[Arquivado] - Desktop e Menu iniciar sumiram

Gmax2008 · Setembro 23, 2008

Olá pessoal sou novo aqui no iMasters, e queria pedir ajuda : Meu desktop e os icones SUMIRAM!!!!!!!!!!!!!! :wacko:

Tudo começou num domingo eu tava fazendo um trabalho e desliguei o PC. No dia seguinte quando eu fui ligar...

o desktop e os icones tinham sumido. Só da pra abrir pelo Gerenciador de Tarefas Ctrl+Alt+Del.

Já baixei o avast, e uma lista de outros mais não consigo resolver o problema. Ja restaurei o sistema e nada.

Já vi varios casos igual ao meu que tiveram solução.

Não sei se ajuda mas tá aqui o meu log do HiJackThis:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 16:33:13, on 23/09/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16705)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Arquivos de programas\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\Arquivos de programas\Arquivos comuns\Ahead\lib\NMBgMonitor.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\WINDOWS\explorer.exe

C:\Arquivos de programas\Spybot - Search & Destroy\SpybotSD.exe

C:\WINDOWS\explorer.exe

C:\Arquivos de programas\MSN Messenger\msnmsgr.exe

C:\Arquivos de programas\MSN Messenger\usnsvc.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\taskmgr.exe

C:\Hijack\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.windowsxlive.net

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://br.rd.yahoo.com/customize/ycomp/def...://br.yahoo.com

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn1\yt.dll

R3 - URLSearchHook: SrchHook Class - {F4F10C1D-87C7-404A-B4B3-000000000000} - (no file)

R3 - URLSearchHook: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Arquivos de programas\free-downloads.net\tbfree.dll

O1 - Hosts: <HTML><HEAD><TITLE>Yahoo!</TITLE>

O1 - Hosts: </HEAD><BODY BGCOLOR=white vlink=blue>

O1 - Hosts:

O1 - Hosts: <center>

O1 - Hosts: <table width=675 cellpadding=0 cellspacing=2 border=0>

O1 - Hosts: <tr>

O1 - Hosts: <td width=1% valign=top><a href="http://www.yahoo.com"><img src=http://us.i1.yimg.com/us.yimg.com/i/yahoo.gif width=147 height=31 border=0 alt="Yahoo"></a></td>

O1 - Hosts: <td align=right><font face=arial size=-1><a href="/404/*http://www.yahoo.com">Yahoo!</a> - <a href="http://help.yahoo.com">Help</a></font><hr size=1 noshade></td>

O1 - Hosts: </tr>

O1 - Hosts: </table>

O1 - Hosts: <br>

O1 - Hosts: <table border=0 width=675 cellspacing=0 cellpadding=3>

O1 - Hosts: <tr>

O1 - Hosts: <td bgcolor=003399 colspan=2>

O1 - Hosts: <font face=Arial size=+1 color=white><b>Sorry, the page you requested was not found.</b></font>

O1 - Hosts: </td>

O1 - Hosts: </tr></table>

O1 - Hosts: <br>

O1 - Hosts: <table border=0 width=675 cellspacing=0 cellpadding=1>

O1 - Hosts: <tr>

O1 - Hosts: <td valign=top width=229 bgcolor=ffffff>

O1 - Hosts: <table width="100%" cellpadding=1 cellspacing=0 border=0 bgcolor=dcdcdc><tr>

O1 - Hosts: <td valign=top align=center><table width="100%" cellpadding=3 cellspacing=0 border=0 bgcolor=ffffff>

O1 - Hosts: <tr bgcolor=dcdcdc><td><font face=arial><b>Search Yahoo!</b></font></td></tr>

O1 - Hosts: <tr bgcolor=white><td valign=top align=center>

O1 - Hosts: <form action="http://search.yahoo.com/search">

O1 - Hosts: <input size="14" name="p" value="">

O1 - Hosts: <input type="SUBMIT" value="Search">

O1 - Hosts: <font face=arial size=-2> <a href="http://search.yahoo.com/search/options?p=">advanced search</a> <a href="http://buzz.yahoo.com">most popular</a></font>

O1 - Hosts: </form></td></tr></table>

O1 - Hosts: <table width=100% border=0 cellspacing=0 cellpadding=3 bgcolor=ffffff>

O1 - Hosts: <tr bgcolor=ccccff><td>

O1 - Hosts: <FONT face=arial size=+1>Yahoo! Web Hosting</font>

O1 - Hosts: </td></tr>

O1 - Hosts: <tr><td>

O1 - Hosts: <a href=http://webhosting.yahoo.com/ps/wh/prod/><img align=left src=http://us.i1.yimg.com/us.yimg.com/i/us/wh/gr/j_advan48.gif width=48 height=48 border=0 alt="Yahoo! Web Hosting"></a>

O1 - Hosts: <font face=arial size=-1>Yahoo! Web Hosting has <a href="http://webhosting.yahoo.com/ps/wh/prod/">three affordable plans</a> to meet your needs - starting at just $11.95.

O1 - Hosts: </td></tr>

O1 - Hosts: <tr><td align=right>

O1 - Hosts: <b><font face=arial size=-1><a href=http://webhosting.yahoo.com/ps/wh/prod/>Learn more...</a></font></b>

O1 - Hosts: </td></tr>

O1 - Hosts: </table>

O1 - Hosts: </td></tr></table>

O1 - Hosts: </td>

O1 - Hosts: <td width=1> </td>

O1 - Hosts: <td valign=top align=center width=445>

O1 - Hosts: < script language="JavaScript" type="text/javascript"

O1 - Hosts: src="http://adserver.yahoo.com/a?f=76001284&p=geocities&l=MON&c=sr" >

O1 - Hosts: < /script >

O1 - Hosts: <noscript>

O1 - Hosts: <iframe

O1 - Hosts: src="http://adserver.yahoo.com/a?f=76001284&p=geocities&l=MON&c=sh&bg=ffffff"

O1 - Hosts: width=470 height=580 marginwidth=0 marginheight=0 hspace=0

O1 - Hosts: vspace=0 frameborder=0 scrolling=no>

O1 - Hosts: </iframe>

O1 - Hosts: </noscript>

O1 - Hosts: </td>

O1 - Hosts: </tr>

O1 - Hosts: </table>

O1 - Hosts: <br>

O1 - Hosts: <table cellpadding=0 cellspacing=0 border=0 width=675><tr><td bgcolor=a0b8c8>

O1 - Hosts: <table cellpadding=1 cellspacing=1 border=0 width="100%">

O1 - Hosts: <tr valign=top bgcolor=ffffff><td align=center>

O1 - Hosts: <font face=arial size=-2><A

O1 - Hosts: href="http://rd.yahoo.com/footer/?http://address.yahoo.com/">Address Book</A> · <A

O1 - Hosts: href="http://rd.yahoo.com/footer/?http://alerts.yahoo.com/">Alerts</A> · <A

O1 - Hosts: href="http://rd.yahoo.com/footer/?http://auctions.yahoo.com/">Auctions</A> · <A

O1 - Hosts: href="http://rd.yahoo.com/footer/?http://billpay.yahoo.com/">Bill Pay</A> · <A

O1 - Hosts: href="http://rd.yahoo.com/footer/?http://bookmarks.yahoo.com/">Bookmarks</A> · <A

O1 - Hosts: href="http://rd.yahoo.com/footer/?http://briefcase.yahoo.com/">Briefcase</A> · <A

O1 - Hosts: href="http://rd.yahoo.com/footer/?http://broadcast.yahoo.com/">Broadcast</A> · <A

O1 - Hosts: href="http://rd.yahoo.com/footer/?http://calendar.yahoo.com/">Calendar</A> · <A

O1 - Hosts: href="http://rd.yahoo.com/footer/?http://chat.yahoo.com/">Chat</A> · <A

O1 - Hosts: href="http://rd.yahoo.com/footer/?http://classifieds.yahoo.com/">Classifieds</A> · <A

O1 - Hosts: href="http://rd.yahoo.com/footer/?http://clubs.yahoo.com/">Clubs</A> · <A

O1 - Hosts: href="http://rd.yahoo.com/footer/?http://companion.yahoo.com/">Companion</A> · <A

O1 - Hosts: href="http://rd.yahoo.com/footer/?http://experts.yahoo.com/">Experts</A> · <A

O1 - Hosts: href="http://rd.yahoo.com/footer/?http://games.yahoo.com/">Games</A> · <A

O1 - Hosts: href="http://rd.yahoo.com/footer/?http://greetings.yahoo.com/">Greetings</A> · <A

O1 - Hosts: href="http://rd.yahoo.com/footer/?http://geocities.yahoo.com/">Home Pages</A> · <A

O1 - Hosts: href="http://rd.yahoo.com/footer/?http://invites.yahoo.com/">Invites</A> · <A

O1 - Hosts: href="http://rd.yahoo.com/footer/?http://mail.yahoo.com/">Mail</A> · <A

O1 - Hosts: href="http://rd.yahoo.com/footer/?http://maps.yahoo.com/">Maps</A> · <A

O1 - Hosts: href="http://rd.yahoo.com/footer/?http://members.yahoo.com/">Member Directory</A> · <A

O1 - Hosts: href="http://rd.yahoo.com/footer/?http://messenger.yahoo.com/">Messenger</A> · <A

O1 - Hosts: href="http://rd.yahoo.com/footer/?http://my.yahoo.com/">My Yahoo!</A> · <A

O1 - Hosts: href="http://rd.yahoo.com/footer/?http://news.yahoo.com/">News</A> · <A

O1 - Hosts: href="http://rd.yahoo.com/footer/?http://paydirect.yahoo.com/">PayDirect</A> · <A

O1 - Hosts: href="http://rd.yahoo.com/footer/?http://people.yahoo.com/">People Search</A> · <A

O1 - Hosts: href="http://rd.yahoo.com/footer/?http://personals.yahoo.com/">Personals</A> · <A

O1 - Hosts: href="http://rd.yahoo.com/footer/?http://photos.yahoo.com/">Photos</A> · <A

O1 - Hosts: href="http://rd.yahoo.com/footer/?http://shopping.yahoo.com/">Shopping</A> · <A

O1 - Hosts: href="http://rd.yahoo.com/footer/?http://sports.yahoo.com/">Sports</A> · <A

O1 - Hosts: href="http://rd.yahoo.com/footer/?http://finance.yahoo.com/">Stock Quotes</A> · <A

O1 - Hosts: href="http://rd.yahoo.com/footer/?http://tv.yahoo.com/">TV</A> · <A

O1 - Hosts: href="http://rd.yahoo.com/footer/?http://travel.yahoo.com/">Travel</A> · <A

O1 - Hosts: href="http://rd.yahoo.com/footer/?http://weather.yahoo.com/">Weather</A> · <A

O1 - Hosts: href="http://rd.yahoo.com/footer/?http://www.yahooligans.com/">Yahooligans</A> · <A

O1 - Hosts: href="http://rd.yahoo.com/footer/?http://yp.yahoo.com/">Yellow Pages</A> · <A

O1 - Hosts: href="http://rd.yahoo.com/footer/?http://docs.yahoo.com/docs/family/more.html">more...</A>

O1 - Hosts: </font></td></tr></table></td></tr></table>

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\ARQUIV~1\MEGAUP~1\MEGAUP~1.DLL

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Extensão do Navegador - {937833BF-40FC-46BC-806F-34201374A953} - C:\WINDOWS\system32\wgapre32.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\arquivos de programas\google\googletoolbar2.dll

O2 - BHO: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Arquivos de programas\free-downloads.net\tbfree.dll

O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\ARQUIV~1\MEGAUP~1\MEGAUP~1.DLL

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar2.dll

O3 - Toolbar: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Arquivos de programas\free-downloads.net\tbfree.dll

O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Arquivos de programas\Styler\TB\StylerTB.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn1\yt.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [kav] "C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [MRT] "C:\WINDOWS\system32\MRT.exe" /R

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_05\bin\jusched.exe"

O4 - HKLM\..\Run: [lphc943j0e73j] C:\WINDOWS\system32\lphc943j0e73j.exe

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [avast!] "C:\Arquivos de programas\Alwil Software\Avast4\ashDisp.exe"

O4 - HKLM\..\RunOnce: [spybotDeletingA2682] command /c del "C:\Documents and Settings\Casa\Dados de aplicativos\AntiSpywareDAT\BlockedCookies.dat"

O4 - HKLM\..\RunOnce: [spybotDeletingC2222] cmd /c del "C:\Documents and Settings\Casa\Dados de aplicativos\AntiSpywareDAT\BlockedCookies.dat"

O4 - HKLM\..\RunOnce: [spybotDeletingA9101] command /c del "C:\Documents and Settings\Casa\Dados de aplicativos\AntiSpywareDAT\DirectoryDefinition.dat"

O4 - HKLM\..\RunOnce: [spybotDeletingC6453] cmd /c del "C:\Documents and Settings\Casa\Dados de aplicativos\AntiSpywareDAT\DirectoryDefinition.dat"

O4 - HKLM\..\RunOnce: [spybotDeletingA3721] command /c del "C:\Documents and Settings\Casa\Dados de aplicativos\AntiSpywareDAT\ENoSignature.dat"

O4 - HKLM\..\RunOnce: [spybotDeletingC1936] cmd /c del "C:\Documents and Settings\Casa\Dados de aplicativos\AntiSpywareDAT\ENoSignature.dat"

O4 - HKLM\..\RunOnce: [spybotDeletingA705] command /c del "C:\Documents and Settings\Casa\Dados de aplicativos\AntiSpywareDAT\ExeDefinition.dat"

O4 - HKLM\..\RunOnce: [spybotDeletingC2136] cmd /c del "C:\Documents and Settings\Casa\Dados de aplicativos\AntiSpywareDAT\ExeDefinition.dat"

O4 - HKLM\..\RunOnce: [spybotDeletingA797] command /c del "C:\Documents and Settings\Casa\Dados de aplicativos\AntiSpywareDAT\FileDefinition.dat"

O4 - HKLM\..\RunOnce: [spybotDeletingC8245] cmd /c del "C:\Documents and Settings\Casa\Dados de aplicativos\AntiSpywareDAT\FileDefinition.dat"

O4 - HKLM\..\RunOnce: [spybotDeletingA3934] command /c del "C:\Documents and Settings\Casa\Dados de aplicativos\AntiSpywareDAT\RegistryDefinition.dat"

O4 - HKLM\..\RunOnce: [spybotDeletingC3310] cmd /c del "C:\Documents and Settings\Casa\Dados de aplicativos\AntiSpywareDAT\RegistryDefinition.dat"

O4 - HKLM\..\RunOnce: [spybotDeletingA3866] command /c del "C:\Documents and Settings\Casa\Dados de aplicativos\AntiSpywareDAT\Quarantine\Quarantined files will be placed here.txt"

O4 - HKLM\..\RunOnce: [spybotDeletingC2876] cmd /c del "C:\Documents and Settings\Casa\Dados de aplicativos\AntiSpywareDAT\Quarantine\Quarantined files will be placed here.txt"

O4 - HKLM\..\RunOnce: [spybotDeletingA5014] command /c del "C:\Arquivos de programas\MyWebSearch\bar\1.bin\M3SRCHMN.EXE_old"

O4 - HKLM\..\RunOnce: [spybotDeletingC5793] cmd /c del "C:\Arquivos de programas\MyWebSearch\bar\1.bin\M3SRCHMN.EXE_old"

O4 - HKLM\..\RunOnce: [spybotDeletingA6117] command /c del "C:\Arquivos de programas\MyWebSearch\bar\1.bin\MWSBAR.DLL_old"

O4 - HKLM\..\RunOnce: [spybotDeletingC2724] cmd /c del "C:\Arquivos de programas\MyWebSearch\bar\1.bin\MWSBAR.DLL_old"

O4 - HKLM\..\RunOnce: [spybotSnD] "C:\Arquivos de programas\Spybot - Search & Destroy\SpybotSD.exe" /autocheck

O4 - HKLM\..\RunOnce: [*Restore] C:\WINDOWS\system32\restore\rstrui.exe -i

O4 - HKCU\..\Run: [ViOrb] C:\Arquivos de programas\ViOrb\ViOrb.exe

O4 - HKCU\..\Run: [VisualTaskTips] C:\Arquivos de programas\VisualTaskTips\VisualTaskTips.exe

O4 - HKCU\..\Run: [NitroPC] "C:\Arquivos de programas\NitroPC\NitroPC.exe" -minimized

O4 - HKCU\..\Run: [LClock] C:\Arquivos de programas\LClock\lclock.exe

O4 - HKCU\..\Run: [kamsoft] C:\WINDOWS\system32\ckvo.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [kava] C:\WINDOWS\system32\kavo.exe

O4 - HKCU\..\Run: [ViStart] C:\Arquivos de programas\ViStart\ViStart

O4 - HKCU\..\Run: [viwc] C:\WINDOWS\system32\viwc.exe

O4 - HKCU\..\Run: [shockAero] C:\Documents and Settings\Casa\Meus documentos\ShockAero\ShockAero.exe

O4 - HKCU\..\Run: [PSwitch] C:\Arquivos de programas\Proxy Switcher Standard\ProxySwitcher.exe

O4 - HKCU\..\Run: [CMS_RSChecker] "D:\RS FAN v1.1.exe" -m

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Arquivos de programas\Alcohol Soft\Alcohol 120\axcmd.exe" /automount

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\RunOnce: [spybotDeletingB3559] command /c del "C:\Documents and Settings\Casa\Dados de aplicativos\AntiSpywareDAT\BlockedCookies.dat"

O4 - HKCU\..\RunOnce: [spybotDeletingD8073] cmd /c del "C:\Documents and Settings\Casa\Dados de aplicativos\AntiSpywareDAT\BlockedCookies.dat"

O4 - HKCU\..\RunOnce: [spybotDeletingB9224] command /c del "C:\Documents and Settings\Casa\Dados de aplicativos\AntiSpywareDAT\DirectoryDefinition.dat"

O4 - HKCU\..\RunOnce: [spybotDeletingD9035] cmd /c del "C:\Documents and Settings\Casa\Dados de aplicativos\AntiSpywareDAT\DirectoryDefinition.dat"

O4 - HKCU\..\RunOnce: [spybotDeletingB1167] command /c del "C:\Documents and Settings\Casa\Dados de aplicativos\AntiSpywareDAT\ENoSignature.dat"

O4 - HKCU\..\RunOnce: [spybotDeletingD5612] cmd /c del "C:\Documents and Settings\Casa\Dados de aplicativos\AntiSpywareDAT\ENoSignature.dat"

O4 - HKCU\..\RunOnce: [spybotDeletingB9082] command /c del "C:\Documents and Settings\Casa\Dados de aplicativos\AntiSpywareDAT\ExeDefinition.dat"

O4 - HKCU\..\RunOnce: [spybotDeletingD2994] cmd /c del "C:\Documents and Settings\Casa\Dados de aplicativos\AntiSpywareDAT\ExeDefinition.dat"

O4 - HKCU\..\RunOnce: [spybotDeletingB4766] command /c del "C:\Documents and Settings\Casa\Dados de aplicativos\AntiSpywareDAT\FileDefinition.dat"

O4 - HKCU\..\RunOnce: [spybotDeletingD7262] cmd /c del "C:\Documents and Settings\Casa\Dados de aplicativos\AntiSpywareDAT\FileDefinition.dat"

O4 - HKCU\..\RunOnce: [spybotDeletingB4596] command /c del "C:\Documents and Settings\Casa\Dados de aplicativos\AntiSpywareDAT\RegistryDefinition.dat"

O4 - HKCU\..\RunOnce: [spybotDeletingD616] cmd /c del "C:\Documents and Settings\Casa\Dados de aplicativos\AntiSpywareDAT\RegistryDefinition.dat"

O4 - HKCU\..\RunOnce: [spybotDeletingB4120] command /c del "C:\Documents and Settings\Casa\Dados de aplicativos\AntiSpywareDAT\Quarantine\Quarantined files will be placed here.txt"

O4 - HKCU\..\RunOnce: [spybotDeletingD1353] cmd /c del "C:\Documents and Settings\Casa\Dados de aplicativos\AntiSpywareDAT\Quarantine\Quarantined files will be placed here.txt"

O4 - HKCU\..\RunOnce: [spybotDeletingB1355] command /c del "C:\Arquivos de programas\MyWebSearch\bar\1.bin\M3SRCHMN.EXE_old"

O4 - HKCU\..\RunOnce: [spybotDeletingD5945] cmd /c del "C:\Arquivos de programas\MyWebSearch\bar\1.bin\M3SRCHMN.EXE_old"

O4 - HKCU\..\RunOnce: [spybotDeletingB8714] command /c del "C:\Arquivos de programas\MyWebSearch\bar\1.bin\MWSBAR.DLL_old"

O4 - HKCU\..\RunOnce: [spybotDeletingD5925] cmd /c del "C:\Arquivos de programas\MyWebSearch\bar\1.bin\MWSBAR.DLL_old"

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: Styler.lnk = ?

O4 - Startup: Thoosje Vista Sidebar.lnk = C:\Arquivos de programas\Vista Sidebar\sidebar.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: Windows Update.exe

O8 - Extra context menu item: &Search - ?p=ZCxdm451YYBR

O8 - Extra context menu item: Add to AMV Convert Tool... - C:\Arquivos de programas\MP3 Player Utilities 4.00\AMVConverter\grab.html

O8 - Extra context menu item: Add to AMV Converter... - C:\Arquivos de programas\MP3 Player Utilities 4.04\AMVConverter\grab.html

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Arquivos de programas\MP3 Player Utilities 4.00\MediaManager\grab.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: Antivírus para Web - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveSystemServices.dll

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Kaspersky Lab - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe

O23 - Service: My Web Search Service (MyWebSearchService) - Unknown owner - C:\ARQUIV~1\MYWEBS~1\bar\1.bin\mwssvc.exe (file missing)

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Arquivos de programas\WinPcap\rpcapd.exe

O23 - Service: ServiceLayer - Nokia. - C:\Arquivos de programas\PC Connectivity Solution\ServiceLayer.exe

O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Arquivos de programas\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

--

End of file - 23288 bytes

PedroN · Setembro 23, 2008

Baixe o Combofix e salve no seu desktop.

Feche todas as janelas e programas

Dê um duplo-clique no combofix e tecle "1" em seguida enter para prosseguir com o fix. Vai durar uma média de 10 minutos (seja paciente). O combofix reiniciará o PC automaticamente para completar o processo de remoção.

Quando acabar, será gerado um log, que vai estar em C:\ComboFix.txt.

Atenção:

Não clique na Janela do ComboFix, nem o feche clicando no X, enquanto estiver rodando, pois senão irá parar e seu desktop ficará em branco.

Para parar ou sair do ComboFix, tecle "2" e Enter.

Depois gere um novo log com o HijackThis e poste, juntamente com o ComboFix.txt.

Gmax2008 · Setembro 23, 2008

Baixe o Combofix e salve no seu desktop.

Feche todas as janelas e programas

Dê um duplo-clique no combofix e tecle "1" em seguida enter para prosseguir com o fix. Vai durar uma média de 10 minutos (seja paciente). O combofix reiniciará o PC automaticamente para completar o processo de remoção.

Quando acabar, será gerado um log, que vai estar em C:\ComboFix.txt.

Atenção:

Não clique na Janela do ComboFix, nem o feche clicando no X, enquanto estiver rodando, pois senão irá parar e seu desktop ficará em branco.

Para parar ou sair do ComboFix, tecle "2" e Enter.

Depois gere um novo log com o HijackThis e poste, juntamente com o ComboFix.txt.

ComboFix 08-09-22.04 - Casa 2008-09-23 17:49:45.1 - NTFSx86

Executando de: C:\Documents and Settings\Casa\Desktop\ComboFix.exe

* Criado um novo ponto de restauro

ATENÇAO - ESTA MAQUINA NAO TEM A CONSOLE DE RECUPERAÇÃO INSTALADA !!

.

((((((((((((((((((((((((((((((((((((( Outras Exclusäes )))))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\Arquivos de programas\FunWebProducts

C:\Arquivos de programas\FunWebProducts\Shared\Cache\AvatarSmallBtn.html

C:\Arquivos de programas\FunWebProducts\Shared\Cache\CursorManiaBtn.html

C:\Arquivos de programas\FunWebProducts\Shared\Cache\FunBuddyIconBtn.html

C:\Arquivos de programas\FunWebProducts\Shared\Cache\MyFunCardsIMBtn.html

C:\Arquivos de programas\FunWebProducts\Shared\Cache\SmileyCentralBtn.html

C:\Arquivos de programas\internet explorer\msimg32.dll

C:\Arquivos de programas\MyWebSearch

C:\autorun.inf

C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\windows update.exe

C:\Documents and Settings\Gustavo\Configurações locais\Dados de aplicativos\Microsoft\Windows Media\10.0\WMSDKNSD.XML

C:\n.com

C:\WINDOWS\system32\ckvo.exe

C:\WINDOWS\system32\ckvo1.dll

C:\WINDOWS\system32\ckvo2.dll

C:\WINDOWS\system32\dao350.dll

C:\WINDOWS\system32\drivers\npf.sys

C:\WINDOWS\system32\f3PSSavr.scr

C:\WINDOWS\system32\kavo0.dll

C:\WINDOWS\system32\kavo2.dll

C:\WINDOWS\system32\packet.dll

C:\WINDOWS\system32\pthreadVC.dll

C:\WINDOWS\system32\skinboxer43.dll

C:\WINDOWS\system32\wgaprem32.dll

C:\WINDOWS\system32\wpcap.dll

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Legacy_MYWEBSEARCHSERVICE

-------\Legacy_NPF

-------\Service_MyWebSearchService

-------\Service_NPF

((((((((((((((((((((((( Ficheiros criados de 2008-08-23 to 2008-09-23 ))))))))))))))))))))))))))))))))

.

2008-09-23 17:15 . 2008-09-23 17:15 <DIR> d-------- C:\WINDOWS\ERUNT

2008-09-23 17:12 . 2008-09-23 17:33 <DIR> d-------- C:\SDFix

2008-09-23 13:44 . 2008-09-23 13:44 <DIR> d-------- C:\Documents and Settings\Administrador\Meus documentos

2008-09-23 13:44 . 2008-09-23 13:44 <DIR> dr------- C:\Documents and Settings\Administrador\Menu Iniciar

2008-09-23 13:44 . 2008-09-23 13:44 <DIR> d-------- C:\Documents and Settings\Administrador\Favoritos

2008-09-23 13:44 . 2008-09-23 13:44 <DIR> d--h----- C:\Documents and Settings\Administrador\Ambiente de rede

2008-09-23 13:44 . 2008-09-23 13:44 <DIR> d--h----- C:\Documents and Settings\Administrador\Ambiente de impressÆo

2008-09-23 12:16 . 2008-09-23 12:16 993 --a------ C:\WINDOWS\wininit.ini

2008-09-23 06:07 . 2008-09-23 06:07 <DIR> d-------- C:\Arquivos de programas\Alwil Software

2008-09-22 23:04 . 2008-09-23 13:44 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy

2008-09-22 23:04 . 2008-09-23 13:44 <DIR> d-------- C:\Arquivos de programas\Spybot - Search & Destroy

2008-09-22 22:19 . 2008-09-22 22:19 <DIR> d-------- C:\Arquivos de programas\IObit

2008-09-22 22:14 . 2008-09-23 16:32 <DIR> d-------- C:\Hijack

2008-09-22 21:17 . 2008-09-23 13:44 <DIR> d--h----- C:\Documents and Settings\Administrador\Modelos

2008-09-22 21:17 . 2008-09-23 13:44 <DIR> dr-h----- C:\Documents and Settings\Administrador\Dados de aplicativos

2008-09-22 21:17 . 2008-09-23 13:44 <DIR> d--h----- C:\Documents and Settings\Administrador\Configura‡äes locais

2008-09-22 21:17 . 2008-09-23 13:44 <DIR> d-------- C:\Documents and Settings\Administrador

2008-09-21 22:25 . 2008-09-21 22:25 197 --a------ C:\WINDOWS\system32\MRT.INI

2008-09-17 17:50 . 2008-09-17 17:49 115,913 -r-hs---- C:\k2d8j3wa.bat

2008-09-08 14:40 . 2008-09-08 14:40 33 --a------ C:\WINDOWS\KB1369769.ini

2008-09-06 19:11 . 2008-09-06 19:11 90,834 -r-hs---- C:\r1y1.bat

2008-09-05 15:12 . 2008-09-05 15:13 <DIR> d-------- C:\Arquivos de programas\VDOWNLOADER

2008-09-05 14:21 . 2008-09-05 14:21 <DIR> d-------- C:\Arquivos de programas\4U Computing

2008-09-05 13:41 . 2008-09-05 13:41 <DIR> d-------- C:\OutputFolder

2008-09-05 13:39 . 2008-09-05 13:39 <DIR> d-------- C:\Arquivos de programas\Allok Video to MP4 Converter

2008-09-05 13:39 . 2004-01-11 08:02 258,048 --a------ C:\WINDOWS\system32\GplMpgDec.ax

2008-09-05 13:39 . 2007-04-12 14:19 129,024 --a------ C:\WINDOWS\system32\AVERM.dll

2008-09-05 13:39 . 2006-09-26 13:57 28,672 --a------ C:\WINDOWS\system32\AVEQT.dll

2008-09-05 12:07 . 2008-09-05 12:07 92,932 -r-hs---- C:\ktnquo.exe

2008-09-02 18:46 . 2008-09-02 18:47 90,911 -r-hs---- C:\f.bat

2008-09-02 18:31 . 2008-09-02 18:30 109,043 -r-hs---- C:\hpkq.cmd

2008-09-01 19:17 . 2008-09-01 19:29 1,750,528 --a------ C:\WINDOWS\system32\wgapre32.dll

2008-09-01 17:58 . 2008-09-01 17:57 90,623 -r-hs---- C:\kk3.bat

2008-09-01 13:16 . 2008-09-01 13:16 <DIR> d-------- C:\Arquivos de programas\Nero

2008-09-01 13:16 . 2008-09-01 13:35 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Ahead

2008-08-29 13:23 . 2008-09-01 12:26 <DIR> d-------- C:\Arquivos de programas\Pivot Stickfigure Animator

.

((((((((((((((((((((((((((((((((((((( Relat¢rio Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-09-23 21:38 --------- d-----w C:\Arquivos de programas\ViStart

2008-09-22 16:43 14,328,864 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat

2008-09-22 16:26 556,320 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat

2008-09-22 02:30 53,132 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx

2008-09-22 02:30 194,468 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx

2008-09-22 01:32 --------- d---a-w C:\Documents and Settings\All Users\Dados de aplicativos\TEMP

2008-09-17 00:08 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Microsoft Help

2008-09-01 23:46 --------- d-----w C:\Documents and Settings\Casa\Dados de aplicativos\Ahead

2008-09-01 17:07 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Yahoo! Companion

2008-08-23 00:27 --------- d-----w C:\Arquivos de programas\NitroPC

2008-08-18 22:44 --------- d-----w C:\Documents and Settings\Casa\Dados de aplicativos\uTorrent

2008-08-18 19:55 --------- d-----w C:\Arquivos de programas\Windows Media Connect 2

2008-08-18 17:42 --------- d-----w C:\Arquivos de programas\Spyware Remover 7.0 Demo

2008-08-08 16:55 --------- d-----w C:\Arquivos de programas\Nokia

2008-08-02 03:58 --------- d-----w C:\Arquivos de programas\Dolphin

2008-08-01 20:22 40 ----a-w C:\Documents and Settings\Casa\language.dat

2008-07-24 18:06 --------- d-----w C:\Arquivos de programas\Vista Sidebar

2008-07-24 18:02 --------- d-----w C:\Arquivos de programas\WinFlip

2008-07-24 18:02 --------- d-----w C:\Arquivos de programas\VisualTooltip

2008-07-24 18:02 --------- d-----w C:\Arquivos de programas\ViOrb

2008-07-24 18:02 --------- d-----w C:\Arquivos de programas\TrueTransparency

2008-07-24 18:02 --------- d-----w C:\Arquivos de programas\Styler

2008-07-24 18:01 --------- d-----w C:\Arquivos de programas\LClock

2008-07-23 13:15 --------- d-----w C:\Arquivos de programas\uTorrent

2008-07-19 02:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll

2008-07-19 02:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe

2008-07-19 02:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll

2008-07-19 02:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll

2008-07-19 02:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll

2008-07-19 02:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll

2008-07-19 02:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll

2008-07-19 02:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll

2008-07-19 02:07 270,880 ----a-w C:\WINDOWS\system32\mucltui.dll

2008-07-19 02:07 210,976 ----a-w C:\WINDOWS\system32\muweb.dll

2008-07-11 17:15 10,121,656 ----a-w C:\Arquivos de programas\Alcohol120_trial_1.9.7.6221.exe

2008-07-07 20:31 253,952 ----a-w C:\WINDOWS\system32\es.dll

2008-06-24 22:12 295,936 ------w C:\WINDOWS\system32\wmpeffects.dll

2008-06-24 16:24 74,240 ----a-w C:\WINDOWS\system32\mscms.dll

2008-06-23 16:29 826,368 ----a-w C:\WINDOWS\system32\wininet.dll

2007-12-24 20:58 8,351,908 ----a-w C:\Arquivos de programas\windows_sidebar_XP_PT_BR.rar

2007-08-31 18:40 2,234,899 ----a-w C:\Arquivos de programas\fastaero0751.rar

.

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 19:40, on 2008-09-23

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16705)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Arquivos de programas\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe

C:\Arquivos de programas\ViOrb\ViOrb.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Arquivos de programas\VisualTaskTips\VisualTaskTips.exe

C:\Arquivos de programas\LClock\lclock.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\ViStart\ViStart.exe

C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe

C:\Arquivos de programas\Styler\Styler.exe

C:\Arquivos de programas\Vista Sidebar\sidebar.exe

C:\WINDOWS\explorer.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\WINDOWS\system32\NOTEPAD.EXE