Rootkits relacionados com internet banking

Boa  noite !


Uma nova modalidade de contaminação na rede .  Mas nem tanto ; pois via uso de internet banking .

Depois de justamente instalar o IB da CEF :


Nenhum navegador iniciava . Apenas o IE . Passei todas as ferramentas rotineiras para ambos e nada; tudo limpo .
Resolvo rodar o combofix e 3 rootkits << mgcscrd.sys , ntndis.sys e parport32.sys .


ComboFix 15-04-16.01 - EDSON 17/04/2015 16:29:58.1.2 - x86
Microsoft Windows 7 Home Basic 6.1.7601.1.1252.55.1046.18.1981.1001 [GMT -3:00]
Executando de: c:\users\EDSON\Downloads\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
ADS - drivers: deleted 310 bytes in 1 streams.
.
((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\drivers\mgcscrd.sys
c:\windows\system32\drivers\ntndis.sys
c:\windows\system32\drivers\parport32.sys
.
.
(((((((((((((((( Arquivos/Ficheiros criados de 2015-03-17 to 2015-04-17 ))))))))))))))))))))))))))))
.
.
2015-04-17 19:46 . 2015-04-17 19:46 -------- d-----w- c:\users\Public\AppData\Local\temp
2015-04-17 19:46 . 2015-04-17 19:46 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-04-17 13:16 . 2015-04-17 19:03 -------- d-----w- c:\program files\Firefox Developer Edition
2015-04-17 13:13 . 2015-03-14 10:06 9119072 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{14EA0CE1-E014-492C-9DEC-6ADD770D210F}\mpengine.dll
2015-04-15 12:43 . 2015-02-25 03:03 514560 ----a-w- c:\windows\system32\drivers\http.sys
2015-04-15 12:43 . 2015-03-10 03:08 1237504 ----a-w- c:\windows\system32\msxml3.dll
2015-04-15 12:43 . 2015-03-10 03:05 2048 ----a-w- c:\windows\system32\msxml3r.dll
2015-04-13 14:28 . 2015-04-17 14:26 -------- d-----w- c:\program files\Mozilla Maintenance Service
2015-04-12 00:46 . 2015-04-17 19:46 -------- d-----w- c:\users\EDSON\AppData\Local\temp
2015-04-12 00:34 . 2015-03-25 03:00 92672 ----a-w- c:\windows\system32\wudriver.dll
2015-04-12 00:34 . 2015-03-25 03:00 566784 ----a-w- c:\windows\system32\wuapi.dll
2015-04-12 00:34 . 2015-03-25 03:00 35328 ----a-w- c:\windows\system32\wups2.dll
2015-04-12 00:34 . 2015-03-25 03:00 3088384 ----a-w- c:\windows\system32\wucltux.dll
2015-04-12 00:34 . 2015-03-25 03:00 29696 ----a-w- c:\windows\system32\wups.dll
2015-04-12 00:34 . 2015-03-25 03:00 2020864 ----a-w- c:\windows\system32\wuaueng.dll
2015-04-12 00:34 . 2015-03-25 03:00 173056 ----a-w- c:\windows\system32\wuwebv.dll
2015-04-12 00:34 . 2015-03-25 03:00 50176 ----a-w- c:\windows\system32\WinSetupUI.dll
2015-04-12 00:34 . 2015-03-25 03:00 11776 ----a-w- c:\windows\system32\wu.upgrade.ps.dll
2015-04-12 00:34 . 2015-03-25 03:00 33792 ----a-w- c:\windows\system32\wuapp.exe
2015-04-12 00:34 . 2015-03-25 03:00 131584 ----a-w- c:\windows\system32\wuauclt.exe
2015-04-10 15:40 . 2015-04-12 04:20 -------- d-----w- c:\users\EDSON\AppData\Local\GAS Tecnologia
2015-04-08 13:12 . 2015-04-12 04:21 -------- d-s---w- c:\windows\system32\CompatTel
2015-04-08 13:12 . 2015-04-12 04:21 -------- d-----w- c:\windows\system32\appraiser
2015-04-08 13:10 . 2015-03-23 03:06 576000 ----a-w- c:\windows\system32\generaltel.dll
2015-04-08 13:10 . 2015-03-23 03:06 630784 ----a-w- c:\windows\system32\invagent.dll
2015-04-08 13:10 . 2015-03-23 03:06 331264 ----a-w- c:\windows\system32\devinv.dll
2015-04-08 13:10 . 2015-03-23 03:06 26112 ----a-w- c:\windows\system32\acmigration.dll
2015-04-08 13:10 . 2015-03-23 03:06 159744 ----a-w- c:\windows\system32\aepic.dll
2015-04-08 13:10 . 2015-03-23 02:59 896000 ----a-w- c:\windows\system32\aeinv.dll
2015-04-08 13:10 . 2015-01-27 23:36 1167520 ----a-w- c:\windows\system32\aitstatic.exe
2015-04-08 13:10 . 2015-03-23 03:06 202752 ----a-w- c:\windows\system32\aepdu.dll
2015-03-31 13:47 . 2015-03-31 13:47 -------- d-----w- c:\users\EDSON\AppData\Local\GWX
2015-03-31 13:41 . 2015-04-13 13:24 -------- d-s---w- c:\windows\system32\GWX
2015-03-26 00:06 . 2015-02-13 18:47 30520 ----a-w- c:\windows\system32\WinDivert.dll
2015-03-26 00:06 . 2015-03-26 00:06 -------- d--h--w- c:\program files\GAS Tecnologia
2015-03-26 00:06 . 2015-03-26 00:06 -------- d-----w- c:\program files\Diebold
2015-03-26 00:06 . 2015-02-13 18:47 30936 ----a-w- c:\windows\system32\WinDivert32.sys
2015-03-21 14:59 . 2015-03-21 14:59 -------- d-----w- C:\GodMode.{ED7BA470-8E54-465E-825C-99712043E01C}
2015-03-20 00:08 . 2015-03-20 00:08 -------- d-----w- c:\windows\CheckSur
2015-03-18 20:54 . 2015-03-18 20:54 -------- d-----w- c:\users\EDSON\AppData\Local\Macromedia
.
.
.
((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-03-24 15:41 . 2014-11-16 19:41 35064 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2015-03-18 21:26 . 2015-03-09 20:56 778928 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2015-03-18 21:26 . 2015-03-09 20:56 142512 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2015-03-10 22:37 . 2015-03-10 22:37 13368 ----a-w- c:\windows\system32\drivers\SWDUMon.sys
2015-03-08 12:11 . 2014-10-14 19:32 96680 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2015-02-26 03:11 . 2015-03-10 19:58 2381312 ----a-w- c:\windows\system32\win32k.sys
2015-02-24 21:38 . 2014-10-21 14:40 290304 ----a-w- c:\windows\system32\subinacl.exe
2015-02-24 07:23 . 2014-10-14 18:45 246920 ------w- c:\windows\system32\MpSigStub.exe
2015-02-20 04:13 . 2015-03-10 19:58 26624 ----a-w- c:\windows\system32\lpk.dll
2015-02-20 04:13 . 2015-03-10 19:58 70656 ----a-w- c:\windows\system32\fontsub.dll
2015-02-20 04:13 . 2015-03-10 19:58 10240 ----a-w- c:\windows\system32\dciman32.dll
2015-02-20 04:13 . 2015-03-10 19:58 34304 ----a-w- c:\windows\system32\atmlib.dll
2015-02-20 03:09 . 2015-03-10 19:58 299008 ----a-w- c:\windows\system32\atmfd.dll
2015-02-13 18:50 . 2015-03-23 15:51 1856 ----a-w- c:\windows\Fonts\Warsaw Bold.ttf
2015-02-12 13:00 . 2015-02-12 13:00 208856 ----a-w- c:\windows\system32\drivers\RapportKELL.sys
2015-02-09 16:32 . 2015-02-12 23:31 46552 ----a-w- c:\windows\system32\drivers\GbpKm.sys
2015-02-04 15:23 . 2015-02-04 15:23 875688 ----a-w- c:\windows\system32\msvcr120_clr0400.dll
2015-02-04 02:54 . 2015-03-10 19:57 417792 ----a-w- c:\windows\system32\WMPhoto.dll
2015-02-03 03:16 . 2015-03-10 19:56 78784 ----a-w- c:\windows\system32\drivers\mountmgr.sys
2015-02-03 03:12 . 2015-03-10 19:56 179200 ----a-w- c:\windows\system32\wintrust.dll
2015-02-03 03:12 . 2015-03-10 19:56 617984 ----a-w- c:\windows\system32\wmdrmsdk.dll
2015-02-03 03:12 . 2015-03-10 19:58 1230848 ----a-w- c:\windows\system32\WindowsCodecs.dll
2015-02-03 03:12 . 2015-03-10 19:58 171520 ----a-w- c:\windows\system32\ubpm.dll
2015-02-03 03:12 . 2015-03-10 19:56 4096 ----a-w- c:\windows\system32\msdxm.ocx
2015-02-03 03:12 . 2015-03-10 19:56 4096 ----a-w- c:\windows\system32\dxmasf.dll
2015-02-03 03:12 . 2015-03-10 19:56 50176 ----a-w- c:\windows\system32\setbcdlocale.dll
2015-02-03 03:12 . 2015-03-10 19:56 1329664 ----a-w- c:\windows\system32\quartz.dll
2015-02-03 03:12 . 2015-03-10 19:56 519680 ----a-w- c:\windows\system32\qdvd.dll
2015-02-03 03:12 . 2015-03-10 19:56 442880 ----a-w- c:\windows\system32\AUDIOKSE.dll
2015-02-03 03:12 . 2015-03-10 19:56 157184 ----a-w- c:\windows\system32\pcasvc.dll
2015-02-03 03:12 . 2015-03-10 19:56 28160 ----a-w- c:\windows\system32\pcadm.dll
2015-02-03 03:12 . 2015-03-10 19:56 8192 ----a-w- c:\windows\system32\spwmp.dll
2015-02-03 03:12 . 2015-03-10 19:56 504320 ----a-w- c:\windows\system32\msscp.dll
2015-02-03 03:12 . 2015-03-10 19:56 265216 ----a-w- c:\windows\system32\msnetobj.dll
2015-02-03 03:12 . 2015-03-10 19:56 10752 ----a-w- c:\windows\system32\msmmsp.dll
2015-02-03 03:12 . 2015-03-10 19:56 3209728 ----a-w- c:\windows\system32\mf.dll
2015-02-03 03:12 . 2015-03-10 19:56 354816 ----a-w- c:\windows\system32\mfplat.dll
2015-02-03 03:12 . 2015-03-10 19:56 103424 ----a-w- c:\windows\system32\mfps.dll
2015-02-03 03:12 . 2015-03-10 19:56 489984 ----a-w- c:\windows\system32\evr.dll
2015-02-03 03:12 . 2015-03-10 19:56 275968 ----a-w- c:\windows\system32\EncDump.dll
2015-02-03 03:12 . 2015-03-10 19:56 988160 ----a-w- c:\windows\system32\drmv2clt.dll
2015-02-03 03:12 . 2015-03-10 19:56 406016 ----a-w- c:\windows\system32\drmmgrtn.dll
2015-02-03 03:12 . 2015-03-10 19:56 1174528 ----a-w- c:\windows\system32\crypt32.dll
2015-02-03 03:12 . 2015-03-10 19:56 1005056 ----a-w- c:\windows\system32\cryptui.dll
2015-02-03 03:12 . 2015-03-10 19:56 103936 ----a-w- c:\windows\system32\cryptnet.dll
2015-02-03 03:12 . 2015-03-10 19:56 143872 ----a-w- c:\windows\system32\cryptsvc.dll
2015-02-03 03:12 . 2015-03-10 19:56 81408 ----a-w- c:\windows\system32\cryptsp.dll
2015-02-03 03:12 . 2015-03-10 19:56 744960 ----a-w- c:\windows\system32\blackbox.dll
2015-02-03 03:12 . 2015-03-10 19:56 475136 ----a-w- c:\windows\system32\audiosrv.dll
2015-02-03 03:12 . 2015-03-10 19:56 374784 ----a-w- c:\windows\system32\AudioEng.dll
2015-02-03 03:12 . 2015-03-10 19:56 50688 ----a-w- c:\windows\system32\appidapi.dll
2015-02-03 03:12 . 2015-03-10 19:56 27648 ----a-w- c:\windows\system32\appidsvc.dll
2015-02-03 03:12 . 2015-03-10 19:56 195584 ----a-w- c:\windows\system32\AudioSes.dll
2015-02-03 03:11 . 2015-03-10 19:56 50176 ----a-w- c:\windows\system32\rrinstaller.exe
2015-02-03 03:11 . 2015-03-10 19:56 9728 ----a-w- c:\windows\system32\pcawrk.exe
2015-02-03 03:11 . 2015-03-10 19:56 8192 ----a-w- c:\windows\system32\pcalua.exe
2015-02-03 03:11 . 2015-03-10 19:56 23040 ----a-w- c:\windows\system32\mfpmp.exe
2015-02-03 03:11 . 2015-03-10 19:56 100864 ----a-w- c:\windows\system32\audiodg.exe
2015-02-03 03:11 . 2015-03-10 19:56 96768 ----a-w- c:\windows\system32\appidpolicyconverter.exe
2015-02-03 03:11 . 2015-03-10 19:56 16896 ----a-w- c:\windows\system32\appidcertstorecheck.exe
2015-02-03 03:11 . 2015-03-10 19:56 12625408 ----a-w- c:\windows\system32\wmploc.DLL
2015-02-03 03:10 . 2015-03-10 19:56 8704 ----a-w- c:\windows\system32\pcaevts.dll
2015-02-03 03:09 . 2015-03-10 19:56 2048 ----a-w- c:\windows\system32\mferror.dll
2015-02-03 03:00 . 2015-03-10 19:56 593920 ----a-w- c:\windows\system32\drivers\PEAuth.sys
2015-02-03 02:26 . 2015-03-10 19:56 50176 ----a-w- c:\windows\system32\drivers\appid.sys
2015-01-31 03:33 . 2015-03-10 19:58 2744320 ----a-w- c:\windows\system32\rdpcorets.dll
2015-01-31 03:33 . 2015-03-10 19:58 13824 ----a-w- c:\windows\system32\RdpGroupPolicyExtension.dll
2015-01-31 00:48 . 2015-03-10 19:58 221184 ----a-w- c:\windows\system32\rdpudd.dll
2015-01-30 23:56 . 2015-03-10 19:56 370488 ----a-w- c:\windows\system32\drivers\cng.sys
2015-01-20 17:31 . 2015-01-20 17:31 56680 ----a-w- c:\windows\system32\drivers\ksapi64.sys
2015-01-20 17:31 . 2015-01-20 17:31 81768 ----a-w- c:\windows\system32\drivers\ksapi.sys
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2011-02-26 . 0FB9C74046656D1579A64660AD67B746 . 2616320 . . [6.1.7601.21669] . . c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe
[-] 2011-02-25 . 2A780FF484E7533F35F285BB74A9C2EE . 2788864 . . [6.1.7600.16385] . . c:\windows\explorer.exe
[7] 2011-02-25 . 8B88EBBB05A0E56B7DCC708498C02B3E . 2616320 . . [6.1.7601.17567] . . c:\windows\UXBackup\explorer.exe
[7] 2011-02-25 . 8B88EBBB05A0E56B7DCC708498C02B3E . 2616320 . . [6.1.7601.17567] . . c:\windows\erdnt\cache\explorer.exe
[7] 2011-02-25 . 8B88EBBB05A0E56B7DCC708498C02B3E . 2616320 . . [6.1.7601.17567] . . c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe
[7] 2010-11-20 . 40D777B7A95E00593EB1568C68514493 . 2616320 . . [6.1.7601.17514] . . c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe
.
(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))
.
.
*Nota* entradas vazias e legítimas por padrão não são apresentadas.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UX Launcher"="c:\program files\UX Pack\uxlaunch.exe" [2014-07-22 203979]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"DelayedDesktopSwitchTimeout"= 5 (0x5)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginBb]
2015-03-10 13:37 1864576 ----a-w- c:\program files\GbPlugin\gbieh.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginCef]
2014-11-28 13:01 1789792 ----a-w- c:\program files\GbPlugin\gbiehcef.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Speed Launcher]
1427732995 [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2014-11-20 18:13 1021128 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Diebold - Warsaw]
2015-02-13 18:47 507704 ----a-w- c:\program files\Diebold\Warsaw\core.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gadwin PrintScreen Pro (32-bit)]
2014-10-14 08:12 12553384 ----a-w- c:\program files\Gadwin\Gadwin PrintScreenPro\PrintScreenPro32.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2015-02-11 01:26 335232 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
R2 MetroServ;WinMetro Service;c:\program files\IObit\WinMetro\MetroSvc.exe [2013-01-25 314176]
R2 Warsaw Technology;Warsaw Technology;c:\program files\Diebold\Warsaw\core.exe [2015-02-13 507704]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2015-03-13 102912]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 14848]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2013-10-02 49152]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
S0 GbpKm;Gbp KernelMode;c:\windows\system32\drivers\gbpkm.sys [2015-02-09 46552]
S0 RapportKELL;RapportKELL;c:\windows\System32\Drivers\RapportKELL.sys [2015-02-12 208856]
S1 ndisrd;GAS Tecnologia Filter Driver;c:\windows\system32\DRIVERS\gbpndisrdn.sys [2014-10-14 29400]
S1 RapportCerberus_80128;RapportCerberus_80128;c:\programdata\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_80128.sys [2015-02-24 472152]
S1 RapportEI;RapportEI;c:\program files\Trusteer\Rapport\bin\RapportEI.sys [2015-02-12 251640]
S1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [2015-02-12 332696]
S2 GbpSv;Gbp Service;c:\progra~1\GbPlugin\GbpSv.exe [2015-01-20 565560]
S2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [2015-02-12 1919256]
S2 uxpatch;uxpatch;c:\windows\system32\drivers\uxpatch.sys [2009-07-13 25448]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2000-01-01 716504]
.
.
--- =Outros Serviços/Drivers Na Memória ---
.
*Deregistered* - GbFtIn
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS fdrespub AppIDSvc QWAVE wcncsvc SensrSvc
.
Conteúdo da pasta 'Tarefas Agendadas'
.
2015-03-21 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-03-09 21:26]
.
.
------- Scan Suplementar -------
.
uStart Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
mStart Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
mSearch Bar = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Trusted Zone: bancobrasil.com.br\www
Trusted Zone: bancobrasil.com.br\www14
Trusted Zone: bancobrasil.com.br\www2
Trusted Zone: bb.com.br\seg
Trusted Zone: bb.com.br\www
Trusted Zone: caixa.gov.br\imagem
Trusted Zone: caixa.gov.br\imagem2
Trusted Zone: caixa.gov.br\internetbanking
Trusted Zone: caixa.gov.br\internetbankingpf
Trusted Zone: caixa.gov.br\www
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\EDSON\AppData\Roaming\Mozilla\Firefox\Profiles\v8df52b4.dev-edition-default\
FF - prefs.js: browser.startup.homepage - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
.
.
Tempo para conclusão: 2015-04-17 16:52:40
ComboFix-quarantined-files.txt 2015-04-17 19:52
.
Pré-execução: 482.119.954.432 bytes disponíveis
Pós execução: 481.838.194.688 bytes disponíveis
.
- - End Of File - - C3BD904704DF96B7B40616DB8C2F38F0
A36C5E4F47E84449FF07ED3517B43A31


Me parece que este mgcscrd.sys tem algo relacionado com o IB da CEF !

Interessante fiquei sem usar o pc uns 4 dias e cheio de novidades ruins . Navegador mozilla travando, gerenciador de tarefas não abrindo, depois navegadores nenhum iniciando e estas pragas !

Abraços

/!\ Boa Noite! Agente da C&A /!\

> E os navegadores,já se normalizaram?

> Baixe: < [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] >

> Caso encontre dificuldades ou bloqueio ao realizar o download,utilize o navegador Internet Explorer.
> Salve-a no desktop!
> Para Windows 7 e 8,execute-o com clique direito do mouse.
> Escolha: Executar como administrador! ( Windows Vista, 7 ,8 e 8.1 ) (32 e 64 bits)
> Para Windows XP,basta duplo-clique em CTR.exe.
> Aguarde a finalização,que é rápida!
> Poste o relatório! ( CTR.txt )

> Baixe: < [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] > ( ... by Farbar )

> No banner,àcima,é para sistemas 32bits!

< [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] > 

> No link àcima,é para sistemas 64bits!
> Salve-o no desktop! (Área de trabalho ...)
> Execute a ferramenta! Clique "Yes" >> "Scan".

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

> Antes de clicar "Scan",verifique se as caixinhas em "Whitelist" estão assinaladas.
> Em "Optional Scan",deixe marcada a checkbox "Addition.txt".
> Ps: Será gerado,também,o relatório "Addition.txt" que estará disponibilizado na 1ª execução da ferramenta.
> Poste os relatórios! (FRST.txt + Addition.txt)

> Como o log será extenso,envie-o à [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] > 

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

> O link ao relatório,que é este assinalado,deverá ser colado em sua resposta.

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

> Ou clique "Copier le lien (*)" e cole o link ao seu Post.

A+

Boa  noite !


Rapport de Contrôle restrictions Pierre13 (CTR version 2.0.0.2 ) du 17\04\2015 à 21:48:43
PC de EDSON
Windows 7 Ultimate Service Pack 1 (32 bits)

Réparation erreur 2203 effectuée.

Contrôle présence restrictions

[TROJ_POWELIKS.B] clé feature_browser_emulation supprimée.
[BKDR_BLACKEN.A] clé Check_Associations supprimée.
[BKDR_BLACKEN.A] clé DisableFirstRunCustomize supprimée.
[BKDR_BLACKEN.A] clé PhishingFilter corrigée.
Autorisation installation sponsor Java supprimée.
Restriction Affichage Documents récents supprimée.
Restriction Affichage Documents supprimée.
Restriction synchronisation en arrière-plan des flux d’informations et des Web Slices supprimée.
Restriction découverte des flux RSS et des Web Slices supprimée.
Clé registre de restrictions générale supprimée.
Pavé numérique activé.
Restriction utilisateur pour Windows Installer supprimée.
Recherche Windows Update rétablie.
Service Pare feu Windows activé.
Paramètres Pare feu Windows rétablis par défaut et activé.

233 restrictions contrôlées.

13 restriction(s) réparée(s).
Re démarrer le PC pour prendre en compte la ou les réparations.


Le rapport est sur le bureau (C:\Users\EDSON\Desktop\CTR.txt)


[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]


Os  navegadores após a remoção destes .sys ; normalizaram .  Só o mozilla developer as vezes trava ao rolar favoritos .

Abraços

/!\ Boa Noite! Agente da C&A /!\

> Baixe: < [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] > ( ... de Pierre13 )
> Salve-o no desktop!
> Para Windows Vista e 7,execute "SFTGC.exe" como administrador!

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

> Execute-o e clique "Go".
> Aguarde seu término,que é rápido.
> Poste o relatório! ( SFT.txt )
> Ps: De acordo com o tamanho do relatório,não poste-o diretamente!

> Acesse,para esta tarefa! < [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] >

> Copie estas informações que estão em vermelho,para o Bloco de Notas.
> Salve-as com o nome fixlist. << Texto!
> Salve-as no desktop! ( Área de trabalho ... )
> Ps: Modifique o local para: C:\Users\EDSON\Downloads <<

start
CloseProcesses:
emptytemp:
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1783420540-2071620594-760296276-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
S3 catchme; \??\C:\Users\EDSON\AppData\Local\Temp\catchme.sys [X]
CreateRestorePoint:
Reboot:
end

> Execute FRST/FRST64 >> Clique "Fix" << Aguarde!
> Na mensagem,clique Executar. 
> Poste o relatório! (Fixlog.txt)

A+

Boa  noite !


[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]


Abraços

/!\ Boa Noite! Agente da C&A /!\

> Não rodou o script na FRST?

> Caso não haja mais problemas,remova as ferramentas que foram utilizadas na desinfecção!

> Baixe: < [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] > ( ... de Xplode )

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

> Estando na página,clique em Download Now. 
> Salve-a em um local conveniente! ( desktop! )
> Feche aplicativos que estejam abertos.

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

> Remover ferramentas de desinfecção
> Criar backup do registro
> Limpar pontos da restauração do sistema

> Com estas caixinhas marcadas,clique Executar!
> Reinicie o computador ao concluir!
> Tudo Ok?

A+

Rodei sim . Editei o post .


Abraços

/!\ Boa Noite! Agente da C&A /!\

> Como está a máquina?  

Abs!

Boa tarde !

Navegadores e sistema rápidos, com exceção do mozilla  ( mas creio que seja devido a versão developer;  já removi e instalei novamente e nada ) que está travando (  chega à travar junto ainda o gerenciador de tarefas ) .

Não  consigo atualizar o java para o 8 up 45 !   Consta o erro 1603 !!

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]


Origem de tudo aqui abaixo .  Lembra ?

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]



JavaRa 1.16 Removal Log.

Report follows after line.

------------------------------------

The JavaRa removal process was started on Sat Apr 18 12:36:46 2015

There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-ABCDEFFDCBA}. The error returned was 124.

There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0001-ABCDEFFDCBA}. The error returned was 124.

There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0002-ABCDEFFDCBA}. The error returned was 124.

There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0003-ABCDEFFDCBA}. The error returned was 124.

There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0004-ABCDEFFDCBA}. The error returned was 124.

There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0005-ABCDEFFDCBA}. The error returned was 124.

There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0006-ABCDEFFDCBA}. The error returned was 124.

There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0007-ABCDEFFDCBA}. The error returned was 124.

There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0008-ABCDEFFDCBA}. The error returned was 124.

There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0009-ABCDEFFDCBA}. The error returned was 124.

There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0010-ABCDEFFDCBA}. The error returned was 124.

There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0011-ABCDEFFDCBA}. The error returned was 124.

There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0012-ABCDEFFDCBA}. The error returned was 124.

There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0013-ABCDEFFDCBA}. The error returned was 124.

There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0014-ABCDEFFDCBA}. The error returned was 124.

There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0015-ABCDEFFDCBA}. The error returned was 124.

There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0016-ABCDEFFDCBA}. The error returned was 124.

There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0017-ABCDEFFDCBA}. The error returned was 124.

There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0018-ABCDEFFDCBA}. The error returned was 124.

There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0019-ABCDEFFDCBA}. The error returned was 124.

There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0020-ABCDEFFDCBA}. The error returned was 124.

There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0021-ABCDEFFDCBA}. The error returned was 124.

There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0022-ABCDEFFDCBA}. The error returned was 124.

Found and removed: Applications\java.exe

Found and removed: Applications\javaw.exe

Found and removed: JavaScript

Found and removed: JavaScript Author

Found and removed: JavaScript1.1

Found and removed: JavaScript1.1 Author

Found and removed: JavaScript1.2

Found and removed: JavaScript1.2 Author

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4A03706F-666A-4037-7777-5F2748764D10}

------------------------------------

Finished reporting.


E atualmente poucos programas :

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]




Abraços

/!\ Boa Noite! Agente da C&A /!\

< [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] >

> Já tentou esta dica?

< [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] >

> Aqui houve uma solução para o erro ao Firefox,onde o utilizador tinha sistema 64bits e o plugin-container causava problemas em páginas que dependiam de aplicações java.
--
--
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2015-03-13 102912]
--
--
> O seu Windows 7 aceitou o "[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]",que é para uso no Windows 8.1?

> Selecione e copie,o conteúdo que está na "Quote",para o Bloco de Notas.
> Salve-o,no desktop,com o nome: CFScript << Texto!

FCopy::
c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe | c:\windows\explorer.exe

Reglock::
[HKEY_USERS\S-1-5-21-1783420540-2071620594-760296276-1000_Classes\CLSID]
[HKEY_USERS\S-1-5-21-1783420540-2071620594-760296276-1000_Classes\CLSID\{0783EB25-59F8-4F02-B6B0-F1D4349F0007}]
[HKEY_USERS\S-1-5-21-1783420540-2071620594-760296276-1000_Classes\CLSID\{0783EB25-59F8-4F02-B6B1-F1D4349F0007}]

Folder::
c:\users\EDSON\AppData\Roaming\ZHP

> Desabilite,temporariamente,seu antivírus.
> Ps: Não utilizem este script em outra máquina!
> Arraste,o CFScript.txt para o ícone/interior do ComboFix.
> Veja a demonstração!

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

> Atenda à solicitação,que deverá surgir,para rodar o ComboFix.
> Ps: Faça o arraste,até surgir essa solicitação! ( janela )
> Caso apareça alguma mensagem para atualizar a ferramenta,clique Sim!
> Concluindo,poste: C:\ComboFix.txt <<

A+

Boa tarde !

Então joram .  Já tinha comentado sobre em ter um tema do 8 e se seria possível  este tema/pach puxar atualizações do win 8 .
Já percebi isto aqui e faz  tempo ; pois 5 meses já  com este tema que inclusive muito  bom ; pois há vários recursos do 8 .

Em relação à estas chaves bloqueadas do java ( até então não estava  mais no pc  )  removi  todas .
Em relação à chave bloqueada do IB da CEF (  ainda no pc )  removi também .

Excluindo tudo  que era do  java ; manualmente ; e instalando novamente com o seu  aplicativo foi se removendo versões que nem imaginava que estaria aqui ;  a  8 up  31 .   Logo java atual no pc ;  8 up 45 !

Comunico lhes que mudou bem o diagnóstico do  sistema .


Abraços

Boa tarde !

Então joram .  Já tinha comentado sobre em ter um tema do 8 e se seria possível  este tema/pach puxar atualizações do win 8 .
Já percebi isto aqui e faz  tempo ; pois 5 meses já  com este tema que inclusive muito  bom ; pois há vários recursos do 8 .

Ou  em função do   c:\windows\system32\GWX  .

Em relação à estas chaves bloqueadas do java ( até então não estava  mais no pc  )  removi  todas .
Em relação à chave bloqueada do IB da CEF (  ainda no pc )  removi também .

Excluindo tudo  que era do  java ; manualmente ; e instalando novamente com o seu  aplicativo foi se removendo versões que nem imaginava que estaria aqui ;  a  8 up  31 .   Logo java atual no pc ;  8 up 45 !

Comunico lhes que mudou bem o diagnóstico do  sistema .


DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 11.0.9600.17728  BrowserJavaVersion: 11.45.2
Run by EDSON at 14:22:40 on 2015-04-19
Microsoft Windows 7 Home Basic   6.1.7601.1.1252.55.1046.18.1981.924 [GMT -3:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\PROGRA~1\GbPlugin\GbpSv.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Gadwin\Gadwin PrintScreenPro\PrintScreenPro32.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\UX Pack\WinMetro\MetroBar.exe
C:\Program Files\UX Pack\WinMetro\MetroStart.exe
C:\Program Files\UX Pack\Aura\Aura.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Windows\System32\wbem\WmiApSrv.exe
C:\Windows\system32\DllHost.exe
C:\Program Files\Firefox Developer Edition\firefox.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k secsvcs
.
============== Pseudo HJT Report ===============
.
uStart Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
mStart Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
mSearch Bar = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre1.8.0_45\bin\ssv.dll
BHO: GbIehObj Class: {C41A1C0E-EA6C-11D4-B1B8-444553540000} - c:\program files\gbplugin\gbieh.dll
BHO: GbIehObj Class: {C41A1C0E-EA6C-11D4-B1B8-444553540003} - c:\program files\gbplugin\gbiehcef.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre1.8.0_45\bin\jp2ssv.dll
uRun: [Gadwin PrintScreen Pro (32-bit)] "c:\program files\gadwin\gadwin printscreenpro\PrintScreenPro32.exe" /nosplash
mRun: [UX Launcher] c:\program files\ux pack\uxlaunch.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
uPolicies-Explorer: NoDrives = dword:0
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{B6593E2F-8562-4A36-878B-62693DC80EC1} : DHCPNameServer = 192.168.0.1
Notify:  GbPluginBb - c:\program files\gbplugin\gbieh.dll
Notify:  GbPluginCef - c:\program files\gbplugin\gbiehCef.dll
Notify: igfxcui - igfxdev.dll
SEH: GbPluginObj Class - {E37CB5F0-51F5-4395-A808-5FA49E399F83} - c:\program files\gbplugin\gbieh.dll
SEH: GbPluginObj Class - {E37CB5F0-51F5-4395-A808-5FA49E399003} - c:\program files\gbplugin\gbiehcef.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\edson\appdata\roaming\mozilla\firefox\profiles\v8df52b4.dev-edition-default\
FF - prefs.js: browser.startup.homepage - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
FF - plugin: c:\program files\adobe\reader 11.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\java\jre1.8.0_45\bin\dtplugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre1.8.0_45\bin\plugin2\npjp2.dll
FF - plugin: c:\users\edson\appdata\local\gas tecnologia\gbbd\npsf_cef.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_17_0_0_134.dll
.
============= SERVICES / DRIVERS ===============
.
R0 GbpKm;Gbp KernelMode;c:\windows\system32\drivers\GbpKm.sys [2015-2-12 46552]
R0 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [2015-2-12 208856]
R1 ignkfebb;ignkfebb;c:\windows\system32\drivers\ignkfebb.sys [2015-4-18 258392]
R1 ndisrd;GAS Tecnologia Filter Driver;c:\windows\system32\drivers\gbpndisrdn.sys [2014-10-14 29400]
R1 RapportCerberus_80128;RapportCerberus_80128;c:\programdata\trusteer\rapport\store\exts\rapportcerberus\baseline\RapportCerberus32_80128.sys [2015-2-24 472152]
R1 RapportEI;RapportEI;c:\program files\trusteer\rapport\bin\RapportEI.sys [2015-2-12 251640]
R1 RapportPG;RapportPG;c:\program files\trusteer\rapport\bin\RapportPG.sys [2015-2-12 332696]
R2 GbpSv;Gbp Service;c:\progra~1\gbplugin\GbpSv.exe [2015-3-20 565560]
R2 RapportMgmtService;Rapport Management Service;c:\program files\trusteer\rapport\bin\RapportMgmtService.exe [2015-2-12 1919256]
R2 uxpatch;uxpatch;c:\windows\system32\drivers\uxpatch.sys [2009-7-13 25448]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2014-11-1 716504]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2014-4-11 103608]
S2 MetroServ;WinMetro Service;c:\program files\iobit\winmetro\MetroSvc.exe [2014-11-16 314176]
S2 Warsaw Technology;Warsaw Technology;c:\program files\diebold\warsaw\core.exe [2015-3-25 507704]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\ieetwcollector.exe [2015-4-15 102912]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2014-10-14 14848]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2014-10-14 49152]
S3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
.
=============== File Associations ===============
.
ShellExec: Opera.exe: open="c:\program files\opera\Launcher.exe" "%1"
.
=============== Created Last 30 ================
.
2015-04-19 00:41:50    96680    ----a-w-    c:\windows\system32\WindowsAccessBridge.dll
2015-04-19 00:41:13    --------    d-----w-    c:\programdata\Oracle
2015-04-18 18:47:21    258392    ------w-    c:\windows\system32\drivers\ignkfebb.sys
2015-04-18 17:59:41    12568    ----a-w-    c:\windows\system32\drivers\PROCEXP113.SYS
2015-04-18 17:59:07    --------    d-sh--w-    C:\$RECYCLE.BIN
2015-04-18 14:40:41    --------    d-----w-    c:\program files\Firefox Developer Edition
2015-04-17 22:40:23    --------    d-----w-    c:\users\edson\appdata\roaming\ZHP
2015-04-17 13:13:49    9119072    ----a-w-    c:\programdata\microsoft\windows defender\definition updates\{14ea0ce1-e014-492c-9dec-6add770d210f}\mpengine.dll
2015-04-15 12:43:46    514560    ----a-w-    c:\windows\system32\drivers\http.sys
2015-04-15 12:43:42    2048    ----a-w-    c:\windows\system32\msxml3r.dll
2015-04-15 12:43:42    1237504    ----a-w-    c:\windows\system32\msxml3.dll
2015-04-12 00:46:04    --------    d-----w-    c:\users\edson\appdata\local\temp
2015-04-12 00:34:58    92672    ----a-w-    c:\windows\system32\wudriver.dll
2015-04-12 00:34:58    50176    ----a-w-    c:\windows\system32\WinSetupUI.dll
2015-04-12 00:34:58    33792    ----a-w-    c:\windows\system32\wuapp.exe
2015-04-12 00:34:58    3088384    ----a-w-    c:\windows\system32\wucltux.dll
2015-04-12 00:34:58    173056    ----a-w-    c:\windows\system32\wuwebv.dll
2015-04-12 00:34:58    11776    ----a-w-    c:\windows\system32\wu.upgrade.ps.dll
2015-04-10 15:40:03    --------    d-----w-    c:\users\edson\appdata\local\GAS Tecnologia
2015-04-08 13:12:10    --------    d-s---w-    c:\windows\system32\CompatTel
2015-04-08 13:12:10    --------    d-----w-    c:\windows\system32\appraiser
2015-04-08 13:10:01    896000    ----a-w-    c:\windows\system32\aeinv.dll
2015-04-08 13:10:01    860160    ----a-w-    c:\windows\system32\appraiser.dll
2015-04-08 13:10:01    630784    ----a-w-    c:\windows\system32\invagent.dll
2015-04-08 13:10:01    576000    ----a-w-    c:\windows\system32\generaltel.dll
2015-04-08 13:10:01    331264    ----a-w-    c:\windows\system32\devinv.dll
2015-04-08 13:10:01    26112    ----a-w-    c:\windows\system32\acmigration.dll
2015-04-08 13:10:01    159744    ----a-w-    c:\windows\system32\aepic.dll
2015-04-08 13:10:01    1167520    ----a-w-    c:\windows\system32\aitstatic.exe
2015-04-08 13:10:00    202752    ----a-w-    c:\windows\system32\aepdu.dll
2015-03-31 13:47:30    --------    d-----w-    c:\users\edson\appdata\local\GWX
2015-03-31 13:41:00    --------    d-s---w-    c:\windows\system32\GWX
2015-03-26 00:06:36    30520    ----a-w-    c:\windows\system32\WinDivert.dll
2015-03-26 00:06:32    30936    ----a-w-    c:\windows\system32\WinDivert32.sys
2015-03-26 00:06:32    --------    d--h--w-    c:\program files\GAS Tecnologia
2015-03-26 00:06:32    --------    d-----w-    c:\program files\Diebold
2015-03-21 14:59:53    --------    d-----w-    C:\GodMode.{ED7BA470-8E54-465E-825C-99712043E01C}
.
==================== Find3M  ====================
.
2015-04-18 00:10:11    290304    ----a-w-    c:\windows\system32\subinacl.exe
2015-03-24 15:41:58    35064    ----a-w-    c:\windows\system32\drivers\TrueSight.sys
2015-03-18 21:26:45    778928    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2015-03-18 21:26:44    142512    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2015-03-17 05:01:09    3976632    ----a-w-    c:\windows\system32\ntkrnlpa.exe
2015-03-17 05:01:09    3920824    ----a-w-    c:\windows\system32\ntoskrnl.exe
2015-03-17 05:01:08    67512    ----a-w-    c:\windows\system32\drivers\ksecdd.sys
2015-03-17 05:01:08    137656    ----a-w-    c:\windows\system32\drivers\ksecpkg.sys
2015-03-17 04:59:26    1306112    ----a-w-    c:\windows\system32\ntdll.dll
2015-03-17 04:57:25    172032    ----a-w-    c:\windows\system32\wdigest.dll
2015-03-17 04:57:21    65536    ----a-w-    c:\windows\system32\TSpkg.dll
2015-03-17 04:57:20    43008    ----a-w-    c:\windows\system32\srclient.dll
2015-03-17 04:57:20    400896    ----a-w-    c:\windows\system32\srcore.dll
2015-03-17 04:57:20    15872    ----a-w-    c:\windows\system32\sspisrv.dll
2015-03-17 04:57:20    100352    ----a-w-    c:\windows\system32\sspicli.dll
2015-03-17 04:57:17    248832    ----a-w-    c:\windows\system32\schannel.dll
2015-03-17 04:57:17    22016    ----a-w-    c:\windows\system32\secur32.dll
2015-03-17 04:57:12    221184    ----a-w-    c:\windows\system32\ncrypt.dll
2015-03-17 04:57:11    259584    ----a-w-    c:\windows\system32\msv1_0.dll
2015-03-17 04:57:07    550912    ----a-w-    c:\windows\system32\kerberos.dll
2015-03-17 04:57:07    1061376    ----a-w-    c:\windows\system32\lsasrv.dll
2015-03-17 04:56:59    38912    ----a-w-    c:\windows\system32\csrsrv.dll
2015-03-17 04:56:59    17408    ----a-w-    c:\windows\system32\credssp.dll
2015-03-17 04:56:43    69632    ----a-w-    c:\windows\system32\smss.exe
2015-03-17 04:56:38    262656    ----a-w-    c:\windows\system32\rstrui.exe
2015-03-17 04:56:28    22528    ----a-w-    c:\windows\system32\lsass.exe
2015-03-17 04:56:15    50176    ----a-w-    c:\windows\system32\auditpol.exe
2015-03-17 04:53:35    60416    ----a-w-    c:\windows\system32\msobjs.dll
2015-03-17 04:53:13    146432    ----a-w-    c:\windows\system32\msaudite.dll
2015-03-17 04:50:47    6656    ----a-w-    c:\windows\system32\apisetschema.dll
2015-03-17 04:50:43    686080    ----a-w-    c:\windows\system32\adtschema.dll
2015-03-13 03:42:18    2724864    ----a-w-    c:\windows\system32\mshtml.tlb
2015-03-13 03:42:03    4096    ----a-w-    c:\windows\system32\ieetwcollectorres.dll
2015-03-13 03:28:48    503296    ----a-w-    c:\windows\system32\vbscript.dll
2015-03-13 03:28:37    62464    ----a-w-    c:\windows\system32\iesetup.dll
2015-03-13 03:27:51    47616    ----a-w-    c:\windows\system32\ieetwproxystub.dll
2015-03-13 03:27:35    340992    ----a-w-    c:\windows\system32\html.iec
2015-03-13 03:26:19    64000    ----a-w-    c:\windows\system32\MshtmlDac.dll
2015-03-13 03:16:26    115712    ----a-w-    c:\windows\system32\ieUnatt.exe
2015-03-13 03:16:24    102912    ----a-w-    c:\windows\system32\ieetwcollector.exe
2015-03-13 03:15:40    620032    ----a-w-    c:\windows\system32\jscript9diag.dll
2015-03-13 03:09:27    667648    ----a-w-    c:\windows\system32\MsSpellCheckingFacility.exe
2015-03-13 03:01:16    60416    ----a-w-    c:\windows\system32\JavaScriptCollectionAgent.dll
2015-03-13 02:49:21    4305408    ----a-w-    c:\windows\system32\jscript9.dll
2015-03-13 02:43:41    2052608    ----a-w-    c:\windows\system32\inetcpl.cpl
2015-03-13 02:42:47    1155072    ----a-w-    c:\windows\system32\mshtmlmedia.dll
2015-03-13 02:20:28    1888256    ----a-w-    c:\windows\system32\wininet.dll
2015-03-10 22:37:24    13368    ----a-w-    c:\windows\system32\drivers\SWDUMon.sys
2015-03-05 04:06:01    305152    ----a-w-    c:\windows\system32\gdi32.dll
2015-03-04 04:16:14    249784    ----a-w-    c:\windows\system32\clfs.sys
2015-03-04 04:10:54    58880    ----a-w-    c:\windows\system32\clfsw32.dll
2015-02-26 03:11:26    2381312    ----a-w-    c:\windows\system32\win32k.sys
2015-02-24 07:23:36    246920    ------w-    c:\windows\system32\MpSigStub.exe
2015-02-20 04:13:52    26624    ----a-w-    c:\windows\system32\lpk.dll
2015-02-20 04:13:49    70656    ----a-w-    c:\windows\system32\fontsub.dll
2015-02-20 04:13:46    10240    ----a-w-    c:\windows\system32\dciman32.dll
2015-02-20 04:13:43    34304    ----a-w-    c:\windows\system32\atmlib.dll
2015-02-20 03:09:16    299008    ----a-w-    c:\windows\system32\atmfd.dll
2015-02-13 18:50:06    1856    ----a-w-    c:\windows\fonts\Warsaw Bold.ttf
2015-02-12 13:00:04    208856    ----a-w-    c:\windows\system32\drivers\RapportKELL.sys
2015-02-09 16:32:38    46552    ----a-w-    c:\windows\system32\drivers\GbpKm.sys
2015-02-04 15:23:14    875688    ----a-w-    c:\windows\system32\msvcr120_clr0400.dll
2015-02-04 02:54:09    417792    ----a-w-    c:\windows\system32\WMPhoto.dll
2015-02-03 03:16:30    78784    ----a-w-    c:\windows\system32\drivers\mountmgr.sys
2015-02-03 03:11:55    50176    ----a-w-    c:\windows\system32\rrinstaller.exe
2015-02-03 03:11:52    9728    ----a-w-    c:\windows\system32\pcawrk.exe
2015-02-03 03:11:52    8192    ----a-w-    c:\windows\system32\pcalua.exe
2015-02-03 03:11:48    23040    ----a-w-    c:\windows\system32\mfpmp.exe
2015-02-03 03:11:35    96768    ----a-w-    c:\windows\system32\appidpolicyconverter.exe
2015-02-03 03:11:35    16896    ----a-w-    c:\windows\system32\appidcertstorecheck.exe
2015-02-03 03:11:35    100864    ----a-w-    c:\windows\system32\audiodg.exe
2015-02-03 03:11:18    12625408    ----a-w-    c:\windows\system32\wmploc.DLL
2015-02-03 03:10:13    8704    ----a-w-    c:\windows\system32\pcaevts.dll
2015-02-03 03:09:03    2048    ----a-w-    c:\windows\system32\mferror.dll
2015-02-03 03:00:23    593920    ----a-w-    c:\windows\system32\drivers\PEAuth.sys
2015-02-03 02:26:42    50176    ----a-w-    c:\windows\system32\drivers\appid.sys
2015-01-31 03:33:06    2744320    ----a-w-    c:\windows\system32\rdpcorets.dll
2015-01-31 03:33:06    13824    ----a-w-    c:\windows\system32\RdpGroupPolicyExtension.dll
2015-01-31 00:48:45    221184    ----a-w-    c:\windows\system32\rdpudd.dll
2015-01-30 23:56:12    370488    ----a-w-    c:\windows\system32\drivers\cng.sys
2015-01-20 17:31:47    56680    ----a-w-    c:\windows\system32\drivers\ksapi64.sys
2015-01-20 17:31:46    81768    ----a-w-    c:\windows\system32\drivers\ksapi.sys
.
============= FINISH: 14:24:46,60 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Basic
Boot Device: \Device\HarddiskVolume1
Install Date: 14/10/2014 15:30:30
System Uptime: 19/04/2015 07:25:19 (7 hours ago)
.
Motherboard: MEGA |  | G41T-M7 LGT
Processor: Intel(R) Celeron(R) CPU        E3400  @ 2.60GHz | CPU 1 | 2593/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 466 GiB total, 449,077 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP724: 18/04/2015 22:12:55 - PS
.
==== Installed Programs ======================
.
Adobe Flash Player 17 NPAPI
Adobe Reader XI (11.0.10) - Português
Firefox Developer Edition 39.0a2 (x86 pt-BR)
Gadwin PrintScreenPro (32-Bit)
Java 8 Update 45
Java Auto Updater
Microsoft .NET Framework 4.5.2
Microsoft .NET Framework 4.5.2 (Português do Brasil)
Microsoft .NET Framework 4.5.2 (PTB)
Opera Stable 28.0.1750.51
Proteção de Terminal Trusteer
Rapport
Revo Uninstaller 1.95
Security Update for Microsoft .NET Framework 4.5.2 (KB3037581)
UxStyle Core Beta
Warsaw 1.5.1.8886 32 bits
Windows 8 Transformation Pack
WinMetro
.
==== End Of File ===========================

Abraços

/!\ Boa Tarde! Agente da C&A /!\

Agente da C&A escreveu:Então joram .  Já tinha comentado sobre em ter um tema do 8 e se seria possível este tema/pach puxar atualizações do win 8 .

> Se nunca bugou e oferece estas facilidades,então poderia ser divulgado para download...pelo menos,experimentalmente. 
> Agora...quanto a baixar atualizações do Windows 8 para o seu Windows 7,não creio nessa possibilidade.

Agente da C&A escreveu:Em relação à estas chaves bloqueadas do java ( até então não estava  mais no pc  )  removi  todas .
Em relação à chave bloqueada do IB da CEF (  ainda no pc )  removi também .

--
--
FCopy::
c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe | c:\windows\explorer.exe

Folder::
c:\users\EDSON\AppData\Roaming\ZHP
--
--
> Então,nestas condições,o CFScript seria apenas para cópia e substituição de versão atualizada do explorer.exe,disponibilizado em cache. ( [6.1.7600.16385] >> ]6.1.7601.21669] )
> Caso queira pode experienciar esta substituição!

Agente da C&A escreveu:Comunico lhes que mudou bem o diagnóstico do  sistema.

> Sim! O log do DDS está perfeito e não vi nada comprometedor.

A+

Bom dia !


Acredito eu que o pc está normal e limpo .   O  perigo então realmente está no uso de bancos virtuais .
Uma nova modalidade de ataques neles .  Quanto menos usar melhor .  Um  uso deslimitado abre brechas  para os crakers ( hackers do  mal ) .  Através dos  próprios dispositivos de seguranças dos  internet banking´s .


Abraços

CASO RESOLVIDO!

Necessitando novo auxílio para este computador,basta abrir "[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]" e relatar o problema.