Ir para conteúdo

POWERED BY:

Arquivado

Este tópico foi arquivado e está fechado para novas respostas.

Josimar Oliveira

[Resolvido] Problema p/ Instalar Microsoft Security Essentials e

Recommended Posts

Olá, usei o comando Sfc /scannow no CMD e tinha reparado os arquivos do Windows Defender, inclusive o que aparece no relatório, porém agora não está aparecendo novamente:

 

Farbar Service Scanner Version: 04-08-2013
Ran by Anelita Caetano (administrator) on 12-08-2013 at 14:48:09
Running from "C:\Users\Anelita Caetano\Desktop\Programas"
Microsoft Windows 7 Home Basic Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************
Internet Services:
============
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.
Windows Firewall:
=============
Firewall Disabled Policy:
==================
System Restore:
============
System Restore Disabled Policy:
========================
Action Center:
============
Windows Update:
============
Windows Autoupdate Disabled Policy:
============================
Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is OK.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.
Other Services:
==============
File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
ATTENTION!=====> C:\Program Files\Windows Defender\MpSvc.dll FILE IS MISSING AND SHOULD BE RESTORED.
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\iphlpsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
**** End of log ****

Compartilhar este post


Link para o post
Compartilhar em outros sites

Parce que o arquivo não foi restaurado ainda..

 

ATTENTION!=====> C:\Program Files\Windows Defender\MpSvc.dll FILE IS MISSING AND SHOULD BE RESTORED.

 

 

:seta: Reinicie o PC

 

 

:seta: Delete o arquivo C:\log.txt

 

*Clique com o botão direito do mouse em look.bat e selecione 2utkftf.png

 

*Cole o relatório C:\log.txt

 

 

:seta: Cole um novo log do FSS

Compartilhar este post


Link para o post
Compartilhar em outros sites

Seguem os relatórios. Pelo que percebi continua da mesma forma. Vou rodar novamente o comando e gerar o relatório do FSS:

 

O volume na unidade C nÆo tem nome.
O N£mero de S‚rie do Volume ‚ 90DE-DC72
Pasta de C:\Program Files\Windows Defender
12/08/2013 15:05 <DIR> .
12/08/2013 15:05 <DIR> ..
12/08/2013 15:05 <DIR> pt-BR
0 arquivo(s) 0 bytes
Pasta de C:\Program Files\Windows Defender\pt-BR
12/08/2013 15:05 <DIR> .
12/08/2013 15:05 <DIR> ..
0 arquivo(s) 0 bytes
Total de Arquivos na Lista:
0 arquivo(s) 0 bytes
5 pasta(s) 350.372.896.768 bytes dispon¡veis
FSS
Farbar Service Scanner Version: 04-08-2013
Ran by Anelita Caetano (administrator) on 12-08-2013 at 15:09:17
Running from "C:\Users\Anelita Caetano\Desktop"
Microsoft Windows 7 Home Basic Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************
Internet Services:
============
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.
Windows Firewall:
=============
Firewall Disabled Policy:
==================
System Restore:
============
System Restore Disabled Policy:
========================
Action Center:
============
Windows Update:
============
Windows Autoupdate Disabled Policy:
============================
Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is OK.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.
Other Services:
==============
File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
ATTENTION!=====> C:\Program Files\Windows Defender\MpSvc.dll FILE IS MISSING AND SHOULD BE RESTORED.
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\iphlpsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
**** End of log ****

Compartilhar este post


Link para o post
Compartilhar em outros sites

:seta: Baixe o http://www.wikifortio.com/809620/zoek.exe'>Zoek (...de Smeenk) e salve-o no Desktop (Área de Trabalho)

*Mantenha-se conectado com a Internet

*Clique com o botão direito do mouse no Zoek e selecione 2utkftf.png

*Cole as linhas em marrom no espaço

360Safe;z
360Safe;a
aPrintIsolationHostsvc.dll;z
aPrintIsolationHostsvc.dll;a


*Clique [Run Script]

*Durante o scan a mensagem abaixo será apresentada. Aguarde o término...pode demorar!


Zoek.exe is running now.
Do not start any browser windows, they will be closed automatically.
Please wait! This window will close when finished.
A logfile will open afterwards and can also be found on your systemdrive as zoek-results.log


*Cole o relatório apresentado

Compartilhar este post


Link para o post
Compartilhar em outros sites

Estou executando o procedimento acima. Mas somente para informação, logo após executar o comando Sfc /scannow, rodei o look.bat e olha o arquivo log.txt como ficou:

 

O volume na unidade C nÆo tem nome.
O N£mero de S‚rie do Volume ‚ 90DE-DC72
Pasta de C:\Program Files\Windows Defender
12/08/2013 15:27 <DIR> .
12/08/2013 15:27 <DIR> ..
13/07/2009 22:41 10.752 MpAsDesc.dll
27/05/2013 02:50 571.904 MpClient.dll
13/07/2009 22:39 190.976 MpCmdRun.exe
27/05/2013 02:50 314.880 MpCommu.dll
13/07/2009 22:29 52.224 MpEvMsg.dll
13/07/2009 22:41 52.224 MpOAV.dll
13/07/2009 22:41 200.192 MpRTP.dll
27/05/2013 02:50 1.011.712 MpSvc.dll
13/07/2009 22:39 961.024 MSASCui.exe
21/11/2010 00:24 60.928 MsMpCom.dll
13/07/2009 22:29 4.608 MsMpLics.dll
13/07/2009 22:41 487.936 MsMpRes.dll
12/08/2013 15:27 <DIR> pt-BR
12 arquivo(s) 3.919.360 bytes
Pasta de C:\Program Files\Windows Defender\pt-BR
12/08/2013 15:27 <DIR> .
12/08/2013 15:27 <DIR> ..
13/09/2012 02:52 38.912 MpAsDesc.dll.mui
13/09/2012 02:52 16.384 MpEvMsg.dll.mui
13/09/2012 02:52 52.224 MsMpRes.dll.mui
3 arquivo(s) 107.520 bytes
Total de Arquivos na Lista:
15 arquivo(s) 4.026.880 bytes
5 pasta(s) 350.082.428.928 bytes dispon¡veis
Porém o FSS ficou assim:
Farbar Service Scanner Version: 04-08-2013
Ran by Anelita Caetano (administrator) on 12-08-2013 at 15:27:48
Running from "C:\Users\Anelita Caetano\Desktop"
Microsoft Windows 7 Home Basic Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************
Internet Services:
============
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.
Windows Firewall:
=============
Firewall Disabled Policy:
==================
System Restore:
============
System Restore Disabled Policy:
========================
Action Center:
============
Windows Update:
============
Windows Autoupdate Disabled Policy:
============================
Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is OK.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.
Other Services:
==============
File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
ATTENTION!=====> C:\Program Files\Windows Defender\MpSvc.dll FILE IS MISSING AND SHOULD BE RESTORED.
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\iphlpsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
**** End of log ****

Compartilhar este post


Link para o post
Compartilhar em outros sites

Ok...tentaremos corrigir.

 

Pelo menos não há restrições ao Windows Defender.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Segue o relatório do Zoek:

 

Zoek.exe Version 4.0.0.4 Updated 10-August-2013
Tool run by Anelita Caetano on 12/08/2013 at 15:34:26,00.
Microsoft Windows 7 Home Basic 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Anelita Caetano\Desktop\zoek.exe [script inserted]
==== System Restore Info ======================
12/08/2013 15:35:17 Zoek.exe System Restore Point Created Succesfully.
==== Folders Found ======================
2013-01-13 00:16:51 2013-01-13 00:16:51 -------- d-----w- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\360Safe
==== Files Found ======================
--- C:\Windows\aPrintIsolationHostsvc.dll ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File type: ----a-w-
File size: 808448
Created time: 2013-07-13 15:09:47
Modified time: 2013-07-13 13:53:56
MD5: F11E5BF2EC755B6B24F3B70362EBB86F
SHA1: DF147FA0D98E16145F99D31DBEF1898F422C0A28
==== Registry Search Results for "360Safe" ======================
[HKEY_LOCAL_MACHINE\SOFTWARE\360Safe]
[HKEY_LOCAL_MACHINE\SOFTWARE\360Safe\Liveup]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SOFTWARE\Microsoft\IME]
"UPM&P"="C:\\Windows\\SysWow64\\config\\systemprofile\\AppData\\Roaming\\360Safe\\DeepScan\\rasdiag.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SOFTWARE\Microsoft\IME]
"UPC&U"="C:\\Windows\\SysWow64\\config\\systemprofile\\AppData\\Roaming\\360Safe\\DeepScan\\clbcatq"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SOFTWARE\Microsoft\IME]
"CGP&EL"="C:\\Windows\\SysWow64\\config\\systemprofile\\AppData\\Roaming\\360Safe\\DeepScan\\APSBTES-X13.cpl"
[HKEY_USERS\.DEFAULT\Software\Microsoft\IME]
"UPM&P"="C:\\Windows\\system32\\config\\systemprofile\\AppData\\Roaming\\360Safe\\DeepScan\\rasdiag.dll"
[HKEY_USERS\.DEFAULT\Software\Microsoft\IME]
"UPC&U"="C:\\Windows\\system32\\config\\systemprofile\\AppData\\Roaming\\360Safe\\DeepScan\\clbcatq"
[HKEY_USERS\.DEFAULT\Software\Microsoft\IME]
"CGP&EL"="C:\\Windows\\system32\\config\\systemprofile\\AppData\\Roaming\\360Safe\\DeepScan\\APSBTES-X13.cpl"
[HKEY_USERS\S-1-5-18\Software\Microsoft\IME]
"UPM&P"="C:\\Windows\\system32\\config\\systemprofile\\AppData\\Roaming\\360Safe\\DeepScan\\rasdiag.dll"
[HKEY_USERS\S-1-5-18\Software\Microsoft\IME]
"UPC&U"="C:\\Windows\\system32\\config\\systemprofile\\AppData\\Roaming\\360Safe\\DeepScan\\clbcatq"
[HKEY_USERS\S-1-5-18\Software\Microsoft\IME]
"CGP&EL"="C:\\Windows\\system32\\config\\systemprofile\\AppData\\Roaming\\360Safe\\DeepScan\\APSBTES-X13.cpl"
==== Registry Search Results for "aPrintIsolationHostsvc.dll" ======================
No instances of string "aPrintIsolationHostsvc.dll" found.
==== EOF on 12/08/2013 at 15:37:29,41 ======================

Compartilhar este post


Link para o post
Compartilhar em outros sites

:seta: Clique com o botão direito do mouse no Zoek e selecione 2utkftf.png

*Cole as linhas em marrom no espaço

createsrpoint;
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\360Safe;fs
C:\Windows\aPrintIsolationHostsvc.dll;f
[-HKEY_LOCAL_MACHINE\SOFTWARE\360Safe];r64
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SOFTWARE\Microsoft\IME];r64
"UPM&P"=-;r64
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SOFTWARE\Microsoft\IME];r64
"UPC&U"=-;r64
"CGP&EL"=-;r64
[HKEY_USERS\.DEFAULT\Software\Microsoft\IME];r64
"UPM&P"=-;r64
"UPC&U"=-;r64
"CGP&EL"=-;r64
[HKEY_USERS\S-1-5-18\Software\Microsoft\IME];r64
"UPM&P"=-;r64
"UPC&U"=-;r64
"CGP&EL"=-;r64

*Clique [Run Script]

*Durante o scan a mensagem abaixo será apresentada. Aguarde o término...pode demorar!


Zoek.exe is running now.
Do not start any browser windows, they will be closed automatically.
Please wait! This window will close when finished.
A logfile will open afterwards and can also be found on your systemdrive as zoek-results.log


*Cole o relatório apresentado


:seta: Execute este Fixit e siga as orientações

*Ao término, reinicie o PC


:seta: Aguarde alguns segundos após reiniciar o PC e cole um novo log do FSS

Compartilhar este post


Link para o post
Compartilhar em outros sites

O Fixit tentou ativar o Windows Defender mas não obteve sucesso.

 

Relatório Zoek:

 

Zoek.exe Version 4.0.0.4 Updated 10-August-2013
Tool run by Anelita Caetano on 12/08/2013 at 15:57:28,26.
Microsoft Windows 7 Home Basic 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Anelita Caetano\Desktop\zoek.exe [script inserted]
==== System Restore Info ======================
12/08/2013 15:58:14 Zoek.exe System Restore Point Created Succesfully.
==== Registry Fix Code x64 ======================
Windows Registry Editor Version 5.00
[-HKEY_LOCAL_MACHINE\SOFTWARE\360Safe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SOFTWARE\Microsoft\IME]
"UPM&P"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SOFTWARE\Microsoft\IME]
"UPC&U"=-
"CGP&EL"=-
[HKEY_USERS\.DEFAULT\Software\Microsoft\IME]
"UPM&P"=-
"UPC&U"=-
"CGP&EL"=-
[HKEY_USERS\S-1-5-18\Software\Microsoft\IME]
"UPM&P"=-
"UPC&U"=-
"CGP&EL"=-
==== Deleting Files \ Folders ======================
"C:\Windows\aPrintIsolationHostsvc.dll" deleted
"C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\360Safe" deleted
==== EOF on 12/08/2013 at 15:58:31,14 ======================
Relatório do FSS:
Farbar Service Scanner Version: 04-08-2013
Ran by Anelita Caetano (administrator) on 12-08-2013 at 16:16:48
Running from "C:\Users\Anelita Caetano\Desktop"
Microsoft Windows 7 Home Basic Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************
Internet Services:
============
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.
Windows Firewall:
=============
Firewall Disabled Policy:
==================
System Restore:
============
System Restore Disabled Policy:
========================
Action Center:
============
Windows Update:
============
Windows Autoupdate Disabled Policy:
============================
Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is OK.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.
Other Services:
==============
File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
ATTENTION!=====> C:\Program Files\Windows Defender\MpSvc.dll FILE IS MISSING AND SHOULD BE RESTORED.
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\iphlpsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
**** End of log ****

Compartilhar este post


Link para o post
Compartilhar em outros sites

:seta: Baixe este arquivo e salve-o na pasta C:\Program Files\Windows Defender


:seta: Clique com o botão direito do mouse no Zoek e selecione 2utkftf.png

*Cole as linhas em marrom no espaço

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender];ra
"DisableAntiSpyware"=dword:00000000;r
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WinDefend];ra
"Start"=dword:00000002;r
sc config WinDefend start= auto;b

*Clique [Run Script]

*Cole o relatório apresentado


:seta: Reinicie o PC


:seta: Aguarde um minuto e cole um novo log do FSS

Compartilhar este post


Link para o post
Compartilhar em outros sites

Zoek:

 

Zoek.exe Version 4.0.0.4 Updated 10-August-2013
Tool run by Anelita Caetano on 12/08/2013 at 16:24:03,44.
Microsoft Windows 7 Home Basic 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Anelita Caetano\Desktop\zoek.exe [script inserted]
==== System Restore Info ======================
12/08/2013 16:25:07 Zoek.exe System Restore Point Created Succesfully.
==== Registry Lines To Reset ACL ======================
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender Reset Succesfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WinDefend Reset Succesfully
==== Registry Fix Code ======================
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WinDefend]
"Start"=dword:00000002
==== Batch Command(s) Run By Tool======================
==== EOF on 12/08/2013 at 16:25:21,30 ======================
FSS:
Farbar Service Scanner Version: 04-08-2013
Ran by Anelita Caetano (administrator) on 12-08-2013 at 16:29:03
Running from "C:\Users\Anelita Caetano\Desktop"
Microsoft Windows 7 Home Basic Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************
Internet Services:
============
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.
Windows Firewall:
=============
Firewall Disabled Policy:
==================
System Restore:
============
System Restore Disabled Policy:
========================
Action Center:
============
wscsvc Service is not running. Checking service configuration:
The start type of wscsvc service is OK.
The ImagePath of wscsvc service is OK.
The ServiceDll of wscsvc service is OK.
Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is OK.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv: "C:\Windows\system32\wuaueng.dll".
Windows Autoupdate Disabled Policy:
============================
Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is OK.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.
Other Services:
==============
File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\iphlpsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
**** End of log ****


Após mais alguns minutos rodei o FSS pois achei estranho alguns serviços não terem iniciado. Segue novo log do FSS:

 

Farbar Service Scanner Version: 04-08-2013
Ran by Anelita Caetano (administrator) on 12-08-2013 at 16:32:19
Running from "C:\Users\Anelita Caetano\Desktop"
Microsoft Windows 7 Home Basic Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************
Internet Services:
============
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.
Windows Firewall:
=============
Firewall Disabled Policy:
==================
System Restore:
============
System Restore Disabled Policy:
========================
Action Center:
============
Windows Update:
============
Windows Autoupdate Disabled Policy:
============================
Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is OK.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.
Other Services:
==============
File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\iphlpsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
**** End of log ****

Compartilhar este post


Link para o post
Compartilhar em outros sites
Farbar Service Scanner Version: 04-08-2013

Ran by Anelita Caetano (administrator) on 12-08-2013 at 16:32:19

Running from "C:\Users\Anelita Caetano\Desktop"

Microsoft Windows 7 Home Basic Service Pack 1 (X64)

Boot Mode: Normal

****************************************************************


Internet Services:

============


Connection Status:

==============

Localhost is accessible.

LAN connected.

Google IP is accessible.

Google.com is accessible.

Yahoo.com is accessible.



Windows Firewall:

=============


Firewall Disabled Policy:

==================



System Restore:

============


System Restore Disabled Policy:

========================



Action Center:

============



Windows Update:

============


Windows Autoupdate Disabled Policy:

============================



Windows Defender:

==============

WinDefend Service is not running. Checking service configuration:

The start type of WinDefend service is OK.

The ImagePath of WinDefend service is OK.

The ServiceDll of WinDefend service is OK.



Other Services:

==============



File Check:

========

C:\Windows\System32\nsisvc.dll => MD5 is legit

C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit

C:\Windows\System32\dhcpcore.dll => MD5 is legit

C:\Windows\System32\drivers\afd.sys => MD5 is legit

C:\Windows\System32\drivers\tdx.sys => MD5 is legit

C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit

C:\Windows\System32\dnsrslvr.dll => MD5 is legit

C:\Windows\System32\mpssvc.dll => MD5 is legit

C:\Windows\System32\bfe.dll => MD5 is legit

C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit

C:\Windows\System32\SDRSVC.dll => MD5 is legit

C:\Windows\System32\vssvc.exe => MD5 is legit

C:\Windows\System32\wscsvc.dll => MD5 is legit

C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit

C:\Windows\System32\wuaueng.dll => MD5 is legit

C:\Windows\System32\qmgr.dll => MD5 is legit

C:\Windows\System32\es.dll => MD5 is legit

C:\Windows\System32\cryptsvc.dll => MD5 is legit

C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit

C:\Windows\System32\ipnathlp.dll => MD5 is legit

C:\Windows\System32\iphlpsvc.dll => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\System32\rpcss.dll => MD5 is legit



**** End of log ****

Compartilhar este post


Link para o post
Compartilhar em outros sites

:seta: Baixe este arquivo e salve-o no Desktop

 

*Clique com o botão direito do mouse nele e selecione Mesclar

 

*Clique [sim]

 

 

:seta: Reinicie o PC aguarde alguns minutos e cole um novo log do FSS

Compartilhar este post


Link para o post
Compartilhar em outros sites
Farbar Service Scanner Version: 04-08-2013

Ran by Anelita Caetano (administrator) on 12-08-2013 at 16:59:08

Running from "C:\Users\Anelita Caetano\Desktop"

Microsoft Windows 7 Home Basic Service Pack 1 (X64)

Boot Mode: Normal

****************************************************************


Internet Services:

============


Connection Status:

==============

Localhost is accessible.

LAN connected.

Google IP is accessible.

Google.com is accessible.

Yahoo.com is accessible.



Windows Firewall:

=============


Firewall Disabled Policy:

==================



System Restore:

============


System Restore Disabled Policy:

========================



Action Center:

============



Windows Update:

============


Windows Autoupdate Disabled Policy:

============================



Windows Defender:

==============

WinDefend Service is not running. Checking service configuration:

The start type of WinDefend service is OK.

The ImagePath of WinDefend service is OK.

The ServiceDll of WinDefend service is OK.



Other Services:

==============



File Check:

========

C:\Windows\System32\nsisvc.dll => MD5 is legit

C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit

C:\Windows\System32\dhcpcore.dll => MD5 is legit

C:\Windows\System32\drivers\afd.sys => MD5 is legit

C:\Windows\System32\drivers\tdx.sys => MD5 is legit

C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit

C:\Windows\System32\dnsrslvr.dll => MD5 is legit

C:\Windows\System32\mpssvc.dll => MD5 is legit

C:\Windows\System32\bfe.dll => MD5 is legit

C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit

C:\Windows\System32\SDRSVC.dll => MD5 is legit

C:\Windows\System32\vssvc.exe => MD5 is legit

C:\Windows\System32\wscsvc.dll => MD5 is legit

C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit

C:\Windows\System32\wuaueng.dll => MD5 is legit

C:\Windows\System32\qmgr.dll => MD5 is legit

C:\Windows\System32\es.dll => MD5 is legit

C:\Windows\System32\cryptsvc.dll => MD5 is legit

C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit

C:\Windows\System32\ipnathlp.dll => MD5 is legit

C:\Windows\System32\iphlpsvc.dll => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\System32\rpcss.dll => MD5 is legit



**** End of log ****

Compartilhar este post


Link para o post
Compartilhar em outros sites

:seta: Informe como está o PC, para poder remover as ferramentas usadas.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Pode sim...

 

Se desejar não instalar antivírus, vc poderá iniciar o Windows Defender.

Compartilhar este post


Link para o post
Compartilhar em outros sites

OK...

 

 

:seta: Abra o bloco de notas e cole nele as linhas em marrom:

File::
c:\windows\aprintuisvc.dll
Driver::
aPrintIsolationHostsvc
aprintuisvc


*Salve o arquivo no desktop como CFScript.txt

*Arraste-o para o Combofix conforme demonstrado abaixo:

el3dra.gif

*Enquanto o Combofix estiver em execução, não use o mouse nem o teclado!!

*Cole o relatório apresentado

 

 

:seta: Informe como está o PC

Compartilhar este post


Link para o post
Compartilhar em outros sites

×

Informação importante

Ao usar o fórum, você concorda com nossos Termos e condições.