Forumi


Povratak   PC Ekspert Forum > Računala > Problemi > Softverski problemi
Osvježi stranicu HijackThis - How To + logovi
Ime
Lozinka

Odgovori
Stranica 1 od 17 1 234511 Zadnja »
 
Uređivanje
Staro 05.12.2005., 15:03   #1
atha
Moderator
Moj komp
 
atha's Avatar
 
Datum registracije: Jan 2005
Lokacija: Rijeka
Postovi: 8,918
Post HijackThis - How To + logovi
Koliko vidim, cesto ljudi postaju svoje logove iz ovog programcica, a bilo bi i vrijeme da svatko nesto nauci o tome.

Preuzeo sam dijelove teksta s neke stranice, preveo malo radi lakseg snalazenja i to bi trebalo izgledati nekako ovako odnosno ovako bi trebalo koristiti HijackThis 2.0.2.

Bilo bi dobro prije svakog HijackThis scana izvrtiti CWShredder. Programcic uklanja sve klonove cool web search trojana i njegovu mutiranu bracu.

Takodjer je dobro provrtiti i BHODemon koji uklanja browser helper objekte.

Trenutno radim s jos nekim programcicem koji se pokazao vrlo dobrim. Ako me u skorije vrijeme ne prevari ili lose obavi posao, preporucit cu i njega za rad odnosno uklanjanje spywarea.

Dakle, da krenemo. Najbolje je HijackThis pokrenuti u safe modu, makar moze i u normalnom modu, ako racunalo nije nakrcano spywareima te je otezan rad na racunalu.

Otvorite Task Manager (CTRL+ALT+DEL). Otvorite karticu s procesima te za svaki od dolje navedenih datoteka, a da se nalaze u HijackThis logu, oznacite proces i ugasite ga.
CHKINIT.EXE
DLLHOST.EXE
NVCTRL.EXE
REGSERV.EXE
DLLSERV.EXE
TMNTSRV32.EXE
RMCTRL.EXE (ne gasiti ako se koristi power dvd.)
RUNDLL.EXE
SMSSU.EXE
MSSEARCHNET.EXE
Ukloniti svaku stavku koja se nalazi pod:
C:\Documents and Settings\[username]\Local Settings\Temp\neko_ime.EXE
R0 & R1
Ukloniti svaki koji je povezan s gore spomenutim .exe datotekama.
Ukloniti svaki koji zavrshava s = about:blank
R3:
Ukloniti svaki s (no name) ili (no file) ili (file missing) ili (Default URLSearchHook is missing)
O1 - Hosts:
Ukloniti sve.
O2 - BHO:
Ukloniti svaki s (no name) ili (no file) ili (file missing) te ukloniti:

C:\WINDOWS\SYSTEM\DSKTRF.DLL
C:\WINDOWS\SYSTEM32\winb2s32.dll
C:\WINDOWS\multimpp.dll
C:\WINDOWS\systb.dll
C:\WINDOWS\cfgmgr52.dll
C:\WINDOWS\xxxx.tmp
C:\WINDOWS\System32\yyyy.tmp
O3 - Toolbar:
Begin2Search.com Bar - {clsid-number} - C:\WINDOWS\SYSTEM\WINB2S32.DLL

odnosno bilo koji toolbar u IE koji ne koristite.
O4 - HKxx\..\Run [_neki od dolje navedenih_]: ako postoje koji od dolje navedenih .exe datoteka
RUNDLL32 AUNPS2.DLL,_Run@16
"C:\Program Files\AutoUpdate\AutoUpdate.exe"
bcvsrv32.exe
RunDLL32.EXE C:\WINDOWS\cfgmgr52.dll,DllRun <<== izbrisati samo cfgmgr52.dll
C:\WINDOWS\conscorr.exe
internat.exe
loadqm.exe
C:\WINNT\mmups.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\MsMovies\MsMovies.exe
C:\Program Files\MsUpdate\MsUpdate.exe
oddtreg.exe
C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART
updatesp2.exe
C:\WINDOWS\system32\svc.exe
C:\Program Files\TV Media\Tvm.exe
C:\WINDOWS\System32\twink64.exe blabla..
C:\WINDOWS\System32\vidctrl\vidctrl.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\PROGRA~1\AWS\WEATHE~1\Weather.exe 1
C:\Program Files\Winamp\winampA.exe <-- Spelling!
C:\Program Files\Windows ControlAd\WinCtlAd.exe and/or WinCtlAdALT.EXE
winlog.exe
C:\WINDOWS\winupdate.exe
C:\WINDOWS\winupdates.exe
C:\Program Files\winsupdater\winsupdater.exe
C:\WINDOWS\System32\wintask.exe
C:\Program Files\Common Files\WinTools\WToolsA.exe
..\Web Offer\WO.EXE
..\WildTangent\ANYTHING......
O4 - HKLM\..\RunServices:
[Bcvsrv32] bcvsrv32.exe
[sp2update] updatesp2.exe
[] winlog.exe

AKO IMATE NEKI OD GORE NAVEDENIH, Start > Run > services.msc
pronadjite ga, stop (ako se vrti u pozadini) i postaviti na disabled.
O4 - Global Startup:
Reboot.exe
_bilo koji_.lnk = ?
O4 - Startup:
PowerReg Scheduler V3.exe
O9 - Extra button:
Ukloniti sve s (file missing)

WeatherBug - {clsid-number} - C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (HKCU)
O10:
Pod O10 se najcesce javljaju neki hijackeri poput
New.Net / WebHancer / CommonName

O14 - IERESET.INF:
SEARCH_PAGE_URL= [blank]
START_PAGE_URL= [blank]
O15 - Trusted Zone:
Ukloniti sve bez obzira na ime. Ako niste sigurni za neke, pitajte.
O16 - DPF:
Takodjer ukloniti sve bez obzira na ime.
O17 - HKLM...
Ukloniti ako IP adrese nisu od vaseg ISP posluzitelja, dakle, dialeri i druge instance nisu pozeljne.
O23 - Service:
Popraviti svaki s (file missing)
Naravno, nove stvari se pojavljuju dnevno, tako da je tesko sve navesti. Ako niste sigurni za neke i mislite da ih koristite, postajte temu pod ovim podforumom i vec ce vam netko dati odgovor sto ukloniti, a sto ne.

Costa, molim ispravi me, ako je sto krivo ili ako ima nesto za nadodati...

Update:

Takodjer uz cwshredder preporucam koristenje AboutBustera koji uklanja razne varijante cws trojana, jednostavan je za upotrebu i besplatan.

Upute za Brute Force Uninstaller i uklanjanje EGDAccessa:
- raspakirajte ga u neki direktorij, npr. C:\BFU
- desni klik na http://metallica.geekstogo.com/EGDACCESS.bfu i odaberite
Save As odnosno Save Link As ili Save Target As (ovisno o internet pregledniku)
za download EGDACCESS Remover Toola
- spremite ga u direktorij koji ste malo prije otvorili (C:\BFU)
- pokrenite Brute Force Uninstaller dvoklikom na BFU.exe
- u polju "scriptline to execute" upisite C:\bfu\EGDACCESS.bfu
- klik na execute i neka pocne
- pricekaj da zavrsi i izadjite iz programa
DOMY: Malo sam editirao post radi lakše preglednosti i updateao linkove.
__________________
___________
HTPC: Intel Core2Duo E8500 × ATI Sapphire HD4670 HDMI × 2x 1GB DDR2 × Samsung 160GB ×
Lenovo Key+Mouse × Philips 49PFS5501 LED TV × Technics SA-EH780 5.1 × Windows 10
Laptop1: Lenovo x100e w/Windows 10
Zadnje izmijenjeno od: atha. 24.08.2008. u 14:47.
atha je offline   Reply With Quote
Staro 05.12.2005., 16:52   #2
Costa
Moderator
 
Costa's Avatar
 
Datum registracije: Aug 2003
Lokacija: Zagreb
Postovi: 3,193
Dobro si to slozio. Evo par linkova od mene:

Automatska provjera HijackThisovog loga. Potrebno je pasteati ili uploadati log i stisnuti "Analyze". Sve je lijepo objasnjeno, ali se svejedno treba biti oprezan jer ipak je to samo skripta.
http://www.hijackthis.de/en

Stranice na kojima se moze dobiti informacija o nekom programu preko njegovog naziva.
http://www.sysinfo.org/startuplist.php
http://www.processlibrary.com/
http://castlecops.com/StartupList.html

Stranice na koje se moze uploadati file te on biva skeniran s vise antivirusnih programa.
http://www.virustotal.com/ (trenutno koristi 22 antivirusa)
http://virusscan.jotti.org/ (trenutno koristi 14 antivirusa)
Costa je offline   Reply With Quote
Oglasni prostor
Oglas
 
Oglas
Staro 24.12.2006., 19:35   #3
Isus
Headbangig Grunf!
Moj komp
 
Isus's Avatar
 
Datum registracije: Aug 2003
Lokacija: headbanger's ball
Postovi: 4,372
Najbolje vam je napraviti slijedeće postat HJT log na hijackthis.de, izbaci mišljenje o tome jel neki proces dobr ili ne, a ako želite kompletni popis svega je izvrstan tool silentrunners-->http://www.silentrunners.org/.

E sad pošto silent runners ima jako ali stvarno jako detaljan log, ne vjerujem da bi sve stalo u jedan post je najbolje napraviti sve od loga u txt. formatu i hostat ga tak da se može sve vidjet, a d anema straha da s ekod copy paste procesa nekaj uspjelo zaboraviti.

Uz to imate jedan jako koristan forum na netu
www.windowsbbs.com, kao i www.bleepingcomputer.com, to su jasno dodaten opcije ukoliko želite imati još jedno dodatno mišljenje uz ovo koje bi dobili ovdje.
__________________
Porsche 6cyl.boxer se hladi zrakom komp se hladi vodom!
Chairman of G.M.S. , Heavy Metal Thunder!
Former member of PCE 100+kg demolition squad
Grunf je moj idol!
Moji Grunf type modovi
NB:Mini Monster NB,VGA:Ye Monster C!, Ye Monster D!,Abit NB:Abit mini Monster,PSU:Ultra Monster!
Alfisti site, Alfisti forum
Isus je offline   Reply With Quote
Staro 01.03.2007., 18:37   #4
domy_os
EMP moderator
 
domy_os's Avatar
 
Datum registracije: Apr 2005
Lokacija: Osijek
Postovi: 18,395
Evo odlučio malo počistit ovu temu jer se razvukla kao glista...

U ovaj post ću staviti samo nepoželjne stavke, ako nekome zatreba... Unosi pored kojih piše (file missing) ili (no file) se mogu brisati bez razmišljanja. Posloženo je po abecedi, gledao sam samo naziv datoteke (podebljano).

C:\WINDOWS\System32\atmclk.exe

O4 - HKLM\..\Run: [AttuneClientEngine] C:\PROGRA~1\Aveo\Attune\bin\attune_ce.exe

O16 - DPF: {D7BF3304-138B-4DD5-86EE-491BB6A2286C} - http://www.azebar.com/install/azesearch.cab

O2 - BHO: ZToolbar Activator Class - {da7ff3f8-08be-4cac-bc00-94d91c6ae7f4} - C:\WINDOWS\system32\azesearch4.ocx

O3 - Toolbar: AZE Search - {a19ef336-01d4-48e6-926a-fe7e1c747aed} - C:\WINDOWS\system32\azesearch4.ocx

O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe

C:\WINDOWS\system32\bgsvcgen.exe

O4 - HKLM\..\Run: [Windows Update] C:\WINDOWS\System32\bfzvb.exe

C:\WINDOWS\System32\dcomcfg.exe

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O9 - Extra button: Researcher - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Common Files\Microsoft Shared\Encarta Researcher\EROPROJ.DLL

F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\system32\fservice.exe

O2 - BHO: Nothing - {f79fd28e-36ee-4989-aa61-9dd8e30a82fa} - C:\WINDOWS\System32\hp100.tmp

O2 - BHO: AddressBar Class - {f65b197f-8260-4d52-909a-f70118e646eb} - C:\WINDOWS\system32\iasada.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll

C:\Program Files\Common Files\Bentley Shared\IEG\IEGLCS\IEGLicSrv.exe

O23 - Service: Bentley License Client (IEGLicSrv) - Bentley Systems Inc. - C:\Program Files\Common Files\Bentley Shared\IEG\IEGLCS\IEGLicSrv.exe

c:\progra~1\intern~1\iexplore.exe

O2 - BHO: iMeshBar BHO - {5345A7A1-805A-4923-B505-86B2FEBA3FE0} - C:\Program Files\iMeshBar\bar\1.bin\IMESHBAR.DLL

O3 - Toolbar: iMeshBar - {5345A7A9-805A-4923-B505-86B2FEBA3FE0} - C:\Program Files\iMeshBar\bar\1.bin\IMESHBAR.DLL

O2 - BHO: DownloadRedirect Class - {00000000-6CB0-410C-8C3D-8FA8D2011D0A} - C:\Program Files\iMesh\iMesh5\iMeshBHO.dll

O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll

C:\WINDOWS\system32\mwsrvacc.exe

O20 - Winlogon Notify: IPConfTSP - D:\WINDOWS\system32\n82ulif9182.dll

O23 - Service: Network Monitor - Unknown owner - C:\Programme\Network Monitor\netmon.exe

C:\Programme\Network Monitor\netmon.exe

O2 - BHO: URLLink Class - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Program Files\NewDotNet\newdotnet6_38.dll

C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe

O21 - SSODL: J0DBIEAI - {27756FCF-6C23-64EE-2766-36E42B692DD0} - C:\WINDOWS\System32\Nofffn32.dll

O2 - BHO: QuickSearch Search Bar - {82315A18-6CFB-44a7-BDFD-90E36537C252} - C:\Program Files\QuickSearch\QuickSearchBar1_27.dll

O3 - Toolbar: QuickSearch Search Bar - {82315A18-6CFB-44a7-BDFD-90E36537C252} - C:\Program Files\QuickSearch\QuickSearchBar1_27.dll

O4 - HKLM\..\Run: [jxjcjzaduvy] C:\WINDOWS\System32\rbivra.exe

C:\Program Files\Save\Save.exe

O3 - Toolbar: Crack Find Search - {A6790AA5-C6C7-4BCF-A46D-0FDAC4EA90EB} - C:\WINDOWS\SrchPlug.dll

O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll

O2 - BHO: (no name) - {72AB6B47-F4DC-2BB3-CEAB-F0E286EDA08D} - C:\DOCUME~1\DRAGAN~1\APPLIC~1\SIXTHD~1\thesave.exe

O21 - SSODL: mtklefap - {45C9F337-9238-403C-8FAE-A31EB6B2AEE4} - C:\WINDOWS\System32\vhjadq32.dll

C:\WINDOWS\system32\webupdate.exe

O20 - Winlogon Notify: winmbj32 - winmbj32.dll

R3 - URLSearchHook: AutoSearch Class - {1E432263-6841-4653-8F02-366A2F77E339} - C:\PROGRA~1\WIACA5~1\WinSB1.DLL

O2 - BHO: EventHandler Class - {9FB534E3-67CB-4307-AE0A-9E8B5581BE2C} - C:\PROGRA~1\WIACA5~1\WinSB1.DLL

O3 - Toolbar: Windows Search Bar - {A1DD937D-71E1-4BB5-BD5D-1B01B9CB1C2F} - C:\PROGRA~1\WIACA5~1\WinSB1.DLL

O4 - HKLM\..\Run: [Windows Ndis Driver] WinSys32s.exe

O4 - HKLM\..\RunServices: [Windows Ndis Driver] WinSys32s.exe

O4 - HKCU\..\Run: [Windows Ndis Driver] WinSys32s.exe

O4 - HKLM\..\Run: [WindUpdates] C:\Program Files\WindUpdates\WinUpdt.exe

O4 - HKLM\..\RunServices: [navp.exe] wupdate.exe

O20 - Winlogon Notify: winzdn32 - C:\WINDOWS\SYSTEM32\winzdn32.dll

F2 - REG:system.ini: UserInit=C:\Windows\System32\wsaupdater.exe

O2 - BHO: C:\WINDOWS\system32\zgCrypt.dll - {8A5849C4-93F3-429D-FF34-660A2068897C} - C:\WINDOWS\system32\zgCrypt.dll
__________________
"Kako su krojači novog svjetskog poretka uspjeli u tako kratko vrijeme slomiti intelektualne sposobnosti društva, uništiti kritičku svijest i ljudima nametnuti izvrnutu logiku?"

Nisu slomili u kratko vrijeme. Slamali su godinama, desetljećima pa i stoljećima. Svaka odgledana epizoda Big Brothera, svaki dečko koji ne zna niti promijeniti žarulju, a kamoli uzeti sjekiru i pocijepati drva, svaka cura koja misli da je briga za vlastitu obitelj robija, ali rad za par tisuća kuna u korporaciji 12 sati dnevno blagodat, svako promicanje terora političke korektnosti, svaka podrška promociji svih oblika poremećenosti… Sve to nas je dovelo do ovdje. Korona je samo zakucavanje lopte u gol nakon što je obrana već izigrana i golman odletio u prazno.



Lenovo ThinkPad T14 Gen 2 + Lenovo ThinkPad Universal Thunderbolt 4 Dock

CPU: Intel Core i7-1165G7 @ 2.8 GHz
RAM: 2 x 16 GB DDR4-3200
SSD: Samsung 970 EVO Plus 2 TB NVMe M.2
LCD: 14" FHD IPS 400nits Low Power
WLAN: Intel Wi-Fi 6 AX201
WWAN: Quectel EM120R-GL 4G LTE CAT12
OS: Windows 11 Pro

LCD monitor: AOC AG493UCX
Keyboard: Razer Huntsman V2 Analog
Mice: Logitech G502 Proteus Spectrum
SB: Mackie Onyx Producer 2x2
Speakers: 2 x JBL LSR305
MFP: Canon Pixma MP240
NAS: Synology DS420+ with 4 x WD Red Pro 8 TB
HDD Dock: LC Power LC-DOCK-U3-CR + 12 x Hitachi/Samsung/Seagate/WD 1/2 TB

Zadnje izmijenjeno od: domy_os. 02.03.2007. u 10:08.
domy_os je offline   Reply With Quote
Staro 16.03.2007., 21:56   #5
Flytech
galaxy 2 galaxy
Moj komp
 
Flytech's Avatar
 
Datum registracije: Aug 2006
Lokacija: Zg
Postovi: 74
hijack this log
Citiraj:
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\gearsec.exe
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\UtilKit\DLULMeterFree\UKDUMFree.exe
C:\Program Files\Asus\ASUS WiFi-AP Solo\RtWLan.exe
C:\Program Files\HJT\analyse.exe.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1B6C7936-6B20-44C0-8409-7FE3C9FEC501} - (no file)
O2 - BHO: LightFrame3IECOM - {43D29D14-460E-4F3A-9037-E60F11EF12F0} - C:\WINDOWS\system32\LightFrame3IECOM.dll
O2 - BHO: (no name) - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: (no name) - {C3178C97-FE42-4A9F-8574-C9BF97524A17} - C:\WINDOWS\system32\mljkkji.dll
O2 - BHO: (no name) - {CA904713-251C-4DFA-9DBE-49EB3671682D} - C:\WINDOWS\system32\vtstr.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdmcks.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: (no name) - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - (no file)
O4 - HKLM\..\Run: [JMB36X Configure] C:\WINDOWS\system32\JMRaidTool.exe boot
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [SpyHunter] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TelekomatXP] C:\Program Files\UtilKit\DLULMeterFree\UKDUMFree.exe
O4 - HKCU\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS Master\Monitor.exe -NoStart
O4 - HKCU\..\Run: [RtWLan (ASUS) Application] C:\Program Files\Asus\ASUS WiFi-AP Solo\RtWLan.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O20 - Winlogon Notify: geeby - C:\WINDOWS\system32\geeby.dll (file missing)
O20 - Winlogon Notify: mljkkji - C:\WINDOWS\SYSTEM32\mljkkji.dll
O20 - Winlogon Notify: vtstr - C:\WINDOWS\system32\vtstr.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: gearsec - GEAR Software - C:\WINDOWS\system32\gearsec.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe