Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Messages - Ikakun

Pages: [1]
1
Tech Clinic / spywares?
« on: May 13, 2005, 09:05:13 PM »
So I format my pc and installed winxp now
I hijacked and I was wondering what can I delete
here is the first log
Logfile of HijackThis v1.99.1
Scan saved at 22:58:45, on 13/5/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\MsgSys.EXE
C:\Arquivos de programas\iTunes\iTunesHelper.exe
C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe
C:\Arquivos de programas\iPod\bin\iPodService.exe
C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7Debug\mdm.exe
C:\ARQUIV~1\MSNGAM~1\zone.exe
C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE
C:\ARQUIV~1\MSNGAM~1\zproxy.exe
C:\ARQUIV~1\MSNGAM~1\zclient.exe
C:\WINDOWS\system32\msiexec.exe
C:\Documents and Settings\Windows\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Arquivos de programas\iTunes\iTunesHelper.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe" /background
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmesse...pdownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{4C996D95-CE3D-4E55-A187-C0DE2915C068}: NameServer = 200.204.0.10 200.204.0.138
O17 - HKLM\System\CCS\Services\Tcpip\..\{4EEE852D-D49B-4616-A89D-D65C88E9432B}: Domain = @
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Arquivos de programas\iPod\bin\iPodService.exe

2
Tech Clinic / Coolwwwsearch & EffectiveBandToolbar
« on: May 08, 2005, 06:07:17 PM »
this program is only for windows 2k and XP, mine is ME..

3
Tech Clinic / Coolwwwsearch & EffectiveBandToolbar
« on: May 07, 2005, 08:16:42 PM »
ok tks a lot for that one, ran again the spsehijfix on safe mode and i made to remove shopathome
i also ran ad aware se, found aroun 300 infected objects, removed and quarinted most of them or them all
also ran the fixaprop and found some entries and fixed it too

here is the new log for hijack
Logfile of HijackThis v1.99.1
Scan saved at 22:15:55, on 7/5/2005
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v5.50 (5.50.4134.0100)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\ATIUPDPL.EXE
C:\ARQUIVOS DE PROGRAMAS\ARQUIVOS COMUNS\MICROSOFT SHARED\VS7DEBUG\MDM.EXE
C:\ARQUIVOS DE PROGRAMAS\ARQUIVOS COMUNS\SYSTEM\MOSEARCH\BIN\MOSEARCH.EXE
C:\ARQUIVOS DE PROGRAMAS\MESSENGERPLUS! 3\MSGPLUS.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\SYSTEM\SVCHOST.SCR
C:\WINDOWS\SYSTEM\SVCHOST.SCR
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM32\XPSP2FW.EXE
C:\ARQUIVOS DE PROGRAMAS\WINAMP\WINAMPA.EXE
C:\WINDOWS\SYSTEM\PAYTIME.EXE
C:\WINDOWS\MIXER.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\IUC0_QC.EXE
C:\WINDOWS\SYSTEM\CTFMON.EXE
C:\WP.EXE
C:\WINDOWS\SYSTEM\PAYTIME.EXE
C:\ARQUIVOS DE PROGRAMAS\MSN MESSENGER\MSNMSGR.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\UNZIPPED\HIJACKTHIS2\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://81.222.131.49/index.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\TEMP\se.dll/spage.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://81.222.131.49/index.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://81.222.131.49/index.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\TEMP\se.dll/spage.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://81.222.131.49/index.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://81.222.131.49/index.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://81.222.131.49/index.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 168.234.181.154:3128
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\ARQUIVOS DE PROGRAMAS\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL (disabled by BHODemon)
O2 - BHO: BAHelper Class - {A3FDD654-A057-4971-9844-4ED8E67DBBB8} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHELPER.DLL (disabled by BHODemon)
O2 - BHO: (no name) - {C91703D2-FAFB-41B8-821A-7FFC70203755} - C:\WINDOWS\SYSTEM\LFAP.DLL
O4 - HKLM\..\Run: [atiupdpl] C:\WINDOWS\SYSTEM\atiupdpl.exe
O4 - HKLM\..\Run: [CARTAO] C:\WINDOWS\SYSTEM\svchost.scr
O4 - HKLM\..\Run: [SVCHOST] C:\WINDOWS\SYSTEM\svchost.scr
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [XPSP2 Firewall] C:\WINDOWS\system32\xpsp2fw.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [WinampAgent] "C:\ARQUIVOS DE PROGRAMAS\WINAMP\WINAMPa.exe"
O4 - HKLM\..\Run: [c4AA86ihR] C:\WINDOWS\SJJEOPJ.EXE
O4 - HKLM\..\Run: [PayTime] C:\WINDOWS\SYSTEM\paytime.exe
O4 - HKLM\..\Run: [Security iGuard] C:\ARQUIVOS DE PROGRAMAS\SECURITY IGUARD\SECURITY IGUARD.EXE
O4 - HKLM\..\Run: [KAVPersonal50] C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe /minimize
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [projselector] "C:\Arquivos de programas\Arquivos comuns\Roxio Shared\Project Selector\projselector.exe" -r
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Arquivos de programas\Arquivos comuns\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Arquivos de programas\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Arquivos de programas\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"
O4 - HKLM\..\Run: [sp] rundll32 C:\WINDOWS\TEMP\SE.DLL,DllInstall
O4 - HKLM\..\RunServices: [atiupdpl] C:\WINDOWS\SYSTEM\atiupdpl.exe
O4 - HKLM\..\RunServices: [MDM7] "C:\ARQUIVOS DE PROGRAMAS\ARQUIVOS COMUNS\MICROSOFT SHARED\VS7DEBUG\MDM.EXE"
O4 - HKLM\..\RunServices: [MOSearch] C:\ARQUIV~1\ARQUIV~1\SYSTEM\MOSEARCH\BIN\MOSEARCH.EXE
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [MessengerPlus3] "C:\Arquivos de programas\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [kavsvc] C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe
O4 - HKCU\..\Run: [atiupdpl] C:\WINDOWS\SYSTEM\atiupdpl.exe
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Arquivos de programas\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [ZAv8RWfmR] IUC0_QC.EXE
O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
O4 - HKCU\..\Run: [WindowsFY] C:\WP.EXE
O4 - HKCU\..\Run: [Windows Update Client ] C:\WINDOWS\system32\wuclient.exe
O4 - HKCU\..\Run: [PayTime] C:\WINDOWS\SYSTEM\paytime.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\ARQUIVOS DE PROGRAMAS\MSN MESSENGER\MSNMSGR.EXE" /background
O4 - Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~1\OFFICE10\EXCEL.EXE/3000
O15 - Trusted Zone: http://ny.contentmatch.net (HKLM)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/cha...v45/yacscom.cab
O16 - DPF: {329D10B1-1C70-11D6-B49A-0040C7A63343} (ChatWebX Control) - http://servers.centraldejogos.com.br/chatweb/ChatWeb.cab
O16 - DPF: {341FF14B-00CB-49F5-A427-A164DF1D5E1F} (MALPlaybackCtrl Class) - http://musicstore.connect.com/assets/activ...ALStreaming.cab
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/cha...t/c381/chat.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O16 - DPF: {D9CE2963-8547-4C18-A4CE-DA27278310D8} (CActiveInstaller Object) - http://download.uol.com.br/discadorUOL/lig...tiveInstall.cab
O16 - DPF: {11111111-1111-1111-1111-511111113457} - file://c:\x.cab
O16 - DPF: {11111111-1111-1111-1111-111111113457} - file://c:\ied_s7.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmesse...pdownloader.cab
O16 - DPF: {11111111-1111-1111-1111-511111113458} - file://c:\x.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab31267.cab
O16 - DPF: {F1835D04-7CCF-489E-8184-C08A1F682169} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com/AppD...sharingctrl.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/183c74a4f6b91f...RdxIE601_it.cab
O18 - Filter: text/html - {BEA153F8-CAEC-4220-B014-35EACFE7D30E} - C:\WINDOWS\SYSTEM\LFAP.DLL
O18 - Filter: text/plain - {BEA153F8-CAEC-4220-B014-35EACFE7D30E} - C:\WINDOWS\SYSTEM\LFAP.DLL

but i guess the main problem is still not solved, I still have no control over my desktop and the pop ups and home of my IE.

4
Tech Clinic / Coolwwwsearch & EffectiveBandToolbar
« on: May 07, 2005, 05:03:54 PM »
ok a few problems
as I said my comp doesnt start on safe mode, f8 does nothing I know it sounds weird but it doesnt work (win ME)

second, i ran SpSeHjfix109.exe two times, rebooted the two times, here is the log of the last one:
(5/7/05 18:53:05) SPSeHjFix started v1.09
(5/7/05 18:53:05) OS: WinME  (4.90.73010104)
(5/7/05 18:53:05) Language: português
(5/7/05 18:53:37) Disinfect started
(5/7/05 18:53:37) Bad-Dll(IEP): (not found)
(5/7/05 18:53:37) Bad-Dll(IEP) in BHO: (not found)
(5/7/05 18:53:37) Searchassistant Uninstaller found: regsvr32 /s /u C:\WINDOWS\SYSTEM\LFAP.DLL  
(5/7/05 18:53:37) Searchassistant Uninstaller - Keys Deleted
(5/7/05 18:53:37) UBF: 6
(5/7/05 18:53:37) UBB: 6
(5/7/05 18:53:37) FilterKey: HKCR\text/html (deleted)
(5/7/05 18:53:37) FilterKey: HKLM\SOFTWARE\Classes\text/html (error while deleting)
(5/7/05 18:53:37) FilterKey: HKCR\CLSID\{E859D392-B9BD-4757-A654-D987C90D6FE7} (deleted)
(5/7/05 18:53:37) FilterKey: HKCR\text/plain (deleted)
(5/7/05 18:53:37) FilterKey: HKLM\SOFTWARE\Classes\text/plain (error while deleting)
(5/7/05 18:53:37) FilterKey: HKCR\CLSID\{E859D392-B9BD-4757-A654-D987C90D6FE7} (error while deleting)
(5/7/05 18:53:37) BHO-Key: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{70A37112-0FF7-40FF-8B4A-90BA3E373ED9} (deleted)
(5/7/05 18:53:37) BHO-Key: HKCR\CLSID\{70A37112-0FF7-40FF-8B4A-90BA3E373ED9} (deleted)
(5/7/05 18:53:37) UBR: 32
(5/7/05 18:53:37) Run-Key: HKLM\Software\Microsoft\Windows\CurrentVersion\Run\sp=rundll32 C:\WINDOWS\TEMP\SE.DLL,DllInstall (deleted)
(5/7/05 18:53:37) Bad IE-pages:
deleted: HKCU\Software\Microsoft\Internet Explorer\Main, Search Page: about:blank
deleted: HKCU\Software\Microsoft\Internet Explorer\Main, HomeOldSP: about:blank
deleted: HKCU\Software\Microsoft\Internet Explorer\Search, SearchAssistant: about:blank
deleted: HKLM\Software\Microsoft\Internet Explorer\Main, Search Page: about:blank
deleted: HKLM\Software\Microsoft\Internet Explorer\Main, HomeOldSP: about:blank
deleted: HKLM\Software\Microsoft\Internet Explorer\Search, SearchAssistant: about:blank
(5/7/05 18:53:37) Stealth-String not found:
(5/7/05 18:53:37) File added to delete: c:\windows\system\lfap.dll  
(5/7/05 18:53:37) File added to delete: c:\windows\system\lfap.dll
(5/7/05 18:53:37) File added to delete: c:\windows\temp\se.dll
(5/7/05 18:53:37) Reboot
(5/7/05 18:54:26) SPSeHjFix 2nd Step
(5/7/05 18:54:26) RunServicesOnce-Key: (edited)
(5/7/05 18:54:31) Cleaned

thought i couldnt use on safe mode, i left only Explorer oppened, closing on the manager (ctrl alt del)

now im running FixAprop.exe and will continue
on add/remove programs, i didnt find the ShopAtHome, but is almost sure I have it here
the iguard security i could remove
for now just these probs, no safe mode and no ShopAtHome found

5
Tech Clinic / Coolwwwsearch & EffectiveBandToolbar
« on: May 06, 2005, 10:00:57 PM »
Hello, could you help me? Ive searched on google and found someone with the same problem but didnt understand quite well the solution. My comp can not create a reestore point as well.
This is the hijack log, i already used spybot search & destroy, he finds the two registries infected but doesnt remove it. hijack doesnt work as find it too, ad aware also useless.
As you should know my desktop is bugged, i have no control of it.
Plz help me if you can
btw, how the hell do I start my comp on safe mode with windows ME?
tks

Logfile of HijackThis v1.97.7
Scan saved at 23:54:18, on 6/5/2005
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v5.50 (5.50.4134.0100)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\ARQUIVOS DE PROGRAMAS\MSN MESSENGER\MSNMSGR.EXE
C:\ARQUIVOS DE PROGRAMAS\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\DESKTOP\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\TEMP\se.dll/spage.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\TEMP\se.dll/spage.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
O2 - BHO: (no name) - {9348B8AB-5206-41E5-B267-C3396D275B90} - C:\WINDOWS\SYSTEM\LFAP.DLL
O4 - HKLM\..\Run: [sp] rundll32 C:\WINDOWS\TEMP\SE.DLL,DllInstall
O4 - HKCU\..\Run: [msnmsgr] "C:\ARQUIVOS DE PROGRAMAS\MSN MESSENGER\MSNMSGR.EXE" /background
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub/shock...ash/swflash.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwa...director/sw.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {0000000A-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/d/4...0367/wmavax.CAB

Pages: [1]