[Resolvido] Analise de Log, HijackThis

FilhodoConde · Junho 5, 2008

Olah gostaria da ajuda de vcs.

O meu PC estah com problemas de reinicializaçao e nao estou encontrando o problema.

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 09:14:12, on 04/06/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccSetMgr.exe

C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccEvtMgr.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Symantec AntiVirus\DefWatch.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\Explorer.EXE

C:\ARQUIV~1\MI6841~1\MSSQL\binn\sqlservr.exe

C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccApp.exe

C:\ARQUIV~1\SYMANT~1\VPTray.exe

C:\Arquivos de programas\Java\jre1.6.0_05\bin\jusched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\MSN Messenger\msnmsgr.exe

C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

C:\Arquivos de programas\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe

C:\Arquivos de programas\Symantec AntiVirus\SavRoam.exe

C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

C:\Arquivos de programas\Symantec AntiVirus\Rtvscan.exe

C:\Arquivos de programas\MSN Messenger\usnsvc.exe

C:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.acpi.com.br/

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.0.1:3128

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 192.168.0.253;www.acpi.com.br;<local>

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Arquivos de programas\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Arquivos de programas\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll

O4 - HKLM\..\Run: [ccApp] "C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [vptray] C:\ARQUIV~1\SYMANT~1\VPTray.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_05\bin\jusched.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\QTTask.exe" -atboottime

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\MSN Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Service Manager.lnk = C:\Arquivos de programas\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} (Microsoft RDP Client Control (redist)) - http://www.acpi.com.br/tsweb/msrdp.cab

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = acpi

O17 - HKLM\Software\..\Telephony: DomainName = acpi

O17 - HKLM\System\CCS\Services\Tcpip\..\{F8090E29-2B43-458B-AD7A-1645CA80272D}: NameServer = 192.168.0.252

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = acpi

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccPwdSvc.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccSetMgr.exe

O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Arquivos de programas\Symantec AntiVirus\DefWatch.exe

O23 - Service: SAVRoam (SavRoam) - symantec - C:\Arquivos de programas\Symantec AntiVirus\SavRoam.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\SNDSrvc.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Arquivos de programas\Symantec AntiVirus\Rtvscan.exe

--

End of file - 6513 bytes

Silas Martins · Junho 5, 2008

Siga as Instruções:

Baixe o MSNfix.

Salve na área de trabalho, e descompacte ele, após isto, clique duas vezes em MSNFix.bat

Vai se abrir a tela MSN_Fix-menu nela aperte a opçãp R, será dado inicio ao scaneamento.

Caso o scan detecte algo irá aparecer a seguinte informação: Infection Presente, aperte enter, e prossiga.

Caso queira interromper o processo aperte a tecla Q

Na finalização vai se abrir o bloco de notas com um log, selecione todo ele e copie, que se encontra na pasta msnfix.txt.

Poste juntamente um novo log do Hijackthis

Aguardo o retorno.

FilhodoConde · Junho 6, 2008

Silas, conforme orientacao segue o resultado da varredura do MSNFIX

Aparentemente, nao encontrou nda

MSNFix 1.720-1

C:\Documents and Settings\Amarildo\Desktop\MSNFix\MSNFix

Fix lançado dia 06/06/2008 - 8:48:48,26 By Amarildo

modo normal

************************ Procurando os arquivos presentes

Nenhum arquivo encontrado

************************ Procurando as pastas presentes

Nenhuma pasta encontrada

************************ Arquivos suspeitos

Nenhum arquivo encontrado

************************ HKLM\...\Winlogon\Userinit

Userinit = C:\WINDOWS\system32\userinit.exe,

------------------------------------------------------------------------

Autor : !aur3n7 Contact: http://changelog.fr

------------------------------------------------------------------------

--------------------------------------------- END ---------------------------------------------

Silas Martins · Junho 7, 2008

Baixe o ComboFix e salve na área de trabalho.

Feche todos os programas.

Clique duas vezes sobre combofix.exe e tecle (1) logo após aperte Enter para continuar.

O ComboFix irá reiniciar seu computador automaticamente, isto faz parte do processo de remoção.

Ao se encerrar, será gerado um log, que vai estar em C:\ComboFix.txt.

Atenção:

Não clique em nada enquanto o Combofix estiver rodando, Do contrário seu desktop ficará em branco.

Para parar o processo ou sair do ComboFix, tecle "2" e Enter.

Aguardo um novo log do HijackThis juntamente com o ComboFix.txt

FilhodoConde · Junho 10, 2008

Caro Silas,

rodei o ComboFix, porem o aplicativo nao reiniciou o meu PC.

Mas o log foi gerado.

Segue, o log para analise.

ComboFix 08-06-09.7 - Amarildo 2008-06-10 9:53:46.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.517 [GMT -4:00]

Executando de: C:\Documents and Settings\Amarildo\Desktop\ComboFix.exe

* Criado um novo ponto de restauro

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\WINDOWS\system32\ipv6mon0.dll

C:\WINDOWS\system32\mdm.exe

.

((((((((((((((((((((((( Ficheiros criados de 2008-05-10 to 2008-06-10 ))))))))))))))))))))))))))))))))

.

2008-07-02 11:03 . 2004-08-03 20:45 76,288 --a------ C:\WINDOWS\system32\usbui.dll

2008-07-02 11:02 . 2008-07-02 15:13 4,326 --a------ C:\WINDOWS\imsins.BAK

2008-07-02 11:00 . 2008-01-09 15:55 <DIR> d-------- C:\Documents and Settings

2008-07-02 11:00 . 2008-07-02 15:13 261 --a------ C:\WINDOWS\system32\$winnt$.inf

2008-06-04 09:07 . 2008-06-04 09:07 <DIR> d-------- C:\Arquivos de programas\Trend Micro

2008-06-04 08:58 . 2008-06-04 08:58 <DIR> d-------- C:\Hijack

2008-06-03 10:24 . 2008-06-03 10:24 <DIR> d--h----- C:\WINDOWS\PIF

2008-06-03 10:24 . 2008-06-03 10:24 54,156 --ah----- C:\WINDOWS\QTFont.qfn

2008-06-03 10:24 . 2008-06-03 10:24 1,409 --a------ C:\WINDOWS\QTFont.for

2008-05-12 16:41 . 2008-05-12 16:41 <DIR> d-------- C:\Documents and Settings\Amarildo\Dados de aplicativos\Apple Computer

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-07-02 19:33 --------- d-----w C:\Arquivos de programas\MSN Messenger

2008-07-02 19:21 --------- d-----w C:\Arquivos de programas\Marvell

2008-07-02 19:21 --------- d-----w C:\Arquivos de programas\Arquivos comuns\InstallShield

2008-07-02 19:20 --------- d--h--w C:\Arquivos de programas\InstallShield Installation Information

2008-07-02 19:20 --------- d-----w C:\Arquivos de programas\Analog Devices

2008-07-02 19:19 --------- d-----w C:\Arquivos de programas\Intel

2008-07-02 19:11 --------- d-----w C:\Arquivos de programas\microsoft frontpage

2008-07-02 19:10 --------- d-----w C:\Arquivos de programas\Serviços on-line

2008-07-02 19:09 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Serviços

2008-06-10 13:18 --------- d-----w C:\Arquivos de programas\Symantec AntiVirus

2008-06-02 21:21 --------- d-----w C:\Arquivos de programas\Investintech.com Inc

2008-06-02 21:21 --------- d-----w C:\Arquivos de programas\CashPreview 3.0

2008-06-02 12:53 --------- d-----w C:\Documents and Settings\Amarildo\Dados de aplicativos\TextPad

2008-05-16 18:08 --------- d-----w C:\Documents and Settings\Amarildo\Dados de aplicativos\AdobeUM

2008-05-06 14:45 --------- d-----w C:\Arquivos de programas\R-Word Demo

2008-04-30 18:46 --------- d-----w C:\Arquivos de programas\Microsoft Money 2007

2008-04-23 15:08 692,021 ----a-w C:\WINDOWS\unins000.exe

2008-04-17 15:59 --------- d-----w C:\Documents and Settings\Amarildo\Dados de aplicativos\ARTech

2008-04-16 12:18 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Symantec Shared

2008-03-24 15:16 239,214 ----a-w C:\WINDOWS\DebuGX 2.0 Uninstaller.exe

2006-05-03 10:06 163,328 --sh--r C:\WINDOWS\system32\flvDX.dll

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

REGEDIT4

*Nota* entradas vazias & legítimas por defeito não são mostradas.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 23:45 15360]

"msnmsgr"="C:\Arquivos de programas\MSN Messenger\msnmsgr.exe" [2007-01-19 12:54 5674352]

"SpybotSD TeaTimer"="C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ccApp"="C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccApp.exe" [2004-05-13 09:51 66656]

"vptray"="C:\ARQUIV~1\SYMANT~1\VPTray.exe" [2004-05-13 10:00 124128]

"SunJavaUpdateSched"="C:\Arquivos de programas\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]

"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]

"QuickTime Task"="C:\Arquivos de programas\QuickTime\QTTask.exe" [2008-01-31 23:13 385024]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-03 23:45 15360]

C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\

Service Manager.lnk - C:\Arquivos de programas\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2008-01-09 17:20:13 69632]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\disallowrun]

"1"= APTimer.exe

"2"= AutoGK.exe

"3"= Desliga Ai! 24.exe

"4"= fdiag.exe

"5"= fdm.exe

"6"= flvplayer.exe

"7"= googleearth.exe

"8"= googletalk.exe

"9"= googletoolbar1user.exe

"10"= googletoolbar2user.exe

"11"= GoogleToolbarNotifier.exe

"12"= Grab.exe

"13"= HWiNFO32.EXE

"14"= LimeWire.exe

"15"= orbitdm.exe

"16"= orbitnet.exe

"17"= Revelation.exe

"18"= Ringtones.exe

"19"= Skype.exe

"20"= submux.exe

"21"= subresync.exe

"22"= vncviewer.exe

"23"= winvnc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"vidc.I420"= i420vfw.dll

"vidc.yv12"= yv12vfw.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Assistente do Acrobat.lnk]

path=C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\Assistente do Acrobat.lnk

backup=C:\WINDOWS\pss\Assistente do Acrobat.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]

--a------ 2005-09-20 10:32 77824 C:\WINDOWS\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]

--a------ 2005-09-20 10:36 114688 C:\WINDOWS\system32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]

--a------ 2005-09-20 10:35 94208 C:\WINDOWS\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAX]

--a------ 2004-09-23 12:41 860160 C:\Arquivos de programas\Analog Devices\SoundMAX\Smax4.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]

--a------ 2004-10-14 09:11 1388544 C:\Arquivos de programas\Analog Devices\SoundMAX\SMax4PNP.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Arquivos de programas\\MSN Messenger\\msnmsgr.exe"=

"C:\\Arquivos de programas\\MSN Messenger\\livecall.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

*Newly Created Service* - CATCHME

.

Conteúdo da pasta 'Tarefas Agendadas'

"2008-06-10 13:17:40 C:\WINDOWS\Tasks\SDMsgUpdate (SD).job"

- C:\ARQUIV~1\SMARTD~1\Messages\SDNotify.exeW-PSD -V906 -SSDU.ini -A -Mhttp://www.smartdraw.com/msgs/messagecheck.aspx -D0 -T -N -X

.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-06-10 09:55:37

Windows 5.1.2600 Service Pack 2 NTFS

Procurando processos ocultos ...

Procurando entradas auto inicializáveis ocultas ...

Procurando ficheiros ocultos ...

Varredura completada com sucesso

Ficheiros ocultos: 0

**************************************************************************

.

Tempo para conclusão: 2008-06-10 9:56:07

ComboFix-quarantined-files.txt 2008-06-10 13:56:04

Pre-Run: 19,824,390,144 bytes disponíveis

Post-Run: 20,067,033,088 bytes disponíveis

134

FilhodoConde · Junho 10, 2008

Silas, segue tbm a nova analise do HijackThis

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 10:05, on 2008-06-10

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccSetMgr.exe

C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccEvtMgr.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Symantec AntiVirus\DefWatch.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\ARQUIV~1\MI6841~1\MSSQL\binn\sqlservr.exe

C:\Arquivos de programas\Symantec AntiVirus\SavRoam.exe

C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

C:\Arquivos de programas\Symantec AntiVirus\Rtvscan.exe

C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccApp.exe

C:\ARQUIV~1\SYMANT~1\VPTray.exe

C:\Arquivos de programas\Java\jre1.6.0_05\bin\jusched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\MSN Messenger\msnmsgr.exe

C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

C:\Arquivos de programas\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe

C:\WINDOWS\explorer.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.acpi.com.br/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896