hijack log

Hey...vores netværksmand påstår denne maskine står og spørger efter en amerikansk IP/URL hele dagen og brugeren mener ik der er installeret noget specielt! Kan I se noget udfra loggen ?
Jeg har lige for god ordens skyld x'et vores domænenavn ud ! Bare sådan fordi...

Logfile of HijackThis v1.98.1
Scan saved at 12:23:58, on 05-08-2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\drivers\trcboot.exe
C:\Programmer\IBM\Personal Communications\PCS_AGNT.EXE
C:\Programmer\Rational\ClearCase\bin\albd_server.exe
C:\Programmer\network associates\alert manager\amgrsrvc.exe
C:\Programmer\Rational\ClearCase\bin\cccredmgr.exe
C:\WINNT\system32\Iusvc\1.3\iusvc.exe
C:\Tivoli\lcf\bin\w32-ix86\mrt\LCFD.EXE
C:\Programmer\Rational\ClearCase\bin\lockmgr.exe
C:\Programmer\Network Associates\Common Framework\FrameworkService.exe
C:\Programmer\Network Associates\VirusScan\mcshield.exe
C:\Programmer\Network Associates\VirusScan\vstskmgr.exe
C:\Programmer\Fælles filer\Microsoft Shared\VS7Debug\mdm.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\System32\drivers\ldlcserv.exe
C:\WINNT\Explorer.EXE
C:\Tivoli\lcf\bin\w32-ix86\mrt\lcfep.exe
C:\WINNT\System32\hkcmd.exe
C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe
C:\Programmer\QuickTime\qttask.exe
C:\Programmer\Logitech\MouseWare\system\em_exec.exe
C:\Programmer\Network Associates\VirusScan\SHSTAT.EXE
C:\Programmer\Network Associates\Common Framework\UpdaterUI.exe
C:\Programmer\Microsoft ActiveSync\WCESCOMM.EXE
C:\Programmer\Internet Explorer\IEXPLORE.EXE
C:\PROGRA~1\MICROS~2\Office10\OUTLOOK.EXE
C:\Programmer\TextPad 4\TextPad.exe
C:\Programmer\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\jek\Skrivebord\hjt.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://intranet.x.dk/names.nsf?Login
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://intranet.x.dk
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer leveret af Intern Teknik, version 5
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://x.dk/x.xxx
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.x.dk:80
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmer\google\googletoolbar1.dll
O2 - BHO: QUICKfind BHO Object - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\Programmer\TEXTware\QUICKfind\PlugIns\IEHelp.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmer\google\googletoolbar1.dll
O4 - HKLM\..\Run: [lcfep] "C:\Tivoli\lcf\bin\w32-ix86\mrt\lcfep.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINNT\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\System32\hkcmd.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WinampAgent] "C:\Programmer\Winamp3\winampa.exe"
O4 - HKLM\..\Run: [SniIK_Engine] C:\WINNT\sniik\SNIIK.EXE /u /a
O4 - HKLM\..\Run: [ShStatEXE] "C:\Programmer\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Programmer\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programmer\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - Startup: Genvej til ip.bat.lnk = ?
O4 - Global Startup: Gyldendals Røde Ordbøger.lnk = C:\Programmer\TEXTware\Illuminator 2\Illview02.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Google Search - res://c:\programmer\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://c:\programmer\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://c:\programmer\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Si&milar Pages - res://c:\programmer\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\programmer\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\System32\msjava.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Programmer\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programmer\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programmer\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O14 - IERESET.INF: START_PAGE_URL=http://intranet.x.dk
O15 - Trusted Zone: *.bec.dk
O16 - DPF: {045C8B41-7413-4924-995C-89877BA921D4} (NamoWeCtl 5.0 for Namo_M) - http://www.namo.com/products/activesquare/tryit/intranet/NamoWec_M.cab
O16 - DPF: {0CEBBA12-2058-4D21-8253-6532EB97852F} (BEC3270 Control) - http://x.dk/common/applet/x70.cab
O16 - DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} (MeadCo ScriptX Basic) - http://www.meadroid.com/scriptx/ScriptX.cab
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab
O16 - DPF: {61F9E302-68A7-4E14-9DFB-CB52E328E800} (KaldOKR.UserControl1) - http://x.dk/static/KaldOKR.CAB
O16 - DPF: {6CB5E471-C305-11D3-99A8-000086395495} - http://toolbar.google.com/data/da/big/1.1.62-big/GoogleNav.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2003120501/housecall.antivirus.com/housecall/xscan53.cab
O16 - DPF: {74FFE28D-2378-11D5-990C-006094235084} (IBM Access Support) - https://www.ibm.com/pc/support/access/sdccommon/download/IbmEgath.cab
O16 - DPF: {9059F30F-4EB1-4BD2-9FDC-36F43A218F4A} (Microsoft RDP Client Control (redist)) - http://62.242.187.248/tsweb/msrdp.cab
O16 - DPF: {CAFEEFAC-0014-0000-0001-ABCDEFFEDCBA} (Java Runtime Environment 1.4.0_01) -
O16 - DPF: {EB9B19D1-64CE-4A85-AEEB-A018F208A950} (XWeb Control) - http://brands.xten.net/x-web/XsaXWeb.cab
O16 - DPF: {F3F193CC-8D90-4BEB-8EDA-3EA69BB624F0} (Downloader Class) - http://a2044.g.akamai.net/7/2044/7189/20030512161604/www.douwantit.com:80/web/download/dwnldr.cab
O16 - DPF: {F9043C85-F6F2-101A-A3C9-08002B2F49FB} (Microsoft Common Dialog Control, version 6.0) - http://activex.microsoft.com/controls/vb5/comdlg32.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = x.dk
O17 - HKLM\Software\..\Telephony: DomainName = x.dk
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = x.bec.dk
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = x.dk