[Resolvido!]Computador lento

[leao34 0]

Feliz Ano Novo!!!!!

Meu computador esta ficando cada vez mais lento. E, além disso só consigo desliga-lo se fizer primeiro o log-off.

 

Logfile of HijackThis v1.99.1

Scan saved at 19:30:08, on 28/12/2006

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\ARQUIV~1\Grisoft\AVGFRE~1\avgamsvr.exe

C:\ARQUIV~1\Grisoft\AVGFRE~1\avgupsvc.exe

C:\ARQUIV~1\Grisoft\AVGFRE~1\avgemc.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\Java\jre1.5.0_09\bin\jusched.exe

C:\WINDOWS\system32\dla\tfswctrl.exe

C:\Arquivos de programas\Telefonica\Speedy\SATUF.exe

C:\Arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe

C:\WINDOWS\vsnpstd.exe

C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe

C:\WINDOWS\system32\taskmgrxp.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\wscntfy.exe

C:\hijackthis\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com/intl/la/brazil/index.htm

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.globo.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com/intl/la/brazil/index.htm

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com/intl/la/brazil/index.htm

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

O1 - Hosts: 205.238.40.1 winmx.com

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.5.0_09\bin\ssv.dll

O2 - BHO: (no name) - {95B0BAA3-5062-45E0-B69A-69EF738847E4} - C:\WINDOWS\system32\datimye.dll (file missing)

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\arquivos de programas\google\googletoolbar1.dll (file missing)

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar1.dll (file missing)

O3 - Toolbar: (no name) - {D396AC43-A8E0-4F8C-AB1C-25B079046746} - (no file)

O3 - Toolbar: (no name) - {10FF8D66-AC3D-4AE4-8BC4-5545ACF3D7BF} - (no file)

O3 - Toolbar: SuperBar - {8643F5B4-4727-4A8D-8D0E-CB625F2906F6} - C:\Arquivos de programas\_SUPERBAR\_SUPERBAR.dll (file missing)

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.5.0_09\bin\jusched.exe"

O4 - HKLM\..\Run: [ATIPTA] C:\Arquivos de Programas\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM\..\Run: [updateManager] "C:\Arquivos de programas\Arquivos comuns\Sonic\Update Manager\sgtray.exe" /r

O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe

O4 - HKLM\..\Run: [tspuf] C:\Arquivos de programas\Telefonica\Speedy\SATUF.exe

O4 - HKLM\..\Run: [bearShare] "C:\Arquivos de programas\BearShare\BearShare.exe" /pause

O4 - HKLM\..\Run: [scanRegistry] C:\W

O4 - HKLM\..\Run: [RemoteControl] "C:\Arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [AQ3HelperStartUp] C:\ARQUIV~1\AQUATI~1\AQ3HEL~1.EXE /partner AQ3

O4 - HKLM\..\Run: [bazef] C:\WINDOWS\bazef.exe

O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [taskmgrxp] C:\WINDOWS\system32\taskmgrxp.exe

O4 - HKLM\..\Run: [AVG7_CC] C:\ARQUIV~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [imInstaller_IncrediMail] C:\DOCUME~1\leandro\CONFIG~1\Temp\ImInstaller\IncrediMail\incredimail_install[1].exe -startup -product IncrediMail -cluster 2

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [WinMX] C:\Arquivos de programas\WinMX\WinMX.exe -m

O4 - HKCU\..\Run: [FreeRAM XP] "C:\Arquivos de programas\FreeRAM XP Pro\FreeRAM XP Pro.exe" -win

O4 - HKCU\..\Run: [uniblue SpyEraser] "C:\Arquivos de programas\Uniblue\SpyEraser\SpyEraser.exe" -m

O4 - HKCU\..\Run: [eMuleAutoStart] C:\Arquivos de programas\eMule\emule.exe -AutoStart

O4 - Global Startup: Photo Loader supervisory.lnk = C:\Arquivos de programas\CASIO\Photo Loader\Plauto.exe

O4 - Global Startup: Residente del Photo Loader.lnk = C:\Arquivos de programas\CASIO\Photo Loader\Plauto.exe

O4 - Global Startup: SpySubtract.lnk = C:\Program Files\interMute\SpySubtract\SpySub.exe

O4 - Global Startup: Winter Fun Wallpaper Changer.lnk = ?

O8 - Extra context menu item: &Google Search - res://C:\Arquivos de programas\Google\GoogleToolbar1.dll/cmsearch.html

O8 - Extra context menu item: Backward &Links - res://C:\Arquivos de programas\Google\GoogleToolbar1.dll/cmbacklinks.html

O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Arquivos de programas\Google\GoogleToolbar1.dll/cmcache.html

O8 - Extra context menu item: Si&milar Pages - res://C:\Arquivos de programas\Google\GoogleToolbar1.dll/cmsimilar.html

O8 - Extra context menu item: Translate into English - res://C:\Arquivos de programas\Google\GoogleToolbar1.dll/cmtrans.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_09\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_09\bin\ssv.dll

O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\ARQUIV~1\Yahoo!\Common\yhexbmesbr.dll

O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\ARQUIV~1\Yahoo!\Common\yhexbmesbr.dll

O12 - Plugin for .spop: C:\Arquivos de programas\Internet Explorer\Plugins\NPDocBox.dll

O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab

O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Arquivos de programas\Yahoo!\Common\yinsthelper.dll

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by111fd.bay111.hotmail.msn.com/resources/MsnPUpld.cab

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab

O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by111fd.bay111.hotmail.msn.com/activex/HMAtchmt.ocx

O17 - HKLM\System\CCS\Services\Tcpip\..\{03C34152-8E12-44D9-908B-F5A8613098D1}: NameServer = 200.204.0.10,200.204.0.138

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\ARQUIV~1\MSNMES~1\msgrapp.dll" (file missing)

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVGFRE~1\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVGFRE~1\avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVGFRE~1\avgemc.exe

O23 - Service: Boonty Games - BOONTY - C:\Arquivos de programas\Arquivos comuns\BOONTY Shared\Service\Boonty.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Arquivos de programas\Intel\PROSetWired\NCS\Sync\NetSvc.exe

 

 

 

 

Agradeço desde já.

[jgarcia 1]

Opa leao34,

 

Vamos lá.

 

Habilite o Windows para mostrar todos os arquivos (até ocultos).

 

Desinstale:

-> SUPERBAR

-> BearShare

-> ScreenScenes Aquatica Water Worlds ou Aquatica Water Worlds

 

Utilize Adicionar / Remover programas.

 

Desinstale, um a um, e reinicie após tê-lo feito.

 

Obs.: Caso não encontre algum dos programas acima citados na lista, apenas passe para a próxima etapa.

 

1ª Etapa

 

Baixe o Killbox em:

Killbox

 

1. Execute o Killbox, clique em Delete on Reboot.

 

2. Copie a lista abaixo em negrito para a área de transferência. Selecione todos com o auxílio do mouse --> vá até a aba Editar na barra do navegador --> clique em Copiar.

C:\DOCUME~1\leandro\CONFIG~1\Temp\ImInstaller\IncrediMail\incredimail_install[1].exe

C:\WINDOWS\system32\taskmgrxp.exe

C:\WINDOWS\system32\datimye.dll

C:\WINDOWS\bazef.exe

3. Retorne ao Killbox. Clique em File > Paste from clipboard. Clique em All Files.

 

4. Aperte em "X". Responda "não" à pergunta.

 

É prudente que você faça a impressão deste documento ou salve-o em um lugar de fácil acesso, pois na próxima etapa entraremos em Modo de Seguro e a conexão à internet não será possível.

 

2ª Etapa

 

Reinicie o computador em Modo Seguro (após reiniciar aperte a tecla F8 até aparecer uma tela preta em DOS e escolha Modo Seguro).

 

Execute o HijackThis, clique em Do a system scan only e marque:

O1 - Hosts: 205.238.40.1 winmx.com

O2 - BHO: (no name) - {95B0BAA3-5062-45E0-B69A-69EF738847E4} - C:\WINDOWS\system32\datimye.dll (file missing)

O3 - Toolbar: (no name) - {D396AC43-A8E0-4F8C-AB1C-25B079046746} - (no file)

O3 - Toolbar: (no name) - {10FF8D66-AC3D-4AE4-8BC4-5545ACF3D7BF} - (no file)

O3 - Toolbar: SuperBar - {8643F5B4-4727-4A8D-8D0E-CB625F2906F6} - C:\Arquivos de programas\_SUPERBAR\_SUPERBAR.dll (file missing)

O4 - HKLM\..\Run: [bearShare] "C:\Arquivos de programas\BearShare\BearShare.exe" /pause

O4 - HKLM\..\Run: [scanRegistry] C:\W

O4 - HKLM\..\Run: [AQ3HelperStartUp] C:\ARQUIV~1\AQUATI~1\AQ3HEL~1.EXE /partner AQ3

O4 - HKLM\..\Run: [bazef] C:\WINDOWS\bazef.exe

O4 - HKLM\..\Run: [taskmgrxp] C:\WINDOWS\system32\taskmgrxp.exe

O4 - HKLM\..\Run: [imInstaller_IncrediMail] C:\DOCUME~1\leandro\CONFIG~1\Temp\ImInstaller\IncrediMail\incredimail_install[1].exe -startup -product IncrediMail -cluster 2

Clique em Fix Checked.

 

3ª Etapa

 

Ainda em Modo Seguro localize e delete:

 

C:\Arquivos de programas\_SUPERBAR <- a pasta

C:\Arquivos de programas\BearShare <- a pasta

C:\ARQUIV~1\AQUATI~1 <- a pasta

 

4ª Etapa

 

Reinicie em Modo Normal.

 

Poste o novo log do HijackThis.

 

Aguardo retorno.

 

Um abraço.

[leao34 0]

Ola, desculpe a demora na resposta, estive viajando no final de semana, espero que tenha tido uma otima virada de ano.

 

Já efetuei todos os passos, so nao localizei as pastas que voce disse para deletar. De qualquer forma ja consigo reiniciar meu computador normalmente. E parece estar menos lento.

 

Só esqueci de mencionar que toda vez que reinicio ou desligo o computador aparece a mensagem:

 

A instrução no "0x73e1827a" faz referencia a memoria "0x0014ce9c" a memoria nao pode ser read

Sei que isso tem alguma coisa haver com o SATUF.EXE e SPEED, mas não sei como concertar.

 

 

 

Logfile of HijackThis v1.99.1

Scan saved at 17:19:36, on 1/1/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\Java\jre1.5.0_09\bin\jusched.exe

C:\WINDOWS\system32\dla\tfswctrl.exe

C:\Arquivos de programas\Telefonica\Speedy\SATUF.exe

C:\Arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe

C:\WINDOWS\vsnpstd.exe

C:\ARQUIV~1\Grisoft\AVGFRE~1\avgcc.exe

C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Uniblue\SpyEraser\SpyEraser.exe

C:\Arquivos de programas\FreeRAM XP Pro\FreeRAM XP Pro.exe

C:\Arquivos de programas\CASIO\Photo Loader\Plauto.exe

C:\ARQUIV~1\Grisoft\AVGFRE~1\avgamsvr.exe

C:\Program Files\interMute\SpySubtract\SpySub.exe

C:\ARQUIV~1\Grisoft\AVGFRE~1\avgupsvc.exe

C:\ARQUIV~1\Grisoft\AVGFRE~1\avgemc.exe

C:\Arquivos de programas\Winter Fun Pack 2004 for Windows XP\WinterWallToy\WinterWalltoy.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\WINDOWS\system32\wscntfy.exe

C:\DOCUME~1\leandro\CONFIG~1\Temp\Diretório temporário 2 para hijackthis.zip\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com/intl/la/brazil/index.htm

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.globo.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com/intl/la/brazil/index.htm

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com/intl/la/brazil/index.htm

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.5.0_09\bin\ssv.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\arquivos de programas\google\googletoolbar1.dll (file missing)

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar1.dll (file missing)

O4 - HKLM\..\Run: [sunJavaUpdateSched]"C:\Arquivos de programas\Java\jre1.5.0_09\bin\jusched.exe"

O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe

O4 - HKLM\..\Run: [tspuf] C:\Arquivos de programas\Telefonica\Speedy\SATUF.exe

O4 - HKLM\..\Run: [RemoteControl] "C:\Arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe

O4 - HKLM\..\Run: [taskmgrxp] C:\WINDOWS\system32\taskmgrxp.exe

O4 - HKLM\..\Run: [AVG7_CC] C:\ARQUIV~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [updateManager] "C:\Arquivos de programas\Arquivos comuns\Sonic\Update Manager\sgtray.exe" /r

O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [imInstaller_IncrediMail] C:\DOCUME~1\leandro\CONFIG~1\Temp\ImInstaller\IncrediMail\incredimail_install[1].exe -startup -product IncrediMail -cluster 2

O4 - HKLM\..\Run: [ATIPTA] C:\Arquivos de Programas\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [WinMX] C:\Arquivos de programas\WinMX\WinMX.exe -m

O4 - HKCU\..\Run: [uniblue SpyEraser] "C:\Arquivos de programas\Uniblue\SpyEraser\SpyEraser.exe" -m

O4 - HKCU\..\Run: [FreeRAM XP] "C:\Arquivos de programas\FreeRAM XP Pro\FreeRAM XP Pro.exe" -win

O4 - HKCU\..\Run: [eMuleAutoStart] C:\Arquivos de programas\eMule\emule.exe -AutoStart

O4 - Global Startup: Photo Loader supervisory.lnk = C:\Arquivos de programas\CASIO\Photo Loader\Plauto.exe

O4 - Global Startup: Residente del Photo Loader.lnk = C:\Arquivos de programas\CASIO\Photo Loader\Plauto.exe

O4 - Global Startup: SpySubtract.lnk = C:\Program Files\interMute\SpySubtract\SpySub.exe

O4 - Global Startup: Winter Fun Wallpaper Changer.lnk = ?

O8 - Extra context menu item: &Google Search - res://C:\Arquivos de programas\Google\GoogleToolbar1.dll/cmsearch.html

O8 - Extra context menu item: Backward &Links - res://C:\Arquivos de programas\Google\GoogleToolbar1.dll/cmbacklinks.html

O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Arquivos de programas\Google\GoogleToolbar1.dll/cmcache.html

O8 - Extra context menu item: Si&milar Pages - res://C:\Arquivos de programas\Google\GoogleToolbar1.dll/cmsimilar.html

O8 - Extra context menu item: Translate into English - res://C:\Arquivos de programas\Google\GoogleToolbar1.dll/cmtrans.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_09\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_09\bin\ssv.dll

O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\ARQUIV~1\Yahoo!\Common\yhexbmesbr.dll

O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\ARQUIV~1\Yahoo!\Common\yhexbmesbr.dll

O12 - Plugin for .spop: C:\Arquivos de programas\Internet Explorer\Plugins\NPDocBox.dll

O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab

O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Arquivos de programas\Yahoo!\Common\yinsthelper.dll

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by111fd.bay111.hotmail.msn.com/resources/MsnPUpld.cab

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab

O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by111fd.bay111.hotmail.msn.com/activex/HMAtchmt.ocx

O17 - HKLM\System\CCS\Services\Tcpip\..\{01ACA12C-F59D-45FA-AAD7-3BB2338DFCDC}: NameServer = 200.204.0.10 200.204.0.138

O17 - HKLM\System\CCS\Services\Tcpip\..\{03C34152-8E12-44D9-908B-F5A8613098D1}: NameServer = 200.204.0.10,200.204.0.138

O17 - HKLM\System\CS1\Services\Tcpip\..\{01ACA12C-F59D-45FA-AAD7-3BB2338DFCDC}: NameServer = 200.204.0.10 200.204.0.138

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\ARQUIV~1\MSNMES~1\msgrapp.dll" (file missing)

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVGFRE~1\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVGFRE~1\avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVGFRE~1\avgemc.exe

O23 - Service: Boonty Games - BOONTY - C:\Arquivos de programas\Arquivos comuns\BOONTY Shared\Service\Boonty.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Arquivos de programas\Intel\PROSetWired\NCS\Sync\NetSvc.exe

 

 

Obrigado.

[jgarcia 1]

Opa leao34,

 

Vamos lá.

 

Desinstale:

-> Boonty Games ou BOONTY Shared

 

Utilize Adicionar / Remover programas.

 

Desinstale e reinicie após tê-lo feito.

 

Obs.: Caso não encontre o programa acima citado na lista, apenas passe para a próxima etapa.

 

1ª Etapa

 

Faça o seguinte:

 

Vá em Iniciar -->Executar --> digite services.msc e dê OK.

 

Procure o serviço Boonty Games.

 

Dê um clique direito nele e vá para Propriedades.

 

Clique em Parar e modifique o Tipo de Inicialização para Desativado.

 

1. Execute o Killbox, clique em Delete on Reboot.

 

2. Copie a lista abaixo em negrito para a área de transferência. Selecione --> Editar --> Copiar.

C:\Arquivos de programas\Arquivos comuns\BOONTY Shared\Service\Boonty.exe

3. Retorne ao Killbox. Clique em File > Paste from clipboard. Clique em All Files.

 

4. Aperte em "X". Responda "não" à pergunta.

 

É prudente que você faça a impressão deste documento ou salve-o em um lugar de fácil acesso, pois na próxima etapa entraremos em Modo de Seguro e a conexão à internet não será possível.

 

2ª Etapa

 

Reinicie o computador em Modo Seguro.

 

Execute o HijackThis, clique em Open the Misc Tools section.

 

Clique em Delete an NT service.

 

Coloque:

Boonty Games

 

Elimine o serviço.

 

Execute o HijackThis novamente, clique em Do a system scan only e marque:

O4 - HKLM\..\Run: [taskmgrxp] C:\WINDOWS\system32\taskmgrxp.exe

O4 - HKLM\..\Run: [imInstaller_IncrediMail] C:\DOCUME~1\leandro\CONFIG~1\Temp\ImInstaller\IncrediMail\incredimail_install[1].exe -startup -product IncrediMail -cluster 2

O23 - Service: Boonty Games - BOONTY - C:\Arquivos de programas\Arquivos comuns\BOONTY Shared\Service\Boonty.exe

Clique em Fix Checked.

 

3ª Etapa

 

Ainda em Modo Seguro localize delete:

 

C:\Arquivos de programas\Arquivos comuns\BOONTY Shared <- a pasta

 

4ª Etapa

 

Reinicie em Modo Normal.

 

Poste o novo log do HijackThis.

 

Aguardo retorno.

 

Um abraço.

[leao34 0]

Novo log

 

 

Logfile of HijackThis v1.99.1

Scan saved at 13:51:02, on 5/1/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\Java\jre1.5.0_09\bin\jusched.exe

C:\WINDOWS\system32\dla\tfswctrl.exe

C:\Arquivos de programas\Telefonica\Speedy\SATUF.exe

C:\Arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe

C:\WINDOWS\vsnpstd.exe

C:\ARQUIV~1\Grisoft\AVGFRE~1\avgcc.exe

C:\Arquivos de programas\Arquivos comuns\Sonic\Update Manager\sgtray.exe

C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Uniblue\SpyEraser\SpyEraser.exe

C:\Arquivos de programas\FreeRAM XP Pro\FreeRAM XP Pro.exe

C:\Arquivos de programas\CASIO\Photo Loader\Plauto.exe

C:\Program Files\interMute\SpySubtract\SpySub.exe

C:\ARQUIV~1\Grisoft\AVGFRE~1\avgamsvr.exe

C:\Arquivos de programas\Winter Fun Pack 2004 for Windows XP\WinterWallToy\WinterWalltoy.exe

C:\ARQUIV~1\Grisoft\AVGFRE~1\avgupsvc.exe

C:\ARQUIV~1\Grisoft\AVGFRE~1\avgemc.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Arquivos comuns\BOONTY Shared\Service\Boonty.exe

C:\WINDOWS\system32\wuauclt.exe

C:\hijackthis\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com/intl/la/brazil/index.htm

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.globo.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com/intl/la/brazil/index.htm

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com/intl/la/brazil/index.htm

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.5.0_09\bin\ssv.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\arquivos de programas\google\googletoolbar1.dll (file missing)

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar1.dll (file missing)

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.5.0_09\bin\jusched.exe"

O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe

O4 - HKLM\..\Run: [tspuf] C:\Arquivos de programas\Telefonica\Speedy\SATUF.exe

O4 - HKLM\..\Run: [RemoteControl] "C:\Arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe

O4 - HKLM\..\Run: [AVG7_CC] C:\ARQUIV~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [updateManager] "C:\Arquivos de programas\Arquivos comuns\Sonic\Update Manager\sgtray.exe" /r

O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [imInstaller_IncrediMail] C:\DOCUME~1\leandro\CONFIG~1\Temp\ImInstaller\IncrediMail\incredimail_install[1].exe -startup -product IncrediMail -cluster 2

O4 - HKLM\..\Run: [ATIPTA] C:\Arquivos de Programas\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [WinMX] C:\Arquivos de programas\WinMX\WinMX.exe -m

O4 - HKCU\..\Run: [uniblue SpyEraser] "C:\Arquivos de programas\Uniblue\SpyEraser\SpyEraser.exe" -m

O4 - HKCU\..\Run: [FreeRAM XP] "C:\Arquivos de programas\FreeRAM XP Pro\FreeRAM XP Pro.exe" -win

O4 - HKCU\..\Run: [eMuleAutoStart] C:\Arquivos de programas\eMule\emule.exe -AutoStart

O4 - Global Startup: Photo Loader supervisory.lnk = C:\Arquivos de programas\CASIO\Photo Loader\Plauto.exe

O4 - Global Startup: Residente del Photo Loader.lnk = C:\Arquivos de programas\CASIO\Photo Loader\Plauto.exe

O4 - Global Startup: SpySubtract.lnk = C:\Program Files\interMute\SpySubtract\SpySub.exe

O4 - Global Startup: Winter Fun Wallpaper Changer.lnk = ?

O8 - Extra context menu item: &Google Search - res://C:\Arquivos de programas\Google\GoogleToolbar1.dll/cmsearch.html

O8 - Extra context menu item: Backward &Links - res://C:\Arquivos de programas\Google\GoogleToolbar1.dll/cmbacklinks.html

O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Arquivos de programas\Google\GoogleToolbar1.dll/cmcache.html

O8 - Extra context menu item: Si&milar Pages - res://C:\Arquivos de programas\Google\GoogleToolbar1.dll/cmsimilar.html

O8 - Extra context menu item: Translate into English - res://C:\Arquivos de programas\Google\GoogleToolbar1.dll/cmtrans.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_09\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_09\bin\ssv.dll

O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\ARQUIV~1\Yahoo!\Common\yhexbmesbr.dll

O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\ARQUIV~1\Yahoo!\Common\yhexbmesbr.dll

O12 - Plugin for .spop: C:\Arquivos de programas\Internet Explorer\Plugins\NPDocBox.dll

O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab

O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Arquivos de programas\Yahoo!\Common\yinsthelper.dll

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by111fd.bay111.hotmail.msn.com/resources/MsnPUpld.cab

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab

O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by111fd.bay111.hotmail.msn.com/activex/HMAtchmt.ocx

O17 - HKLM\System\CCS\Services\Tcpip\..\{03C34152-8E12-44D9-908B-F5A8613098D1}: NameServer = 200.204.0.10,200.204.0.138

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\ARQUIV~1\MSNMES~1\msgrapp.dll" (file missing)

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVGFRE~1\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVGFRE~1\avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVGFRE~1\avgemc.exe

O23 - Service: Boonty Games - BOONTY - C:\Arquivos de programas\Arquivos comuns\BOONTY Shared\Service\Boonty.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Arquivos de programas\Intel\PROSetWired\NCS\Sync\NetSvc.exe

[jgarcia 1]

Opa leao34,

 

Você chegou a desinstalar o Boonty Games?

[leao34 0]

O Boonty Games nao constava da lista de programas para serem removidos. mas refiz todo o processo acho que agora deu certo.

 

 

Logfile of HijackThis v1.99.1

Scan saved at 23:23:33, on 5/1/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\Java\jre1.5.0_09\bin\jusched.exe

C:\WINDOWS\system32\dla\tfswctrl.exe

C:\Arquivos de programas\Telefonica\Speedy\SATUF.exe

C:\Arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe

C:\WINDOWS\vsnpstd.exe

C:\ARQUIV~1\Grisoft\AVGFRE~1\avgcc.exe

C:\Arquivos de programas\Arquivos comuns\Sonic\Update Manager\sgtray.exe

C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Uniblue\SpyEraser\SpyEraser.exe

C:\Arquivos de programas\FreeRAM XP Pro\FreeRAM XP Pro.exe

C:\Arquivos de programas\CASIO\Photo Loader\Plauto.exe

C:\Program Files\interMute\SpySubtract\SpySub.exe

C:\ARQUIV~1\Grisoft\AVGFRE~1\avgamsvr.exe

C:\Arquivos de programas\Winter Fun Pack 2004 for Windows XP\WinterWallToy\WinterWalltoy.exe

C:\ARQUIV~1\Grisoft\AVGFRE~1\avgupsvc.exe

C:\ARQUIV~1\Grisoft\AVGFRE~1\avgemc.exe

C:\WINDOWS\system32\svchost.exe

C:\hijackthis\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com/intl/la/brazil/index.htm

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.globo.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com/intl/la/brazil/index.htm

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com/intl/la/brazil/index.htm

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.5.0_09\bin\ssv.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\arquivos de programas\google\googletoolbar1.dll (file missing)

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar1.dll (file missing)

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.5.0_09\bin\jusched.exe"

O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe

O4 - HKLM\..\Run: [tspuf] C:\Arquivos de programas\Telefonica\Speedy\SATUF.exe

O4 - HKLM\..\Run: [RemoteControl] "C:\Arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe

O4 - HKLM\..\Run: [AVG7_CC] C:\ARQUIV~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [updateManager] "C:\Arquivos de programas\Arquivos comuns\Sonic\Update Manager\sgtray.exe" /r

O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [imInstaller_IncrediMail] C:\DOCUME~1\leandro\CONFIG~1\Temp\ImInstaller\IncrediMail\incredimail_install[1].exe -startup -product IncrediMail -cluster 2

O4 - HKLM\..\Run: [ATIPTA] C:\Arquivos de Programas\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [WinMX] C:\Arquivos de programas\WinMX\WinMX.exe -m

O4 - HKCU\..\Run: [uniblue SpyEraser] "C:\Arquivos de programas\Uniblue\SpyEraser\SpyEraser.exe" -m

O4 - HKCU\..\Run: [FreeRAM XP] "C:\Arquivos de programas\FreeRAM XP Pro\FreeRAM XP Pro.exe" -win

O4 - HKCU\..\Run: [eMuleAutoStart] C:\Arquivos de programas\eMule\emule.exe -AutoStart

O4 - Global Startup: Photo Loader supervisory.lnk = C:\Arquivos de programas\CASIO\Photo Loader\Plauto.exe

O4 - Global Startup: Residente del Photo Loader.lnk = C:\Arquivos de programas\CASIO\Photo Loader\Plauto.exe

O4 - Global Startup: SpySubtract.lnk = C:\Program Files\interMute\SpySubtract\SpySub.exe

O4 - Global Startup: Winter Fun Wallpaper Changer.lnk = ?

O8 - Extra context menu item: &Google Search - res://C:\Arquivos de programas\Google\GoogleToolbar1.dll/cmsearch.html

O8 - Extra context menu item: Backward &Links - res://C:\Arquivos de programas\Google\GoogleToolbar1.dll/cmbacklinks.html

O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Arquivos de programas\Google\GoogleToolbar1.dll/cmcache.html

O8 - Extra context menu item: Si&milar Pages - res://C:\Arquivos de programas\Google\GoogleToolbar1.dll/cmsimilar.html

O8 - Extra context menu item: Translate into English - res://C:\Arquivos de programas\Google\GoogleToolbar1.dll/cmtrans.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_09\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_09\bin\ssv.dll

O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\ARQUIV~1\Yahoo!\Common\yhexbmesbr.dll

O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\ARQUIV~1\Yahoo!\Common\yhexbmesbr.dll

O12 - Plugin for .spop: C:\Arquivos de programas\Internet Explorer\Plugins\NPDocBox.dll

O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab

O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Arquivos de programas\Yahoo!\Common\yinsthelper.dll

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by111fd.bay111.hotmail.msn.com/resources/MsnPUpld.cab

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab

O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by111fd.bay111.hotmail.msn.com/activex/HMAtchmt.ocx

O17 - HKLM\System\CCS\Services\Tcpip\..\{03C34152-8E12-44D9-908B-F5A8613098D1}: NameServer = 200.204.0.10,200.204.0.138

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\ARQUIV~1\MSNMES~1\msgrapp.dll" (file missing)

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVGFRE~1\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVGFRE~1\avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVGFRE~1\avgemc.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Arquivos de programas\Intel\PROSetWired\NCS\Sync\NetSvc.exe

[jgarcia 1]

Opa leao34,

 

Agora sim! O log está LIMPO. :thumbsup:

 

Para finalizar:

 

1. Desabilite e Reabilite a função de Restauração Automática do XP. Clique aqui para ver como.

 

Abraços.

[leao34 0]

Feito!!!!Cara muitíssimo obrigado por tudo.Valeu mesmo!!!

[jgarcia 1]

PROBLEMA RESOLVIDO!

 

Caso o autor necessite que o tópico seja reaberto é necessário enviar uma Mensagem Privada para um Moderador com um link para o tópico.