incorreta. Consulte o log de eventos do aplicativo ou use a ferramenta de linha de comando sxstrace.exe para obter mais informações."
Além disso, ele está com muitos arquivos maliciosos. Gostaria de uma análise no log, por gentileza.
HiJackThis
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:15:25, on 22/11/2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17344)
Boot mode: Normal
Running processes:
C:\ProgramData\DatacardService\DCSHelper.exe
C:\Program Files\V-bates\notifier.exe
C:\Program Files\AVAST Software\Avast\avastui.exe
C:\Program Files\Sony\VAIO Care\listener.exe
C:\Program Files (x86)\Baidu Security\MoboMarket\1.2.8.3611\bas_helper.exe
C:\Windows\SysWOW64\notepad.exe
D:\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.qone8.com/web/?type=ds&ts=1398614448&from=air&uid=TOSHIBAXMK5059GSXP_Z1E7P1ONTXXZ1E7P1ONT&q={searchTerms}
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.qone8.com/web/?type=ds&ts=1398614448&from=air&uid=TOSHIBAXMK5059GSXP_Z1E7P1ONTXXZ1E7P1ONT&q={searchTerms}
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.baixaki.com.br/portal/?utm_source=core&utm_medium=ppi&utm_campaign=portal
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.oquefazernainternet.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.qone8.com/web/?type=ds&ts=1398614448&from=air&uid=TOSHIBAXMK5059GSXP_Z1E7P1ONTXXZ1E7P1ONT&q={searchTerms}
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.qone8.com/web/?type=ds&ts=1398614448&from=air&uid=TOSHIBAXMK5059GSXP_Z1E7P1ONTXXZ1E7P1ONT&q={searchTerms}
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O3 - Toolbar: (no name) - {6eae9e03-3a85-41c0-b1f8-099c252df40a} - (no file)
O3 - Toolbar: (no name) - {48586425-6bb7-4f51-8dc6-38c88e3ebb58} - (no file)
O4 - HKLM\..\Run: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
O4 - HKLM\..\Run: [iSBMgr.exe] "C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe"
O4 - HKLM\..\Run: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKLM\..\Run: [baidu Antivirus] "C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BavTray.exe" -auto
O4 - HKCU\..\Run: [Elbserver] C:\Program Files (x86)\Sony\Media Gallery\ElbServer.exe /Stay
O4 - HKCU\..\Run: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
O4 - HKCU\..\Run: [HW_OPENEYE_OUC_Claro] "C:\Program Files (x86)\Claro\UpdateDog\ouc.exe"
O4 - HKCU\..\Run: [Google+ Auto Backup] "C:\Users\Leonardo Alves\AppData\Local\Programs\Google\Google+ Auto Backup\Google+ Auto Backup.exe" /autostart
O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO DE REDE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO DE REDE')
O4 - Global Startup: SoftwareUpdater.lnk = C:\Program Files (x86)\Software Updater\SoftwareUpdater.exe
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (file missing)
O10 - Broken Internet access because of LSP provider 'c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll' missing
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (file missing)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (file missing)
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - Unknown owner - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (file missing)
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Unknown owner - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (file missing)
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exeO23 - Service: Serviço do Google Update (gupdate) (gupdate) - Unknown owner - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (file missing)
O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Unknown owner - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (file missing)--
End of file - 15659 bytes
Boa tarde. Reinstalei o Google Chrome e voltou a funcionar.
Seguindo os logs abaixo:
FRTS
http://cjoint.com/?DKwonJkWSFq
Addition
Boa Tarde! MasterFuxi
Copie estas informações que estão em vermelho,para o Bloco de Notas.
Salve-a com o nome fixlist. << Texto!
Salve-a na unidade D:\ << Disco local!
start
CloseProcesses:
(Baidu, Inc.) C:\Program Files (x86)\Baidu Security\MoboMarket\1.2.8.3611\bassvc.exe
(Baidu, Inc.) C:\Program Files (x86)\Baidu Security\MoboMarket\1.2.8.3611\bas_helper.exe
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [3890208 2014-10-29] (AVAST Software)HKU\S-1-5-21-1061505648-1413863901-4016012325-1000\...\MountPoints2: {5f5f917a-b36c-11e1-aacd-642737bd94de} - D:\AutoRun.exe
HKU\S-1-5-21-1061505648-1413863901-4016012325-1000\...\MountPoints2: {5f5f917e-b36c-11e1-aacd-642737bd94de} - D:\AutoRun.exe
HKU\S-1-5-21-1061505648-1413863901-4016012325-1000\...\MountPoints2: {6ecddfa5-66ad-11e3-8a95-642737bd94de} - D:\AutoRun.exe
HKU\S-1-5-21-1061505648-1413863901-4016012325-1000\...\MountPoints2: {b8efa4d1-9097-11e1-bcf6-806e6f6e6963} - D:\AutoRun.exe
HKU\S-1-5-21-1061505648-1413863901-4016012325-1000\...\MountPoints2: {b8efa4e3-9097-11e1-bcf6-642737bd94de} - D:\AutoRun.exe
HKU\S-1-5-21-1061505648-1413863901-4016012325-1000\...\MountPoints2: {b99aa726-ef48-11e2-aa14-642737bd94de} - D:\AutoRun.exe
HKU\S-1-5-21-1061505648-1413863901-4016012325-1000\...\MountPoints2: {cdc23d61-9083-11e1-be18-642737bd94de} - D:\AutoRun.exe
HKU\S-1-5-21-1061505648-1413863901-4016012325-1000\...\MountPoints2: {cdc23d65-9083-11e1-be18-642737bd94de} - D:\AutoRun.exe
HKU\S-1-5-21-1061505648-1413863901-4016012325-1000\...\MountPoints2: {ddccbc57-e960-11e1-919f-642737bd94de} - D:\AutoRun.exe
HKU\S-1-5-21-1061505648-1413863901-4016012325-1000\...\MountPoints2: {f01fdddf-b76d-11e1-85a1-642737bd94de} - D:\AutoRun.exe
HKU\S-1-5-21-1061505648-1413863901-4016012325-1000\...\MountPoints2: {f01fddee-b76d-11e1-85a1-642737bd94de} - D:\AutoRun.exe
AppInit_DLLs: C:\PROGRA~2\OPTIMI~1\OPTPRO~3.DLL => C:\PROGRA~2\OPTIMI~1\OPTPRO~3.DLL File Not Found
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SoftwareUpdater.lnk
ShortcutTarget: SoftwareUpdater.lnk -> C:\Program Files (x86)\Software Updater\SoftwareUpdater.exe (No File)
ShellIconOverlayIdentifiers: [baiduAntivirusIconLock] -> {0A93904A-BB1E-4a0c-9753-B57B9AE272CC} => No File
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CHR HKU\S-1-5-21-1061505648-1413863901-4016012325-1000\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1061505648-1413863901-4016012325-1000\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.qone8.com/web/?type=ds&ts=1398614448&from=air&uid=TOSHIBAXMK5059GSXP_Z1E7P1ONTXXZ1E7P1ONT&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.baixaki.com.br/portal/?utm_source=core&utm_medium=ppi&utm_campaign=portal
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.qone8.com/web/?type=ds&ts=1398614448&from=air&uid=TOSHIBAXMK5059GSXP_Z1E7P1ONTXXZ1E7P1ONT&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.qone8.com/web/?type=ds&ts=1398614448&from=air&uid=TOSHIBAXMK5059GSXP_Z1E7P1ONTXXZ1E7P1ONT&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.baixaki.com.br/portal/?utm_source=core&utm_medium=ppi&utm_campaign=portal
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.qone8.com/web/?type=ds&ts=1398614448&from=air&uid=TOSHIBAXMK5059GSXP_Z1E7P1ONTXXZ1E7P1ONT&q={searchTerms}
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=ir_14_19_ff&cd=2XzuyEtN2Y1L1Qzu0FtD0B0FzyyBtDtDtC0EyCyD0DyBtCtCtN0D0Tzu0SzzyDyCtN1L2XzutBtFtBtDtFyCtFtCtN1L1CzutCyEtDtAtDyD1V1RtN1L1G1B1V1N2Y1L1Qzu2StByCzy0A0CtDzyyEtGyCzy0E0CtG0DyBzy0CtG0FtD0FtBtGyEyB0C0ByB0E0DzytA0EyC0C2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyDtD0E0AyEzyyDzztG0FtByCtBtGtBzyyDyDtGzytC0BtBtGtCyD0D0DyByB0C0F0BtAtB0B2Q&cr=63192568&ir=
SearchScopes: HKLM -> {77AA745B-F4F8-45DA-9B14-61D2D95054C8} URL = http://www.qone8.com/web/?type=ds&ts=1398614448&from=air&uid=TOSHIBAXMK5059GSXP_Z1E7P1ONTXXZ1E7P1ONT&q={searchTerms}
SearchScopes: HKLM -> {86c83f9e-48a4-4cd2-a763-64fea5df35f7} URL = http://br.yhs4.search.yahoo.com/yhs/search?hspart=baixaki&hsimp=yhs-baixaki_br_installcore_01&type=p&p={searchTerms}
SearchScopes: HKLM -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2431} URL = http://start.funmoods.com/results.php?f=4&q={searchTerms}&a=iron2&chnl=iron2&cd=2XzutAtN2Y1L1Qzu0FtD0B0FzyyBtDtDtC0EyCyD0DyBtCtCtN0D0TzutBtDtCtBtDyBtByE&cr=571178350
SearchScopes: HKLM-x32 -> Backup.Old.DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2431}
SearchScopes: HKU\S-1-5-21-1061505648-1413863901-4016012325-1000 -> Backup.Old.DefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
SearchScopes: HKU\S-1-5-21-1061505648-1413863901-4016012325-1000 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
SearchScopes: HKU\S-1-5-21-1061505648-1413863901-4016012325-1000 -> {77AA745B-F4F8-45DA-9B14-61D2D95054C8} URL =
SearchScopes: HKU\S-1-5-21-1061505648-1413863901-4016012325-1000 -> {86c83f9e-48a4-4cd2-a763-64fea5df35f7} URL =
SearchScopes: HKU\S-1-5-21-1061505648-1413863901-4016012325-1000 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2431} URL =
BHO: No Name -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> No File
BHO: No Name -> {9D717F81-9148-4f12-8568-69135F087DB0} -> No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File
Toolbar: HKLM-x32 - No Name - {6eae9e03-3a85-41c0-b1f8-099c252df40a} - No File
Toolbar: HKLM-x32 - No Name - {48586425-6bb7-4f51-8dc6-38c88e3ebb58} - No File
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - No File
FF Keyword.URL: hxxp://apype.com/results.php?q=
FF Homepage: hxxp://www.baixaki.com.br/portal/?utm_source=core&utm_medium=ppi&utm_campaign=portal
FF HKU\S-1-5-21-1061505648-1413863901-4016012325-1000\...\Firefox\Extensions: [e98t09xI3ia@skywebsearch.com] - C:\PROGRA~2\YUOTUB~1\YuoTubeDownloader.xpi
FF HKU\S-1-5-21-1061505648-1413863901-4016012325-1000\...\Firefox\Extensions: [findlyrics@findlyrics.co] - C:\Program Files (x86)\FindLyrics\FF
CHR HKLM\...\Chrome\Extension: [cjpglkicenollcignonpgiafdgfeehoj] - C:\Users\LEONAR~1\AppData\Local\funmoods-speeddial.crx []
CHR HKLM-x32\...\Chrome\Extension: [bpeeepmahhfjiediknjejcmcfmjcjdck] - C:\Program Files (x86)\Google\Chrome\User Data\Default\Extensions\serach.crx []
CHR HKLM-x32\...\Chrome\Extension: [dkdkpmmkgdbglmfmmmmehbkmnkopingb] - C:\Program Files (x86)\Google\Chrome\User Data\Default\Extensions\v9-toolbar.crx []
R2 BASSVC; C:\Program Files (x86)\Baidu Security\MoboMarket\1.2.8.3611\bassvc.exe [208928 2014-11-07] (Baidu, Inc.)
S2 BAVSvc; "C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BAVSvc.exe" [X]
S2 BHipsSvc; "C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BHipsSvc.exe" [X]
S2 PCAppStoreSvc_{PCAppStore_4.5.1.6024}; C:\Program Files (x86)\Baidu Security\PC App Store\4.5.1.6024\PCAppStoreSvc.exe [X]
S2 SparkSvc; "C:\Program Files (x86)\baidu\Spark\sparkservice.exe" -r [X]
S2 VCFw; "C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe" [X]
S3 BdSandbox; C:\Windows\System32\drivers\BdSandbox.sys [201536 2014-10-29] (Baidu, Inc.)
R1 Bfilter; C:\Windows\System32\drivers\Bfilter.sys [59712 2014-10-29] (Baidu, Inc.)
R1 Bfmon; C:\Windows\System32\drivers\Bfmon.sys [38208 2014-10-29] (Baidu, Inc.)
R1 Bnbase; C:\Windows\System32\drivers\bnba---64.sys [66720 2014-10-29] (Baidu, Inc.)
R1 Bndef; C:\Windows\System32\drivers\bndef64.sys [481696 2014-10-29] (Baidu, Inc.)
R1 Bprotect; C:\Windows\System32\drivers\Bprotect.sys [164096 2014-10-29] (Baidu, Inc.)
R1 {a3f28269-ad17-41a8-b032-3e0313ef8979}Gw64; C:\Windows\System32\drivers\{a3f28269-ad17-41a8-b032-3e0313ef8979}Gw64.sys [61016 2014-06-09] (StdLib)
R1 {a3f28269-ad17-41a8-b032-3e0313ef8979}w64; C:\Windows\System32\drivers\{a3f28269-ad17-41a8-b032-3e0313ef8979}w64.sys [61120 2014-06-11] (StdLib)
S3 Baidu PC Faster FileShredder; \??\C:\Program Files (x86)\Baidu Security\PC Faster\FileKill_x64.sys [X]
S3 BNmon; \??\C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BNmon64.sys [X]
S3 BprotectEx; \??\C:\Windows\System32\drivers\BprotectEx.sys [X]
U3 DfSdkS; No ImagePath
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 PCFApiUtil; \??\C:\Program Files (x86)\Baidu Security\PC Faster\PCFApiUtil64.sys [X]
S3 Spring; \??\C:\Program Files (x86)\Baidu Security\Baidu Antivirus\Spring64.sys [X]
2014-11-22 10:35 - 2014-11-22 10:35 - 00000594 _____ () C:\Windows\PFRO.log
2014-11-22 10:35 - 2014-11-22 10:35 - 00000056 _____ () C:\Windows\setupact.log
2014-11-22 10:35 - 2014-11-22 10:35 - 00000000 _____ () C:\Windows\setuperr.log
2014-11-22 10:12 - 2014-11-22 10:12 - 00053464 _____ () C:\Users\Leonardo Alves\Desktop\JRT.txt
2014-10-29 00:21 - 2014-10-29 00:21 - 00201536 _____ (Baidu, Inc.) C:\Windows\system32\Drivers\BdSandbox.sys
2014-10-27 21:02 - 2014-10-27 22:02 - 00000000 _____ () C:\Windows\system32\ExtraInfo.txt
2014-11-22 10:39 - 2012-06-11 01:42 - 01302319 _____ () C:\Windows\WindowsUpdate.log
2014-11-22 10:36 - 2012-12-26 22:55 - 00000804 _____ () C:\Windows\Tasks\Ginyas Update Checker.job
2014-11-22 10:09 - 2013-09-11 21:22 - 00000000 ____D () C:\Program Files (x86)\Baidu Security
2014-11-22 10:08 - 2014-06-08 20:53 - 00000000 ____D () C:\Users\Todos os Usuários\Baidu
2014-11-22 10:08 - 2014-06-08 20:53 - 00000000 ____D () C:\ProgramData\Baidu
2014-11-22 10:08 - 2014-03-07 01:06 - 00000000 ____D () C:\Users\Todos os Usuários\Baidu Security
2014-11-22 10:08 - 2014-03-07 01:06 - 00000000 ____D () C:\ProgramData\Baidu Security
2014-11-22 09:44 - 2013-09-11 21:22 - 00000000 ____D () C:\Users\Public\Documents\Baidu Security
2014-10-29 00:21 - 2014-06-08 21:24 - 00481696 _____ (Baidu, Inc.) C:\Windows\system32\Drivers\bndef64.sys
2014-10-29 00:21 - 2014-06-08 21:24 - 00164096 _____ (Baidu, Inc.) C:\Windows\system32\Drivers\Bprotect.sys
2014-10-29 00:21 - 2014-06-08 21:24 - 00066720 _____ (Baidu, Inc.) C:\Windows\system32\Drivers\bnba---64.sys
2014-10-29 00:21 - 2014-06-08 21:24 - 00059712 _____ (Baidu, Inc.) C:\Windows\system32\Drivers\Bfilter.sys
2014-10-29 00:21 - 2014-06-08 21:24 - 00038208 _____ (Baidu, Inc.) C:\Windows\system32\Drivers\Bfmon.sys
2014-10-27 22:51 - 2013-02-19 11:52 - 00000000 ____D () C:\Program Files (x86)\PSafe
2014-11-07 05:08 - 2014-11-07 05:08 - 02257952 _____ () C:\Program Files (x86)\Baidu Security\MoboMarket\1.2.8.3611\skiax.dll
2014-11-07 05:08 - 2014-11-07 05:08 - 00141856 _____ () C:\Program Files (x86)\Baidu Security\MoboMarket\1.2.8.3611\zlib1.dll
Task: {04D671BC-F205-4387-BA6A-DEAF35AE89E8} - System32\Tasks\060184C3-9766-46a0-B258-F4518A0B2633 => Cscript.exe "C:\ProgramData\Duplicaterecord.js" <==== ATTENTION
Task: {3CF4D5AF-CBFA-4C28-980B-2FAA282620F6} - System32\Tasks\Ginyas Stats Report => C:\ProgramData\GinyasBrowserCompanion\tbhcn.exe <==== ATTENTIONTask: {4BB2BABB-2CBC-492A-8E4B-6CECC3DA9BAA} - \DealPly No Task File <==== ATTENTION
Task: {4F33A2AB-1F3D-4477-86FE-A149DC6E6CCF} - System32\Tasks\pricemeterdownloader => C:\Users\Leonardo Alves\AppData\Local\PriceMeter\pricemeterd.exe <==== ATTENTION
Task: {5221FEB2-8DB9-4FFE-A530-BA3F3586B677} - System32\Tasks\Activeris AntiMalware_startup => C:\Program Files (x86)\Activeris AntiMalware\ActiverisAntiMalware.exe <==== ATTENTION
Task: {62310ED3-881E-44B2-9058-9FA9EB4FEBD6} - System32\Tasks\Ginyas Update Checker => C:\ProgramData\GinyasBrowserCompanion\tbhcn.exe <==== ATTENTION
Task: {73FD7FFB-99DB-4E27-AE00-685366BA079A} - System32\Tasks\ReimageUpdater => C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe [2014-07-28] (Reimage®) <==== ATTENTION
Task: {789A0FB4-BEC1-4AE9-9224-559957D4CDDF} - System32\Tasks\Ginyas FireFox Watcher => C:\ProgramData\GinyasBrowserCompanion\tbhcn.exe <==== ATTENTION
Task: {B4FA00B2-7436-4899-BFBB-0581322E6581} - System32\Tasks\Ginyas Chrome Watcher => C:\ProgramData\GinyasBrowserCompanion\tbhcn.exe <==== ATTENTION
Task: C:\Windows\Tasks\Ginyas Chrome Watcher.job => C:\ProgramData\GinyasBrowserCompanion\tbhcn.exe <==== ATTENTION
Task: C:\Windows\Tasks\Ginyas FireFox Watcher.job => C:\ProgramData\GinyasBrowserCompanion\tbhcn.exe <==== ATTENTION
Task: C:\Windows\Tasks\Ginyas Stats Report.job => C:\ProgramData\GinyasBrowserCompanion\tbhcn.exe <==== ATTENTION
Task: C:\Windows\Tasks\Ginyas Update Checker.job => C:\ProgramData\GinyasBrowserCompanion\tbhcn.exe <==== ATTENTIONAlternateDataStreams: C:\ProgramData\TEMP:373E1720
AlternateDataStreams: C:\Users\Todos os Usuários\TEMP:373E1720
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BavSvc => "Service"=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BavSvc => "Service"=""
emptytemp:
end
Execute FRST/FRST64 >> Clique "Fix" << Aguarde!
Na mensagem,clique Executar.
Poste o relatório! (Fixlog.txt)
A+
Boa tarde.
Enquanto o programa estava fixando, ocorreu a tela azul. Tentei uma segunda vez, e novamente ocorreu. Então não consigo postar o relatório.
Fora isso, a máquina está OK. Se não houver mais nada a mudar, pode fechar como resolvido.
/applications/core/interface/imageproxy/imageproxy.php?img=http://i.imgur.com/8B3r2Zy.jpg&key=d7f1661423fcddfc13e7b8e6dbac9c4fbe254aa9655a16d6b348052093c5d61a" alt="8B3r2Zy.jpg" />
Boa Tarde! MasterFuxi
Foi um serviço da Baidu a causa da BSOD.>
Baixe: < /applications/core/interface/imageproxy/imageproxy.php?img=http://i1143.photobucket.com/albums/n629/j2ram/AdwCleaner_Logo2_zps580bcd78.jpg&key=71530441ef1621c6398a69f0f5fae6f7f5c87897579baf8487ec306c4e109626" alt="AdwCleaner_Logo2_zps580bcd78.jpg" /> > ( ... par Xplode )
Ou daqui: < AdwCleaner >>
Ao acessar,clique em "Download Now".
Salve-o no desktop!
< /applications/core/interface/imageproxy/imageproxy.php?img=http://i1143.photobucket.com/albums/n629/j2ram/Executar_Administrador.jpg&key=29bbf2d3836c6859afe3923102565f782321b5a7a2787d5bb24cc9918d13e9bd" alt="Executar_Administrador.jpg" /> >
Clique direito em adwcleaner.exe,e escolha sua execução como administrador.
/applications/core/interface/imageproxy/imageproxy.php?img=http://i1143.photobucket.com/albums/n629/j2ram/My%2520Tools%25203/My%2520Tools%25204/AdwCleaner_Examinar_zps828ed634.jpg&key=ab3daa6c25adcfd393aa42949dcd0177a1c4f1dba193cc7c9704843f6ef97402" alt="AdwCleaner_Examinar_zps828ed634.jpg" />
Ps: Dê início ao scan,clicando em "Examinar".
< /applications/core/interface/imageproxy/imageproxy.php?img=http://i1143.photobucket.com/albums/n629/j2ram/AdwCleaner_Limpar_zps06005ae9.jpg&key=e03b122437ba41a51aeb80130d87464e234beda92d71d6cab1205ee84e50d78e" alt="AdwCleaner_Limpar_zps06005ae9.jpg" /> >
Ao concluir,clique "Limpar" >> Ok >> Ok >> Ok.
Copie o log ou clique "Relatório".
Poste: < C:\AdwCleaner\AdwCleaner[s0].txt >
A+
Boa Tarde.
AdwCleaner
*** [ Serviços ] ***
*** [ Arquivos / Pastas ] ***
Pasta Deletada : C:\ProgramData\Activeris
Pasta Deletada : C:\ProgramData\baidu
Pasta Deletada : C:\ProgramData\WPM
Pasta Deletada : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Activeris AntiMalware
Pasta Deletada : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Software Updater
Pasta Deletada : C:\Program Files (x86)\Greener Web
Pasta Deletada : C:\Program Files\Reimage
Pasta Deletada : C:\Program Files\V-bates
Pasta Deletada : C:\Users\Leonardo Alves\AppData\Local\PriceMeter
Pasta Deletada : C:\Users\Leonardo Alves\AppData\Roaming\Activeris
Pasta Deletada : C:\Users\Leonardo Alves\AppData\Roaming\eCyber
Pasta Deletada : C:\Users\Leonardo Alves\AppData\Roaming\qone8
Pasta Deletada : C:\Users\Public\Documents\baidu
Pasta Deletada : C:\Users\Leonardo Alves\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl
Arquivo Deletada : C:\Windows\System32\acrisnative64.exe
Arquivo Deletada : C:\Windows\System32\drivers\iSafeKrnlBoot.sys
Arquivo Deletada : C:\Windows\System32\log\iSafeKrnlCall.log
Arquivo Deletada : C:\Users\Leonardo Alves\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Hao123.lnk
Arquivo Deletada : C:\Users\Leonardo Alves\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_www.superfish.com_0.localstorage-journal
*** [ Tarefas ] ***
Tarefa Deletedo : Activeris AntiMalware_startup
Tarefa Deletedo : Dealply
Tarefa Deletedo : pricemeterdownloader
Tarefa Deletedo : ReimageUpdater
*** [ Atalhos ] ***
*** [ Registro ] ***
Valor Deletedo : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{21EAF666-26B3-4a3c-ABD0-CA2F5A326744}]
Valor Deletedo : [x64] HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{21EAF666-26B3-4a3c-ABD0-CA2F5A326744}]
Valor Deletedo : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [quick_start@gmail.com]
Valor Deletedo : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [support@2yourface.com]
Chave Deletedo : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj
Chave Deletedo : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\ejocekekgcaldnmjngfdbmbeebcekelc
Chave Deletedo : HKLM\SOFTWARE\Google\Chrome\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl
Chave Deletedo : HKLM\SOFTWARE\MozillaPlugins\@VideoDownloadConverter_4z.com/Plugin
Chave Deletedo : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\IePluginService
Chave Deletedo : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Wpm
Chave Deletedo : HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\Update Greener Web
Chave Deletedo : HKCU\Software\a48bdae03bed40
Chave Deletedo : HKLM\SOFTWARE\a48bdae03bed40
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{00B11DA2-75ED-4364-ABA5-9A95B1F5E946}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{459DD0F7-0D55-D3DC-67BC-E6BE37E9D762}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{1AD2049E-E483-4425-8555-8E0775ACB631}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{2D73F2D0-2FAB-458E-977D-2F9050E0ED60}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{3E9469AF-E866-4476-B767-810630F1F6E7}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{47700C35-9E3E-4DAD-934C-0CE28A87237C}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{716E443D-7CAA-44F1-866B-F45D00E712CC}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{72063D77-7590-4DA9-A7F8-F5ECAF3632C4}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{7FC87AC5-FA93-476E-A32C-A941229DED0B}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{D95E57C2-53B3-4C38-BA1E-7980CB5E1803}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Chave Deletedo : HKLM\SOFTWARE\Classes\TypeLib\{192F487E-E812-40C0-B0DE-CB4BFA20F37B}
Chave Deletedo : HKLM\SOFTWARE\Classes\TypeLib\{2D3826A1-F3E8-45D6-94B5-C26D8EC0073B}
Chave Deletedo : HKLM\SOFTWARE\Classes\TypeLib\{37923200-6887-4B44-95D4-CAE8F83ECFEE}
Chave Deletedo : HKLM\SOFTWARE\Classes\TypeLib\{3A1BEABE-0DC5-4615-8099-83973B843C06}
Chave Deletedo : HKLM\SOFTWARE\Classes\TypeLib\{3EE17DD1-E28B-4AED-A3B2-9C29CB2C19D6}
Chave Deletedo : HKLM\SOFTWARE\Classes\TypeLib\{886F93AD-3CBB-4424-8442-A7340243540F}
Chave Deletedo : HKLM\SOFTWARE\Classes\TypeLib\{968EDCE0-C10A-47BB-B3B6-FDF09F2A417D}
Chave Deletedo : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
Chave Deletedo : HKLM\SOFTWARE\Classes\TypeLib\{AA289DBC-59B6-40A5-AC7D-C90DF850289C}
Chave Deletedo : HKLM\SOFTWARE\Classes\TypeLib\{BC153A3C-0BB7-4EED-83AE-28E6E398F56E}
Chave Deletedo : HKLM\SOFTWARE\Classes\TypeLib\{CA723163-6FAD-43D4-8B93-0D8C52BD9974}
Chave Deletedo : HKLM\SOFTWARE\Classes\TypeLib\{F1F328EB-F5A5-432B-A54C-05F3EF5B0BD8}
Chave Deletedo : HKLM\SOFTWARE\Classes\TypeLib\{FE8DBB09-C3D3-4477-80CB-D38914B94BB8}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9D717F81-9148-4F12-8568-69135F087DB0}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A86782D8-7B41-452F-A217-1854F72DBA54}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{1185823F-F22F-4027-80E5-4F68ACD5DE5E}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1F6F39C1-00A8-4752-A94C-D0EA92D978B6}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{5354D921-3F52-47C5-938D-77A2FB6DEFE7}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{71144427-1368-4D18-8DC9-2AE3CC4C4F83}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A86782D8-7B41-452F-A217-1854F72DBA54}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{ED345812-2722-4DCA-9976-D01832DB44EE}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3D429207-4689-492D-A0E5-CDC5DFBB5005}
Valor Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{48586425-6BB7-4F51-8DC6-38C88E3EBB58}]
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{1AD2049E-E483-4425-8555-8E0775ACB631}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{2D73F2D0-2FAB-458E-977D-2F9050E0ED60}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{3E9469AF-E866-4476-B767-810630F1F6E7}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{47700C35-9E3E-4DAD-934C-0CE28A87237C}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{716E443D-7CAA-44F1-866B-F45D00E712CC}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{72063D77-7590-4DA9-A7F8-F5ECAF3632C4}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{7FC87AC5-FA93-476E-A32C-A941229DED0B}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{D95E57C2-53B3-4C38-BA1E-7980CB5E1803}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Chave Deletedo : HKCU\Software\Greener Web
Chave Deletedo : HKCU\Software\InstallCore
Chave Deletedo : HKCU\Software\SmartBar
Chave Deletedo : HKCU\Software\SoftwareUpdater
Chave Deletedo : HKCU\Software\V9
Chave Deletedo : HKCU\Software\VideoDownloadConverter_4z
Chave Deletedo : HKCU\Software\yuna software
Chave Deletedo : HKCU\Software\Reimage
Chave Deletedo : HKCU\Software\AppDataLow\Software\VideoDownloadConverter_4z
Chave Deletedo : HKLM\SOFTWARE\Greener Web
Chave Deletedo : HKLM\SOFTWARE\PriceMeterLiveUpdate
Chave Deletedo : HKLM\SOFTWARE\VideoDownloadConverter_4z
Chave Deletedo : HKLM\SOFTWARE\yuna software
Chave Deletedo : [x64] HKLM\SOFTWARE\DataMngr
Chave Deletedo : [x64] HKLM\SOFTWARE\DeviceVM
Chave Deletedo : [x64] HKLM\SOFTWARE\Tarma Installer
Chave Deletedo : [x64] HKLM\SOFTWARE\Reimage
Chave Deletedo : HKLM\SOFTWARE\Classes\Installer\Features\3192AA38321C641458DBDAF83979D193
Chave Deletedo : HKLM\SOFTWARE\Classes\Installer\Products\3192AA38321C641458DBDAF83979D193
Chave Deletedo : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5
Chave Deletedo : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0CFE535C35F99574E8340BFA75BF92C2
Chave Deletedo : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E
Chave Deletedo : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6
Chave Deletedo : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\261F213D1F55267499B1F87D0CC3BCF7
Chave Deletedo : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375
Chave Deletedo : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852
Chave Deletedo : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0
Chave Deletedo : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4B2468513CA2D6943A1A233CD3F88CE7
Chave Deletedo : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA
Chave Deletedo : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96
Chave Deletedo : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\741B4ADF27276464790022C965AB6DA8
Chave Deletedo : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7DE196B10195F5647A2B21B761F3DE01
Chave Deletedo : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59
Chave Deletedo : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9D4F5849367142E4685ED8C25E44C5ED
Chave Deletedo : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A5875B04372C19545BEB90D4D606C472
Chave Deletedo : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A876D9E80B896EC44A8620248CC79296
Chave Deletedo : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B66FFAB725B92594C986DE826A867888
Chave Deletedo : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC
Chave Deletedo : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA
Chave Deletedo : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E
Chave Deletedo : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF
Chave Deletedo : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E
Chave Deletedo : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094
Chave Deletedo : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\3192AA38321C641458DBDAF83979D193
Chave Deletedo : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Chave Deletedo : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\F928123A039649549966D4C29D35B1C9
*** [ Navegadores ] ***
-\\ Internet Explorer v11.0.9600.17344
Configurações Restauradas : HKLM\SOFTWARE\Microsoft\Internet Explorer\Search [CustomizeSearch]
Configurações Restauradas : HKLM\SOFTWARE\Microsoft\Internet Explorer\Search [searchAssistant]
-\\ Mozilla Firefox v33.1.1 (x86 pt-BR)
-\\ Google Chrome v39.0.2171.65
*************************
AdwCleaner[R0].txt - [18299 octets] - [22/11/2014 12:05:44]
AdwCleaner[R1].txt - [15459 octets] - [22/11/2014 13:45:52]
AdwCleaner[s0].txt - [573 octets] - [22/11/2014 12:30:07]
AdwCleaner[s1].txt - [13692 octets] - [22/11/2014 13:50:55]
########## EOF - C:\AdwCleaner\AdwCleaner[s1].txt - [13753 octets] ##########
Boa Tarde! MaxterFuxi
Baixe: < /applications/core/interface/imageproxy/imageproxy.php?img=http://i48.tinypic.com/1268r49.png&key=be85c7a026af0cb092d2f868777759c6b4bd667a01f00e36e91558a667424520" alt="1268r49.png" /> > ( ... by Oleg N. Scherbakov )
Salve-o no desktop!
Desabilite seu antivírus!
Para Windows 7,clique direito em JRT.exe e execute-o ...
/applications/core/interface/imageproxy/imageproxy.php?img=http://i1143.photobucket.com/albums/n629/j2ram/Executar_Administrador.jpg&key=29bbf2d3836c6859afe3923102565f782321b5a7a2787d5bb24cc9918d13e9bd" alt="Executar_Administrador.jpg" />
Aguarde a conclusão e poste o relatório. ( JRT.txt )
A+
Boa Tarde.
JRT
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.3.9 (11.15.2014:2)
OS: Windows 7 Home Basic x64
Ran by Leonardo Alves on 22/11/2014 at 14:00:46,54
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
~~~ Files
~~~ Folders
Failed to delete: [Folder] "C:\ProgramData\baidu security"
Successfully deleted: [Folder] "C:\Program Files (x86)\baidu security"
~~~ FireFox
Successfully deleted: [File] C:\user.js
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 22/11/2014 at 14:06:47,98
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Boa Tarde! MasterFuxi
Abra a ferramenta AdwCleaner e clique em "Desinstalar".
Confirme a solicitação!
Poste novo relatório da ferramenta FRST onde,desta vez,não teremos o Addition.txt.
A+
Boa Tarde! MasterFuxi
Copie estas informações que estão em vermelho,para o Bloco de Notas.
Salve-a com o nome fixlist. << Texto!
Salve-a na unidade D:\ ( Disco local D:)
start
CloseProcesses:
Toolbar: HKLM-x32 - No Name - {6eae9e03-3a85-41c0-b1f8-099c252df40a} - No File
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - No File
FF HKU\S-1-5-21-1061505648-1413863901-4016012325-1000\...\Firefox\Extensions: [e98t09xI3ia@skywebsearch.com] - C:\PROGRA~2\YUOTUB~1\YuoTubeDownloader.xpi
FF HKU\S-1-5-21-1061505648-1413863901-4016012325-1000\...\Firefox\Extensions: [findlyrics@findlyrics.co] - C:\Program Files (x86)\FindLyrics\FF
CHR HKLM-x32\...\Chrome\Extension: [dkdkpmmkgdbglmfmmmmehbkmnkopingb] - C:\Program Files (x86)\Google\Chrome\User Data\Default\Extensions\v9-toolbar.crx []
S2 SparkSvc; "C:\Program Files (x86)\baidu\Spark\sparkservice.exe" -r [X]
S2 VCFw; "C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe" [X]
S3 BdSandbox; C:\Windows\System32\drivers\BdSandbox.sys [201536 2014-10-29] (Baidu, Inc.)
R1 Bfilter; C:\Windows\System32\drivers\Bfilter.sys [59712 2014-10-29] (Baidu, Inc.)
R1 Bfmon; C:\Windows\System32\drivers\Bfmon.sys [38208 2014-10-29] (Baidu, Inc.)
R1 Bnbase; C:\Windows\System32\drivers\bnba---64.sys [66720 2014-10-29] (Baidu, Inc.)
R1 Bndef; C:\Windows\System32\drivers\bndef64.sys [481696 2014-10-29] (Baidu, Inc.)
R1 Bprotect; C:\Windows\System32\drivers\Bprotect.sys [164096 2014-10-29] (Baidu, Inc.)
S3 Baidu PC Faster FileShredder; \??\C:\Program Files (x86)\Baidu Security\PC Faster\FileKill_x64.sys [X]
S3 BNmon; \??\C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BNmon64.sys [X]
S3 BprotectEx; \??\C:\Windows\System32\drivers\BprotectEx.sys [X]
U3 DfSdkS; No ImagePath
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 PCFApiUtil; \??\C:\Program Files (x86)\Baidu Security\PC Faster\PCFApiUtil64.sys [X]
S3 Spring; \??\C:\Program Files (x86)\Baidu Security\Baidu Antivirus\Spring64.sys [X]
2014-11-22 14:06 - 2014-11-22 14:06 - 00000828 _____ () C:\Users\Leonardo Alves\Desktop\JRT.txt
2014-11-22 14:00 - 2014-11-22 14:00 - 01707532 _____ (Thisisu) C:\Users\Leonardo Alves\Downloads\JRT.exe
2014-11-22 13:02 - 2014-11-22 13:01 - 00011861 _____ () C:\fixlist.txt
2014-11-22 10:35 - 2014-11-22 13:52 - 00000224 _____ () C:\Windows\setupact.log
2014-11-22 10:35 - 2014-11-22 13:51 - 00000912 _____ () C:\Windows\PFRO.log
2014-11-22 10:35 - 2014-11-22 10:35 - 00000000 _____ () C:\Windows\setuperr.log
2014-10-29 00:21 - 2014-10-29 00:21 - 00201536 _____ (Baidu, Inc.) C:\Windows\system32\Drivers\BdSandbox.sys
2014-10-27 21:02 - 2014-10-27 22:02 - 00000000 _____ () C:\Windows\system32\ExtraInfo.txt
2014-11-22 14:01 - 2012-06-11 01:42 - 01325870 _____ () C:\Windows\WindowsUpdate.log
2014-11-22 13:52 - 2012-12-26 22:55 - 00000872 _____ () C:\Windows\Tasks\Ginyas Stats Report.job
2014-11-22 13:52 - 2012-12-26 22:55 - 00000872 _____ () C:\Windows\Tasks\Ginyas FireFox Watcher.job
2014-11-22 13:52 - 2012-12-26 22:55 - 00000872 _____ () C:\Windows\Tasks\Ginyas Chrome Watcher.job
2014-11-22 13:52 - 2012-12-26 22:55 - 00000804 _____ () C:\Windows\Tasks\Ginyas Update Checker.job
2014-11-22 13:52 - 2009-07-14 03:08 - 00032608 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-11-22 10:08 - 2014-03-07 01:06 - 00000000 ____D () C:\Users\Todos os Usuários\Baidu Security
2014-11-22 10:08 - 2014-03-07 01:06 - 00000000 ____D () C:\ProgramData\Baidu Security
2014-11-22 09:44 - 2013-09-11 21:22 - 00000000 ____D () C:\Users\Public\Documents\Baidu Security
2014-10-29 00:21 - 2014-06-08 21:24 - 00481696 _____ (Baidu, Inc.) C:\Windows\system32\Drivers\bndef64.sys
2014-10-29 00:21 - 2014-06-08 21:24 - 00164096 _____ (Baidu, Inc.) C:\Windows\system32\Drivers\Bprotect.sys
2014-10-29 00:21 - 2014-06-08 21:24 - 00066720 _____ (Baidu, Inc.) C:\Windows\system32\Drivers\bnba---64.sys
2014-10-29 00:21 - 2014-06-08 21:24 - 00059712 _____ (Baidu, Inc.) C:\Windows\system32\Drivers\Bfilter.sys
2014-10-29 00:21 - 2014-06-08 21:24 - 00038208 _____ (Baidu, Inc.) C:\Windows\system32\Drivers\Bfmon.sys
2014-10-27 22:51 - 2013-02-19 11:52 - 00000000 ____D () C:\Program Files (x86)\PSafe
emptytemp:
end
Execute FRST/FRST64 >> Clique "Fix" << Aguarde!
Na mensagem,clique Executar.
Poste o relatório! (Fixlog.txt)
A+
Boa tarde.
Ocorreu a tela azul novamente com o mesmo nome da anterior.
>
Boa tarde.
Ocorreu a tela azul novamente com o mesmo nome da anterior.
Olá! MasterFuxi
----
R1 Bnbase; C:\Windows\System32\drivers\bnba---64.sys [66720 2014-10-29] (Baidu, Inc.)
----
Este erro no editor do Fórum está impedindo a remoção do driver.
No lugar do tracejado está escrito a palavra: "s" "e" "x" ,mas sem as aspas!
Baixe: < /applications/core/interface/imageproxy/imageproxy.php?img=http://i1143.photobucket.com/albums/n629/j2ram/My%2520Tools%25203/My%2520Tools%25204/ZHPCleaner_zps71d274df.jpg&key=dfc2cbaf1226075546950032c506270c0439c57203ca7c527f7221c835e7cf3f" alt="ZHPCleaner_zps71d274df.jpg" /> > ( ... de Nicolas Coolman )
Estando na página,clique /applications/core/interface/imageproxy/imageproxy.php?img=http://www.nicolascoolman.fr/wp-content/plugins/wpdm-download-button/images/53cb8e11d3f80.jpg&key=f22e14f8b88ac073f4ac557679cbd6389de0f76ac82b2205e2eabc90b05b4280" alt="53cb8e11d3f80.jpg" />
Salve-a no desktop!
Execute-a e ao abrir,clique "J'accept/I Agree".
/applications/core/interface/imageproxy/imageproxy.php?img=http://i1143.photobucket.com/albums/n629/j2ram/ZHPCleaner_Tous_zpsae2ad662.jpg&key=8b4849d5007434c317e90970a3351c9e3031bbefb01ed9802d54bb1d1596fa7a" alt="ZHPCleaner_Tous_zpsae2ad662.jpg" />
Para correções mais abrangentes,marque todas as opções disponíveis.
Clique Réparer.
Clique Rapport.
Poste o relatório!
A+
Boa Tarde.
ZHPCleaner
~ ZHPCleaner v2014.11.21.234 by Nicolas Coolman (21/11/2014)
~ Run by Leonardo Alves (Administrator) (22/11/2014 15:44:23)
~ Forum : http://forum.nicolascoolman.fr
~ Facebook : https://www.facebook.com/nicolascoolman1
~ State version : Version OK
~ Type : Scan
~ Report : C:\Users\Leonardo Alves\Desktop\ZHPCleaner.txt
~ Quarantine : C:\Users\Leonardo Alves\AppData\Roaming\ZHP\ZHPCleaner_Quarantine.txt
~ UAC : Activate
~ Windows 7, 64-bit Service Pack 1 (Build 7601)
---\\ Services (0)
~ No malicious items found.
---\\ Browser Internet (6)
FOUND Proxy: ProxyHttp1.1 ( 1 )
FOUND IE Params: Search Bar ( Preserve )
FOUND IE Params: Default_Search_URL ( hxxp://www.oquefazernainternet.com/ )
FOUND IE Params: Tabs ( res://ieframe.dll/tabswelcome.htm )
FOUND FF: C:\Users\Leonardo Alves\AppData\Roaming\Mozilla\Firefox\Profiles\uuptrgob.default-1416663296159\prefs.js
FOUND Chrome URL: "hxxps://br.yahoo.com/?fr=hp-avast&type=avastbcl"]
---\\ Hosts file (1)
~ The hosts file is legitimate (21)
---\\ Scheduled automatic tasks. (0)
~ No malicious items found.
---\\ Explorer ( Files, Folders) (3)
FOUND: C:\Windows\System32\Drivers\{a3f28269-ad17-41a8-b032-3e0313ef8979}Gw64.sys (PUP.LinkiDoo)
FOUND: C:\Users\Leonardo Alves\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_api.greenerweb.info_0.localstorage-journal (PUP.GreenerWeb)
FOUND: C:\Users\Leonardo Alves\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_f.v-batesjs.info_0.localstorage-journal (Adware.Incredibar)
---\\ Registry ( Keys, Values, Datas) (15)
FOUND: [X64] HKLM\SYSTEM\CurrentControlSet\Services\MaintainerSvc4.07.4104264 ["C:\ProgramData\398c0b96-ebd3-4f67-a5c7-1899a15c12be\maintainer.exe"] (PUP.MaintainerSvc)
FOUND: [X64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{100EB1FD-D03E-47FD-81F3-EE91287F9465} [shopperReports.dll] (Adware.ShopperReports)
FOUND: [X64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{258C9770-1713-4021-8D7E-1F184A2BD754} [shoppingReport.dll] (Adware.ShoppingReport)
FOUND: [X64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B} [babylonToolbar.dll] (PUP.Babylon)
FOUND: [X64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E} [babylonToolbar.dll] (PUP.Babylon)
FOUND: [X64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC} [babylonToolbarTlbr.dll] (PUP.Babylon)
FOUND: [X64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{BDEA95CF-F0E6-41E0-BD3D-B00F39A4E939} [shoppingReport.dll] (Adware.ShoppingReport)
FOUND: HKCU\Software\Activeris (PUP.Activeris)
FOUND: [X64] HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ApnUpdater (Toolbar.AskBar)
FOUND: [X64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Ginyas Chrome Watcher (PUP.Blabbers)
FOUND: [X64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Ginyas FireFox Watcher (PUP.Blabbers)
FOUND: [X64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Ginyas Stats Report (PUP.Blabbers)
FOUND: [X64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Ginyas Update Checker (PUP.Blabbers)
FOUND: [X64] HKLM\SOFTWARE\Wow6432Node\Activeris (PUP.Activeris)
FOUND: [X64] HKLM\SOFTWARE\Wow6432Node\Ginyas (PUP.Blabbers)
---\\ Result of repair
~ Any repair made
~ No browser found (Opera Software)
End of clean at 15:47:59
Boa Tarde! MasterFuxi
>
Devo então alterar aquelas palavras para a correta e fixar novamente?
Sim! Mas não precisa ser a fixlist completa.
start
R1 Bnbase; C:\Windows\System32\drivers\bnba---64.sys [66720 2014-10-29] (Baidu, Inc.)
emptytemp:
end
Salve,apenas,estas informações no Bloco de Notas,com o nome fixlist.
Substitua o tracejado,pela palavra que o editor bloqueia.
Se tiver êxito,poste o Fixlog.
A+
Boa Tarde.
Agora funcionou!
Fixlog
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 22-11-2014
Ran by Leonardo Alves at 2014-11-22 16:15:15 Run:2
Running from C:\
Loaded Profile: Leonardo Alves (Available profiles: Leonardo Alves)
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
start
R1 Bnbase; C:\Windows\System32\drivers\bnbasex64.sys [66720 2014-10-29] (Baidu, Inc.)
emptytemp:
end
*****************
Bnbase => Service stopped successfully.
Bnbase => Service deleted successfully.
EmptyTemp: => Removed 132.9 MB temporary data.The system needed a reboot.
==== End of Fixlog ====
Boa Tarde! MasterFuxi
Farei a comunicação ao Administrador Mário Monteiro,para liberar a palavra bloqueada,pois impede a completa remoção do Baidu.
Reparei que foram detectados PUPs pela ferramenta ZHPCleaner,onde a Malwarebytes seria mais eficiente na remoção de PUPs.
Caso queira,pode executá-la!
Baixe: < Malwarebytes >
Instale o antimalware,com duplo-clique em seu executável! ( mbam-setup.exe )
Desmarque a caixa: "Ativar trial gratuito do Malwarebytes Anti-Malware PRO"
Marque as checkbox:
<1> Atualizar Malwarebytes Anti-Malware
<2> Executar Malwarebytes Anti-Malware
Clique em "Concluir".
Caso haja atualizações,elas serão baixadas e instaladas.
Clique em "Settings" e no campo Language,coloque: Portuguese (Brasil)
Clique em "Detecção e proteção".
Marque: Verificar por Rootkits
Em "Detecções PUP",selecione: Tratar detecções como malware
Clique em Verificar >> Verificar ameaça.
Clique em "Verificar agora".
Aguarde a conclusão do scan!
Caso haja detecções,clique no botão "Mover todos para a Quarentena".
Clique em "Aplicar ações".
Ao concluir,aceite a solicitação ao reboot,que pode ocorrer 2 vezes.
Poste o relatório! ( Aba Histórico >> Logs de aplicativos )
Ps: Utilize o formato ".txt" para exportar o relatório.
A+
Boa Tarde.
Realmente, o Malwarebytes fez diferença na remoção.
Malwarebytes
Malwarebytes Anti-Malware
www.malwarebytes.org
Data da Verificação: 22/11/2014
Hora da Verificação: 16:42:25
Arquivo de Log: malware bytes.txt
Administrador: Sim
Versão: 2.00.3.1025
Base de Dados de Malware: v2014.11.22.10
Base de Dados de Rootkit: v2014.11.21.01
Licença: Grátis
Proteção de Malware: Desabilitado
Proteção de Site Malicioso: Desabilitado
Auto-Proteção: Desabilitado
SO: Windows 7 Service Pack 1
Processador: x64
Sistema de Arquivos: NTFS
Usuário: Leonardo Alves
Tipo da Verificação: Verificar Ameaça
Resultado: Terminado
Objetos Verificados: 329369
Tempo Decorrido: 20 min, 43 seg
Memória: Habilitado
Inicialização: Habilitado
Sistema de Arquivos: Habilitado
Arquivos Compactados: Habilitado
Rootkits: Habilitado
Heurística: Habilitado
PUP: Habilitado
PUM: Habilitado
Processos: 1
PUP.Optional.MaintainerSvc.A, C:\ProgramData\398c0b96-ebd3-4f67-a5c7-1899a15c12be\maintainer.exe, 1764, Apagar ao Reiniciar, [2348d26c1d5fbb7b7ad1ae3349b86a96]
Módulos: 0
(Nenhum item malicioso detectado)
Chaves de Registro: 2
PUP.Optional.MaintainerSvc.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\MaintainerSvc4.07.4104264, Quarentena, [2348d26c1d5fbb7b7ad1ae3349b86a96],
PUP.Optional.Qone8, HKU\S-1-5-21-1061505648-1413863901-4016012325-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}, Quarentena, [3d2e53eb3b4190a6ff344555ef158977],
Valores de Registro: 3
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY|AppPath, C:\Program Files (x86)\Mysearchdial\1.8.29.0\, Quarentena, [5c0f2c12fd7f4fe719dabfee0004d42c]
PUP.Optional.QuickStart.A, HKU\S-1-5-21-1061505648-1413863901-4016012325-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MOZILLA\EXTENDS|appid, quick_start@gmail.com, Quarentena, [6dfe73cbcab21125b95c292e689b5ba5]
PUP.Optional.AdLyrics.A, HKU\S-1-5-21-1061505648-1413863901-4016012325-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MOZILLA\FIREFOX\EXTENSIONS|findlyrics@findlyrics.co, C:\Program Files (x86)\FindLyrics\FF\, Quarentena, [b7b460de0d6fa4924596e079d62de21e]
Dados de Registro: 0
(Nenhum item malicioso detectado)
Pastas: 1
PUP.Optional.FunMoods.A, C:\Users\Leonardo Alves\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cjpglkicenollcignonpgiafdgfeehoj, Quarentena, [a4c73707ea9285b1651ab06abe459868],
Arquivos: 12
PUP.Optional.Sanbreel.A, C:\Windows\System32\drivers\{a3f28269-ad17-41a8-b032-3e0313ef8979}Gw64.sys, Apagar ao Reiniciar, [29c50636fa1886d819cd95ff1fe2b5df],
PUP.Optional.Sanbreel.A, C:\Windows\System32\drivers\{a3f28269-ad17-41a8-b032-3e0313ef8979}w64.sys, Apagar ao Reiniciar, [003baa98f36495adea36bf1f4123f381],
PUP.Optional.MaintainerSvc.A, C:\ProgramData\398c0b96-ebd3-4f67-a5c7-1899a15c12be\maintainer.exe, Apagar ao Reiniciar, [2348d26c1d5fbb7b7ad1ae3349b86a96],
PUP.Optional.Vbates.A, C:\Users\Leonardo Alves\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ljmibnagodajacnnbifpamhggcohblip_0.localstorage, Quarentena, [6b00ae90fd7f142209f8312157ac9e62],
PUP.Optional.Searchqu.A, C:\Users\Leonardo Alves\AppData\Roaming\Mozilla\Extensions\{1FD91A9C-410C-4090-BBCC-55D3450EF433}, Quarentena, [b2b9b68880fc9a9cbc51fa956f95639d],
PUP.Optional.QuickStart.A, C:\Users\Leonardo Alves\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_pelmeidfhdlhlbjimpabfcbnnojbboma_0.localstorage, Quarentena, [8ddeb7870a7259ddb2af8c21020204fc],
PUP.Optional.CrossRider.A, C:\Windows\System32\Tasks\060184C3-9766-46a0-B258-F4518A0B2633, Quarentena, [a5c661dd88f48babfca0842d55afab55],
PUP.Optional.FunMoods.A, C:\Users\Leonardo Alves\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cjpglkicenollcignonpgiafdgfeehoj\000003.log, Quarentena, [a4c73707ea9285b1651ab06abe459868],
PUP.Optional.FunMoods.A, C:\Users\Leonardo Alves\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cjpglkicenollcignonpgiafdgfeehoj\CURRENT, Quarentena, [a4c73707ea9285b1651ab06abe459868],
PUP.Optional.FunMoods.A, C:\Users\Leonardo Alves\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cjpglkicenollcignonpgiafdgfeehoj\LOCK, Quarentena, [a4c73707ea9285b1651ab06abe459868],
PUP.Optional.FunMoods.A, C:\Users\Leonardo Alves\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cjpglkicenollcignonpgiafdgfeehoj\LOG, Quarentena, [a4c73707ea9285b1651ab06abe459868],
PUP.Optional.FunMoods.A, C:\Users\Leonardo Alves\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cjpglkicenollcignonpgiafdgfeehoj\MANIFEST-000002, Quarentena, [a4c73707ea9285b1651ab06abe459868],
Setores Físicos: 0
(Nenhum item malicioso detectado)
(end)
Boa Tarde! MasterFuxi
Vamos remover as ferramentas que foram utilizadas na desinfecção!
Baixe: < /applications/core/interface/imageproxy/imageproxy.php?img=http://i1143.photobucket.com/albums/n629/j2ram/delfix_108_zps75ef8ba4.jpg&key=b39e23e6b61919a1a815c38e03726a9072afe4f3d0095f800f63e2e4ac1f671e" alt="delfix_108_zps75ef8ba4.jpg" /> > ( ... de Xplode )
/applications/core/interface/imageproxy/imageproxy.php?img=http://i1143.photobucket.com/albums/n629/j2ram/My%2520Tools%25203/My%2520Tools%25204/DelFix_Download_zpsb5d944c7.jpg&key=c11cd63c68a67a8bcd0443a3fe0e716fc51d8e7a80122a3b6bf3a92bc1cfea40" alt="DelFix_Download_zpsb5d944c7.jpg" />
Estando na página,clique em Download Now.
Salve-a em um local conveniente! ( desktop! )
Feche aplicativos que estejam abertos.
/applications/core/interface/imageproxy/imageproxy.php?img=http://i1143.photobucket.com/albums/n629/j2ram/DelFix_RCL_zpscdf4940b.jpg&key=445a21c4b466a62330035b9f4c21e594031045c85368f309c5eb1deb786c08f9" alt="DelFix_RCL_zpscdf4940b.jpg" />
Remover ferramentas de desinfecção
Criar backup do registro
Limpar pontos da restauração do sistema
Com estas caixinhas marcadas,clique Executar!
Reinicie o computador ao concluir!
Tudo Ok?
A+
Boa noite.
Tudo ok! Muito obrigado! Problema resolvido.
PROBLEMA RESOLVIDO
Caso o autor necessite que o tópico seja reaberto basta enviar uma Mensagem Privada para um Moderador com um link para o tópico.
Bom Dia! MaxterFuxi
< Farbar Recovery Scan Tool 64-Bit >
/applications/core/interface/imageproxy/imageproxy.php?img=http://i1143.photobucket.com/albums/n629/j2ram/My%2520Tools%25203/My%2520Tools%25204/FRST_Addition_Scan_zpsa9fe21c8.jpg&key=57413e2cacfcda8498eac29552ca9f75b4e4f153241a12d409a31b0737393661" alt="FRST_Addition_Scan_zpsa9fe21c8.jpg" />
/applications/core/interface/imageproxy/imageproxy.php?img=http://t.imgbox.com/acrVh6GY.jpg&key=a98031df11d71116e6fc6fe6586a03c4ab49a7be484751ed5881cb409d37ce42" alt="acrVh6GY.jpg" />
A+