Ir ao conteúdo
  • Cadastre-se
carloscatraio

Virus?

Recommended Posts

Olá boa tarde,

de alguns dias pra cá notei que meu computador está um pouco lento e que fica a todo instante indo pra área de trabalho, por exemplo, enquanto eu digitava esse texto a tela saiu do chrome e foi pra área de trabalho 5x. eu não sei que tipo de problema é esse estou enviando os logs.

 

 
 
agradeço a ajuda.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Poste os logs aqui no fórum.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 13-03-2014 01
Ran by Cliente (administrator) on CLIENTE-PC on 20-03-2014 03:56:42
Running from C:\Users\Cliente\Downloads
Microsoft Windows 7 Ultimate Service Pack 1 (X86) OS Language: Portuguese Brazilian
Internet Explorer Version 10
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(IObit) C:\Program Files\IObit\Advanced SystemCare 7\ASCService.exe
(GAS Tecnologia) C:\Program Files\GbPlugin\GbpSv.exe
(ALWIL Software) C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(ALWIL Software) C:\Program Files\Alwil Software\Avast5\AvastUI.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(IObit) C:\Program Files\IObit\Advanced SystemCare 7\ASCTray.exe
() C:\Program Files\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe
() C:\Program Files\IObit\Advanced SystemCare 7\RealTimeProtector.exe
(Microsoft Corporation) C:\Windows\system32\wuauclt.exe
(Intel Corporation) C:\Windows\system32\igfxsrvc.exe
(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
(IObit) C:\Program Files\IObit\Advanced SystemCare 7\ASC.exe
(BitTorrent Inc.) C:\Users\Cliente\AppData\Roaming\uTorrent\uTorrent.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\system32\AUDIODG.EXE


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [bCSSync] - C:\Program Files\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation)
HKLM\...\Run: [avast5] - C:\Program Files\Alwil Software\Avast5\avastUI.exe [2815192 2010-05-06] (ALWIL Software)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RtkNGUI.exe [6336216 2013-12-12] (Realtek Semiconductor)
Winlogon\Notify\ GbPluginBb: C:\Program Files\GbPlugin\gbieh.dll (Banco do Brasil)
HKU\S-1-5-21-702147664-3736484001-2305147676-1000\...\Run: [DAEMON Tools Lite] - C:\Program Files\DAEMON Tools Lite\DTLite.exe [3673728 2012-11-06] (DT Soft Ltd)
HKU\S-1-5-21-702147664-3736484001-2305147676-1000\...\Run: [uTorrent] - C:\Users\Cliente\AppData\Roaming\uTorrent\uTorrent.exe [1342032 2013-12-12] (BitTorrent Inc.)
HKU\S-1-5-21-702147664-3736484001-2305147676-1000\...\Run: [Advanced SystemCare 7] - C:\Program Files\IObit\Advanced SystemCare 7\ASCTray.exe [2285344 2013-12-18] (IObit)
HKU\S-1-5-21-702147664-3736484001-2305147676-1000\...\MountPoints2: {166d050c-4033-11e3-b7ff-8c89a5f22676} - H:\LGAutoRun.exe
HKU\S-1-5-21-702147664-3736484001-2305147676-1000\...\MountPoints2: {ca8a0273-3ccc-11e3-ba14-806e6f6e6963} - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL E:\Abrir_os_Cadernos_Virtuais.html
Startup: C:\Users\Cliente\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://br.search.yahoo.com/?type=402027&fr=spigot-yhp-ie
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://br.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x81E4447C71F7CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = pt-br
SearchScopes: HKCU - DefaultScope {73AB6D90-417B-4EFD-BA87-D88BFF16A1AE} URL = http://br.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=402027&p={searchTerms}
SearchScopes: HKCU - {73AB6D90-417B-4EFD-BA87-D88BFF16A1AE} URL = http://br.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=402027&p={searchTerms}
BHO: ExplorerWnd Helper - {10921475-03CE-4E04-90CE-E2E7EF20C814} - C:\Program Files\IObit\IObit Uninstaller\UninstallExplorer32.dll (IObit)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Advanced SystemCare Browser Protection - {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:\Program Files\IObit\Surfing Protection\BrowerProtect\ASCPlugin_Protection.dll (IObit)
BHO: GbIehObj Class - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\Program Files\GbPlugin\gbieh.dll (Banco do Brasil)
ShellExecuteHooks: GbPluginObj Class - {E37CB5F0-51F5-4395-A808-5FA49E399F83} - C:\Program Files\GbPlugin\gbieh.dll [1487912 2013-10-07] (Banco do Brasil)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Cliente\AppData\Roaming\Mozilla\Firefox\Profiles\9b1q5ive.default
FF user.js: detected! => C:\Users\Cliente\AppData\Roaming\Mozilla\Firefox\Profiles\9b1q5ive.default\user.js
FF Homepage: hxxp://br.search.yahoo.com/?type=402027&fr=spigot-yhp-ff
FF Keyword.URL: hxxp://br.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=402027&p=
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.1.2 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: gastecnologia.com.br/sf/bb - C:\Users\Cliente\AppData\Local\GAS Tecnologia\GBBD\npsf_bb.dll (GAS Tecnologia)
FF SearchPlugin: C:\Users\Cliente\AppData\Roaming\Mozilla\Firefox\Profiles\9b1q5ive.default\searchplugins\yahoo_ff.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\buscape.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\mercadolivre.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-br.xml
FF Extension: Advanced SystemCare Surfing Protection - C:\Users\Cliente\AppData\Roaming\Mozilla\Firefox\Profiles\9b1q5ive.default\Extensions\ascsurfingprotection@iobit.com [2013-12-26]
FF HKCU\...\Firefox\Extensions: [{87F8774F-B485-47E2-A755-A40A8A5E886C}] - C:\Users\Cliente\AppData\Local\GAS Tecnologia\GBBD\bb\xpi
FF Extension: GBBD Banco do Brasil - C:\Users\Cliente\AppData\Local\GAS Tecnologia\GBBD\bb\xpi [2013-12-27]

Chrome:
=======
CHR DefaultSearchKeyword: google.com.br
CHR Extension: (Ebay Shopping Assistant by Spigot) - C:\Users\Cliente\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbcennhacfaagdopikcegfcobcadeocj [2014-03-20]
CHR Extension: (Domain Error Assistant) - C:\Users\Cliente\AppData\Local\Google\Chrome\User Data\Default\Extensions\icdlfehblmklkikfigmjhbmmpmkmpooj [2014-03-20]
CHR Extension: (Slick Savings) - C:\Users\Cliente\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkk [2014-03-20]
CHR Extension: (Advanced SystemCare Surfing Protection) - C:\Users\Cliente\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfengeggddojhakldhlpjdlddgkkjkdd [2014-03-20]
CHR Extension: (Google Wallet) - C:\Users\Cliente\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-12-27]
CHR Extension: (Amazon Shopping Assistant by Spigot) - C:\Users\Cliente\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfndaklgolladniicklehhancnlgocpp [2014-03-20]
CHR HKLM\...\Chrome\Extension: [hbcennhacfaagdopikcegfcobcadeocj] - C:\Program Files\Common Files\Spigot\GC\saebay_1.1.crx [2013-10-14]
CHR HKLM\...\Chrome\Extension: [icdlfehblmklkikfigmjhbmmpmkmpooj] - C:\Program Files\Common Files\Spigot\GC\ErrorAssistant_1.2.crx [2013-11-06]
CHR HKLM\...\Chrome\Extension: [mhkaekfpcppmmioggniknbnbdbcigpkk] - C:\Users\Cliente\AppData\Local\Slick Savings\coupons.crx [2013-12-26]
CHR HKLM\...\Chrome\Extension: [nfengeggddojhakldhlpjdlddgkkjkdd] - C:\Program Files\IObit\Surfing Protection\BrowerProtect\ASC_GhromePlugin.crx [2013-12-26]
CHR HKLM\...\Chrome\Extension: [pfndaklgolladniicklehhancnlgocpp] - C:\Program Files\Common Files\Spigot\GC\saamazon_1.0.crx [2012-11-22]

========================== Services (Whitelisted) =================

R2 AdvancedSystemCareService7; C:\Program Files\IObit\Advanced SystemCare 7\ASCService.exe [881440 2013-12-09] (IObit)
R2 avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [40384 2010-05-06] (ALWIL Software)
R3 avast! Mail Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [40384 2010-05-06] (ALWIL Software)
R3 avast! Web Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [40384 2010-05-06] (ALWIL Software)
S3 cphs; C:\Windows\system32\IntelCpHeciSvc.exe [279024 2013-12-12] (Intel Corporation)
R2 GbpSv; C:\Program Files\GbPlugin\GbpSv.exe [452136 2013-10-08] (GAS Tecnologia)
S2 LiveUpdateSvc; C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe [2151200 2013-12-03] (IObit)

==================== Drivers (Whitelisted) ====================

R2 aswFsBlk; C:\Windows\system32\Drivers\aswFsBlk.sys [19024 2010-05-06] (ALWIL Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [51792 2010-05-06] (ALWIL Software)
R1 aswRdr; C:\Windows\system32\Drivers\aswRdr.sys [23376 2010-05-06] (ALWIL Software)
R1 aswSP; C:\Windows\system32\Drivers\aswSP.sys [164048 2010-05-06] (ALWIL Software)
R1 aswTdi; C:\Windows\system32\Drivers\aswTdi.sys [46672 2010-05-06] (ALWIL Software)
R3 athur; C:\Windows\System32\DRIVERS\athur.sys [1570304 2012-10-18] (Atheros Communications, Inc.)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [242240 2013-10-31] (DT Soft Ltd)
R0 GbpKm; C:\Windows\System32\drivers\gbpkm.sys [49536 2013-05-08] (GAS Tecnologia)
R3 MEI; C:\Windows\System32\DRIVERS\TeeDriver.sys [86488 2013-12-12] (Intel Corporation)
S3 Ndisrd; C:\Windows\System32\DRIVERS\gbpndisrd.sys [31088 2014-03-19] (GbPlugin NDIS Device Driver)
R3 NdisrdMP; C:\Windows\System32\DRIVERS\gbpndisrd.sys [31088 2014-03-19] (GbPlugin NDIS Device Driver)
S3 NTIOLib_1_0_6; C:\Program Files\Setup Files\Ms7788v270\NTIOLib.sys [7680 2011-01-06] (MSI)
S3 MSICDSetup; \??\E:\CDriver.sys [X]
S3 NTIOLib_1_0_4; \??\C:\Program Files\MSI\Live Update 5\NTIOLib.sys [X]
S3 NTIOLib_1_0_C; \??\E:\NTIOLib.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-03-20 03:56 - 2014-03-20 03:56 - 01145856 _____ (Farbar) C:\Users\Cliente\Downloads\FRST.exe
2014-03-20 03:56 - 2014-03-20 03:56 - 00012289 _____ () C:\Users\Cliente\Downloads\FRST.txt
2014-03-20 03:56 - 2014-03-20 03:56 - 00000000 ____D () C:\FRST
2014-03-20 00:21 - 2014-03-20 01:06 - 00000000 ____D () C:\Users\Cliente\Downloads\O Hobbit A Desolação de Smaug Bluray 1080p Legendado - FilmesBlurayTorrent.com-
2014-03-20 00:20 - 2014-03-20 00:53 - 00000000 ____D () C:\Users\Cliente\Downloads\Inferno de Dante Uma Animação Épica [2010] BluRay 720p Dublado
2014-03-19 17:25 - 2014-03-19 17:25 - 00000000 ____D () C:\Users\Cliente\Downloads\O Vencedor (2010) BDRip 1080p Dublado - The Pirate Filmes
2014-03-19 12:20 - 2014-03-19 12:20 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_TeeDriver_01011.Wdf
2014-03-18 17:53 - 2014-03-18 17:58 - 00000000 ____D () C:\Users\Cliente\AppData\Roaming\TP-LINK
2014-03-18 17:53 - 2014-03-18 17:53 - 00002220 _____ () C:\Users\Public\Desktop\TP-LINK Wireless Configuration Utility.lnk
2014-03-18 17:53 - 2014-03-18 17:53 - 00000000 ____D () C:\Program Files\TP-LINK
2014-03-18 17:52 - 2014-03-18 17:53 - 00000000 ____D () C:\Users\Todos os Usuários\TP-LINK
2014-03-18 17:52 - 2014-03-18 17:53 - 00000000 ____D () C:\ProgramData\TP-LINK
2014-03-18 17:52 - 2012-10-18 15:04 - 01570304 ____N (Atheros Communications, Inc.) C:\Windows\system32\athur.sys
2014-03-18 17:52 - 2012-10-18 15:04 - 01570304 _____ (Atheros Communications, Inc.) C:\Windows\system32\Drivers\athur.sys
2014-03-18 17:52 - 2012-10-18 15:04 - 00007514 ____N () C:\Windows\system32\athurext.cat
2014-03-09 21:22 - 2014-03-17 22:59 - 00046592 ___SH () C:\Users\Cliente\Documents\Thumbs.db

==================== One Month Modified Files and Folders =======

2014-03-20 03:56 - 2014-03-20 03:56 - 01145856 _____ (Farbar) C:\Users\Cliente\Downloads\FRST.exe
2014-03-20 03:56 - 2014-03-20 03:56 - 00012289 _____ () C:\Users\Cliente\Downloads\FRST.txt
2014-03-20 03:56 - 2014-03-20 03:56 - 00000000 ____D () C:\FRST
2014-03-20 03:56 - 2013-12-12 18:57 - 00000000 ____D () C:\Users\Cliente\AppData\Roaming\uTorrent
2014-03-20 03:42 - 2013-12-12 13:00 - 00000000 ____D () C:\Program Files\Steam
2014-03-20 02:57 - 2013-12-27 09:37 - 00001058 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-03-20 01:06 - 2014-03-20 00:21 - 00000000 ____D () C:\Users\Cliente\Downloads\O Hobbit A Desolação de Smaug Bluray 1080p Legendado - FilmesBlurayTorrent.com-
2014-03-20 00:53 - 2014-03-20 00:20 - 00000000 ____D () C:\Users\Cliente\Downloads\Inferno de Dante Uma Animação Épica [2010] BluRay 720p Dublado
2014-03-19 21:55 - 2013-12-12 13:00 - 00000000 ____D () C:\Program Files\Common Files\Steam
2014-03-19 21:41 - 2014-01-07 04:41 - 01262153 ____N () C:\Windows\WindowsUpdate.log
2014-03-19 18:57 - 2013-12-27 09:37 - 00001054 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-03-19 17:25 - 2014-03-19 17:25 - 00000000 ____D () C:\Users\Cliente\Downloads\O Vencedor (2010) BDRip 1080p Dublado - The Pirate Filmes
2014-03-19 16:03 - 2014-01-11 01:00 - 00000000 ____D () C:\Users\Cliente\Downloads\Once.Upon.a.Time
2014-03-19 15:54 - 2013-10-24 15:16 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2014-03-19 12:20 - 2014-03-19 12:20 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_TeeDriver_01011.Wdf
2014-03-19 11:54 - 2009-07-14 01:34 - 00016816 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-03-19 11:54 - 2009-07-14 01:34 - 00016816 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-03-19 11:49 - 2013-12-22 22:28 - 00031088 _____ (GbPlugin NDIS Device Driver) C:\Windows\system32\Drivers\GbpNdisrd.sys
2014-03-19 11:49 - 2013-10-24 15:13 - 00000204 _____ () C:\Windows\Tasks\AutoKMS.job
2014-03-19 11:49 - 2009-07-14 01:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-03-19 09:30 - 2013-12-22 22:58 - 00000000 ____D () C:\Users\Cliente\AppData\Roaming\vlc
2014-03-18 17:58 - 2014-03-18 17:53 - 00000000 ____D () C:\Users\Cliente\AppData\Roaming\TP-LINK
2014-03-18 17:53 - 2014-03-18 17:53 - 00002220 _____ () C:\Users\Public\Desktop\TP-LINK Wireless Configuration Utility.lnk
2014-03-18 17:53 - 2014-03-18 17:53 - 00000000 ____D () C:\Program Files\TP-LINK
2014-03-18 17:53 - 2014-03-18 17:52 - 00000000 ____D () C:\Users\Todos os Usuários\TP-LINK
2014-03-18 17:53 - 2014-03-18 17:52 - 00000000 ____D () C:\ProgramData\TP-LINK
2014-03-18 17:53 - 2013-10-24 15:26 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2014-03-18 15:23 - 2011-02-04 14:30 - 01491932 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-03-18 15:23 - 2009-07-14 05:31 - 00654272 _____ () C:\Windows\system32\prfh0416.dat
2014-03-18 15:23 - 2009-07-14 05:31 - 00124724 _____ () C:\Windows\system32\prfc0416.dat
2014-03-18 11:45 - 2013-12-26 08:40 - 00000000 ____D () C:\Users\Todos os Usuários\ProductData
2014-03-18 11:45 - 2013-12-26 08:40 - 00000000 ____D () C:\ProgramData\ProductData
2014-03-17 22:59 - 2014-03-09 21:22 - 00046592 ___SH () C:\Users\Cliente\Documents\Thumbs.db
2014-03-09 20:50 - 2011-02-05 15:00 - 00000000 ___RD () C:\Users\Public\Recorded TV
2014-02-22 12:37 - 2013-12-27 10:14 - 00000000 ____D () C:\Users\Cliente\Downloads\Emulador NINTENDO DS
2014-02-20 22:53 - 2013-10-24 14:00 - 00000000 ____D () C:\Users\Cliente

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-03-20 00:56

==================== End Of Log ============================

 

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 13-03-2014 01
Ran by Cliente at 2014-03-20 03:56:59
Running from C:\Users\Cliente\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: avast! Antivirus (Enabled - Up to date) {C37D8F93-0602-E43C-40AA-47DAD597F308}
AS: avast! Antivirus (Enabled - Up to date) {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

µTorrent (HKCU\...\uTorrent) (Version: 3.3.2.30380 - BitTorrent Inc.)
Adobe Flash Player 11 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 11.9.900.170 - Adobe Systems Incorporated)
Adobe Flash Player 11 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 11.9.900.170 - Adobe Systems Incorporated)
Adobe Reader X (10.1.9) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.9 - Adobe Systems Incorporated)
Advanced SystemCare 7 (HKLM\...\Advanced SystemCare 7_is1) (Version: 7.1.0 - IObit)
Assassin's Creed (HKLM\...\{8CFA9151-6404-409A-AF22-4632D04582FD}) (Version: 1.00 - Ubisoft)
CCleaner (HKLM\...\CCleaner) (Version: 4.08 - Piriform)
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 4.46.1.0327 - DT Soft Ltd)
Dota 2 (HKLM\...\Steam App 570) (Version: - Valve)
Driver San Francisco (HKLM\...\Driver San Francisco) (Version: 1.0.0.0 - Ubisoft)
GBBD Banco do Brasil (HKCU\...\{36386dc9-8543-4b12-ae6b-220fd52f19f3}_is1) (Version: GBBD Banco do Brasil - )
Google Chrome (HKLM\...\Google Chrome) (Version: 33.0.1750.154 - Google Inc.)
Google Update Helper (Version: 1.3.22.5 - Google Inc.) Hidden
Intel® Processor Graphics (HKLM\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.3347 - Intel Corporation)
Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
IObit Uninstaller (HKLM\...\IObitUninstall) (Version: 3.0.5.1228 - IObit)
Left 4 Dead 2 (HKLM\...\Steam App 550) (Version: - Valve)
Megacubo 10 (HKLM\...\Megacubo_is1) (Version: 1.6.3 - www.megacubo.net)
Microsoft Office Access MUI (Portuguese (Brazil)) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (Portuguese (Brazil)) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (Portuguese (Brazil)) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (Portuguese (Brazil)) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (Portuguese (Brazil)) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Portuguese (Brazil)) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (Portuguese (Brazil)) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (Portuguese (Brazil)) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (Portuguese (Brazil)) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (Portuguese (Brazil)) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 26.0 (x86 pt-BR) (HKLM\...\Mozilla Firefox 26.0 (x86 pt-BR)) (Version: 26.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 26.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
Neverwinter (HKLM\...\Steam App 109600) (Version: - Cryptic Studios)
Realtek Ethernet Controller Driver (HKLM\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.67.1226.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7083 - Realtek Semiconductor Corp.)
Resident Evil 6 version 5.1 (HKLM\...\{0BC95CC8-CFE7-4C60-9DBF-258443C3C6C6}_is1) (Version: 5.1 - Black_Box)
Steam (HKLM\...\Steam) (Version: - Valve Corporation)
Surfing Protection (HKLM\...\IObit Surfing Protection_is1) (Version: 1.0 - IObit)
TP-LINK 150Mbps Wireless N USB Adapter Driver (HKLM\...\{38A1E3ED-D913-41D2-9953-A93D5ACE3ADF}) (Version: 1.3.1 - TP-LINK)
TP-LINK Wireless Configuration Utility (HKLM\...\{319D91C6-3D44-436C-9F79-36C0D22372DC}) (Version: 1.3.1 - TP-LINK)
Ubisoft Game Launcher (HKLM\...\{888F1505-C2B3-4FDE-835D-36353EBD4754}) (Version: 1.0.0.0 - UBISOFT)
VLC media player 2.1.2 (HKLM\...\VLC media player) (Version: 2.1.2 - VideoLAN)
VSFilter 2.41.35 (d08a416) Nightly (HKLM\...\vsfilter_is1) (Version: 2.41.35 - MPC-HC Team)
War Thunder (HKLM\...\Steam App 236390) (Version: - Gaijin Entertainment)
WinRAR 4.11 (32-bit) (HKLM\...\WinRAR archiver) (Version: 4.11.0 - win.rar GmbH)
World of Warcraft (HKLM\...\World of Warcraft) (Version: - Blizzard Entertainment)

==================== Restore Points =========================

19-03-2014 15:20:14 Driver Booster : Intel® Management Engine Interface
19-03-2014 20:44:15 Instalador de Módulos do Windows

==================== Hosts content: ==========================

2009-07-13 23:04 - 2009-06-10 18:39 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {01BDC629-2F50-4D6D-9C2D-FECE609E95B0} - System32\Tasks\ASC7_SkipUac_Cliente => C:\Program Files\IObit\Advanced SystemCare 7\ASC.exe [2013-12-16] (IObit)
Task: {2C6ADDE0-4935-48FD-BA9E-38A766F5F49C} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS.exe [2013-10-24] ()
Task: {3174FD54-FDEC-4A5A-A3DA-9F55F1FE481C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-12-27] (Google Inc.)
Task: {386F2682-C7BF-431D-B5B5-7D3D7B5C85F3} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-12-27] (Google Inc.)
Task: {739CA15D-5735-4F8F-B06F-FBF988AD8581} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-11-22] (Piriform Ltd)
Task: {A8EEFF26-4857-47E3-9743-6B17E8E4D9FB} - System32\Tasks\ASC7_PerformanceMonitor => C:\Program Files\IObit\Advanced SystemCare 7\Monitor.exe [2013-12-03] (IObit)
Task: C:\Windows\Tasks\AutoKMS.job => C:\Windows\AutoKMS.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2013-12-26 08:40 - 2013-10-25 12:08 - 00517408 _____ () C:\Program Files\IObit\Advanced SystemCare 7\sqlite3.dll
2014-03-19 15:51 - 2014-03-19 11:34 - 02283520 _____ () C:\Program Files\Alwil Software\Avast5\defs\14031901\algo.dll
2010-01-30 01:41 - 2010-01-30 01:41 - 04254560 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2013-10-24 15:23 - 2012-10-10 20:27 - 00094208 _____ () C:\Windows\System32\IccLibDll.dll
2013-12-26 08:40 - 2013-01-15 18:47 - 00893248 _____ () C:\Program Files\IObit\Advanced SystemCare 7\webres.dll
2014-03-18 17:53 - 2012-10-18 15:28 - 00846848 _____ () C:\Program Files\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe
2014-03-18 17:53 - 2012-10-18 15:28 - 01411072 _____ () C:\Program Files\TP-LINK\TP-LINK Wireless Configuration Utility\nicLan.dll
2014-03-18 17:53 - 2012-06-12 14:43 - 00193024 _____ () C:\Program Files\TP-LINK\TP-LINK Wireless Configuration Utility\DC_WFF.dll
2014-03-18 17:53 - 2012-10-18 15:28 - 00137728 _____ () C:\Program Files\TP-LINK\TP-LINK Wireless Configuration Utility\WJWF\WJWF.dll
2014-03-18 17:53 - 2012-10-18 15:28 - 00116224 _____ () C:\Program Files\TP-LINK\TP-LINK Wireless Configuration Utility\WJWF\WJWF_WPS_WIN7.DLL
2013-12-26 08:40 - 2013-10-25 12:07 - 01120032 _____ () C:\Program Files\IObit\Advanced SystemCare 7\RealTimeProtector.exe
2013-12-26 08:40 - 2013-01-15 18:48 - 00348992 _____ () C:\Program Files\IObit\Advanced SystemCare 7\madExcept_.bpl
2013-12-26 08:40 - 2013-01-15 18:48 - 00183616 _____ () C:\Program Files\IObit\Advanced SystemCare 7\madBasic_.bpl
2013-12-26 08:40 - 2013-01-15 18:48 - 00051008 _____ () C:\Program Files\IObit\Advanced SystemCare 7\madDisAsm_.bpl
2013-12-26 08:40 - 2013-12-02 19:06 - 01281312 _____ () C:\Program Files\IObit\Advanced SystemCare 7\Scan.dll
2014-03-18 21:12 - 2014-03-14 21:50 - 00051016 _____ () C:\Program Files\Google\Chrome\Application\33.0.1750.154\chrome_elf.dll
2014-03-18 21:12 - 2014-03-14 21:50 - 00716616 _____ () C:\Program Files\Google\Chrome\Application\33.0.1750.154\libglesv2.dll
2014-03-18 21:12 - 2014-03-14 21:50 - 00100168 _____ () C:\Program Files\Google\Chrome\Application\33.0.1750.154\libegl.dll
2014-03-18 21:12 - 2014-03-14 21:50 - 04061000 _____ () C:\Program Files\Google\Chrome\Application\33.0.1750.154\pdf.dll
2014-03-18 21:12 - 2014-03-14 21:50 - 00394568 _____ () C:\Program Files\Google\Chrome\Application\33.0.1750.154\ppGoogleNaClPluginChrome.dll
2014-03-18 21:12 - 2014-03-14 21:50 - 01647432 _____ () C:\Program Files\Google\Chrome\Application\33.0.1750.154\ffmpegsumo.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\Windows\System32:4BC930A9_Bb.gbp
AlternateDataStreams: C:\Windows\system32\drivers:GbpKmAp.lst

==================== Safe Mode (whitelisted) ===================


==================== Disabled items from MSCONFIG ==============

MSCONFIG\Services: wuauserv => 2
MSCONFIG\startupreg: Live Update 5 => C:\Program Files\MSI\Live Update 5\BootStartLiveupdate.exe /reminder

==================== Faulty Device Manager Devices =============

Name: Microsoft PS/2 Mouse
Description: Microsoft PS/2 Mouse
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (03/20/2014 00:25:45 AM) (Source: Steam Client Service) (User: )
Description: Error: Failed to poke open firewall

Error: (03/19/2014 09:55:22 PM) (Source: Steam Client Service) (User: )
Description: Error: Failed to poke open firewall

Error: (03/19/2014 00:20:14 PM) (Source: VSS) (User: )
Description: Erro do Serviço de Cópias de Sombra de Volume: erro inesperado ao consultar a interface IVssWriterCallback. hr = 0x80070005, Acesso negado.
.
Muitas vezes, isso é causado por configurações de segurança incorretas no processo gravador ou solicitante.


Operação:
Obtendo Dados do Gravador

Contexto:
Id de Classe de Gravador: {e8132975-6f93-4464-a53e-1050253ae220}
Nome do Gravador: System Writer
ID de Instância de Gravador: {6df051db-4087-4497-9a52-cc188a4eabc5}

Error: (03/19/2014 08:37:04 AM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Falha dos Serviços de Criptografia ao inicializar o Catálogo do Banco de Dados. Erro do ESENT:-550.

Error: (03/19/2014 08:36:19 AM) (Source: ESENT) (User: )
Description: taskhost (2496) Uma tentativa de abrir o arquivo "C:\Users\Cliente\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat" para acesso somente leitura falhou com o erro de sistema 32 (0x00000020): "O arquivo já está sendo usado por outro processo. ". A operação para abrir o arquivo falhará com o erro -1032 (0xfffffbf8).

Error: (03/19/2014 02:20:51 AM) (Source: SideBySide) (User: )
Description: Falha na geração de contexto de ativação para "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Assembly dependente Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" não pôde ser localizado.
Use o arquivo sxstrace.exe para obter um diagnóstico detalhado.

Error: (03/18/2014 06:27:38 PM) (Source: Steam Client Service) (User: )
Description: Error: Failed to poke open firewall

Error: (03/18/2014 05:52:48 PM) (Source: VSS) (User: )
Description: Erro do Serviço de Cópias de Sombra de Volume: erro inesperado ao consultar a interface IVssWriterCallback. hr = 0x80070005, Acesso negado.
.
Muitas vezes, isso é causado por configurações de segurança incorretas no processo gravador ou solicitante.


Operação:
Obtendo Dados do Gravador

Contexto:
Id de Classe de Gravador: {e8132975-6f93-4464-a53e-1050253ae220}
Nome do Gravador: System Writer
ID de Instância de Gravador: {60bc24df-5590-4153-b6d0-649fc32095d8}

Error: (03/18/2014 00:13:53 PM) (Source: SideBySide) (User: )
Description: Falha na geração de contexto de ativação para "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Assembly dependente Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" não pôde ser localizado.
Use o arquivo sxstrace.exe para obter um diagnóstico detalhado.

Error: (03/18/2014 11:44:21 AM) (Source: ESENT) (User: )
Description: taskhost (2652) Uma tentativa de abrir o arquivo "C:\Users\Cliente\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat" para acesso somente leitura falhou com o erro de sistema 32 (0x00000020): "O arquivo já está sendo usado por outro processo. ". A operação para abrir o arquivo falhará com o erro -1032 (0xfffffbf8).


System errors:
=============
Error: (03/19/2014 11:50:35 AM) (Source: Service Control Manager) (User: )
Description: O serviço LiveUpdate foi encerrado inesperadamente. Isso aconteceu 1 vez(es).

Error: (03/19/2014 08:37:12 AM) (Source: Service Control Manager) (User: )
Description: O serviço LiveUpdate foi encerrado inesperadamente. Isso aconteceu 1 vez(es).

Error: (03/19/2014 08:35:41 AM) (Source: EventLog) (User: )
Description: O desligamento anterior do sistema em 08:34:48 às ‎19/‎03/‎2014 não era esperado.

Error: (03/19/2014 00:20:03 AM) (Source: athur) (User: )
Description: TP-LINK Wireless USB Adapter: Determinou que o adaptador de rede não está funcionando corretamente.

Error: (03/18/2014 06:27:37 PM) (Source: Service Control Manager) (User: )
Description: Não foi possível iniciar o serviço Steam Client Service devido ao seguinte erro:
%%1053

Error: (03/18/2014 06:27:37 PM) (Source: Service Control Manager) (User: )
Description: Tempo limite esgotado (30000 milissegundos) ao aguardar a conexão do serviço Steam Client Service.

Error: (03/18/2014 11:45:13 AM) (Source: Service Control Manager) (User: )
Description: O serviço LiveUpdate foi encerrado inesperadamente. Isso aconteceu 1 vez(es).

Error: (03/16/2014 11:22:05 AM) (Source: Service Control Manager) (User: )
Description: O serviço LiveUpdate foi encerrado inesperadamente. Isso aconteceu 1 vez(es).

Error: (03/15/2014 03:02:29 PM) (Source: Disk) (User: )
Description: O driver detectou um erro de controlador em \Device\Harddisk1\DR3.

Error: (03/15/2014 08:58:30 AM) (Source: Service Control Manager) (User: )
Description: O serviço LiveUpdate foi encerrado inesperadamente. Isso aconteceu 1 vez(es).


Microsoft Office Sessions:
=========================
Error: (03/20/2014 00:25:45 AM) (Source: Steam Client Service)(User: )
Description: Failed to poke open firewall

Error: (03/19/2014 09:55:22 PM) (Source: Steam Client Service)(User: )
Description: Failed to poke open firewall

Error: (03/19/2014 00:20:14 PM) (Source: VSS)(User: )
Description: 0x80070005, Acesso negado.


Operação:
Obtendo Dados do Gravador

Contexto:
Id de Classe de Gravador: {e8132975-6f93-4464-a53e-1050253ae220}
Nome do Gravador: System Writer
ID de Instância de Gravador: {6df051db-4087-4497-9a52-cc188a4eabc5}

Error: (03/19/2014 08:37:04 AM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: -550

Error: (03/19/2014 08:36:19 AM) (Source: ESENT)(User: )
Description: taskhost2496C:\Users\Cliente\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat-1032 (0xfffffbf8)32 (0x00000020)O arquivo já está sendo usado por outro processo.

Error: (03/19/2014 02:20:51 AM) (Source: SideBySide)(User: )
Description: Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"c:\program files\IObit\driver booster\DpInst\x64\dpinst.exe

Error: (03/18/2014 06:27:38 PM) (Source: Steam Client Service)(User: )
Description: Failed to poke open firewall

Error: (03/18/2014 05:52:48 PM) (Source: VSS)(User: )
Description: 0x80070005, Acesso negado.


Operação:
Obtendo Dados do Gravador

Contexto:
Id de Classe de Gravador: {e8132975-6f93-4464-a53e-1050253ae220}
Nome do Gravador: System Writer
ID de Instância de Gravador: {60bc24df-5590-4153-b6d0-649fc32095d8}

Error: (03/18/2014 00:13:53 PM) (Source: SideBySide)(User: )
Description: Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"c:\program files\IObit\driver booster\DpInst\x64\dpinst.exe

Error: (03/18/2014 11:44:21 AM) (Source: ESENT)(User: )
Description: taskhost2652C:\Users\Cliente\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat-1032 (0xfffffbf8)32 (0x00000020)O arquivo já está sendo usado por outro processo.


==================== Memory info ===========================

Percentage of memory in use: 40%
Total physical RAM: 3486.04 MB
Available physical RAM: 2060.54 MB
Total Pagefile: 6970.38 MB
Available Pagefile: 5311.91 MB
Total Virtual: 2047.88 MB
Available Virtual: 1885.2 MB

==================== Drives ================================

Drive c: (Sistema) (Fixed) (Total:292.87 GB) (Free:195.85 GB) NTFS
Drive d: (Arquivos) (Fixed) (Total:638.54 GB) (Free:483.98 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: 00083503)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=293 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=639 GB) - (Type=07 NTFS)

==================== End Of Log ============================

Compartilhar este post


Link para o post
Compartilhar em outros sites

Olá, leia o tópico "Leia Antes de Postar" e poste os logs solicitados.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Seguem os logs:

attach log

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Ultimate 
Boot Device: \Device\HarddiskVolume1
Install Date: 24/10/2013 13:59:23
System Uptime: 22/03/2014 11:02:34 (0 hours ago)
.
Motherboard: MSI |  | H61M-P31 (G3) (MS-7788)
Processor: Intel® Pentium® CPU G620 @ 2.60GHz | SOCKET 0 | 2600/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 293 GiB total, 191,308 GiB free.
D: is FIXED (NTFS) - 639 GiB total, 471,112 GiB free.
E: is CDROM ()
G: is CDROM ()
H: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e96f-e325-11ce-bfc1-08002be10318}
Description: Microsoft PS/2 Mouse
Device ID: ACPI\PNP0F03\4&281AB843&0
Manufacturer: Microsoft
Name: Microsoft PS/2 Mouse
PNP Device ID: ACPI\PNP0F03\4&281AB843&0
Service: i8042prt
.
==== System Restore Points ===================
.
RP57: 19/03/2014 17:44:15 - Instalador de Módulos do Windows
RP58: 21/03/2014 22:32:51 - Operação de restauração
.
==== Installed Programs ======================
.
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.9)
Advanced SystemCare 7
Assassin's Creed
µTorrent
CCleaner
DAEMON Tools Lite
Dota 2
Driver San Francisco
GBBD Banco do Brasil
Google Chrome
Google Update Helper
Intel® Processor Graphics
Intel® SDK for OpenCL - CPU Only Runtime Package
IObit Uninstaller
Left 4 Dead 2
Megacubo 10
Microsoft Office Access MUI (Portuguese (Brazil)) 2010
Microsoft Office Excel MUI (Portuguese (Brazil)) 2010
Microsoft Office Groove MUI (Portuguese (Brazil)) 2010
Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2010
Microsoft Office OneNote MUI (Portuguese (Brazil)) 2010
Microsoft Office Outlook MUI (Portuguese (Brazil)) 2010
Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (Portuguese (Brazil)) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (Portuguese (Brazil)) 2010
Microsoft Office Publisher MUI (Portuguese (Brazil)) 2010
Microsoft Office Shared MUI (Portuguese (Brazil)) 2010
Microsoft Office Word MUI (Portuguese (Brazil)) 2010
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Mozilla Firefox 26.0 (x86 pt-BR)
Mozilla Maintenance Service
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
Neverwinter
Realtek Ethernet Controller Driver
Realtek High Definition Audio Driver
Resident Evil 6 version 5.1
Steam
Surfing Protection
TP-LINK 150Mbps Wireless N USB Adapter Driver
TP-LINK Wireless Configuration Utility
Ubisoft Game Launcher
VLC media player 2.1.2
VSFilter 2.41.35 (d08a416) Nightly
War Thunder
WinRAR 4.11 (32-bit)
World of Warcraft
.
==== End Of File ===========================
DDS Log
DDS (Ver_2012-11-20.01) - NTFS_x86 
Internet Explorer: 10.0.9200.16750
Run by Cliente at 11:43:23 on 2014-03-22
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.55.1046.18.3486.2246 [GMT -3:00]
.
AV: avast! Antivirus *Disabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
SP: avast! Antivirus *Disabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Program Files\IObit\Advanced SystemCare 7\ASCService.exe
C:\PROGRA~1\GbPlugin\GbpSv.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files\Realtek\Audio\HDA\RtkNGUI.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\IObit\Advanced SystemCare 7\ASCTray.exe
C:\Program Files\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe
C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
C:\Windows\system32\DllHost.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\IntelCpHeciSvc.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files\IObit\Advanced SystemCare 7\RealTimeProtector.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Users\Cliente\AppData\Roaming\uTorrent\uTorrent.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\system32\mspaint.exe
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k secsvcs
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://br.search.yahoo.com/?type=402027&fr=spigot-yhp-ie
BHO: ExplorerWnd Helper: {10921475-03CE-4E04-90CE-E2E7EF20C814} - c:\program files\iobit\iobit uninstaller\UninstallExplorer32.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office14\GROOVEEX.DLL
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\program files\microsoft office\office14\URLREDIR.DLL
BHO: Advanced SystemCare Browser Protection: {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - c:\program files\iobit\surfing protection\browerprotect\ASCPlugin_Protection.dll
BHO: GbIehObj Class: {C41A1C0E-EA6C-11D4-B1B8-444553540000} - c:\program files\gbplugin\gbieh.dll
uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\DTLite.exe" -autorun
uRun: [uTorrent] "c:\users\cliente\appdata\roaming\utorrent\uTorrent.exe"  /MINIMIZED
uRun: [Advanced SystemCare 7] "c:\program files\iobit\advanced systemcare 7\ASCTray.exe" /Auto
mRun: [bCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices
mRun: [avast5] "c:\program files\alwil software\avast5\avastUI.exe" /nogui
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [RTHDVCPL] "c:\program files\realtek\audio\hda\RtkNGUI.exe" -s
mRun: [igfxTray] "c:\windows\system32\igfxtray.exe"
mRun: [HotKeysCmds] "c:\windows\system32\hkcmd.exe"
mRun: [Persistence] "c:\windows\system32\igfxpers.exe"
StartupFolder: c:\users\cliente\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office14\ONENOTEM.EXE
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\tp-lin~1.lnk - c:\program files\tp-link\tp-link wireless configuration utility\TWCU.exe
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: &Enviar para o OneNote - c:\progra~1\micros~2\office14\ONBttnIE.dll/105
IE: E&xportar para o Microsoft Excel - c:\progra~1\micros~2\office14\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{282D77FD-CEEA-4633-9323-0DFD30599B95} : DHCPNameServer = 192.168.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Notify:  GbPluginBb - c:\program files\gbplugin\gbieh.dll
Notify: igfxcui - igfxdev.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office14\GROOVEEX.DLL
SEH: GbPluginObj Class - {E37CB5F0-51F5-4395-A808-5FA49E399F83} - c:\program files\gbplugin\gbieh.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\33.0.1750.154\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\cliente\appdata\roaming\mozilla\firefox\profiles\9b1q5ive.default\
FF - prefs.js: browser.startup.homepage - hxxp://br.search.yahoo.com/?type=402027&fr=spigot-yhp-ff
FF - prefs.js: keyword.URL - hxxp://br.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=402027&p=
FF - plugin: c:\progra~1\micros~2\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\micros~2\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\users\cliente\appdata\local\gas tecnologia\gbbd\npsf_bb.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_9_900_170.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: content.notify.ontimer - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.switch.threshold - 750000
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
.
============= SERVICES / DRIVERS ===============
.
R0 GbpKm;Gbp KernelMode;c:\windows\system32\drivers\gbpkm.sys [2013-12-22 49536]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2013-10-24 164048]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2013-10-31 242240]
R2 AdvancedSystemCareService7;Advanced SystemCare Service 7;c:\program files\iobit\advanced systemcare 7\ASCService.exe [2013-12-26 881440]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2013-10-24 19024]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2013-10-24 51792]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2013-10-24 40384]
R2 GbpSv;Gbp Service;c:\progra~1\gbplugin\GbpSv.exe [2013-12-22 452136]
R3 MEI;Intel® Management Engine Interface ;c:\windows\system32\drivers\TeeDriver.sys [2013-12-12 86488]
R3 NdisrdMP;NdisrdMP;c:\windows\system32\drivers\GbpNdisrd.sys [2013-12-22 31088]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2013-12-12 679128]
S2 LiveUpdateSvc;LiveUpdate;c:\program files\iobit\liveupdate\LiveUpdate.exe [2013-12-26 2151200]
S3 athur;Atheros AR9271 Wireless Network Adapter Service;c:\windows\system32\drivers\athur.sys [2014-3-18 1570304]
S3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2013-10-24 40384]
S3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2013-10-24 40384]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2011-2-4 62464]
S3 Ndisrd;GAS Tecnologia Service;c:\windows\system32\drivers\GbpNdisrd.sys [2013-12-22 31088]
S3 NTIOLib_1_0_6;NTIOLib_1_0_6;c:\program files\setup files\ms7788v270\NTIOLib.sys [2011-1-6 7680]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2013-12-26 14848]
S3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\Synth3dVsc.sys [2011-2-4 77184]
S3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2013-12-26 24064]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2013-12-26 49664]
S3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2013-12-26 27136]
S3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [2011-2-4 112640]
.
=============== Created Last 30 ================
.
2014-03-22 00:05:28 -------- d-----w- c:\programdata\Trymedia
2014-03-21 05:57:05 62576 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{38fa127c-600a-4460-8cf2-ce76db750097}\offreg.dll
2014-03-20 07:19:14 -------- d-----w- C:\AdwCleaner
2014-03-20 06:56:38 -------- d-----w- C:\FRST
2014-03-18 20:53:44 -------- d-----w- c:\users\cliente\appdata\roaming\TP-LINK
2014-03-18 20:53:29 -------- d-----w- c:\program files\TP-LINK
2014-03-18 20:52:56 1570304 ----a-w- c:\windows\system32\drivers\athur.sys
2014-03-18 20:52:56 1570304 ------w- c:\windows\system32\athur.sys
2014-03-18 20:52:28 -------- d-----w- c:\programdata\TP-LINK
.
==================== Find3M  ====================
.
2014-03-22 14:02:45 31088 ----a-w- c:\windows\system32\drivers\GbpNdisrd.sys
2014-01-30 02:12:30 279000 ----a-w- c:\windows\system32\IntelCpHeciSvc.exe
2014-01-30 02:12:28 271832 ----a-w- c:\windows\system32\igfxsrvc.exe
2014-01-30 02:12:28 145880 ----a-w- c:\windows\system32\igfxtray.exe
2014-01-30 02:12:24 199128 ----a-w- c:\windows\system32\igfxext.exe
2014-01-30 02:12:24 189912 ----a-w- c:\windows\system32\igfxpers.exe
2014-01-30 02:12:10 6231512 ----a-w- c:\windows\system32\GfxUI.exe
2014-01-30 02:12:10 181208 ----a-w- c:\windows\system32\hkcmd.exe
2014-01-03 04:05:19 2616320 ----a-w- c:\windows\explorer.exe
2014-01-03 04:05:11 317440 ----a-w- c:\windows\system32\spoolsv.exe
2013-12-26 13:02:22 301568 ----a-w- c:\windows\system32\msieftp.dll
2013-12-26 13:01:41 12625408 ----a-w- c:\windows\system32\wmploc.DLL
2013-12-26 13:00:50 417792 ----a-w- c:\windows\system32\WMPhoto.dll
2013-12-26 13:00:06 2048 ----a-w- c:\windows\system32\tzres.dll
2013-12-26 12:59:24 2349056 ----a-w- c:\windows\system32\win32k.sys
2013-12-26 12:58:46 163840 ----a-w- c:\windows\system32\scrrun.dll
2013-12-26 12:58:46 141824 ----a-w- c:\windows\system32\wscript.exe
2013-12-26 12:58:46 126976 ----a-w- c:\windows\system32\cscript.exe
2013-12-26 12:58:46 121856 ----a-w- c:\windows\system32\wshom.ocx
2013-12-26 12:58:01 81408 ----a-w- c:\windows\system32\drivers\drmk.sys
2013-12-26 12:58:01 177152 ----a-w- c:\windows\system32\drivers\portcls.sys
2013-12-26 12:57:27 159232 ----a-w- c:\windows\system32\imagehlp.dll
2013-12-26 12:55:56 1796096 ----a-w- c:\windows\system32\authui.dll
2013-12-26 12:55:56 168960 ----a-w- c:\windows\system32\credui.dll
2013-12-26 12:55:56 152576 ----a-w- c:\windows\system32\SmartcardCredentialProvider.dll
2013-12-26 12:55:02 1168384 ----a-w- c:\windows\system32\crypt32.dll
2013-12-26 12:54:04 305152 ----a-w- c:\windows\system32\gdi32.dll
2013-12-26 12:53:13 99840 ----a-w- c:\windows\system32\sspicli.dll
2013-12-26 12:53:13 67520 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2013-12-26 12:53:13 369848 ----a-w- c:\windows\system32\drivers\cng.sys
2013-12-26 12:53:13 247808 ----a-w- c:\windows\system32\schannel.dll
2013-12-26 12:53:13 220160 ----a-w- c:\windows\system32\ncrypt.dll
2013-12-26 12:53:13 22016 ----a-w- c:\windows\system32\secur32.dll
2013-12-26 12:53:13 22016 ----a-w- c:\windows\system32\lsass.exe
2013-12-26 12:53:13 15872 ----a-w- c:\windows\system32\sspisrv.dll
2013-12-26 12:53:13 136640 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2013-12-26 12:53:13 1038848 ----a-w- c:\windows\system32\lsasrv.dll
2013-12-26 12:52:23 679424 ----a-w- c:\windows\system32\IKEEXT.DLL
2013-12-26 12:52:23 656896 ----a-w- c:\windows\system32\nshwfp.dll
2013-12-26 12:52:23 216576 ----a-w- c:\windows\system32\FWPUCLNT.DLL
2013-12-26 12:51:38 530432 ----a-w- c:\windows\system32\comctl32.dll
2013-12-26 12:50:47 24576 ----a-w- c:\windows\system32\cryptdlg.dll
2013-12-26 12:49:53 81920 ----a-w- c:\windows\system32\davclnt.dll
2013-12-26 12:49:53 205824 ----a-w- c:\windows\system32\WebClnt.dll
2013-12-26 12:49:53 115712 ----a-w- c:\windows\system32\drivers\mrxdav.sys
2013-12-26 12:49:07 640512 ----a-w- c:\windows\system32\advapi32.dll
2013-12-26 12:49:07 619520 ----a-w- c:\windows\system32\tdh.dll
2013-12-26 12:49:07 3969472 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-12-26 12:49:07 3914176 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-12-26 12:49:07 1289096 ----a-w- c:\windows\system32\ntdll.dll
2013-12-26 12:48:19 434688 ----a-w- c:\windows\system32\scavengeui.dll
2013-12-26 12:46:46 86016 ----a-w- c:\windows\system32\drivers\usbcir.sys
2013-12-26 12:46:08 527064 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2013-12-26 12:45:29 55808 ----a-w- c:\windows\system32\drivers\hidclass.sys
2013-12-26 12:45:29 25728 ----a-w- c:\windows\system32\drivers\hidparse.sys
2013-12-26 12:44:48 70656 ----a-w- c:\windows\system32\fontsub.dll
2013-12-26 12:44:48 34304 ----a-w- c:\windows\system32\atmlib.dll
2013-12-26 12:44:48 295424 ----a-w- c:\windows\system32\atmfd.dll
2013-12-26 12:44:48 26112 ----a-w- c:\windows\system32\lpk.dll
2013-12-26 12:44:48 10240 ----a-w- c:\windows\system32\dciman32.dll
2013-12-26 12:44:07 729024 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2013-12-26 12:44:07 218984 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2013-12-26 12:41:57 102608 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2013-12-26 12:41:15 338944 ----a-w- c:\windows\system32\drivers\afd.sys
2013-12-26 12:41:15 231424 ----a-w- c:\windows\system32\mswsock.dll
2013-12-26 12:41:15 1294272 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-12-26 12:39:34 56320 ----a-w- c:\windows\system32\TSWbPrxy.exe
2013-12-26 12:36:12 133056 ----a-w- c:\windows\system32\drivers\ataport.sys
2013-12-26 12:35:32 1620992 ----a-w- c:\windows\system32\WMVDECOD.DLL
2013-12-26 12:34:06 69632 ----a-w- c:\windows\system32\smss.exe
2013-12-26 12:34:06 38912 ----a-w- c:\windows\system32\csrsrv.dll
2013-12-26 12:33:27 652800 ----a-w- c:\windows\system32\rpcrt4.dll
2013-12-26 12:32:50 187752 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2013-12-26 12:32:14 31232 ----a-w- c:\windows\system32\drivers\tssecsrv.sys
2013-12-26 12:31:30 175104 ----a-w- c:\windows\system32\wintrust.dll
2013-12-26 12:31:30 140288 ----a-w- c:\windows\system32\cryptsvc.dll
2013-12-26 12:31:30 103936 ----a-w- c:\windows\system32\cryptnet.dll
2013-12-26 12:30:14 509440 ----a-w- c:\windows\system32\qedit.dll
2013-12-26 12:28:26 1247744 ----a-w- c:\windows\system32\DWrite.dll
2013-12-26 12:25:17 492544 ----a-w- c:\windows\system32\win32spl.dll
2013-12-26 12:24:42 1230336 ----a-w- c:\windows\system32\WindowsCodecs.dll
2013-12-26 12:24:00 903168 ----a-w- c:\windows\system32\certutil.exe
2013-12-26 12:24:00 43008 ----a-w- c:\windows\system32\certenc.dll
2013-12-26 12:23:09 47104 ----a-w- c:\windows\system32\appinfo.dll
2013-12-26 12:23:09 101720 ----a-w- c:\windows\system32\consent.exe
2013-12-26 12:22:27 40960 ----a-w- c:\windows\system32\wwanprotdim.dll
2013-12-26 12:22:27 186368 ----a-w- c:\windows\system32\wwansvc.dll
2013-12-26 12:21:55 561664 ----a-w- c:\windows\apppatch\AcLayers.dll
2013-12-26 12:21:55 474624 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-12-26 12:21:55 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
2013-12-26 12:21:20 1211752 ----a-w- c:\windows\system32\drivers\ntfs.sys
2013-12-26 12:20:06 196328 ----a-w- c:\windows\system32\drivers\fvevol.sys
2013-12-26 12:19:35 15872 ----a-w- c:\windows\system32\drivers\usb8023.sys
2013-12-26 12:17:18 626688 ----a-w- c:\windows\system32\usp10.dll
2013-12-26 12:13:49 1389568 ----a-w- c:\windows\system32\msxml6.dll
2013-12-26 12:12:41 376832 ----a-w- c:\windows\system32\dpnet.dll
2013-12-26 12:12:20 78336 ----a-w- c:\windows\system32\synceng.dll
2013-12-26 12:11:50 73216 ----a-w- c:\windows\system32\WUDFSvc.dll
2013-12-26 12:11:50 66560 ----a-w- c:\windows\system32\drivers\WUDFPf.sys
2013-12-26 12:11:50 613888 ----a-w- c:\windows\system32\WUDFx.dll
.
============= FINISH: 11:43:44,20 ===============
GMer Log
GMER 2.1.19357 - http://www.gmer.net
Rootkit scan 2014-03-22 12:37:44
Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD10EARS-00MVWB0 rev.51.0AB51 931,51GB
Running: 10z9wmnr.exe; Driver: C:\Users\Cliente\AppData\Local\Temp\awriafow.sys
 
 
---- Kernel code sections - GMER 2.1 ----
 
.text           ntkrnlpa.exe!ZwRollbackEnlistment + 142D                                     82C54A15 1 Byte  [06]
.text           ntkrnlpa.exe!KiDispatchInterrupt + 5A2                                       82C8E212 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
 
---- User code sections - GMER 2.1 ----
 
.text           C:\Windows\system32\services.exe[528] kernel32.dll!FreeLibraryAndExitThread  769E03B0 5 Bytes  JMP 73B083C4 C:\Program Files\GbPlugin\gbieh.dll
.text           C:\Windows\system32\services.exe[528] kernel32.dll!FreeLibrary               769EEF57 5 Bytes  JMP 73B0844C C:\Program Files\GbPlugin\gbieh.dll
.text           C:\Windows\Explorer.EXE[1860] kernel32.dll!FreeLibraryAndExitThread          769E03B0 5 Bytes  JMP 73B083C4 C:\Program Files\GbPlugin\gbieh.dll
.text           C:\Windows\Explorer.EXE[1860] kernel32.dll!FreeLibrary                       769EEF57 5 Bytes  JMP 73B0844C C:\Program Files\GbPlugin\gbieh.dll
.text           C:\Windows\Explorer.EXE[1860] RPCRT4.dll!IUnknown_QueryInterface_Proxy       753D4EC2 6 Bytes  JMP 71A7000A 
.text           C:\Windows\Explorer.EXE[1860] ole32.dll!CoUnmarshalInterface                 76D2F150 6 Bytes  JMP 71AB000A 
 
---- Devices - GMER 2.1 ----
 
AttachedDevice  \Driver\tdx \Device\Tcp                                                      aswTdi.SYS
AttachedDevice  \Driver\tdx \Device\Udp                                                      aswTdi.SYS
 
---- EOF - GMER 2.1 ----
 

Compartilhar este post


Link para o post
Compartilhar em outros sites

Baixe o Kaspersky AVP Tool de um desses 2 links:

http://devbuilds.kaspersky-labs.com/devbuilds/AVPTool/

http://dnl-us6.kaspersky-labs.com/devbuilds/AVPTool/

Você será conduzido a uma página da Kaspersky, solicitando um email para cadastro, nome e sobrenome. Somente o campo "email" é obrigatório.

Informe seu email depois clique no botão Submit Form.

A página será recarregada. Clique no botão Download

Salve-o em sua área de trabalho.

Execute o arquivo e aguarde a instalação.

** Usuários do Windows Vista e Windows 7:

Clique com o direito sobre o arquivo, depois clique em Executar como administrador

Na tela do contrato de licença, marque a opção I accept the license agreement e depois clique no botão Start. Aparentemente o programa congela e nada acontece. É normal, apenas aguarde até aparecer a tela inicial do programa, e então clique no ícone Settings:

KRT_settings.png

Nesta tela, marque a caixa ao lado de:

  • Meu Computador
  • Disco local (C:)
Marque também todas as unidades que aparecem abaixo de Disco Local, caso houverem. Depois clique na aba Automatic Scan

KRT_install2_.png

De volta à tela inicial do programa, clique no botão Start scanning

Tenha paciência, é um pouco demorado.

Quando terminar, caso tenha detectado algo, o programa irá lhe perguntar o que fazer.

Marque o quadradinho ao lado de Apply to all objects e depois clique em Skip (queremos apenas o log).

KRT_detection_.png

Enquanto durar o exame, a tela inicial exibirá uma barra de progresso. Quando terminar, o programa exibirá o status concluído e um botão que ficará na cor laranja, caso nada tenha sido detectado, e na cor vermelha, caso tenha encontrado algo.

Caso tenha detectado algo, o programa também exibirá uma tela de alerta, avisando que o seu sistema está desprotegido e sugerindo um produto da Kaspersky. Clique no botão No, thanks.

De volta à tela principal, caso tenha sido detectado algo, então salve o log. Se você fechar o programa e esquecer de salvar o log, terá que repetir todo o scan novamente.

Para salvar o log, clique no ícone Reports (ao lado do ícone "Settings"). Na próxima janela, clique em Detected Threats, depois clique no ícone de disquete para salvar o log.

Escolha um local de fácil acesso e salve como log.txt

Copie todo o conteúdo desse bloco de notas e cole na sua próxima resposta.

Se nada for detectado, então não precisa salvar o log. Apenas poste aqui avisando.

Para sair do programa, basta clicar no X no canto superior direito.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Não aparenta ser problema com malware.

É um pc ou notebook?

Compartilhar este post


Link para o post
Compartilhar em outros sites

É um PC, notei também que se eu deixar ele ligado por muito tempo o problema para, mas, quando eu desligo e ligo novamente volta o problema por um tempo e depois para.

Compartilhar este post


Link para o post
Compartilhar em outros sites

É possivel tentar usar outro teclado, apenas para fazer um teste?

Compartilhar este post


Link para o post
Compartilhar em outros sites





Sobre o Clube do Hardware

No ar desde 1996, o Clube do Hardware é uma das maiores, mais antigas e mais respeitadas publicações sobre tecnologia do Brasil. Leia mais

Direitos autorais

Não permitimos a cópia ou reprodução do conteúdo do nosso site, fórum, newsletters e redes sociais, mesmo citando-se a fonte. Leia mais

×