[Resolvido!] Mensagem Autolt Error

Paulo. · Junho 24, 2009

Vem aparecendo aqui sempre que inicia o windows(quando já aparece a área de trabalho) uma janela que diz :

Autolt Error

Line-1:

Error: Variable used without being declared.

Mas só aparece ao iniciar mesmo, fora isso não notei nenhuma diferença no desempenho do pc.

O log :

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 16:51:51, on 24/6/2009

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Lavasoft\Ad-Aware\aawservice.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Winamp\winampa.exe

C:\Arquivos de programas\SpeedBit Video Accelerator\VideoAccelerator.exe

C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe

C:\Arquivos de programas\CyberLink\PowerDVD9\PDVD9Serv.exe

C:\Arquivos de programas\Cyberlink\Shared Files\brs.exe

C:\Arquivos de programas\QuickTime\qttask.exe

C:\Arquivos de programas\Lavasoft\Ad-Aware\AAWTray.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Messenger\msmsgs.exe

C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

C:\Documents and Settings\administrator\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe

C:\Arquivos de programas\RocketDock\RocketDock.exe

C:\Arquivos de programas\Bonjour\mDNSResponder.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7Debug\mdm.exe

C:\Arquivos de programas\Arquivos comuns\Nero\Nero BackItUp 4\NBService.exe

C:\Arquivos de programas\CyberLink\Shared files\RichVideo.exe

C:\ARQUIV~1\SPEEDB~1\VideoAcceleratorService.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\wuauclt.exe

C:\ARQUIV~1\SPEEDB~1\VideoAcceleratorEngine.exe

G:\opera.exe

C:\Documents and Settings\administrator\Desktop\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O2 - BHO: Google Web Accelerator Helper - {69A87B7D-DE56-4136-9655-716BA50C19C7} - C:\Arquivos de programas\Google\Web Accelerator\GoogleWebAccToolbar.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.5.0_10\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\MSN Apps\MSN Toolbar\01.02.3000.1001\pt-br\msntb.dll

O2 - BHO: OsbornTech Popup Blocker - {C68AE9C0-0909-4DDC-B661-C1AFB9F5AE53} - (no file)

O3 - Toolbar: Google Web Accelerator - {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - C:\Arquivos de programas\Google\Web Accelerator\GoogleWebAccToolbar.dll

O4 - HKLM\..\Run: [WinampAgent] "C:\Arquivos de programas\Winamp\winampa.exe"

O4 - HKLM\..\Run: [speedBitVideoAccelerator] "C:\Arquivos de programas\SpeedBit Video Accelerator\VideoAccelerator.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [RemoteControl9] "C:\Arquivos de programas\CyberLink\PowerDVD9\PDVD9Serv.exe"

O4 - HKLM\..\Run: [PDVD9LanguageShortcut] "C:\Arquivos de programas\CyberLink\PowerDVD9\Language\Language.exe"

O4 - HKLM\..\Run: [bDRegion] C:\Arquivos de programas\Cyberlink\Shared Files\brs.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [Ad-Watch] C:\Arquivos de programas\Lavasoft\Ad-Aware\AAWTray.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\administrator\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe" /c

O4 - HKCU\..\Run: [RocketDock] "C:\Arquivos de programas\RocketDock\RocketDock.exe"

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: windows_system_32-dll.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~1\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: shorten url - http://www.cjb.net/menuext.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_10\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_10\bin\ssv.dll

O9 - Extra button: Popup Blocker - {0D555BC6-E331-48b3-A60E-AAC0DF79438A} - C:\WINDOWS\system32\shdocvw.dll

O9 - Extra 'Tools' menuitem: Popup Blocker - {0D555BC6-E331-48b3-A60E-AAC0DF79438A} - C:\WINDOWS\system32\shdocvw.dll

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA} (Java Plug-in 1.5.0_01) -

O16 - DPF: {CC5C7FFD-E058-4390-A22A-FD08CCD9A3CE} -

O17 - HKLM\System\CCS\Services\Tcpip\..\{01EBD1BD-D540-44FD-9A92-A33BB92BDC7F}: NameServer = 208.67.220.220,208.67.222.222

O17 - HKLM\System\CCS\Services\Tcpip\..\{0416794C-9083-4544-8163-0CFA90D1BAAB}: NameServer = 208.67.220.220,208.67.222.222

O17 - HKLM\System\CCS\Services\Tcpip\..\{04F3740A-F11D-4900-B82A-564CCB9D4053}: NameServer = 208.67.220.220,208.67.222.222

O17 - HKLM\System\CCS\Services\Tcpip\..\{3B3C09CE-5A49-4085-B8ED-C0ECD2F690BE}: NameServer = 208.67.220.220,208.67.222.222

O17 - HKLM\System\CCS\Services\Tcpip\..\{7862CE84-3DED-42EE-9750-CDA60936645C}: NameServer = 208.67.220.220,208.67.222.222

O17 - HKLM\System\CCS\Services\Tcpip\..\{A0CB817D-AD60-4906-ACEC-72A8597BEA66}: NameServer = 208.67.220.220,208.67.222.222

O17 - HKLM\System\CCS\Services\Tcpip\..\{BA9F9753-48FF-4E38-A888-5DA40DBCFEA4}: NameServer = 208.67.220.220,208.67.222.222

O17 - HKLM\System\CCS\Services\Tcpip\..\{BEB4F3FA-81B0-490D-BC7D-E2F663E9B67F}: NameServer = 208.67.220.220,208.67.222.222

O17 - HKLM\System\CCS\Services\Tcpip\..\{DF4FB8F8-F5B4-4EE6-B169-A7CB090B75E0}: NameServer = 208.67.220.220,208.67.222.222

O17 - HKLM\System\CCS\Services\Tcpip\..\{E51DCA47-FE65-4BF2-9868-5777F46E8306}: NameServer = 208.67.220.220,208.67.222.222

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222

O17 - HKLM\System\CS1\Services\Tcpip\..\{01EBD1BD-D540-44FD-9A92-A33BB92BDC7F}: NameServer = 208.67.220.220,208.67.222.222

O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222

O17 - HKLM\System\CS2\Services\Tcpip\..\{01EBD1BD-D540-44FD-9A92-A33BB92BDC7F}: NameServer = 208.67.220.220,208.67.222.222

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222

O20 - AppInit_DLLs: C:\ARQUIV~1\Google\WEBACC~1\FASTSE~1.DLL

O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Arquivos de programas\Lavasoft\Ad-Aware\aawservice.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - (no file)

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - (no file)

O23 - Service: Bonjour Service - Apple Inc. - C:\Arquivos de programas\Bonjour\mDNSResponder.exe

O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Arquivos de programas\Arquivos comuns\Nero\Nero BackItUp 4\NBService.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Arquivos de programas\CyberLink\Shared files\RichVideo.exe

O23 - Service: VideoAcceleratorService - Speedbit Ltd. - C:\ARQUIV~1\SPEEDB~1\VideoAcceleratorService.exe

--

End of file - 9675 bytes

Alguém sabe como fazer para essa janela não aparecer mais?

Power Max · Junho 24, 2009

:thumbsup: Olá Paulo!

:seta: Está constando em seu PC uma versão bem antiga do antivirus Avg.

Para remover completamente o Avg de seu computador você pode usar o desinstalador que o Avg oferece:

AVG Remover(32bit) - Use esta opção se o seu sistema for de 32 bit.

AVG Remover(64bit) - Use esta opção se o seu sistema for de 64 bit.

______________________________________________________________________________

:seta: Depois disto sugiro que você instale um ótimo antivirus gratuito, como o Avira Antivir Personal 9 Free.

Para instalar, configurar e usar corretamente o Avira antivir é só seguir as dicas destes tutoriais:

Tutorial do Avira Antivir 9 free (instalação e configuração)

Tutorial do Avira Antivir 9 free (como usá-lo corretamente)

______________________________________________________________________________

:seta: Depois de instalar e configurar o Avira Antivir seguindo as dicas dos tutoriais acima, atualize-o (faça um update) e reinicie o seu computador e entre pelo Modo de Segurança (apertando a tecla F8 (ou a tecla F5 em alguns computadores) repetidas vezes quando o computador estiver reiniciando e escolhendo a opção Modo Seguro ou Modo de Segurança). Aí quando o computador tiver reiniciado, clique com o botão direito do mouse sobre o símbolo do Avira (aquele guarda-chuva vermelho aberto ao lado do relógio do Windows) e escolha a opção Start Antivir > clique na opção Scan system now > e à medida em que forem sendo achados vírus e programas espiões vá enviando eles para a quarentena. Depois de algumas semanas, se o seu computador estiver funcionando normalmente sem estes arquivos que foram para a quarentena, você pode ir na quarentena e excluí-los definitivamente.

Quando você tiver removido os virus que o Avira Antivir encontrar, reinicie o computador normalmente. Clique com o botão direito do mouse sobre o ícone do Avira (aquele guarda-chuva vermelho aberto ao lado do relógio do Windows) e escolha a opção Start Antivir > clique na opção Reports > dê um duplo clique com o botão esquerdo do mouse sobre o log mais recente e clique no botão Report file > Depois será aberta uma tela com o log, então é só selecionar este Log (Clique no menu: Editar » Selecionar Tudo), depois disso volte novamente no menu: Editar » e clique na opção: Copiar) > Depois disso é só voltar aqui no fórum e postar este log do Avira Antivir juntamente com um novo log do Hijackthis para que eles possam ser analizados.

Ficamos no aguardo de sua resposta.

Paulo. · Junho 25, 2009

Primeiro, obrigado por responder!

Fiz todas as suas dicas e aí estão os logs

o log do Avira AntiVir:

Avira AntiVir Personal

Report file date: quarta-feira, 24 de junho de 2009 19:49

Scanning for 1424788 virus strains and unwanted programs.

Licensee : Avira AntiVir Personal - FREE Antivirus

Serial number : 0000149996-ADJIE-0000001

Platform : Windows XP

Windows version : (Service Pack 2) [5.1.2600]

Boot mode : Save mode

Username : Administrador

Computer name : PAULO

Version information:

BUILD.DAT : 9.0.0.403 17961 Bytes 3/6/2009 17:05:00

AVSCAN.EXE : 9.0.3.6 466689 Bytes 11/5/2009 13:14:48

AVSCAN.DLL : 9.0.3.0 40705 Bytes 27/2/2009 14:58:26

LUKE.DLL : 9.0.3.2 209665 Bytes 20/2/2009 15:35:50

LUKERES.DLL : 9.0.2.0 12033 Bytes 27/2/2009 14:58:54

ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 27/10/2008 16:30:38

ANTIVIR1.VDF : 7.1.4.132 5707264 Bytes 24/6/2009 22:19:16

ANTIVIR2.VDF : 7.1.4.133 2048 Bytes 24/6/2009 22:19:18

ANTIVIR3.VDF : 7.1.4.136 15360 Bytes 24/6/2009 22:19:20

Engineversion : 8.2.0.196

AEVDF.DLL : 8.1.1.1 106868 Bytes 30/4/2009 15:52:06

AESCRIPT.DLL : 8.1.2.10 418171 Bytes 24/6/2009 22:21:36

AESCN.DLL : 8.1.2.3 127347 Bytes 14/5/2009 15:02:02

AERDL.DLL : 8.1.1.3 438645 Bytes 29/10/2008 22:24:42

AEPACK.DLL : 8.1.3.18 401783 Bytes 27/5/2009 20:07:22

AEOFFICE.DLL : 8.1.0.38 196987 Bytes 24/6/2009 22:21:20

AEHEUR.DLL : 8.1.0.134 1802616 Bytes 24/6/2009 22:21:14

AEHELP.DLL : 8.1.3.6 205174 Bytes 24/6/2009 22:19:46

AEGEN.DLL : 8.1.1.46 348533 Bytes 24/6/2009 22:19:40

AEEMU.DLL : 8.1.0.9 393588 Bytes 9/10/2008 18:32:40

AECORE.DLL : 8.1.6.12 180599 Bytes 27/5/2009 20:07:22

AEBB.DLL : 8.1.0.3 53618 Bytes 9/10/2008 18:32:40

AVWINLL.DLL : 9.0.0.3 18177 Bytes 12/12/2008 12:48:00

AVPREF.DLL : 9.0.0.1 43777 Bytes 5/12/2008 14:32:16

AVREP.DLL : 8.0.0.3 155905 Bytes 20/1/2009 18:34:30

AVREG.DLL : 9.0.0.0 36609 Bytes 5/12/2008 14:32:10

AVARKT.DLL : 9.0.0.3 292609 Bytes 24/3/2009 19:05:42

AVEVTLOG.DLL : 9.0.0.7 167169 Bytes 30/1/2009 14:37:10

SQLITE3.DLL : 3.6.1.0 326401 Bytes 28/1/2009 19:03:50

SMTPLIB.DLL : 9.2.0.25 28417 Bytes 2/2/2009 12:21:34

NETNT.DLL : 9.0.0.0 11521 Bytes 5/12/2008 14:32:12

RCIMAGE.DLL : 9.0.0.25 2438913 Bytes 15/5/2009 19:40:00

RCTEXT.DLL : 9.0.37.0 86785 Bytes 17/4/2009 14:19:50

Configuration settings for the scan:

Jobname.............................: Complete system scan

Configuration file..................: c:\arquivos de programas\avira\antivir desktop\sysscan.avp

Logging.............................: low

Primary action......................: repair

Secondary action....................: quarantine

Scan master boot sector.............: on

Scan boot sector....................: on

Boot sectors........................: C:, G:,

Process scan........................: on

Scan registry.......................: on

Search for rootkits.................: on

Integrity checking of system files..: off

Scan all files......................: All files

Scan archives.......................: on

Recursion depth.....................: 20

Smart extensions....................: on

Macro heuristic.....................: on

File heuristic......................: medium

Deviating risk categories...........: +APPL,+GAME,+JOKE,+PCK,+SPR,

Start of the scan: quarta-feira, 24 de junho de 2009 19:49

Starting search for hidden objects.

The driver could not be initialized.

The scan of running processes will be started

Scan process 'avscan.exe' - '1' Module(s) have been scanned

Scan process 'avcenter.exe' - '1' Module(s) have been scanned

Scan process 'Explorer.EXE' - '1' Module(s) have been scanned

Scan process 'wmiprvse.exe' - '1' Module(s) have been scanned

Scan process 'unsecapp.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'AAWService.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'lsass.exe' - '1' Module(s) have been scanned

Scan process 'services.exe' - '1' Module(s) have been scanned

Scan process 'winlogon.exe' - '1' Module(s) have been scanned

Scan process 'csrss.exe' - '1' Module(s) have been scanned

Scan process 'smss.exe' - '1' Module(s) have been scanned

14 processes with 14 modules were scanned

Starting master boot sector scan:

Master boot sector HD0

[iNFO] No virus was found!

Master boot sector HD1

[iNFO] No virus was found!

Start scanning boot sectors:

Boot sector 'C:\'

[iNFO] No virus was found!

Boot sector 'G:\'

[iNFO] No virus was found!

Starting to scan executable files (registry).

The registry was scanned ( '48' files ).

Starting the file scan:

Begin scan in 'C:\'

C:\pagefile.sys

[WARNING] The file could not be opened!

[NOTE] This file is a Windows system file.

[NOTE] This file cannot be opened for scanning.

C:\System Volume Information\_restore{C2768274-003B-4719-A76C-5E22B1965B5A}\RP761\A0111269.exe

[DETECTION] Is the TR/Keygen.BM Trojan

[NOTE] The file was moved to '4a73bfe2.qua'!

Begin scan in 'G:\' <HD_320GB>

G:\aopsfjafjoslsfl\Jogos\gameboy(color e advance)\gameboy(color e advance),\TGB_Dual_7.zip

[0] Archive type: ZIP

--> devices/tbr_dll.dll

[DETECTION] Is the TR/Gologger.D.3 Trojan

[NOTE] The file was moved to '4a84c39b.qua'!

G:\aopsfjafjoslsfl\programas\Nero 9.4.13.2 Ultra Edition 2009 + Working Keygen [h33t].rar

[0] Archive type: RAR

--> Keygen.exe

[DETECTION] Contains a recognition pattern of the (harmful) BDS/Bifrose.bbld.20 back-door program

[NOTE] The file was moved to '4ab4c58f.qua'!

End of the scan: quarta-feira, 24 de junho de 2009 21:36

Used time: 1:46:18 Hour(s)

The scan has been done completely.

12421 Scanned directories

411098 Files were scanned

3 Viruses and/or unwanted programs were found

0 Files were classified as suspicious

0 files were deleted

0 Viruses and unwanted programs were repaired

3 Files were moved to quarantine

0 Files were renamed

1 Files cannot be scanned

411094 Files not concerned

8261 Archives were scanned

1 Warnings

4 Notes

e o novo log do HijackThis:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 22:01:45, on 24/6/2009

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Lavasoft\Ad-Aware\aawservice.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe

C:\Arquivos de programas\Winamp\winampa.exe

C:\Arquivos de programas\SpeedBit Video Accelerator\VideoAccelerator.exe

C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe

C:\Arquivos de programas\CyberLink\PowerDVD9\PDVD9Serv.exe

C:\Arquivos de programas\Cyberlink\Shared Files\brs.exe

C:\Arquivos de programas\QuickTime\qttask.exe

C:\Arquivos de programas\Lavasoft\Ad-Aware\AAWTray.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Messenger\msmsgs.exe

C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

C:\Documents and Settings\administrator\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe

C:\Arquivos de programas\RocketDock\RocketDock.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe

C:\Arquivos de programas\Bonjour\mDNSResponder.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7Debug\mdm.exe

C:\Arquivos de programas\Arquivos comuns\Nero\Nero BackItUp 4\NBService.exe

C:\Arquivos de programas\CyberLink\Shared files\RichVideo.exe

C:\ARQUIV~1\SPEEDB~1\VideoAcceleratorService.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\wuauclt.exe

C:\ARQUIV~1\SPEEDB~1\VideoAcceleratorEngine.exe

C:\WINDOWS\system32\notepad.exe

G:\opera.exe

C:\Documents and Settings\administrator\Desktop\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = file://C:\ARQUIV~1\SPEEDB~1\vaproxy.pac