Godt, det skulle være her..
Logfile of HijackThis v1.99.0
Scan saved at 18:15:05, on 31-01-2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Fælles filer\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Programmer\Fælles filer\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\ATI-CPanel\atiptaxx.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Programmer\Winamp\winampa.exe
C:\Programmer\Fælles filer\Symantec Shared\ccApp.exe
C:\Programmer\Java\jre1.5.0\bin\jusched.exe
C:\Programmer\Picasa2\PicasaMediaDetector.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\??chost.exe
C:\Programmer\Internet Explorer\iexplore.exe
c:\progra~1\intern~1\iexplore.exe
C:\Programmer\Spyware Doctor\swdoctor.exe
C:\Programmer\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe
C:\Programmer\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe
C:\Programmer\WinZip\WZQKPICK.EXE
C:\Programmer\Norton AntiVirus\navapsvc.exe
C:\Programmer\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\system32\slserv.exe
C:\Programmer\Messenger\msmsgs.exe
C:\Programmer\Fælles filer\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Flemming\Skrivebord\hijackthis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://www.lyiaykzovzxwf.net/geAXPvVmyA4Xfz3yF/KkigC3BGNfdOtVeUeZ_T0yyZ82w6S3kTgEhkxnr8nu5U3Q.htmlR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.google.dk/R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\about.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {38AB1D2B-9A3A-29C6-8001-61557BF77F1D} - C:\WINDOWS\system32\bmihm.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programmer\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: (no name) - {A46A91E9-262E-346D-5638-FBF52CC82D73} - C:\PROGRA~1\gpl4show\waveamok.exe (file missing)
O2 - BHO: (no name) - {A8BDE138-2CDF-5A20-D13D-08C5497D1190} - C:\WINDOWS\system32\cilki.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programmer\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {FFA9644F-BBF0-3035-0001-E013E81DB5BF} - C:\DOCUME~1\Flemming\APPLIC~1\gpl4show\waveamok.exe
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programmer\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ATIPTA] C:\ATI-CPanel\atiptaxx.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NAV_Update] C:\NAV_Update.exe
O4 - HKLM\..\Run: [kind stop gram four] C:\Documents and Settings\All Users\Application Data\curblinkkindstop\global internet.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Programmer\Winamp\winampa.exe
O4 - HKLM\..\Run: [ccApp] "C:\Programmer\Fælles filer\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Spyware Stormer] C:\Programmer\Spyware Stormer\SpywareStormer.Exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmer\Java\jre1.5.0\bin\jusched.exe
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Programmer\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [Build plus mix size] C:\Documents and Settings\All Users\Application Data\first boob build plus\Htmbait.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [meal vc] C:\DOCUME~1\Flemming\APPLIC~1\GlueCurb\HOPEDEBUGFLAW.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmer\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Hdkhrm] C:\WINDOWS\system32\??chost.exe
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Programmer\Spyware Doctor\swdoctor.exe" /Q
O4 - Global Startup: Picture Package Menu.lnk = ?
O4 - Global Startup: Picture Package VCD Maker.lnk = ?
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Programmer\WinZip\WZQKPICK.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Erotik - {95347D30-555E-4534-A05F-2229074E0A88} -
http://www.porno.dk (file missing)
O9 - Extra 'Tools' menuitem: Erotik... - {95347D30-555E-4534-A05F-2229074E0A88} -
http://www.porno.dk (file missing)
O9 - Extra button: Sol Dating - {D5721FC7-8FBE-4d71-9C65-9718CFA078A8} -
http://www.soldating.dk (file missing)
O9 - Extra 'Tools' menuitem: Sol Dating... - {D5721FC7-8FBE-4d71-9C65-9718CFA078A8} -
http://www.soldating.dk (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra button: Corel Network monitor worker - {FE11D4F0-33FD-4E0C-894B-D1B4DB68C63F} - C:\WINDOWS\System32\intlmain.dll
O9 - Extra 'Tools' menuitem: Corel Network monitor worker - {FE11D4F0-33FD-4E0C-894B-D1B4DB68C63F} - C:\WINDOWS\System32\intlmain.dll
O9 - Extra button: Corel Network monitor worker - {FE11D4F0-33FD-4E0C-894B-D1B4DB68C63F} - C:\WINDOWS\System32\intlmain.dll (HKCU)
O9 - Extra 'Tools' menuitem: Corel Network monitor worker - {FE11D4F0-33FD-4E0C-894B-D1B4DB68C63F} - C:\WINDOWS\System32\intlmain.dll (HKCU)
O16 - DPF: {1230CB21-C88D-11CF-B347-000000000000} -
http://www.eingang69.de/EroticAccess/cabs/1786015.cabO16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1095562902156O23 - Service: Symantec Event Manager - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\ccSetMgr.exe
O23 - Service: LexBce Server - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norton AntiVirus Auto Protect - Symantec Corporation - C:\Programmer\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Programmer\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service - Symantec Corporation - C:\PROGRA~1\FLLESF~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: SmartLinkService - Unknown - slserv.exe (file missing)
O23 - Service: SymWMI Service - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\Security Center\SymWSC.exe
håber det er i orden nu :)