[Resolvido] &nbspPC Infectado

moicanofacul · Julho 25, 2011

Há 3 dias conectei um Pen-Drive infectado sem saber e logo meu anti-vírus (Windows Defender) acusou a invasão. Limpei o computador, mas ainda não estou seguro, visto que ontem abriu uma janela (igual ao MS-DOS) com uma letras e fechou do nada, além de aparecer um ícone desconhecido na barra de tarefas e sumir. A janela do DOS que surgiu se chamava algo como 'tanskx' (não lembro exatamente como era).

Estou nesse momento passando o anti-vírus novamente, mas ainda estou preocupado.

Segue log do HiJackThis:

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 15:44:25, on 25/07/2011

Platform: Windows 7 SP1 (WinNT 6.00.3505)

MSIE: Internet Explorer v9.00 (9.00.8112.16421)

Boot mode: Normal

Running processes:

C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

C:\Program Files (x86)\hp\HP Software Update\hpwuschd2.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

C:\Users\Pierre Cardoso\Downloads\HiJackThis.exe

C:\Windows\SysWOW64\DllHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPCON/3

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPCON/3

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPCON/3

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

O2 - BHO: Auxiliar de Conexão do Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\Program Files (x86)\GbPlugin\gbieh.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

O4 - HKLM\..\Run: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe

O4 - HKLM\..\Run: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

O4 - HKLM\..\Run: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

O4 - HKCU\..\Run: [CPN Notifier] C:\Program Files (x86)\Rox Poker\PokerNotifier.exe

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O15 - Trusted Zone: www.bancobrasil.com.br

O15 - Trusted Zone: www14.bancobrasil.com.br

O15 - Trusted Zone: www2.bancobrasil.com.br

O15 - Trusted Zone: www.bb.com.br

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/MessengerGamesContent/GameContent/Default/uno1/GAME_UNO1.cab

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{F91A47DD-2831-4021-A2F9-94A55DAB31FD}: NameServer = 200.222.122.132 200.165.132.148

O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

O20 - Winlogon Notify: GbPluginBb - C:\Program Files (x86)\GbPlugin\gbieh.dll

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

O23 - Service: Gbp Service (GbpSv) - - C:\PROGRA~2\GbPlugin\GbpSv.exe

O23 - Service: HP Health Check Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe

O23 - Service: HP Quick Synchronization Service (HPDrvMntSvc.exe) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe

O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe

O23 - Service: Intel® Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: ServiceLayer - Nokia - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--

End of file - 10054 bytes

Power Max · Julho 26, 2011

:) Olá moicanofacul!

:seta: Siga, por gentileza, estas dicas:

Tutorial do USBFix

Tutorial do Malwarebytes Anti-Malware

_____________________

:seta: Poste o log do Usbfix que estará em C:\UsbFix.txt em sua próxima resposta juntamente com um novo log do Hijackthis e o log do Malwarebytes e nos diga como está o PC após estes procedimentos.

Ficamos no aguardo.

moicanofacul · Julho 27, 2011

Companheiro, o negócio é o seguinte: o Pen-Drive infectado é de minha namorada, Milik, que seguiu o meu conselho e abriu um tópico aqui chamado 'PC certamente infectado'. Tópico este que está sendo acompanhado por você.

Já pedi para ela usar o USBFix no Pen-Drive dela. De qualquer sorte, utilizei ele no meu computador também. Seguem os logs gerados:

LOG UBS-FIX, CLICANDO EM 'SUPRESSÃO':

############################## | UsbFix 7.051 | [supressão]

Usuário: Pierre Cardoso (Administrador) # PIERRECARDOSO [HP-Pavilion AY673AA-AC4 p6360br]

Atualizado em 26/07/2011 por El Desaparecido

Começou em 20:26:38 | 26/07/2011

Site: http://www.teamxscript.org

Submit your sample: http://www.teamxscript.org/Upload.php

Contato: TeamXscript.ElDesaparecido@gmail.com

CPU: Intel® Core i5 CPU 650 @ 3.20GHz

CPU 2: Intel® Core i5 CPU 650 @ 3.20GHz

Microsoft Windows 7 Home Premium (6.1.7601 64-Bit) # Service Pack 1

Internet Explorer 9.0.8112.16421

Windows Firewall: Habilitado

RAM -> 3959 Mb

C:\ (%systemdrive%) -> Disco fixo # 471 Gb (402 Mb livre - 85%) [HP] # NTFS

D:\ -> Disco fixo # 9 Gb (1 Mb livre - 15%) [FACTORY_IMAGE] # NTFS

E:\ -> CD-ROM

P:\ -> Disco fixo # 451 Gb (256 Mb livre - 57%) [Pierre Cardoso] # NTFS

################## | Ficheiros # pastas infeciosos |

Supprimido ! C:\$RECYCLE.BIN\S-1-5-21-1335410423-92656446-1779299361-500

Supprimido ! C:\$RECYCLE.BIN\S-1-5-21-2240677474-4124949966-2440035124-500

Supprimido ! C:\$RECYCLE.BIN\S-1-5-21-3781067526-2966764731-2999422385-1000

Supprimido ! C:\$RECYCLE.BIN\S-1-5-21-3781067526-2966764731-2999422385-500

Supprimido ! D:\$RECYCLE.BIN\S-1-5-21-1335410423-92656446-1779299361-500

Supprimido ! D:\$RECYCLE.BIN\S-1-5-21-3781067526-2966764731-2999422385-1000

Supprimido ! D:\$RECYCLE.BIN\S-1-5-21-3781067526-2966764731-2999422385-500

Supprimido ! P:\$RECYCLE.BIN\S-1-5-21-3781067526-2966764731-2999422385-1000

################## | Registro |

################## | Mountpoints2 |

################## | Listing |

[26/07/2011 - 20:28:54 | SHD ] C:\$Recycle.Bin

[01/07/2010 - 22:03:31 | D ] C:\Arquivos de Programas

[14/04/2011 - 14:29:30 | D ] C:\Arquivos de Programas RFB

[14/07/2009 - 02:08:56 | SHD ] C:\Documents and Settings

[12/05/2011 - 10:07:17 | D ] C:\Downloads

[03/07/2010 - 19:59:16 | N | 500] C:\FINIS_IT.TXT

[26/07/2011 - 20:05:10 | ASH | 3113545728] C:\hiberfil.sys

[31/08/2010 - 10:14:40 | D ] C:\hp

[05/01/2010 - 15:50:31 | D ] C:\Intel

[01/12/2006 - 22:37:14 | N | 904704] C:\msdia80.dll

[09/07/2010 - 10:51:13 | RHD ] C:\MSOCache

[26/07/2011 - 20:05:13 | ASH | 4151394304] C:\pagefile.sys

[14/07/2009 - 00:20:08 | D ] C:\PerfLogs

[10/03/2011 - 23:05:29 | D ] C:\Program Files

[17/07/2011 - 20:50:09 | D ] C:\Program Files (x86)

[23/07/2011 - 02:59:22 | HD ] C:\ProgramData

[19/12/2010 - 15:00:43 | D ] C:\swsetup

[26/07/2011 - 02:00:32 | SHD ] C:\System Volume Information

[19/12/2010 - 15:00:58 | D ] C:\SYSTEM.SAV

[26/07/2011 - 20:28:54 | D ] C:\UsbFix

[26/07/2011 - 20:25:18 | A | 2633] C:\UsbFix.txt

[03/07/2010 - 19:38:06 | D ] C:\Users

[09/07/2010 - 12:08:10 | D ] C:\Valve

[25/07/2011 - 21:12:01 | D ] C:\Windows

[26/07/2011 - 20:28:54 | SHD ] D:\$RECYCLE.BIN

[01/07/2010 - 22:11:15 | D ] D:\boot

[13/07/2009 - 14:39:00 | ASH | 383562] D:\bootmgr

[01/07/2010 - 22:11:14 | N | 0] D:\BT_HP.FLG

[05/01/2010 - 22:48:42 | N | 485] D:\CSP.DAT

[05/01/2010 - 23:04:37 | N | 15551] D:\DeployRp.log

[02/07/2010 - 15:56:49 | D ] D:\hp

[02/07/2010 - 15:56:49 | N | 0] D:\hpdrcu.prc

[01/07/2010 - 22:11:14 | N | 22] D:\language.ini

[01/07/2010 - 22:11:15 | D ] D:\preload

[01/07/2010 - 22:11:15 | SD ] D:\Recovery

[05/01/2010 - 23:04:37 | N | 0] D:\RPCONFIG.LOG

[15/03/2010 - 10:11:54 | SHD ] D:\System Volume Information

[26/07/2011 - 20:28:54 | SHD ] P:\$RECYCLE.BIN

[26/07/2011 - 12:32:34 | D ] P:\Documentos

[17/05/2011 - 13:39:02 | D ] P:\Eliana

[17/07/2011 - 13:28:43 | D ] P:\Extras

[26/05/2011 - 22:59:31 | D ] P:\Fotos

[14/06/2011 - 15:23:24 | D ] P:\Minhas Imagens

[09/06/2011 - 12:26:51 | D ] P:\Músicas

[13/11/2008 - 17:49:09 | N | 65] P:\Rock Freeday.pls

[29/04/2009 - 23:33:54 | N | 78] P:\Rádio Excelsior da Bahia - 840 AM.pls

[20/05/2009 - 22:19:50 | N | 76] P:\Rádio Metrópole - 101.3 FM.pls

[28/06/2008 - 19:46:39 | N | 113] P:\Rádio Sociedade da Bahia - 740 AM.pls

[06/07/2010 - 23:46:33 | SHD ] P:\System Volume Information

[18/05/2011 - 09:51:08 | D ] P:\Vídeos

################## | Vaccin |

C:\Autorun.inf -> Vacina criada por UsbFix (TeamXscript)

D:\Autorun.inf -> Vacina criada por UsbFix (TeamXscript)

P:\Autorun.inf -> Vacina criada por UsbFix (TeamXscript)

################## | Upload |

Favor enviar o arquivo: C:\UsbFix_Upload_Me_PIERRECARDOSO.zip

http://www.teamxscript.org/Upload.php

Obrigado pela sua contribuição.

################## | E.O.F |

LOG UBS-FIX, CLICANDO EM 'PESQUISA':

############################## | UsbFix 7.051 | [Pesquisa]

Usuário: Pierre Cardoso (Administrador) # PIERRECARDOSO [HP-Pavilion AY673AA-AC4 p6360br]

Atualizado em 26/07/2011 por El Desaparecido

Começou em 20:32:16 | 26/07/2011

Site: http://www.teamxscript.org

Submit your sample: http://www.teamxscript.org/Upload.php

Contato: TeamXscript.ElDesaparecido@gmail.com

CPU: Intel® Core i5 CPU 650 @ 3.20GHz

CPU 2: Intel® Core i5 CPU 650 @ 3.20GHz

Microsoft Windows 7 Home Premium (6.1.7601 64-Bit) # Service Pack 1

Internet Explorer 9.0.8112.16421

Windows Firewall: Habilitado

RAM -> 3959 Mb

C:\ (%systemdrive%) -> Disco fixo # 471 Gb (402 Mb livre - 85%) [HP] # NTFS

D:\ -> Disco fixo # 9 Gb (1 Mb livre - 15%) [FACTORY_IMAGE] # NTFS

E:\ -> CD-ROM

P:\ -> Disco fixo # 451 Gb (256 Mb livre - 57%) [Pierre Cardoso] # NTFS

################## | Ficheiros # pastas infeciosos |

################## | Registro |

################## | Mountpoints2 |

################## | Vaccin |

C:\Autorun.inf -> Vacina criada por UsbFix (TeamXscript)

D:\Autorun.inf -> Vacina criada por UsbFix (TeamXscript)

P:\Autorun.inf -> Vacina criada por UsbFix (TeamXscript)

################## | E.O.F |

LOG MALWAREBYTES:

Malwarebytes' Anti-Malware 1.51.1.1800

www.malwarebytes.org

Versão da Base de Dados: 7277

Windows 6.1.7601 Service Pack 1

Internet Explorer 9.0.8112.16421

26/07/2011 21:17:31

mbam-log-2011-07-26 (21-17-31).txt

Tipo de Verificação: Verificação Completa (C:\|P:\|)

Objetos escaneados: 348928

Tempo decorrido: 42 minuto(s), 2 segundo(s)

Processos de Memória Infectados: 0

Módulos de Memória Infectados: 0

Chaves de Registro Infectadas: 0

Valores de Registro Infectados: 0

Itens de Dados no Registro Infectados: 0

Pastas Infectadas: 0

Arquivos Infectados: 0

Processos de Memória Infectados:

(Não foram detectados ítens maliciosos)

Módulos de Memória Infectados:

(Não foram detectados ítens maliciosos)

Chaves de Registro Infectadas:

(Não foram detectados ítens maliciosos)

Valores de Registro Infectados:

(Não foram detectados ítens maliciosos)

Itens de Dados no Registro Infectados:

(Não foram detectados ítens maliciosos)

Pastas Infectadas:

(Não foram detectados ítens maliciosos)

Arquivos Infectados:

(Não foram detectados ítens maliciosos)

LOG HIJACKTHIS:

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 21:18:07, on 26/07/2011

Platform: Windows 7 SP1 (WinNT 6.00.3505)

MSIE: Internet Explorer v9.00 (9.00.8112.16421)

Boot mode: Normal

Running processes:

C:\Users\Pierre Cardoso\Downloads\HiJackThis.exe

C:\Windows\SysWOW64\DllHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.microsoft.com/fwlink/?linkid=54896

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

F2 - REG:system.ini: UserInit=C:\Windows\SysWOW64\Userinit.exe,