Ir para conteúdo

POWERED BY:

Arquivado

Este tópico foi arquivado e está fechado para novas respostas.

Luca Albuquerque

[Arquivado] &nbspAntivirus MSE parece estar corrompido

Recommended Posts

Galera, uso o antivirus da Microsoft, o Microsoft Security Essentials. Até ai tudo bem,

 

Ontem, ele do nada fexo, e quando fui abri-lo, ele deu um erro :

 

An Error has occurred in the program. Try to open it again. If this problem continues, you´ll need to reinstal Microsoft Security Client.

 

Error Code: 0x8007064ea

 

Tentei desinstala-lo pelo desinstalador, parece que ele está corrompido tambem, poia ele exibi erro...

 

Ja tentei reinstalaar ele, mas da o seguinte erro:

 

X Não é possivel concluir a instalaçaão do Security Essentials

 

Um erro impediu a conclusão bem-sucedida do assisatente de instalação do Security Essentials, Reinicie o Computador e tente novamente

 

Código de erro: 0x80070643

 

----------------------------------

 

Ja tentei usar o Revo Uninstaller, mas não resolveu, entao vim pra ca... Ja gerei o log do hjackhis , Ai Está:

 

 

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 08:36:51, on 11/7/aaaa
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\csrss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\ARQUIV~1\GbPlugin\GbpSv.exe
C:\windows\system32\svchost.exe
C:\windows\system32\svchost.exe
c:\Arquivos de programas\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\windows\System32\svchost.exe
C:\windows\system32\svchost.exe
C:\windows\system32\svchost.exe
C:\windows\Explorer.EXE
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\system32\spoolsv.exe
C:\windows\system32\svchost.exe
C:\Arquivos de programas\SUPERAntiSpyware\SASCORE.EXE
c:\xampp\apache\bin\httpd.exe
C:\Arquivos de programas\Application Updater\ApplicationUpdater.exe
C:\windows\system32\svchost.exe
C:\Arquivos de programas\Java\jre6\bin\jqs.exe
C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\mdm.exe
c:\xampp\mysql\bin\mysqld.exe
C:\windows\system32\PnkBstrA.exe
C:\windows\system32\svchost.exe
C:\Arquivos de programas\TeamViewer\Version6\TeamViewer_Service.exe
C:\xampp\apache\bin\httpd.exe
C:\windows\System32\alg.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\windows\system32\msiexec.exe
C:\HiJackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT2801948
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = socks=
R3 - URLSearchHook: IObit Toolbar - {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - C:\Arquivos de programas\IObit Toolbar\IE\4.5\iobitToolbarIE.dll
R3 - URLSearchHook: (no name) - {12fc3d37-2a42-4fe3-8489-81296878cba5} - (no file)
R3 - URLSearchHook: NCH EN Toolbar - {37483b40-c254-4a72-bda4-22ee90182c1e} - C:\Arquivos de programas\NCH_EN\prxtbNCH_.dll
O2 - BHO: IObit Toolbar - {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - C:\Arquivos de programas\IObit Toolbar\IE\4.5\iobitToolbarIE.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: NCH EN - {37483b40-c254-4a72-bda4-22ee90182c1e} - C:\Arquivos de programas\NCH_EN\prxtbNCH_.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll
O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbiehCef.dll
O2 - BHO: G-Buster Browser Defense Unibanco - {C41A1C0E-EA6C-11D4-B1B8-444553540008} - C:\ARQUIV~1\GbPlugin\gbiehUni.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: IObit Toolbar - {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - C:\Arquivos de programas\IObit Toolbar\IE\4.5\iobitToolbarIE.dll
O3 - Toolbar: NCH EN Toolbar - {37483b40-c254-4a72-bda4-22ee90182c1e} - C:\Arquivos de programas\NCH_EN\prxtbNCH_.dll
O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\windows\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Arquivos de programas\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\ARQUIV~1\ARQUIV~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\ARQUIV~1\ARQUIV~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Startup: [b2] Gmail Notifier.lnk = C:\Arquivos de programas\[b2] Gmail Notifier\[b2] Gmail Notifier.exe
O8 - Extra context menu item: &Search - ?s=100000349&p=ZNman000&si=&a=f8wRl.5AWf1xXQ2s2vYcEQ&n=2011051421
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Arquivos de programas\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_70C5B381380DB17F.dll/cmsidewiki.html
O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Arquivos de programas\PokerStars\PokerStarsUpdate.exe (file missing)
O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O14 - IERESET.INF: START_PAGE_URL=http://www.google.com
O15 - Trusted Zone: http://www.itau.com.br
O16 - DPF: {1DB93715-3B60-43EE-93E6-279BB3E1DF76} (OCXDownloadChecker Control) - http://www.floriculturacristal.ddns.com.br/cab/OCXChecker_6110.cab
O16 - DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} (SysInfo Class) - http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.4.21.0.cab
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx2.hotmail.com/mail/w4/m3/photouploadcontrol/MSNPUpld.cab
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O20 - Winlogon Notify:  GbPluginBb - C:\Arquivos de programas\GbPlugin\gbieh.dll
O20 - Winlogon Notify:  GbPluginCef - C:\Arquivos de programas\GbPlugin\gbiehCef.dll
O20 - Winlogon Notify:  GbPluginUni - C:\ARQUIV~1\GbPlugin\gbiehUni.dll
O20 - Winlogon Notify: !SASWinLogon - Invalid registry found
O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\windows\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon de cache de categorias de componente - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\windows\system32\browseui.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Arquivos de programas\SUPERAntiSpyware\SASCORE.EXE
O23 - Service: Apache2.2 - Apache Software Foundation - c:\xampp\apache\bin\httpd.exe
O23 - Service: Application Updater - Spigot, Inc. - C:\Arquivos de programas\Application Updater\ApplicationUpdater.exe
O23 - Service: Gbp Service (GbpSv) -   - C:\ARQUIV~1\GbPlugin\GbpSv.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe
O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe
O23 - Service: mysql - Unknown owner - c:\xampp\mysql\bin\mysqld.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\windows\system32\GameMon.des.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\windows\system32\PnkBstrA.exe
O23 - Service: TeamViewer 6 (TeamViewer6) - TeamViewer GmbH - C:\Arquivos de programas\TeamViewer\Version6\TeamViewer_Service.exe
O24 - Desktop Component 0: (no name) - http://t1.gstatic.com/images?q=tbn:ANd9GcSjdVs-VtPjgFT5njpyKsotQIQvh4BKai-LOpgnIgHyGTO4jICwaw

--
End of file - 10035 bytes

Compartilhar este post


Link para o post
Compartilhar em outros sites

Olá Luca Albuquerque

 

 

1.

*Baixe o AD-Remover e salve-o no desktop

*Execute-o, clique [Clean] > [sim] > [OK] > [sim]. O PC poderá ser reiniciado para a completa limpeza.

*Cole o relatório C:\Ad-Report-CLEAN[1].txt

 

2.

*Baixe e instale o MalwareBytes

*Aguarde a atualização e o programa será aberto automaticamente

*Na aba [Verificação], selecione [Verificação completa]

*Clique [Verificar] e selecione a partição onde o Windows está instalado

*Ao finalizar o scan, clique [sIM] > [OK] > [Ver Resultados] > [Remover Selecionados]

*Cole o relatório apresentado

 

Caso já tenhas o Malwarebytes instalado....

 

*Execute-o, clique [Atualização] > [baixar Atualizações]

*Na aba [Verificação], selecione Verificação completa

*Clique [Verificar] e selecione a partição onde o Windows está instalado

*Ao término, clique [sIM] > [OK] > [Ver Resultados] > [Remover Selecionados]

*Cole o relatório apresentado

Compartilhar este post


Link para o post
Compartilhar em outros sites

Relatorio do AD-Remover:

 

 

======= REPORT FROM AD-REMOVER 2.0.0.2,G | ONLY XP/VISTA/7 =======

 

Updated by TeamXscript on 12/04/11

Contact: AdRemover[DOT]contact[AT]gmail[DOT]com

website: http://www.teamxscript.org

 

C:\Documents and Settings\Administrador\Desktop\Ad-R\main.exe (CLEAN [1]) -> Launched at 10:59:43 on 07/11/2011, Normal boot

 

Microsoft Windows XP Professional Service Pack 3 (X86)

Administrador@PRIVE-BEF3B6042 ( )

 

============== ACTION(S) ==============

 

Service: "Application Updater" Service stopped and deleted

 

File deleted: C:\windows\system32\ConduitEngine.tmp

Folder deleted: C:\Documents and Settings\Administrador\Dados de aplicativos\Mozilla\FireFox\Profiles\pedni483.default\extensions\engine@conduit.com

Folder deleted: C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Conduit

Folder deleted: C:\Arquivos de programas\Conduit

Folder deleted: C:\Arquivos de programas\Application Updater

Folder deleted: C:\Documents and Settings\Administrador\Dados de aplicativos\OpenCandy

Folder deleted: C:\Documents and Settings\Administrador\Dados de aplicativos\PriceGong

Folder deleted: C:\Documents and Settings\Administrador\Dados de aplicativos\Search Settings

Folder deleted: C:\Arquivos de programas\Arquivos comuns\Spigot

Folder deleted: C:\Documents and Settings\Administrador\Dados de aplicativos\Toolbar4

Folder deleted: C:\Documents and Settings\All Users\Dados de aplicativos\Trymedia

File deleted: C:\Arquivos de programas\Windows Live\Messenger\Riched20.dll

File deleted: C:\Arquivos de programas\Windows Live\Messenger\Msimg32.dll

 

(!) -- Temporary files deleted.

 

 

-- File opened: C:\Documents and Settings\Administrador\Dados de aplicativos\Mozilla\FireFox\Profiles\pedni483.default\Prefs.js --

Line deleted: user_pref("CT1561552.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT156...

Line deleted: user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/15257/14923/BR", "\"0\"");

Line deleted: user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT1561552", ...

Line deleted: user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo...

Line deleted: user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc...

Line deleted: user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo...

Line deleted: user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local...

Line deleted: user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\...

Line deleted: user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.6....

Line deleted: user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT1561552",...

Line deleted: user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.conduit-services.com/?ctid=CT1561552&octid=...

Line deleted: user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Bluenote/equalizer...

Line deleted: user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Bluenote/minimize....

Line deleted: user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Bluenote/play.gif"...

Line deleted: user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Bluenote/stop.gif"...

Line deleted: user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Bluenote/vol.gif",...

Line deleted: user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en-us", "\"...

Line deleted: user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Documents and Settings\\Administrador\\Dad...

Line deleted: user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.6.0.10");

Line deleted: user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "");

Line deleted: user_pref("CommunityToolbar.ToolbarsList", "CT1561552");

Line deleted: user_pref("CommunityToolbar.ToolbarsList2", "CT1561552");

Line deleted: user_pref("CommunityToolbar.ToolbarsList4", "CT1561552");

Line deleted: user_pref("CommunityToolbar.globalUserId", "64e5bbdc-2f5f-4800-90dc-69735d7e3351");

Line deleted: user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);

Line deleted: user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);

Line deleted: user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Tue Aug 30 2011 22:13:4...

Line deleted: user_pref("CommunityToolbar.notifications.alertEnabled", false);

Line deleted: user_pref("CommunityToolbar.notifications.alertInfoInterval", 60);

Line deleted: user_pref("CommunityToolbar.notifications.alertInfoLastCheckTime", "Tue Aug 30 2011 22:13:52 GMT-030...

Line deleted: user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com");

Line deleted: user_pref("CommunityToolbar.notifications.locale", "en");

Line deleted: user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);

Line deleted: user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Tue Aug 30 2011 22:13:42 GMT-0300 (H...

Line deleted: user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611");

Line deleted: user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);

Line deleted: user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com");

Line deleted: user_pref("CommunityToolbar.notifications.showTrayIcon", false);

Line deleted: user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);

Line deleted: user_pref("CommunityToolbar.notifications.userId", "92859c65-3102-4c13-a183-ba46f941a045");

-- File closed --

 

 

Key deleted: HKLM\Software\Classes\Conduit.Engine

Key deleted: HKLM\Software\Classes\MyWebSearch.ThirdPartyInstaller

Key deleted: HKLM\Software\Classes\MyWebSearch.ThirdPartyInstaller.1

Key deleted: HKLM\Software\Classes\Toolbar.CT2801948

Key deleted: HKLM\Software\Application Updater

Key deleted: HKLM\Software\Conduit

Key deleted: HKLM\Software\Search Settings

Key deleted: HKLM\Software\Trymedia Systems

Key deleted: HKCU\Software\Ask.com

Key deleted: HKCU\Software\AskToolbar

Key deleted: HKCU\Software\Conduit

Key deleted: HKCU\Software\PriceGong

Key deleted: HKCU\Software\AppDataLow\Software\Search Settings

Key deleted: HKLM\Software\Microsoft\Shared Tools\MSConfig\startupreg\SearchSettings

Key deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{1F096B29-E9DA-4D64-8D63-936BE7762CC5}

Key deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}

Key deleted: HKCU\Software\Microsoft\Internet Explorer\MenuExt\&Search

Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{00A6FAF1-072E-44CF-8957-5838F569A31D}

Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{07B18EA1-A523-4961-B6BB-170DE4475CCA}

Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{07B18EA9-A523-4961-B6BB-170DE4475CCA}

Key deleted: HKLM\Software\Microsoft\Internet Explorer\Extensions\{3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF}

Key deleted: HKLM\Software\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll

Key deleted: HKLM\Software\Microsoft\Multimedia\WMPlayer\Schemes\f3pss

Key deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{25560540-9571-4D7B-9389-0F166788785A}

Key deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8}

Key deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{63D0ED2C-B45B-4458-8B3B-60C69BBBD83C}

Key deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{98D9753D-D73B-42D5-8C85-4469CDA897AB}

Key deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9FF05104-B030-46FC-94B8-81276E4E27DF}

 

Value deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform|FunWebProducts

 

 

============== ADDITIONNAL SCAN ==============

 

-- C:\Documents and Settings\Administrador\Dados de aplicativos\Mozilla\FireFox\Profiles\pedni483.default --

Extensions\{038dc421-b19e-4711-a218-1fd10de9163b} (Add N Edit Cookies)

Extensions\{c95a4e8e-816d-4655-8c79-d736da1adb6d} (Hotspot Shield Community Toolbar)

Prefs.js - browser.search.selectedEngine, Google

Prefs.js - browser.startup.homepage, www.google.com.br

Prefs.js - browser.startup.homepage_override.buildID, 20110811165603

Prefs.js - browser.startup.homepage_override.mstone, rv:1.8.0.7

 

========================================

 

**** Google Chrome Version [14.0.835.187] ****

 

 

-- C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default --

Preferences - default_search_provider: "Google" (Enabled: true) (?)

Preferences - homepage: hxxp://google.com.br/

Preferences - homepage_is_newtabpage: false

Plugin - Remoting Viewer (Enabled: true) (internal-remoting-viewer) (x)

Plugin - Native Client (Enabled: true) (C:\Documents and Settings\Administrador\Configura\u00E7\u00F5es locais\Dados de aplicativos\Google\Chrome\Application\14.0.835.187\ppGoogleNaClPluginChrome.dll) (x)

Plugin - "Java" (Enabled: true)

Plugin - "Silverlight" (Enabled: true)

Plugin - "Remoting Viewer" (Enabled: true)

Plugin - "Native Client" (Enabled: true)

Plugin - "Zylom Plugin" (Enabled: true)

 

========================================

 

**** Internet Explorer Version [8.0.6001.18702] ****

 

HKCU_Main|Default_Page_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome

HKCU_Main|Default_Search_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

HKCU_Main|Search bar - hxxp://go.microsoft.com/fwlink/?linkid=54896

HKCU_Main|Start Page - hxxp://fr.msn.com/

HKLM_Main|Default_Page_URL - hxxp://go.microsoft.com/fwlink/?LinkId=54896

HKLM_Main|Default_Search_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

HKLM_Main|Search bar - hxxp://search.msn.com/spbasic.htm

HKLM_Main|Search Page - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

HKLM_Main|Start Page - hxxp://fr.msn.com/

HKCU_URLSearchHooks|{0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - "IObit Toolbar" (C:\Arquivos de programas\IObit Toolbar\IE\4.5\iobitToolbarIE.dll)

HKCU_URLSearchHooks|{12fc3d37-2a42-4fe3-8489-81296878cba5} (x)

HKCU_URLSearchHooks|{37483b40-c254-4a72-bda4-22ee90182c1e} - "NCH EN Toolbar" (C:\Arquivos de programas\NCH_EN\prxtbNCH_.dll)

HKCU_SearchScopes\{5AA2BA46-9913-4DC7-9620-69AB0FA17AE7} - "Busca ALOT" (hxxp://search.alot.com/web?q={searchTerms}&pr=prov&client_id=1051680001CC01E9019...)

HKCU_SearchScopes\{96bd48dd-741b-41ae-ac4a-aff96ba00f7e} - "Search" (hxxp://www.bigseekpro.com/search/browser/anyvideo2dvd/{B213246D-B5BF-41AF-9EE0-2...)

HKCU_SearchScopes\{c99fdc39-a1ae-4b24-8d71-e5274f8d7c54} - "Private Search" (hxxp://search.hotspotshield.com/g/results.php?c=s&q={searchTerms})

HKCU_Toolbar\WebBrowser|{37483B40-C254-4A72-BDA4-22EE90182C1E} (C:\Arquivos de programas\NCH_EN\prxtbNCH_.dll)

HKLM_Toolbar|{0BDA0769-FD72-49F4-9266-E1FB004F4D8F} (C:\Arquivos de programas\IObit Toolbar\IE\4.5\iobitToolbarIE.dll)

HKLM_Toolbar|{37483b40-c254-4a72-bda4-22ee90182c1e} (C:\Arquivos de programas\NCH_EN\prxtbNCH_.dll)

HKLM_ElevationPolicy\{048EFFE4-F1AD-408F-B21F-6DCAE7C4C9BB} - C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Conduit\CT2801948\NCH_ENAutoUpdateHelper.exe (x)

HKLM_ElevationPolicy\{1C306DF7-2171-45c8-9324-D36448104BD5} - C:\Arquivos de programas\Free Download Manager\fdm.exe (x)

HKLM_ElevationPolicy\{A221932B-DCC2-4987-AD37-12691B568C28} - C:\Arquivos de programas\NCH_EN\NCH_ENToolbarHelper.exe (?)

HKLM_Extensions\{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - "?" (?)

HKLM_Extensions\{e2e2dd38-d088-4134-82b7-f2ba38496583} - "?" (?)

BHO\{0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - "IObit Toolbar" (C:\Arquivos de programas\IObit Toolbar\IE\4.5\iobitToolbarIE.dll)

BHO\{37483b40-c254-4a72-bda4-22ee90182c1e} - "NCH EN Toolbar" (C:\Arquivos de programas\NCH_EN\prxtbNCH_.dll)

BHO\{5C255C8A-E604-49b4-9D64-90988571CECB} (?)

BHO\{9030D464-4C02-4ABF-8ECC-5164760863C6} - "Auxiliar de Conexão do Windows Live" (C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll)

BHO\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - "Skype Browser Helper" (C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\skypeieplugin.dll)

BHO\{C41A1C0E-EA6C-11D4-B1B8-444553540000} - "GbIehObj Class" (C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll)

BHO\{C41A1C0E-EA6C-11D4-B1B8-444553540003} - "GbIehObj Class" (C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbiehCef.dll)

BHO\{C41A1C0E-EA6C-11D4-B1B8-444553540008} - "GbIehObj Class" (C:\ARQUIV~1\GbPlugin\gbiehUni.dll)

 

========================================

 

C:\Documents and Settings\Administrador\Desktop\Ad-R\Quarantine: 217 File(s)

C:\Documents and Settings\Administrador\Desktop\Ad-R\Backup: 13 File(s)

 

C:\Ad-Report-CLEAN[1].txt - 07/11/2011 10:59:54 (9826 Byte(s))

 

End at: 11:00:56, 07/11/2011

 

============== E.O.F ==============

 

 

Relatorio do MalwareBytes:

 

RANMalwarebytes' Anti-Malware 1.51.2.1300

www.malwarebytes.org

 

Versão da Base de Dados: 8106

 

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

 

11/7/aaaa 17:55:20

mbam-log-2011-11-07 (17-55-20).txt

 

Tipo de Verificação: Verificação Completa (C:\|)

Objetos escaneados: 377944

Tempo decorrido: 2 hora(s), 17 minuto(s), 4 segundo(s)

 

Processos de Memória Infectados: 0

Módulos de Memória Infectados: 0

Chaves de Registro Infectadas: 1

Valores de Registro Infectados: 0

Itens de Dados no Registro Infectados: 0

Pastas Infectadas: 0

Arquivos Infectados: 73

 

Processos de Memória Infectados:

(Não foram detectados ítens maliciosos)

 

Módulos de Memória Infectados:

(Não foram detectados ítens maliciosos)

 

Chaves de Registro Infectadas:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\placax (Trojan.Agent) -> Quarantined and deleted successfully.

 

Valores de Registro Infectados:

(Não foram detectados ítens maliciosos)

 

Itens de Dados no Registro Infectados:

(Não foram detectados ítens maliciosos)

 

Pastas Infectadas:

(Não foram detectados ítens maliciosos)

 

Arquivos Infectados:

c:\arquivos de programas\Borland\Delphi7\Projects\Project1.exe (HackTool.Inject) -> Not selected for removal.

c:\documents and settings\administrador\Desktop\Ad-R\quarantine\C\arquivos de programas\windows live\messenger\msimg32.dll.vir (PUP.FunWebProducts) -> Not selected for removal.

c:\documents and settings\administrador\Desktop\Ad-R\quarantine\C\arquivos de programas\windows live\messenger\riched20.dll.vir (PUP.FunWebProducts) -> Not selected for removal.

c:\documents and settings\administrador\Desktop\Hacker\DLL\_messi_ expzone pub.dll (Malware.Packer.T) -> Quarantined and deleted successfully.

c:\documents and settings\administrador\Desktop\Hacker\injetores\pentagun0 injetor 2.5.exe (HackTool.Inject) -> Not selected for removal.

c:\documents and settings\administrador\Desktop\Projetos\pentagun0 cleaner.exe (HackTool.Inject) -> Not selected for removal.

c:\documents and settings\administrador\Desktop\Projetos\Anti Lag\pentagun0 anti-lag.exe (HackTool.Inject) -> Not selected for removal.

c:\documents and settings\administrador\Desktop\Projetos\gerador de cash\pentagun0 generator cash.exe (HackTool.Inject) -> Not selected for removal.

c:\documents and settings\administrador\Desktop\Projetos\gerador de cash\Project1.exe (HackTool.Inject) -> Not selected for removal.

c:\documents and settings\administrador\Desktop\Projetos\pentagun0 clear\pentagun0 cleaner.exe (HackTool.Inject) -> Not selected for removal.

c:\documents and settings\administrador\Desktop\Projetos\pentagun0 clear\Project1.exe (HackTool.Inject) -> Not selected for removal.

c:\documents and settings\administrador\Desktop\Projetos\projeto pronto do injetor\pentagun0 injetor 3.0.exe (HackTool.Inject) -> Not selected for removal.

c:\documents and settings\administrador\meus documentos\downloads\fastdownload.exe (Affiliate.Downloader) -> Quarantined and deleted successfully.

c:\system volume information\_restore{3ea9053e-8c39-451d-84d3-fe8bb6a82e2a}\RP480\A0059862.exe (RiskWare.Tool.HCK) -> Quarantined and deleted successfully.

c:\system volume information\_restore{3ea9053e-8c39-451d-84d3-fe8bb6a82e2a}\RP480\A0059935.dll (Trojan.VirTool) -> Quarantined and deleted successfully.

c:\system volume information\_restore{3ea9053e-8c39-451d-84d3-fe8bb6a82e2a}\RP499\A0062805.exe (Trojan.Ardamax) -> Quarantined and deleted successfully.

c:\system volume information\_restore{3ea9053e-8c39-451d-84d3-fe8bb6a82e2a}\RP499\A0062807.exe (PUP.ArdamaxKeyLogger) -> Not selected for removal.

c:\system volume information\_restore{3ea9053e-8c39-451d-84d3-fe8bb6a82e2a}\RP500\A0062816.exe (Trojan.Ardamax) -> Quarantined and deleted successfully.

c:\system volume information\_restore{3ea9053e-8c39-451d-84d3-fe8bb6a82e2a}\RP500\A0062872.exe (PUP.ArdamaxKeyLogger) -> Not selected for removal.

c:\system volume information\_restore{3ea9053e-8c39-451d-84d3-fe8bb6a82e2a}\RP500\A0062876.exe (PUP.ArdamaxKeyLogger) -> Not selected for removal.

c:\system volume information\_restore{3ea9053e-8c39-451d-84d3-fe8bb6a82e2a}\RP500\A0062879.exe (Trojan.Ardamax) -> Quarantined and deleted successfully.

c:\system volume information\_restore{3ea9053e-8c39-451d-84d3-fe8bb6a82e2a}\RP518\A0065204.exe (Trojan.PWS) -> Quarantined and deleted successfully.

c:\system volume information\_restore{3ea9053e-8c39-451d-84d3-fe8bb6a82e2a}\RP545\A0068971.dll (Trojan.VirTool) -> Quarantined and deleted successfully.

c:\system volume information\_restore{3ea9053e-8c39-451d-84d3-fe8bb6a82e2a}\RP546\A0069352.dll (Trojan.VirTool) -> Quarantined and deleted successfully.

c:\system volume information\_restore{3ea9053e-8c39-451d-84d3-fe8bb6a82e2a}\RP557\A0070791.exe (HackTool.Inject) -> Quarantined and deleted successfully.

c:\system volume information\_restore{3ea9053e-8c39-451d-84d3-fe8bb6a82e2a}\RP557\A0070911.exe (HackTool.Inject) -> Quarantined and deleted successfully.

c:\system volume information\_restore{3ea9053e-8c39-451d-84d3-fe8bb6a82e2a}\RP557\A0070918.exe (HackTool.Inject) -> Quarantined and deleted successfully.

c:\system volume information\_restore{3ea9053e-8c39-451d-84d3-fe8bb6a82e2a}\RP557\A0070921.exe (HackTool.Inject) -> Quarantined and deleted successfully.

c:\system volume information\_restore{3ea9053e-8c39-451d-84d3-fe8bb6a82e2a}\RP563\A0071604.exe (HackTool.Inject) -> Quarantined and deleted successfully.

c:\system volume information\_restore{3ea9053e-8c39-451d-84d3-fe8bb6a82e2a}\RP565\A0071925.exe (HackTool.GamesCheat.Gen) -> Quarantined and deleted successfully.

c:\system volume information\_restore{3ea9053e-8c39-451d-84d3-fe8bb6a82e2a}\RP565\A0071934.exe (HackTool.GamesCheat.Gen) -> Quarantined and deleted successfully.

c:\system volume information\_restore{3ea9053e-8c39-451d-84d3-fe8bb6a82e2a}\RP565\A0071935.exe (HackTool.GamesCheat.Gen) -> Quarantined and deleted successfully.

c:\system volume information\_restore{3ea9053e-8c39-451d-84d3-fe8bb6a82e2a}\RP565\A0072016.exe (HackTool.Inject) -> Quarantined and deleted successfully.

c:\system volume information\_restore{3ea9053e-8c39-451d-84d3-fe8bb6a82e2a}\RP565\A0072028.exe (HackTool.Inject) -> Quarantined and deleted successfully.

c:\system volume information\_restore{3ea9053e-8c39-451d-84d3-fe8bb6a82e2a}\RP565\A0072068.exe (HackTool.Inject) -> Quarantined and deleted successfully.

c:\system volume information\_restore{3ea9053e-8c39-451d-84d3-fe8bb6a82e2a}\RP565\A0072110.dll (Trojan.VirTool) -> Quarantined and deleted successfully.

c:\system volume information\_restore{3ea9053e-8c39-451d-84d3-fe8bb6a82e2a}\RP565\A0072133.exe (Trojan.Agent) -> Quarantined and deleted successfully.

c:\system volume information\_restore{3ea9053e-8c39-451d-84d3-fe8bb6a82e2a}\RP566\A0072170.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

c:\system volume information\_restore{3ea9053e-8c39-451d-84d3-fe8bb6a82e2a}\RP566\A0072179.exe (HackTool.Agent) -> Quarantined and deleted successfully.

c:\system volume information\_restore{3ea9053e-8c39-451d-84d3-fe8bb6a82e2a}\RP566\A0072183.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

c:\system volume information\_restore{3ea9053e-8c39-451d-84d3-fe8bb6a82e2a}\RP567\A0072222.exe (HackTool.Inject) -> Quarantined and deleted successfully.

c:\system volume information\_restore{3ea9053e-8c39-451d-84d3-fe8bb6a82e2a}\RP567\A0072225.exe (HackTool.Inject) -> Quarantined and deleted successfully.

c:\system volume information\_restore{3ea9053e-8c39-451d-84d3-fe8bb6a82e2a}\RP567\A0072239.exe (HackTool.Inject) -> Quarantined and deleted successfully.

c:\system volume information\_restore{3ea9053e-8c39-451d-84d3-fe8bb6a82e2a}\RP567\A0072240.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

c:\system volume information\_restore{3ea9053e-8c39-451d-84d3-fe8bb6a82e2a}\RP567\A0072247.exe (HackTool.Inject) -> Quarantined and deleted successfully.

c:\system volume information\_restore{3ea9053e-8c39-451d-84d3-fe8bb6a82e2a}\RP567\A0072255.exe (HackTool.Inject) -> Quarantined and deleted successfully.

c:\system volume information\_restore{3ea9053e-8c39-451d-84d3-fe8bb6a82e2a}\RP567\A0072257.exe (HackTool.Inject) -> Quarantined and deleted successfully.

c:\system volume information\_restore{3ea9053e-8c39-451d-84d3-fe8bb6a82e2a}\RP567\A0072264.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

c:\system volume information\_restore{3ea9053e-8c39-451d-84d3-fe8bb6a82e2a}\RP567\A0072274.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

c:\system volume information\_restore{3ea9053e-8c39-451d-84d3-fe8bb6a82e2a}\RP567\A0072277.exe (HackTool.Agent) -> Quarantined and deleted successfully.

c:\system volume information\_restore{3ea9053e-8c39-451d-84d3-fe8bb6a82e2a}\RP567\A0072368.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

c:\system volume information\_restore{3ea9053e-8c39-451d-84d3-fe8bb6a82e2a}\RP567\A0072377.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

c:\system volume information\_restore{3ea9053e-8c39-451d-84d3-fe8bb6a82e2a}\RP567\A0072403.exe (HackTool.Agent) -> Quarantined and deleted successfully.

c:\system volume information\_restore{3ea9053e-8c39-451d-84d3-fe8bb6a82e2a}\RP567\A0072433.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

c:\system volume information\_restore{3ea9053e-8c39-451d-84d3-fe8bb6a82e2a}\RP567\A0072441.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

c:\system volume information\_restore{3ea9053e-8c39-451d-84d3-fe8bb6a82e2a}\RP567\A0072459.exe (HackTool.Agent) -> Quarantined and deleted successfully.

c:\system volume information\_restore{3ea9053e-8c39-451d-84d3-fe8bb6a82e2a}\RP567\A0072494.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

c:\system volume information\_restore{3ea9053e-8c39-451d-84d3-fe8bb6a82e2a}\RP567\A0072513.exe (HackTool.Inject) -> Quarantined and deleted successfully.

c:\system volume information\_restore{3ea9053e-8c39-451d-84d3-fe8bb6a82e2a}\RP567\A0072514.exe (HackTool.Inject) -> Quarantined and deleted successfully.

c:\system volume information\_restore{3ea9053e-8c39-451d-84d3-fe8bb6a82e2a}\RP567\A0072521.exe (HackTool.Inject) -> Quarantined and deleted successfully.

c:\system volume information\_restore{3ea9053e-8c39-451d-84d3-fe8bb6a82e2a}\RP568\A0072560.exe (HackTool.Inject) -> Quarantined and deleted successfully.

c:\system volume information\_restore{3ea9053e-8c39-451d-84d3-fe8bb6a82e2a}\RP569\A0072614.exe (HackTool.Agent) -> Quarantined and deleted successfully.

c:\system volume information\_restore{3ea9053e-8c39-451d-84d3-fe8bb6a82e2a}\RP570\A0072629.exe (HackTool.Inject) -> Quarantined and deleted successfully.

c:\system volume information\_restore{3ea9053e-8c39-451d-84d3-fe8bb6a82e2a}\RP570\A0072651.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

c:\system volume information\_restore{3ea9053e-8c39-451d-84d3-fe8bb6a82e2a}\RP570\A0072661.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

c:\system volume information\_restore{3ea9053e-8c39-451d-84d3-fe8bb6a82e2a}\RP571\A0072702.exe (HackTool.Inject) -> Quarantined and deleted successfully.

c:\system volume information\_restore{3ea9053e-8c39-451d-84d3-fe8bb6a82e2a}\RP585\A0075188.exe (HackTool.Agent) -> Quarantined and deleted successfully.

c:\system volume information\_restore{3ea9053e-8c39-451d-84d3-fe8bb6a82e2a}\RP589\A0076353.dll (Malware.Gen) -> Quarantined and deleted successfully.

c:\system volume information\_restore{3ea9053e-8c39-451d-84d3-fe8bb6a82e2a}\RP592\A0076472.exe (HackTool.Inject) -> Quarantined and deleted successfully.

c:\system volume information\_restore{3ea9053e-8c39-451d-84d3-fe8bb6a82e2a}\RP592\A0076476.exe (HackTool.Inject) -> Quarantined and deleted successfully.

c:\system volume information\_restore{3ea9053e-8c39-451d-84d3-fe8bb6a82e2a}\RP616\A0077505.dll (PUP.FunWebProducts) -> Not selected for removal.

c:\system volume information\_restore{3ea9053e-8c39-451d-84d3-fe8bb6a82e2a}\RP616\A0077506.dll (PUP.FunWebProducts) -> Not selected for removal.

c:\WINDOWS\system32\drivers\placax.sys (Trojan.Agent) -> Not selected for removal.

Compartilhar este post


Link para o post
Compartilhar em outros sites

1.

*Execute o AD-Remover e clique [uninstall] > [Não] > [Close]

*Delete a pasta C:\Arquivos de programas\Ad-Remover

*Delete o arquivo C:\Ad-Report-CLEAN[1].txt

 

2.

*Dê uma lida nestes links e veja se consegue instalar.

 

http://answers.microsoft.com/pt-br/protect/forum/protect_start/instru%C3%A7%C3%B5es-sobre-c%C3%B3digo-0x80070643/e0a05ce6-d77b-4fe2-b049-d26e947a172f

 

http://windows.microsoft.com/pt-PT/windows/i-cant-install-microsoft-security-essentials

Compartilhar este post


Link para o post
Compartilhar em outros sites

1.

*Baixe o ERUNT e salve-o no desktop

*Crie uma pasta em C:\ chamada ERUNT e extraia para ela

*Execute o arquivo C:\ERUNT\ERUNT.exe

*Clique [OK] > [OK] > [sim] > [OK]

 

2.

*Baixe o ComboFix e salve-o no desktop

*Execute-o e aceite o contrato

*Se o Console de Recuperação do Microsoft Windows não estiver instalado, aceite a sua instalação

*Após a instalação do Console, clique [sim] e aguarde a conclusão das etapas

 

Algumas observações:

1) Não use o mouse nem o teclado durante as etapas!!

2) Para interromper o scan, tecle N

 

*Cole o relatório apresentado

Compartilhar este post


Link para o post
Compartilhar em outros sites

Tópico Arquivado

 

Como o autor não respondeu por mais de 30 dias, o tópico foi arquivado.

 

Caso você seja o autor do tópico e quer reabrir, envie uma mensagem privada para um moderador da área juntamente com o link para este tópico e explique o motivo da reabertura.

Compartilhar este post


Link para o post
Compartilhar em outros sites

×

Informação importante

Ao usar o fórum, você concorda com nossos Termos e condições.