Ertel

Novato
  • Content count

    35
  • Joined

  • Last visited

Community Reputation

0 Neutral

About Ertel

  • Rank
    Novato

Contact Methods

  • ICQ
    0
  1. Olá Elias, seguem abaixo os links solicitados: https://www.virustotal.com/pt/file/8c614cf476f871274aa06153224e8f7354bf5e23e6853358591bf35a381fb75b/analysis/1475099858/ https://www.virustotal.com/pt/file/8c614cf476f871274aa06153224e8f7354bf5e23e6853358591bf35a381fb75b/analysis/1475099858/ https://www.virustotal.com/pt/file/8d604553a3f5db03bffd50473ecb6f05ebcfcc6b5e1f149322830dbd6c806866/analysis/1475100150/ https://www.virustotal.com/pt/file/8d604553a3f5db03bffd50473ecb6f05ebcfcc6b5e1f149322830dbd6c806866/analysis/1475100150/ https://www.virustotal.com/pt/file/13d64fc20165e59cfa363a8fe00863d0413b07fcfa087c5132114e4fc763e08d/analysis/1475100490/ C:\Windows\System32\DRIVERS\igdkmd64.sys e C:\Windows\System32\DRIVERS\IntcDAud.sys estas duas últimas ao clicar em abrir apareceu uma janela de "Arquivo não encontrado". Muito Obrigado Elias! Fixlog.txt
  2. Boa noite Elias, ao iniciar o computador agora pouco apareceu este erro dá imagem abaixo, não sei se influencia em algo... Segue abaixo o conteúdo do FRST e anexado o Addition. Obrigado! Resultado do exame da Farbar Recovery Scan Tool (FRST) (x64) Versão: 24-09-2016 02 Executado por André Colorado (administrador) em COLORADO (24-09-2016 18:07:41) Executando a partir de C:\Users\André Colorado\Desktop Perfis Carregados: André Colorado (Perfis Disponíveis: André Colorado & Classic .NET AppPool & DefaultAppPool) Platform: Windows 7 Ultimate Service Pack 1 (X64) Idioma: Português (Brasil) Internet Explorer Versão 11 (Navegador padrão: "D:\Softwares\firefox.exe" -osint -url "%1") Modo da Inicialização: Normal Tutorial da Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processos (Whitelisted) ================= (Se uma entrada for incluída na fixlist, o processo será fechado. O arquivo não será movido.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvscpapisvr.exe (GAS Tecnologia) C:\Program Files (x86)\GbPlugin\gbpsv.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (Microsoft Corporation) C:\Windows\System32\msiexec.exe (Panda Security, S.L.) D:\Softwares\PSANHost.exe (Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe (Panda Security) C:\Program Files (x86)\Panda USB Vaccine\USBVaccine.exe (Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe (PixArt Imaging Incorporation) C:\Windows\iSlim310\Monitor.exe (GAS Tecnologia LTDA) C:\Program Files\Diebold\Warsaw\core.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe (Panda Security, S.L.) D:\Softwares\PSUAService.exe (Panda Security, S.L.) D:\Softwares\PSUAMain.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (GAS Tecnologia LTDA) C:\Program Files\Diebold\Warsaw\core.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (Panda Security, S.L.) C:\ProgramData\Panda Security\Panda Devices Agent\Downloads\4f5403c6e84435fbda10346629885c02\PSCampaign.exe (GAS Tecnologia) C:\Program Files (x86)\GbPlugin\gbpsv.exe (Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe (Mozilla Corporation) D:\Softwares\firefox.exe ==================== Registro (Whitelisted) =========================== (Se uma entrada for incluída na fixlist, o ítem no Registro será restaurado para o padrão ou removido. O arquivo não será movido.) HKLM\...\Run: [iSlim310_Monitor] => C:\Windows\iSlim310\Monitor.exe [323584 2007-12-10] (PixArt Imaging Incorporation) HKLM\...\Run: [Diebold - Warsaw] => C:\Program Files\Diebold\Warsaw\core.exe [925744 2016-06-22] (GAS Tecnologia LTDA) HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\nvspcap64.dll [1842744 2016-09-16] (NVIDIA Corporation) HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [PSUAMain] => D:\Softwares\PSUAMain.exe [107520 2016-03-18] (Panda Security, S.L.) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [598040 2016-06-22] (Oracle Corporation) HKLM\...\Winlogon: [Userinit] C:\Windows\SysWOW64\userinit.exe, Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) Winlogon\Notify\ GbPluginBb: C:\Program Files (x86)\GbPlugin\gbieh.dll [2016-06-16] (Banco do Brasil) Winlogon\Notify\ GbPluginCef: C:\Program Files (x86)\GbPlugin\gbiehCef.dll [2015-07-08] (Caixa Economica Federal) HKU\S-1-5-21-3980743653-1760172547-1964375692-1000\...\Policies\Explorer: [NoToolbarsOnTaskbar] 0 HKU\S-1-5-21-3980743653-1760172547-1964375692-1000\...\Policies\Explorer: [NoSetTaskbar] 0 HKU\S-1-5-21-3980743653-1760172547-1964375692-1000\...\Policies\Explorer: [NoBandCustomize] 0 HKU\S-1-5-21-3980743653-1760172547-1964375692-1000\...\Policies\Explorer: [NoMovingBands] 0 HKU\S-1-5-21-3980743653-1760172547-1964375692-1000\...\Policies\Explorer: [NoCloseDragDropBands] 0 HKU\S-1-5-21-3980743653-1760172547-1964375692-1000\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1 ShellExecuteHooks-x32: GbPluginObj Class - {E37CB5F0-51F5-4395-A808-5FA49E399F83} - C:\PROGRAM FILES (X86)\GbPlugin\gbieh.dll [1947872 2016-06-16] (Banco do Brasil) ShellExecuteHooks-x32: GbPluginObj Class - {E37CB5F0-51F5-4395-A808-5FA49E399003} - C:\Program Files (x86)\GbPlugin\gbiehcef.dll [1853256 2015-07-08] (Caixa Economica Federal) CHR HKLM\SOFTWARE\Policies\Google: Restrição <======= ATENÇÃO ==================== Internet (Whitelisted) ==================== (Se um ítem for incluído na fixlist, sendo um ítem do Registro, será removido ou restaurado para o padrão.) Tcpip\Parameters: [DhcpNameServer] 187.109.224.19 Tcpip\..\Interfaces\{2D501E74-BB93-4EE3-81A4-C455493946F3}: [DhcpNameServer] 187.109.224.19 Internet Explorer: ================== HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome HKU\S-1-5-21-3980743653-1760172547-1964375692-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch SearchScopes: HKLM -> {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = hxxp://www.google.com/search?q={searchTerms} SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM-x32 -> Backup.Old.DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} SearchScopes: HKLM-x32 -> {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = hxxp://www.google.com/search?q={searchTerms} SearchScopes: HKU\.DEFAULT -> {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-3980743653-1760172547-1964375692-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-3980743653-1760172547-1964375692-1000 -> Backup.Old.DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_102\bin\ssv.dll [2016-07-31] (Oracle Corporation) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> D:\Softwares\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_102\bin\jp2ssv.dll [2016-07-31] (Oracle Corporation) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation) BHO-x32: GbIehObj Class -> {C41A1C0E-EA6C-11D4-B1B8-444553540000} -> C:\PROGRAM FILES (X86)\GBPLUGIN\gbieh.dll [2016-06-16] (Banco do Brasil) BHO-x32: GbIehObj Class -> {C41A1C0E-EA6C-11D4-B1B8-444553540003} -> C:\Program Files (x86)\GbPlugin\gbiehcef.dll [2015-07-08] (Caixa Economica Federal) DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - Nenhum Arquivo Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - Nenhum Arquivo Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2016-02-01] (Skype Technologies) FireFox: ======== FF ProfilePath: C:\Users\André Colorado\AppData\Roaming\Mozilla\Firefox\Profiles\cx1k7lud.default-1441054771412 FF Homepage: google.com.br FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_23_0_0_162.dll [2016-09-14] () FF Plugin: @java.com/DTPlugin,version=11.102.2 -> C:\Program Files\Java\jre1.8.0_102\bin\dtplugin\npDeployJava1.dll [2016-07-31] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.102.2 -> C:\Program Files\Java\jre1.8.0_102\bin\plugin2\npjp2.dll [2016-07-31] (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50709.0\npctrl.dll [2016-07-11] ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> D:\SOFTWA~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin: @videolan.org/vlc,version=2.2.4 -> D:\Softwares\VLC\npvlc.dll [Nenhum Arquivo] FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_23_0_0_162.dll [2016-09-14] () FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1224194.dll [2016-02-19] (Adobe Systems, Inc.) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50709.0\npctrl.dll [2016-07-11] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation) FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-09-16] (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-09-16] (NVIDIA Corporation) FF Plugin-x32: @raidcall.en/RCplugin -> C:\Users\André Colorado\AppData\Roaming\raidcall\plugins\nprcplugin.dll [2014-05-26] (Raidcall) FF Plugin-x32: @raidcall.kr/RCplugin -> C:\Users\André Colorado\AppData\Roaming\RCKR\plugins\nprcplugin.dll [2012-08-09] (Raidcall) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-06-30] (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-3980743653-1760172547-1964375692-1000: gastecnologia.com.br/sf/bb64 -> C:\Users\André Colorado\AppData\Local\GAS Tecnologia\GBBD\npsf_bb_64.dll [Nenhum Arquivo] FF Plugin HKU\S-1-5-21-3980743653-1760172547-1964375692-1000: gastecnologia.com.br/sf/gas64 -> C:\Users\André Colorado\AppData\Local\GAS Tecnologia\GBBD\npsf_gas_64.dll [Nenhum Arquivo] FF Extension: (Adblock Plus) - C:\Users\André Colorado\AppData\Roaming\Mozilla\Firefox\Profiles\cx1k7lud.default-1441054771412\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-04-28] FF HKU\S-1-5-21-3980743653-1760172547-1964375692-1000\...\Firefox\Extensions: [{87F8774F-B485-47E2-A755-A40A8A5E886C}] - C:\Users\André Colorado\AppData\Local\GAS Tecnologia\GBBD\bb\xpi => não encontrado (a) StartMenuInternet: FIREFOX.EXE - D:\Softwares\firefox.exe Chrome: ======= CHR dev: Chrome dev build detectado! <======= ATENÇÃO ==================== Serviços (Whitelisted) ======================== (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) R2 GbpSv; C:\Program Files (x86)\GbPlugin\gbpsv.exe [631520 2016-06-16] (GAS Tecnologia) S4 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [49464 2014-04-01] (Hewlett-Packard Company) S2 KMService; C:\Windows\SysWOW64\srvany.exe [8192 2015-08-05] () [Arquivo não assinado] R2 NanoServiceMain; D:\Softwares\PSANHost.exe [150528 2016-03-18] (Panda Security, S.L.) S4 NMIndexingService; C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe [382248 2007-08-03] (Nero AG) S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [3837224 2016-01-21] (INCA Internet Co., Ltd.) R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [458808 2016-09-16] (NVIDIA Corporation) S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [458808 2016-09-16] (NVIDIA Corporation) R2 NVIDIA Wireless Controller Service; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe [1165368 2016-09-16] (NVIDIA Corporation) R2 PandaAgent; C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe [73176 2016-02-22] (Panda Security, S.L.) S4 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [66872 2011-11-22] () R2 PSUAService; D:\Softwares\PSUAService.exe [38136 2016-03-17] (Panda Security, S.L.) S4 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [188072 2015-11-04] () S4 RzOvlMon; C:\Program Files (x86)\Razer\Core\64bit\rzovlmon.exe [32960 2014-04-18] (Razer, Inc.) S3 sppuinotify; C:\Windows\system32\sppuinotify.dll [65536 2012-09-08] (Microsoft Corporation) [Arquivo não assinado] S4 SpyHunter 4 Service; C:\Program Files (x86)\Enigma Software Group\SpyHunter\SH4Service.exe [327064 2010-05-18] (Enigma Software Group USA, LLC.) R2 Warsaw Technology; C:\Program Files\Diebold\Warsaw\core.exe [925744 2016-06-22] (GAS Tecnologia LTDA) S4 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) S3 WMSVC; C:\Windows\system32\inetsrv\wmsvc.exe [10752 2009-07-13] (Microsoft Corporation) ===================== Drivers (Whitelisted) ========================== (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation) S3 epmntdrv; C:\Windows\system32\epmntdrv.sys [17480 2012-12-21] () [Arquivo não assinado] S3 epmntdrv; C:\Windows\SysWOW64\epmntdrv.sys [14920 2012-12-21] () [Arquivo não assinado] S3 EuGdiDrv; C:\Windows\system32\EuGdiDrv.sys [9800 2012-12-21] () [Arquivo não assinado] S3 EuGdiDrv; C:\Windows\SysWOW64\EuGdiDrv.sys [9160 2012-12-21] () [Arquivo não assinado] R3 GBPRCM; C:\Program Files (x86)\GbPlugin\gbprcm64.sys [29912 2015-10-29] (GAS Tecnologia) S3 igfx; C:\Windows\System32\DRIVERS\igdkmd64.sys [12252064 2010-11-12] (Intel Corporation) [Arquivo não assinado] S3 IntcDAud; C:\Windows\System32\DRIVERS\IntcDAud.sys [317440 2010-10-15] (Intel(R) Corporation) [Arquivo não assinado] R1 NNSALPC; C:\Windows\System32\DRIVERS\NNSAlpc.sys [94456 2015-12-04] (Panda Security, S.L.) R1 NNSHTTP; C:\Windows\System32\DRIVERS\NNSHttp.sys [201464 2015-12-04] (Panda Security, S.L.) R1 NNSHTTPS; C:\Windows\System32\DRIVERS\NNSHttps.sys [110840 2015-12-04] (Panda Security, S.L.) R1 NNSIDS; C:\Windows\System32\DRIVERS\NNSIds.sys [110840 2015-12-04] (Panda Security, S.L.) R1 NNSNAHSL; C:\Windows\System32\DRIVERS\NNSNAHSL.sys [48912 2015-04-27] (Panda Security, S.L.) R1 NNSPICC; C:\Windows\System32\DRIVERS\NNSPicc.sys [103160 2015-12-04] (Panda Security, S.L.) R1 NNSPIHSW; C:\Windows\System32\DRIVERS\NNSPihsw.sys [80592 2016-03-14] (Panda Security, S.L.) R1 NNSPOP3; C:\Windows\System32\DRIVERS\NNSPop3.sys [124152 2015-12-04] (Panda Security, S.L.) R1 NNSPROT; C:\Windows\System32\DRIVERS\NNSProt.sys [300280 2015-12-04] (Panda Security, S.L.) R1 NNSPRV; C:\Windows\System32\DRIVERS\NNSPrv.sys [177424 2016-02-17] (Panda Security, S.L.) R1 NNSSMTP; C:\Windows\System32\DRIVERS\NNSSmtp.sys [113400 2015-12-04] (Panda Security, S.L.) R1 NNSSTRM; C:\Windows\System32\DRIVERS\NNSStrm.sys [264976 2016-02-17] (Panda Security, S.L.) R1 NNSTLSC; C:\Windows\System32\DRIVERS\NNSTlsc.sys [106232 2015-12-04] (Panda Security, S.L.) S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [29240 2016-09-16] (NVIDIA Corporation) R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [47672 2016-09-16] (NVIDIA Corporation) S3 PAC7302; C:\Windows\System32\DRIVERS\PAC7302.SYS [532480 2009-04-28] (PixArt Imaging Inc.) R2 PSINAflt; C:\Windows\System32\DRIVERS\PSINAflt.sys [171792 2016-02-16] (Panda Security, S.L.) R2 PSINFile; C:\Windows\System32\DRIVERS\PSINFile.sys [127248 2016-02-16] (Panda Security, S.L.) R1 PSINKNC; C:\Windows\System32\DRIVERS\psinknc.sys [205072 2016-02-16] (Panda Security, S.L.) R2 PSINProc; C:\Windows\System32\DRIVERS\PSINProc.sys [131344 2016-02-16] (Panda Security, S.L.) R2 PSINProt; C:\Windows\System32\DRIVERS\PSINProt.sys [144656 2016-02-23] (Panda Security, S.L.) R2 PSINReg; C:\Windows\System32\DRIVERS\PSINReg.sys [114960 2016-02-16] (Panda Security, S.L.) R3 PSKMAD; C:\Windows\System32\DRIVERS\PSKMAD.sys [61712 2015-05-22] (Panda Security, S.L.) S3 RzDxgk; C:\Windows\system32\drivers\RzDxgk.sys [129472 2014-04-18] (Razer, Inc.) R3 rzendpt; C:\Windows\System32\DRIVERS\rzendpt.sys [50392 2015-08-13] (Razer Inc) S1 RzFilter; C:\Windows\system32\drivers\RzFilter.sys [74432 2014-04-18] (Razer, Inc.) R2 rzpmgrk; C:\Windows\system32\drivers\rzpmgrk.sys [37184 2015-09-22] (Razer, Inc.) R2 rzpnk; C:\Windows\system32\drivers\rzpnk.sys [130880 2015-12-14] (Razer, Inc.) U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [28272 2016-09-15] () S3 Warsaw_PP; C:\Program Files (x86)\GbPlugin\wsftprp64.sys [24792 2015-04-29] (GAS Tecnologia LTDA) R4 WinDivert1.1; C:\Program Files\Diebold\Warsaw\WinDivert64.sys [38104 2015-07-07] (Basil) S1 wsddfac; C:\Windows\System32\drivers\wsddfac.sys [101080 2016-05-30] (GAS Tecnologia) S1 wsddpp; C:\Windows\system32\drivers\wsddpp.sys [103640 2015-03-18] (GAS Tecnologia) S3 catchme; \??\C:\ComboFix\catchme.sys [X] S3 dcdbas; system32\DRIVERS\dcdbas64.sys [X] S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X] S1 gbpddfac; system32\drivers\gbpddfac64.sys [X] S0 gbpddreg; system32\drivers\gbpddreg64.sys [X] S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X] S3 tsusbhub; system32\drivers\tsusbhub.sys [X] S3 VGPU; System32\drivers\rdvgkmd.sys [X] S3 X6va013; \??\C:\Windows\SysWOW64\Drivers\X6va013 [X] S3 X6va014; \??\C:\Windows\SysWOW64\Drivers\X6va014 [X] S3 X6va015; \??\C:\Windows\SysWOW64\Drivers\X6va015 [X] S3 X6va029; \??\C:\Windows\SysWOW64\Drivers\X6va029 [X] ==================== NetSvcs (Whitelisted) =================== (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) ==================== Um Mês Criados arquivos e pastas ======== (Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.) 2016-09-24 18:07 - 2016-09-24 18:08 - 00018931 _____ C:\Users\André Colorado\Desktop\FRST.txt 2016-09-24 18:07 - 2016-09-24 18:07 - 00000000 ____D C:\FRST 2016-09-24 18:06 - 2016-09-24 18:06 - 02402816 _____ (Farbar) C:\Users\André Colorado\Desktop\FRST64.exe 2016-09-21 17:24 - 2016-09-16 19:30 - 00134712 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe 2016-09-21 17:24 - 2016-09-09 15:25 - 00269600 _____ C:\Windows\SysWOW64\vulkan-1.dll 2016-09-21 17:24 - 2016-09-09 15:25 - 00261920 _____ C:\Windows\system32\vulkan-1.dll 2016-09-21 17:24 - 2016-09-09 15:25 - 00110880 _____ C:\Windows\SysWOW64\vulkaninfo.exe 2016-09-21 17:24 - 2016-09-09 15:24 - 00125216 _____ C:\Windows\system32\vulkaninfo.exe 2016-09-21 17:22 - 2016-09-16 21:46 - 40070200 _____ C:\Windows\system32\nvcompiler.dll 2016-09-21 17:22 - 2016-09-16 21:46 - 35180992 _____ C:\Windows\SysWOW64\nvcompiler.dll 2016-09-21 17:22 - 2016-09-16 21:46 - 34809912 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll 2016-09-21 17:22 - 2016-09-16 21:46 - 28214840 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll 2016-09-21 17:22 - 2016-09-16 21:46 - 17464952 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll 2016-09-21 17:22 - 2016-09-16 21:46 - 14353512 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll 2016-09-21 17:22 - 2016-09-16 21:46 - 14118336 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys 2016-09-21 17:22 - 2016-09-16 21:46 - 10868288 _____ (NVIDIA Corporation) C:\Windows\system32\nvptxJitCompiler.dll 2016-09-21 17:22 - 2016-09-16 21:46 - 10746872 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll 2016-09-21 17:22 - 2016-09-16 21:46 - 10287344 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll 2016-09-21 17:22 - 2016-09-16 21:46 - 09090952 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll 2016-09-21 17:22 - 2016-09-16 21:46 - 08877480 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvptxJitCompiler.dll 2016-09-21 17:22 - 2016-09-16 21:46 - 08684304 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll 2016-09-21 17:22 - 2016-09-16 21:46 - 03595832 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll 2016-09-21 17:22 - 2016-09-16 21:46 - 03161024 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll 2016-09-21 17:22 - 2016-09-16 21:46 - 01922616 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6437290.dll 2016-09-21 17:22 - 2016-09-16 21:46 - 01585088 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6437290.dll 2016-09-21 17:22 - 2016-09-16 21:46 - 01020472 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll 2016-09-21 17:22 - 2016-09-16 21:46 - 00956864 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll 2016-09-21 17:22 - 2016-09-16 21:46 - 00943672 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll 2016-09-21 17:22 - 2016-09-16 21:46 - 00895032 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll 2016-09-21 17:22 - 2016-09-16 21:46 - 00688784 _____ (NVIDIA Corporation) C:\Windows\system32\nvfatbinaryLoader.dll 2016-09-21 17:22 - 2016-09-16 21:46 - 00578056 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvfatbinaryLoader.dll 2016-09-21 17:22 - 2016-09-16 21:46 - 00521096 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll 2016-09-21 17:22 - 2016-09-16 21:46 - 00493608 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll 2016-09-21 17:22 - 2016-09-16 21:46 - 00437696 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll 2016-09-21 17:22 - 2016-09-16 21:46 - 00435904 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll 2016-09-21 17:22 - 2016-09-16 21:46 - 00409296 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll 2016-09-21 17:22 - 2016-09-16 21:46 - 00388544 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll 2016-09-21 17:22 - 2016-09-16 21:46 - 00179952 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll 2016-09-21 17:22 - 2016-09-16 21:46 - 00157464 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll 2016-09-21 17:22 - 2016-09-16 21:46 - 00153184 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll 2016-09-21 17:22 - 2016-09-16 21:46 - 00131720 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll 2016-09-21 16:52 - 2016-09-21 16:52 - 00003800 _____ C:\Windows\System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} 2016-09-21 16:52 - 2016-09-21 16:52 - 00001434 _____ C:\Users\Public\Desktop\GeForce Experience.lnk 2016-09-21 16:52 - 2016-09-16 22:42 - 01842744 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll 2016-09-21 16:52 - 2016-09-16 22:42 - 01756728 _____ (NVIDIA Corporation) C:\Windows\system32\nvspbridge64.dll 2016-09-21 16:52 - 2016-09-16 22:42 - 01450040 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll 2016-09-21 16:52 - 2016-09-16 22:42 - 01318968 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspbridge.dll 2016-09-21 16:52 - 2016-09-16 22:42 - 00121912 _____ C:\Windows\system32\NvRtmpStreamer64.dll 2016-09-21 16:51 - 2016-09-21 16:51 - 00003850 _____ C:\Windows\System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} 2016-09-21 16:51 - 2016-09-21 16:51 - 00003850 _____ C:\Windows\System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} 2016-09-21 16:51 - 2016-09-21 16:51 - 00003788 _____ C:\Windows\System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} 2016-09-21 16:51 - 2016-09-21 16:51 - 00003612 _____ C:\Windows\System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} 2016-09-21 16:51 - 2016-09-21 16:51 - 00003552 _____ C:\Windows\System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} 2016-09-21 16:51 - 2016-09-16 22:42 - 00106040 _____ (NVIDIA Corporation) C:\Windows\system32\nvaudcap64v.dll 2016-09-21 16:51 - 2016-09-16 22:42 - 00095800 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll 2016-09-21 16:51 - 2016-09-16 22:42 - 00047672 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys 2016-09-21 16:51 - 2016-09-16 19:40 - 00001951 _____ C:\Windows\NvContainerRecovery.bat 2016-09-21 16:44 - 2015-05-22 05:45 - 00061712 _____ (Panda Security, S.L.) C:\Windows\system32\Drivers\PSKMAD.sys 2016-09-20 15:17 - 2016-09-20 15:17 - 00000000 ____D C:\Program Files\Microsoft Silverlight 2016-09-20 15:17 - 2016-09-20 15:17 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight 2016-09-15 13:28 - 2016-09-15 13:28 - 00012182 _____ C:\Users\André Colorado\Desktop\report.txt 2016-09-15 12:37 - 2016-09-15 12:38 - 25210440 _____ C:\Users\André Colorado\Desktop\RogueKillerX64.exe 2016-09-12 15:14 - 2016-09-12 15:14 - 00000000 ____D C:\Users\André Colorado\AppData\Roaming\AnyDesk 2016-09-09 19:13 - 2016-09-09 19:13 - 00007890 _____ C:\Users\André Colorado\Desktop\roguekiller.txt 2016-09-09 18:04 - 2016-09-15 12:39 - 00028272 _____ C:\Windows\system32\Drivers\TrueSight.sys 2016-09-09 18:02 - 2016-09-09 18:02 - 00000000 ____D C:\Users\Todos os Usuários\RogueKiller 2016-09-09 18:02 - 2016-09-09 18:02 - 00000000 ____D C:\ProgramData\RogueKiller 2016-09-09 15:25 - 2016-09-09 15:25 - 00269600 _____ C:\Windows\SysWOW64\vulkan-1-1-0-26-0.dll 2016-09-09 15:25 - 2016-09-09 15:25 - 00261920 _____ C:\Windows\system32\vulkan-1-1-0-26-0.dll 2016-09-09 15:25 - 2016-09-09 15:25 - 00110880 _____ C:\Windows\SysWOW64\vulkaninfo-1-1-0-26-0.exe 2016-09-09 15:24 - 2016-09-09 15:24 - 00125216 _____ C:\Windows\system32\vulkaninfo-1-1-0-26-0.exe 2016-09-08 01:04 - 2016-09-08 01:04 - 00002955 _____ C:\Users\André Colorado\Desktop\JRT.txt 2016-09-08 00:46 - 2016-09-08 00:46 - 01610560 _____ (Malwarebytes) C:\Users\André Colorado\Desktop\JRT.exe 2016-09-08 00:45 - 2016-09-08 00:45 - 00006554 _____ C:\Users\André Colorado\Desktop\AdwCleaner[C0].txt 2016-09-08 00:36 - 2016-09-08 00:36 - 03826240 _____ C:\Users\André Colorado\Desktop\adwcleaner_6.010.exe 2016-09-08 00:35 - 2016-09-08 00:35 - 00003746 _____ C:\Users\André Colorado\Desktop\MB.txt 2016-09-06 18:27 - 2016-09-08 00:33 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2016-09-06 18:27 - 2016-09-06 18:27 - 00001124 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2016-09-06 18:26 - 2016-09-06 18:27 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware 2016-09-06 18:26 - 2016-09-06 18:26 - 00000000 ____D C:\Users\Todos os Usuários\Malwarebytes 2016-09-06 18:26 - 2016-09-06 18:26 - 00000000 ____D C:\ProgramData\Malwarebytes 2016-09-06 18:26 - 2016-03-10 14:09 - 00064896 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2016-09-06 18:26 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys 2016-09-06 17:33 - 2016-09-06 17:33 - 00001052 _____ C:\Users\Public\Desktop\Revo Uninstaller.lnk 2016-09-06 17:33 - 2016-09-06 17:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller 2016-09-06 17:33 - 2016-09-06 17:33 - 00000000 ____D C:\Program Files\VS Revo Group 2016-09-02 21:40 - 2016-09-19 22:27 - 00000203 _____ C:\Users\André Colorado\Desktop\Novo Documento de Texto.txt 2016-09-01 12:49 - 2016-09-01 12:50 - 00003317 _____ C:\Users\André Colorado\Desktop\FSS.txt 2016-09-01 12:48 - 2016-09-01 12:48 - 00899584 _____ (Farbar) C:\Users\André Colorado\Desktop\FSS.exe 2016-09-01 12:47 - 2016-09-01 12:47 - 00147456 _____ (Eric_71) C:\Users\André Colorado\Desktop\MbrScan.exe 2016-09-01 12:47 - 2016-09-01 12:47 - 00000512 _____ C:\Users\André Colorado\Desktop\Dump_Hdd0_DR0.mbr 2016-09-01 12:45 - 2016-09-01 12:45 - 00025196 _____ C:\ZA-Scan.txt 2016-09-01 12:45 - 2016-09-01 12:45 - 00025196 _____ C:\Users\André Colorado\Desktop\ZA-Scan.txt 2016-09-01 12:38 - 2016-09-01 12:38 - 00000000 ____D C:\zoek_backup 2016-09-01 12:36 - 2016-09-01 12:36 - 01370112 _____ C:\Users\André Colorado\Desktop\ZA-Scan.exe 2016-08-31 07:21 - 2016-09-16 21:46 - 03917840 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll 2016-08-31 07:21 - 2016-08-25 20:28 - 01920960 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6437270.dll 2016-08-31 07:21 - 2016-08-25 20:28 - 01586744 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6437270.dll ==================== Um Mês Modificados arquivos e pastas ======== (Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.) 2016-09-24 18:05 - 2013-11-02 14:53 - 00896000 ___SH C:\Users\André Colorado\Desktop\Thumbs.db 2016-09-24 18:04 - 2015-07-28 22:52 - 00000000 ____D C:\Users\Todos os Usuários\GbPlugin 2016-09-24 18:04 - 2015-07-28 22:52 - 00000000 ____D C:\ProgramData\GbPlugin 2016-09-24 18:03 - 2015-04-12 19:49 - 00000000 ____D C:\Users\Todos os Usuários\NVIDIA 2016-09-24 18:03 - 2015-04-12 19:49 - 00000000 ____D C:\ProgramData\NVIDIA 2016-09-24 18:03 - 2009-07-14 02:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2016-09-22 12:09 - 2009-07-14 01:45 - 00056480 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2016-09-22 12:09 - 2009-07-14 01:45 - 00056480 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2016-09-22 11:35 - 2014-03-21 19:57 - 00000000 ____D C:\Users\André Colorado\AppData\Local\NVIDIA Corporation 2016-09-21 17:24 - 2016-04-19 10:01 - 00000000 ____D C:\Program Files (x86)\VulkanRT 2016-09-21 17:24 - 2015-08-05 11:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation 2016-09-21 17:24 - 2014-03-21 19:46 - 00000000 ____D C:\Users\Todos os Usuários\NVIDIA Corporation 2016-09-21 17:24 - 2014-03-21 19:46 - 00000000 ____D C:\ProgramData\NVIDIA Corporation 2016-09-21 17:24 - 2009-07-14 00:20 - 00000000 ____D C:\Windows\inf 2016-09-21 17:16 - 2013-03-19 22:16 - 00000902 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2016-09-21 17:02 - 2014-01-17 20:48 - 00000000 ____D C:\Users\André Colorado\AppData\Local\Battle.net 2016-09-21 17:00 - 2015-08-05 12:21 - 00000000 ____D C:\Users\André Colorado\AppData\Local\NVIDIA 2016-09-21 16:52 - 2011-11-21 12:51 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation 2016-09-21 16:52 - 2011-11-21 12:49 - 00000000 ____D C:\Program Files\NVIDIA Corporation 2016-09-21 16:41 - 2016-04-22 20:35 - 00000000 ____D C:\Users\André Colorado\AppData\Local\CrashDumps 2016-09-20 15:54 - 2012-10-03 02:25 - 00000000 ____D C:\Users\André Colorado\AppData\Local\Deployment 2016-09-20 15:30 - 2016-08-01 04:14 - 00000000 ____D C:\Users\André Colorado\AppData\Roaming\vlc 2016-09-20 15:18 - 2013-08-07 21:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight 2016-09-16 21:46 - 2016-08-18 00:13 - 17270984 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll 2016-09-16 21:46 - 2015-09-24 14:56 - 19854064 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll 2016-09-16 21:46 - 2015-09-24 14:56 - 03458608 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll 2016-09-16 21:46 - 2015-04-12 20:02 - 00039730 _____ C:\Windows\system32\nvinfo.pb 2016-09-16 19:57 - 2016-04-19 10:01 - 00546752 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshext.dll 2016-09-16 19:57 - 2016-04-19 10:01 - 00083512 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshextr.dll 2016-09-16 19:57 - 2015-08-05 11:51 - 06385720 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll 2016-09-16 19:57 - 2015-08-05 11:51 - 02475064 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll 2016-09-16 19:57 - 2015-08-05 11:51 - 01762752 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll 2016-09-16 19:57 - 2015-08-05 11:51 - 01364024 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe 2016-09-16 19:57 - 2015-08-05 11:51 - 00392128 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll 2016-09-16 19:57 - 2015-08-05 11:51 - 00069568 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll 2016-09-16 14:09 - 2015-02-28 03:23 - 00004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task 2016-09-16 14:07 - 2013-08-03 02:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Z8Games 2016-09-16 04:40 - 2015-08-05 11:51 - 07379415 _____ C:\Windows\system32\nvcoproc.bin 2016-09-14 16:52 - 2013-03-19 22:16 - 00003840 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater 2016-09-14 16:52 - 2012-08-15 11:10 - 00796352 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2016-09-14 16:52 - 2012-08-15 11:10 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2016-09-14 16:52 - 2012-08-15 11:10 - 00000000 ____D C:\Windows\system32\Macromed 2016-09-14 16:52 - 2011-11-21 16:03 - 00000000 ____D C:\Windows\SysWOW64\Macromed 2016-09-08 00:40 - 2015-07-29 01:41 - 00000000 ____D C:\AdwCleaner 2016-09-04 15:53 - 2011-11-21 12:53 - 00112168 _____ C:\Users\André Colorado\AppData\Local\GDIPFONTCACHEV1.DAT 2016-09-04 15:52 - 2009-07-14 01:45 - 00465320 _____ C:\Windows\system32\FNTCACHE.DAT 2016-09-04 14:25 - 2015-08-05 12:51 - 00000000 ____D C:\Users\André Colorado\AppData\Roaming\NVIDIA 2016-09-04 14:20 - 2013-03-10 20:58 - 00000000 ____D C:\Windows\SysWOW64\directx 2016-08-26 05:17 - 2015-04-21 04:58 - 00000000 ____D C:\Users\André Colorado\AppData\Local\Glyph ==================== Arquivos na raiz de alguns diretórios ======= 2015-04-14 13:28 - 2015-04-14 13:28 - 0004387 _____ () C:\Users\André Colorado\AppData\Roaming\MgBpGLcZgKhzpLkZ 2012-03-21 12:23 - 2014-12-18 05:26 - 0011264 _____ () C:\Users\André Colorado\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2013-03-10 18:35 - 2013-03-10 18:35 - 0000287 _____ () C:\Users\André Colorado\AppData\Local\DelUnist.bat 2012-01-19 15:32 - 2016-08-01 02:28 - 0007597 _____ () C:\Users\André Colorado\AppData\Local\Resmon.ResmonCfg 2015-07-28 18:02 - 2015-07-28 18:02 - 0000000 _____ () C:\Users\André Colorado\AppData\Local\Temp.dat Alguns arquivos em TEMP: ==================== C:\Users\André Colorado\AppData\Local\Temp\nvStInst.exe C:\Users\Andr� Colorado\AppData\Local\Temp\vsredistsetup.exe ==================== Bamital & volsnap ================= (Não há correção automática para arquivos que não passaram na verificação.) C:\Windows\system32\winlogon.exe => O arquivo é assinado digitalmente C:\Windows\system32\wininit.exe => O arquivo é assinado digitalmente C:\Windows\SysWOW64\wininit.exe => O arquivo é assinado digitalmente C:\Windows\explorer.exe => O arquivo é assinado digitalmente C:\Windows\SysWOW64\explorer.exe => O arquivo é assinado digitalmente C:\Windows\system32\svchost.exe => O arquivo é assinado digitalmente C:\Windows\SysWOW64\svchost.exe => O arquivo é assinado digitalmente C:\Windows\system32\services.exe => O arquivo é assinado digitalmente C:\Windows\system32\User32.dll [2011-11-21 16:50] - [2012-09-08 02:30] - 1008640 ____A (Microsoft Corporation) E573BD9AB55C8E333C202B9E255F972E C:\Windows\SysWOW64\User32.dll [2012-09-08 02:13] - [2012-09-08 02:13] - 0833024 ____A (Microsoft Corporation) E01EBE6A0C7B306763667FDC60A0B25A C:\Windows\system32\userinit.exe => O arquivo é assinado digitalmente C:\Windows\SysWOW64\userinit.exe => O arquivo é assinado digitalmente C:\Windows\system32\rpcss.dll => O arquivo é assinado digitalmente C:\Windows\system32\dnsapi.dll => O arquivo é assinado digitalmente C:\Windows\SysWOW64\dnsapi.dll => O arquivo é assinado digitalmente C:\Windows\system32\Drivers\volsnap.sys => O arquivo é assinado digitalmente LastRegBack: 2016-06-17 03:39 ==================== Fim de FRST.txt ============================ Addition.txt
  3. Boa Tarde Elias, todos os usuários que aparecem na print abaixo modifiquei para controle total e demais opções, sendo que estava oculta o "AppData" somente no usuário "André Colorado" com o cadeado e a "Default" que também alterei as permissões e continua impedindo que eu delete vários arquivos. Todas estão como "somente leitura". Acredito que tenham surgido vários usuários devido ao acento no meu nome. Se souberes como devo configurar... Muito Obrigado!
  4. Boa tarde Elias, imaginei que a desinstalação ou até mesmo a remoção de alguns arquivos estavam sendo impedidas por causa de alguma infecção, agora que já está terminado o processo, pode ser por falta de permissões no próprio Windows. Como por exemplo uma das "prints" abaixo, onde tento deletar um instalador da partição "D" na pasta "Softwares" e não permite. Já tinha tentado dar ''controle total'' para ''nomes de grupos'' ou ''usuários'' na aba ''segurança'' em ''propriedade'' da pasta e não resolveu. Não tenho cadastrado outros usuários em meu PC. Sei que já não se encaixa mais este tipo de suporte na ''remoção de malware'', mas se puder ajudar a resolver isso também, pois não queria ter que formatar meu PC para que volte ao normal. Muito obrigado pela sua ajuda até aqui! E desculpa se as prints ficaram muito compridas no post.
  5. Boa tarde Elias, segue em anexo o log do programa... Muito Obrigado! report.txt
  6. Olá Elias, não cliquei no "remove selected" nos itens encontrados, só segui os passos do seu post e criei o txt... Obrigado roguekiller.txt
  7. Boa noite Elias, segue em anexo os logs gerados. Obrigado! MB.txt AdwCleaner[C0].txt JRT.txt
  8. Boa noite Elias, agora consegui instalar e atualizar o Malwarebytes... Tenho um HD externo usb e gostaria que fosse analisado também, é possível que esses programas realizem o processo? Obrigado!
  9. Boa tarde Elias, ao tentar instalar o Malwarebytes apareceu o aviso abaixo. Já tinha desde 2013 uma outra versão do programa, vi que algumas opções são diferentes ao ver o tutorial que indicou, a versão que possuo está atualizada. Tentei desinstalar e apareceu este erro, que é o da segunda imagem. O que acredito ocorrer pelas infecções no equipamento que mudaram minhas permissões de admin, ao tentar atualizar alguns programas e desinstalar outros o Windows não permite e a máquina não possui outros usuários. Enfim, se puder realizar o scan com esta versão do Malwarebytes (foto 3) senão teremos que descobrir uma maneira de alterar essas permissões. Muito Obrigado!
  10. Boa tarde equipe, após um mês de análise do PC que minha família utiliza, notebook de meu pai antes disso... Agora peço a ajuda de análise para o meu PC, desconfio que esteja infectado também. Seguem abaixo os logs solicitados, muito obrigado! FSS.txt MbrScan.log ZA-Scan.txt
  11. Boa tarde, ok Sam... Muito obrigado por sua ajuda, vou pedir para a moderação fechar o tópico já que o problema foi solucionado...
  12. Outro detalhe Sam, o PC parece ter ficado um pouco mais rápido, mas o consumo de memória continua alto... para abrir o Mozilla levou em torno de 2 min. após ter esperado o equipamento ligar e iniciar tudo com calma... Acha que pode ser por ter instalado na máquina o Win 7 Ultimate 64 Bit SP1, com um Dual Core E5300 2.60 Ghz, 2 GB de ram e dois Hds? Se não me engano a máquina foi adquirida em 2011, inseri o HD depois de um notebook para ficar de slave, é que não lembro dele ser lento assim... No "msconfig" já tinha desabilitado várias coisas também. Obrigado por sua ajuda até aqui!
  13. Bom dia Sam, quanto ao Security Chek... vou deixar no PC, vi que alguns plugins do Mozilla não habilitam o botão de atualizar depois de clicar em "Verificar atualizações dos plugins". Também deixarei instalado o Unchecky... Quanto as atualizações do Windows não conheço todas, meu Windows 7 digamos... que é diferente. Obrigado pelo suporte!
  14. Boa Tarde Sam, desculpe a demora na resposta... Percebi que o computador está melhor. Obrigado pelo suporte até aqui...
  15. Boa noite Sam, muito obrigado por sua ajuda até aqui! SecurityCheck by glax24 & Severnyj v.1.4.0.40 [21.05.16] WebSite: www.safezone.cc DateLog: 20.07.2016 21:45:14 Path starting: C:\Users\Ertel\AppData\Local\Temp\SecurityCheck\SecurityCheck.exe Log directory: C:\SecurityCheck\ IsAdmin: True User: Ertel VersionXML: 3.22is-20.07.2016 ___________________________________________________________________________ Windows 7(6.1.7601) Service Pack 1 (x64) Ultimate Lang: Portuguese(0416) Installation date OS: 16.10.2010 00:33:05 LicenseStatus: Windows(R) 7, Ultimate edition The machine is permanently activated. Boot Mode: Normal Default Browser: C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 8\firefox.exe SystemDrive: C: FS: [NTFS] Capacity: [31.6 Gb] Used: [27.9 Gb] Free: [3.7 Gb] ------------------------------- [ Windows ] ------------------------------- Internet Explorer 10.0.9200.16798 Warning! Download Update Online installation. Last version available when Windows update is enabled throught the Internet. User Account Control enabled Notify of download and installation Date install updates: 2014-02-26 19:08:27 Windows Update (wuauserv) - The service is running Central de Segurança (wscsvc) - The service is running Registro remoto (RemoteRegistry) - The service has stopped Descoberta SSDP (SSDPSRV) - The service is running Serviços de Área de Trabalho Remota (TermService) - The service has stopped Windows Remote Management (WS-Management) (WinRM) - The service has stopped ------------------------------ [ MS Office ] ------------------------------ Microsoft Office 2007 v.12.0.6612.1000 ---------------------------- [ Antivirus_WMI ] ---------------------------- Panda Free Antivirus (enabled) ---------------------------- [ Firewall_WMI ] ----------------------------- Panda Firewall --------------------------- [ AntiSpyware_WMI ] --------------------------- Panda Free Antivirus (enabled) Windows Defender (enabled and out of date) ---------------------- [ AntiVirusFirewallInstall ] ----------------------- Panda Free Antivirus v.8.21.00 ESET Online Scanner v3 -------------------------- [ SecurityUtilities ] -------------------------- Malwarebytes Anti-Malware versão 2.2.1.1043 v.2.2.1.1043 --------------------------- [ OtherUtilities ] ---------------------------- Arquivo do WinRAR VLC media player 1.1.5 v.1.1.5 Warning! Download Update --------------------------------- [ IM ] ---------------------------------- Skype™ 7.0 v.7.0.100 Warning! Download Update ^Optional update.^ --------------------------------- [ P2P ] --------------------------------- µTorrent v.3.4.5.41712 Warning! P2P-client. -------------------------------- [ Java ] --------------------------------- JavaFX 2.1.1 v.2.1.1 Warning! This software is no longer supported. Please uninstall it and use Java SE 8 (jre-8u102-windows-i586.exe). Java 8 Update 91 v.8.0.910.14 Warning! Download Update Uninstall old version and install new one (jre-8u102-windows-i586.exe). --------------------------- [ AdobeProduction ] --------------------------- Adobe Flash Player 18 ActiveX v.18.0.0.232 Warning! Download Update Adobe Flash Player 22 NPAPI v.22.0.0.192 Warning! Download Update Adobe Shockwave Player 12.0 v.12.0.7.148 Warning! Download Update Adobe Acrobat Reader DC - Português v.15.017.20050 ------------------------------- [ Browser ] ------------------------------- Google Chrome v.51.0.2704.106 Mozilla Firefox 47.0.1 (x86 pt-BR) v.47.0.1 --------------------------- [ RunningProcess ] ---------------------------- C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 8\firefox.exe v.47.0.1.6018 ------------------ [ AntivirusFirewallProcessServices ] ------------------- C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe v.4.0.0.647 Panda Protection Service (NanoServiceMain) - The service is running C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe v.4.0.0.785 Panda Product Service (PSUAService) - The service is running C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAService.exe v.4.0.0.638 Panda Devices Agent (PandaAgent) - The service is running C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe v.1.3.7.0 Windows Defender (WinDefend) - The service is running ---------------------------- [ UnwantedApps ] ----------------------------- SpyHunter v.4.1.11 Warning! Suspected demo version of anti-spyware or optimization program - scareware or badware. Uninstallation recommended. Possible you became a victim of fraud or social engineering. Skype Click to Call v.7.3.16540.9015 Warning! Browser's toolbar. It can slow down the working of your browser and have violation privacy problems. TuneUp Utilities 2014 (pt-BR) v.14.0.1000.94 << Hidden Warning! Suspected demo version of anti-spyware or optimization program - scareware or badware. Uninstallation recommended. Possible you became a victim of fraud or social engineering. SpyHunter 4 Service (SpyHunter 4 Service) - The service has stopped ----------------------------- [ End of Log ] ------------------------------