Logfile of HijackThis v1.98.2 Scan saved at 3:14:00 PM, on 12/09/2004 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:WINDOWSSystem32smss.exe C:WINDOWSsystem32winlogon.exe C:WINDOWSsystem32services.exe C:WINDOWSsystem32lsass.exe C:WINDOWSsystem32svchost.exe C:WINDOWSSystem32svchost.exe C:ProgrammerAheadInCDInCDsrv.exe C:WINDOWSsystem32spoolsv.exe C:WINDOWSExplorer.EXE C:ProgrammerCreativeShareDLLCtNotify.exe C:ProgrammerAnalog DevicesSoundMAXSMTray.exe C:ProgrammerAheadInCDInCD.exe C:WINDOWSSystem32RUNDLL32.EXE C:ProgrammerQuickTimeqttask.exe C:ProgrammerJavaj2re1.4.2_05injusched.exe C:PROGRA~1FLLESF~1PCSuiteDATALA~1DATALA~1.EXE C:PROGRA~1NokiaNOKIAP~1TRAYAP~1.EXE C:ProgrammerMSN MessengerMsnMsgr.Exe C:WINDOWSSystem32ctfmon.exe C:PROGRA~1FLLESF~1PCSuiteServicesSERVIC~1.EXE C:ProgrammerCreativeShareDLLMediaDet.Exe C:WINDOWSSystem32CTSvcCDA.exe C:ProgrammerFælles filerMicrosoft SharedVS7Debugmdm.exe C:WINDOWSSystem32 vsvc32.exe C:ProgrammerAnalog DevicesSoundMAXSMAgent.exe C:WINDOWSSystem32svchost.exe C:ProgrammerSONOFONSONOFON BredbåndappTangoService.exe C:PROGRA~1SONOFONSONOFO~1appTangoManager.exe C:WINDOWSSystem32wuauclt.exe C:ProgrammerInternet Exploreriexplore.exe C:ProgrammerWinRARWinRAR.exe C:DOCUME~1JesperLOKALE~1TempRar$EX00.437HijackThis.exe R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Bar = http://g.msn.dk[...] R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.qxl.dk[...] R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Hyperlinks O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:ProgrammerAdobeAcrobat 6.0ReaderActiveXAcroIEHelper.dll O2 - BHO: Core Library - {E9C1FD9A-46B0-4185-84ED-E2F8ACD4A262} - C:WINDOWSSystem32KDP3354.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:WINDOWSsystem32msdxm.ocx O4 - HKLM..Run: [PtiuPbmd] Rundll32.exe ptipbm.dll,SetWriteBack O4 - HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:WINDOWSSystem32NvCpl.dll,NvStartup O4 - HKLM..Run: [nwiz] nwiz.exe /install O4 - HKLM..Run: [Disc Detector] C:ProgrammerCreativeShareDLLCtNotify.exe O4 - HKLM..Run: [Smapp] C:ProgrammerAnalog DevicesSoundMAXSMTray.exe O4 - HKLM..Run: [NeroFilterCheck] C:WINDOWSsystem32NeroCheck.exe O4 - HKLM..Run: [InCD] C:ProgrammerAheadInCDInCD.exe O4 - HKLM..Run: [Kazaa Download Accelerator Updater] regsvr32 /s C:WINDOWSSystem32kdpupd.dll O4 - HKLM..Run: [NvMediaCenter] RUNDLL32.EXE C:WINDOWSSystem32NvMcTray.dll,NvTaskbarInit O4 - HKLM..Run: [QuickTime Task] "C:ProgrammerQuickTimeqttask.exe" -atboottime O4 - HKLM..Run: [SunJavaUpdateSched] C:ProgrammerJavaj2re1.4.2_05injusched.exe O4 - HKLM..Run: [Kazaa Download Accelerator Updater (required)] regsvr32 /s C:WINDOWSSystem32KDP3354.dll O4 - HKLM..Run: [DataLayer] C:PROGRA~1FLLESF~1PCSuiteDATALA~1DATALA~1.EXE O4 - HKLM..Run: [PCSuiteTrayApplication] C:PROGRA~1NokiaNOKIAP~1TRAYAP~1.EXE O4 - HKCU..Run: [MsnMsgr] "C:ProgrammerMSN MessengerMsnMsgr.Exe" /background O4 - HKCU..Run: [ctfmon.exe] C:WINDOWSSystem32ctfmon.exe O4 - HKCU..Run: [NvMediaCenter] RUNDLL32.EXE C:WINDOWSSystem32NVMCTRAY.DLL,NvTaskbarInit O4 - Startup: SONOFON Bredbånd.lnk = ? O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:PROGRA~1MICROS~2OFFICE11EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file) O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file) O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:PROGRA~1ICQICQ.exe (file missing) O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:PROGRA~1ICQICQ.exe (file missing) O9 - Extra button: Opslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:PROGRA~1MICROS~2OFFICE11REFIEBAR.DLL O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:WINDOWSweb elated.htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:WINDOWSweb elated.htm O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:ProgrammerMessengerMSMSGS.EXE O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:ProgrammerMessengerMSMSGS.EXE O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com[...] O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://files.ea.com[...] O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - https://www.gamespyid.com[...] O16 - DPF: {75D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin.SecureControl) - http://secure2.comned.com[...] O16 - DPF: {A590956F-AE99-4419-BB39-3C721276C625} - https://udstedelse.certifikat.tdc.dk[...] O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com[...] O16 - DPF: {F08555B0-9CC3-11D2-AA8E-000000000000} - http://www.pornmail.com[...] O17 - HKLMSystemCCSServicesTcpip..{E5F31FAE-A7B3-4296-BA44-32ECAC0A3D4A}: NameServer = 212.88.64.14 212.88.64.199
--
ASUS P4PE, Celeron 2000, GeForce 4 TI4200, 3 x 80 GB HD 7200 RPM, 1024 DDR2700. DVD+CD rom

Hejsa, Der er et par småting som lige skal fixes. Start med at deaktivere systemgendannelse. Højreklik på "Denne Computer" på skrivebordet, vælg egenskaber og fanebladet "Systemgendannelse" og sæt flueben i "Deaktiver systemgendannelse". Klik ok og genstart. Kør en ny scanning med HJT og sæt flueben ved disse: O2 - BHO: Core Library - {E9C1FD9A-46B0-4185-84ED-E2F8ACD4A262} - C:\WINDOWS\System32\KDP3354.dll O4 - HKLM..Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM..Run: [InCD] C:\Programmer\Ahead\InCD\InCD.exe O4 - HKLM..Run: [Kazaa Download Accelerator Updater] regsvr32 /s C:\WINDOWS\System32\kdpupd.dll O4 - HKLM..Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime O4 - HKLM..Run: [SunJavaUpdateSched] C:\Programmer\Java\j2re1.4.2_05\bin\jusched.exe O4 - HKLM..Run: [Kazaa Download Accelerator Updater (required)] regsvr32 /s C:\WINDOWS\System32\KDP3354.dll O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file) O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file) O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:PROGRA~1ICQICQ.exe (file missing) O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:PROGRA~1ICQICQ.exe (file missing) O16 - DPF: {75D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin.SecureControl) - http://secure2.comned.com[...] O16 - DPF: {F08555B0-9CC3-11D2-AA8E-000000000000} - http://www.pornmail.com[...] Luk alle øvrige programvinduer så kun HJT er åben. Klik på ”Fix checked”. Luk programmet og genstart i fejlsikret tilstand (tryk F8 efter POST skærmen). Find og slet disse: C:\WINDOWS\System32\KDP3354.dll C:\WINDOWS\System32\kdpupd.dll Genstart normalt. Kør en ny scanning med HJT og smid loggen herind til kontrol.
--
/Armageddon - [email protected] http://www.mdegn.dk[...]