Logfile of HijackThis v1.99.1 Scan saved at 11:12:08, on 16.03.2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\Programfiler\Comodo\COMODO Internet Security\cmdagent.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Programfiler\Avira\AntiVir Desktop\sched.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\ctfmon.exe C:\Programfiler\FastStone Capture\FSCapture.exe C:\Programfiler\Avira\AntiVir Desktop\avguard.exe C:\Programfiler\Java\jre6\bin\jqs.exe C:\Programfiler\CDBurnerXP\NMSAccessU.exe C:\Programfiler\Sandboxie\SbieSvc.exe C:\Programfiler\Comodo\COMODO Internet Security\cfp.exe C:\Programfiler\Opera 10.50 Beta\opera.exe C:\Programfiler\BitMeter\BitMeter2.exe C:\Programfiler\POP Peeper\POPPeeper.exe C:\Programfiler\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aftenposten.no/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Startup: FastStone Capture.lnk = C:\Programfiler\FastStone Capture\FSCapture.exe O4 - Global Startup: Bitmeter2.lnk = C:\Programfiler\BitMeter\BitMeter2.exe O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O11 - Options group: [INTERNATIONAL] International O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll O20 - Winlogon Notify: !SASWinLogon - C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\ O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: a-squared Free Service (a2free) - Unknown owner - C:\Programfiler\a-squared Free\a2service.exe O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Programfiler\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Programfiler\Avira\AntiVir Desktop\avguard.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Programfiler\Comodo\COMODO Internet Security\cmdagent.exe O23 - Service: ES lite Service for program management. (ES lite Service) - Unknown owner - C:\Programfiler\Gigabyte\EasySaver\ESSVR.EXE O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Programfiler\Fellesfiler\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Unknown owner - C:\Programfiler\Fellesfiler\InstallShield\Driver\11\Intel 32\IDriverT.exe (file missing) O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Programfiler\Java\jre6\bin\jqs.exe" -service -config "C:\Programfiler\Java\jre6\lib\deploy\jqs\jqs.conf (file missing) O23 - Service: Windows Installer (MSIServer) - Unknown owner - C:\WINDOWS\system32\msiexec.exe O23 - Service: NMSAccessU - Unknown owner - C:\Programfiler\CDBurnerXP\NMSAccessU.exe O23 - Service: Sandboxie Service (SbieSvc) - tzuk - C:\Programfiler\Sandboxie\SbieSvc.exe