[Arquivado] Não aparece nada na Tela

Luizguto · Abril 9, 2009

Na inicialização do meu PC está aparecendo um erro MPK e quando aparece o papel de parede não aparece mais nada, nem botão de inicializar e nem um outro.

Tirei um Log para avalização.

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 19:55:08, on 9/4/2009

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\SupportAppXL\cdrom_mon.exe

C:\Arquivos de programas\Bonjour\mDNSResponder.exe

C:\Arquivos de programas\Software WIDCOMM\Bluetooth\bin\btwdins.exe

C:\WINDOWS\dhcp\svchost.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Canon\CAL\CALMAIN.exe

C:\WINDOWS\system32\taskmgr.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\reader_s.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\IObit\Advanced SystemCare 3\AWC.exe

C:\Arquivos de programas\WinRAR\WinRAR.exe

C:\DOCUME~1\guto\CONFIG~1\Temp\Rar$EX00.297\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

F2 - REG:system.ini: UserInit=c:\windows\system32\userinit.exe,C:\WINDOWS\system32\MPK\MPK.exe

O2 - BHO: (no name) - {495f52ec-4d61-4cc8-b46e-8f49e499afef} - c:\windows\system32\zqnsylc.dll

O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\ARQUIV~1\MEGAUP~1\MEGAUP~1.DLL

O2 - BHO: C:\WINDOWS\system32\sdfadccddkn93.dll - {d5bf49a0-94f3-52bd-f434-3604812c8955} - C:\WINDOWS\system32\sdfadccddkn93.dll

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll

O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\ARQUIV~1\MEGAUP~1\MEGAUP~1.DLL

O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\MSN Toolbar\01.01.2607.0\en-us\msntb.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [reader_s] C:\WINDOWS\System32\reader_s.exe

O4 - HKCU\..\Run: [] C:\WINDOWS\TEMP\kufuy2.exe

O4 - HKCU\..\Run: [Windows Resurections] C:\WINDOWS\TEMP\kufuy2.exe

O4 - HKCU\..\Run: [MS AntiSpyware 2009] "C:\Documents and Settings\All Users\Dados de aplicativos\CrucialSoft Ltd\MS AntiSpyware 2009\msas2009.exe" /autorun

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - HKUS\.DEFAULT\..\Run: [svc] c:\program Files\ThunMail\testabd.exe (User 'Default user')

O4 - HKUS\.DEFAULT\..\Run: [reader_s] C:\Documents and Settings\guto\reader_s.exe (User 'Default user')

O4 - Startup: Adobe Gamma.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Startup: PowerReg SchedulerV2.exe

O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?

O4 - Global Startup: Adobe Acrobat Synchronizer.lnk = D:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe

O4 - Global Startup: BTTray.lnk = ?

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: Reboot.exe

O8 - Extra context menu item: Append to existing PDF - res://D:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert link target to Adobe PDF - res://D:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert link target to existing PDF - res://D:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert selected links to Adobe PDF - res://D:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

O8 - Extra context menu item: Convert selected links to existing PDF - res://D:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

O8 - Extra context menu item: Convert selection to Adobe PDF - res://D:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert selection to existing PDF - res://D:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert to Adobe PDF - res://D:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: PokerStars - {3ad14f0c-ed16-4e43-b6d8-661b03f6a1ef} - C:\Arquivos de programas\PokerStars\PokerStarsUpdate.exe

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Arquivos de programas\Software WIDCOMM\Bluetooth\btsendto_ie.htm

O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Arquivos de programas\Software WIDCOMM\Bluetooth\btsendto_ie.htm

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O17 - HKLM\System\CCS\Services\Tcpip\..\{D81BA7FA-A5E2-4CB2-A705-8EBEC2A729DB}: NameServer = 200.175.5.139,200.175.89.139

O20 - AppInit_DLLs: c:\progra~1\ThunMail\testabd.dll

O20 - Winlogon Notify: opufwrvr - C:\WINDOWS\SYSTEM32\zqnsylc.dll

O22 - SharedTaskScheduler: lkjf9873jhifjnsfi8w3fe - {D5BF49A0-94F3-52BD-F434-3604812C8955} - C:\WINDOWS\system32\sdfadccddkn93.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Arquivos de programas\Arquivos comuns\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe

O23 - Service: Autorun CDROM Monitor - Unknown owner - C:\WINDOWS\system32\SupportAppXL\cdrom_mon.exe

O23 - Service: Serviço de transferência inteligente de plano de fundo (BITS) - Unknown owner - C:\WINDOWS\

O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Arquivos de programas\Bonjour\mDNSResponder.exe

O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Arquivos de programas\Software WIDCOMM\Bluetooth\bin\btwdins.exe

O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Arquivos de programas\Canon\CAL\CALMAIN.exe

O23 - Service: Dhcp server (dhcpsrv) - Unknown owner - C:\WINDOWS\dhcp\svchost.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: Atualizações Automáticas (wuauserv) - Unknown owner - C:\WINDOWS\

--

End of file - 8535 bytes

Obrigado.

Power Max · Abril 9, 2009

:thumbsup: Olá Luiz!

:!: Realmente o seu PC está infectado.

:seta: Sugiro que você salve ou imprima essas instruções abaixo, pois em alguns momentos você poderá precisar usar o computador sem o acesso à internet:

- Faça o download do Malwarebytes Anti-Malware.

* Faça a instalação dando um duplo clique em "mbam-setup.exe";

*Selecione a linguagem Português (Brasil)

*Selecione apenas a caixa: "Atualizar MalwareBytes'Anti-Malware"

*Se alguma atualização existir, o download será automático

*Não faça ainda scan!!!

*Reinicie o PC em Modo de Segurança (apertando a tecla F8 (ou a tecla F5 em alguns computadores) repetidas vezes quando o computador estiver reiniciando e escolhendo a opção Modo Seguro ou Modo de Segurança).

* Se não possível executar o computador em Modo Seguro, faça o escaneamento no modo normal

*Execute o programa MalwareBytes'Anti-Malware e clique na aba: "Verificação", selecione a opção "Verificação completa"

*Clique no botão: "Verificar"

* Marque todas as partes do computador que você deseja escanear e clique no botão: “Iniciar verificação”

*Ao término do scan, clique em "OK" > "Mostrar Resultados"

*Selecione todas as entradas e clique em "Remover Selecionados"

*Após a remoção poderá ser interrogado se deseja remover objetos da memória. Clique "SIM"

*Um log será apresentado com o resultado das ações

*Alguns malwares são rebeldes e necessitam de uma reinicialização para a remoção. Caso isto seja solicitado, clique para reiniciar o PC.

*Ao término do processo, reinicie o PC em Modo Normal.

* Depois de alguns dias, se o seu computador estiver funcionando normalmente sem estes arquivos que foram excluidos pelo Malwarebytes Anti-malware, abra (execute) o Malwarebytes Anti-malware, clique na aba: Quarentena e clique no botão: Remover tudo.

*Execute novamente o programa Malwarebytes Anti-malware e clique na aba “Logs”, dê um duplo clique com o mouse sobre o log mais recente, selecione o log completo e copie-o.

Poste este log gerado pelo Malwarebytes Anti-Malware juntamente com um novo log do Hijackthis na sua próxima resposta e nos diga como está o seu computador depois de seguir este procedimento acima.

Ficamos no aguardo de sua resposta.

Luizguto · Abril 10, 2009

Segue Log's após feitas as verificações solicitadas.

Porém não houve mudança ainda no comportamento do computador não aparecendo nada na tela principal.

Obrigado

Malwarebytes' Anti-Malware 1.36

Versão do banco de dados: 1960

Windows 5.1.2600 Service Pack 2

10/4/2009 02:06:15

mbam-log-2009-04-10 (02-06-15).txt

Tipo de Verificação: Completa (C:\|D:\|)

Objetos verificados: 274977

Tempo decorrido: 42 minute(s), 42 second(s)

Processos da Memória infectados: 3

Módulos de Memória Infectados: 2

Chaves do Registro infectadas: 16

Valores do Registro infectados: 8

Ítens do Registro infectados: 1

Pastas infectadas: 6

Arquivos infectados: 25

Processos da Memória infectados:

C:\WINDOWS\Temp\BN1.tmp (Trojan.Kobcka) -> Unloaded process successfully.

C:\WINDOWS\system32\reader_s.exe (Trojan.Agent) -> Unloaded process successfully.

C:\WINDOWS\Temp\BN2.tmp (Trojan.Agent) -> Unloaded process successfully.

Módulos de Memória Infectados:

\\?\globalroot\systemroot\system32\senekaqgogvmfk.dll (Trojan.TDSS) -> Delete on reboot.

C:\WINDOWS\nvbLac.dll (Trojan.Agent.V) -> Delete on reboot.

Chaves do Registro infectadas:

HKEY_CLASSES_ROOT\CLSID\{d5bf49a0-94f3-52bd-f434-3604812c8955} (Trojan.Zlob.H) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{d5bf49a0-94f3-52bd-f434-3604812c8955} (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d5bf49a0-94f3-52bd-f434-3604812c8955} (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\6to4 (Dialer) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\6to4 (Dialer) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\6to4 (Dialer) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\6to4 (Dialer) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\at1394 (Spyware.OnlineGames) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\at1394 (Spyware.OnlineGames) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\at1394 (Spyware.OnlineGames) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\at1394 (Spyware.OnlineGames) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\CrucialSoft Ltd (Rogue.MSantispyware2009) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ms antispyware 2009 5.7 (Rogue.MSAntiSpyware) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\seneka (Rootkit.Trace) -> Delete on reboot.

HKEY_LOCAL_MACHINE\SOFTWARE\seneka (Rootkit.Trace) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\AGprotect (Malware.Trace) -> Quarantined and deleted successfully.

Valores do Registro infectados:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{d5bf49a0-94f3-52bd-f434-3604812c8955} (Trojan.Zlob.H) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\windows resurections (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ms antispyware 2009 (Rogue.Multiple) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\PromoReg (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\reader_s (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\reader_s (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\taskman (Backdoor.Bot) -> Quarantined and deleted successfully.

Ítens do Registro infectados:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: nvblac.dll -> Delete on reboot.

Pastas infectadas:

C:\Documents and Settings\All Users\Dados de aplicativos\CrucialSoft Ltd (Rogue.Multiple) -> Quarantined and deleted successfully.

C:\Documents and Settings\All Users\Dados de aplicativos\CrucialSoft Ltd\MS AntiSpyware 2009 (Rogue.Multiple) -> Quarantined and deleted successfully.

C:\Documents and Settings\All Users\Dados de aplicativos\CrucialSoft Ltd\MS AntiSpyware 2009\BASE (Rogue.Multiple) -> Quarantined and deleted successfully.

C:\Documents and Settings\All Users\Dados de aplicativos\CrucialSoft Ltd\MS AntiSpyware 2009\DELETED (Rogue.Multiple) -> Quarantined and deleted successfully.

C:\Documents and Settings\All Users\Dados de aplicativos\CrucialSoft Ltd\MS AntiSpyware 2009\LOG (Rogue.Multiple) -> Quarantined and deleted successfully.

C:\Documents and Settings\All Users\Dados de aplicativos\CrucialSoft Ltd\MS AntiSpyware 2009\SAVED (Rogue.Multiple) -> Quarantined and deleted successfully.

Arquivos infectados:

C:\WINDOWS\nvbLac.dll (Trojan.Vundo.H) -> Delete on reboot.

C:\WINDOWS\system32\sdfadccddkn93.dll (Trojan.Zlob.H) -> Quarantined and deleted successfully.

\\?\globalroot\systemroot\system32\senekaqgogvmfk.dll (Trojan.TDSS) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\BN1.tmp (Trojan.Kobcka) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\kufuy2.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\NetworkService\Dados de aplicativos\psvrr.exe (Trojan.Proxy) -> Quarantined and deleted successfully.

C:\Qoobox\Quarantine\C\WINDOWS\system32\dk\calling.com.vir (Backdoor.Bot) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\6to4v32.dll (Dialer) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\at1394.sys (Spyware.OnlineGames) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\config\systemprofile\Configurações locais\Dados de aplicativos\zchMiB.exe (Trojan.Autoit) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\config\systemprofile\Configurações locais\Temporary Internet Files\Content.IE5\FKYDQJV4\install[1].exe (Trojan.Agent.V) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\dk\systemac.dll (Trojan.Bot) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\asdacdseefen.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\rdlED.tmp (Trojan.Agent.V) -> Quarantined and deleted successfully.

C:\Documents and Settings\All Users\Dados de aplicativos\CrucialSoft Ltd\MS AntiSpyware 2009\msas2009.exe (Rogue.Multiple) -> Quarantined and deleted successfully.

C:\Documents and Settings\All Users\Dados de aplicativos\CrucialSoft Ltd\MS AntiSpyware 2009\LOG\20090409143635203.log (Rogue.Multiple) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\BN2.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\ftp_non_crp.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\reader_s.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\4.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\guto\reader_s.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\dbrxubcw.com (Spyware.OnLineGames) -> Quarantined and deleted successfully.

C:\Documents and Settings\guto\Dados de aplicativos\psvr32.exe (Trojan.Proxy) -> Quarantined and deleted successfully.

C:\Documents and Settings\NetworkService\Dados de aplicativos\psvr32.exe (Trojan.Proxy) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\3361\SVCHOST.EXE (Trojan.Agent) -> Quarantined and deleted successfully.

--------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 02:18:41, on 10/4/2009

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\SupportAppXL\cdrom_mon.exe

C:\Arquivos de programas\Bonjour\mDNSResponder.exe

C:\Arquivos de programas\Software WIDCOMM\Bluetooth\bin\btwdins.exe

C:\WINDOWS\dhcp\svchost.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Canon\CAL\CALMAIN.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\reader_s.exe

C:\WINDOWS\system32\taskmgr.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\TEMP\BN8.tmp

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\TEMP\BNB.tmp

C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbam.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Arquivos de programas\WinRAR\WinRAR.exe

C:\DOCUME~1\guto\CONFIG~1\Temp\Rar$EX00.547\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

F2 - REG:system.ini: UserInit=c:\windows\system32\userinit.exe,C:\WINDOWS\system32\MPK\MPK.exe,

O2 - BHO: (no name) - {495F52EC-4D61-4CC8-B46E-8F49E499AFEF} - c:\windows\system32\zqnsylc.dll

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll

O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\ARQUIV~1\MEGAUP~1\MEGAUP~1.DLL

O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\MSN Toolbar\01.01.2607.0\en-us\msntb.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [PromoReg] C:\WINDOWS\TEMP\BNB.tmp

O4 - HKLM\..\Run: [reader_s] C:\WINDOWS\System32\reader_s.exe

O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent

O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware (reboot)] "C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\Run: [svc] c:\program Files\ThunMail\testabd.exe (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\Run: [reader_s] C:\Documents and Settings\guto\reader_s.exe (User 'SYSTEM')