hmm det ser ud til den har genetablerede sig selv i regedit, da jeg har slettet den over flere forsøg, men det ser ud til den er væk nu?? du får lige en ny silent log sammen med Hijack log
Tak for hjælpen:-)
“Silent Runners.vbs”, revision 32, http://www.silentrunners.org/
Operating System: Windows XP
Output limited to non-default values, except where indicated by “{++}”
Startup items buried in registry:
————————————————-
HKCU/SOFTWARE/Microsoft/Windows/CurrentVersion/Run/ {++}
“CTFMON.EXE” = “C:/WINDOWS/System32/ctfmon.exe” [MS]
“Skype” = ““C:/Programmer/Skype/Phone/Skype.exe” /nosplash /minimized” [“Skype Technologies S.A.”]
“SpySweeper” = ““C:/Programmer/Webroot/Spy Sweeper/SpySweeper.exe” /0” [“Webroot Software, Inc.”]
HKLM/SOFTWARE/Microsoft/Windows/CurrentVersion/Policies/Explorer/Run/ {++}
“notepad.exe” = “msmsgs.exe” [file not found]
HKLM/SOFTWARE/Microsoft/Windows/CurrentVersion/Run/ {++}
“S3TRAY2” = “S3tray2.exe” [“S3 Graphics, Inc.”]
“QuickTime Task” = ““C:/Programmer/QuickTime/qttask.exe” -atboottime” [“Apple Computer, Inc.”]
“Omnipage” = “C:/Programmer/ScanSoft/OmniPageSE/opware32.exe” [“ScanSoft, Inc”]
“Run StartupMonitor” = “StartupMonitor.exe” [null data]
“AVGCtrl” = “C:/Programmer/AVPersonal/AVGNT.EXE /min” [“H+BEDV Datentechnik GmbH”]
HKLM/Software/Microsoft/Windows/CurrentVersion/Shell Extensions/Approved/
“{42071714-76d4-11d1-8b24-00a0c9068ff3}” = “Kontrolpanel-udvidelse til skærmpanorering”
-> {CLSID}/InProcServer32/(Default) = “deskpan.dll” [file not found]
“{88895560-9AA2-1069-930E-00AA0030EBC8}” = “HyperTerminal-ikon”
-> {CLSID}/InProcServer32/(Default) = “C:/WINDOWS/System32/hticons.dll” [“Hilgraeve, Inc.”]
“{e57ce731-33e8-4c51-8354-bb4de9d215d1}” = “Universal Plug and Play-enheder”
-> {CLSID}/InProcServer32/(Default) = “C:/WINDOWS/System32/upnpui.dll” [MS]
“{5E44E225-A408-11CF-B581-008029601108}” = “Adaptec DirectCD Shell Extension”
-> {CLSID}/InProcServer32/(Default) = “C:/PROGRA~1/Roxio/EASYCD~1/DirectCD/Shellex.dll” [“Roxio”]
“{00020D75-0000-0000-C000-000000000046}” = “Microsoft Office Outlook Desktop Icon Handler”
-> {CLSID}/InProcServer32/(Default) = “C:/PROGRA~1/MI1933~1/OFFICE11/MLSHEXT.DLL” [MS]
“{0006F045-0000-0000-C000-000000000046}” = “Microsoft Office Outlook Custom Icon Handler”
-> {CLSID}/InProcServer32/(Default) = “C:/PROGRA~1/MI1933~1/OFFICE11/OLKFSTUB.DLL” [MS]
“{42042206-2D85-11D3-8CFF-005004838597}” = “Microsoft Office HTML Icon Handler”
-> {CLSID}/InProcServer32/(Default) = “C:/Programmer/Microsoft Office/OFFICE11/msohev.dll” [MS]
“{E0D79304-84BE-11CE-9641-444553540000}” = “WinZip”
-> {CLSID}/InProcServer32/(Default) = “C:/PROGRA~1/WINZIP/WZSHLSTB.DLL” [“WinZip Computing, Inc.”]
“{E0D79305-84BE-11CE-9641-444553540000}” = “WinZip”
-> {CLSID}/InProcServer32/(Default) = “C:/PROGRA~1/WINZIP/WZSHLSTB.DLL” [“WinZip Computing, Inc.”]
“{E0D79306-84BE-11CE-9641-444553540000}” = “WinZip”
-> {CLSID}/InProcServer32/(Default) = “C:/PROGRA~1/WINZIP/WZSHLSTB.DLL” [“WinZip Computing, Inc.”]
“{E0D79307-84BE-11CE-9641-444553540000}” = “WinZip”
-> {CLSID}/InProcServer32/(Default) = “C:/PROGRA~1/WINZIP/WZSHLSTB.DLL” [“WinZip Computing, Inc.”]
“{81559C35-8464-49F7-BB0E-07A383BEF910}” = “SpywareGuard”
-> {CLSID}/InProcServer32/(Default) = “C:/Programmer/SpywareGuard/spywareguard.dll” [null data]
“{62998FFD-B0A8-4019-8B86-CF0785539EC5}” = “IE Privacy Keeper Secure Delete Shell Extension”
-> {CLSID}/InProcServer32/(Default) = “C:/Programmer/UnH Solutions/IE Privacy Keeper/SecureDelete.dll” [“UnH Solutions”]
“{4B4604E0-8961-11D4-A0EC-009099164712}” = “My MultiPASS”
-> {CLSID}/InProcServer32/(Default) = “C:/Programmer/Canon/MultiPASS4/DTM4.DLL” [“Canon Inc.”]
“{7C9D5882-CB4A-4090-96C8-430BFE8B795B}” = “Webroot Spy Sweeper Context Menu Integration”
-> {CLSID}/InProcServer32/(Default) = “C:/PROGRA~1/Webroot/SPYSWE~1/SSCtxMnu.dll” [“Webroot Software, Inc.”]
HKLM/Software/Classes/PROTOCOLS/Filter/
INFECTION WARNING! text/xml/CLSID = “{807553E5-5146-11D5-A672-00B0D022E945}”
-> {CLSID}/InProcServer32/(Default) = “C:/Programmer/Fælles filer/Microsoft Shared/OFFICE11/MSOXMLMF.DLL” [MS]
Enabled Screen Saver:
——————————-
HKCU/Control Panel/Desktop/
“SCRNSAVE.EXE” = “C:/WINDOWS/System32/sstext3d.scr” [MS]
Startup items in “Ejer” & “All Users” startup folders:
———————————————————————————
C:/Documents and Settings/Ejer/Menuen Start/Programmer/Start
“SpywareGuard” -> shortcut to: “C:/Programmer/SpywareGuard/sgmain.exe” [null data]
C:/Documents and Settings/All Users.WINDOWS/Menuen Start/Programmer/Start
“Cordless DUALphone opstart” -> shortcut to: “C:/Programmer/Cordless USB Phone/Cordless DUALphone Suite.exe” [“Olympia®”]
“SMC2835W 2.4GHz 54 Mbps Wireless CardBus Adapter Utility” -> shortcut to: “C:/Programmer/SMC/SMC2835W 2.4GHz 54 Mbps Wireless CardBus Adapter/SMC11GMonitor.exe” [empty string]
Running Services (Display Name, Service Name, Path {Service DLL}):
—————————————————————————————————
AMD PowerNow! (tm) Technology Service, GemServ, “C:/Programmer/AMD/PowerNow!/GemServ.exe” [“Advanced Micro Devices”]
AntiVir Service, AntiVirService, “C:/Programmer/AVPersonal/AVGUARD.EXE” [“H+BEDV Datentechnik GmbH”]
AntiVir Update, AVWUpSrv, ““C:/Programmer/AVPersonal/AVWUPSRV.EXE”” [“H+BEDV Datentechnik GmbH, Germany”]
Machine Debug Manager, MDM, ““C:/Programmer/Fælles filer/Microsoft Shared/VS7DEBUG/MDM.EXE”” [MS]
MpService, MpService, “C:/Programmer/Canon/MultiPASS4/MPSERVIC.EXE” [“Canon Inc.”]
SmartLinkService, SLService, “slserv.exe” [” “]
Winsock2 Service Provider DLLs:
———————————————-
Namespace Service Providers
HKLM/System/CurrentControlSet/Services/Winsock2/Parameters/NameSpace_Catalog5/Catalog_Entries/ {++}
000000000001/LibraryPath = “%SystemRoot%/System32/mswsock.dll” [MS]
000000000002/LibraryPath = “%SystemRoot%/System32/winrnr.dll” [MS]
000000000003/LibraryPath = “%SystemRoot%/System32/mswsock.dll” [MS]
Transport Service Providers
HKLM/System/CurrentControlSet/Services/Winsock2/Parameters/Protocol_Catalog9/Catalog_Entries/ {++}
0000000000##/PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%/system32/mswsock.dll [MS], 01 - 04, 07 - 20
%SystemRoot%/system32/rsvpsp.dll [MS], 05 - 06
og her log af Hijack:
—————
This report excludes default entries except where indicated.
To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
—————
Logfile of HijackThis v1.99.1
Scan saved at 20:00:29, on 07-03-2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:/WINDOWS/System32/smss.exe
C:/WINDOWS/system32/csrss.exe
C:/WINDOWS/system32/winlogon.exe
C:/WINDOWS/system32/services.exe
C:/WINDOWS/system32/lsass.exe
C:/WINDOWS/system32/svchost.exe
C:/WINDOWS/System32/svchost.exe
C:/WINDOWS/System32/svchost.exe
C:/WINDOWS/System32/svchost.exe
C:/WINDOWS/system32/spoolsv.exe
C:/WINDOWS/Explorer.EXE
C:/WINDOWS/System32/S3tray2.exe
C:/Programmer/QuickTime/qttask.exe
C:/Programmer/ScanSoft/OmniPageSE/opware32.exe
C:/WINDOWS/StartupMonitor.exe
C:/Programmer/AVPersonal/AVGNT.EXE
C:/WINDOWS/System32/ctfmon.exe
C:/Programmer/Skype/Phone/Skype.exe
C:/Programmer/Webroot/Spy Sweeper/SpySweeper.exe
C:/Programmer/Cordless USB Phone/Cordless DUALphone Suite.exe
C:/Programmer/SMC/SMC2835W 2.4GHz 54 Mbps Wireless CardBus Adapter/SMC11GMonitor.exe
C:/PROGRA~1/SMC/SMC283~1.4GH/PRISMSVR.EXE
C:/Programmer/SpywareGuard/sgmain.exe
C:/WINDOWS/System32/alg.exe
C:/Programmer/AVPersonal/AVGUARD.EXE
C:/Programmer/AVPersonal/AVWUPSRV.EXE
C:/Programmer/AMD/PowerNow!/GemServ.exe
C:/Programmer/AMD/PowerNow!/gemback.exe
C:/Programmer/Fælles filer/Microsoft Shared/VS7DEBUG/MDM.EXE
C:/Programmer/Canon/MultiPASS4/MPSERVIC.EXE
C:/Programmer/SpywareGuard/sgbhp.exe
C:/WINDOWS/system32/slserv.exe
C:/WINDOWS/System32/svchost.exe
C:/Programmer/Microsoft Office/OFFICE11/WINWORD.EXE
C:/WINDOWS/System32/wbem/wmiprvse.exe
C:/WINDOWS/System32/wbem/wmiprvse.exe
C:/WINDOWS/system32/NOTEPAD.EXE
C:/Internet/hijackthis 010305/hijackthis.exe
R0 - HKCU/Software/Microsoft/Internet Explorer/Main,Start Page = http://tv2.dk/
O3 - Toolbar: &Google; - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:/WINDOWS/Downloaded Program Files/CONFLICT.3/googlenav.dll
O4 - HKLM/../Run: [S3TRAY2] S3tray2.exe
O4 - HKLM/../Run: [QuickTime Task] “C:/Programmer/QuickTime/qttask.exe” -atboottime
O4 - HKLM/../Run: [Omnipage] C:/Programmer/ScanSoft/OmniPageSE/opware32.exe
O4 - HKLM/../Run: [Run StartupMonitor] StartupMonitor.exe
O4 - HKLM/../Run: [AVGCtrl] C:/Programmer/AVPersonal/AVGNT.EXE /min
O4 - HKCU/../Run: [CTFMON.EXE] C:/WINDOWS/System32/ctfmon.exe
O4 - HKCU/../Run: [Skype] “C:/Programmer/Skype/Phone/Skype.exe” /nosplash /minimized
O4 - HKCU/../Run: [SpySweeper] “C:/Programmer/Webroot/Spy Sweeper/SpySweeper.exe” /0
O4 - Startup: SpywareGuard.lnk = C:/Programmer/SpywareGuard/sgmain.exe
O4 - Global Startup: Cordless DUALphone opstart.lnk = C:/Programmer/Cordless USB Phone/Cordless DUALphone Suite.exe
O4 - Global Startup: SMC2835W 2.4GHz 54 Mbps Wireless CardBus Adapter Utility.lnk = C:/Programmer/SMC/SMC2835W 2.4GHz 54 Mbps Wireless CardBus Adapter/SMC11GMonitor.exe
O8 - Extra context menu item: &Google; Search - res://C:/WINDOWS/Downloaded Program Files/CONFLICT.3/googlenav.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links; - res://C:/WINDOWS/Downloaded Program Files/CONFLICT.3/googlenav.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed; Snapshot of Page - res://C:/WINDOWS/Downloaded Program Files/CONFLICT.3/googlenav.dll/cmcache.html
O8 - Extra context menu item: E&ksporter; til Microsoft Excel - res://C:/PROGRA~1/MI1933~1/OFFICE11/EXCEL.EXE/3000
O8 - Extra context menu item: Si&milar; Pages - res://C:/WINDOWS/Downloaded Program Files/CONFLICT.3/googlenav.dll/cmsimilar.html
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:/Programmer/ICQLite/ICQLite.exe
O9 - Extra ‘Tools’ menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:/Programmer/ICQLite/ICQLite.exe
O12 - Plugin for .pdf: C:/Programmer/Internet Explorer/PLUGINS/nppdf32.dll
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/20040428/qtinstall.info.apple.com/saba/dk/win/QuickTimeFullInstaller.exe
O16 - DPF: {6CB5E471-C305-11D3-99A8-000086395495} (Google Activate) - http://toolbar.google.com/data/da/big/1.1.62-big/GoogleNav.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004033001/housecall.antivirus.com/housecall/xscan53.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {8EC18CE2-D7B4-11D2-88C8-006008A717FD} (NCSView Class) - http://www.kortal.dk/ecwplugins/ncs.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {D3426292-3750-4D80-9D0F-2816F61A6D15} (SpeedTest Control) - http://81.19.245.211/speedtest/SpeedTest_2.cab
O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey) - https://netbank.danskebank.dk/html/activex/e-Safekey/DB/e-Safekey.cab
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:/Programmer/AVPersonal/AVGUARD.EXE
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:/Programmer/AVPersonal/AVWUPSRV.EXE
O23 - Service: AMD PowerNow! (tm) Technology Service (GemServ) - Advanced Micro Devices - C:/Programmer/AMD/PowerNow!/GemServ.exe
O23 - Service: MpService - Canon Inc. - C:/Programmer/Canon/MultiPASS4/MPSERVIC.EXE
O23 - Service: SmartLinkService (SLService) - - C:/WINDOWS/SYSTEM32/slserv.exe
”
jeg får ingen pop ups mere 
