ComboFix 08-08-14.05 - Torstein 2008-08-15 23:25:16.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1044.18.525 [GMT 2:00]
Running from: C:\Documents and Settings\Torstein\Skrivebord\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\Torstein\Cookies\torstein@2o7[2].txt
C:\Documents and Settings\Torstein\Cookies\
[email protected][1].txt
C:\Documents and Settings\Torstein\Cookies\
[email protected][1].txt
C:\Documents and Settings\Torstein\Cookies\
[email protected][1].txt
C:\Documents and Settings\Torstein\Cookies\
[email protected][1].txt
C:\Documents and Settings\Torstein\Cookies\torstein@adtrgt[3].txt
C:\Documents and Settings\Torstein\Cookies\torstein@advertising[1].txt
C:\Documents and Settings\Torstein\Cookies\torstein@aftonbladet[2].txt
C:\Documents and Settings\Torstein\Cookies\torstein@aggregateknowledge[2].txt
C:\Documents and Settings\Torstein\Cookies\torstein@clicktorrent[2].txt
C:\Documents and Settings\Torstein\Cookies\
[email protected][2].txt
C:\Documents and Settings\Torstein\Cookies\
[email protected][2].txt
C:\Documents and Settings\Torstein\Cookies\torstein@go[1].txt
C:\Documents and Settings\Torstein\Cookies\
[email protected][1].txt
C:\Documents and Settings\Torstein\Cookies\torstein@indextools[2].txt
C:\Documents and Settings\Torstein\Cookies\torstein@insightexpressai[1].txt
C:\Documents and Settings\Torstein\Cookies\torstein@minnesparere[1].txt
C:\Documents and Settings\Torstein\Cookies\torstein@revsci[1].txt
C:\Documents and Settings\Torstein\Cookies\torstein@serving-sys[2].txt
C:\Documents and Settings\Torstein\Cookies\
[email protected][2].txt
C:\Documents and Settings\Torstein\Cookies\torstein@statcounter[1].txt
C:\Documents and Settings\Torstein\Cookies\
[email protected][3].txt
C:\Documents and Settings\Torstein\Cookies\
[email protected][2].txt
C:\Documents and Settings\Torstein\Cookies\torstein@tradedoubler[1].txt
C:\Documents and Settings\Torstein\Cookies\
[email protected][1].txt
C:\Documents and Settings\Torstein\Cookies\
[email protected][1].txt
C:\Documents and Settings\Torstein\Programdata\macromedia\Flash Player\#SharedObjects\B35G4LCJ\interclick.com
C:\Documents and Settings\Torstein\Programdata\macromedia\Flash Player\#SharedObjects\B35G4LCJ\interclick.com\ud.sol
C:\Documents and Settings\Torstein\Programdata\macromedia\Flash Player\#SharedObjects\B35G4LCJ\www.broadcaster.com
C:\Documents and Settings\Torstein\Programdata\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com
C:\Documents and Settings\Torstein\Programdata\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com\settings.sol
C:\Documents and Settings\Torstein\Programdata\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com
C:\Documents and Settings\Torstein\Programdata\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com\settings.sol
C:\Programfiler\Fellesfiler\{7C16E~1
C:\WINDOWS\asks~1
C:\WINDOWS\Downloaded Program Files\setup.inf
C:\WINDOWS\system32\__c00C212F.dat
C:\WINDOWS\system32\~.exe
C:\WINDOWS\system32\btfunc.dll
C:\WINDOWS\system32\klkkj.ini2
C:\WINDOWS\system32\klkkj.tmp
C:\WINDOWS\system32\kotgbjos.ini
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\smante~1
C:\WINDOWS\system32\wapicc.exe
C:\xcrashdump.dat
.
((((((((((((((((((((((((( Files Created from 2008-07-15 to 2008-08-15 )))))))))))))))))))))))))))))))
.
2008-08-12 02:03 . 2008-08-12 02:04 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Lavasoft
2008-08-11 01:45 . 2008-08-11 01:45 <DIR> d-------- C:\Programfiler\Avira
2008-08-11 01:45 . 2008-08-11 01:45 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Avira
2008-08-11 00:08 . 2008-08-11 00:08 <DIR> d-------- C:\Documents and Settings\Torstein\Programdata\Command & Conquer 3 Kane's Wrath
2008-08-10 23:12 . 2007-10-12 15:14 3,734,536 --a------ C:\WINDOWS\system32\d3dx9_36.dll
2008-08-10 23:12 . 2006-11-29 13:06 3,426,072 --a------ C:\WINDOWS\system32\d3dx9_32.dll
2008-08-10 23:12 . 2007-10-12 15:14 1,374,232 --a------ C:\WINDOWS\system32\D3DCompiler_36.dll
2008-08-10 23:12 . 2007-10-02 09:56 444,776 --a------ C:\WINDOWS\system32\d3dx10_36.dll
2008-08-10 23:12 . 2007-10-22 03:39 267,272 --a------ C:\WINDOWS\system32\xactengine2_10.dll
2008-08-10 23:12 . 2007-10-22 03:37 17,928 --a------ C:\WINDOWS\system32\X3DAudio1_2.dll
2008-08-10 23:02 . 2008-08-10 23:02 <DIR> d-------- C:\Programfiler\7-Zip
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-11 11:22 --------- d-----w C:\Programfiler\AmiBroker
2008-08-10 22:32 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2008-08-04 23:16 --------- d-----w C:\Programfiler\PartyGaming
2008-07-14 01:48 --------- d-----w C:\Programfiler\Betsafe Poker
2008-07-07 20:33 253,952 ----a-w C:\WINDOWS\system32\es.dll
2008-07-01 00:43 --------- d-----w C:\Documents and Settings\Torstein\Programdata\ArcSoft
2008-06-30 00:19 --------- d-----w C:\Documents and Settings\Torstein\Programdata\Microgaming
2008-06-24 16:24 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
2008-06-23 16:57 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-06-20 17:43 246,784 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2007-02-04 17:18 87,608 ----a-w C:\Documents and Settings\Torstein\Programdata\ezpinst.exe
2007-02-04 17:18 47,360 ----a-w C:\Documents and Settings\Torstein\Programdata\pcouffin.sys
2006-08-26 00:33 8 --sh--r C:\WINDOWS\system32\261B95E57E.sys
2006-08-26 00:33 2,514 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-09-29 16:52 15360]
"Creative Detector"="C:\Programfiler\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-02 18:23 102400]
"LogitechSoftwareUpdate"="C:\Programfiler\Logitech\Video\ManifestEngine.exe" [2005-06-08 14:44 196608]
"SweetIM"="C:\Programfiler\Macrogaming\SweetIM\SweetIM.exe" [2006-06-06 11:07 40960]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTDVDDET"="C:\Programfiler\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE" [2003-06-18 01:00 45056]
"RCSystem"="C:\Programfiler\Creative\Shared Files\Module Loader\DLLML.exe" [2005-06-16 18:25 49152]
"AudioDrvEmulator"="C:\Programfiler\Creative\Shared Files\Module Loader\DLLML.exe" [2005-06-16 18:25 49152]
"VolPanel"="C:\Programfiler\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" [2005-07-11 11:34 122880]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 01:00 90112]
"ATICCC"="C:\Programfiler\ATI Technologies\ATI.ACE\cli.exe" [2005-08-12 14:43 45056]
"NeroCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 02:50 155648]
"Adobe Photo Downloader"="C:\Programfiler\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 23:46 57344]
"DAEMON Tools-1033"="C:\Programfiler\D-Tools\daemon.exe" [2004-08-22 17:05 81920]
"SunJavaUpdateSched"="C:\Programfiler\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 02:11 132496]
"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2005-07-19 17:32 221184]
"LogitechVideoRepair"="C:\Programfiler\Logitech\Video\ISStart.exe" [2005-06-08 15:24 458752]
"LogitechVideoTray"="C:\Programfiler\Logitech\Video\LogiTray.exe" [2005-06-08 15:14 217088]
"SweetIM"="C:\Programfiler\Macrogaming\SweetIM\SweetIM.exe" [2006-06-06 11:07 40960]
"Omnipage"="C:\Programfiler\ScanSoft\OmniPageSE\opware32.exe" [2002-02-20 21:01 49152]
"avgnt"="C:\Programfiler\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 14:28 266497]
"RTHDCPL"="RTHDCPL.EXE" [2005-12-19 08:52 15797248 C:\WINDOWS\RTHDCPL.exe]
"CTHelper"="CTHELPER.EXE" [2005-08-08 00:10 16384 C:\WINDOWS\CTHELPER.EXE]
"CTxfiHlp"="CTXFIHLP.EXE" [2005-08-08 00:10 18944 C:\WINDOWS\system32\CTXFIHLP.EXE]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-09-29 16:51 110592 C:\WINDOWS\system32\bthprops.cpl]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-09-29 16:52 15360]
C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\
Adobe Reader Speed Launch.lnk - C:\Programfiler\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 03:38:16 29696]
BTTray.lnk - C:\Programfiler\Belkin\Bluetooth-programvare\BTTray.exe [2005-08-24 15:06:54 577597]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.X264"= x264vfw.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Programfiler\\BitComet\\BitComet.exe"=
"C:\\Programfiler\\Messenger\\msmsgs.exe"=
"C:\\Programfiler\\MSN Messenger\\msncall.exe"=
"C:\\StubInstaller.exe"=
"C:\\Programfiler\\LimeWire\\LimeWire.exe"=
"C:\\Programfiler\\LimeWire\\uninstall.exe"=
"C:\\Programfiler\\MSN Messenger\\msnmsgr.exe"=
"C:\\Programfiler\\MSN Messenger\\livecall.exe"=
"C:\\Programfiler\\Betsafe Poker\\UA.exe"=
"C:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=
"C:\\WINDOWS\\system32\\rtcshare.exe"=
"C:\\Programfiler\\NetMeeting\\conf.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Documents and Settings\\All Users\\Dokumenter\\Mine videoer\\mIRC\\mirc.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"15154:TCP"= 15154:TCP:BitComet 15154 TCP
"15154:UDP"= 15154:UDP:BitComet 15154 UDP
"8715:TCP"= 8715:TCP:BitComet 8715 TCP
"8715:UDP"= 8715:UDP:BitComet 8715 UDP
"49152:TCP"= 49152:TCP:BitComet 49152 TCP
"49152:UDP"= 49152:UDP:BitComet 49152 UDP
"65534:TCP"= 65534:TCP:BitComet 65534 TCP
"65534:UDP"= 65534:UDP:BitComet 65534 UDP
"13778:TCP"= 13778:TCP:BitComet 13778 TCP
"13778:UDP"= 13778:UDP:BitComet 13778 UDP
"45024:TCP"= 45024:TCP:BitComet 45024 TCP
"45024:UDP"= 45024:UDP:BitComet 45024 UDP
"9218:TCP"= 9218:TCP:BitComet 9218 TCP
"9218:UDP"= 9218:UDP:BitComet 9218 UDP
"45000:TCP"= 45000:TCP:BitComet 45000 TCP
"45000:UDP"= 45000:UDP:BitComet 45000 UDP
"29156:TCP"= 29156:TCP:BitComet 29156 TCP
"29156:UDP"= 29156:UDP:BitComet 29156 UDP
R1 cpuidlep;CpuIdle Pro System Driver;C:\WINDOWS\system32\drivers\cpuidlep.sys [2006-07-27 18:50]
R3 ha20x2k;Creative 20X HAL Driver;C:\WINDOWS\system32\drivers\ha20x2k.sys [2005-08-07 23:54]
S3 ComFiltr;Panda Anti-Dialer;C:\WINDOWS\system32\DRIVERS\COMFiltr.sys []
S3 PavSRK.sys;PavSRK.sys;C:\WINDOWS\system32\PavSRK.sys []
S3 PavTPK.sys;PavTPK.sys;C:\WINDOWS\system32\PavTPK.sys []
.
- - - - ORPHANS REMOVED - - - -
HKCU-Run-msnmsgr - ~C:\Programfiler\MSN Messenger\msnmsgr.exe
Notify-__c00C212F - C:\WINDOWS\system32\__c00C212F.dat
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Torstein\Programdata\Mozilla\Firefox\Profiles\9goxpogy.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.sol.no/
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2008-08-15 23:36:08
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\Programfiler\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\Programfiler\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Programfiler\Belkin\Bluetooth-programvare\bin\btwdins.exe
C:\WINDOWS\system32\CTXFISPI.EXE
C:\WINDOWS\system32\CTSVCCDA.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Programfiler\Logitech\Video\FxSvr2.exe
C:\Programfiler\Belkin\Bluetooth-programvare\BTStackServer.exe
C:\Programfiler\Creative\ShareDLL\CADI\NotiMan.exe
C:\Programfiler\Java\jre1.6.0_03\bin\jucheck.exe
.
**************************************************************************
.
Completion time: 2008-08-15 23:44:26 - machine was rebooted
ComboFix-quarantined-files.txt 2008-08-15 21:44:23
Pre-Run: 28,247,957,504 byte ledig
Post-Run: 29,151,920,128 byte ledig
208 --- E O F --- 2008-08-14 18:37:00
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:47:19, on 15.08.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programfiler\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\SYSTEM32\Ati2evxx.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Programfiler\Creative\Shared Files\Module Loader\DLLML.exe
C:\Programfiler\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe
C:\Programfiler\ATI Technologies\ATI.ACE\cli.exe
C:\Programfiler\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Programfiler\D-Tools\daemon.exe
C:\Programfiler\Belkin\Bluetooth-programvare\bin\btwdins.exe
C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Programfiler\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Programfiler\Logitech\Video\LogiTray.exe
C:\Programfiler\MSN Messenger\msnmsgr.exe
C:\Programfiler\ScanSoft\OmniPageSE\opware32.exe
C:\Programfiler\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programfiler\Creative\MediaSource\Detector\CTDetect.exe
C:\Programfiler\Belkin\Bluetooth-programvare\BTTray.exe
C:\Programfiler\Logitech\Video\FxSvr2.exe
C:\PROGRA~1\Belkin\BLUETO~1\BTSTAC~1.EXE
C:\Programfiler\Creative\ShareDLL\CADI\NotiMan.exe
C:\WINDOWS\System32\svchost.exe
C:\Programfiler\ATI Technologies\ATI.ACE\cli.exe
C:\Programfiler\ATI Technologies\ATI.ACE\cli.exe
C:\Programfiler\Java\jre1.6.0_03\bin\jucheck.exe
C:\WINDOWS\explorer.exe
C:\Programfiler\Internet Explorer\iexplore.exe
C:\Programfiler\MSN Messenger\usnsvc.exe
C:\Programfiler\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.sol.no/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft....k/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft....k/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft....k/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft....k/?LinkId=69157R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (file missing)
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Programfiler\BitComet\tools\BitCometBHO_1.1.11.30.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: SYSTRAN Toolbar - {95daa571-4def-4a6d-97d8-98a346672a24} - mscoree.dll (file missing)
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [CTDVDDET] "C:\Programfiler\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE"
O4 - HKLM\..\Run: [RCSystem] "C:\Programfiler\Creative\Shared Files\Module Loader\DLLML.exe" RCSystem * -Startup
O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Programfiler\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Programfiler\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
O4 - HKLM\..\Run: [VolPanel] "C:\Programfiler\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" /r
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [ATICCC] "C:\Programfiler\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Programfiler\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Programfiler\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programfiler\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Programfiler\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Programfiler\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [SweetIM] C:\Programfiler\Macrogaming\SweetIM\SweetIM.exe
O4 - HKLM\..\Run: [Omnipage] C:\Programfiler\ScanSoft\OmniPageSE\opware32.exe
O4 - HKLM\..\Run: [avgnt] "C:\Programfiler\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Creative Detector] C:\Programfiler\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] C:\Programfiler\Logitech\Video\ManifestEngine.exe boot
O4 - HKCU\..\Run: [SweetIM] C:\Programfiler\Macrogaming\SweetIM\SweetIM.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programfiler\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BTTray.lnk = ?
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send til &Bluetooth - C:\Programfiler\Belkin\Bluetooth-programvare\btsendto_ie_ctx.htm
O9 - Extra button: PartyCasino - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - C:\Programfiler\PartyGaming\PartyCasino\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyCasino - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - C:\Programfiler\PartyGaming\PartyCasino\RunApp.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programfiler\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programfiler\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programfiler\Belkin\Bluetooth-programvare\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programfiler\Belkin\Bluetooth-programvare\btsendto_ie.htm
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Programfiler\BitComet\tools\BitCometBHO_1.1.11.30.dll/206 (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) -
http://messenger.zon...kr.cab31267.cabO16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) -
http://messenger.zon...nt.cab31267.cabO16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) -
http://messenger.zon...er.cab31267.cabO16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) -
http://cdn.scan.onec...lscbase4009.cabO16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
http://update.micros...b?1151161646328O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) -
http://messenger.zon...nt.cab31267.cabO16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) -
http://cdn2.zone.msn...ro.cab55579.cabO16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) -
http://messenger.zon...nt.cab56907.cabO16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) -
http://messenger.zon...wn.cab31267.cabO16 - DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} (Flash Casino Helper Object) -
https://yukongold.mi...ld/FlashAX2.cabO17 - HKLM\System\CCS\Services\Tcpip\..\{D18C051D-CC8B-4F64-8705-7B9A984D10C4}: NameServer = 192.168.1.1
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programfiler\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Programfiler\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Programfiler\Belkin\Bluetooth-programvare\bin\btwdins.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\11\Intel 32\IDriverT.exe
--
End of file - 9898 bytes