Resultado da Correção pela Farbar Recovery Scan Tool (x64) Versão:23-12-2015 Executado por NEWUSU (2015-12-24 17:55:14) Run:1 Executando a partir de C:\Users\NEWUSU\Desktop Perfis Carregados: NEWUSU (Perfis Disponíveis: NEWUSU & Convidado) Modo da Inicialização: Normal ============================================== fixlist Conteúdo: ***************** start CloseProcesses: HKU\S-1-5-21-4220064015-3225715080-1381729876-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restrição <======= ATENÇÃO HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://br.hao123.com/?tn=sdkc_inner_hp_09_hao123_br&fr=FVYB5UUnV%2FpI1hFrCz1G8z9cX7IK CHR HomePage: Default -> hxxp://br.hao123.com/?tn=sdkc_inner_hp_09_hao123_br&fr=FVYB5UUnV%2FpI1hFrCz1G8z9cX7IK CHR Extension: (Шоколадные скидки) - C:\Users\NEWUSU\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\embcnppfiackecbblegfigbffbfbicbh [2015-11-27] S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X] S1 gbpddfac; system32\drivers\gbpddfac64.sys [X] S0 gbpddreg; system32\drivers\gbpddreg64.sys [X] S3 X6va060; \??\C:\Windows\SysWOW64\Drivers\X6va060 [X] S3 X6va061; \??\C:\Windows\SysWOW64\Drivers\X6va061 [X] S3 X6va062; \??\C:\Windows\SysWOW64\Drivers\X6va062 [X] S3 xhunter1; \??\C:\Windows\xhunter1.sys [X] 2015-12-17 11:11 - 2015-12-17 11:11 - 0000000 ____H () C:\Users\NEWUSU\AppData\Local\BIT84BB.tmp 2015-12-17 11:11 - 2015-12-17 11:11 - 0000000 _____ () C:\Users\NEWUSU\AppData\Local\{46532C3E-9770-4EEB-9ABC-D870C06899A7} 2015-02-23 15:44 - 2015-02-23 15:44 - 0000020 _____ () C:\ProgramData\bc.ini Task: {6831FA86-DB0A-410E-BF6A-D7118F01D111} - \ToolsUpdatePlatform_ScheduledTask -> Nenhum Arquivo <==== ATENÇÃO Task: {BAAEF443-FED0-49B5-874D-99DAF49AD41D} - System32\Tasks\{829AD981-F71F-45C2-9CD1-82CA969E91B2} => pcalua.exe -a C:\Users\Servidor.SERVIDOR\Desktop\ZHPFix.exe -d C:\Users\Servidor.SERVIDOR\Desktop AlternateDataStreams: C:\Windows\System32:BB9600F7_Bb.gbp AlternateDataStreams: C:\Windows\system32\Drivers\wsddfac.sys:X5ZN8aGXs4 AlternateDataStreams: C:\Program Files (x86)\GbPlugin:u6eBQrM0Z2K3FKLVBMG8dY3IkKT2rqFO+Sf68h8fDg== C:\Users\NEWUSU\AppData\Local\Temp\2153512440.dll C:\Users\NEWUSU\AppData\Local\Temp\79d8c0cc28b6bdbbd3e9cbb598b4772d.dll C:\Users\NEWUSU\AppData\Local\Temp\dd838741e8a8ea1157c3558ccd304515.dll C:\Users\NEWUSU\AppData\Local\Temp\FFSetup3.7.5.0.exe C:\Users\NEWUSU\AppData\Local\Temp\jre-8u65-windows-au.exe C:\Users\NEWUSU\AppData\Local\Temp\NGMDll.dll C:\Users\NEWUSU\AppData\Local\Temp\NGMResource.dll C:\Users\NEWUSU\AppData\Local\Temp\stubhelper.dll C:\Users\NEWUSU\AppData\Local\Temp\TubeToolbox_Setup.EXE C:\Users\NEWUSU\AppData\Local\Temp\unicows.dll C:\Users\NEWUSU\AppData\Local\Temp\Uninstall.exe CMD: dir /a "C:\Program Files" CMD: dir /a "C:\Program Files (x86)" CMD: dir /a C:\ProgramData Folder: C:\Windows\r0buzstdhpo5 CreateRestorePoint: EmptyTemp: Reboot: end ***************** Processos fechados com sucesso. "HKU\S-1-5-21-4220064015-3225715080-1381729876-1001\SOFTWARE\Policies\Microsoft\Internet Explorer" => chave removido (a) com sucesso. HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => valor restaurado com sucesso Chrome HomePage => removido (a) com sucesso. C:\Users\NEWUSU\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\embcnppfiackecbblegfigbffbfbicbh => movido com sucesso EagleX64 => serviço removido (a) com sucesso. gbpddfac => serviço removido (a) com sucesso. gbpddreg => serviço removido (a) com sucesso. X6va060 => serviço removido (a) com sucesso. X6va061 => serviço removido (a) com sucesso. X6va062 => serviço removido (a) com sucesso. xhunter1 => serviço removido (a) com sucesso. C:\Users\NEWUSU\AppData\Local\BIT84BB.tmp => movido com sucesso C:\Users\NEWUSU\AppData\Local\{46532C3E-9770-4EEB-9ABC-D870C06899A7} => movido com sucesso C:\ProgramData\bc.ini => movido com sucesso "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{6831FA86-DB0A-410E-BF6A-D7118F01D111}" => chave removido (a) com sucesso. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6831FA86-DB0A-410E-BF6A-D7118F01D111}" => chave removido (a) com sucesso. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ToolsUpdatePlatform_ScheduledTask => chave não encontrado (a). "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BAAEF443-FED0-49B5-874D-99DAF49AD41D}" => chave removido (a) com sucesso. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BAAEF443-FED0-49B5-874D-99DAF49AD41D}" => chave removido (a) com sucesso. C:\Windows\System32\Tasks\{829AD981-F71F-45C2-9CD1-82CA969E91B2} => movido com sucesso "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{829AD981-F71F-45C2-9CD1-82CA969E91B2}" => chave removido (a) com sucesso. C:\Windows\System32 => ":BB9600F7_Bb.gbp" ADS removido (a) com sucesso.. C:\Windows\system32\Drivers\wsddfac.sys => ":X5ZN8aGXs4" ADS removido (a) com sucesso.. C:\Program Files (x86)\GbPlugin => ":u6eBQrM0Z2K3FKLVBMG8dY3IkKT2rqFO+Sf68h8fDg==" ADS removido (a) com sucesso.. C:\Users\NEWUSU\AppData\Local\Temp\2153512440.dll => movido com sucesso C:\Users\NEWUSU\AppData\Local\Temp\79d8c0cc28b6bdbbd3e9cbb598b4772d.dll => movido com sucesso C:\Users\NEWUSU\AppData\Local\Temp\dd838741e8a8ea1157c3558ccd304515.dll => movido com sucesso C:\Users\NEWUSU\AppData\Local\Temp\FFSetup3.7.5.0.exe => movido com sucesso C:\Users\NEWUSU\AppData\Local\Temp\jre-8u65-windows-au.exe => movido com sucesso C:\Users\NEWUSU\AppData\Local\Temp\NGMDll.dll => movido com sucesso C:\Users\NEWUSU\AppData\Local\Temp\NGMResource.dll => movido com sucesso C:\Users\NEWUSU\AppData\Local\Temp\stubhelper.dll => movido com sucesso C:\Users\NEWUSU\AppData\Local\Temp\TubeToolbox_Setup.EXE => movido com sucesso C:\Users\NEWUSU\AppData\Local\Temp\unicows.dll => movido com sucesso C:\Users\NEWUSU\AppData\Local\Temp\Uninstall.exe => movido com sucesso ========= dir /a "C:\Program Files" ========= O volume na unidade C no tem nome. O Nmero de Srie do Volume 2016-FF7E Pasta de C:\Program Files 03/11/2015 18:37 . 03/11/2015 18:37 .. 16/08/2014 16:56 Arquivos Comuns [C:\Program Files\Common Files] 20/12/2014 09:02 AVAST Software 27/08/2014 14:20 Cobian Backup 10 03/12/2015 11:33 Common Files 14/07/2009 02:54 174 desktop.ini 25/08/2015 12:28 Diebold 15/01/2011 20:21 DVD Maker 27/08/2014 14:19 Firebird 27/07/2015 14:57 Google 02/03/2015 16:39 HP 16/08/2014 17:10 Intel 06/08/2015 15:39 Internet Explorer 14/07/2009 16:11 Microsoft Games 14/07/2009 03:32 MSBuild 16/08/2014 17:09 Realtek 14/07/2009 03:32 Reference Assemblies 03/11/2015 18:37 Strogino CS Portal 02/10/2014 11:30 TightVNC 14/07/2009 03:09 Uninstall Information 17/08/2014 04:21 Windows Defender 14/05/2015 14:19 Windows Journal 15/01/2011 20:21 Windows Mail 12/03/2015 13:29 Windows Media Player 16/08/2014 16:56 Windows NT 15/01/2011 20:21 Windows Photo Viewer 15/01/2011 20:21 Windows Portable Devices 15/01/2011 20:21 Windows Sidebar 27/08/2014 14:17 WinRAR 1 arquivo(s) 174 bytes 29 pasta(s) 400.697.327.616 bytes disponveis ========= Fim de CMD: ========= ========= dir /a "C:\Program Files (x86)" ========= O volume na unidade C no tem nome. O Nmero de Srie do Volume 2016-FF7E Pasta de C:\Program Files (x86) 19/12/2015 13:04 . 19/12/2015 13:04 .. 28/03/2015 18:58 Baidu Security 19/05/2015 18:05 Brazil 04/06/2015 15:19 CCLS 09/05/2015 15:55 Cisco 04/12/2015 23:02 Common Files 14/07/2009 02:54 174 desktop.ini 14/04/2015 18:08 Diebold 22/03/2015 16:12 DsNET Corp 14/08/2015 14:48 Five Nights at Freddy's 2 v1.0 03/07/2015 17:35 Foxit Software 25/08/2015 12:28 GAS Tecnologia 24/12/2015 17:27 GbPlugin 02/03/2015 17:20 GIGABYTE 19/12/2015 13:04 Google 02/03/2015 17:07 Hewlett-Packard 31/08/2015 08:55 HitLeap 02/03/2015 16:18 HP 13/08/2015 20:01 InstallShield Installation Information 16/08/2014 17:17 Intel 06/08/2015 15:39 Internet Explorer 15/11/2015 12:16 Java 28/10/2015 11:48 Malwarebytes Anti-Malware 16/08/2014 17:01 Microsoft.NET 14/07/2009 03:32 MSBuild 27/07/2015 13:55 Mu Elemental Classic - Cliente Full 18/08/2014 09:33 Norton Ghost 20/12/2014 11:33 OpenOffice 4 24/12/2015 13:15 Opera 11/08/2015 14:26 QuickTime 27/07/2015 13:56 RaidCall.BR 04/12/2015 23:02 Real 09/05/2015 15:53 Realtek 27/08/2014 14:38 RealVNC 14/07/2009 03:32 Reference Assemblies 02/09/2015 10:05 Sincell 18/08/2014 09:34 Symantec 19/09/2014 18:20 TeamViewer 11/08/2015 14:26 TechSmith 16/08/2014 17:09 Temp 14/07/2009 02:57 Uninstall Information 27/07/2015 13:57 Webzen 17/08/2014 04:21 Windows Defender 26/01/2015 10:35 Windows Live 15/01/2011 20:21 Windows Mail 12/03/2015 13:29 Windows Media Player 14/07/2009 03:32 Windows NT 15/01/2011 20:21 Windows Photo Viewer 15/01/2011 20:21 Windows Portable Devices 15/01/2011 20:21 Windows Sidebar 11/11/2015 09:41 Z8Games 1 arquivo(s) 174 bytes 51 pasta(s) 400.697.319.424 bytes disponveis ========= Fim de CMD: ========= ========= dir /a C:\ProgramData ========= O volume na unidade C no tem nome. O Nmero de Srie do Volume 2016-FF7E Pasta de C:\ProgramData 24/12/2015 17:55 . 24/12/2015 17:55 .. 16/02/2015 13:22 Aeria Games 14/07/2009 03:08 Application Data [C:\ProgramData] 20/12/2014 09:02 AVAST Software 28/03/2015 18:58 baidu 27/04/2015 19:18 Baidu Security 16/08/2014 16:56 Dados de aplicativos [C:\ProgramData] 18/07/2015 19:51 DAEMON Tools Lite 14/07/2009 03:08 Desktop [C:\Users\Public\Desktop] 16/08/2014 16:56 Documentos [C:\Users\Public\Documents] 14/07/2009 03:08 Documents [C:\Users\Public\Documents] 14/07/2009 03:08 Favorites [C:\Users\Public\Favorites] 16/08/2014 16:56 Favoritos [C:\Users\Public\Favorites] 24/12/2015 17:25 firebird 19/12/2014 18:41 GAS Tecnologia 18/12/2015 07:44 GbPlugin 02/03/2015 16:18 Hewlett-Packard 02/03/2015 16:23 HP 02/03/2015 16:18 HPSSUPPLY 16/08/2014 17:10 Intel 14/12/2015 17:17 Level Up! Games 14/12/2015 10:17 levelup downloader 30/09/2015 08:09 LogMeIn 04/07/2015 11:36 MAGIX 03/02/2015 10:23 Malwarebytes 16/08/2014 16:56 Menu Iniciar [C:\ProgramData\Microsoft\Windows\Start Menu] 26/09/2015 13:09 Microsoft 16/08/2014 16:56 Modelos [C:\ProgramData\Microsoft\Windows\Templates] 14/12/2015 17:24 Nexon 15/11/2015 12:17 Oracle 23/07/2015 11:17 Origin 31/08/2012 10:49 24.772 P1210DEF.css 03/07/2015 17:49 14.949 P1210OS.HTM 31/08/2012 10:49 2.944 P1210SIG.GIF 04/12/2015 23:02 Package Cache 04/12/2015 23:02 Real 11/08/2015 14:26 regid.1995-08.com.techsmith 02/09/2015 10:06 Sincell 14/07/2009 03:08 Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu] 19/12/2014 18:55 Sun 29/08/2014 16:24 Symantec 11/08/2015 14:26 TechSmith 14/07/2009 03:08 Templates [C:\ProgramData\Microsoft\Windows\Templates] 08/07/2015 18:35 TightVNC 08/08/2015 20:06 Unity 27/07/2015 13:57 WEBZEN 18/08/2014 09:32 {1C6FDDD8-FC9E-4C12-9FA5-1AAD377097B3} 3 arquivo(s) 42.665 bytes 45 pasta(s) 400.697.315.328 bytes disponveis ========= Fim de CMD: ========= ========================= Folder: C:\Windows\r0buzstdhpo5 ======================== 2015-12-14 11:10 - 2015-12-14 11:10 - 0613888 ____H () C:\Windows\r0buzstdhpo5\0n2gvjcr6i23.dll 2015-12-14 11:09 - 2015-12-14 11:09 - 0608080 _____ (Microsoft Corporation) C:\Windows\r0buzstdhpo5\msvcp100.dll 2015-12-14 11:09 - 2015-12-14 11:10 - 0829264 _____ (Microsoft Corporation) C:\Windows\r0buzstdhpo5\msvcr100.dll ====== Fim de Folder: ====== Ponto de Restauração criado com sucesso. EmptyTemp: => 893.3 MB de dados temporários Removidos. O sistema precisou ser reiniciado. ==== Fim de Fixlog 17:56:07 ====