Det tog lidt tid, jeg er ikke for skrap til det her, sorry:
Logfile of HijackThis v1.99.0
Scan saved at 23:52:01, on 12-02-2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\Programmer\FSI\F-Prot\fpavupdm.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\MSupdate.exe
C:\WINDOWS\System32\rundlI32.exe
C:\WINDOWS\soundman.exe
C:\Programmer\Winamp3\winampa.exe
C:\PROGRA~1\B'SCLI~1\Win2K\BSCLIP.exe
C:\PROGRA~1\NETRAT~1\Premeter\prmt.exe
C:\Programmer\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\webHancer\Programs\whSurvey.exe
C:\Program Files\webHancer\Programs\whAgent.exe
C:\WINDOWS\System32\wupdate.exe
C:\WINDOWS\System32\WIND0WS.exe
C:\WINDOWS\System32\updsrv.exe
C:\WINDOWS\System32\winidx32.exe
C:\Programmer\ISTsvc\istsvc.exe
C:\WINDOWS\gbalfhv.exe
C:\Program Files\Internet Optimizer\optimize.exe
C:\programmer\180solutions\sais.exe
C:\WINDOWS\System32\SahAgent.exe
C:\WINDOWS\System32\systemm.exe
C:\documents and settings\2s-kj\lokale indstillinger\temp\fsg_tmp\ginst_001.exe
C:\Programmer\FSI\F-Prot\F-Sched.exe
C:\Programmer\FSI\F-Prot\F-StopW.EXE
C:\Program Files\Windows AdStatus\WinStat.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Programmer\Messenger\msmsgs.exe
C:\Program Files\Windows AdStatus\WinStatKeep.exe
C:\Programmer\Nikon\NkView6\NkvMon.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Web_Rebates\WebRebates1.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Programmer\Web_Rebates\WebRebates0.exe
C:\Program Files\Internet Optimizer\actalert.exe
F:\Ny mappe\hjt.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://www.couldnotfind.com/search_page.html?&account_id=156112R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
http://www.couldnotfind.com/search_page.html?&account_id=156112R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.web--search.comR1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
http://www.couldnotfind.com/search_page.html?&account_id=156112R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
R3 - URLSearchHook: StartBHO Class - {30192F8D-0958-44E6-B54D-331FD39AC959} - C:\WINDOWS\system32\webdlg32.dll
O2 - BHO: BHObj Class - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - C:\WINDOWS\nem220.dll (file missing)
O2 - BHO: CDownCom Class - {031B6D43-CBC4-46A5-8E46-CF8B407C1A33} - C:\WINDOWS\DOWNLO~1\ipreg32.dll
O2 - BHO: (no name) - {1D7E3B41-23CE-469B-BE1B-A64B877923E1} - C:\PROGRA~1\SEARCH~1\SEARCH~1.DLL
O2 - BHO: StartBHO Class - {30192F8D-0958-44E6-B54D-331FD39AC959} - C:\WINDOWS\system32\webdlg32.dll
O2 - BHO: BHObj Class - {8F4E5661-F99E-4B3E-8D85-0EA71C0748E4} - C:\WINDOWS\wsem303.dll
O2 - BHO: Explorer Class - {962F12AE-2773-4BEB-99EA-B5C3AB9A6606} - C:\WINDOWS\System32\DSMANA~1.DLL
O2 - BHO: BAHelper Class - {A3FDD654-A057-4971-9844-4ED8E67DBBB8} - C:\Programmer\SideFind\sfbho.dll
O2 - BHO: Pop Class - {A9AEE0DD-89E1-40EE-8749-A18650CC2175} - C:\WINDOWS\winsx.dll
O2 - BHO: WhIeHelperObj Class - {c900b400-cdfe-11d3-976a-00e02913a9e0} - C:\Program Files\webHancer\programs\whiehlpr.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: ISTbar - {5F1ABCDB-A875-46c1-8345-B72A4567E486} - C:\PROGRA~1\ISTbar\istbar.dll
O3 - Toolbar: Search Bar - {0E1230F8-EA50-42A9-983C-D22ABC2EED3B} - C:\WINDOWS\system32\webdlg32.dll
O4 - HKLM\..\Run: [SoundMan] soundman.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Programmer\Winamp3\winampa.exe"
O4 - HKLM\..\Run: [B'sCLiP] C:\PROGRA~1\B'SCLI~1\Win2K\BSCLIP.exe
O4 - HKLM\..\Run: [Premeter] C:\PROGRA~1\NETRAT~1\Premeter\prmt.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Programmer\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [webHancer Survey Companion] "C:\Program Files\webHancer\Programs\whSurvey.exe"
O4 - HKLM\..\Run: [webHancer Agent] "C:\Program Files\webHancer\Programs\whAgent.exe"
O4 - HKLM\..\Run: [MSN service] wupdate.exe
O4 - HKLM\..\Run: [WIND0WS] WIND0WS.exe
O4 - HKLM\..\Run: [Update Microsoft System] updsrv.exe
O4 - HKLM\..\Run: [Windows Indexing Service Extensions] winidx32.exe
O4 - HKLM\..\Run: [Windows RPC Monitor] MSupdate.exe
O4 - HKLM\..\Run: [Windows TM] rundlI32.exe
O4 - HKLM\..\Run: [IST Service] C:\Programmer\ISTsvc\istsvc.exe
O4 - HKLM\..\Run: [SsX0] C:\WINDOWS\gbalfhv.exe
O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"
O4 - HKLM\..\Run: [sais] c:\programmer\180solutions\sais.exe
O4 - HKLM\..\Run: [Power Scan] C:\Programmer\Power Scan\powerscan.exe
O4 - HKLM\..\Run: [SAHAgent] C:\WINDOWS\System32\SahAgent.exe
O4 - HKLM\..\Run: [Microsoft update service] systemm.exe
O4 - HKLM\..\Run: [Trickler] "c:\documents and settings\2s-kj\lokale indstillinger\temp\fsg_tmp\ginst_001.exe"
O4 - HKLM\..\Run: [FRISK FP-Scheduler] C:\Programmer\FSI\F-Prot\F-Sched.exe STARTUP
O4 - HKLM\..\Run: [F-StopW] C:\Programmer\FSI\F-Prot\F-StopW.EXE
O4 - HKLM\..\Run: [Windows AdStatus] C:\Program Files\Windows AdStatus\WinStat.exe
O4 - HKLM\..\Run: [WebRebates0] "C:\Programmer\Web_Rebates\WebRebates0.exe"
O4 - HKLM\..\Run: [loader32] C:\Programmer\Internet Explorer\IEXPLORE.EXE
O4 - HKLM\..\RunServices: [unitek] "C:\Program Files\unitek\unitekco.exe"
O4 - HKLM\..\RunServices: [MSN service] wupdate.exe
O4 - HKLM\..\RunServices: [WIND0WS] WIND0WS.exe
O4 - HKLM\..\RunServices: [Update Microsoft System] updsrv.exe
O4 - HKLM\..\RunServices: [Windows Indexing Service Extensions] winidx32.exe
O4 - HKLM\..\RunServices: [Windows RPC Monitor] MSupdate.exe
O4 - HKLM\..\RunServices: [Windows TM] rundlI32.exe
O4 - HKLM\..\RunServices: [Microsoft update service] systemm.exe
O4 - HKLM\..\RunOnce: [Windows RPC Monitor] MSupdate.exe
O4 - HKLM\..\RunOnce: [Windows TM] rundlI32.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmer\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Windows RPC Monitor] MSupdate.exe
O4 - HKCU\..\Run: [Windows TM] rundlI32.exe
O4 - HKCU\..\Run: [Update Microsoft System] updsrv.exe
O4 - HKCU\..\RunOnce: [Windows RPC Monitor] MSupdate.exe
O4 - HKCU\..\RunOnce: [Windows TM] rundlI32.exe
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmer\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: NkvMon.exe.lnk = C:\Programmer\Nikon\NkView6\NkvMon.exe
O8 - Extra context menu item: Web Rebates -
file://C:\Programmer\Web_Rebates\Sy1150\Tp1150\scri1150a.htmO9 - Extra button: SideFind - {10E42047-DEB9-4535-A118-B3F6EC39B807} - C:\Programmer\SideFind\sidefind.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\MSMSGS.EXE
O10 - Hijacked Internet access by WebHancer
O10 - Hijacked Internet access by WebHancer
O10 - Hijacked Internet access by WebHancer
O10 - Hijacked Internet access by WebHancer
O10 - Hijacked Internet access by WebHancer
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} -
http://static.windupdates.com/cab/ClickYesToContinue/ie/bridge-c437.cabO16 - DPF: {386A771C-E96A-421F-8BA7-32F1B706892F} (Installer Class) -
http://www.xxxtoolbar.com/ist/softwares/v4.0/0006_regular.cabO17 - HKLM\System\CCS\Services\Tcpip\..\{FE889BE1-068F-4830-AE75-5DB0FAFB802C}: NameServer = 194.239.134.83,193.162.153.164
O23 - Service: Ati HotKey Poller - Unknown - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: F-Prot Antivirus Update Monitor - FRISK Software - C:\Programmer\FSI\F-Prot\fpavupdm.exe
O23 - Service: Windows PnP Driver - Unknown - C:\WINDOWS\System32\winpnp.exe