[Arquivado] Falha de Windows e congelamentos

[jucca 0]

Olá pessoal.

Ontem comecei a perceber umas instabilidades no antivirus que uso, o Norton Corporate.

Por via das dúvidas instalei o Antivir e fiz uma varredura completa.

Ele limpou algumas coisas. Mas hoje quando fui ligar ele caiu em tela azul com o seguinte erro:

Stop 0x00000024 ...

 

Pesquisando pela internet, achei que pode ser falha de memória, hd ou ntfs.

Estou tentando descartar o problema de hd e ntfs, vendo se pode ser virus primeiro.

 

Mas só consigo entrar no Windows pelo "Modo de Depuração", nada mais entra, por este modo entra e depois de um tempo trava. Consegui fazer um log no HijackThis.

 

Como só vou pensar em trocar de HD amanhã, gostaria que vissem se pode ser vírus.

Além disso tem um erro comum nos eventos:

Falha ao carregar os seguintes drivers de início do sistema ou inicialização: sptd

Também um erro no ADFS

 

Ontem o Norton teve problemas para reparar algo num arquivo chamado zmbqxxt.dll que estava no system32, também no load 1.exe na temp (pasta XOCTNH0I), este várias falhas de colocar na quarentena, em um jar_cache4300081747648305297.tmp e em um87952fa4d01.

 

Como desconfio de vírus, descrevi estes pontos, porque depois disso é que começou a ficar estranho, isto tudo ontem, tanto para o Norton reparar ou colocar em quarentena, ele falhou.

 

Segue Hijackthis:

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 20:58:19, on 17/1/2010

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16945)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccSetMgr.exe

C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccEvtMgr.exe

C:\Arquivos de programas\Arquivos comuns\Symantec Shared\SPBBC\SPBBCSvc.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\a-squared Free\a2service.exe

C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Arquivos de programas\Symantec AntiVirus\DefWatch.exe

C:\ARQUIV~1\DEERFI~1.COM\DNS2Go\DNS2GO~2.EXE

C:\xampp\filezillaftp\filezillaserver.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\Arquivos de programas\LogMeIn\x86\RaMaint.exe

C:\Arquivos de programas\LogMeIn\x86\LogMeIn.exe

C:\Arquivos de programas\Google\Update\1.2.183.13\GoogleCrashHandler.exe

C:\Arquivos de programas\LogMeIn\x86\LMIGuardian.exe

C:\Arquivos de programas\CDBurnerXP\NMSAccessU.exe

C:\Arquivos de programas\PostgreSQL\8.2\bin\pg_ctl.exe

C:\Arquivos de programas\PostgreSQL\8.2\bin\postgres.exe

C:\Arquivos de programas\PostgreSQL\8.2\bin\postgres.exe

c:\Arquivos de programas\Arquivos comuns\Protexis\License Service\PsiService_2.exe

C:\Arquivos de programas\Spyware Doctor\pctsAuxs.exe

C:\Arquivos de programas\PostgreSQL\8.2\bin\postgres.exe

C:\Arquivos de programas\PostgreSQL\8.2\bin\postgres.exe

C:\Arquivos de programas\Spyware Doctor\pctsSvc.exe

C:\Arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\Arquivos de programas\Spyware Doctor\pctsTray.exe

C:\Arquivos de programas\Arquivos comuns\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe

C:\Arquivos de programas\Arquivos comuns\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe

C:\WINDOWS\system32\svchost.exe

C:\BITNAM~1\apache2\bin\httpd.exe

C:\BitNami SugarCRM Stack\mysql\bin\mysqld.exe

C:\BITNAM~1\apache2\bin\httpd.exe

C:\Arquivos de programas\Symantec AntiVirus\Rtvscan.exe

C:\Arquivos de programas\VMware\VMware Workstation\vmware-authd.exe

C:\Arquivos de programas\Arquivos comuns\VMware\VMware Virtual Image Editing\vmount2.exe

C:\WINDOWS\system32\vmnat.exe

C:\WINDOWS\system32\vmnetdhcp.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\TortoiseSVN\bin\TSVNCache.exe

C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccApp.exe

C:\ARQUIV~1\SYMANT~1\VPTray.exe

C:\Arquivos de programas\PowerISO\PWRISOVM.EXE

C:\Arquivos de programas\LogMeIn\x86\LogMeInSystray.exe

C:\Arquivos de programas\Fábrica de Bits\ACORDA\acorda.exe

C:\Arquivos de programas\Java\jre6\bin\jusched.exe

C:\Arquivos de programas\LogMeIn\x86\LMIGuardian.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Arquivos de programas\Clipdiary\clipdiary.exe

C:\Arquivos de programas\VisualTaskTips\VisualTaskTips.exe

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe

C:\Arquivos de programas\EverNote\EverNote\UniClipper.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Documents and Settings\ZERO\Configurações locais\Dados de aplicativos\Meebo\Meebo Notifier\MeeboNotifier.exe

C:\Arquivos de programas\uTorrent\uTorrent.exe

C:\Arquivos de programas\EverNote\EverNote\EverNote.exe

C:\Arquivos de programas\SpeedFan\speedfan.exe

C:\Arquivos de programas\Java\jre6\launch4j-tmp\frd.exe

C:\Arquivos de programas\Tomboy\Tomboy.exe

C:\Arquivos de programas\Yahoo!\Widgets\YahooWidgets.exe

C:\xampp\apache\bin\apache.exe

C:\xampp\mysql\bin\mysqld.exe

C:\Arquivos de programas\Yahoo!\Widgets\YahooWidgets.exe

C:\Arquivos de programas\Yahoo!\Widgets\YahooWidgets.exe

C:\Arquivos de programas\Yahoo!\Widgets\YahooWidgets.exe

C:\WINDOWS\System32\alg.exe

C:\xampp\apache\bin\apache.exe

C:\WINDOWS\system32\taskmgr.exe

C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE

C:\WINDOWS\system32\mmc.exe

C:\HiJackThis.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.orbitdownloader.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local

R3 - URLSearchHook: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Arquivos de programas\Search Settings\kb128\SearchSettings.dll

O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Arquivos de programas\Orbitdownloader\orbitcth.dll

O2 - BHO: Dealio Toolbar - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Arquivos de programas\Dealio Toolbar\DealioToolbarIE.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Arquivos de programas\Adobe\/Adobe Contribute CS3/contributeieplugin.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Arquivos de programas\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Arquivos de programas\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: Google Gears Helper - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Arquivos de programas\Google\Google Gears\Internet Explorer\0.5.33.0\gears.dll

O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll

O2 - BHO: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Arquivos de programas\Search Settings\kb128\SearchSettings.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: BS.Player ControlBar - {2C688203-7EB3-4327-9995-1CB417BA23F9} - C:\Arquivos de programas\BS.Player ControlBar\BSToolbar.dll

O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll

O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Arquivos de programas\Adobe\/Adobe Contribute CS3/contributeieplugin.dll

O3 - Toolbar: Copernic Desktop Search - Home Toolbar - {4A1C6093-14F9-44D7-860E-5D265CFCA9D9} - C:\Arquivos de programas\Copernic Desktop Search - Home\Toolbar\ToolbarContainer101000311.dll

O3 - Toolbar: Dealio Toolbar - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Arquivos de programas\Dealio Toolbar\DealioToolbarIE.dll

O4 - HKLM\..\Run: [ccApp] "C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [vptray] C:\ARQUIV~1\SYMANT~1\VPTray.exe

O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Arquivos de programas\PowerISO\PWRISOVM.EXE

O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Arquivos de programas\LogMeIn\x86\LogMeInSystray.exe"

O4 - HKLM\..\Run: [ACORDA] C:\Arquivos de programas\Fábrica de Bits\ACORDA\acorda.exe

O4 - HKLM\..\Run: [iSTray] "C:\Arquivos de programas\Spyware Doctor\pctsTray.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [nwiz] C:\Arquivos de programas\NVIDIA Corporation\nView\nwiz.exe /install

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKCU\..\Run: [clipdiary] C:\Arquivos de programas\Clipdiary\clipdiary.exe

O4 - HKCU\..\Run: [VisualTaskTips] C:\Arquivos de programas\VisualTaskTips\VisualTaskTips.exe

O4 - HKCU\..\Run: [RocketDock] "C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe"

O4 - HKCU\..\Run: [uniClipper] "C:\Arquivos de programas\EverNote\EverNote\UniClipper.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [skype] "C:\Arquivos de programas\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [Meebo Notifier] "C:\Documents and Settings\ZERO\Configurações locais\Dados de aplicativos\Meebo\Meebo Notifier\MeeboNotifier.exe" /startup

O4 - HKCU\..\Run: [uTorrent] "C:\Arquivos de programas\uTorrent\uTorrent.exe"

O4 - HKCU\..\RunOnce: [shockwave Updater] C:\WINDOWS\system32\Adobe\Shockwave 11\SwHelper_1150596.exe -Update -1150596 -"Mozilla/5.0_(Windows;_U;_Windows_NT_5.1;_pt-BR;_rv:1.9.0.15)_Gecko/2009101601_Firefox/3.0.15_(.NET_CLR_3.5.30729)" -"http://www.miniclip.com/games/monster-golf/br/content_iframe.php"

O4 - HKLM\..\Policies\Explorer\Run: []

O4 - HKUS\S-1-5-21-1417001333-117609710-1801674531-1007\..\RunOnce: [NeroHomeFirstStart] C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMFirstStart.exe (User 'postgres')

O4 - HKUS\S-1-5-21-1417001333-117609710-1801674531-1007\..\RunOnce: [] (User 'postgres')

O4 - HKUS\S-1-5-18\..\RunOnce: [] (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\RunOnce: [] (User 'Default user')

O4 - Startup: EverNote.lnk = C:\Arquivos de programas\EverNote\EverNote\EverNote.exe

O4 - Startup: FreeRapid 0.83u1.lnk = C:\Arquivos de programas\FreeRapid-0.83u1\frd.exe

O4 - Startup: SpeedFan.lnk = C:\Arquivos de programas\SpeedFan\speedfan.exe

O4 - Startup: Start Xampp.lnk = C:\xampp\xampp_start.exe

O4 - Startup: Tomboy Notes.lnk = ?

O4 - Startup: Yahoo! Widgets.lnk = C:\Arquivos de programas\Yahoo!\Widgets\YahooWidgets.exe

O8 - Extra context menu item: &Download by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/201

O8 - Extra context menu item: &Grab video by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/204

O8 - Extra context menu item: Add to Evernote - res://C:\Arquivos de programas\Evernote\Evernote3\enbar.dll/2000

O8 - Extra context menu item: Add to EverNote - res://C:\Arquivos de programas\EverNote\EverNote\enbar.dll/2000

O8 - Extra context menu item: Anexar a PDF existente - res://C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Anexar destino do link a PDF existente - res://C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

O8 - Extra context menu item: Append to existing PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/203

O8 - Extra context menu item: Down&load all by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/202

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Open using &Advanced JPEG Compressor - C:\Arquivos de programas\Advanced JPEG Compressor\ajcieex.htm

O8 - Extra context menu item: Sothink SWF Catcher - C:\Arquivos de programas\Arquivos comuns\SourceTec\SWF Catcher\InternetExplorer.htm

O8 - Extra context menu item: ʹÓÃUUSee¼ÓËÙ²¥·Å - C:\Arquivos de programas\uusee\geturltoplay.htm

O8 - Extra context menu item: ʹÓÃUUSeeÏÂÔØ - C:\Arquivos de programas\uusee\geturltodown.htm

O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Arquivos de programas\Google\Google Gears\Internet Explorer\0.5.33.0\gears.dll

O9 - Extra 'Tools' menuitem: &Configurações do Gears - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Arquivos de programas\Google\Google Gears\Internet Explorer\0.5.33.0\gears.dll

O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\ARQUIV~1\MI3AA1~1\INetRepl.dll

O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\ARQUIV~1\MI3AA1~1\INetRepl.dll

O9 - Extra 'Tools' menuitem: Criar Favorito Móvel... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\ARQUIV~1\MI3AA1~1\INetRepl.dll

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: ºÜ¿ìÊÓƵËÑË÷ - {998A88A0-A355-809B-831C-B83A80000991} - http://www.henkuai.com/?from=iebannel (file missing)

O9 - Extra 'Tools' menuitem: ºÜ¿ìÊÓƵËÑË÷ - {998A88A0-A355-809B-831C-B83A80000991} - http://www.henkuai.com/?from=iebannel (file missing)

O9 - Extra button: Æô¶¯UUSee ÍøÂçµçÊÓ - {998A88A0-A355-809B-831C-B83A80000992} - C:\Arquivos de programas\uusee\UUSeePlayer.exe

O9 - Extra 'Tools' menuitem: Æô¶¯UUSee ÍøÂçµçÊÓ - {998A88A0-A355-809B-831C-B83A80000992} - C:\Arquivos de programas\uusee\UUSeePlayer.exe

O9 - Extra button: Add to EverNote - {A5ABA0BB-F195-40d8-A5E9-0801153E6597} - C:\Arquivos de programas\EverNote\EverNote\enbar.dll

O9 - Extra 'Tools' menuitem: Add to EverNote - {A5ABA0BB-F195-40d8-A5E9-0801153E6597} - C:\Arquivos de programas\EverNote\EverNote\enbar.dll

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Arquivos de programas\Spybot - Search & Destroy\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Arquivos de programas\Spybot - Search & Destroy\SDHelper.dll

O9 - Extra button: Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E9252800} - C:\Arquivos de programas\Evernote\Evernote3\enbar.dll

O9 - Extra 'Tools' menuitem: Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E9252800} - C:\Arquivos de programas\Evernote\Evernote3\enbar.dll

O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Arquivos de programas\Arquivos comuns\SourceTec\SWF Catcher\InternetExplorer.htm

O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Arquivos de programas\Arquivos comuns\SourceTec\SWF Catcher\InternetExplorer.htm

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O10 - Broken Internet access because of LSP provider 'c:\arquivos de programas\bonjour\mdnsnsp.dll' missing

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Arquivos de programas\Yahoo!\Common\Yinsthelper.dll

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1229888865593

O17 - HKLM\System\CCS\Services\Tcpip\..\{30049034-4DD7-4B50-AF6C-58AE41F55B23}: NameServer = 192.168.1.254

O17 - HKLM\System\CCS\Services\Tcpip\..\{36244340-CB28-4CFB-BCD2-C19D022CED36}: NameServer = 192.168.1.254

O17 - HKLM\System\CS1\Services\Tcpip\..\{30049034-4DD7-4B50-AF6C-58AE41F55B23}: NameServer = 192.168.1.254

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveSystemServices.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O20 - AppInit_DLLs: C:\ARQUIV~1\Google\GO333C~1\GOEC62~1.DLL

O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Arquivos de programas\a-squared Free\a2service.exe

O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Arquivos de programas\Arquivos comuns\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe

O23 - Service: Dispositivo Celular da Apple (Apple Mobile Device) - Apple Inc. - C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Bonjour Service - Unknown owner - C:\Arquivos de programas\Bonjour\mDNSResponder.exe (file missing)

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccSetMgr.exe

O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Arquivos de programas\Symantec AntiVirus\DefWatch.exe

O23 - Service: DNS2Go Client Service (DNS2GoClient) - Deerfield.com - C:\ARQUIV~1\DEERFI~1.COM\DNS2Go\DNS2GO~2.EXE

O23 - Service: FileZilla Server FTP server (FileZilla Server) - FileZilla Project - C:\xampp\filezillaftp\filezillaserver.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Gerenciador do Google Desktop 5.9.909.30391 (GoogleDesktopManager-093009-130223) - Google - C:\Arquivos de programas\Google\Google Desktop Search\GoogleDesktop.exe

O23 - Service: Google Update Service (gupdate1c9cdad1353c2a4) (gupdate1c9cdad1353c2a4) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Arquivos de programas\iPod\bin\iPodService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\ARQUIV~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Arquivos de programas\LogMeIn\x86\RaMaint.exe

O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Arquivos de programas\LogMeIn\x86\LogMeIn.exe

O23 - Service: MySql - Unknown owner - c:/xampp/mysql/bin/mysqld-shareware.exe (file missing)

O23 - Service: NMSAccessU - Unknown owner - C:\Arquivos de programas\CDBurnerXP\NMSAccessU.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PostgreSQL Database Server 8.2 (pgsql-8.2) - PostgreSQL Global Development Group - C:\Arquivos de programas\PostgreSQL\8.2\bin\pg_ctl.exe

O23 - Service: PostgreSQL Server 8.3 (postgresql-8.3) - PostgreSQL Global Development Group - C:/Arquivos de programas/PostgreSQL/8.3/bin/pg_ctl.exe

O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Arquivos de programas\Arquivos comuns\Protexis\License Service\PsiService_2.exe

O23 - Service: SAVRoam (SavRoam) - symantec - C:\Arquivos de programas\Symantec AntiVirus\SavRoam.exe

O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Arquivos de programas\Spyware Doctor\pctsAuxs.exe

O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Arquivos de programas\Spyware Doctor\pctsSvc.exe

O23 - Service: Sentinel Keys Server (SentinelKeysServer) - SafeNet, Inc. - C:\Arquivos de programas\Arquivos comuns\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe

O23 - Service: Sentinel Protection Server (SentinelProtectionServer) - SafeNet, Inc - C:\Arquivos de programas\Arquivos comuns\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\SNDSrvc.exe

O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\SPBBC\SPBBCSvc.exe

O23 - Service: sugarcrmApache - Apache Software Foundation - C:\BITNAM~1\apache2\bin\httpd.exe

O23 - Service: sugarcrmMySQL - Unknown owner - C:\BitNami SugarCRM Stack\mysql\bin\mysqld.exe

O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Arquivos de programas\Symantec AntiVirus\Rtvscan.exe

O23 - Service: Apache Tomcat 6 (Tomcat6) - Apache Software Foundation - C:\OpenbravoERP\Tomcat 6.0\bin\tomcat6.exe

O23 - Service: VMware Agent Service (ufad-ws60) - VMware, Inc. - C:\Arquivos de programas\VMware\VMware Workstation\vmware-ufad.exe

O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Arquivos de programas\VMware\VMware Workstation\vmware-authd.exe

O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe

O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Arquivos de programas\Arquivos comuns\VMware\VMware Virtual Image Editing\vmount2.exe

O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe

 

--

End of file - 24226 bytes

 

 

 

Grato desde já

Jucca

[wings 22]

Boa noite....

 

 

*Baixe o AD-Remover e salve-o no desktop

*Duplo clique em AD-R.exe e instale o programa.

*Duplo clique no ícone criado no desktop e clique em [Oui]

*Tecle S > [ENTER]

*Aguarde o término

*Cole o relatório criado em C:\Ad-Report-SCAN.log

[jucca 0]

Olá, não sei se tem alguma dica, mas o ad remover que baixei do teu link não instala, ele cai numa tela rosa e já tem as opções que você fala no final.

 

Estou passando ele, mas não passa de 4%. Se me disser que é normal, seguirei, ou de qualquer forma deixarei passando esta madrugada.

 

Até

 

Jucca

[wings 22]

A tela do programa é rosa mesmo.

 

Caso esteja demorando, tente em Modo de Segurança.

 

Mas, a demora costuma ser normal.

[jucca 0]

Vou deixar passando, como falei não consigo entrar em outro modo que não seja o de depuração.

Nem de segurança nem normal.

Até.

[wings 22]

OK...aguardarei pelo log.

 

 

Um abraço.

[jucca 0]

Olá, realmente passou a noite travado em 4%.

Estou testando as memórias atualmente, depois disso vou tentar passar de novo.

Até

[jucca 0]

Olá

A outra máquina se foi.

Mas outra da rede começou com o mesmo problema.

Nesta consegui passar o programa que pediu:

 

Segue log:

 

.

======= LOGFILE OF AD-REMOVER 1.1.4.6_H | ONLY XP/VISTA/7 =======

.

Updated by C_XX on 18.01.2010 at 18:32

Contact: AdRemover.contact@gmail.com

Website: http://pagesperso-orange.fr/NosTools/ad_remover.html

.

Launch at: 10:31:45, ter 19/01/2010 | Normal Boot | Option: SCAN

Executed from: C:\Ad-Remover\

Operating system: Microsoft® Windows XP™ Service Pack 3 versÆo 5.1.2600

Computer Name: UM | Current user: Um

.

============== FOUND ELEMENT(S) ==============

.

 

C:\DOCUME~1\Um\DADOSD~1\Mozilla\FireFox\Profiles\z4xpf124.default\searchplugins\mywebsearch.xml

C:\windows\System32\f3PSSavr.scr

 

 

Por via das dúvidas vai um Hijackthis:

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 11:01:31, on 19/1/2010

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

 

Running processes:

C:\windows\System32\smss.exe

C:\windows\system32\csrss.exe

C:\windows\system32\winlogon.exe

C:\windows\system32\services.exe

C:\windows\system32\lsass.exe

C:\ARQUIV~1\GbPlugin\GbpSv.exe

C:\windows\system32\svchost.exe

C:\windows\system32\svchost.exe

C:\windows\System32\svchost.exe

C:\Arquivos de programas\Nero\Nero 7\InCD\InCDsrv.exe

C:\windows\system32\svchost.exe

C:\windows\system32\svchost.exe

C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccSetMgr.exe

C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccEvtMgr.exe

C:\Arquivos de programas\Arquivos comuns\Symantec Shared\SPBBC\SPBBCSvc.exe

C:\windows\system32\spoolsv.exe

C:\windows\system32\svchost.exe

C:\Arquivos de programas\Bonjour\mDNSResponder.exe

C:\Arquivos de programas\Symantec AntiVirus\DefWatch.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\Arquivos de programas\CDBurnerXP\NMSAccessU.exe

C:\windows\system32\nvsvc32.exe

C:\Arquivos de programas\Google\Update\1.2.183.13\GoogleCrashHandler.exe

c:\Arquivos de programas\Arquivos comuns\Protexis\License Service\PsiService_2.exe

C:\Arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\windows\system32\svchost.exe

C:\Arquivos de programas\Symantec AntiVirus\Rtvscan.exe

C:\windows\system32\wdfmgr.exe

C:\Arquivos de programas\VMware\VMware Workstation\vmware-authd.exe

C:\Arquivos de programas\Arquivos comuns\VMware\VMware Virtual Image Editing\vmount2.exe

C:\WINDOWS\system32\vmnat.exe

C:\WINDOWS\system32\vmnetdhcp.exe

C:\windows\Explorer.EXE

C:\windows\system32\ctfmon.exe

C:\Arquivos de programas\Analog Devices\Core\smax4pnp.exe

C:\Arquivos de programas\Analog Devices\SoundMAX\Smax4.exe

C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccApp.exe

C:\ARQUIV~1\SYMANT~1\VPTray.exe

C:\windows\system32\RUNDLL32.EXE

C:\Arquivos de programas\VMware\VMware Workstation\vmware-tray.exe

C:\Arquivos de programas\IObit\IObit SmartDefrag\IObit SmartDefrag.exe

C:\Arquivos de programas\Java\jre6\bin\jusched.exe

C:\ARQUIV~1\MYWEBS~1\bar\3.bin\mwsoemon.exe

C:\ARQUIV~1\MYWEBS~1\bar\3.bin\m3SrchMn.exe

C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe

C:\Arquivos de programas\EverNote\EverNote\UniClipper.exe

C:\Arquivos de programas\RocketDock\RocketDock.exe

C:\Arquivos de programas\Skype\Phone\Skype.exe

C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Documents and Settings\Um\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe

C:\Documents and Settings\Um\Configurações locais\Dados de aplicativos\Google\Update\1.2.183.13\GoogleCrashHandler.exe

C:\Arquivos de programas\SpeedFan\speedfan.exe

C:\Arquivos de programas\BrOffice.org 3\program\soffice.exe

C:\Arquivos de programas\BrOffice.org 3\program\soffice.bin

C:\Arquivos de programas\Skype\Plugin Manager\skypePM.exe

C:\windows\System32\alg.exe

C:\windows\system32\wuauclt.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\ARQUIV~1\DVDREG~1\DVDRegionFree.exe

C:\windows\system32\Notepad.exe

C:\Documents and Settings\Um\Desktop\HiJackThis.exe

C:\windows\system32\wbem\wmiprvse.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.mywebsearch.com/mywebsearch/default.jhtml?ptnrS=ZJfox000&ptb=I2xqxdlLP_arQyCApf7xew

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R3 - URLSearchHook: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Arquivos de programas\MyWebSearch\bar\3.bin\MWSSRCAS.DLL

F2 - REG:system.ini: UserInit=C:\windows\system32\userinit.exe

O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Arquivos de programas\MyWebSearch\bar\3.bin\MWSSRCAS.DLL

O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Arquivos de programas\MyWebSearch\bar\3.bin\MWSBAR.DLL

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Arquivos de programas\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll

O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\Arquivos de programas\GbPlugin\gbiehcef.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: Google Gears Helper - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Arquivos de programas\Google\Google Gears\Internet Explorer\0.5.33.0\gears.dll

O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll

O3 - Toolbar: My Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Arquivos de programas\MyWebSearch\bar\3.bin\MWSBAR.DLL

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar_32.dll

O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe

O4 - HKLM\..\Run: [soundMAXPnP] C:\Arquivos de programas\Analog Devices\Core\smax4pnp.exe

O4 - HKLM\..\Run: [soundMAX] "C:\Arquivos de programas\Analog Devices\SoundMAX\Smax4.exe" /tray

O4 - HKLM\..\Run: [ccApp] "C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [vptray] C:\ARQUIV~1\SYMANT~1\VPTray.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [vmware-tray] C:\Arquivos de programas\VMware\VMware Workstation\vmware-tray.exe

O4 - HKLM\..\Run: [smartDefrag] "C:\Arquivos de programas\IObit\IObit SmartDefrag\IObit SmartDefrag.exe" /StartUp

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\ARQUIV~1\MYWEBS~1\bar\3.bin\mwsoemon.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [My Web Search Bar Search Scope Monitor] "C:\ARQUIV~1\MYWEBS~1\bar\3.bin\m3SrchMn.exe" /m=2 /w /h

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKCU\..\Run: [Reminder] C:\Arquivos de programas\Microsoft Money\System\reminder.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\windows\system32\ctfmon.exe

O4 - HKCU\..\Run: [uniClipper] "C:\Arquivos de programas\EverNote\EverNote\UniClipper.exe"

O4 - HKCU\..\Run: [RocketDock] "C:\Arquivos de programas\RocketDock\RocketDock.exe"

O4 - HKCU\..\Run: [skype] "C:\Arquivos de programas\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [swg] "C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\ARQUIV~1\MYWEBS~1\bar\3.bin\mwsoemon.exe

O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Um\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe" /c

O4 - Startup: Speedfan.lnk = C:\Arquivos de programas\SpeedFan\speedfan.exe

O4 - Startup: BrOffice.org 3.0.lnk = C:\Arquivos de programas\BrOffice.org 3\program\quickstart.exe

O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZJfox000

O8 - Extra context menu item: Add to EverNote - res://C:\Arquivos de programas\EverNote\EverNote\enbar.dll/2000

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Google Sidewiki... - res://C:\Arquivos de programas\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html

O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Arquivos de programas\Google\Google Gears\Internet Explorer\0.5.33.0\gears.dll

O9 - Extra 'Tools' menuitem: &Configurações do Gears - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Arquivos de programas\Google\Google Gears\Internet Explorer\0.5.33.0\gears.dll

O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: Add to EverNote - {A5ABA0BB-F195-40d8-A5E9-0801153E6597} - C:\Arquivos de programas\EverNote\EverNote\enbar.dll

O9 - Extra 'Tools' menuitem: Add to EverNote - {A5ABA0BB-F195-40d8-A5E9-0801153E6597} - C:\Arquivos de programas\EverNote\EverNote\enbar.dll

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = UM

O17 - HKLM\Software\..\Telephony: DomainName = UM

O17 - HKLM\System\CCS\Services\Tcpip\..\{3FC3B0ED-1D34-4E79-A979-0B23D10D35BF}: NameServer = 192.168.1.254

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = UM

O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = UM

O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = UM

O17 - HKLM\System\CS4\Services\Tcpip\Parameters: Domain = UM

O17 - HKLM\System\CS5\Services\Tcpip\Parameters: Domain = UM

O17 - HKLM\System\CS6\Services\Tcpip\Parameters: Domain = UM

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveSystemServices.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O20 - Winlogon Notify: GbPluginCef - C:\Arquivos de programas\GbPlugin\gbiehcef.dll

O23 - Service: Bonjour Service - Apple Inc. - C:\Arquivos de programas\Bonjour\mDNSResponder.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccSetMgr.exe

O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Arquivos de programas\Symantec AntiVirus\DefWatch.exe

O23 - Service: Gbp Service (GbpSv) - - C:\ARQUIV~1\GbPlugin\GbpSv.exe

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Arquivos de programas\Nero\Nero 7\InCD\InCDsrv.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\ARQUIV~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: NMSAccessU - Unknown owner - C:\Arquivos de programas\CDBurnerXP\NMSAccessU.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\windows\system32\nvsvc32.exe

O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Arquivos de programas\Arquivos comuns\Protexis\License Service\PsiService_2.exe

O23 - Service: SAVRoam (SavRoam) - symantec - C:\Arquivos de programas\Symantec AntiVirus\SavRoam.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\SNDSrvc.exe

O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\SPBBC\SPBBCSvc.exe

O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Arquivos de programas\Symantec AntiVirus\Rtvscan.exe

O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\windows\System32\TuneUpDefragService.exe

O23 - Service: VMware Agent Service (ufad-ws60) - VMware, Inc. - C:\Arquivos de programas\VMware\VMware Workstation\vmware-ufad.exe

O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Arquivos de programas\VMware\VMware Workstation\vmware-authd.exe

O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe

O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Arquivos de programas\Arquivos comuns\VMware\VMware Virtual Image Editing\vmount2.exe

O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe

 

--

End of file - 16555 bytes

[wings 22]

*Execute novamente o AD-Remover

*Tecle L > [ENTER]

*Aguarde...pode demorar. O PC poderá ser reiniciado automaticamente ao término da limpeza.

*Cole o relatório criado em C:\Ad-Report-CLEAN.log

[jucca 0]

Log do Clean

Grato

 

Você acha que estes adware podem ter causado o problema no Windows?

 

.

======= LOGFILE OF AD-REMOVER 1.1.4.6_H | ONLY XP/VISTA/7 =======

.

Updated by C_XX on 18.01.2010 at 18:32

Contact: AdRemover.contact@gmail.com

Website: http://pagesperso-orange.fr/NosTools/ad_remover.html

.

Launch at: 12:25:15, ter 19/01/2010 | Normal Boot | Option: CLEAN

Executed from: C:\Ad-Remover\

Operating system: Microsoft® Windows XP™ Service Pack 3 versÆo 5.1.2600

Computer Name: UM | Current user: Um

.

============== NEUTRALIZED ELEMENT(S) ==============

.

 

C:\DOCUME~1\Um\DADOSD~1\Mozilla\FireFox\Profiles\z4xpf124.default\searchplugins\mywebsearch.xml

C:\windows\System32\f3PSSavr.scr

[wings 22]

Você acha que estes adware podem ter causado o problema no Windows?

 

Não acredito....

 

1.

*Execute novamente o AD-Remover

*Tecle D > [ENTER]

 

2.

*Baixe o MalwareBytes Anti-malware e salve-o no desktop:

*Instale o programa

*Se alguma atualização existir,o download será automático. Aguarde...

*O programa será aberto automaticamente.

*Na aba [Verificação], selecione a opção [Verificação completa]

*Clique em [Verificar] e selecione as unidades a serem examinadas

*Ao término do scan, poderá ser interrogado se deseja remover objetos da memória. Clique [sIM] > [OK] > [Mostrar Resultados]

*Selecione todas as entradas e clique em [Remover Selecionados]

*Um relatório (mbam-log-ano-mês-data.txt) será apresentado.

*Abra novamente o programa Malwarebytes e na aba [Logs] clique no arquivo mbam-log-ano-mês-data.txt

*Clique em [Abrir], copie, cole-o na sua próxima resposta e novo log do hijack

[Mário Monteiro 179]

Tópico Arquivado

 

Como o autor não respondeu por mais de 30 dias, o tópico foi arquivado.

 

Caso você seja o autor do tópico e quer reabrir, envie uma mensagem privada para um moderador da área juntamente com o link para este tópico e explique o motivo da reabertura.