Gå til innhold

Har jeg virus eller Trojan? Trenger hjelp...

kjerstiskaar

Anbefalte innlegg

kjerstiskaar

kjerstiskaar

Skrevet
Skrevet

Jeg lurer på om det er noen som kan se om jeg har virus eller noe på datamaskinen min. Jeg ser det er mye snakk om trojan, og jeg har funnet noe sånt. Hvordan blir jeg kvitt dette?

 

Hjelper dette: (fra Spyware Doctor)

 

Scans (basic information only):

 

Scan Results:

scan start: 27.05.2006 17:25:49

scan stop: 27.05.2006 17:53:38

scanned items: 135580

found items: 116

found and ignored: 0

tools used: General Scanner, Process Scanner, LSP Scanner, Startup Scanner, Registry Scanner, Hosts Scanner, Browser Scanner, Browser Activity Scanner, Disk Scanner, ActiveX Scanner

 

 

 

Infection Name Location Risk

VX2.Look2Me Explorer.EXE (C:\WINDOWS\system32\uep10.dll) High

Dollarrevenue HKLM\Software\Microsoft\Windows\CurrentVersion\Run##keyboard High

Backdoor.Rbot.Gen HKCU\Software\Microsoft\OLE##winlog High

DeskAd Service HKLM\SOFTWARE\DeskAd Service Elevated

DeskAd Service HKLM\SOFTWARE\DeskAd Service## Elevated

DeskAd Service HKLM\SOFTWARE\DeskAd Service##param Elevated

DeskAd Service HKLM\SOFTWARE\DeskAd Service##track Elevated

DeskAd Service HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/DeskAdX.dll Elevated

DeskAd Service HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/DeskAdX.dll## Elevated

DeskAd Service HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/DeskAdX.dll##.Owner Elevated

DeskAd Service HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/DeskAdX.dll##{15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} Elevated

Dollarrevenue HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run##newname High

Possible Website Hijack (50) 175.28.168.206 antivirus.about.com High

Possible Website Hijack (25) 91.74.4.157 avp.com High

Possible Website Hijack (26) 37.224.4.222 ca.com High

Possible Website Hijack (38) 25.84.130.39 microsoft.com High

Possible Website Hijack (27) 74.236.131.0 my-etrust.com High

Possible Website Hijack (28) 111.248.131.33 nai.com High

Possible Website Hijack (21) 124.132.4.216 sophos.com High

Possible Website Hijack (22) 107.40.131.59 viruslist.com High

Possible Website Hijack (60) 158.190.40.49 zonelabs.com High

Possible Website Hijack (53) 212.40.168.238 nod32.com High

Possible Website Hijack (29) 4.38.3.163 pandasoftware.com High

Possible Website Hijack (39) 189.223.130.72 virustotal.com High

Known Bad Sites C:\DOCUME~1\KJERST~1\LOKALE~1\Temp\Temporary Internet Files\Content.IE5\4L6JO16Z\checksoft[1].js High

Zestyfind C:\DOCUME~1\KJERST~1\LOKALE~1\Temp\Temporary Internet Files\Content.IE5\KPAFSLMV\header2_fill[1].gif Elevated

Zestyfind C:\DOCUME~1\KJERST~1\LOKALE~1\Temp\Temporary Internet Files\Content.IE5\CZM7ALER\search[1].htm Elevated

Rogue Anti-Spyware Products C:\DOCUME~1\KJERST~1\LOKALE~1\Temp\Temporary Internet Files\Content.IE5\KXYZG9UF\arrow2[1].gif High

Zestyfind C:\DOCUME~1\KJERST~1\LOKALE~1\Temp\Temporary Internet Files\Content.IE5\4L6JO16Z\furlicon[1].gif Elevated

Rogue Anti-Spyware Products C:\DOCUME~1\KJERST~1\LOKALE~1\Temp\Temporary Internet Files\Content.IE5\CZM7ALER\top[1].gif High

Affiliated with Browser Hijackers C:\DOCUME~1\KJERST~1\LOKALE~1\Temp\Temporary Internet Files\Content.IE5\CZM7ALER\2006[1].htm Elevated

Zestyfind C:\DOCUME~1\KJERST~1\LOKALE~1\Temp\Temporary Internet Files\Content.IE5\CZM7ALER\header2_margin[1].gif Elevated

Rogue Anti-Spyware Products C:\DOCUME~1\KJERST~1\LOKALE~1\Temp\Temporary Internet Files\Content.IE5\KXYZG9UF\05-pcspeedscan_dwnld-errors[1].htm High

Zestyfind C:\DOCUME~1\KJERST~1\LOKALE~1\Temp\Temporary Internet Files\Content.IE5\KXYZG9UF\logo_sm[1].jpg Elevated

Rogue Anti-Spyware Products C:\DOCUME~1\KJERST~1\LOKALE~1\Temp\Temporary Internet Files\Content.IE5\KPAFSLMV\arrow1[1].gif High

Affiliated with Browser Hijackers C:\DOCUME~1\KJERST~1\LOKALE~1\Temp\Temporary Internet Files\Content.IE5\4L6JO16Z\index[1].htm Elevated

Zestyfind C:\DOCUME~1\KJERST~1\LOKALE~1\Temp\Temporary Internet Files\Content.IE5\CZM7ALER\header3_margin[1].gif Elevated

Zestyfind C:\DOCUME~1\KJERST~1\LOKALE~1\Temp\Temporary Internet Files\Content.IE5\KXYZG9UF\spacer[1].gif Elevated

Zestyfind C:\DOCUME~1\KJERST~1\LOKALE~1\Temp\Temporary Internet Files\Content.IE5\KPAFSLMV\margin_top02[1].gif Elevated

Zestyfind C:\DOCUME~1\KJERST~1\LOKALE~1\Temp\Temporary Internet Files\Content.IE5\KXYZG9UF\header11_title[1].gif Elevated

Known Bad Sites C:\DOCUME~1\KJERST~1\LOKALE~1\Temp\Temporary Internet Files\Content.IE5\4L6JO16Z\styles[1].css High

Zestyfind C:\DOCUME~1\KJERST~1\LOKALE~1\Temp\Temporary Internet Files\Content.IE5\CZM7ALER\top_fill[1].gif Elevated

Zestyfind C:\DOCUME~1\KJERST~1\LOKALE~1\Temp\Temporary Internet Files\Content.IE5\4L6JO16Z\help[1].gif Elevated

Zestyfind C:\DOCUME~1\KJERST~1\LOKALE~1\Temp\Temporary Internet Files\Content.IE5\KPAFSLMV\style[1].css Elevated

Zestyfind C:\DOCUME~1\KJERST~1\LOKALE~1\Temp\Temporary Internet Files\Content.IE5\4L6JO16Z\header3_fill[1].gif Elevated

Zestyfind C:\DOCUME~1\KJERST~1\LOKALE~1\Temp\Temporary Internet Files\Content.IE5\KXYZG9UF\search[1].gif Elevated

Zestyfind C:\DOCUME~1\KJERST~1\LOKALE~1\Temp\Temporary Internet Files\Content.IE5\KXYZG9UF\header22_title[1].gif Elevated

Zestyfind C:\DOCUME~1\KJERST~1\LOKALE~1\Temp\Temporary Internet Files\Content.IE5\KXYZG9UF\botline[1].gif Elevated

Zestyfind C:\DOCUME~1\KJERST~1\LOKALE~1\Temp\Temporary Internet Files\Content.IE5\CZM7ALER\margin_top01[1].gif Elevated

Zestyfind C:\DOCUME~1\KJERST~1\LOKALE~1\Temp\Temporary Internet Files\Content.IE5\KPAFSLMV\icons3[1].gif Elevated

Rogue Anti-Spyware Products C:\DOCUME~1\KJERST~1\LOKALE~1\Temp\Temporary Internet Files\Content.IE5\KXYZG9UF\FinalMark[1].gif High

Rogue Anti-Spyware Products C:\DOCUME~1\KJERST~1\LOKALE~1\Temp\Temporary Internet Files\Content.IE5\CZM7ALER\scrn_shot4_01[1].gif High

Rogue Anti-Spyware Products C:\DOCUME~1\KJERST~1\LOKALE~1\Temp\Temporary Internet Files\Content.IE5\KPAFSLMV\scrn_shot4_03[1].gif High

Rogue Anti-Spyware Products C:\DOCUME~1\KJERST~1\LOKALE~1\Temp\Temporary Internet Files\Content.IE5\KXYZG9UF\logos[1].gif High

Rogue Anti-Spyware Products C:\DOCUME~1\KJERST~1\LOKALE~1\Temp\Temporary Internet Files\Content.IE5\4L6JO16Z\spyware[1].gif High

Dollarrevenue C:\drsmartload1.exe High

Dollarrevenue C:\drsmartload849a.exe High

Dollarrevenue C:\WINDOWS\drsmartload2.dat High

Zestyfind C:\WINDOWS\icont.exe Elevated

Zestyfind C:\WINDOWS\iconu.exe Elevated

Dollarrevenue C:\WINDOWS\keyboard231.dat High

Dollarrevenue C:\WINDOWS\newname.dat High

Trojan.Crypt.E C:\WINDOWS\system32\cmd.com High

Common Components for Trojans C:\WINDOWS\system32\netstat.com Medium

Trojan.Crypt.E C:\WINDOWS\system32\ping.com High

Common Components for Trojans C:\WINDOWS\system32\regedit.com Medium

Common Components for Trojans C:\WINDOWS\system32\taskkill.com Medium

Trojan.Crypt.E C:\WINDOWS\system32\tasklist.com High

Trojan.Crypt.E C:\WINDOWS\system32\tracert.com High

Backdoor.Rbot.Gen C:\onoes.exe High

TargetSavers C:\Programfiler\Fellesfiler\kfrq\kfrqd\class-barrel High

TargetSavers C:\Programfiler\Fellesfiler\kfrq\kfrqd\vocabulary High

Zestyfind C:\System Volume Information\_restore{0028CCD0-4569-4FA6-8484-DF985BB83F47}\RP366\A0094627.exe Elevated

TargetSavers C:\System Volume Information\_restore{0028CCD0-4569-4FA6-8484-DF985BB83F47}\RP366\A0094629.exe High

TargetSavers C:\System Volume Information\_restore{0028CCD0-4569-4FA6-8484-DF985BB83F47}\RP366\A0094630.exe High

TargetSavers C:\System Volume Information\_restore{0028CCD0-4569-4FA6-8484-DF985BB83F47}\RP366\A0094634.dll High

TargetSavers C:\System Volume Information\_restore{0028CCD0-4569-4FA6-8484-DF985BB83F47}\RP366\A0094635.exe High

TargetSavers C:\System Volume Information\_restore{0028CCD0-4569-4FA6-8484-DF985BB83F47}\RP366\A0094636.exe High

TargetSavers C:\System Volume Information\_restore{0028CCD0-4569-4FA6-8484-DF985BB83F47}\RP366\A0094637.exe High

VX2.Look2Me C:\System Volume Information\_restore{0028CCD0-4569-4FA6-8484-DF985BB83F47}\RP366\A0094638.exe High

TargetSavers C:\System Volume Information\_restore{0028CCD0-4569-4FA6-8484-DF985BB83F47}\RP366\A0094640.exe High

Webhancer C:\System Volume Information\_restore{0028CCD0-4569-4FA6-8484-DF985BB83F47}\RP366\A0094641.exe Medium

VX2.Look2Me C:\System Volume Information\_restore{0028CCD0-4569-4FA6-8484-DF985BB83F47}\RP366\A0094654.dll High

Backdoor.Rbot.Gen C:\System Volume Information\_restore{0028CCD0-4569-4FA6-8484-DF985BB83F47}\RP370\A0094756.exe High

VX2.Look2Me C:\System Volume Information\_restore{0028CCD0-4569-4FA6-8484-DF985BB83F47}\RP370\A0094766.dll High

VX2.Look2Me C:\WINDOWS\system32\enpsl1771.dll High

VX2.Look2Me C:\WINDOWS\system32\o4ro0e93eh.dll High

VX2.Look2Me C:\WINDOWS\system32\uep10.dll High

VX2.Look2Me C:\WINDOWS\system32\wohirda.dll High

Zestyfind C:\WINDOWS\Temp\bw2.com Elevated

Webhancer HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C900B400-CDFE-11D3-976A-00E02913A9E0} Medium

Webhancer HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C900B400-CDFE-11D3-976A-00E02913A9E0}## Medium

Webhancer HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C900B400-CDFE-11D3-976A-00E02913A9E0}\iexplore Medium

Webhancer HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C900B400-CDFE-11D3-976A-00E02913A9E0}\iexplore## Medium

Webhancer HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C900B400-CDFE-11D3-976A-00E02913A9E0}\iexplore##Type Medium

Webhancer HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C900B400-CDFE-11D3-976A-00E02913A9E0}\iexplore##Count Medium

Webhancer HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C900B400-CDFE-11D3-976A-00E02913A9E0}\iexplore##Time Medium

VX2.Look2Me HKCR\CLSID\{75569FEC-BF08-4513-877E-8DE154579A8E} High

VX2.Look2Me HKCR\CLSID\{75569FEC-BF08-4513-877E-8DE154579A8E}## High

VX2.Look2Me HKCR\CLSID\{75569FEC-BF08-4513-877E-8DE154579A8E}\Implemented Categories High

VX2.Look2Me HKCR\CLSID\{75569FEC-BF08-4513-877E-8DE154579A8E}\Implemented Categories## High

VX2.Look2Me HKCR\CLSID\{75569FEC-BF08-4513-877E-8DE154579A8E}\Implemented Categories\{00021492-0000-0000-C000-000000000046} High

VX2.Look2Me HKCR\CLSID\{75569FEC-BF08-4513-877E-8DE154579A8E}\Implemented Categories\{00021492-0000-0000-C000-000000000046}## High

VX2.Look2Me HKCR\CLSID\{75569FEC-BF08-4513-877E-8DE154579A8E}\InprocServer32 High

VX2.Look2Me HKCR\CLSID\{75569FEC-BF08-4513-877E-8DE154579A8E}\InprocServer32## High

VX2.Look2Me HKCR\CLSID\{75569FEC-BF08-4513-877E-8DE154579A8E}\InprocServer32##ThreadingModel High

VX2.Look2Me HKLM\Software\Classes\CLSID\{75569FEC-BF08-4513-877E-8DE154579A8E} High

VX2.Look2Me HKLM\Software\Classes\CLSID\{75569FEC-BF08-4513-877E-8DE154579A8E}## High

VX2.Look2Me HKLM\Software\Classes\CLSID\{75569FEC-BF08-4513-877E-8DE154579A8E}\Implemented Categories High

VX2.Look2Me HKLM\Software\Classes\CLSID\{75569FEC-BF08-4513-877E-8DE154579A8E}\Implemented Categories## High

VX2.Look2Me HKLM\Software\Classes\CLSID\{75569FEC-BF08-4513-877E-8DE154579A8E}\Implemented Categories\{00021492-0000-0000-C000-000000000046} High

VX2.Look2Me HKLM\Software\Classes\CLSID\{75569FEC-BF08-4513-877E-8DE154579A8E}\Implemented Categories\{00021492-0000-0000-C000-000000000046}## High

VX2.Look2Me HKLM\Software\Classes\CLSID\{75569FEC-BF08-4513-877E-8DE154579A8E}\InprocServer32 High

VX2.Look2Me HKLM\Software\Classes\CLSID\{75569FEC-BF08-4513-877E-8DE154579A8E}\InprocServer32## High

VX2.Look2Me HKLM\Software\Classes\CLSID\{75569FEC-BF08-4513-877E-8DE154579A8E}\InprocServer32##ThreadingModel High

VX2.Look2Me HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved##{75569FEC-BF08-4513-877E-8DE154579A8E} High

 

 

 

eller dette: (fra SpyHunter)

 

###########################Runnning Processes DATA###########################

processName = SMSS.EXE File Size = 50688 File Path = \SystemRoot\System32\smss.exe ModuleMD5 = 8a86c34f1ec05f36f7cc15f412da771d

processName = WINLOGON.EXE File Size = 501248 File Path = \??\C:\WINDOWS\system32\winlogon.exe ModuleMD5 = 765b39061ca16d01abfea752c5e2db8f

processName = SERVICES.EXE File Size = 108544 File Path = C:\WINDOWS\system32\services.exe ModuleMD5 = b44f7f43d33e308d07ba54c23b897e20

processName = LSASS.EXE File Size = 13312 File Path = C:\WINDOWS\system32\lsass.exe ModuleMD5 = 8235198cdb70aaeb3c1435c1911641f9

processName = SVCHOST.EXE File Size = 14336 File Path = C:\WINDOWS\system32\svchost.exe ModuleMD5 = c4d272d897700c7ad4b8e8454cd08676

processName = SVCHOST.EXE File Size = 14336 File Path = C:\WINDOWS\System32\svchost.exe ModuleMD5 = c4d272d897700c7ad4b8e8454cd08676

processName = SZSERVER.EXE File Size = 20536 File Path = C:\Programfiler\Fellesfiler\STOPzilla!\SZServer.exe ModuleMD5 = b7ddf0aaae0d05be1768ef5468d65559

processName = EXPLORER.EXE File Size = 1032192 File Path = C:\WINDOWS\Explorer.EXE ModuleMD5 = 0b4a898de1aa20d133c91ba260e7a8a1

processName = CCSETMGR.EXE File Size = 242808 File Path = C:\Programfiler\Fellesfiler\Symantec Shared\ccSetMgr.exe ModuleMD5 = bd565b4456dbce6e02182f35586fd5bf

processName = CCEVTMGR.EXE File Size = 255096 File Path = C:\Programfiler\Fellesfiler\Symantec Shared\ccEvtMgr.exe ModuleMD5 = 08d26906c74805bee8deca4c7be8c7f5

processName = SPOOLSV.EXE File Size = 57856 File Path = C:\WINDOWS\system32\spoolsv.exe ModuleMD5 = da81ec57acd4cdc3d4c51cf3d409af9f

processName = DEFWATCH.EXE File Size = 29928 File Path = C:\Programfiler\Symantec AntiVirus\DefWatch.exe ModuleMD5 = a3985a8ded49f67e3e25d2d2921b4dac

processName = SVCHOST.EXE File Size = 14336 File Path = C:\WINDOWS\System32\svchost.exe ModuleMD5 = c4d272d897700c7ad4b8e8454cd08676

processName = RTVSCAN.EXE File Size = 1221864 File Path = C:\Programfiler\Symantec AntiVirus\Rtvscan.exe ModuleMD5 = 91c4579e77abdfac02c16e0d0736123e

processName = FXSSVC.EXE File Size = 267776 File Path = C:\WINDOWS\system32\fxssvc.exe ModuleMD5 = 815da220ac32e128b4532b12b646872c

processName = IGFXTRAY.EXE File Size = 155648 File Path = C:\WINDOWS\System32\igfxtray.exe ModuleMD5 = 1b3dee1d33279f942944d12d539fdea3

processName = HKCMD.EXE File Size = 118784 File Path = C:\WINDOWS\System32\hkcmd.exe ModuleMD5 = 9f87ee428cf6ff75aba3abdde12c9083

processName = JUSCHED.EXE File Size = 36975 File Path = C:\Programfiler\Java\jre1.5.0_06\bin\jusched.exe ModuleMD5 = 61a3a9d5d98bf0331df5b716144a8100

processName = AGRSMMSG.EXE File Size = 88363 File Path = C:\WINDOWS\AGRSMMSG.exe ModuleMD5 = 32f801e868bd2006911d49128cdd6312

processName = SYNTPLPR.EXE File Size = 102400 File Path = C:\Programfiler\Synaptics\SynTP\SynTPLpr.exe ModuleMD5 = eac1803de51386ac836230d49441ce3b

processName = SYNTPENH.EXE File Size = 684032 File Path = C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe ModuleMD5 = bb20590db9af0694ed3bae35f6c436fa

processName = REALSCHED.EXE File Size = 151597 File Path = C:\Programfiler\Fellesfiler\Real\Update_OB\realsched.exe ModuleMD5 = a05da809ac0d86d916d09e3a908d3a06

processName = CCAPP.EXE File Size = 66680 File Path = C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe ModuleMD5 = 371d2fa0dfeb9767b3cc7cae1ab21a5a

processName = RNATHCHK.EXE File Size = 57389 File Path = C:\Programfiler\Fellesfiler\Real\Update_OB\rnathchk.exe ModuleMD5 = 8b58a2fe036913fc21696e02e9e690a7

processName = VPTRAY.EXE File Size = 124128 File Path = C:\PROGRA~1\SYMANT~1\VPTray.exe ModuleMD5 = 5972a3384ebceaeb99f4216e77ebed59

processName = ITUNESHELPER.EXE File Size = 278528 File Path = C:\Programfiler\iTunes\iTunesHelper.exe ModuleMD5 = 2e0e2be7bd6614ea4c86b9ece793e31e

processName = QTTASK.EXE File Size = 98304 File Path = C:\Programfiler\QuickTime\qttask.exe ModuleMD5 = 76a3a30b58405c2c6d833895253a51a9

processName = PICASAMEDIADETECTOR.EXE File Size = 335872 File Path = C:\Programfiler\Picasa2\PicasaMediaDetector.exe ModuleMD5 = be1a331b15dfe58584ed1f8bac762442

processName = IPODSERVICE.EXE File Size = 327680 File Path = C:\Programfiler\iPod\bin\iPodService.exe ModuleMD5 = 3ac9f355ecce7d6bb8ff184e9b2229a9

processName = RUNDLL32.EXE File Size = 33280 File Path = C:\WINDOWS\system32\rundll32.exe ModuleMD5 = b3a06b00d56f3253f1f59c1f1f090d4f

processName = E_FATIAIE.EXE File Size = 98304 File Path = C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIE.EXE ModuleMD5 = 423258c1ae9d4b6543ad6bb6315cf081

processName = CTFMON.EXE File Size = 15360 File Path = C:\WINDOWS\system32\ctfmon.exe ModuleMD5 = ddc0e7a20f0f77bec5108c265c4ae435

processName = SWEETIM.EXE File Size = 40960 File Path = C:\Programfiler\Macrogaming\SweetIM\SweetIM.exe ModuleMD5 = 074f93e24502973fda2ed859949435d5

processName = MSNMSGR.EXE File Size = 7086080 File Path = C:\Programfiler\MSN Messenger\msnmsgr.exe ModuleMD5 = be0228c27a991e668cd4fe640a95a3f4

processName = STATION.EXE File Size = 161440 File Path = C:\PROGRA~1\EACCEL~1\Station\station.exe ModuleMD5 = 127689fb4449fa943de9ef1c3ad73260

processName = STOPSIGNAV.EXE File Size = 718504 File Path = C:\PROGRA~1\ACCELE~1\ANTI-V~1\STOPSI~1.EXE ModuleMD5 = 571014e8f12c572091b6e9b0ebe7c9a7

processName = IEXPLORE.EXE File Size = 93184 File Path = C:\Programfiler\Internet Explorer\iexplore.exe ModuleMD5 = a2fc9dc13381bf18232a5e09cddd4cfa

processName = SDHELP.EXE File Size = 869048 File Path = C:\Programfiler\Spyware Doctor\sdhelp.exe ModuleMD5 = ce4a4bcd7dd1e8a339dab1d02c4dd2b2

processName = SWDOCTOR.EXE File Size = 2074848 File Path = C:\PROGRA~1\SPYWAR~1\swdoctor.exe ModuleMD5 = f2c62f557c86d931ec80191a596398f6

processName = SZBLKLST.EXE File Size = 94264 File Path = C:\Programfiler\Fellesfiler\STOPzilla!\SZBlkLst.exe ModuleMD5 = 3ae4c035c47212636dfb009e89fe1f02

processName = SPYHUNTER.EXE File Size = 2469888 File Path = C:\Programfiler\Enigma Software Group\SpyHunter\SpyHunter.exe ModuleMD5 = b0966fa7fbc70d83e6bdbf7257247bff

###########################REGISTRY MD5 DATA###########################

<HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN>

Name=IgfxTray Data=C:\WINDOWS\System32\igfxtray.exe FileSize = 155648 MD5=1b3dee1d33279f942944d12d539fdea3

Name=HotKeysCmds Data=C:\WINDOWS\System32\hkcmd.exe FileSize = 118784 MD5=9f87ee428cf6ff75aba3abdde12c9083

Name=SunJavaUpdateSched Data=C:\Programfiler\Java\jre1.5.0_06\bin\jusched.exe FileSize = 36975 MD5=61a3a9d5d98bf0331df5b716144a8100

Name=SoundMan Data=SOUNDMAN.EXE FileSize = 69632 MD5=

Name=AGRSMMSG Data=AGRSMMSG.exe FileSize = 88363 MD5=

Name=SynTPLpr Data=C:\Programfiler\Synaptics\SynTP\SynTPLpr.exe FileSize = 102400 MD5=eac1803de51386ac836230d49441ce3b

Name=SynTPEnh Data=C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe FileSize = 684032 MD5=bb20590db9af0694ed3bae35f6c436fa

Name=NeroFilterCheck Data=C:\WINDOWS\system32\NeroCheck.exe FileSize = 155648 MD5=3e4c03cefad8de135263236b61a49c90

Name=TkBellExe Data="C:\Programfiler\Fellesfiler\Real\Update_OB\realsched.exe" -osboot FileSize = 151597 MD5=a05da809ac0d86d916d09e3a908d3a06

Name=PCLEPCI Data=C:\PROGRA~1\Pinnacle\PPE\ppe.exe FileSize = 32768 MD5=7eaa51b4817d1c5fc0c85e740728a38a

Name=WinampAgent Data=C:\Programfiler\Winamp\winampa.exe FileSize = 33792 MD5=11aa6662a1be30375afd1a8407811e7e

Name=ccApp Data="C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe" FileSize = 66680 MD5=371d2fa0dfeb9767b3cc7cae1ab21a5a

Name=vptray Data=C:\PROGRA~1\SYMANT~1\VPTray.exe FileSize = 124128 MD5=5972a3384ebceaeb99f4216e77ebed59

Name=iTunesHelper Data=C:\Programfiler\iTunes\iTunesHelper.exe FileSize = 278528 MD5=2e0e2be7bd6614ea4c86b9ece793e31e

Name=QuickTime Task Data="C:\Programfiler\QuickTime\qttask.exe" -atboottime FileSize = 98304 MD5=76a3a30b58405c2c6d833895253a51a9

Name=Picasa Media Detector Data=C:\Programfiler\Picasa2\PicasaMediaDetector.exe FileSize = 335872 MD5=be1a331b15dfe58584ed1f8bac762442

Name=BluetoothAuthenticationAgent Data=rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent FileSize = 33280 MD5=

Name=EPSON Stylus Photo R220 Series Data=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIE.EXE /P30 "EPSON Stylus Photo R220 Series" /O6 "USB001" /M "Stylus Photo R220" FileSize = 98304 MD5=423258c1ae9d4b6543ad6bb6315cf081

Name=SweetIM Data=C:\Programfiler\Macrogaming\SweetIM\SweetIM.exe FileSize = 40960 MD5=074f93e24502973fda2ed859949435d5

Name=outlook Data=C:\Programfiler\outlook\outlook.exe /auto FileSize = 210432 MD5=b420a430d733a3a1d8b27e71f78590e1

Name=newname Data=C:\\newname23.exe FileSize = MD5=********************************

Name=STOPzilla Data=C:\Programfiler\STOPzilla!\STOPzilla.exe /autostart FileSize = 61440 MD5=0b81e1916823812202f45308b3abd684

Name=SoftwareStation Data=C:\Programfiler\eAcceleration\Station\station.exe /b Startup FileSize = 161440 MD5=127689fb4449fa943de9ef1c3ad73260

Name=StopSignSsTsMon Data=Rundll32.exe "C:\Programfiler\Acceleration Software\Anti-Virus\sstsmon.dll",VerifyStatus FileSize = 136864 MD5=65be1b2d53afeea58aa764e106738599

Name=webscan Data="C:\Programfiler\Acceleration Software\Anti-Virus\stopsignav.exe" -k FileSize = 718504 MD5=571014e8f12c572091b6e9b0ebe7c9a7

Name=SpyHunter Data=C:\Programfiler\Enigma Software Group\SpyHunter\SpyHunter.exe

FileSize = 2469888 MD5=b0966fa7fbc70d83e6bdbf7257247bff

<HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNONCEEX>

<HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNONCE>

<HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN>

Name=CTFMON.EXE Data=C:\WINDOWS\system32\ctfmon.exe FileSize = 15360 MD5=ddc0e7a20f0f77bec5108c265c4ae435

Name=msnmsgr Data=~"C:\Programfiler\MSN Messenger\msnmsgr.exe" /background FileSize = 7086080 MD5=be0228c27a991e668cd4fe640a95a3f4

Name=SweetIM Data=C:\Programfiler\Macrogaming\SweetIM\SweetIM.exe FileSize = 40960 MD5=074f93e24502973fda2ed859949435d5

Name=RealPlayer Data="C:\Programfiler\Real\RealOne Player\realplay.exe" /RunUPGToolCommandReBoot FileSize = 995328 MD5=4c3398289a4068701fa83397319bb271

Name=Spyware Doctor Data="C:\Programfiler\Spyware Doctor\swdoctor.exe" /Q

FileSize = 2074848 MD5=f2c62f557c86d931ec80191a596398f6

<HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNONCE>

<HKEY_USERS\.DEFAULT\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN>

Name=CTFMON.EXE Data=C:\WINDOWS\System32\CTFMON.EXE FileSize = 15360 MD5=ddc0e7a20f0f77bec5108c265c4ae435

Name=Spyware Doctor Data="C:\Programfiler\Spyware Doctor\swdoctor.exe" /Q

FileSize = 2074848 MD5=f2c62f557c86d931ec80191a596398f6

<HKEY_USERS\.DEFAULT\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNONCE>

#############################FILE MD5 DATA#############################

<C:\Documents and Settings\KJERSTI SKAAR\Start-meny\Programmer\Oppstart>

File Path = C:\Documents and Settings\KJERSTI SKAAR\Start-meny\Programmer\Oppstart\desktop.ini File Size = 4096 md5=d6a6856702e3f0953e7246a9b4a9fe35

#############################SERVICES DATA#############################

Service Name = AudioSrv Service Display Name = Windows Audio Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\System32\svchost.exe -k netsvcs Binary Size = 0 Binary MD5 =

Service Name = BITS Service Display Name = Tjenesten Background Intelligent Transfer Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\System32\svchost.exe -k netsvcs Binary Size = 0 Binary MD5 =

Service Name = BthServ Service Display Name = Bluetooth Support Service Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\system32\svchost.exe -k bthsvcs Binary Size = 0 Binary MD5 =

Service Name = ccEvtMgr Service Display Name = Symantec Event Manager Opened = YES Status = Running Query = SUCCESS Service Type = 16 Service Start Type = 2 Service Error Control = 0 Service Binary Path = "C:\Programfiler\Fellesfiler\Symantec Shared\ccEvtMgr.exe" Binary Size = 0 Binary MD5 =

Service Name = ccSetMgr Service Display Name = Symantec Settings Manager Opened = YES Status = Running Query = SUCCESS Service Type = 16 Service Start Type = 2 Service Error Control = 0 Service Binary Path = "C:\Programfiler\Fellesfiler\Symantec Shared\ccSetMgr.exe" Binary Size = 0 Binary MD5 =

Service Name = CryptSvc Service Display Name = Cryptographic Services Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\system32\svchost.exe -k netsvcs Binary Size = 0 Binary MD5 =

Service Name = DcomLaunch Service Display Name = DCOM Server Process Launcher Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\system32\svchost -k DcomLaunch Binary Size = 0 Binary MD5 =

Service Name = DefWatch Service Display Name = Symantec AntiVirus Definition Watcher Opened = YES Status = Running Query = SUCCESS Service Type = 272 Service Start Type = 2 Service Error Control = 0 Service Binary Path = "C:\Programfiler\Symantec AntiVirus\DefWatch.exe" Binary Size = 0 Binary MD5 =

Service Name = Dhcp Service Display Name = DHCP Client Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\System32\svchost.exe -k netsvcs Binary Size = 0 Binary MD5 =

Service Name = Dnscache Service Display Name = DNS Client Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\System32\svchost.exe -k NetworkService Binary Size = 0 Binary MD5 =

Service Name = ERSvc Service Display Name = Error Reporting Service Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 2 Service Error Control = 0 Service Binary Path = C:\WINDOWS\System32\svchost.exe -k netsvcs Binary Size = 0 Binary MD5 =

Service Name = Eventlog Service Display Name = Event Log Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\system32\services.exe Binary Size = 108544 Binary MD5 = b44f7f43d33e308d07ba54c23b897e20

Service Name = EventSystem Service Display Name = COM+-hendelsessystem Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 3 Service Error Control = 1 Service Binary Path = C:\WINDOWS\System32\svchost.exe -k netsvcs Binary Size = 0 Binary MD5 =

Service Name = FastUserSwitchingCompatibility Service Display Name = Fast User Switching Compatibility Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 3 Service Error Control = 1 Service Binary Path = C:\WINDOWS\System32\svchost.exe -k netsvcs Binary Size = 0 Binary MD5 =

Service Name = Fax Service Display Name = Fax Opened = YES Status = Running Query = SUCCESS Service Type = 16 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\system32\fxssvc.exe Binary Size = 267776 Binary MD5 = 815da220ac32e128b4532b12b646872c

Service Name = helpsvc Service Display Name = Help and Support Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\System32\svchost.exe -k netsvcs Binary Size = 0 Binary MD5 =

Service Name = iPodService Service Display Name = iPod Service Opened = YES Status = Running Query = SUCCESS Service Type = 16 Service Start Type = 3 Service Error Control = 0 Service Binary Path = C:\Programfiler\iPod\bin\iPodService.exe Binary Size = 327680 Binary MD5 = 3ac9f355ecce7d6bb8ff184e9b2229a9

Service Name = lanmanserver Service Display Name = Server Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\System32\svchost.exe -k netsvcs Binary Size = 0 Binary MD5 =

Service Name = lanmanworkstation Service Display Name = Workstation Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\System32\svchost.exe -k netsvcs Binary Size = 0 Binary MD5 =

Service Name = LmHosts Service Display Name = TCP/IP NetBIOS Helper Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\System32\svchost.exe -k LocalService Binary Size = 0 Binary MD5 =

Service Name = Netman Service Display Name = Network Connections Opened = YES Status = Running Query = SUCCESS Service Type = 288 Service Start Type = 3 Service Error Control = 1 Service Binary Path = C:\WINDOWS\System32\svchost.exe -k netsvcs Binary Size = 0 Binary MD5 =

Service Name = Nla Service Display Name = Network Location Awareness (NLA) Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 3 Service Error Control = 1 Service Binary Path = C:\WINDOWS\System32\svchost.exe -k netsvcs Binary Size = 0 Binary MD5 =

Service Name = PlugPlay Service Display Name = Plug and Play Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\system32\services.exe Binary Size = 108544 Binary MD5 = b44f7f43d33e308d07ba54c23b897e20

Service Name = PolicyAgent Service Display Name = IPSEC Services Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\System32\lsass.exe Binary Size = 13312 Binary MD5 = 8235198cdb70aaeb3c1435c1911641f9

Service Name = ProtectedStorage Service Display Name = Protected Storage Opened = YES Status = Running Query = SUCCESS Service Type = 288 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\system32\lsass.exe Binary Size = 13312 Binary MD5 = 8235198cdb70aaeb3c1435c1911641f9

Service Name = RasMan Service Display Name = Remote Access Connection Manager Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 3 Service Error Control = 1 Service Binary Path = C:\WINDOWS\System32\svchost.exe -k netsvcs Binary Size = 0 Binary MD5 =

Service Name = RpcSs Service Display Name = Remote Procedure Call (RPC) Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\system32\svchost -k rpcss Binary Size = 0 Binary MD5 =

Service Name = SamSs Service Display Name = Security Accounts Manager Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\system32\lsass.exe Binary Size = 13312 Binary MD5 = 8235198cdb70aaeb3c1435c1911641f9

Service Name = seclogon Service Display Name = Secondary Logon Opened = YES Status = Running Query = SUCCESS Service Type = 288 Service Start Type = 2 Service Error Control = 0 Service Binary Path = C:\WINDOWS\System32\svchost.exe -k netsvcs Binary Size = 0 Binary MD5 =

Service Name = SENS Service Display Name = System Event Notification Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\system32\svchost.exe -k netsvcs Binary Size = 0 Binary MD5 =

Service Name = ShellHWDetection Service Display Name = Shell Hardware Detection Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 2 Service Error Control = 0 Service Binary Path = C:\WINDOWS\System32\svchost.exe -k netsvcs Binary Size = 0 Binary MD5 =

Service Name = Spooler Service Display Name = Print Spooler Opened = YES Status = Running Query = SUCCESS Service Type = 272 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\system32\spoolsv.exe Binary Size = 57856 Binary MD5 = da81ec57acd4cdc3d4c51cf3d409af9f

Service Name = srservice Service Display Name = System Restore Service Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\System32\svchost.exe -k netsvcs Binary Size = 0 Binary MD5 =

Service Name = SSDPSRV Service Display Name = SSDP Discovery Service Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 3 Service Error Control = 1 Service Binary Path = C:\WINDOWS\System32\svchost.exe -k LocalService Binary Size = 0 Binary MD5 =

Service Name = stisvc Service Display Name = Windows Image Acquisition (WIA) Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\System32\svchost.exe -k imgsvc Binary Size = 0 Binary MD5 =

Service Name = Symantec AntiVirus Service Display Name = Symantec AntiVirus Opened = YES Status = Running Query = SUCCESS Service Type = 272 Service Start Type = 2 Service Error Control = 0 Service Binary Path = "C:\Programfiler\Symantec AntiVirus\Rtvscan.exe" Binary Size = 0 Binary MD5 =

Service Name = szserver Service Display Name = STOPzilla Service Opened = YES Status = Running Query = SUCCESS Service Type = 272 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\Programfiler\Fellesfiler\STOPzilla!\SZServer.exe Binary Size = 20536 Binary MD5 = b7ddf0aaae0d05be1768ef5468d65559

Service Name = TapiSrv Service Display Name = Telephony Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 3 Service Error Control = 1 Service Binary Path = C:\WINDOWS\System32\svchost.exe -k netsvcs Binary Size = 0 Binary MD5 =

Service Name = TermService Service Display Name = Terminal Services Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 3 Service Error Control = 1 Service Binary Path = C:\WINDOWS\System32\svchost -k DComLaunch Binary Size = 0 Binary MD5 =

Service Name = Themes Service Display Name = Themes Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\System32\svchost.exe -k netsvcs Binary Size = 0 Binary MD5 =

Service Name = TrkWks Service Display Name = Distributed Link Tracking Client Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\system32\svchost.exe -k netsvcs Binary Size = 0 Binary MD5 =

Service Name = UMWdf Service Display Name = Windows User Mode Driver Framework Opened = YES Status = Running Query = SUCCESS Service Type = 16 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\system32\wdfmgr.exe Binary Size = 38912 Binary MD5 = ab0a7ca90d9e3d6a193905dc1715ded0

Service Name = W32Time Service Display Name = Windows Time Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\System32\svchost.exe -k netsvcs Binary Size = 0 Binary MD5 =

Service Name = WebClient Service Display Name = WebClient Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\System32\svchost.exe -k LocalService Binary Size = 0 Binary MD5 =

Service Name = winmgmt Service Display Name = Windows Management Instrumentation Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 2 Service Error Control = 0 Service Binary Path = C:\WINDOWS\system32\svchost.exe -k netsvcs Binary Size = 0 Binary MD5 =

Service Name = wscsvc Service Display Name = Security Center Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\System32\svchost.exe -k netsvcs Binary Size = 0 Binary MD5 =

Service Name = wuauserv Service Display Name = Automatiske oppdateringer Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\system32\svchost.exe -k netsvcs Binary Size = 0 Binary MD5 =

Service Name = WZCSVC Service Display Name = Wireless Zero Configuration Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\System32\svchost.exe -k netsvcs Binary Size = 0 Binary MD5 =

Service Name = SDhelper Service Display Name = PC Tools Spyware Doctor Opened = YES Status = Running Query = SUCCESS Service Type = 16 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\Programfiler\Spyware Doctor\sdhelp.exe Binary Size = 869048 Binary MD5 = ce4a4bcd7dd1e8a339dab1d02c4dd2b2

#############################WINLOGON DATA#############################

<HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWSNT\CURRENTVERSION\WINLOGON\NOTIFY>

Subkey Name = Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain Filepath = C:\WINDOWS\system32\crypt32.dll File Size = 598528 File MD5 = e41ac56a9256f15a1cc18bc5d7391ced

Subkey Name = Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet Filepath = C:\WINDOWS\system32\cryptnet.dll File Size = 63488 File MD5 = cdd10354d49cf6ecb25f15566202309a

Subkey Name = Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll Filepath = C:\WINDOWS\system32\cscdll.dll File Size = 101888 File MD5 = a1eef57bbcf097413d58d68ffe65df66

Subkey Name = Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui Filepath = C:\WINDOWS\system32\igfxsrvc.dll File Size = 344064 File MD5 = bcfcf31a18a549c940c9555f8c659ea4

Subkey Name = Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\NavLogon Filepath = C:\WINDOWS\system32\NavLogon.dll File Size = 83176 File MD5 = 55dc54c87fa324a4cd32b3b407307671

Subkey Name = Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp Filepath = C:\WINDOWS\system32\wlnotify.dll File Size = 92672 File MD5 = ca80efde56cd06425c13157ea8a5c2c0

Subkey Name = Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule Filepath = C:\WINDOWS\system32\wlnotify.dll File Size = 92672 File MD5 = ca80efde56cd06425c13157ea8a5c2c0

Subkey Name = Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy Filepath = C:\WINDOWS\system32\sclgntfy.dll File Size = 21504 File MD5 = 7108bb00d529b29b145b3c518581acce

Subkey Name = Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn Filepath = C:\WINDOWS\system32\WlNotify.dll File Size = 92672 File MD5 = ca80efde56cd06425c13157ea8a5c2c0

Subkey Name = Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv Filepath = C:\WINDOWS\system32\wlnotify.dll File Size = 92672 File MD5 = ca80efde56cd06425c13157ea8a5c2c0

Subkey Name = Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon Filepath = C:\WINDOWS\system32\WgaLogon.dll File Size = 567016 File MD5 = 9a1b52458a0037ad2f03d484f3872062

Subkey Name = Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon Filepath = C:\WINDOWS\system32\wlnotify.dll File Size = 92672 File MD5 = ca80efde56cd06425c13157ea8a5c2c0

##########################BROWSER ADD-ON DATA##########################

<HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar>

CLSID = {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} FilePath = C:\Programfiler\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\no\msntb.dll File Size = 282624 File MD5 = 6b3b0c6657b3dfead7abc5bfee45b347 Description = 0

CLSID = {2318C2B1-4965-11d4-9B18-009027A5CD4F} FilePath = c:\programfiler\google\googletoolbar2.dll File Size = 1123840 File MD5 = 0cb3475444e18889f0e11d3a5bf40a62 Description = 0

CLSID = {EE5D279F-081B-4404-994D-C6B60AAEBA6D} FilePath = C:\Programfiler\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll File Size = 368640 File MD5 = 01319cf4030b3740ba8261e7024acad1 Description = 0

CLSID = {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} FilePath = C:\Programfiler\Macrogaming\SweetIMBarForIE\toolbar.dll File Size = 552960 File MD5 = e27d2efea0623838b6a1e109c579ea16 Description = 0

<HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Explorer Bars>

CLSID = {4D5C8C25-D075-11d0-B416-00C04FB90376} FilePath = C:\WINDOWS\system32\shdocvw.dll File Size = 1492480 File MD5 = 3b106a656252a05da13435b00e809fda

<HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars>

CLSID = {21569614-B795-46B1-85F4-E737A8DC09AD} FilePath = C:\WINDOWS\system32\browseui.dll File Size = 1022976 File MD5 = 301c62e7020b6a816199315a74fbdb9e

CLSID = {30D02401-6A81-11D0-8274-00C04FD5AE38} FilePath = C:\WINDOWS\System32\browseui.dll File Size = 1022976 File MD5 = 301c62e7020b6a816199315a74fbdb9e

CLSID = {32683183-48a0-441b-a342-7c2a440a9478} FilePath = File Size = 0 File MD5 =

CLSID = {C4EE31F3-4768-11D2-BE5C-00A0C9A83DA1} FilePath = C:\WINDOWS\system32\SHELL32.dll File Size = 8458240 File MD5 = bf08ff36b614a57912c822cc8fa662ed

CLSID = {EFA24E61-B078-11D0-89E4-00C04FC9E26E} FilePath = C:\WINDOWS\system32\shdocvw.dll File Size = 1492480 File MD5 = 3b106a656252a05da13435b00e809fda

CLSID = {EFA24E62-B078-11D0-89E4-00C04FC9E26E} FilePath = C:\WINDOWS\system32\shdocvw.dll File Size = 1492480 File MD5 = 3b106a656252a05da13435b00e809fda

CLSID = {EFA24E64-B078-11D0-89E4-00C04FC9E26E} FilePath = C:\WINDOWS\system32\shdocvw.dll File Size = 1492480 File MD5 = 3b106a656252a05da13435b00e809fda

<HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects>

CLSID = {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} FilePath = C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll File Size = 788664 File MD5 = e0882defe44ed8d7d5746ba737350b79

CLSID = {B56A7D7D-6927-48C8-A975-17DF180C71AC} FilePath = C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll File Size = 833240 File MD5 = 152c9b54970d32ac8678643ae677edb2

CLSID = {E3215F20-3212-11D6-9F8B-00D0B743919D} FilePath = C:\Programfiler\STOPzilla!\SZIEBHO.dll File Size = 143360 File MD5 = 141dd20bc47fac01465d457e12141fa3

<HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Extensions>

CLSID = {08B0E5C0-4FCB-11CF-AAA5-00401C608501} FilePath = File Size = 0 File MD5 =

CLSID = {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} FilePath = File Size = 0 File MD5 =

CLSID = {92780B25-18CC-41C8-B9BE-3C9C571A8263} FilePath = File Size = 0 File MD5 =

CLSID = {FB5F1910-F110-11d2-BB9E-00C04F795683} FilePath = File Size = 0 File MD5 =

<HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions>

CLSID = CmdMapping FilePath = File Size = 0 File MD5 =

<HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks>

CLSID = {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} FilePath = C:\Programfiler\Macrogaming\SweetIMBarForIE\toolbar.dll File Size = 552960 File MD5 = e27d2efea0623838b6a1e109c579ea16 Description =

##########################LSP CHAIN DATA##########################

<HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\WINSOCK2\PARAMETERS>

Sequence Num = SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000001 Filepath = C:\WINDOWS\system32\mswsock.dll File Size = 246784 File MD5 = 1356cd8e82aea138a931bdb3b4a2122d

Sequence Num = SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000002 Filepath = C:\WINDOWS\system32\mswsock.dll File Size = 246784 File MD5 = 1356cd8e82aea138a931bdb3b4a2122d

Sequence Num = SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000003 Filepath = C:\WINDOWS\system32\mswsock.dll File Size = 246784 File MD5 = 1356cd8e82aea138a931bdb3b4a2122d

Sequence Num = SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000004 Filepath = C:\WINDOWS\system32\rsvpsp.dll File Size = 90112 File MD5 = 9b2e4e8d3781489daf51502a811b6625

Sequence Num = SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000005 Filepath = C:\WINDOWS\system32\rsvpsp.dll File Size = 90112 File MD5 = 9b2e4e8d3781489daf51502a811b6625

Sequence Num = SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000006 Filepath = C:\WINDOWS\system32\mswsock.dll File Size = 246784 File MD5 = 1356cd8e82aea138a931bdb3b4a2122d

Sequence Num = SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000007 Filepath = C:\WINDOWS\system32\mswsock.dll File Size = 246784 File MD5 = 1356cd8e82aea138a931bdb3b4a2122d

Sequence Num = SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000008 Filepath = C:\WINDOWS\system32\mswsock.dll File Size = 246784 File MD5 = 1356cd8e82aea138a931bdb3b4a2122d

Sequence Num = SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000009 Filepath = C:\WINDOWS\system32\mswsock.dll File Size = 246784 File MD5 = 1356cd8e82aea138a931bdb3b4a2122d

Sequence Num = SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000010 Filepath = C:\WINDOWS\system32\mswsock.dll File Size = 246784 File MD5 = 1356cd8e82aea138a931bdb3b4a2122d

Sequence Num = SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000011 Filepath = C:\WINDOWS\system32\mswsock.dll File Size = 246784 File MD5 = 1356cd8e82aea138a931bdb3b4a2122d

Sequence Num = SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000012 Filepath = C:\WINDOWS\system32\mswsock.dll File Size = 246784 File MD5 = 1356cd8e82aea138a931bdb3b4a2122d

Sequence Num = SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000013 Filepath = C:\WINDOWS\system32\mswsock.dll File Size = 246784 File MD5 = 1356cd8e82aea138a931bdb3b4a2122d

Sequence Num = SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000014 Filepath = C:\WINDOWS\system32\mswsock.dll File Size = 246784 File MD5 = 1356cd8e82aea138a931bdb3b4a2122d

Sequence Num = SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000015 Filepath = C:\WINDOWS\system32\mswsock.dll File Size = 246784 File MD5 = 1356cd8e82aea138a931bdb3b4a2122d

Sequence Num = SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000016 Filepath = C:\WINDOWS\system32\mswsock.dll File Size = 246784 File MD5 = 1356cd8e82aea138a931bdb3b4a2122d

Sequence Num = SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000017 Filepath = C:\WINDOWS\system32\mswsock.dll File Size = 246784 File MD5 = 1356cd8e82aea138a931bdb3b4a2122d

Sequence Num = SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000018 Filepath = C:\WINDOWS\system32\mswsock.dll File Size = 246784 File MD5 = 1356cd8e82aea138a931bdb3b4a2122d

Sequence Num = SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000019 Filepath = C:\WINDOWS\system32\mswsock.dll File Size = 246784 File MD5 = 1356cd8e82aea138a931bdb3b4a2122d

Sequence Num = SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000020 Filepath = C:\WINDOWS\system32\mswsock.dll File Size = 246784 File MD5 = 1356cd8e82aea138a931bdb3b4a2122d

Sequence Num = SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000021 Filepath = C:\WINDOWS\system32\mswsock.dll File Size = 246784 File MD5 = 1356cd8e82aea138a931bdb3b4a2122d

Sequence Num = SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000022 Filepath = C:\WINDOWS\system32\mswsock.dll File Size = 246784 File MD5 = 1356cd8e82aea138a931bdb3b4a2122d

Sequence Num = SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000023 Filepath = C:\WINDOWS\system32\mswsock.dll File Size = 246784 File MD5 = 1356cd8e82aea138a931bdb3b4a2122d

Sequence Num = SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000024 Filepath = C:\WINDOWS\system32\mswsock.dll File Size = 246784 File MD5 = 1356cd8e82aea138a931bdb3b4a2122d

Sequence Num = SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000025 Filepath = C:\WINDOWS\system32\mswsock.dll File Size = 246784 File MD5 = 1356cd8e82aea138a931bdb3b4a2122d

Sequence Num = SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000026 Filepath = C:\WINDOWS\system32\mswsock.dll File Size = 246784 File MD5 = 1356cd8e82aea138a931bdb3b4a2122d

##########################UNINSTALL DATA##########################

<HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL>

Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\Ad-Aware SE Personal DisplayName = Ad-Aware SE Personal

Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\AddressBook

Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Photoshop 7.0 DisplayName = Adobe Photoshop 7.0 InstallLocation = C:\Programfiler\Adobe\Photoshop 7.0

Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\Agere Systems Soft Modem DisplayName = Agere Systems AC'97 Modem

Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\Branding

Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\Brukerhåndbok for ESPR220 DisplayName = Brukerhåndbok for ESPR220 InstallLocation = C:\Programfiler\EPSON\TPMANUAL\ESPR220\REF_G

Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\CCleaner DisplayName = CCleaner (remove only)

Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\Connection Manager

Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\Deluxe Menu DisplayName = Deluxe Menu

Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\DirectAnimation

Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\DirectDrawEx

Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\DrillPro Oppstartpakke DisplayName = DrillPro Oppstartpakke

Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\DXM_Runtime

Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\EaccelSetup DisplayName = eAcceleration

Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\eac_ssupload

Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\eac_vclnr

Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\EPSON Printer and Utilities DisplayName = EPSON-skriverprogramvare

Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\expinst

Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\Fontcore

Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\FreeUndelete DisplayName = FreeUndelete

Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\GIF Construction Set Professional 3 DisplayName = GIF Construction Set Professional 3

Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\Hollywood FX 4.6 DisplayName = Pinnacle Hollywood FX 4.6

Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\ICW

Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\IE40

Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\IE4Data

Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\IE5BAKEX

Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\IEData

Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\IEREADME

Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield Uninstall Information

Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{20C45B32-5AB6-46A4-94EF-58950CAF05E5} DisplayName = EPSON Attach To Email InstallLocation = C:\Programfiler\EPSON\Creativity Suite\Attach To Email\

Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{3CB41017-F5CA-4C56-934C-ED02156251E6} DisplayName = iTunes InstallLocation = C:\Programfiler\iTunes\

Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB834707 DisplayName = Windows XP hurtigreparasjon - KB834707

Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB867282 DisplayName = Windows XP hurtigreparasjon - KB867282

Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB870669 DisplayName = Microsoft Data Access Components KB870669

Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB873333 DisplayName = Windows XP hurtigreparasjon - KB873333

Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB873339 DisplayName = Windows XP hurtigreparasjon - KB873339

Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB883939 DisplayName = Sikkerhetsoppdatering for Windows XP (KB883939)

Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB884016

Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB885250 DisplayName = Windows XP hurtigreparasjon - KB885250

Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB885835 DisplayName = Windows XP hurtigreparasjon - KB885835

Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB885836 DisplayName = Windows XP hurtigreparasjon - KB885836

Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB885884 DisplayName = Windows XP hurtigreparasjon - KB885884

Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB886185 DisplayName = Windows XP hurtigreparasjon - KB886185

Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB887472 DisplayName = Windows XP hurtigreparasjon - KB887472

Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB887742 DisplayName = Windows XP hurtigreparasjon - KB887742

Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB887797 DisplayName = Windows XP hurtigreparasjon - KB887797

Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB888113 DisplayName = Windows XP hurtigreparasjon - KB888113

Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB888302 DisplayName = Windows XP hurtigreparasjon - KB888302

Su

Lenke til kommentar

Videoannonse

Videoannonse
Annonse
berxter

berxter

Skrevet
Skrevet (endret)

Joa, du har noe grums...

Etterhvert vil vi gjerne at du poster en HijackThislogg, men her var det såpass mye forskjellig og uoversiktlig at jeg vil plage deg til å gå igjennom hele regla Her. Istedet for punkt 13 bør du bruke ccleaner (google)., i step 7 bør du huske på å ta ned VX2cleaner som du finner på Adawares side, i step 5 anbefaler jeg at du velger Ewido.

 

Når du har gått igjennom hele visa ser vi gjerne en HJTlogg.

 

Bernt K

Endret av berxter
Lenke til kommentar

Opprett en konto eller logg inn for å kommentere

Du må være et medlem for å kunne skrive en kommentar

Opprett konto

Det er enkelt å melde seg inn for å starte en ny konto!

Start en konto

Logg inn

Har du allerede en konto? Logg inn her.

Logg inn nå
Gå til emneliste

  • Hvem er aktive   0 medlemmer

    • Ingen innloggede medlemmer aktive
×
×
  • Opprett ny...