[Resolvido] Processo abre mas sistema não abre

[Éverton Carlesso 0]

Boa tarde!
Tenho um sistema feito em Delphi 7, o sistema funciona perfeitamente já tem 10 anos, porém, em alguns clientes não está mais querendo abrir.
Acontece o seguinte: o processo abre mas o sistema não abre, aí se clico para abrir novamente abre outro processo, e o sistema não abre, e por ai vai. Algumas vezes, somente as vezes, acontece depois de um tempão abrir vários sistemas, de todos os processos que ficaram abertos.
obs: quando reinicio o computador e tento da primeira vez o sistema abre, depois de um tempo ele trava e precisa ser fechado, ai já não abre mais, e tem que reiniciar o computador novamente.
Já passei antivirus, antimalware, etc...

As máquinas do cliente são Windows xp, e algumas windows 7.

 

Segue o log do HijackThis:

 

 

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 16:09:46, on 30/10/2014

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\AVAST Software\Avast\AvastSvc.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\System32\SCardSvr.exe

C:\Arquivos de programas\LogMeIn\x86\LogMeInSystray.exe

C:\Arquivos de programas\AVAST Software\Avast\AvastUI.exe

C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe

C:\Arquivos de programas\Nero\Nero 7\InCD\NBHGui.exe

C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe

C:\WINDOWS\system32\igfxpers.exe

C:\Arquivos de programas\Nero\Nero 7\InCD\InCD.exe

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\hkcmd.exe

C:\Arquivos de programas\Nuance\PaperPort\pptd40nt.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Nuance\PDF Viewer Plus\pdfpro5hook.exe

C:\Arquivos de programas\Hp\HP Software Update\HPWuSchd2.exe

C:\Arquivos de programas\Firebird\Firebird_2_1\bin\fbguard.exe

C:\Arquivos de programas\HP\StatusAlerts\bin\HPStatusAlerts.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Documents and Settings\All Users\Dados de aplicativos\FLEXnet\Connect\11\ISUSPM.exe

C:\Arquivos de programas\Microsoft Office\Office14\MSOSYNC.EXE

C:\Arquivos de programas\HP\HPLaserJetService\HPLaserJetService.exe

C:\Arquivos de programas\Messenger\msmsgs.exe

C:\Arquivos de programas\Skype\Phone\Skype.exe

C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

C:\WINDOWS\system32\HPSIsvc.exe

C:\Arquivos de programas\Nero\Nero 7\InCD\InCDsrv.exe

C:\Arquivos de programas\Java\jre7\bin\jqs.exe

C:\Arquivos de programas\LogMeIn\x86\LMIGuardianSvc.exe

C:\Arquivos de programas\LogMeIn\x86\RaMaint.exe

C:\Arquivos de programas\Windows Desktop Search\WindowsSearch.exe

C:\Arquivos de programas\Microsoft Office\Office14\GROOVE.EXE

C:\Arquivos de programas\Nuance\PaperPort\PDFProFiltSrvPP.exe

C:\Documents and Settings\All Users\Dados de aplicativos\Skype\Toolbars\Skype C2C Service\c2c_service.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\SearchIndexer.exe

C:\Arquivos de programas\LogMeIn\x86\LogMeIn.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\Arquivos de programas\Firebird\Firebird_2_1\bin\fbserver.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\system32\wbem\unsecapp.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

C:\WINDOWS\system32\wuauclt.exe

C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jucheck.exe

C:\WINDOWS\system32\mstsc.exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Documents and Settings\Usuario\Desktop\AA_v3.exe

C:\WINDOWS\system32\SearchProtocolHost.exe

C:\WINDOWS\system32\SearchFilterHost.exe

C:\HijackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://br.msn.com/?pc=UP97&ocid=UP97DHP

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/

O2 - BHO: PlusIEEventHelper Class - {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Arquivos de programas\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\ARQUIV~1\MICROS~2\Office14\GROOVEEX.DLL

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre7\bin\ssv.dll

O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Arquivos de programas\AVAST Software\Avast\aswWebRepIE.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\ARQUIV~1\MICROS~2\Office14\URLREDIR.DLL

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre7\bin\jp2ssv.dll

O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Arquivos de programas\LogMeIn\x86\LogMeInSystray.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [AvastUI.exe] "C:\Arquivos de programas\AVAST Software\Avast\AvastUI.exe" /nogui

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [securDisc] C:\Arquivos de programas\Nero\Nero 7\InCD\NBHGui.exe

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [RemoteControl] "C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [LanguageShortcut] "C:\Arquivos de programas\CyberLink\PowerDVD\Language\Language.exe"

O4 - HKLM\..\Run: [inCD] C:\Arquivos de programas\Nero\Nero 7\InCD\InCD.exe

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [HDAudDeck] C:\Arquivos de programas\VIA\VIAudioi\HDADeck\HDeck.exe 1

O4 - HKLM\..\Run: [indexSearch] "C:\Arquivos de programas\Nuance\PaperPort\IndexSearch.exe"

O4 - HKLM\..\Run: [PaperPort PTD] "C:\Arquivos de programas\Nuance\PaperPort\pptd40nt.exe"

O4 - HKLM\..\Run: [PPort12reminder] "C:\Arquivos de programas\Nuance\PaperPort\Ereg\Ereg.exe" -r "C:\Documents and Settings\All Users\Dados de aplicativos\ScanSoft\PaperPort\12\Config\Ereg\Ereg.ini"

O4 - HKLM\..\Run: [PDFHook] C:\Arquivos de programas\Nuance\PDF Viewer Plus\pdfpro5hook.exe

O4 - HKLM\..\Run: [PDF5 Registry Controller] C:\Arquivos de programas\Nuance\PDF Viewer Plus\RegistryController.exe

O4 - HKLM\..\Run: [HP Software Update] C:\Arquivos de programas\Hp\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [statusAlerts] "C:\Arquivos de programas\HP\StatusAlerts\bin\HPStatusAlerts.exe" /enum:on /alerts:on /notifications:on /fl:on /fr:on /appData:on /tmcp:on

O4 - HKLM\..\Run: [bCSSync] "C:\Arquivos de programas\Microsoft Office\Office14\BCSSync.exe" /DelayServices

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [iSUSPM] C:\Documents and Settings\All Users\Dados de aplicativos\FLEXnet\Connect\11\ISUSPM.exe -scheduler

O4 - HKCU\..\Run: [OfficeSyncProcess] "C:\Arquivos de programas\Microsoft Office\Office14\MSOSYNC.EXE"

O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [skype] "C:\Arquivos de programas\Skype\Phone\Skype.exe" /minimized /regrun

O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: Microsoft SharePoint Workspace.lnk = C:\Arquivos de programas\Microsoft Office\Office14\GROOVE.EXE

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Arquivos de programas\Adobe\Reader 8.0\Reader\reader_sl.exe

O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Arquivos de programas\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe

O4 - Global Startup: Windows Search.lnk = C:\Arquivos de programas\Windows Desktop Search\WindowsSearch.exe

O8 - Extra context menu item: &Enviar para o OneNote - res://C:\ARQUIV~1\MICROS~2\Office14\ONBttnIE.dll/105

O8 - Extra context menu item: Baixar com Mipony - file://C:\Arquivos de programas\MiPony\Browser\IEContext.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office14\EXCEL.EXE/3000

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Arquivos de programas\Microsoft Office\Office14\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Arquivos de programas\Microsoft Office\Office14\ONBttnIE.dll

O9 - Extra button: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Arquivos de programas\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

O9 - Extra 'Tools' menuitem: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Arquivos de programas\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1280929607437

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{2F3E801E-8548-4BB5-9D7A-36B2954F9B94}: NameServer = 8.8.8.8,192.168.0.1

O17 - HKLM\System\CS1\Services\Tcpip\..\{2F3E801E-8548-4BB5-9D7A-36B2954F9B94}: NameServer = 8.8.8.8,192.168.0.1

O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Daemon de cache de categorias de componente - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe

O23 - Service: avast! Antivirus - AVAST Software - C:\Arquivos de programas\AVAST Software\Avast\AvastSvc.exe

O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - Firebird Project - C:\Arquivos de programas\Firebird\Firebird_2_1\bin\fbguard.exe

O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - Firebird Project - C:\Arquivos de programas\Firebird\Firebird_2_1\bin\fbserver.exe

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe

O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe

O23 - Service: HP DS Service - Hewlett-Packard Company - C:\Arquivos de programas\HP\HPBDSService\HPBDSService.exe

O23 - Service: HP LaserJet Service - HP - C:\Arquivos de programas\HP\HPLaserJetService\HPLaserJetService.exe

O23 - Service: HP SI Service (HPSIService) - HP - C:\WINDOWS\system32\HPSIsvc.exe

O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Arquivos de programas\Nero\Nero 7\InCD\InCDsrv.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Arquivos de programas\Java\jre7\bin\jqs.exe

O23 - Service: LMIGuardianSvc - LogMeIn, Inc. - C:\Arquivos de programas\LogMeIn\x86\LMIGuardianSvc.exe

O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Arquivos de programas\LogMeIn\x86\RaMaint.exe

O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Arquivos de programas\LogMeIn\x86\LogMeIn.exe

O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Arquivos de programas\Mozilla Maintenance Service\maintenanceservice.exe

O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe

O23 - Service: PDFProFiltSrvPP - Nuance Communications, Inc. - C:\Arquivos de programas\Nuance\PaperPort\PDFProFiltSrvPP.exe

O23 - Service: Skype C2C Service - Skype Technologies S.A. - C:\Documents and Settings\All Users\Dados de aplicativos\Skype\Toolbars\Skype C2C Service\c2c_service.exe

O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Arquivos de programas\Skype\Updater\Updater.exe

O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/Usuario/CONFIG~1/Temp/msohtmlclip1/01/clip_image002.jpg

--

End of file - 13866 bytes

 

 

 

 

 

[DigRam 144]

Bom Dia! Éverton Carlesso

 

> Baixe: < > ( ... par Xplode )

>

> Ou daqui: < AdwCleaner >

> Ao acessar,clique em "Download Now".

>

> Salve-o no desktop!

< >

> Clique direito em adwcleaner.exe,e escolha sua execução como administrador.

> Ps: Dê início ao scan,clicando em "Examinar".

< >

> Ao concluir,clique "Limpar" >> Ok >> Ok >> Ok.

> Copie o log ou clique "Relatório".

> Poste: < C:\AdwCleaner\AdwCleaner[s0].txt >

A+

[Éverton Carlesso 0]

Segue o log do adwCleaner:

 

 

# AdwCleaner v3.301 - Relatório criado 30/07/2014 às 16:17:26

# Atualizado 28/07/2014 por Xplode

# Sistema Operacional : Microsoft Windows XP Service Pack 3 (32 bits)

# Usuário : Usuario - JHENEFFER-NOVA

# Executando de : C:\Documents and Settings\Usuario\Meus documentos\Downloads\adwcleaner_3.301.exe

# Opção : Limpar

***** [ Serviços ] *****

Serviço Deletada : rqpbhevlkc32

[#] Serviço Deletada : Update NetCrawl

[#] Serviço Deletada : Util NetCrawl

[#] Serviço Deletada : {57f143ae-1ecd-493d-9ddb-32c45a3cecd5}Gt

[#] Serviço Deletada : {6fcd6092-9615-4f7f-8898-8df53980e5d2}Gt

[#] Serviço Deletada : KMService

***** [ Arquivos / Pastas ] *****

Pasta Deletada : C:\Documents and Settings\All Users\Dados de aplicativos\baidu

Pasta Deletada : C:\Arquivos de programas\004

Pasta Deletada : C:\Arquivos de programas\NetCrawl

Pasta Deletada : C:\Documents and Settings\Usuario\Dados de aplicativos\1H1Q

Pasta Deletada : C:\Documents and Settings\Usuario\Dados de aplicativos\baidu

Pasta Deletada : C:\Documents and Settings\Usuario\Dados de aplicativos\Systweak

Arquivo Deletada : C:\Documents and Settings\Usuario\Dados de aplicativos\Mozilla\Firefox\Profiles\8qoolpud.default\Extensions\{6fcd6092-9615-4f7f-8898-8df53980e5d2}.xpi

Arquivo Deletada : C:\WINDOWS\system32\roboot.exe

Arquivo Deletada : C:\WINDOWS\system32\drivers\{57f143ae-1ecd-493d-9ddb-32c45a3cecd5}Gt.sys

Arquivo Deletada : C:\WINDOWS\system32\drivers\{6fcd6092-9615-4f7f-8898-8df53980e5d2}Gt.sys

Arquivo Deletada : C:\WINDOWS\system32\srvany.exe

Arquivo Deletada : C:\Documents and Settings\Usuario\Dados de aplicativos\Mozilla\Firefox\Profiles\8qoolpud.default\searchplugins\bingp.xml

Arquivo Deletada : C:\Documents and Settings\Usuario\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage

Arquivo Deletada : C:\Documents and Settings\Usuario\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal

***** [ Tarefas ] *****

***** [ Atalhos ] *****

***** [ Registro ] *****

Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs\MyPC Backup

Chave Deletedo : HKLM\SOFTWARE\Classes\protector_dll.protectorbho

Chave Deletedo : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1

Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}

Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}

Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}

Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}

Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{769A91DA-209F-47FE-88B9-B0321B0982C8}

Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}

Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}

Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}

Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{49C929EE-A1B7-4C58-B539-E63BE392B6F3}

Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{91C6335B-B94B-4CED-BCE3-BC33A09F5DB5}

Chave Deletedo : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}

Chave Deletedo : HKLM\SOFTWARE\Classes\TypeLib\{15f1ee5b-4c16-415d-a4b9-e7e00753d0cf}

Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{769A91DA-209F-47FE-88B9-B0321B0982C8}

Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2318C2B1-4965-11D4-9B18-009027A5CD4F}

Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{769A91DA-209F-47FE-88B9-B0321B0982C8}

Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}

Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2318C2B1-4965-11D4-9B18-009027A5CD4F}

Valor Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{2318C2B1-4965-11D4-9B18-009027A5CD4F}]

Valor Deletedo : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{2318C2B1-4965-11D4-9B18-009027A5CD4F}]

Valor Deletedo : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]

Chave Deletedo : HKCU\Software\InstallCore

Chave Deletedo : HKCU\Software\NetCrawl

Chave Deletedo : HKCU\Software\systweak

Chave Deletedo : HKLM\Software\Conduit

Chave Deletedo : HKLM\Software\NetCrawl

Chave Deletedo : HKLM\Software\systweak

Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\NetCrawl

Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\MyPC Backup

Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\NetCrawl

***** [ Navegadores ] *****

-\\ Internet Explorer v8.0.6001.18702

-\\ Mozilla Firefox v18.0.1 (pt-BR)

[ Arquivo : C:\Documents and Settings\Usuario\Dados de aplicativos\Mozilla\Firefox\Profiles\8qoolpud.default\prefs.js ]

-\\ Google Chrome v36.0.1985.125

[ Arquivo : C:\Documents and Settings\Usuario\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\preferences ]

Deletedo [search Provider] : hxxp://br.ask.com/web?q={searchTerms}

*************************

AdwCleaner[R0].txt - [6573 octets] - [30/07/2014 16:16:34]

AdwCleaner[s0].txt - [5488 octets] - [30/07/2014 16:17:26]

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [5548 octets] ##########

[DigRam 144]

Boa Tarde! Éverton Carlesso

 

> Baixe: < > ( ... by Oleg N. Scherbakov )

> Salve-o no desktop!

> Desabilite seu antivírus!

> Para Windows 7,clique direito em JRT.exe e execute-o ...

> Aguarde a conclusão e poste o relatório. ( JRT.txt )

A+

[Éverton Carlesso 0]

Boa tarde DigRam!

 

Segue o log do JRT:

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 6.3.3 (10.21.2014:1)

OS: Microsoft Windows XP x86

Ran by Usuario on 31/10/2014 at 14:06:32,28

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Eventlog\Application\update netcrawl

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Eventlog\Application\util netcrawl

Successfully deleted: [Registry Key - Orphan] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}

Successfully deleted: [Registry Key - Orphan] HKEY_CLASSES_ROOT\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}

~~~ Files

~~~ Folders

Successfully deleted: [Folder] "C:\Documents and Settings\All Users\application data\baidu"

~~~ FireFox

Emptied folder: C:\Documents and Settings\Usuario\Dados de aplicativos\mozilla\firefox\profiles\8qoolpud.default\minidumps [2 files]

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on 31/10/2014 at 14:09:54,25

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

[DigRam 144]

Boa Tarde! Éverton Carlesso

 

> Baixe: < Farbar Recovery Scan Tool >

> Baixe: < > ( ... by Farbar )

> Ou aqui,ao clicar no logo.

> Salve-o no desktop! (Área de trabalho ...)

> Execute a ferramenta! Clique "Yes" >> "Scan".

> Antes de clicar "Scan",verifique se as caixinhas em "Whitelist" estão assinaladas.

> Em "Optional Scan",deixe marcada a checkbox "Addition.txt".

> Ps: Será gerado,também,o relatório "Addition.txt" que estará disponibilizado na 1ª execução da ferramenta.

> Poste o relatório! (FRST.txt + Addition.txt)

> Como o log será extenso,envie-o à Pjjoint.malekal.

> Ou acesse: < >

> Maiores informações: < |Link| >

A+

[Éverton Carlesso 0]

Boa tarde DigRam!

 

Seguem os links dos logs:

 

FRST - http://cjoint.com/?DJFts1BYs4f

 

Addition - http://cjoint.com/?DJFtvpiMWnz

[DigRam 144]

Boa Noite! Éverton Carlesso

> Copie estas informações que estão em vermelho,para o Bloco de Notas.

> Salve-a com o nome fixlist.txt.

> Salve-a no desktop! ( Área de trabalho ... ) (C:\Documents and Settings\Usuario\Desktop)

start

HKLM\...\Run: [Adobe ARM] => C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)

HKLM\...\Run: [HP Software Update] => C:\Arquivos de programas\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)

HKLM\...\Run: [] => [X]

Winlogon\Notify\WgaLogon: WgaLogon.dll [X]

CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

Download Manager Packages (HKCU\...\Download Manager Packages) (Version: - ) <==== ATTENTION

S3 AsrCDDrv; \??\C:\WINDOWS\system32\Drivers\AsrCDDrv.sys [X]

S1 Bfilter; \??\C:\WINDOWS\System32\drivers\Bfilter.sys [X]

S1 Bfmon; \??\C:\WINDOWS\System32\drivers\Bfmon.sys [X]

S0 Bhbase; System32\drivers\Bhbase.sys [X]

S3 BHip---; \??\C:\WINDOWS\System32\drivers\BHip---.sys [X]

S1 Bnbase; System32\drivers\bnbase.sys [X]

S1 Bndef; \??\C:\WINDOWS\System32\drivers\bndef.sys [X]

S1 Bprotect; \??\C:\WINDOWS\System32\drivers\Bprotect.sys [X]

S3 catchme; \??\C:\DOCUME~1\Usuario\CONFIG~1\Temp\catchme.sys [X]

S3 gdrv; \??\C:\WINDOWS\gdrv.sys [X]

S4 LMIRfsClientNP; No ImagePath

2014-10-31 14:09 - 2014-10-31 14:09 - 00001378 _____ () C:\Documents and Settings\Usuario\Desktop\JRT.txt

2014-10-31 14:00 - 2014-10-31 14:06 - 01706144 _____ (Thisisu) C:\Documents and Settings\Usuario\Desktop\JRT.exe

2014-10-31 08:20 - 2014-10-31 08:21 - 01375089 _____ () C:\Documents and Settings\Usuario\Desktop\adwcleaner_3.311.exe

2014-10-30 16:08 - 2014-10-30 16:09 - 00000000 ____D () C:\HijackThis

2014-10-31 08:24 - 2014-07-30 17:16 - 00000000 ____D () C:\AdwCleaner

Task: C:\WINDOWS\Tasks\At1.job => C:\Arquivos de programas\HP\HPLJUT\HPLJUTSCH.exe

Task: C:\WINDOWS\Tasks\At2.job => C:\Arquivos de programas\HP\HPLJUT\HPLJUTSCH.exe

Task: C:\WINDOWS\Tasks\At3.job => C:\Arquivos de programas\HP\HPLJUT\HPLJUTSCH.exe

Task: C:\WINDOWS\Tasks\At4.job => C:\Arquivos de programas\HP\HPLJUT\HPLJUTSCH.exe

C:\Documents and Settings\Usuario\Configurações locais\temp\jre-7u67-windows-i586-iftw.exe

C:\Documents and Settings\Usuario\Configurações locais\temp\Quarantine.exe

C:\Documents and Settings\Usuario\Configurações locais\temp\_is257.exe

C:\Documents and Settings\Usuario\Configurações locais\temp\_is25A.exe

C:\Documents and Settings\Usuario\Configurações locais\temp\_is25C.exe

C:\Documents and Settings\Usuario\Configurações locais\temp\_is3B1.exe

C:\Documents and Settings\Usuario\Configurações locais\temp\_is63.exe

C:\Documents and Settings\Usuario\Configurações locais\temp\_isE5.exe

C:\Windows\Tasks\At1.job

C:\Windows\Tasks\At2.job

C:\Windows\Tasks\At3.job

C:\Windows\Tasks\At4.job

end

> Execute FRST/FRST64 >> Clique "Fix" << Aguarde!

> Na mensagem,clique Executar.

> Poste o relatório! (Fixlog.txt)

A+

[Éverton Carlesso 0]

Bom dia!

Segue o FixLog:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 02-11-2014

Ran by Usuario at 2014-11-03 08:37:37 Run:1

Running from C:\Documents and Settings\Usuario\Desktop

Loaded Profile: Usuario (Available profiles: Usuario & LogMeInRemoteUser)

Boot Mode: Normal

==============================================

Content of fixlist:

*****************

start

HKLM\...\Run: [Adobe ARM] => C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)

HKLM\...\Run: [HP Software Update] => C:\Arquivos de programas\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)

HKLM\...\Run: [] => [X]

Winlogon\Notify\WgaLogon: WgaLogon.dll [X]

CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

Download Manager Packages (HKCU\...\Download Manager Packages) (Version: - ) <==== ATTENTION

S3 AsrCDDrv; \??\C:\WINDOWS\system32\Drivers\AsrCDDrv.sys [X]

S1 Bfilter; \??\C:\WINDOWS\System32\drivers\Bfilter.sys [X]

S1 Bfmon; \??\C:\WINDOWS\System32\drivers\Bfmon.sys [X]

S0 Bhbase; System32\drivers\Bhbase.sys [X]

S3 BHip---; \??\C:\WINDOWS\System32\drivers\BHip---.sys [X]

S1 Bnbase; System32\drivers\bnbase.sys [X]

S1 Bndef; \??\C:\WINDOWS\System32\drivers\bndef.sys [X]

S1 Bprotect; \??\C:\WINDOWS\System32\drivers\Bprotect.sys [X]

S3 catchme; \??\C:\DOCUME~1\Usuario\CONFIG~1\Temp\catchme.sys [X]

S3 gdrv; \??\C:\WINDOWS\gdrv.sys [X]

S4 LMIRfsClientNP; No ImagePath

2014-10-31 14:09 - 2014-10-31 14:09 - 00001378 _____ () C:\Documents and Settings\Usuario\Desktop\JRT.txt

2014-10-31 14:00 - 2014-10-31 14:06 - 01706144 _____ (Thisisu) C:\Documents and Settings\Usuario\Desktop\JRT.exe

2014-10-31 08:20 - 2014-10-31 08:21 - 01375089 _____ () C:\Documents and Settings\Usuario\Desktop\adwcleaner_3.311.exe

2014-10-30 16:08 - 2014-10-30 16:09 - 00000000 ____D () C:\HijackThis

2014-10-31 08:24 - 2014-07-30 17:16 - 00000000 ____D () C:\AdwCleaner

Task: C:\WINDOWS\Tasks\At1.job => C:\Arquivos de programas\HP\HPLJUT\HPLJUTSCH.exe

Task: C:\WINDOWS\Tasks\At2.job => C:\Arquivos de programas\HP\HPLJUT\HPLJUTSCH.exe

Task: C:\WINDOWS\Tasks\At3.job => C:\Arquivos de programas\HP\HPLJUT\HPLJUTSCH.exe

Task: C:\WINDOWS\Tasks\At4.job => C:\Arquivos de programas\HP\HPLJUT\HPLJUTSCH.exe

C:\Documents and Settings\Usuario\Configurações locais\temp\jre-7u67-windows-i586-iftw.exe

C:\Documents and Settings\Usuario\Configurações locais\temp\Quarantine.exe

C:\Documents and Settings\Usuario\Configurações locais\temp\_is257.exe

C:\Documents and Settings\Usuario\Configurações locais\temp\_is25A.exe

C:\Documents and Settings\Usuario\Configurações locais\temp\_is25C.exe

C:\Documents and Settings\Usuario\Configurações locais\temp\_is3B1.exe

C:\Documents and Settings\Usuario\Configurações locais\temp\_is63.exe

C:\Documents and Settings\Usuario\Configurações locais\temp\_isE5.exe

C:\Windows\Tasks\At1.job

C:\Windows\Tasks\At2.job

C:\Windows\Tasks\At3.job

C:\Windows\Tasks\At4.job

end

*****************

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Adobe ARM => value deleted successfully.

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\HP Software Update => value deleted successfully.

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.

"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon" => Key deleted successfully.

"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.

Download Manager Packages (HKCU\...\Download Manager Packages) (Version: - ) <==== ATTENTION => Error: No automatic fix found for this entry.

AsrCDDrv => Service deleted successfully.

Bfilter => Service deleted successfully.

Bfmon => Service deleted successfully.

Bhbase => Service deleted successfully.

BHip--- => Service not found.

Bnbase => Service deleted successfully.

Bndef => Service deleted successfully.

Bprotect => Service deleted successfully.

catchme => Service deleted successfully.

gdrv => Service deleted successfully.

LMIRfsClientNP => Service deleted successfully.

"C:\Documents and Settings\Usuario\Desktop\JRT.txt" => File/Directory not found.

C:\Documents and Settings\Usuario\Desktop\JRT.exe => Moved successfully.

C:\Documents and Settings\Usuario\Desktop\adwcleaner_3.311.exe => Moved successfully.

C:\HijackThis => Moved successfully.

C:\AdwCleaner => Moved successfully.

C:\WINDOWS\Tasks\At1.job => Moved successfully.

C:\WINDOWS\Tasks\At2.job => Moved successfully.

C:\WINDOWS\Tasks\At3.job => Moved successfully.

C:\WINDOWS\Tasks\At4.job => Moved successfully.

C:\Documents and Settings\Usuario\Configurações locais\temp\jre-7u67-windows-i586-iftw.exe => Moved successfully.

C:\Documents and Settings\Usuario\Configurações locais\temp\Quarantine.exe => Moved successfully.

C:\Documents and Settings\Usuario\Configurações locais\temp\_is257.exe => Moved successfully.

C:\Documents and Settings\Usuario\Configurações locais\temp\_is25A.exe => Moved successfully.

C:\Documents and Settings\Usuario\Configurações locais\temp\_is25C.exe => Moved successfully.

C:\Documents and Settings\Usuario\Configurações locais\temp\_is3B1.exe => Moved successfully.

C:\Documents and Settings\Usuario\Configurações locais\temp\_is63.exe => Moved successfully.

C:\Documents and Settings\Usuario\Configurações locais\temp\_isE5.exe => Moved successfully.

"C:\Windows\Tasks\At1.job" => File/Directory not found.

"C:\Windows\Tasks\At2.job" => File/Directory not found.

"C:\Windows\Tasks\At3.job" => File/Directory not found.

"C:\Windows\Tasks\At4.job" => File/Directory not found.

==== End of Fixlog ====

[DigRam 144]

Bom Dia! Éverton Carlesso

 

> Baixe: < > ( ... by Old Timer Tools )

> Salve-o no desktop.

> Para Windows Vista ou 7,execute OTC.exe como administrador.

> Clique: >> Yes.

> Aceite o reboot!

/!\ Vamos remover as ferramentas que foram utilizadas na desinfecção! /!\

> Baixe: < > ( ... de Xplode )

> Estando na página,clique em Download Now.

> Salve-a em um local conveniente! ( desktop! )

> Feche aplicativos que estejam abertos.

> Remover ferramentas de desinfecção

> Criar backup do registro

> Limpar pontos da restauração do sistema

> Com estas caixinhas marcadas,clique Executar!

> Reinicie o computador ao concluir!

> Tudo Ok?

A+

 

[Éverton Carlesso 0]

Bom dia!

Infelizmente continua o mesmo problema, o processo abre mas o programa não.

Muito obrigado pela ajuda! tem algo mais que eu possa fazer?

[DigRam 144]

Bom dia!

Infelizmente continua o mesmo problema, o processo abre mas o programa não.

Muito obrigado pela ajuda! tem algo mais que eu possa fazer?

Boa Tarde! Éverton Carlesso

 

/!\ Caso tenha o CD de instalação do Windows XP,você pode tentar o reparo. /!\

• Baixe: Windows Repair (...de Tweaking.com)

• Descompacte-o ao desktop ou Program Fies(x86).

• Na pasta Tweaking.com-Windows Repair,execute o Repair_Windows.

• Clique na aba "Step 2". ( Check File System )

• Clique "Do It" >> Sim.

• Haverá reboot. << Aguarde!

• Ao reiniciar,haverá um Check Disk. << Aguarde!

• Execute o Windows Repair.

• Clique na aba "Step 3". ( System File Check )

• Clique "Do It".

• É possível que seja solicitado o CD/DVD da instalação Windows.

• Neste caso,teremos a reinicialização do PC.

• Execute o Windows Repair.

• Clique na aba "Step 4". ( Registry Backup & System Restore )

• Em System Restore,clique Create. << Aguarde!

• Em Registry Backup,clique Backup. << Aguarde!

• O ponto de restauração que foi criado,chama-se: Tweaking.com-Windows Repair.

• O backup do registro estará em: C:\Reg_Backup\Data_Hora

• Clique na aba "Start Repairs".

• Clique "Start".

• Selecione: Restart/Shutdown System When Finished

• Marque: Restart System

• Clique "Start".

• Aguarde a conclusão!

• O computador será reiniciado!

• A+

[Éverton Carlesso 0]

Boa tarde!

isso irá alterar alguma coisa no computador, tipo os arquivos, excluir algo? ou não tem esse problema?

[DigRam 144]

Boa tarde!

isso irá alterar alguma coisa no computador, tipo os arquivos, excluir algo? ou não tem esse problema?

Olá! Éverton Carlesso

 

> Não é procedimento de Fix,onde teremos reparo com a substituição ou cópia de arquivos originais do Windows.

 

A+

[Éverton Carlesso 0]

Bom dia DigRam!

Muito obrigado pela ajuda, descobri que o problema estava sendo causado por causa de uma impressora que estava instalada na rede. Impressora HP laser jet MFP M127fn.

[DigRam 144]

PROBLEMA RESOLVIDO

 

Caso o autor necessite que o tópico seja reaberto basta enviar uma Mensagem Privada para um Moderador com um link para o tópico.