Tela azul; Work Thread Returned at Bad IRQL; Reinicia

[miguelino3ol 0]

Uma ou mais vezes por dia. Aparece tela azul com letras brancas. Uma das mensagens diz: Work Thread Returned at Bad IRQL. Depois o computador reinicia.

 

Log do Hijackthis:

 

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 23:29:32, on 8/10/2010

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\ARQUIV~1\GbPlugin\GbpSv.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\McAfee\SiteAdvisor\McSACore.exe

C:\Arquivos de programas\Arquivos comuns\McAfee\McSvcHost\McSvHost.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7Debug\mdm.exe

C:\Arquivos de programas\Arquivos comuns\McAfee\SystemCore\mfevtps.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Arquivos comuns\McAfee\SystemCore\mcshield.exe

C:\Arquivos de programas\Arquivos comuns\McAfee\SystemCore\mfefire.exe

C:\Arquivos de programas\Panda USB Vaccine\USBVaccine.exe

C:\WINDOWS\system32\VTTimer.exe

C:\Arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe

C:\Arquivos de programas\Ahead\InCD\InCD.exe

C:\Arquivos de programas\Canon\CAL\CALMAIN.exe

C:\Arquivos de programas\ScanSoft\OmniPage15.0\Opware15.exe

C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe

C:\Arquivos de programas\Pinnacle\PCTV Stereo\Remote\Remoterm.exe

C:\Arquivos de programas\McAfee.com\Agent\mcagent.exe

C:\Arquivos de programas\Skype\Phone\Skype.exe

C:\Arquivos de programas\Messenger\msmsgs.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\YouSendIt\Express\YouSendIt.exe

C:\Arquivos de programas\VIA\RAID\raid_tool.exe

C:\Arquivos de programas\Pinnacle\Shared Files\Programs\Scheduler\PCLEScheduler.exe

C:\Arquivos de programas\OEM\11bg Wireless LAN USB Utility\RtWLan.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Arquivos de programas\Skype\Plugin Manager\skypePM.exe

C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\AcroRd32.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\Documents and Settings\a\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\a\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\a\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\a\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\a\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe

C:\WINDOWS\system32\NOTEPAD.EXE

D:\MIGUEL DOCS\20091025 Limpeza do virus\HiJackThis.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.microsoft.com/fwlink/?linkid=54896

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/

R3 - URLSearchHook: Online Radio Brazil Toolbar - {f4c23ca5-ed6c-4376-80ad-62f9161a7286} - C:\Arquivos de programas\Online_Radio_Brazil\tbOnl1.dll

R3 - URLSearchHook: myBabylon English Toolbar - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Arquivos de programas\myBabylon_English\tbmyB0.dll

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\arquiv~1\mcafee\msk\mskapbho.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Arquivos de programas\Real\RealPlayer\rpbrowserrecordplugin.dll

O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Arquivos de programas\Arquivos comuns\McAfee\SystemCore\ScriptSn.20101011144629.dll

O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\ARQUIV~1\mcafee\SITEAD~1\mcieplg.dll

O2 - BHO: myBabylon English Toolbar - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Arquivos de programas\myBabylon_English\tbmyB0.dll

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre1.6.0_14\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre1.6.0_14\lib\deploy\jqs\ie\jqs_plugin.dll

O2 - BHO: Online Radio Brazil Toolbar - {f4c23ca5-ed6c-4376-80ad-62f9161a7286} - C:\Arquivos de programas\Online_Radio_Brazil\tbOnl1.dll

O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\ARQUIV~1\mcafee\SITEAD~1\mcieplg.dll

O3 - Toolbar: Online Radio Brazil Toolbar - {f4c23ca5-ed6c-4376-80ad-62f9161a7286} - C:\Arquivos de programas\Online_Radio_Brazil\tbOnl1.dll

O3 - Toolbar: myBabylon English Toolbar - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Arquivos de programas\myBabylon_English\tbmyB0.dll

O4 - HKLM\..\Run: [VTTimer] VTTimer.exe

O4 - HKLM\..\Run: [RemoteControl] "C:\Arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [inCD] C:\Arquivos de programas\Ahead\InCD\InCD.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [Office XP crack (nao remover)] C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Office10\zera_oxp.exe

O4 - HKLM\..\Run: [sSBkgdUpdate] "C:\Arquivos de programas\Arquivos comuns\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot

O4 - HKLM\..\Run: [Opware15] "C:\Arquivos de programas\ScanSoft\OmniPage15.0\Opware15.exe"

O4 - HKLM\..\Run: [OpScheduler] "C:\Arquivos de programas\ScanSoft\OmniPage15.0\OpScheduler.exe"

O4 - HKLM\..\Run: [PDF3 Registry Controller] "C:\Arquivos de programas\ScanSoft\OmniPage15.0\PDFConverter3\\RegistryController.exe"

O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [PCTVRemote] C:\Arquivos de programas\Pinnacle\PCTV Stereo\Remote\Remoterm.exe

O4 - HKLM\..\Run: [{1290A33C-85F5-4164-A1BE-7DD299D4986A}] "C:\Arquivos de programas\CyberLink\PowerBackup\PBKScheduler.exe"

O4 - HKLM\..\Run: [mcui_exe] "C:\Arquivos de programas\McAfee.com\Agent\mcagent.exe" /runkey

O4 - HKLM\..\Run: [4shared Update] "C:\Arquivos de programas\4shared Desktop\checkUpdate.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_14\bin\jusched.exe"

O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit

O4 - HKCU\..\Run: [skype] "C:\Arquivos de programas\Skype\\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [YouSendIt.exe] C:\Arquivos de programas\YouSendIt\Express\YouSendIt.exe -ui none

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: VIA RAID TOOL.lnk = C:\Arquivos de programas\VIA\RAID\raid_tool.exe

O4 - Global Startup: Pinnacle Scheduler.lnk = ?

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: 11bg Wireless LAN USB Utility.lnk = C:\Arquivos de programas\OEM\11bg Wireless LAN USB Utility\RtWLan.exe

O8 - Extra context menu item: &Download All using 4shared Desktop - C:\Arquivos de programas\4shared Desktop\down_all.htm

O8 - Extra context menu item: &Download using 4shared Desktop - C:\Arquivos de programas\4shared Desktop\down_link.htm

O8 - Extra context menu item: Open with Scansoft PDF Converter 3.0 - res://C:\Arquivos de programas\ScanSoft\OmniPage15.0\PDFConverter3\IEShellExt.dll /100

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O15 - Trusted Zone: http://www.abntcatalogo.com.br

O15 - Trusted Zone: http://www.abntnet.com.br

O15 - Trusted Zone: www.bb.com.br

O15 - Trusted Zone: www14.bancobrasil.com.br

O15 - Trusted Zone: www2.bancobrasil.com.br

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{25D6EAF2-CF98-4885-9677-A4CBAA5DC325}: NameServer = 200.175.89.139,200.175.5.139

O17 - HKLM\System\CCS\Services\Tcpip\..\{BC717D82-D1E5-4F2F-870F-A96B7FC804A9}: NameServer = 200.175.89.139,200.175.5.139

O17 - HKLM\System\CS1\Services\Tcpip\..\{25D6EAF2-CF98-4885-9677-A4CBAA5DC325}: NameServer = 200.175.89.139,200.175.5.139

O17 - HKLM\System\CS2\Services\Tcpip\..\{25D6EAF2-CF98-4885-9677-A4CBAA5DC325}: NameServer = 200.175.89.139,200.175.5.139

O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\ARQUIV~1\mcafee\SITEAD~1\mcieplg.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O20 - Winlogon Notify: GbPluginBb - C:\Arquivos de programas\GbPlugin\gbieh.dll

O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Arquivos de programas\Canon\CAL\CALMAIN.exe

O23 - Service: Gbp Service (GbpSv) - - C:\ARQUIV~1\GbPlugin\GbpSv.exe

O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe

O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Arquivos de programas\McAfee\SiteAdvisor\McSACore.exe

O23 - Service: McAfee Serviço Personal Firewall (McMPFSvc) - McAfee, Inc. - C:\Arquivos de programas\Arquivos comuns\Mcafee\McSvcHost\McSvHost.exe

O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\Arquivos de programas\Arquivos comuns\McAfee\McSvcHost\McSvHost.exe

O23 - Service: McAfee VirusScan Announcer (McNaiAnn) - McAfee, Inc. - C:\Arquivos de programas\Arquivos comuns\McAfee\McSvcHost\McSvHost.exe

O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - C:\Arquivos de programas\Arquivos comuns\McAfee\McSvcHost\McSvHost.exe

O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Arquivos de programas\McAfee\VirusScan\mcods.exe

O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Arquivos de programas\Arquivos comuns\McAfee\McSvcHost\McSvHost.exe

O23 - Service: McShield - McAfee, Inc. - C:\Arquivos de programas\Arquivos comuns\McAfee\SystemCore\\mcshield.exe

O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Arquivos de programas\Arquivos comuns\McAfee\SystemCore\\mfefire.exe

O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\Arquivos de programas\Arquivos comuns\McAfee\SystemCore\mfevtps.exe

O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Arquivos de programas\Arquivos comuns\Mcafee\McSvcHost\McSvHost.exe

 

--

End of file - 12112 bytes

 

[wings 22]

Olá miguelino3ol

 

Esta mensagem geralmente está relacionada a hardware.

 

Um abraço.

[Edvan 30]

Essas telas azuis, quando isso começou acontecer?

Geralmente tela azul ou tela da morte como chamam alguns, são problemas relacionados a memoria, mais pode ser outras coisas também como: drives com algum tipo de conflito entre eles.. ou até mesmo HD com setores defeituosos!.

[Rafael Mitsunaka 11]

90% dos casos erro de tela azul é despejo de memória

 

pode estar sobrecarregando a memória e fazendo o computador reiniciar ou a memória parar de funcionar.

o ideal seria retirar a memória, limpa-la com uma borracha branca, daquelas macias, e depois verificar se o erro persiste.