Resultado da Correção pela Farbar Recovery Scan Tool (x64) Versão:23-12-2015 Executado por NEWUSU (2015-12-24 17:55:14) Run:1 Executando a partir de C:\Users\NEWUSU\Desktop Perfis Carregados: NEWUSU (Perfis Disponíveis: NEWUSU & Convidado) Modo da Inicialização: Normal ============================================== fixlist Conteúdo: ***************** start CloseProcesses: HKU\S-1-5-21-4220064015-3225715080-1381729876-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restrição <======= ATENÇÃO HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://br.hao123.com/?tn=sdkc_inner_hp_09_hao123_br&fr=FVYB5UUnV%2FpI1hFrCz1G8z9cX7IK CHR HomePage: Default -> hxxp://br.hao123.com/?tn=sdkc_inner_hp_09_hao123_br&fr=FVYB5UUnV%2FpI1hFrCz1G8z9cX7IK CHR Extension: (Шоколадные скидки) - C:\Users\NEWUSU\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\embcnppfiackecbblegfigbffbfbicbh [2015-11-27] S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X] S1 gbpddfac; system32\drivers\gbpddfac64.sys [X] S0 gbpddreg; system32\drivers\gbpddreg64.sys [X] S3 X6va060; \??\C:\Windows\SysWOW64\Drivers\X6va060 [X] S3 X6va061; \??\C:\Windows\SysWOW64\Drivers\X6va061 [X] S3 X6va062; \??\C:\Windows\SysWOW64\Drivers\X6va062 [X] S3 xhunter1; \??\C:\Windows\xhunter1.sys [X] 2015-12-17 11:11 - 2015-12-17 11:11 - 0000000 ____H () C:\Users\NEWUSU\AppData\Local\BIT84BB.tmp 2015-12-17 11:11 - 2015-12-17 11:11 - 0000000 _____ () C:\Users\NEWUSU\AppData\Local\{46532C3E-9770-4EEB-9ABC-D870C06899A7} 2015-02-23 15:44 - 2015-02-23 15:44 - 0000020 _____ () C:\ProgramData\bc.ini Task: {6831FA86-DB0A-410E-BF6A-D7118F01D111} - \ToolsUpdatePlatform_ScheduledTask -> Nenhum Arquivo <==== ATENÇÃO Task: {BAAEF443-FED0-49B5-874D-99DAF49AD41D} - System32\Tasks\{829AD981-F71F-45C2-9CD1-82CA969E91B2} => pcalua.exe -a C:\Users\Servidor.SERVIDOR\Desktop\ZHPFix.exe -d C:\Users\Servidor.SERVIDOR\Desktop AlternateDataStreams: C:\Windows\System32:BB9600F7_Bb.gbp AlternateDataStreams: C:\Windows\system32\Drivers\wsddfac.sys:X5ZN8aGXs4 AlternateDataStreams: C:\Program Files (x86)\GbPlugin:u6eBQrM0Z2K3FKLVBMG8dY3IkKT2rqFO+Sf68h8fDg== C:\Users\NEWUSU\AppData\Local\Temp\2153512440.dll C:\Users\NEWUSU\AppData\Local\Temp\79d8c0cc28b6bdbbd3e9cbb598b4772d.dll C:\Users\NEWUSU\AppData\Local\Temp\dd838741e8a8ea1157c3558ccd304515.dll C:\Users\NEWUSU\AppData\Local\Temp\FFSetup3.7.5.0.exe C:\Users\NEWUSU\AppData\Local\Temp\jre-8u65-windows-au.exe C:\Users\NEWUSU\AppData\Local\Temp\NGMDll.dll C:\Users\NEWUSU\AppData\Local\Temp\NGMResource.dll C:\Users\NEWUSU\AppData\Local\Temp\stubhelper.dll C:\Users\NEWUSU\AppData\Local\Temp\TubeToolbox_Setup.EXE C:\Users\NEWUSU\AppData\Local\Temp\unicows.dll C:\Users\NEWUSU\AppData\Local\Temp\Uninstall.exe CMD: dir /a "C:\Program Files" CMD: dir /a "C:\Program Files (x86)" CMD: dir /a C:\ProgramData Folder: C:\Windows\r0buzstdhpo5 CreateRestorePoint: EmptyTemp: Reboot: end ***************** Processos fechados com sucesso. "HKU\S-1-5-21-4220064015-3225715080-1381729876-1001\SOFTWARE\Policies\Microsoft\Internet Explorer" => chave removido (a) com sucesso. HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => valor restaurado com sucesso Chrome HomePage => removido (a) com sucesso. C:\Users\NEWUSU\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\embcnppfiackecbblegfigbffbfbicbh => movido com sucesso EagleX64 => serviço removido (a) com sucesso. gbpddfac => serviço removido (a) com sucesso. gbpddreg => serviço removido (a) com sucesso. X6va060 => serviço removido (a) com sucesso. X6va061 => serviço removido (a) com sucesso. X6va062 => serviço removido (a) com sucesso. xhunter1 => serviço removido (a) com sucesso. C:\Users\NEWUSU\AppData\Local\BIT84BB.tmp => movido com sucesso C:\Users\NEWUSU\AppData\Local\{46532C3E-9770-4EEB-9ABC-D870C06899A7} => movido com sucesso C:\ProgramData\bc.ini => movido com sucesso "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{6831FA86-DB0A-410E-BF6A-D7118F01D111}" => chave removido (a) com sucesso. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6831FA86-DB0A-410E-BF6A-D7118F01D111}" => chave removido (a) com sucesso. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ToolsUpdatePlatform_ScheduledTask => chave não encontrado (a). "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BAAEF443-FED0-49B5-874D-99DAF49AD41D}" => chave removido (a) com sucesso. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BAAEF443-FED0-49B5-874D-99DAF49AD41D}" => chave removido (a) com sucesso. C:\Windows\System32\Tasks\{829AD981-F71F-45C2-9CD1-82CA969E91B2} => movido com sucesso "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{829AD981-F71F-45C2-9CD1-82CA969E91B2}" => chave removido (a) com sucesso. C:\Windows\System32 => ":BB9600F7_Bb.gbp" ADS removido (a) com sucesso.. C:\Windows\system32\Drivers\wsddfac.sys => ":X5ZN8aGXs4" ADS removido (a) com sucesso.. C:\Program Files (x86)\GbPlugin => ":u6eBQrM0Z2K3FKLVBMG8dY3IkKT2rqFO+Sf68h8fDg==" ADS removido (a) com sucesso.. C:\Users\NEWUSU\AppData\Local\Temp\2153512440.dll => movido com sucesso C:\Users\NEWUSU\AppData\Local\Temp\79d8c0cc28b6bdbbd3e9cbb598b4772d.dll => movido com sucesso C:\Users\NEWUSU\AppData\Local\Temp\dd838741e8a8ea1157c3558ccd304515.dll => movido com sucesso C:\Users\NEWUSU\AppData\Local\Temp\FFSetup3.7.5.0.exe => movido com sucesso C:\Users\NEWUSU\AppData\Local\Temp\jre-8u65-windows-au.exe => movido com sucesso C:\Users\NEWUSU\AppData\Local\Temp\NGMDll.dll => movido com sucesso C:\Users\NEWUSU\AppData\Local\Temp\NGMResource.dll => movido com sucesso C:\Users\NEWUSU\AppData\Local\Temp\stubhelper.dll => movido com sucesso C:\Users\NEWUSU\AppData\Local\Temp\TubeToolbox_Setup.EXE => movido com sucesso C:\Users\NEWUSU\AppData\Local\Temp\unicows.dll => movido com sucesso C:\Users\NEWUSU\AppData\Local\Temp\Uninstall.exe => movido com sucesso ========= dir /a "C:\Program Files" ========= O volume na unidade C no tem nome. O Nmero de Srie do Volume 2016-FF7E Pasta de C:\Program Files 03/11/2015 18:37