• 1
  • 2
2008-04-27, 22:04
  #1
Medlem
Ngon som vet vad tusan det r?
Varje gng jag loggar in p mitt konto efter att ha startat datorn fr jag ett meddelande att C:/Windows/System32/tfhevilu.dll inte kan lsas in. Jag har googlat tfhevilu.dll men inga trffar.

Meddelandet brjade komma upp fr ngon vecka sen efter att jag gjort en super-antispyware scan. Datorn funkar fortfarande fint men bara strande att f det meddelandet hela tiden.
Citera
2008-04-27, 22:32
  #2
Medlem
927s avatar
det betyder att filen r borta men inte registerposten, gr en hijackthis logg och kolla igenom den och d speciellt raderna 02, 04, 020
Citera
2008-04-27, 23:13
  #3
Medlem
jovisst finns den bland 04. Ska jag kryssa i fix checked p den?
Citera
2008-04-28, 06:26
  #4
Medlem
927s avatar
ja

det finns inga 02, file missing?
__________________
Senast redigerad av 927 2008-04-28 kl. 06:28.
Citera
2008-04-28, 06:31
  #5
Medlem
CodeMANs avatar
Angende filnamnet: En del trojaner anvnder slumpmssiga bokstver i filnamnet fr att inte bli igenknda. Hittar du ingenting efter lite googlande s r filen skert skum.
Citera
2008-04-28, 10:45
  #6
Medlem
Citat:
Ursprungligen postat av 927
ja

det finns inga 02, file missing?

Ja en, en annan dll fil.
Citera
2008-04-28, 17:08
  #7
Medlem
927s avatar
posta HJT loggen
Citera
2008-04-28, 17:11
  #8
Medlem
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:10:20, on 2008-04-28
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\dlcxcoms.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\libusbd-nt.exe
C:\WINDOWS\runservice.exe
C:\Program\Eset\nod32krn.exe
C:\Program\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\stsystra.exe
C:\Program\CyberLink\PowerDVD\PDVDServ.exe
C:\Program\Dell Photo AIO Printer 926\dlcxmon.exe
C:\Program\Dell Photo AIO Printer 926\memcard.exe
C:\Program\Delade filer\InstallShield\UpdateService\issch.exe
C:\Program\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program\QuickTime\qttask.exe
C:\Program\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program\Eset\nod32kui.exe
C:\Program\Corel\Corel Photo Album 6\MediaDetect.exe
C:\Program\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program\Delade filer\Ahead\Lib\NMBgMonitor.exe
C:\Program\MSN Messenger\msnmsgr.exe
C:\Program\DAEMON Tools\daemon.exe
C:\Program\Spybot - Search & Destroy\TeaTimer.exe
C:\Program\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program\Windows Media Player\WMPNSCFG.exe
C:\Program\Personal\bin\Personal.exe
C:\Program\Delade filer\Ahead\Lib\NMIndexingService.exe
C:\Program\Delade filer\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program\Delade filer\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program\MSN Messenger\usnsvc.exe
C:\Program\Mozilla Firefox\firefox.exe
C:\Program\GDS\TEW2007\TEW2007.exe
C:\Program\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Lnkar
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Delade filer\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1F8D2A05-2798-4F4D-9242-AF9671DE845B} - (no file)
O2 - BHO: (no name) - {2926DB7A-8767-42E9-A270-5EF80AFEFEC5} - (no file)
O2 - BHO: (no name) - {3615EE58-6F38-47BA-9DD9-C99BD611C6A6} - C:\WINDOWS\system32\jkkklli.dll (file missing)
O2 - BHO: (no name) - {51A17EA7-6F7F-4177-BCB9-8A1D968FCF51} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {6FAD1B2E-D759-4F59-865D-4C9A14DD1D9B} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: (no name) - {83A0B850-152C-4497-A785-D5AF61FED2E7} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program\Delade filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: (no name) - {F394A6D0-1816-4E3C-B325-72C4CA2C91A7} - (no file)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [ATIPTA] "C:\Program\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [RemoteControl] C:\Program\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [LanguageShortcut] C:\Program\CyberLink\PowerDVD\Language\Language.ex e
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program\Dell PC Fax\fm3032.exe" /s
O4 - HKLM\..\Run: [dlcxmon.exe] "C:\Program\Dell Photo AIO Printer 926\dlcxmon.exe"
O4 - HKLM\..\Run: [MemoryCardManager] "C:\Program\Dell Photo AIO Printer 926\memcard.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program\Delade filer\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program\Delade filer\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DLCXCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCXtim e.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [nod32kui] "C:\Program\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program\Delade filer\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program\Corel\Corel Photo Album 6\MediaDetect.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Program\Winamp\winampa.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program\Delade filer\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJNST')
O4 - HKUS\S-1-5-19\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.v bs" (User 'LOKAL TJNST')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'LOKAL TJNST')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOKAL TJNST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.v bs" (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.v bs" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.v bs" (User 'Default user')
O4 - Startup: Last.fm Helper.lnk = C:\Program\Last.fm\LastFMHelper.exe
O4 - Startup: Skrmurklipp och start fr OneNote 2007.lnk = C:\Program\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Personal.lnk = C:\Program\Personal\bin\Personal.exe
O8 - Extra context menu item: Append to existing PDF - res://C:\Program\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
Citera
2008-04-28, 17:11
  #9
Medlem
del 2

O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\j2re1.4.1\bin\npjpi141.dll
O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\j2re1.4.1\bin\npjpi141.dll
O9 - Extra button: Skicka till OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Ski&cka till OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/...x/qtplugin.cab
O16 - DPF: {5CD4310E-88FB-43C1-BE24-5F3FA9C5C9D1} (KooPlayer Control) - http://www.tvlution.com/KooPlayer.ocx
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.4.1) - http://javadl-esd.sun.com/update/1.4...ndows-i586.cab
O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.one.microsoft.com/.../en/crlocx.ocx
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: jkkklli - jkkklli.dll (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program\Delade filer\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: dlcx_device - - C:\WINDOWS\system32\dlcxcoms.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program\Delade filer\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: LibUsb-Win32 - Daemon, Version 0.1.10.1 (libusbd) - http://libusb-win32.sourceforge.net - C:\WINDOWS\system32\libusbd-nt.exe
O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\WINDOWS\runservice.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NBService - Nero AG - C:\Program\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program\Delade filer\Ahead\Lib\NMIndexingService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program\Eset\nod32krn.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program\CyberLink\Shared files\RichVideo.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 12946 bytes
Citera
2008-04-28, 17:15
  #10
Medlem
927s avatar
bocka fr och fixa dessa

O2 - BHO: (no name) - {1F8D2A05-2798-4F4D-9242-AF9671DE845B} - (no file)
O2 - BHO: (no name) - {2926DB7A-8767-42E9-A270-5EF80AFEFEC5} - (no file)
O2 - BHO: (no name) - {3615EE58-6F38-47BA-9DD9-C99BD611C6A6} - C:\WINDOWS\system32\jkkklli.dll (file missing)
O2 - BHO: (no name) - {51A17EA7-6F7F-4177-BCB9-8A1D968FCF51} - (no file)

O20 - Winlogon Notify: jkkklli - jkkklli.dll (file missing)
Citera
2008-04-28, 17:17
  #11
Medlem
ok. tack 927 du r verkligen en gud inom data
Citera
2008-05-11, 17:51
  #12
Medlem
Ephedrines avatar
Citat:
Ursprungligen postat av 927
bocka fr och fixa dessa

O2 - BHO: (no name) - {1F8D2A05-2798-4F4D-9242-AF9671DE845B} - (no file)
O2 - BHO: (no name) - {2926DB7A-8767-42E9-A270-5EF80AFEFEC5} - (no file)
O2 - BHO: (no name) - {3615EE58-6F38-47BA-9DD9-C99BD611C6A6} - C:\WINDOWS\system32\jkkklli.dll (file missing)
O2 - BHO: (no name) - {51A17EA7-6F7F-4177-BCB9-8A1D968FCF51} - (no file)

O20 - Winlogon Notify: jkkklli - jkkklli.dll (file missing)


Kan du hjlpa mig ox tro?
Jag har problem med en massa dll filer. Formaterade om datorn idag.
Jag har krt ett program som rttar till ngra av dll felen jag hade.Den hittade 36st men de r 19 kvar som inte gick att reparera. Hr e min Hijack logg iaf.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:48:37, on 2008-05-11
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\CTHELPER.EXE
C:\Program\CE-Infosys\[ClosedTalk]\closedtalk.exe
C:\Program\CE-Infosys\IdentityManagement\sso.exe
C:\Program\CE-Infosys\CompuSec\rme.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program\MSN Messenger\MsnMsgr.Exe
C:\Program\Uniblue\RegistryBooster 2\RegistryBooster.exe
c:\windows\system32\ceisvc.exe
C:\Program\MSN Messenger\usnsvc.exe
C:\WINDOWS\System32\wuauclt.exe
D:\World of Warcraft Trial\WoW.exe
C:\Program\Mozilla Firefox\firefox.exe
C:\Program\Windows Media Player\wmplayer.exe
C:\Program\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Lnkar
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Identity Management for IE - {ED83DAF3-2655-4172-BE9B-02973E346F53} - C:\WINDOWS\System32\IEPhantom.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] C:\Program\Creative\SBLive\PROGRAM\ADGJDet.exe
O4 - HKLM\..\Run: [[ClosedTalk]] C:\Program\CE-Infosys\[ClosedTalk]\closedtalk.exe autostart silent
O4 - HKLM\..\Run: [Identity Management] C:\Program\CE-Infosys\IdentityManagement\sso.exe
O4 - HKLM\..\Run: [Removable Media Utility] C:\Program\CE-Infosys\CompuSec\rme.exe
O4 - HKLM\..\Run: [Disk Utility] C:\Program\CE-Infosys\CompuSec\BE.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJNST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/micr...?1210497192270
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1210497185208
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: CE-Infosys Security System (CE-Infosys Security Service) - CE-Infosys GmbH - c:\windows\system32\ceisvc.exe

--
End of file - 3642 bytes
Citera
  • 1
  • 2

Skapa ett konto eller logga in för att kommentera

Du måste vara medlem för att kunna kommentera

Skapa ett konto

Det är enkelt att registrera ett nytt konto

Bli medlem

Logga in

Har du redan ett konto? Logga in här

Logga in