Ir ao conteúdo
  • Cadastre-se
nandarage

RESOLVIDO Não consigo remover virus

Recommended Posts

Boa noite

 

Mandei meu note para formatar, e quando comecei a usa-lo começou a aparecer diversas propagandas, aviso de erros e propaganda de programas para remover erros do pc.. enfim, comecei a desinstalar varias coisas, porém duas não saíram de jeito nenhum e o avast não para de avisar de ameaça detectada...

procurei na net jeitos de remover estes dois programas, mas só tinha sites em inglês e os mesmos não pareciam confiáveis. 

 

o nome dos programas estranhos é Any protect e Blockandsurf .. segue abaixo os logs solicitados: 

LOG DDS

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 

Internet Explorer: 8.0.7600.16385

Run by Ultimate at 22:27:11 on 2014-07-15

Microsoft Windows 7 Ultimate   6.1.7600.0.1252.55.1046.18.3758.2048 [GMT -3:00]

.

AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

.

============== Running Processes ===============

.

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Program Files\AVAST Software\Avast\AvastSvc.exe

C:\Windows\system32\WLANExt.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe

C:\Windows\system32\taskhost.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe

C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

C:\Program Files\Intel\WiFi\bin\EvtEng.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\taskeng.exe

C:\Program Files (x86)\di4BlockAndSurf\p6BlockAndSurfx.exe

C:\Windows\system32\svchost.exe -k bthsvcs

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\system32\wbem\unsecapp.exe

C:\Windows\System32\svchost.exe -k secsvcs

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

C:\Program Files\AVAST Software\Avast\AvastUI.exe

C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Windows\system32\taskhost.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\System32\cscript.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.trovi.com/?gd=&ctid=CT3323878&octid=EB_ORIGINAL_CTID&ISID=M04ADEF23-B72B-4C2D-B0E7-04C902B282B0&SearchSource=55&CUI=&UM=6&UP=SPA4D873A0-B23A-4877-970D-A77221C66C2E&SSPV=

uDefault_Page_URL = about:blank

mStart Page = about:blank

mSearch Page = hxxp://istart.webssearches.com/web/?type=ds&ts=1405292546&from=obw&uid=TOSHIBAXMK6465GSXN_Z013B0JFBXXZ013B0JFB&q={searchTerms}

mDefault_Page_URL = about:blank

mDefault_Search_URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1405292546&from=obw&uid=TOSHIBAXMK6465GSXN_Z013B0JFBXXZ013B0JFB&q={searchTerms}

mWinlogon: Userinit = userinit.exe

BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: BlockAndSurf: {5C3657B2-8265-CE58-9437-7CE44D6DC7C8} - C:\Program Files (x86)\di4BlockAndSurf\175.dll

BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL

BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL

uRun: [indxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020

uRun: [blockAndSurf] C:\Program Files (x86)\di4BlockAndSurf\BlockAndSurf.exe

mRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

mRun: [NBKeyScan] "C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"

mRun: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui

mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [AnyProtect Scanner] "C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe"

mRun: [fst_br_221] <no file>

mPolicies-Explorer: NoActiveDesktop = dword:1

mPolicies-Explorer: NoActiveDesktopChanges = dword:1

mPolicies-System: ConsentPromptBehaviorAdmin = dword:5

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableUIADesktopToggle = dword:0

IE: &Enviar para o OneNote - C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105

IE: E&xportar para o Microsoft Excel - C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

TCP: NameServer = 192.168.1.1

TCP: Interfaces\{BB799EF9-E8C4-4A24-8C73-84C37E0BF747} : DHCPNameServer = 192.168.1.1

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

SSODL: WebCheck - <orphaned>

SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL

mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome

x64-mStart Page = about:blank

x64-mSearch Page = hxxp://istart.webssearches.com/web/?type=ds&ts=1405292546&from=obw&uid=TOSHIBAXMK6465GSXN_Z013B0JFBXXZ013B0JFB&q={searchTerms}

x64-mDefault_Page_URL = about:blank

x64-mDefault_Search_URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1405292546&from=obw&uid=TOSHIBAXMK6465GSXN_Z013B0JFBXXZ013B0JFB&q={searchTerms}

x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL

x64-BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll

x64-BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll

x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL

x64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll

x64-Run: [intelWireless] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel Wireless Tray

x64-Run: [igfxTray] C:\Windows\System32\igfxtray.exe

x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe

x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe

x64-Run: [bCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices

x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll

x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

x64-Notify: igfxcui - igfxdev.dll

x64-SSODL: WebCheck - <orphaned>

x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL

.

============= SERVICES / DRIVERS ===============

.

R0 aswRvrt;avast! Revert;C:\Windows\System32\drivers\aswRvrt.sys [2014-7-10 65776]

R0 aswVmm;avast! VM Monitor;C:\Windows\System32\drivers\aswVmm.sys [2014-7-10 224896]

R1 {2b929fe1-284b-4766-afb9-19b0915b99b0}Gw64;{2b929fe1-284b-4766-afb9-19b0915b99b0}Gw64;C:\Windows\System32\drivers\{2b929fe1-284b-4766-afb9-19b0915b99b0}Gw64.sys [2014-7-13 61120]

R1 {6fcd6092-9615-4f7f-8898-8df53980e5d2}Gw64;{6fcd6092-9615-4f7f-8898-8df53980e5d2}Gw64;C:\Windows\System32\drivers\{6fcd6092-9615-4f7f-8898-8df53980e5d2}Gw64.sys [2014-7-13 61112]

R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2014-7-10 1041168]

R1 aswSP;aswSP;C:\Windows\System32\drivers\aswsp.sys [2014-7-10 427360]

R2 aswHwid;avast! HardwareID;C:\Windows\System32\drivers\aswHwid.sys [2014-7-11 29208]

R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2014-7-10 79184]

R2 aswStm;aswStm;C:\Windows\System32\drivers\aswStm.sys [2014-7-11 92008]

R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2014-7-11 50344]

R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2014-7-10 13336]

R2 rimspci;rimspci;C:\Windows\System32\drivers\rimssne64.sys [2014-7-10 94208]

R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2014-7-10 2320920]

R2 webinstr;webinstr;C:\Windows\System32\drivers\webinstr.sys [2014-7-14 57528]

R2 WindowsMangerProtect;WindowsMangerProtect Service;C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe -service --> C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe -service [?]

R3 HECIx64;Intel® Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2014-7-10 56344]

R3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2014-7-10 158976]

R3 IntcDAud;Áudio do vídeo Intel®;C:\Windows\System32\drivers\IntcDAud.sys [2014-7-10 271872]

R3 NETw5s64;Driver do adaptador Intel® Wireless WiFi Link Série 5000 para Windows 7 64 bits;C:\Windows\System32\drivers\NETw5s64.sys [2010-5-31 7689216]

R3 SFEP;Sony Firmware Extension Parser;C:\Windows\System32\drivers\SFEP.sys [2014-7-10 12032]

R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2014-7-10 402720]

S2 globalUpdate;globalUpdate Update Service (globalUpdate);C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [2014-7-13 68608]

S2 Update focusbase;Update focusbase;"C:\Program Files (x86)\focusbase\updatefocusbase.exe" --> C:\Program Files (x86)\focusbase\updatefocusbase.exe [?]

S2 Update NetCrawl;Update NetCrawl;"C:\Program Files (x86)\NetCrawl\updateNetCrawl.exe" --> C:\Program Files (x86)\NetCrawl\updateNetCrawl.exe [?]

S2 Util focusbase;Util focusbase;"C:\Program Files (x86)\focusbase\bin\utilfocusbase.exe" --> C:\Program Files (x86)\focusbase\bin\utilfocusbase.exe [?]

S3 globalUpdatem;globalUpdate Update Service (globalUpdatem);C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [2014-7-13 68608]

S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2010-3-5 340240]

S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-1-9 174440]

.

=============== Created Last 30 ================

.

2014-07-16 00:13:58 -------- d-----w- C:\Users\Ultimate\AppData\Local\Google

2014-07-15 23:53:39 -------- d-----w- C:\Program Files (x86)\predm

2014-07-15 01:08:54 57528 ----a-w- C:\Windows\System32\drivers\webinstr.sys

2014-07-15 01:08:53 -------- d-----w- C:\Program Files (x86)\di4BlockAndSurf

2014-07-15 01:06:35 -------- d-----w- C:\Users\Ultimate\AppData\Roaming\Opera Software

2014-07-15 01:06:35 -------- d-----w- C:\Users\Ultimate\AppData\Local\Opera Software

2014-07-14 00:21:42 61112 ----a-w- C:\Windows\System32\drivers\{6fcd6092-9615-4f7f-8898-8df53980e5d2}Gw64.sys

2014-07-14 00:08:10 61120 ----a-w- C:\Windows\System32\drivers\{2b929fe1-284b-4766-afb9-19b0915b99b0}Gw64.sys

2014-07-13 23:28:14 -------- d-----w- C:\Users\Ultimate\AppData\Roaming\Baidu

2014-07-13 23:28:12 -------- d-----w- C:\ProgramData\Baidu Security

2014-07-13 23:28:05 -------- d-----w- C:\ProgramData\baidu

2014-07-13 23:28:03 -------- d-----w- C:\Program Files (x86)\Baidu-Security-2014-4.4.4.73687

2014-07-13 23:27:24 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2014-07-13 23:27:24 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2014-07-13 23:17:14 -------- d-----w- C:\Program Files (x86)\VideoLAN

2014-07-13 23:16:57 -------- d-----w- C:\Users\Ultimate\AppData\Roaming\BSplayer Pro

2014-07-13 23:16:57 -------- d-----w- C:\Users\Ultimate\AppData\Roaming\BSplayer

2014-07-13 23:16:56 -------- d-----w- C:\Program Files (x86)\Webteh

2014-07-13 23:16:53 -------- d-----w- C:\Program Files (x86)\NetCrawl

2014-07-13 23:16:30 -------- d-----w- C:\Program Files (x86)\SiteLookup

2014-07-13 23:16:27 -------- d-----w- C:\Program Files (x86)\AnyProtectEx

2014-07-13 23:14:27 -------- d-----w- C:\Program Files (x86)\Tbccint

2014-07-13 23:14:26 -------- d-----w- C:\Users\Ultimate\AppData\Local\Tbccint

2014-07-13 23:14:26 -------- d-----w- C:\ProgramData\Tbccint

2014-07-13 23:04:59 -------- d-----w- C:\Users\Ultimate\AppData\Roaming\Systweak

2014-07-13 23:04:58 20312 ----a-w- C:\Windows\System32\roboot64.exe

2014-07-13 23:04:52 -------- d-----w- C:\Users\Ultimate\AppData\Local\Programs

2014-07-13 23:04:24 -------- d-----w- C:\Users\Ultimate\AppData\Local\globalUpdate

2014-07-13 23:04:24 -------- d-----w- C:\Program Files (x86)\globalUpdate

2014-07-13 23:03:03 -------- d-----w- C:\Program Files (x86)\focusbase

2014-07-13 23:02:42 -------- d-----w- C:\ProgramData\WindowsMangerProtect

2014-07-11 06:26:52 -------- d-----w- C:\Users\Ultimate\AppData\Roaming\AVAST Software

2014-07-11 03:26:36 92008 ----a-w- C:\Windows\System32\drivers\aswStm.sys

2014-07-11 03:26:36 29208 ----a-w- C:\Windows\System32\drivers\aswHwid.sys

2014-07-11 03:26:24 43152 ----a-w- C:\Windows\avastSS.scr

2014-07-11 03:17:23 -------- d-----w- C:\Users\Ultimate\AppData\Local\Ahead

2014-07-11 03:11:24 -------- d-----w- C:\ProgramData\Nero

2014-07-11 03:11:24 -------- d-----w- C:\Program Files (x86)\Nero

2014-07-11 03:03:40 971680 ----a-w- C:\Windows\System32\deployJava1.dll

2014-07-11 03:03:40 1092512 ----a-w- C:\Windows\System32\npDeployJava1.dll

2014-07-11 03:03:38 108448 ----a-w- C:\Windows\System32\WindowsAccessBridge-64.dll

2014-07-11 02:53:09 10779000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{EFCBB722-538D-47E2-99FF-C3F850C5B9B2}\mpengine.dll

2014-07-11 02:53:04 270496 ------w- C:\Windows\System32\MpSigStub.exe

2014-07-11 02:52:41 472064 ----a-w- C:\Windows\AutoKMS.exe

2014-07-11 02:51:54 93568 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys

2014-07-11 02:51:53 65776 ----a-w- C:\Windows\System32\drivers\aswRvrt.sys

2014-07-11 02:51:53 224896 ----a-w- C:\Windows\System32\drivers\aswVmm.sys

2014-07-11 02:51:53 1041168 ----a-w- C:\Windows\System32\drivers\aswSnx.sys

2014-07-11 02:51:50 79184 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys

2014-07-11 02:51:12 -------- d-----w- C:\Program Files\AVAST Software

2014-07-11 02:43:43 -------- d-----w- C:\Program Files\Microsoft Synchronization Services

2014-07-11 02:43:27 -------- d-----w- C:\Windows\PCHEALTH

2014-07-11 02:43:27 -------- d-----w- C:\Program Files\Microsoft SQL Server Compact Edition

2014-07-11 02:43:21 -------- d-----w- C:\ProgramData\AVAST Software

2014-07-11 02:42:28 -------- d-----w- C:\Users\Ultimate\AppData\Local\Mozilla

2014-07-11 02:42:02 -------- d-----w- C:\Program Files (x86)\Microsoft Visual Studio 8

2014-07-11 02:41:28 -------- d-----w- C:\Program Files\Microsoft Analysis Services

2014-07-11 02:41:28 -------- d-----w- C:\Program Files (x86)\Microsoft Analysis Services

2014-07-11 02:41:21 -------- d-----w- C:\Users\Ultimate\AppData\Local\Microsoft Help

2014-07-11 02:40:06 -------- d-----w- C:\Users\Ultimate\AppData\Local\Adobe

2014-07-11 02:37:17 -------- d-----w- C:\Drivers

2014-07-11 02:36:45 -------- d-----w- C:\Program Files (x86)\Common Files\Intel

2014-07-11 02:36:33 -------- d-----w- C:\Program Files (x86)\Common Files\postureAgent

2014-07-11 02:35:25 -------- d-----w- C:\Users\Ultimate\AppData\Roaming\Intel Corporation

2014-07-11 02:32:25 -------- d-----w- C:\Users\Ultimate\AppData\Roaming\Intel

2014-07-11 02:31:18 540696 ----a-w- C:\Windows\System32\drivers\iaStor.sys

2014-07-11 02:31:15 -------- d-----w- C:\Program Files\Common Files\Intel

2014-07-11 02:31:15 -------- d-----w- C:\Program Files (x86)\Cisco

2014-07-11 02:30:34 -------- d-sh--w- C:\Windows\Installer

2014-07-11 02:30:12 53248 ----a-w- C:\Windows\SysWow64\CSVer.dll

2014-07-11 02:30:02 -------- d-----w- C:\Intel

2014-07-11 02:25:03 -------- d-----w- C:\Users\Ultimate\AppData\Local\VirtualStore

2014-07-11 02:18:56 -------- d-----w- C:\Windows\Panther

2014-07-10 23:22:00 94208 ----a-w- C:\Windows\System32\drivers\rimssne64.sys

2014-07-10 23:22:00 623616 ----a-w- C:\Windows\snymsico.dll

2014-07-10 23:21:59 402720 ----a-w- C:\Windows\System32\drivers\yk62x64.sys

2014-07-10 23:21:58 501536 ----a-w- C:\Windows\System32\yk62x64.dll

2014-07-10 23:21:38 12032 ----a-w- C:\Windows\System32\drivers\SFEP.sys

2014-07-10 23:20:02 56344 ----a-w- C:\Windows\System32\drivers\HECIx64.sys

2014-07-10 23:18:57 88064 ----a-w- C:\Windows\System32\igfxrdeu.lrc

.

==================== Find3M  ====================

.

.

============= FINISH: 22:27:44,87 ===============

 

 

LOG ATTACH

 

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft Windows 7 Ultimate 

Boot Device: \Device\HarddiskVolume1

Install Date: 10/07/2014 23:24:44

System Uptime: 15/07/2014 21:59:42 (1 hours ago)

.

Motherboard: Sony Corporation |  | VAIO

Processor: Intel® Core i3 CPU       M 380  @ 2.53GHz | N/A | 911/133mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 596 GiB total, 465,844 GiB free.

D: is CDROM ()

.

==== Disabled Device Manager Items =============

.

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}

Description: Adaptador de Túnel Teredo da Microsoft

Device ID: ROOT\*TEREDO\0000

Manufacturer: Microsoft

Name: Teredo Tunneling Pseudo-Interface

PNP Device ID: ROOT\*TEREDO\0000

Service: tunnel

.

Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}

Description: Bnbase

Device ID: ROOT\LEGACY_BNBASE\0000

Manufacturer: 

Name: Bnbase

PNP Device ID: ROOT\LEGACY_BNBASE\0000

Service: Bnbase

.

Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}

Description: Baidu NetDefense

Device ID: ROOT\LEGACY_BNDEF\0000

Manufacturer: 

Name: Baidu NetDefense

PNP Device ID: ROOT\LEGACY_BNDEF\0000

Service: Bndef

.

Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}

Description: Baidu Protect

Device ID: ROOT\LEGACY_BPROTECT\0000

Manufacturer: 

Name: Baidu Protect

PNP Device ID: ROOT\LEGACY_BPROTECT\0000

Service: Bprotect

.

==== System Restore Points ===================

.

RP1: 10/07/2014 23:30:52 - Installed Intel® PROSet/Wireless WiFi Software.

RP2: 10/07/2014 23:40:14 - Installed Microsoft Office Professional Plus 2010

RP3: 10/07/2014 23:40:27 - Installed Adobe Reader 9.3 - Português.

RP4: 10/07/2014 23:51:03 - Configuração do(a) avast! Free Antivirus

RP5: 10/07/2014 23:52:44 - Windows Update

RP6: 11/07/2014 00:02:49 - Installed Java 7 Update 21 (64-bit)

RP7: 11/07/2014 00:08:58 - DirectX instalado

RP8: 11/07/2014 00:09:34 - Installed Nero 8 Trial. Available with Windows Installer version 1.2 and later.

RP9: 11/07/2014 00:17:18 - avast! antivirus system restore point

RP11: 14/07/2014 22:18:51 - Windows Defender Checkpoint

RP12: 15/07/2014 21:53:54 - RegClean Pro ter, jul 15, 14  21:53

.

==== Installed Programs ======================

.

Adobe Flash Player 11 ActiveX

Adobe Reader 9.5.5 - Português

avast! Free Antivirus

BS.Player FREE

Google Chrome

Google Update Helper

Intel PROSet Wireless

Intel® Graphics Media Accelerator Driver

Intel® Management Engine Components

Intel® Rapid Storage Technology

Java 7 Update 21 (64-bit)

Microsoft Office Access MUI (Portuguese (Brazil)) 2010

Microsoft Office Excel MUI (Portuguese (Brazil)) 2010

Microsoft Office Groove MUI (Portuguese (Brazil)) 2010

Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2010

Microsoft Office Office 32-bit Components 2010

Microsoft Office OneNote MUI (Portuguese (Brazil)) 2010

Microsoft Office Outlook MUI (Portuguese (Brazil)) 2010

Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2010

Microsoft Office Professional Plus 2010

Microsoft Office Proof (English) 2010

Microsoft Office Proof (Portuguese (Brazil)) 2010

Microsoft Office Proof (Spanish) 2010

Microsoft Office Proofing (Portuguese (Brazil)) 2010

Microsoft Office Publisher MUI (Portuguese (Brazil)) 2010

Microsoft Office Shared 32-bit MUI (Portuguese (Brazil)) 2010

Microsoft Office Shared MUI (Portuguese (Brazil)) 2010

Microsoft Office Word MUI (Portuguese (Brazil)) 2010

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft XML Parser

Nero 8

neroxml

Software Intel® PROSet/Wireless WiFi

VCRedistSetup

WindowsMangerProtect20.0.0.502

WinRAR 4.20 (64-bit)

.

==== End Of File ===========================

 

Compartilhar este post


Link para o post
Compartilhar em outros sites
Olá

 

Desculpe a demora :)

 


 

ATENÇÃO 1: Não precisa abrir um novo tópico, coloque os novos logs neste mesmo tópico, obrigado!

ATENÇÃO 2: Não edite seu tópico, use o botão responder, obrigado!

ATENÇÃO 3: Não coloque os logs entre TAGS, obrigado!

ATENÇÃO 4: Não anexe os logs, obrigado!

 

Abraços :D

Compartilhar este post


Link para o post
Compartilhar em outros sites
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Ultimate 
Boot Device: \Device\HarddiskVolume1
Install Date: 10/07/2014 23:24:44
System Uptime: 22/07/2014 20:27:59 (0 hours ago)
.
Motherboard: Sony Corporation |  | VAIO
Processor: Intel® Core i3 CPU       M 380  @ 2.53GHz | N/A | 2533/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 596 GiB total, 446,109 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Adaptador de Túnel Teredo da Microsoft
Device ID: ROOT\*TEREDO\0000
Manufacturer: Microsoft
Name: Teredo Tunneling Pseudo-Interface
PNP Device ID: ROOT\*TEREDO\0000
Service: tunnel
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: Bnbase
Device ID: ROOT\LEGACY_BNBASE\0000
Manufacturer: 
Name: Bnbase
PNP Device ID: ROOT\LEGACY_BNBASE\0000
Service: Bnbase
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: Baidu NetDefense
Device ID: ROOT\LEGACY_BNDEF\0000
Manufacturer: 
Name: Baidu NetDefense
PNP Device ID: ROOT\LEGACY_BNDEF\0000
Service: Bndef
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: Baidu Protect
Device ID: ROOT\LEGACY_BPROTECT\0000
Manufacturer: 
Name: Baidu Protect
PNP Device ID: ROOT\LEGACY_BPROTECT\0000
Service: Bprotect
.
==== System Restore Points ===================
.
RP11: 14/07/2014 22:18:51 - Windows Defender Checkpoint
RP12: 15/07/2014 21:53:54 - RegClean Pro ter, jul 15, 14  21:53
RP13: 16/07/2014 08:11:06 - Windows Update
.
==== Installed Programs ======================
.
Adobe Flash Player 11 ActiveX
Adobe Reader 9.5.5 - Português
avast! Free Antivirus
Google Chrome
Google Update Helper
Intel PROSet Wireless
Intel® Graphics Media Accelerator Driver
Intel® Management Engine Components
Intel® Rapid Storage Technology
Java 7 Update 21 (64-bit)
Microsoft Office Access MUI (Portuguese (Brazil)) 2010
Microsoft Office Excel MUI (Portuguese (Brazil)) 2010
Microsoft Office Groove MUI (Portuguese (Brazil)) 2010
Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2010
Microsoft Office Office 32-bit Components 2010
Microsoft Office OneNote MUI (Portuguese (Brazil)) 2010
Microsoft Office Outlook MUI (Portuguese (Brazil)) 2010
Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (Portuguese (Brazil)) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (Portuguese (Brazil)) 2010
Microsoft Office Publisher MUI (Portuguese (Brazil)) 2010
Microsoft Office Shared 32-bit MUI (Portuguese (Brazil)) 2010
Microsoft Office Shared MUI (Portuguese (Brazil)) 2010
Microsoft Office Word MUI (Portuguese (Brazil)) 2010
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft XML Parser
Nero 8
neroxml
Software Intel® PROSet/Wireless WiFi
VCRedistSetup
VLC media player 2.1.3
WinRAR 4.20 (64-bit)
.
==== End Of File ===========================

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 8.0.7600.16385
Run by Ultimate at 20:30:53 on 2014-07-22
Microsoft Windows 7 Ultimate   6.1.7600.0.1252.55.1046.18.3758.2251 [GMT -3:00]
.
AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Windows\system32\sppsvc.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uDefault_Page_URL = about:blank
mStart Page = about:blank
mSearch Page = hxxp://istart.webssearches.com/web/?type=ds&ts=1405292546&from=obw&uid=TOSHIBAXMK6465GSXN_Z013B0JFBXXZ013B0JFB&q={searchTerms}
mDefault_Page_URL = about:blank
mDefault_Search_URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1405292546&from=obw&uid=TOSHIBAXMK6465GSXN_Z013B0JFBXXZ013B0JFB&q={searchTerms}
mWinlogon: Userinit = userinit.exe
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: BlockAndSurf: {5C3657B2-8265-CE58-9437-7CE44D6DC7C8} - 
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
uRun: [indxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
uRun: [blockAndSurf] C:\Program Files (x86)\di4BlockAndSurf\BlockAndSurf.exe
mRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun: [NBKeyScan] "C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
mRun: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [AnyProtect Scanner] "C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe"
mRun: [fst_br_221] <no file>
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: &Enviar para o OneNote - C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: E&xportar para o Microsoft Excel - C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{BB799EF9-E8C4-4A24-8C73-84C37E0BF747} : DHCPNameServer = 192.168.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-mStart Page = about:blank
x64-mSearch Page = hxxp://istart.webssearches.com/web/?type=ds&ts=1405292546&from=obw&uid=TOSHIBAXMK6465GSXN_Z013B0JFBXXZ013B0JFB&q={searchTerms}
x64-mDefault_Page_URL = about:blank
x64-mDefault_Search_URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1405292546&from=obw&uid=TOSHIBAXMK6465GSXN_Z013B0JFBXXZ013B0JFB&q={searchTerms}
x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-Run: [intelWireless] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel Wireless Tray
x64-Run: [igfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [bCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;avast! Revert;C:\Windows\System32\drivers\aswRvrt.sys [2014-7-10 65776]
R0 aswVmm;avast! VM Monitor;C:\Windows\System32\drivers\aswVmm.sys [2014-7-10 224896]
R1 {2b929fe1-284b-4766-afb9-19b0915b99b0}Gw64;{2b929fe1-284b-4766-afb9-19b0915b99b0}Gw64;C:\Windows\System32\drivers\{2b929fe1-284b-4766-afb9-19b0915b99b0}Gw64.sys [2014-7-13 61120]
R1 {6fcd6092-9615-4f7f-8898-8df53980e5d2}Gw64;{6fcd6092-9615-4f7f-8898-8df53980e5d2}Gw64;C:\Windows\System32\drivers\{6fcd6092-9615-4f7f-8898-8df53980e5d2}Gw64.sys [2014-7-13 61112]
R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2014-7-10 1041168]
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswsp.sys [2014-7-10 427360]
R2 aswHwid;avast! HardwareID;C:\Windows\System32\drivers\aswHwid.sys [2014-7-11 29208]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2014-7-10 79184]
R2 aswStm;aswStm;C:\Windows\System32\drivers\aswStm.sys [2014-7-11 92008]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2014-7-11 50344]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2014-7-10 13336]
R2 rimspci;rimspci;C:\Windows\System32\drivers\rimssne64.sys [2014-7-10 94208]
R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2014-7-10 2320920]
R2 webinstr;webinstr;C:\Windows\System32\drivers\webinstr.sys [2014-7-14 57528]
R3 HECIx64;Intel® Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2014-7-10 56344]
R3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2014-7-10 158976]
R3 IntcDAud;Áudio do vídeo Intel®;C:\Windows\System32\drivers\IntcDAud.sys [2014-7-10 271872]
R3 NETw5s64;Driver do adaptador Intel® Wireless WiFi Link Série 5000 para Windows 7 64 bits;C:\Windows\System32\drivers\NETw5s64.sys [2010-5-31 7689216]
R3 SFEP;Sony Firmware Extension Parser;C:\Windows\System32\drivers\SFEP.sys [2014-7-10 12032]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2014-7-10 402720]
S2 Update focusbase;Update focusbase;"C:\Program Files (x86)\focusbase\updatefocusbase.exe" --> C:\Program Files (x86)\focusbase\updatefocusbase.exe [?]
S2 Update NetCrawl;Update NetCrawl;"C:\Program Files (x86)\NetCrawl\updateNetCrawl.exe" --> C:\Program Files (x86)\NetCrawl\updateNetCrawl.exe [?]
S2 Util focusbase;Util focusbase;"C:\Program Files (x86)\focusbase\bin\utilfocusbase.exe" --> C:\Program Files (x86)\focusbase\bin\utilfocusbase.exe [?]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2010-3-5 340240]
S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-1-9 174440]
.
=============== Created Last 30 ================
.
2014-07-21 23:45:56 75888 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{A72A44A6-552A-4D52-B4EA-0BA3BF16B4B9}\offreg.dll
2014-07-16 23:07:32 -------- d-----w- C:\Users\Ultimate\AppData\Roaming\TeamViewer
2014-07-16 11:11:47 10779000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2014-07-16 11:11:43 10924376 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{A72A44A6-552A-4D52-B4EA-0BA3BF16B4B9}\mpengine.dll
2014-07-16 00:13:58 -------- d-----w- C:\Users\Ultimate\AppData\Local\Google
2014-07-15 23:53:39 -------- d-----w- C:\Program Files (x86)\predm
2014-07-15 01:08:54 57528 ----a-w- C:\Windows\System32\drivers\webinstr.sys
2014-07-15 01:06:35 -------- d-----w- C:\Users\Ultimate\AppData\Roaming\Opera Software
2014-07-15 01:06:35 -------- d-----w- C:\Users\Ultimate\AppData\Local\Opera Software
2014-07-14 00:21:42 61112 ----a-w- C:\Windows\System32\drivers\{6fcd6092-9615-4f7f-8898-8df53980e5d2}Gw64.sys
2014-07-14 00:08:10 61120 ----a-w- C:\Windows\System32\drivers\{2b929fe1-284b-4766-afb9-19b0915b99b0}Gw64.sys
2014-07-13 23:28:14 -------- d-----w- C:\Users\Ultimate\AppData\Roaming\Baidu
2014-07-13 23:28:12 -------- d-----w- C:\ProgramData\Baidu Security
2014-07-13 23:28:05 -------- d-----w- C:\ProgramData\baidu
2014-07-13 23:27:24 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-07-13 23:27:24 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-07-13 23:17:14 -------- d-----w- C:\Program Files (x86)\VideoLAN
2014-07-13 23:16:57 -------- d-----w- C:\Users\Ultimate\AppData\Roaming\BSplayer Pro
2014-07-13 23:16:30 -------- d-----w- C:\Program Files (x86)\SiteLookup
2014-07-13 23:14:26 -------- d-----w- C:\Users\Ultimate\AppData\Local\Tbccint
2014-07-13 23:14:26 -------- d-----w- C:\ProgramData\Tbccint
2014-07-13 23:04:59 -------- d-----w- C:\Users\Ultimate\AppData\Roaming\Systweak
2014-07-13 23:04:58 20312 ----a-w- C:\Windows\System32\roboot64.exe
2014-07-13 23:04:52 -------- d-----w- C:\Users\Ultimate\AppData\Local\Programs
2014-07-13 23:04:24 -------- d-----w- C:\Users\Ultimate\AppData\Local\globalUpdate
2014-07-13 23:02:42 -------- d-----w- C:\ProgramData\WindowsMangerProtect
2014-07-11 06:26:52 -------- d-----w- C:\Users\Ultimate\AppData\Roaming\AVAST Software
2014-07-11 03:26:36 92008 ----a-w- C:\Windows\System32\drivers\aswStm.sys
2014-07-11 03:26:36 29208 ----a-w- C:\Windows\System32\drivers\aswHwid.sys
2014-07-11 03:26:24 43152 ----a-w- C:\Windows\avastSS.scr
2014-07-11 03:17:23 -------- d-----w- C:\Users\Ultimate\AppData\Local\Ahead
2014-07-11 03:11:24 -------- d-----w- C:\ProgramData\Nero
2014-07-11 03:11:24 -------- d-----w- C:\Program Files (x86)\Nero
2014-07-11 03:03:40 971680 ----a-w- C:\Windows\System32\deployJava1.dll
2014-07-11 03:03:40 1092512 ----a-w- C:\Windows\System32\npDeployJava1.dll
2014-07-11 03:03:38 108448 ----a-w- C:\Windows\System32\WindowsAccessBridge-64.dll
2014-07-11 02:53:04 270496 ------w- C:\Windows\System32\MpSigStub.exe
2014-07-11 02:52:41 472064 ----a-w- C:\Windows\AutoKMS.exe
2014-07-11 02:51:54 93568 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys
2014-07-11 02:51:53 65776 ----a-w- C:\Windows\System32\drivers\aswRvrt.sys
2014-07-11 02:51:53 224896 ----a-w- C:\Windows\System32\drivers\aswVmm.sys
2014-07-11 02:51:53 1041168 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
2014-07-11 02:51:50 79184 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2014-07-11 02:51:12 -------- d-----w- C:\Program Files\AVAST Software
2014-07-11 02:43:43 -------- d-----w- C:\Program Files\Microsoft Synchronization Services
2014-07-11 02:43:27 -------- d-----w- C:\Windows\PCHEALTH
2014-07-11 02:43:27 -------- d-----w- C:\Program Files\Microsoft SQL Server Compact Edition
2014-07-11 02:43:21 -------- d-----w- C:\ProgramData\AVAST Software
2014-07-11 02:42:28 -------- d-----w- C:\Users\Ultimate\AppData\Local\Mozilla
2014-07-11 02:42:02 -------- d-----w- C:\Program Files (x86)\Microsoft Visual Studio 8
2014-07-11 02:41:28 -------- d-----w- C:\Program Files\Microsoft Analysis Services
2014-07-11 02:41:28 -------- d-----w- C:\Program Files (x86)\Microsoft Analysis Services
2014-07-11 02:41:21 -------- d-----w- C:\Users\Ultimate\AppData\Local\Microsoft Help
2014-07-11 02:40:06 -------- d-----w- C:\Users\Ultimate\AppData\Local\Adobe
2014-07-11 02:37:17 -------- d-----w- C:\Drivers
2014-07-11 02:36:45 -------- d-----w- C:\Program Files (x86)\Common Files\Intel
2014-07-11 02:36:33 -------- d-----w- C:\Program Files (x86)\Common Files\postureAgent
2014-07-11 02:35:25 -------- d-----w- C:\Users\Ultimate\AppData\Roaming\Intel Corporation
2014-07-11 02:32:25 -------- d-----w- C:\Users\Ultimate\AppData\Roaming\Intel
2014-07-11 02:31:18 540696 ----a-w- C:\Windows\System32\drivers\iaStor.sys
2014-07-11 02:31:15 -------- d-----w- C:\Program Files\Common Files\Intel
2014-07-11 02:31:15 -------- d-----w- C:\Program Files (x86)\Cisco
2014-07-11 02:30:34 -------- d-sh--w- C:\Windows\Installer
2014-07-11 02:30:12 53248 ----a-w- C:\Windows\SysWow64\CSVer.dll
2014-07-11 02:30:02 -------- d-----w- C:\Intel
2014-07-11 02:25:03 -------- d-----w- C:\Users\Ultimate\AppData\Local\VirtualStore
2014-07-11 02:18:56 -------- d-----w- C:\Windows\Panther
2014-07-10 23:22:00 94208 ----a-w- C:\Windows\System32\drivers\rimssne64.sys
2014-07-10 23:22:00 623616 ----a-w- C:\Windows\snymsico.dll
2014-07-10 23:21:59 402720 ----a-w- C:\Windows\System32\drivers\yk62x64.sys
2014-07-10 23:21:58 501536 ----a-w- C:\Windows\System32\yk62x64.dll
2014-07-10 23:21:38 12032 ----a-w- C:\Windows\System32\drivers\SFEP.sys
2014-07-10 23:20:02 56344 ----a-w- C:\Windows\System32\drivers\HECIx64.sys
2014-07-10 23:18:57 88064 ----a-w- C:\Windows\System32\igfxrdeu.lrc
.
==================== Find3M  ====================
.
.
============= FINISH: 20:31:23,82 ===============

Compartilhar este post


Link para o post
Compartilhar em outros sites

Cara nandarage

 

Recomendo que salve este tópico em seus Favoritos para facilitar na hora de encontrá-lo.
 
Por favor, atente para o seguinte:
  • Caso fique sem resposta durante 3 dias, me envie uma Mensagem Privada (MP);
O que será passado aqui, somente será com relação ao problema do seu computador portanto, não faça mais em nenhum outro;
Siga, por favor, atentamente as instruções passadas e em caso de dúvidas não hesite em perguntá-las;
Sempre coloque suas respostas neste tópico... Não abra outro!
Procure sempre me manter informado, durante a remoção, sobre o que acontece com seu computador.
Respeite a ordem das instruções passadas.
Observação: Não tome outra medida além das passadas aqui; atente para que, caso peça ajuda em outro fórum, não deixe de nos informar, sob risco de desconfigurar seu computador!

# Etapa nº 1 #

 
Faça o download Junkware Removal Tool e salve em seu Desktop.
  • Desative seus programas de proteção (antivírus etc) para evitar qualquer conflito.
  • Clique duas vezes JRT.exe
    • Se seu sistema for Windows Vista ou Windows 7 ou Windows 8, clique com o botão direito do mouse e peça para Executar como Administrador.

    [*]Seja paciente e aguarde o scan terminar.[*]Abra o log JRT.txt que está em seu Desktop.[*]Copie todo conteúdo e cole em sua próximo mensagem.

 
# Etapa nº 2 #
 

  • Clique duas vezes no adwcleaner.exe
  • Atenção: Usuários Windows Vista, 7 e 8, cliquem com o botão direito do mouse e escolha: execadmin.png

  • Clique em Pesquisar
No final do scan será aberto um log com o resultado.
Caso algo seja detectado, clique então no botão Remover.
Novamente, no final do scan será aberto um log com o resultado.
Copie todo seu conteúdo e cole em sua próxima resposta.

 
# Etapa nº 3 #
 
Leia as instruções contidas neste link:
 
 
Nas instruções contidas no link acima, poderá verificar quais os fóruns onde os Analistas estão devidamente habilitados a utilizar corretamente a ferramenta:"Fóruns para receber ajuda com logs do ComboFix"
Faça o download do ComboFix de um dos links oficiais listados abaixo e salve no seu desktop:

[*]Temporariamente e durante a execução destas instruções, é muito importante que mantenha desabilitados os seus programas de proteção (Antivirus, Antispyware e Firewall). Reative as proteções após a execução do(s) procedimento(s) abaixo mencionado(s).
[*]Duplo clique no icone desktopicon.png que está no desktop.
[*]Leia e aceite as condições, digitando 1 e enter.
[*]Computadores com Windows XP deverão instalar o Console de Recuperação:
Se o seu computador tem instalado o Windows XP e ainda não tem instalado o Console de Recuperação, por favor certifique-se que está conectado à Internet, e clique em "Sim".
Clique em "OK" ao EULA.
Quando o Console de Recuperação estiver já instalado, clique em "SIM" para continuar.

[*]O ComboFix será executado, por favor seja paciente e aguarde.
[*]Atenção: Não utilize o mouse nem o teclado enquanto a ferramenta estiver sendo executada, isso pode fazer com que o computador pare.
[*]Poderá surgir o aviso que é necessário reiniciar o computador.
NÃO REINICIE!!! O ComboFix reiniciará o computador automaticamente.
[*]Quando a ferramenta terminar de rodar, gerará um log (o arquivo C:\ComboFix.txt). Copie e cole o conteúdo desse arquivo na sua proxima resposta.


NÃO utilize a ferramenta por conta própria. É uma ferramenta poderosa criada pra lidar com infecções sofisticadas e caso não a utilize corretamente poderá danificar o seu computador.
Existem vários malwares que impedem a execução correta da ferramenta e com isso danificar gravemente o computador. Analistas habilitados a utilizar o ComboFix conhecem esses casos e sabem lidar com estas situações.
Muitos dos Analistas não respondem a topicos em que vejam que o ComboFix foi utilizado sem supervisão.
Existem varias ferramentas anti-malware generalistas em que os autores ao elaborarem a programação das mesmas, estão pensando nos usuários finais e para serem usadas sem supervisão. O Combofix não é uma ferramenta desse tipo, e assim sendo e até por respeito ao autor da ferramenta, não utilize sem supervisão.

Abraços :D

Compartilhar este post


Link para o post
Compartilhar em outros sites
Visitante
Este tópico está impedido de receber novos posts.





Sobre o Clube do Hardware

No ar desde 1996, o Clube do Hardware é uma das maiores, mais antigas e mais respeitadas publicações sobre tecnologia do Brasil. Leia mais

Direitos autorais

Não permitimos a cópia ou reprodução do conteúdo do nosso site, fórum, newsletters e redes sociais, mesmo citando-se a fonte. Leia mais

×