the log is clean? wow, i thought i still had all that spyware in there. anyway, i got Ccleaner and ran it; the pc seems to still be working kinda slow, but not as bad as before. here's the HJT startup list:
StartupList report, 09-08-2006, 18:59:19
StartupList version: 1.52.2
Started from : C:\Programas\HijackThis\HijackThis.EXE
Detected: Windows XP SP2 (WinNT 5.01.2600)
Detected: Internet Explorer v6.00 SP2 (6.00.2900.2180)
* Using default options
* Including empty and uninteresting sections
* Showing rarely important sections
==================================================
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
C:\Programas\Ficheiros comuns\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Programas\Norton AntiVirus\navapsvc.exe
C:\Programas\Norton Internet Security Professional\NISUM.EXE
C:\Programas\Ficheiros comuns\Symantec Shared\ccApp.exe
C:\WINDOWS\PowerS.exe
C:\Programas\Lexmark X74-X75\lxbbbmgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programas\Messenger\msmsgs.exe
C:\Programas\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\Programas\Lexmark X74-X75\lxbbbmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Programas\Norton Internet Security Professional\ccPxySvc.exe
C:\Programas\Ficheiros comuns\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programas\HijackThis\HijackThis.exe
--------------------------------------------------
Listing of startup folders:
Shell folders Startup:
[C:\Documents and Settings\Lua\Menu Iniciar\Programas\Arranque]
*No files*
Shell folders AltStartup:
*Folder not found*
User shell folders Startup:
*Folder not found*
User shell folders AltStartup:
*Folder not found*
Shell folders Common Startup:
[C:\Documents and Settings\All Users\Menu Iniciar\Programas\Arranque]
*No files*
Shell folders Common AltStartup:
*Folder not found*
User shell folders Common Startup:
*Folder not found*
User shell folders Alternate Common Startup:
*Folder not found*
--------------------------------------------------
Checking Windows NT UserInit:
[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,
[HKLM\Software\Microsoft\Windows\CurrentVersion\Winlogon]
*Registry key not found*
[HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
*Registry value not found*
[HKCU\Software\Microsoft\Windows\CurrentVersion\Winlogon]
*Registry key not found*
--------------------------------------------------
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
NeroCheck = C:\WINDOWS\System32\NeroCheck.exe
ccApp = "C:\Programas\Ficheiros comuns\Symantec Shared\ccApp.exe"
ccRegVfy = "C:\Programas\Ficheiros comuns\Symantec Shared\ccRegVfy.exe"
Advanced Tools Check = C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
NvCplDaemon = "RUNDLL32.EXE" C:\WINDOWS\System32\NvCpl.dll,NvStartup
PowerS = C:\WINDOWS\PowerS.exe
Symantec NetDriver Monitor = "C:\PROGRA~1\SYMNET~1\SNDMon.exe" /Consumer
Lexmark X74-X75 = "C:\Programas\Lexmark X74-X75\lxbbbmgr.exe"
--------------------------------------------------
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce
*No values found*
--------------------------------------------------
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*No values found*
--------------------------------------------------
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices
*No values found*
--------------------------------------------------
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*Registry key not found*
--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
CTFMON.EXE = C:\WINDOWS\system32\ctfmon.exe
MSMSGS = "C:\Programas\Messenger\msmsgs.exe" /background
--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
*No values found*
--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*No values found*
--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices
*No values found*
--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*Registry key not found*
--------------------------------------------------
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*
--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
[OptionalComponents]
*No values found*
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce
*No subkeys found*
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*No subkeys found*
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices
*No subkeys found*
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*Registry key not found*
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
*No subkeys found*
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
*No subkeys found*
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*No subkeys found*
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices
*No subkeys found*
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*Registry key not found*
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*
--------------------------------------------------
File association entry for .EXE:
HKEY_CLASSES_ROOT\exefile\shell\open\command
(Default) = "%1" %*
--------------------------------------------------
File association entry for .COM:
HKEY_CLASSES_ROOT\comfile\shell\open\command
(Default) = "%1" %*
--------------------------------------------------
File association entry for .BAT:
HKEY_CLASSES_ROOT\batfile\shell\open\command
(Default) = "%1" %*
--------------------------------------------------
File association entry for .PIF:
HKEY_CLASSES_ROOT\piffile\shell\open\command
(Default) = "%1" %*
--------------------------------------------------
File association entry for .SCR:
HKEY_CLASSES_ROOT\scrfile\shell\open\command
(Default) = "%1" /S
--------------------------------------------------
File association entry for .HTA:
HKEY_CLASSES_ROOT\htafile\shell\open\command
(Default) = C:\WINDOWS\System32\mshta.exe "%1" %*
--------------------------------------------------
File association entry for .TXT:
HKEY_CLASSES_ROOT\txtfile\shell\open\command
(Default) = %SystemRoot%\system32\NOTEPAD.EXE %1
--------------------------------------------------
Enumerating Active Setup stub paths:
HKLM\Software\Microsoft\Active Setup\Installed Components
(* = disabled by HKCU twin)
[>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
StubPath = C:\WINDOWS\inf\unregmp2.exe /ShowWMP
[>{26923b43-4d38-484f-9b9e-de460746276c}] *
StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE
[>{3C2177DC-A5CF-4B73-B5DC-808C45236E0B}] *
StubPath = RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
[>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}] *
StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
[{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] *
StubPath = %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
[{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] *
StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
[{44BBA842-CC51-11CF-AAFA-00AA00B6015B}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
[{5945c046-1e7d-11d1-bc44-00c04fd912be}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
[{6BF52A52-394A-11d3-B153-00C04F79FAA6}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp10.inf,PerUserStub
[{7790769C-0471-11d2-AF11-00C04FA35D02}] *
StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
[{89820200-ECBD-11cf-8B85-00AA005B4340}] *
StubPath = regsvr32.exe /s /n /i:U shell32.dll
[{89820200-ECBD-11cf-8B85-00AA005B4383}] *
StubPath = %SystemRoot%\System32\ie4uinit.exe
[{89B4C1CD-B018-4511-B0A1-5476DBF70820}] *
StubPath = C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
[{9EF0045A-CDD9-438e-95E6-02B9AFEC8E11}] *
StubPath = %SystemRoot%\System32\updcrl.exe -e -u %SystemRoot%\System32\verisignpub1.crl
--------------------------------------------------
Enumerating ICQ Agent Autostart apps:
HKCU\Software\Mirabilis\ICQ\Agent\Apps
*Registry key not found*
--------------------------------------------------
Load/Run keys from C:\WINDOWS\WIN.INI:
load=*INI section not found*
run=*INI section not found*
Load/Run keys from Registry:
HKLM\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
HKLM\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
HKLM\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
HKCU\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
HKCU\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
HKCU\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
HKCU\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
HKCU\..\Windows NT\CurrentVersion\Windows: load=
HKCU\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: load=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: AppInit_DLLs=
--------------------------------------------------
Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:
Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*
Shell & screensaver key from Registry:
Shell=Explorer.exe
SCRNSAVE.EXE=*Registry value not found*
drivers=*Registry value not found*
Policies Shell key:
HKCU\..\Policies: Shell=*Registry value not found*
HKLM\..\Policies: Shell=*Registry value not found*
--------------------------------------------------
Checking for EXPLORER.EXE instances:
C:\WINDOWS\Explorer.exe: PRESENT!
C:\Explorer.exe: not present
C:\WINDOWS\Explorer\Explorer.exe: not present
C:\WINDOWS\System\Explorer.exe: not present
C:\WINDOWS\System32\Explorer.exe: not present
C:\WINDOWS\Command\Explorer.exe: not present
C:\WINDOWS\Fonts\Explorer.exe: not present
--------------------------------------------------
Checking for superhidden extensions:
.lnk: HIDDEN! (arrow overlay: yes)
.pif: HIDDEN! (arrow overlay: yes)
.exe: not hidden
.com: not hidden
.bat: not hidden
.hta: not hidden
.scr: not hidden
.shs: HIDDEN!
.shb: HIDDEN!
.vbs: not hidden
.vbe: not hidden
.wsh: not hidden
.scf: HIDDEN! (arrow overlay: NO!)
.url: HIDDEN! (arrow overlay: yes)
.js: not hidden
.jse: not hidden
--------------------------------------------------
Verifying REGEDIT.EXE integrity:
- Regedit.exe found in C:\WINDOWS
- .reg open command is normal (regedit.exe %1)
- Company name OK: 'Microsoft Corporation'
- Original filename OK: 'REGEDIT.EXE'
- File description: 'Editor de registo'
Registry check passed
--------------------------------------------------
Enumerating Browser Helper Objects:
(no name) - C:\Programas\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
(no name) - (no file) - {0A87E45F-537A-40B4-B812-E2544C21A09F}
(no name) - C:\PROGRA~1\SPYBOT~1\SDHelper.dll - {53707962-6F74-2D53-2644-206D7942484F}
(no name) - C:\Programas\Ficheiros comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll - {9030D464-4C02-4ABF-8ECC-5164760863C6}
NAV Helper - C:\Programas\Norton AntiVirus\NavShExt.dll - {BDF3E430-B101-42AD-A544-FADC6B084872}
--------------------------------------------------
Enumerating Task Scheduler jobs:
Symantec NetDetect.job
Norton AntiVirus - Scan my computer.job
--------------------------------------------------
Enumerating Download Program Files:
[QuickTime Object]
InProcServer32 = C:\WINDOWS\System32\QTPlugin.ocx
CODEBASE =
http://www.apple.com/qtactivex/qtplugin.cab[Shockwave ActiveX Control]
InProcServer32 = C:\WINDOWS\system32\macromed\Director\SwDir.dll
CODEBASE =
http://download.macromedia.com/pub/shockwa...director/sw.cab[Windows Genuine Advantage Validation Tool]
InProcServer32 = C:\WINDOWS\System32\LegitCheckControl.DLL
CODEBASE =
http://go.microsoft.com/fwlink/?linkid=39204[Office Update Installation Engine]
InProcServer32 = C:\WINDOWS\opuc.dll
CODEBASE =
http://office.microsoft.com/officeupdate/content/opuc3.cab[BDSCANONLINE Control]
InProcServer32 = C:\WINDOWS\bdoscan8\oscan81.ocx
CODEBASE =
http://www.johannrain-softwareentwicklung....can8/oscan8.cab[WUWebControl Class]
InProcServer32 = C:\WINDOWS\System32\wuweb.dll
CODEBASE =
http://update.microsoft.com/windowsupdate/...b?1153403911673[ICSScanner Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\ICSScan.dll
CODEBASE =
http://download.zonelabs.com/bin/promotion...canner37930.cab[MsnMessengerSetupDownloadControl Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\MsnMessengerSetupDownloader.ocx
CODEBASE =
http://messenger.msn.com/download/MsnMesse...pDownloader.cab[Shockwave Flash Object]
InProcServer32 = C:\WINDOWS\System32\Macromed\Flash\Flash8b.ocx
CODEBASE =
http://fpdownload.macromedia.com/pub/shock...ash/swflash.cab--------------------------------------------------
Enumerating Winsock LSP files:
NameSpace #1: C:\WINDOWS\System32\mswsock.dll
NameSpace #2: C:\WINDOWS\System32\winrnr.dll
NameSpace #3: C:\WINDOWS\System32\mswsock.dll
Protocol #1: C:\WINDOWS\system32\mswsock.dll
Protocol #2: C:\WINDOWS\system32\mswsock.dll
Protocol #3: C:\WINDOWS\system32\mswsock.dll
Protocol #4: C:\WINDOWS\system32\rsvpsp.dll
Protocol #5: C:\WINDOWS\system32\rsvpsp.dll
Protocol #6: C:\WINDOWS\system32\mswsock.dll
Protocol #7: C:\WINDOWS\system32\mswsock.dll
Protocol #8: C:\WINDOWS\system32\mswsock.dll
Protocol #9: C:\WINDOWS\system32\mswsock.dll
Protocol #10: C:\WINDOWS\system32\mswsock.dll
Protocol #11: C:\WINDOWS\system32\mswsock.dll
Protocol #12: C:\WINDOWS\system32\mswsock.dll
Protocol #13: C:\WINDOWS\system32\mswsock.dll
Protocol #14: C:\WINDOWS\system32\mswsock.dll
Protocol #15: C:\WINDOWS\system32\mswsock.dll
Protocol #16: C:\WINDOWS\system32\mswsock.dll
Protocol #17: C:\WINDOWS\system32\mswsock.dll
--------------------------------------------------
Enumerating Windows NT/2000/XP services
abp480n5: \SystemRoot\System32\DRIVERS\ABP480N5.SYS (disabled)
Controlador ACPI da Microsoft: System32\DRIVERS\ACPI.sys (system)
adpu160m: \SystemRoot\System32\DRIVERS\adpu160m.sys (disabled)
Microsoft Kernel Acoustic Echo Canceller: system32\drivers\aec.sys (manual start)
Ambiente de suporte com funcionalidades de rede AFD: \SystemRoot\System32\drivers\afd.sys (system)
Filtro de barramento Intel AGP: \SystemRoot\System32\DRIVERS\agp440.sys (disabled)
Filtro de barramento Compaq AGP: \SystemRoot\System32\DRIVERS\agpCPQ.sys (disabled)
Aha154x: \SystemRoot\System32\DRIVERS\aha154x.sys (disabled)
aic78u2: \SystemRoot\System32\DRIVERS\aic78u2.sys (disabled)
aic78xx: \SystemRoot\System32\DRIVERS\aic78xx.sys (disabled)
Alcatel SpeedTouch USB ADSL PPP Networking Driver (NDISWAN): System32\DRIVERS\alcan5wn.sys (manual start)
Alcatel Speed Touch ADSL Modem ATM Transport: System32\DRIVERS\alcaudsl.sys (manual start)
Service for Avance AC97 Audio (WDM): system32\drivers\ALCXWDM.SYS (manual start)
Alerta: %SystemRoot%\System32\svchost.exe -k LocalService (disabled)
Serviço de gateway de camada de aplicação: %SystemRoot%\System32\alg.exe (manual start)
AliIde: \SystemRoot\System32\DRIVERS\aliide.sys (disabled)
Filtro de barramento ALI AGP: \SystemRoot\System32\DRIVERS\alim1541.sys (disabled)
Controlador de filtro de barramento AMD AGP: \SystemRoot\System32\DRIVERS\amdagp.sys (disabled)
amsint: \SystemRoot\System32\DRIVERS\amsint.sys (disabled)
Gestão de aplicações: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
asc: \SystemRoot\System32\DRIVERS\asc.sys (disabled)
asc3350p: \SystemRoot\System32\DRIVERS\asc3350p.sys (disabled)
asc3550: \SystemRoot\System32\DRIVERS\asc3550.sys (disabled)
Serviço de estado do ASP.NET: %SystemRoot%\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (manual start)
Controlador de média assíncrono de RAS: System32\DRIVERS\asyncmac.sys (manual start)
Controlador de disco rígido IDE/ESDI padrão: System32\DRIVERS\atapi.sys (system)
ATM - protocolo para cliente ARP: System32\DRIVERS\atmarpc.sys (manual start)
Áudio do Windows: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Controladores de stub de áudio: System32\DRIVERS\audstub.sys (manual start)
basic2: System32\DRIVERS\HSF_BSC2.sys (manual start)
Serviço de transferência inteligente em fundo: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Browser de computador: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
BtCap, WDM Video Capture: system32\drivers\BT848.SYS (autostart)
BtTuner, WDM TV Tuner: system32\drivers\BTTUNER.SYS (autostart)
BtXBar, WDM Crossbar: system32\drivers\BTXBAR.SYS (autostart)
C-Dilla: \??\C:\WINDOWS\System32\drivers\CDANT.SYS (manual start)
C-DillaSrv: C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE (autostart)
cbidf: \SystemRoot\System32\DRIVERS\cbidf2k.sys (disabled)
Closed Caption Decoder: System32\DRIVERS\CCDECODE.sys (manual start)
Symantec Event Manager: "C:\Programas\Ficheiros comuns\Symantec Shared\ccEvtMgr.exe" (autostart)
Symantec Password Validation Service: "C:\Programas\Ficheiros comuns\Symantec Shared\ccPwdSvc.exe" (manual start)
Symantec Proxy Service: "C:\Programas\Norton Internet Security Professional\ccPxySvc.exe" (autostart)
cd20xrnt: \SystemRoot\System32\DRIVERS\cd20xrnt.sys (disabled)
Controlador de CD-ROM: System32\DRIVERS\cdrom.sys (system)
Serviço de indexação: C:\WINDOWS\System32\cisvc.exe (manual start)
ClipBook: %SystemRoot%\system32\clipsrv.exe (disabled)
.NET Runtime Optimization Service v2.0.50727_X86: C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (manual start)
CmdIde: \SystemRoot\System32\DRIVERS\cmdide.sys (disabled)
Aplicação de sistema COM+: C:\WINDOWS\System32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} (manual start)
Cpqarray: \SystemRoot\System32\DRIVERS\cpqarray.sys (disabled)
Serviços criptográficos: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
dac2w2k: \SystemRoot\System32\DRIVERS\dac2w2k.sys (disabled)
dac960nt: \SystemRoot\System32\DRIVERS\dac960nt.sys (disabled)
DCOM - Lançador de processo de servidor: %SystemRoot%\system32\svchost -k DcomLaunch (autostart)
Cliente DHCP: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Controlador de disco: System32\DRIVERS\disk.sys (system)
Serviço administrativo de gestão de discos lógicos: %SystemRoot%\System32\dmadmin.exe /com (manual start)
dmboot: System32\drivers\dmboot.sys (disabled)
dmio: System32\drivers\dmio.sys (disabled)
dmload: System32\drivers\dmload.sys (disabled)
Gestor de discos lógicos: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Microsoft - sintetizador Kernel DSL: system32\drivers\DMusic.sys (manual start)
Cliente DNS: %SystemRoot%\System32\svchost.exe -k NetworkService (autostart)
dpti2o: \SystemRoot\System32\DRIVERS\dpti2o.sys (disabled)
Microsoft Kernel DRM Descrambler Filter: system32\drivers\drmkaud.sys (manual start)
Serviço de relato de erros: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Registo de eventos: %SystemRoot%\system32\services.exe (autostart)
Sistema de eventos do COM+: C:\WINDOWS\System32\svchost.exe -k netsvcs (manual start)
Fallback: System32\DRIVERS\HSF_FALL.sys (autostart)
Compatibilidade de 'Mudança rápida de utilizador': %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Controlador de disquete: System32\DRIVERS\fdc.sys (manual start)
Controlador de unidades de disquetes: System32\DRIVERS\flpydisk.sys (manual start)
FltMgr: system32\drivers\fltmgr.sys (system)
Fsks: System32\DRIVERS\HSF_FSKS.sys (autostart)
Controlador do gestor de volume: System32\DRIVERS\ftdisk.sys (system)
Enumerador de portas de jogos: System32\DRIVERS\gameenum.sys (manual start)
Classificador de pacotes genérico: System32\DRIVERS\msgpc.sys (manual start)
Ajuda e suporte: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Acesso a dispositivos de interface humana: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)
Controlador de classe HID da Microsoft: System32\DRIVERS\hidusb.sys (manual start)
hpn: \SystemRoot\System32\DRIVERS\hpn.sys (disabled)
hpt3xx: \SystemRoot\System32\DRIVERS\hpt3xx.sys (disabled)
HSFHWBS2: System32\DRIVERS\HSFBS2S2.sys (manual start)
HSF_DP: System32\DRIVERS\HSFDPSP2.sys (manual start)
hsf_msft: System32\DRIVERS\HSF_MSFT.sys (manual start)
HTTP: System32\Drivers\HTTP.sys (manual start)
SSL de HTTP: %SystemRoot%\System32\svchost.exe -k HTTPFilter (manual start)
hwpsgt: System32\DRIVERS\hwpsgt.sys (autostart)
i2omp: \SystemRoot\System32\DRIVERS\i2omp.sys (disabled)
Controlador de porta de teclado i8042 e de rato PS/2: System32\DRIVERS\i8042prt.sys (system)
InstallDriver Table Manager: C:\Programas\Ficheiros comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe (manual start)
Serviço COM de gravação de CD de IMAPI: C:\WINDOWS\System32\imapi.exe (manual start)
ini910u: \SystemRoot\System32\DRIVERS\ini910u.sys (disabled)
IntelIde: \SystemRoot\System32\DRIVERS\intelide.sys (disabled)
Controlador de processador Intel: System32\DRIVERS\intelppm.sys (system)
Controlador de IPv6 do Firewall do Windows: system32\drivers\ip6fw.sys (manual start)
Controlador de filtração de tráfego IP: System32\DRIVERS\ipfltdrv.sys (manual start)
Controlador de túnel IP-em-IP: System32\DRIVERS\ipinip.sys (manual start)
Tradutor de endereços de rede IP: System32\DRIVERS\ipnat.sys (manual start)
Controlador IPSEC: System32\DRIVERS\ipsec.sys (system)
Serviço enumerador IR: System32\DRIVERS\irenum.sys (manual start)
Controlador de barramento PnP ISA/EISA: System32\DRIVERS\isapnp.sys (system)
K56: System32\DRIVERS\HSF_K56K.sys (autostart)
Controlador de classe de teclado: System32\DRIVERS\kbdclass.sys (system)
Controlador HID de teclado: System32\DRIVERS\kbdhid.sys (system)
Microsoft - misturador de áudio Kernel Wave: system32\drivers\kmixer.sys (manual start)
Servidor: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Estação de trabalho: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
lemsgt: System32\DRIVERS\lemsgt.sys (autostart)
LexBce Server: C:\WINDOWS\system32\LEXBCES.EXE (autostart)
Programa auxiliar TCP/IP NetBIOS: %SystemRoot%\System32\svchost.exe -k LocalService (autostart)
mdmxsdk: System32\DRIVERS\mdmxsdk.sys (autostart)
Mensageiro: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)
Partilha remota do ambiente de trabalho do NetMeeting: C:\WINDOWS\System32\mnmsrvc.exe (manual start)
Controlador de classe de rato: System32\DRIVERS\mouclass.sys (system)
Controlador HID de rato: System32\DRIVERS\mouhid.sys (manual start)
mraid35x: \SystemRoot\System32\DRIVERS\mraid35x.sys (disabled)
Redireccionador de cliente WebDav: System32\DRIVERS\mrxdav.sys (manual start)
MRXSMB: System32\DRIVERS\mrxsmb.sys (system)
DTC (Coordenador de transacções distribuídas): C:\WINDOWS\System32\msdtc.exe (manual start)
Windows Installer: C:\WINDOWS\system32\msiexec.exe /V (manual start)
Proxy da Microsoft para serviços de fluxo: system32\drivers\MSKSSRV.sys (manual start)
Microsoft Streaming Clock Proxy: system32\drivers\MSPCLOCK.sys (manual start)
Proxy da Microsoft para gestão de qualidade de fluxo: system32\drivers\MSPQM.sys (manual start)
Controlador BIOS Microsoft System Management: System32\DRIVERS\mssmbios.sys (manual start)
Conversor da Microsoft para fluxos Tee/Sink-to-Sink: system32\drivers\MSTEE.sys (manual start)
NABTS/FEC VBI Codec: System32\DRIVERS\NABTSFEC.sys (manual start)
Norton AntiVirus Auto Protect Service: "C:\Programas\Norton AntiVirus\navapsvc.exe" (autostart)
NAVENG: \??\C:\PROGRA~1\FICHEI~1\SYMANT~1\VIRUSD~1\20060726.039\NAVENG.Sys (manual start)
NAVEX15: \??\C:\PROGRA~1\FICHEI~1\SYMANT~1\VIRUSD~1\20060726.039\NavEx15.Sys (manual start)
Ligação de TV/Vídeo Microsoft: System32\DRIVERS\NdisIP.sys (manual start)
Controlador TAPI NDIS de acesso remoto: System32\DRIVERS\ndistapi.sys (manual start)
Protocolo E/S de modo de utilizador NDIS: System32\DRIVERS\ndisuio.sys (manual start)
Controlador WAN NDIS de acesso remoto: System32\DRIVERS\ndiswan.sys (manual start)
Interface de NetBIOS: System32\DRIVERS\netbios.sys (system)
NetBT: System32\DRIVERS\netbt.sys (system)
Rede DDE: %SystemRoot%\system32\netdde.exe (disabled)
Rede DDE DSDM: %SystemRoot%\system32\netdde.exe (disabled)
Início de sessão de rede: %SystemRoot%\System32\lsass.exe (manual start)
Ligações de rede: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Norton Internet Security Professional Accounts Manager: "C:\Programas\Norton Internet Security Professional\NISUM.EXE" (autostart)
Identificação da localização na rede (NLA): %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Norton Unerase Protection Driver: \??\C:\WINDOWS\System32\Drivers\NPDRIVER.SYS (manual start)
Norton Unerase Protection: C:\Programas\Norton AntiVirus\AdvTools\NPROTECT.EXE (autostart)
NT LM Security Support Provider: %SystemRoot%\System32\lsass.exe (manual start)
Armazenamento amovível: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
nv: System32\DRIVERS\nv4_mini.sys (manual start)
NVIDIA Driver Helper Service: %SystemRoot%\System32\nvsvc32.exe (autostart)
Controlador de filtração de tráfego IPX: System32\DRIVERS\nwlnkflt.sys (manual start)
Controlador de reencaminhamento de tráfego IPX: System32\DRIVERS\nwlnkfwd.sys (manual start)
Controlador de processador Intel PentiumIII: System32\DRIVERS\p3.sys (system)
Controlador de porta paralela: System32\DRIVERS\parport.sys (manual start)
Controlador de barramento PCI: System32\DRIVERS\pci.sys (system)
PCIIde: \SystemRoot\System32\DRIVERS\pciide.sys (disabled)
perc2: \SystemRoot\System32\DRIVERS\perc2.sys (disabled)
perc2hib: \SystemRoot\System32\DRIVERS\perc2hib.sys (disabled)
Philips USB VGA Camera: System32\DRIVERS\philcam2.sys (manual start)
Plug and Play: %SystemRoot%\system32\services.exe (autostart)
Serviços IPSEC: %SystemRoot%\System32\lsass.exe (autostart)
WAN Miniport (PPTP): System32\DRIVERS\raspptp.sys (manual start)
Controlador do processador: System32\DRIVERS\processr.sys (system)
Armazenamento protegido: %SystemRoot%\system32\lsass.exe (autostart)
Agendador de pacotes QoS: System32\DRIVERS\psched.sys (manual start)
Controlador de ligações directas por porta paralela: System32\DRIVERS\ptilink.sys (manual start)
ql1080: \SystemRoot\System32\DRIVERS\ql1080.sys (disabled)
Ql10wnt: \SystemRoot\System32\DRIVERS\ql10wnt.sys (disabled)
ql12160: \SystemRoot\System32\DRIVERS\ql12160.sys (disabled)
ql1240: \SystemRoot\System32\DRIVERS\ql1240.sys (disabled)
ql1280: \SystemRoot\System32\DRIVERS\ql1280.sys (disabled)
Controlador de ligação automática de acesso remoto: System32\DRIVERS\rasacd.sys (system)
Gestor de ligação automática de acesso remoto: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
WAN Miniport (L2TP): System32\DRIVERS\rasl2tp.sys (manual start)
Gestor de ligação de acesso remoto: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Controlador de acesso remoto PPPOE: System32\DRIVERS\raspppoe.sys (manual start)
Paralelo directo: System32\DRIVERS\raspti.sys (manual start)
Rdbss: System32\DRIVERS\rdbss.sys (system)
RDPCDD: System32\DRIVERS\RDPCDD.sys (system)
Controlador de redireccionador de dispositivo de servidor de terminais: System32\DRIVERS\rdpdr.sys (manual start)
Gestor de sessões de ajuda do 'Ambiente de trabalho remoto': C:\WINDOWS\system32\sessmgr.exe (manual start)
Controlador de filtro de reprodução de áudio digital de CD: System32\DRIVERS\redbook.sys (system)
Encaminhamento e acesso remoto: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)
Rksample: System32\DRIVERS\HSF_SAMP.sys (manual start)
Localizador RPC (Remote Procedure Call): %SystemRoot%\System32\locator.exe (manual start)
Chamada de procedimento remoto (RPC): %SystemRoot%\system32\svchost -k rpcss (autostart)
QoS RSVP: %SystemRoot%\System32\rsvp.exe (manual start)
S3Psddr: System32\DRIVERS\s3gnbm.sys (manual start)
Gestor de contas de segurança: %SystemRoot%\system32\lsass.exe (autostart)
SAVRT: \??\C:\WINDOWS\System32\Drivers\SAVRT.SYS (manual start)
SAVRTPEL: \??\C:\WINDOWS\System32\Drivers\SAVRTPEL.SYS (autostart)
ScriptBlocking Service: C:\PROGRA~1\FICHEI~1\SYMANT~1\SCRIPT~1\SBServ.exe (autostart)
Smart Card: %SystemRoot%\System32\SCardSvr.exe (manual start)
Programador de tarefas: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
sdcplh: System32\drivers\sdcplh.sys (system)
Secdrv: System32\DRIVERS\secdrv.sys (autostart)
Início de sessão secundário: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Notificação de evento de sistema: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Controlador de filtro Serenum: System32\DRIVERS\serenum.sys (manual start)
Controlador de porta série: System32\DRIVERS\serial.sys (system)
Firewall do Windows/Partilha de ligação à Internet (ICS): %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Detecção de hadrware da shell: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
SiS300i: System32\DRIVERS\sis300ip.sys (manual start)
AC'97 - Serviço para controlador de amostras (WDM): system32\drivers\ac97sis.sys (manual start)
Filtro de barramento SIS AGP: System32\DRIVERS\sisagp.sys (system)
SiS PCI Fast Ethernet Adapter Driver: System32\DRIVERS\sisnic.sys (manual start)
BDA Slip De-Framer: System32\DRIVERS\SLIP.sys (manual start)
Symantec Network Drivers Service: C:\Programas\Ficheiros comuns\Symantec Shared\SNDSrvc.exe (manual start)
SoftFax: System32\DRIVERS\HSF_FAXX.sys (autostart)
Sparrow: \SystemRoot\System32\DRIVERS\sparrow.sys (disabled)
Microsoft Kernel Audio Splitter: system32\drivers\splitter.sys (manual start)
Spooler de impressão: %SystemRoot%\system32\spoolsv.exe (autostart)
Controlador do filtro de restauro do sistema: \SystemRoot\System32\DRIVERS\sr.sys (disabled)
Serviço de 'Restauro do sistema': %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Srv: System32\DRIVERS\srv.sys (manual start)
Serviço de identificação SSDP: %SystemRoot%\System32\svchost.exe -k LocalService (manual start)
Windows Image Acquisition (WIA): %SystemRoot%\System32\svchost.exe -k imgsvc (autostart)
BDA IPSink: System32\DRIVERS\StreamIP.sys (manual start)
Controlador de barramento por software: System32\DRIVERS\swenum.sys (manual start)
Microsoft - sintetizador Kernel GS Wavetable: system32\drivers\swmidi.sys (manual start)
MS Software Shadow Copy Provider: C:\WINDOWS\System32\dllhost.exe /Processid:{9D55582C-E8E3-4D5D-86AA-38318C4A57EF} (manual start)
symc810: \SystemRoot\System32\DRIVERS\symc810.sys (disabled)
symc8xx: \SystemRoot\System32\DRIVERS\symc8xx.sys (disabled)
SYMDNS: \SystemRoot\System32\Drivers\SYMDNS.SYS (manual start)
SymEvent: \??\C:\Programas\Symantec\SYMEVENT.SYS (manual start)
SYMFW: \SystemRoot\System32\Drivers\SYMFW.SYS (manual start)
SYMIDS: \SystemRoot\System32\Drivers\SYMIDS.SYS (manual start)
SYMIDSCO: \??\C:\PROGRA~1\FICHEI~1\SYMANT~1\SymcData\idsdefs\20060710.095\symidsco.sys (manual start)
SYMNDIS: \SystemRoot\System32\Drivers\SYMNDIS.SYS (manual start)
SYMREDRV: \SystemRoot\System32\Drivers\SYMREDRV.SYS (manual start)
SYMTDI: \SystemRoot\System32\Drivers\SYMTDI.SYS (system)
SymWMI Service: C:\Programas\Ficheiros comuns\Symantec Shared\Security Center\SymWSC.exe (autostart)
sym_hi: \SystemRoot\System32\DRIVERS\sym_hi.sys (disabled)
sym_u3: \SystemRoot\System32\DRIVERS\sym_u3.sys (disabled)
Microsoft - dispositivo de áudio do kernel do sistema: system32\drivers\sysaudio.sys (manual start)
Alertas e registos de desempenho: %SystemRoot%\system32\smlogsvc.exe (manual start)
Dispositivos telefónicos: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Controlador do protocolo TCP/IP: System32\DRIVERS\tcpip.sys (system)
Controlador de dispositivo de terminal: System32\DRIVERS\termdd.sys (system)
Serviços de terminal: %SystemRoot%\System32\svchost -k DComLaunch (manual start)
Temas: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Tones: System32\DRIVERS\HSF_TONE.sys (autostart)
TosIde: \SystemRoot\System32\DRIVERS\toside.sys (disabled)
Cliente de Distributed Link Tracking: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
ultra: \SystemRoot\System32\DRIVERS\ultra.sys (disabled)
Windows User Mode Driver Framework: C:\WINDOWS\system32\wdfmgr.exe (autostart)
Controlador de actualização microcódigo: System32\DRIVERS\update.sys (manual start)
Anfitrião de dispositivos Universal Plug and Play: %SystemRoot%\System32\svchost.exe -k LocalService (manual start)
Fonte de alimentação ininterrupta: %SystemRoot%\System32\ups.exe (manual start)
Controlador de áudio USB (WDM): system32\drivers\usbaudio.sys (manual start)
Microsoft USB Generic Parent Driver: System32\DRIVERS\usbccgp.sys (manual start)
Controlador de concentrador padrão USB da Microsoft: System32\DRIVERS\usbhub.sys (manual start)
Microsoft USB Open Host Controller Miniport Driver: System32\DRIVERS\usbohci.sys (manual start)
Classe de impressoras USB Microsoft: System32\DRIVERS\usbprint.sys (manual start)
Controlador de scanner USB: System32\DRIVERS\usbscan.sys (manual start)
Controlador de armazenamento de massa USB: System32\DRIVERS\USBSTOR.SYS (manual start)
Controlador miniport do controlador Microsoft USB universal: System32\DRIVERS\usbuhci.sys (manual start)
USN Journal Reader Service para Pastas Partilhadas do Messenger: C:\WINDOWS\system32\svchost.exe -k usnsvc (manual start)
V124: System32\DRIVERS\HSF_V124.sys (autostart)
VGA - controlador de visualização.: \SystemRoot\System32\drivers\vga.sys (system)
Filtro de barramento VIA AGP: \SystemRoot\System32\DRIVERS\viaagp1.sys (disabled)
VIA AGP Filter: System32\DRIVERS\viaagp1.sys (system)
ViaIde: System32\DRIVERS\viaidexp.sys (system)
VIAPFD: \SystemRoot\System32\Drivers\VIAPFD.SYS (system)
VIA AC'97 Audio Controller (WDM): system32\drivers\viaudio.sys (manual start)
Cópia sombra de volume: %SystemRoot%\System32\vssvc.exe (manual start)
Hora do Windows: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Controlador ARP IP de acesso remoto: System32\DRIVERS\wanarp.sys (manual start)
Microsoft - controlador de compatibilidade áudio WINMM WDM: system32\drivers\wdmaud.sys (manual start)
WebClient: %SystemRoot%\System32\svchost.exe -k LocalService (autostart)
winachsf: System32\DRIVERS\HSFCXTS2.sys (manual start)
WMI (Instrumento de gestão do Windows): %systemroot%\system32\svchost.exe -k netsvcs (autostart)
Logitech Virtual Bus Enumerator Driver: system32\drivers\WmBEnum.sys (manual start)
Serviço Windows Media Connect: C:\Programas\Windows Media Connect 2\wmccds.exe (manual start)
Serviço do número de série de leitores de multimédia portáteis: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Logitech WingMan HID Filter Driver: system32\drivers\WmFilter.sys (manual start)
Logitech WingMan USB Filter Driver: system32\drivers\WmHidLo.sys (manual start)
Adaptador de desempenho WMI: C:\WINDOWS\System32\wbem\wmiapsrv.exe (manual start)
Logitech Virtual Hid Device Driver: system32\drivers\WmVirHid.sys (manual start)
Logitech WingMan Translation Layer Driver: system32\drivers\WmXlCore.sys (manual start)
Centro de segurança: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
World Standard Teletext Codec: System32\DRIVERS\WSTCODEC.SYS (manual start)
Actualizações automáticas: %systemroot%\system32\svchost.exe -k netsvcs (autostart)
Configuração zero sem fios: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Serviço de fornecimento de rede: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
--------------------------------------------------
Enumerating Windows NT logon/logoff scripts:
*No scripts set to run*
Windows NT checkdisk command:
BootExecute = autocheck autochk *
Windows NT 'Wininit.ini':
PendingFileRenameOperations: *Registry value not found*
--------------------------------------------------
Enumerating ShellServiceObjectDelayLoad items:
PostBootReminder: C:\WINDOWS\system32\SHELL32.dll
CDBurn: C:\WINDOWS\system32\SHELL32.dll
WebCheck: C:\WINDOWS\System32\webcheck.dll
SysTray: C:\WINDOWS\System32\stobject.dll
--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run
{06731705-07E3-2070-0822-02020302015f} = "C:\Programas\Ficheiros comuns\{06731705-07E3-2070-0822-02020302015f}\Update.exe" mc-110-12-0000272
--------------------------------------------------
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run
*No values found*
--------------------------------------------------
End of report, 40.877 bytes
Report generated in 0,250 seconds
Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only
do you wish to look at a HJT scan log?