Nätverks problem efter påbörjad borttagning av msnvirus (winstall)

[PärH]

Håller på och hjälper en bekant med att ta bort ett msnvirus och andra otrevigheter i hennes dator.

 

Detta har vi gjort hittils:

Uppdaterat och kört AVG Antivirus, AdAware och AVG Antispy. Har även kört dessa i felsäkert läge.

 

Hon tog även bort några ikoner på skrivbordet som kommit upp i samband med infektionen.

 

Installerat och kört HJT så jag har en logg som jag fått via epost (då jag hjälper henne via telefon).

 

Hur lägger jag in loggen så ni kan se den, jag hittar ingen LOGG knapp?? (kör Opera 8.51)

 

Vi trodde vi fått bort otrevligheterna (detta var innan vi installerade och körde HJT, och jag sett loggen), men sedan började nätverksanslutningen (alltså internet) komma och gå, den går att reparera så funkar den ett tag.

 

Som sagt, jag ser att det finns otrevligheter kvar i loggen, och behöver hjälp med att ta bort dem på rätt sätt. Samt se om ni hittar mer.

 

Nåväl här kommer mardrömmen för en teknker då någon redan varit inne och pillat .

 

/Pär

 

 

 

 

[Cecilia]

I Opera syns mycket riktigt inte LOG-knappen, då får du skriva in [ LOG] utan mellanrummet före och efter loggen.

 

Men eftersom du skriver det gäller MSN-masken så skulle jag rekommendera följande först.

Avinstallera MSN eftersom själva programfilen är infekterad ibland.

samt

Ladda hem och installera gratisversionen av SUPERAntiSpyware Free Edition:

http://www.superantispyware.com/download.html

Starta programmet, klicka på Check for updates.

Avsluta programmet när uppdateringen är klar.

 

Starta om datorn i felsäkert läge (tryck F8 upprepade gånger under uppstarten och välj felsäkert läge i menyn).

 

Starta SUPERAntiSpyware och klicka på Scan your Computer.

Bocka för alla hårddiskar (fixed drive/disk).

Välj Perform complete scan

Nästa/Next

 

När skanningen är klar som kommer det upp en sammanfattning, tryck på OK

Nästa/Next

Utför eller liknande

Ett fönster med Quarantine and removal Complete kommer upp

OK

Utför eller liknande

Avsluta programmet.

 

Starta om i normalt läge.

 

Starta programmet, tryck på Preferences, välj filken Statistics/Logs

Dubbelklicka på den nyaste SUPERAntiSpyware Scan Log så att loggen kommer upp i Anteckningar.

Klistra in loggen i ditt svar samt en ny HijackThis-logg.

 

Jag hinner nog inte titta på loggarna förrän i morgon.

 

Eftersom du verkar kunnig så kan du fortsätta med följande också för det brukar alltid finnas PurityScan efter MSN-masken:

 

Ladda ner http://www.mvps.org/winhelp2002/hosts.zip till Skrivbordet.

Packa upp filen. En ny mapp Hosts skapas på Skrivbordet.

Dubbelklicka på mappen för att öppna den.

Dubbelklicka på filen mvps.bat för att starta programmet.

Detta program kommer att byta ut datorns Hosts-fil så att PurityScan-otrevligheten förhindras komma i kontakt med sin skapare. Det kommer också förhindra att du kan besöka sidor som är ökända för att installera otrevligheter på datorn. Du kan läsa mer om det här:

http://www.mvps.org/winhelp2002/hosts.htm

 

Kontrollpanelen - Lägg till eller ta bort program

Om något av följande finns i listan så ta bort:

Oin

Yazzle by Oin

Purityscan by Oin

Snowballwars by Oin

eller något liknande med Oin eller Outerinfo i sig.

Zolero

Tizzletalk

MediaTickets

Cowabanga

 

Ladda ner och kör avinstallationsprogrammet

http://www.outerinfo.com/OiUninstaller.exe

Om du behöver anvisningar så finns de här: http://www.outerinfo.com/howto.html

 

Starta om datorn.

 

Ladda ner ComboFix:

http://download.bleepingcomputer.com/sUBs/combofix.exe

 

Kör den och följ anvisningarna som visas.

 

VIKTIGT! Klicka inte på Combofix-fönstret med musen när den körs annars kan den hänga upp sig.

 

När den är färdig så ska en logg komma upp, klistra in den här, samt en ny HijackThis-logg.

 

[PärH]

Här kommer loggarna:

 

[log]SUPERAntiSpyware Scan Log

Generated 11/29/2006 at 08:38 PM

Application Version : 3.3.1020

Core Rules Database Version : 3138

Trace Rules Database Version: 1155

Scan type : Complete Scan

Total Scan Time : 00:25:04

Memory items scanned : 153

Memory threats detected : 0

Registry items scanned : 3385

Registry threats detected : 9

File items scanned : 18034

File threats detected : 202

Adware.Tracking Cookie

C:\Documents and Settings\Diego Nash\Cookies\diego nash@www.amaena[2].txt

C:\Documents and Settings\Diego Nash\Cookies\diego nash@tacoda[2].txt

C:\Documents and Settings\Diego Nash\Cookies\diego nash@partypoker[2].txt

C:\Documents and Settings\Diego Nash\Cookies\diego nash@atwola[1].txt

C:\Documents and Settings\Diego Nash\Cookies\diego nash@1068159108[1].txt

C:\Documents and Settings\Diego Nash\Cookies\diego nash@tracker.myspacemaps[1].txt

C:\Documents and Settings\Diego Nash\Cookies\diego nash@msnportal.112.2o7[1].txt

C:\Documents and Settings\Diego Nash\Cookies\diego nash@partygaming.122.2o7[1].txt

C:\Documents and Settings\Diego Nash\Cookies\diego nash@ad2.adecn[1].txt

C:\Documents and Settings\Diego Nash\Cookies\diego nash@winantivirus[2].txt

C:\Documents and Settings\Diego Nash\Cookies\diego nash@2o7[1].txt

C:\Documents and Settings\Diego Nash\Cookies\diego nash@admarketplace[2].txt

C:\Documents and Settings\Diego Nash\Cookies\diego nash@atdmt[2].txt

C:\Documents and Settings\Diego Nash\Cookies\diego nash@revsci[2].txt

C:\Documents and Settings\Diego Nash\Cookies\diego nash@ad.yieldmanager[1].txt

C:\Documents and Settings\Diego Nash\Cookies\diego nash@indexstats[2].txt

C:\Documents and Settings\Diego Nash\Cookies\diego nash@focalex[1].txt

C:\Documents and Settings\Diego Nash\Cookies\diego nash@hotbar[2].txt

C:\Documents and Settings\Diego Nash\Cookies\diego nash@mb[2].txt

C:\Documents and Settings\Diego Nash\Cookies\diego nash@1070224606[1].txt

C:\Documents and Settings\Diego Nash\Cookies\diego nash@upspiral[2].txt

C:\Documents and Settings\Diego Nash\Cookies\diego nash@msntrademarketing.112.2o7[1].txt

C:\Documents and Settings\Diego Nash\Cookies\diego nash@ad1.emediate[2].txt

C:\Documents and Settings\Diego Nash\Cookies\diego nash@adopt.hotbar[1].txt

C:\Documents and Settings\Diego Nash\Cookies\diego nash@m1.webstats4u[1].txt

C:\Documents and Settings\Diego Nash\Cookies\diego nash@bluestreak[2].txt

C:\Documents and Settings\Diego Nash\Cookies\diego nash@advertising[1].txt

C:\Documents and Settings\Diego Nash\Cookies\diego nash@msnaccountservices.112.2o7[1].txt

C:\Documents and Settings\Diego Nash\Cookies\diego nash@popularscreensavers[1].txt

C:\Documents and Settings\Diego Nash\Cookies\diego nash@stats.drivecleaner[2].txt

C:\Documents and Settings\Diego Nash\Cookies\diego nash@1071864986[1].txt

C:\Documents and Settings\Diego Nash\Cookies\diego nash@smileycentral[1].txt

C:\Documents and Settings\Diego Nash\Cookies\diego nash@se.winantivirus[1].txt

C:\Documents and Settings\Diego Nash\Cookies\diego nash@tradedoubler[2].txt

C:\Documents and Settings\Diego Nash\Cookies\diego nash@mb[3].txt

C:\Documents and Settings\Diego Nash\Cookies\diego nash@ads.monster[1].txt

C:\Documents and Settings\Diego Nash\Cookies\diego nash@adtech[2].txt

C:\Documents and Settings\Diego Nash\Cookies\diego nash@doubleclick[2].txt

C:\Documents and Settings\Diego Nash\Cookies\diego nash@888[1].txt

C:\Documents and Settings\Diego Nash\Cookies\diego nash@optimost[2].txt

C:\Documents and Settings\Diego Nash\Cookies\diego nash@xiti[1].txt

C:\Documents and Settings\Diego Nash\Cookies\diego nash@xtendmedia[1].txt

C:\Documents and Settings\Diego Nash\Cookies\diego nash@stats[1].txt

C:\Documents and Settings\Diego Nash\Cookies\diego nash@clicksor[1].txt

C:\Documents and Settings\Diego Nash\Cookies\diego nash@www.windowsmedia[2].txt

C:\Documents and Settings\Diego Nash\Cookies\diego nash@82763522[1].txt

C:\Documents and Settings\Diego Nash\Cookies\diego nash@counter.d-n-s[1].txt

C:\Documents and Settings\Diego Nash\Cookies\diego nash@adopt.hbmediapro[2].txt

C:\Documents and Settings\Diego Nash\Cookies\diego nash@amaena[1].txt

C:\Documents and Settings\Diego Nash\Cookies\diego nash@1071230602[1].txt

C:\Documents and Settings\Diego Nash\Cookies\diego nash@azjmp[1].txt

C:\Documents and Settings\Diego Nash\Cookies\diego nash@stats1.reliablestats[2].txt

C:\Documents and Settings\Diego Nash\Cookies\diego nash@drivecleaner[1].txt

C:\Documents and Settings\Diego Nash\Cookies\diego nash@cassava[1].txt

C:\Documents and Settings\Diego Nash\Cookies\diego nash@mb[1].txt

C:\Documents and Settings\Diego Nash\Cookies\diego nash@adbrite[2].txt

C:\Documents and Settings\Diego Nash\Cookies\diego nash@neatcap.freestats[2].txt

C:\Documents and Settings\Diego Nash\Cookies\diego nash@[2].txt

C:\Documents and Settings\Diego Nash\Cookies\diego nash@cgi-bin[2].txt

C:\Documents and Settings\Diego Nash\Cookies\diego nash@www.drivecleaner[2].txt

C:\Documents and Settings\Diego Nash\Cookies\diego nash@ad.adtoma[1].txt

C:\Documents and Settings\Diego Nash\Cookies\diego nash@stat.swedbank[1].txt

C:\Documents and Settings\Diego Nash\Cookies\diego nash@ads1.revenue[1].txt

C:\Documents and Settings\Diego Nash\Cookies\diego nash@kanoodle[1].txt

C:\Documents and Settings\Diego Nash\Cookies\diego nash@ad1.emediate[1].txt

C:\Documents and Settings\Diego Nash\Cookies\diego nash@www.upspiral[2].txt

C:\Documents and Settings\Diego Nash\Cookies\diego nash@1063377603[1].txt

C:\Documents and Settings\Diego Nash\Cookies\diego nash@ads.realtechnetwork[2].txt

C:\Documents and Settings\Diego Nash\Cookies\diego nash@cts.metricsdirect[1].txt

C:\Documents and Settings\Diego Nash\Cookies\diego nash@oc[2].txt

C:\Documents and Settings\Diego Nash\Cookies\diego nash@ad.zanox[2].txt

C:\Documents and Settings\Diego Nash\Cookies\diego nash@nextstat[2].txt

C:\Documents and Settings\Diego Nash\Cookies\diego nash@72518383[2].txt

C:\Documents and Settings\Diego Nash\Cookies\diego nash@adecn[2].txt

C:\Documents and Settings\Diego Nash\Cookies\diego nash@adsrevenue[1].txt

C:\Documents and Settings\Diego Nash\Cookies\diego nash@postclicktracking[1].txt

C:\Documents and Settings\Diego Nash\Cookies\diego nash@stats.sbab[1].txt

C:\Documents and Settings\Diego Nash\Cookies\diego nash@web-stat[2].txt

C:\Documents and Settings\Diego Nash\Cookies\diego nash@www.adtrak[1].txt

C:\Documents and Settings\Diego Nash\Lokala inställningar\Temp\Cookies\diego nash@ad1.emediate[2].txt

C:\Documents and Settings\Diego Nash\Lokala inställningar\Temp\Cookies\diego nash@ad1.emediate[3].txt

Adware.Toolbar888

HKCR\Interface\{C6F2214E-0B54-45A9-B90D-7DD4BA45ED0B}

HKCR\Interface\{C6F2214E-0B54-45A9-B90D-7DD4BA45ED0B}\ProxyStubClsid

HKCR\Interface\{C6F2214E-0B54-45A9-B90D-7DD4BA45ED0B}\ProxyStubClsid32

HKCR\Interface\{C6F2214E-0B54-45A9-B90D-7DD4BA45ED0B}\TypeLib

HKCR\Interface\{C6F2214E-0B54-45A9-B90D-7DD4BA45ED0B}\TypeLib#Version

C:\PROGRAM\DELADE FILER\{3C8A9D97-0380-1053-0919-01082401002E}\888BAR.DLL

Adware.IPWins

HKU\S-1-5-21-1715567821-1078145449-1957994488-1003\Software\IpWins

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IpWins

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IpWins#DisplayName

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IpWins#UninstallString

C:\Program\ipwins\pop101.tmp

C:\Program\ipwins\pop5.tmp

C:\Program\ipwins\Services.dll

C:\Program\ipwins\Uninst.exe

C:\Program\ipwins

Adware.Zango Toolbar/Hb

C:\Documents and Settings\Diego Nash\Application Data\ZangoToolbar\v3.0\ZangoOI\static

C:\Documents and Settings\Diego Nash\Application Data\ZangoToolbar\v3.0\ZangoOI

C:\Documents and Settings\Diego Nash\Application Data\ZangoToolbar\v3.0\ZangoOL\static

C:\Documents and Settings\Diego Nash\Application Data\ZangoToolbar\v3.0\ZangoOL

C:\Documents and Settings\Diego Nash\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\1067095.sdf

C:\Documents and Settings\Diego Nash\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\3251993.sdf

C:\Documents and Settings\Diego Nash\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\ASPL1.dat

C:\Documents and Settings\Diego Nash\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\hstat\34a1.dat

C:\Documents and Settings\Diego Nash\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\hstat

C:\Documents and Settings\Diego Nash\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\TooltipXML\23901

C:\Documents and Settings\Diego Nash\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\TooltipXML\29115

C:\Documents and Settings\Diego Nash\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\TooltipXML\30301

C:\Documents and Settings\Diego Nash\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\TooltipXML\39280

C:\Documents and Settings\Diego Nash\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\TooltipXML\44228

C:\Documents and Settings\Diego Nash\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\TooltipXML\44323

C:\Documents and Settings\Diego Nash\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\TooltipXML\57973

C:\Documents and Settings\Diego Nash\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\TooltipXML\618304

C:\Documents and Settings\Diego Nash\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\TooltipXML\706496

C:\Documents and Settings\Diego Nash\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\TooltipXML\706539

C:\Documents and Settings\Diego Nash\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\TooltipXML\82292

C:\Documents and Settings\Diego Nash\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\TooltipXML\97741

C:\Documents and Settings\Diego Nash\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\TooltipXML

C:\Documents and Settings\Diego Nash\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\ustat\34a1.dat

C:\Documents and Settings\Diego Nash\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\ustat

C:\Documents and Settings\Diego Nash\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic

C:\Documents and Settings\Diego Nash\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1\btntrans1.dat

C:\Documents and Settings\Diego Nash\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1\buttondir.txt

C:\Documents and Settings\Diego Nash\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1\components.cdf

C:\Documents and Settings\Diego Nash\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1\default.cdf

C:\Documents and Settings\Diego Nash\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1\Default_511745-514279.mnu

C:\Documents and Settings\Diego Nash\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1\Default_bidzC_ZT_IE-ca.mnu

C:\Documents and Settings\Diego Nash\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1\Default_bidzC_ZT_IE-us.mnu

C:\Documents and Settings\Diego Nash\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1\Default_categorize.mnu

C:\Documents and Settings\Diego Nash\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1\Default_comparison.mnu

C:\Documents and Settings\Diego Nash\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1\Default_explorer-Mails.mnu

C:\Documents and Settings\Diego Nash\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1\Default_explorer-people.mnu

C:\Documents and Settings\Diego Nash\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1\Default_favorites.mnu

C:\Documents and Settings\Diego Nash\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1\Default_Games.mnu

C:\Documents and Settings\Diego Nash\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1\Default_Hide.mnu

C:\Documents and Settings\Diego Nash\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1\Default_hotbarcom.mnu

C:\Documents and Settings\Diego Nash\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1\Default_Hotmail.mnu

C:\Documents and Settings\Diego Nash\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1\Default_hsskin.mnu

C:\Documents and Settings\Diego Nash\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1\Default_jemster.mnu

C:\Documents and Settings\Diego Nash\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1\Default_jemsterie.mnu

C:\Documents and Settings\Diego Nash\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1\Default_jemsteruk.mnu

C:\Documents and Settings\Diego Nash\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1\Default_jobsearch.mnu

C:\Documents and Settings\Diego Nash\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1\Default_Mails.mnu

C:\Documents and Settings\Diego Nash\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1\Default_MobileSidewalk.mnu

C:\Documents and Settings\Diego Nash\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1\Default_new.mnu

C:\Documents and Settings\Diego Nash\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1\Default_premium.mnu

C:\Documents and Settings\Diego Nash\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1\Default_reun.mnu

C:\Documents and Settings\Diego Nash\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1\Default_ringtones.mnu

C:\Documents and Settings\Diego Nash\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1\Default_SearchBoxTrapper.mnu

C:\Documents and Settings\Diego Nash\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1\Default_searchfor.mnu

C:\Documents and Settings\Diego Nash\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1\Default_searchgo.mnu

C:\Documents and Settings\Diego Nash\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1\Default_weather.mnu

C:\Documents and Settings\Diego Nash\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1\Default_yellowpages.mnu

C:\Documents and Settings\Diego Nash\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1\d_icons_buttons_1000.res

C:\Documents and Settings\Diego Nash\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1\d_icons_buttons_2000.res

C:\Documents and Settings\Diego Nash\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1\d_icons_buttons_3000.res

C:\Documents and Settings\Diego Nash\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1\d_icons_buttons_bar.res

C:\Documents and Settings\Diego Nash\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1\d_icons_buttons_bbar1.res

C:\Documents and Settings\Diego Nash\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1\d_icons_buttons_logos.res

C:\Documents and Settings\Diego Nash\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1\d_icons_buttons_other.res

C:\Documents and Settings\Diego Nash\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1\email-def-511724-548964.mnu

C:\Documents and Settings\Diego Nash\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1\email-def-511724-9595.mnu

C:\Documents and Settings\Diego Nash\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1\email-t1-bg.res

C:\Documents and Settings\Diego Nash\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1\icons2.res

C:\Documents and Settings\Diego Nash\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1\keywords.idx

C:\Documents and Settings\Diego Nash\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1\keywords1.dat

C:\Documents and Settings\Diego Nash\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1\layout.cdf

C:\Documents and Settings\Diego Nash\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1\linkpathlegal.txt

C:\Documents and Settings\Diego Nash\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1\progress.res

C:\Documents and Settings\Diego Nash\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1\sales_buttons.res

C:\Documents and Settings\Diego Nash\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1\s_icons_buttons.res

C:\Documents and Settings\Diego Nash\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1\t2_bg.res

C:\Documents and Settings\Diego Nash\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1\theweb.mnu

C:\Documents and Settings\Diego Nash\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1\top7.cdf[/log]

 

 

[log]Diego Nash - 06-11-29 21:16:05,64 Service Pack 2

ComboFix 06.11.27W - Running from: "C:\Documents and Settings\Diego Nash\Skrivbord"

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

 

C:\Program\Inetget2

C:\Program\Delade filer\{3C8A9D97-0380-1053-0919-01082401002e}

C:\Program\Delade filer\{8C8A9D97-0380-1053-0919-01082401002e}

 

((((((((((((((((((((((((((((((( Files Created from 2006-10-29 to 2006-11-29 ))))))))))))))))))))))))))))))))))

 

 

2006-11-29 20:08 <KAT> d-------- C:\Program\SUPERAntiSpyware

2006-11-29 20:08 <KAT> d-------- C:\Documents and Settings\Diego Nash\Application Data\SUPERAntiSpyware.com

2006-11-29 20:07 <KAT> d-------- C:\Program\Delade filer\Wise Installation Wizard

2006-11-29 20:06 <KAT> d--hs---- C:\Config.Msi

2006-11-29 00:06 <KAT> d-------- C:\Documents and Settings\All Users\Application Data\Windows Live Toolbar

2006-11-29 00:05 <KAT> d-------- C:\Program\Windows Live Toolbar

2006-11-28 22:36 <KAT> d-------- C:\WINDOWS\system32\appmgmt

2006-11-28 22:36 <KAT> d-------- C:\WINDOWS\SxsCaPendDel

2006-11-28 22:07 <KAT> d-------- C:\Program\Hijackthis

2006-11-28 20:52 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys

2006-11-28 20:28 <KAT> d-------- C:\WINDOWS\CSC

2006-11-27 20:16 <KAT> d-------- C:\Program\Lavasoft

2006-11-27 20:16 <KAT> d-------- C:\Documents and Settings\Diego Nash\Application Data\Lavasoft

2006-11-27 00:05 <KAT> d-------- C:\Documents and Settings\All Users\Application Data\Google

2006-11-26 23:51 <KAT> d-------- C:\Documents and Settings\Diego Nash\cbt

2006-11-26 23:45 <KAT> d-------- C:\WINDOWS\Sun

2006-11-26 23:45 <KAT> d-------- C:\Program\Google

2006-11-26 23:45 <KAT> d-------- C:\Documents and Settings\Diego Nash\Application Data\Sun

2006-11-26 23:45 <KAT> d-------- C:\Documents and Settings\Diego Nash\Application Data\Google

2006-11-26 23:43 <KAT> d-------- C:\Program\Java

2006-11-26 23:43 <KAT> d-------- C:\Program\Delade filer\Java

2006-11-20 16:30 <KAT> dr-h----- C:\$VAULT$.AVG

2006-11-19 19:53 1,060,864 --a------ C:\WINDOWS\system32\mfc71.dll

2006-11-13 15:01 <KAT> d-------- C:\Documents and Settings\Diego Nash\Application Data\AdobeUM

2006-11-12 19:49 <KAT> d-------- C:\Documents and Settings\Diego Nash\Application Data\MySpace

2006-11-12 19:48 <KAT> d-------- C:\Program\MySpace

2006-11-12 12:28 <KAT> d-------- C:\WINDOWS\NKCCDViewerSetting

2006-11-12 03:44 <KAT> d-------- C:\Program\LNM Client

2006-11-11 22:42 <KAT> d---s---- C:\Documents and Settings\Diego Nash\UserData

2006-11-10 19:13 <KAT> d-------- C:\Documents and Settings\Diego Nash\Application Data\Macromedia

2006-11-10 12:18 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys

2006-11-10 12:17 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys

2006-11-09 20:57 <KAT> d-------- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage

2006-11-09 20:56 <KAT> d-------- C:\WINDOWS\system32\ReinstallBackups

2006-11-09 20:22 26,496 --a------ C:\WINDOWS\system32\drivers\USBSTOR.SYS

2006-11-09 20:21 <KAT> d--hs---- C:\RECYCLER

2006-11-09 20:16 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe

2006-11-09 20:16 <KAT> d-------- C:\WINDOWS\system32\PreInstall

2006-11-09 20:15 <KAT> d--h----- C:\WINDOWS\$hf_mig$

2006-11-09 20:15 <KAT> d-------- C:\Documents and Settings\All Users\Application Data\Adobe

2006-11-09 20:12 <KAT> d-------- C:\Program\Adobe

2006-11-09 20:06 <KAT> d-------- C:\Program\Delade filer\Adobe

2006-11-09 20:06 <KAT> d-------- C:\Documents and Settings\Diego Nash\Application Data\Adobe

2006-11-09 20:02 <KAT> d-------- C:\Documents and Settings\Diego Nash\Contacts

2006-11-09 20:01 <KAT> d----c--- C:\WINDOWS\system32\DRVSTORE

2006-11-09 20:01 <KAT> d-------- C:\Program\MSN Messenger

2006-11-09 19:55 816,672 --a------ C:\WINDOWS\system32\drivers\avg7core.sys

2006-11-09 19:55 499,712 --a------ C:\WINDOWS\system32\msvcp71.dll

2006-11-09 19:55 4,960 --a------ C:\WINDOWS\system32\drivers\avgtdi.sys

2006-11-09 19:55 4,224 --a------ C:\WINDOWS\system32\drivers\avg7rsw.sys

2006-11-09 19:55 348,160 --a------ C:\WINDOWS\system32\msvcr71.dll

2006-11-09 19:55 3,968 --a------ C:\WINDOWS\system32\drivers\avgclean.sys

2006-11-09 19:55 28,416 --a------ C:\WINDOWS\system32\drivers\avg7rsxp.sys

2006-11-09 19:55 18,240 --a------ C:\WINDOWS\system32\drivers\avgmfx86.sys

2006-11-09 19:55 <KAT> d-------- C:\Program\Grisoft

2006-11-09 19:55 <KAT> d-------- C:\Documents and Settings\Diego Nash\Application Data\AVG7

2006-11-09 19:55 <KAT> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft

2006-11-09 19:55 <KAT> d-------- C:\Documents and Settings\All Users\Application Data\avg7

2006-11-09 19:36 <KAT> d-------- C:\Program\Mozilla Firefox

2006-11-09 19:36 <KAT> d-------- C:\Documents and Settings\Diego Nash\Application Data\Mozilla

2006-11-09 19:32 <KAT> d-------- C:\WINDOWS\system32\SoftwareDistribution

2006-11-08 23:43 82,944 --a------ C:\WINDOWS\system32\drivers\wdmaud.sys

2006-11-08 23:43 7,552 --a------ C:\WINDOWS\system32\drivers\MSKSSRV.sys

2006-11-08 23:43 60,800 --a------ C:\WINDOWS\system32\drivers\sysaudio.sys

2006-11-08 23:43 6,400 --a------ C:\WINDOWS\system32\drivers\splitter.sys

2006-11-08 23:43 54,272 --a------ C:\WINDOWS\system32\drivers\swmidi.sys

2006-11-08 23:43 52,864 --a------ C:\WINDOWS\system32\drivers\DMusic.sys

2006-11-08 23:43 5,376 --a------ C:\WINDOWS\system32\drivers\MSPCLOCK.sys

2006-11-08 23:43 4,992 --a------ C:\WINDOWS\system32\drivers\MSPQM.sys

2006-11-08 23:43 3,072 --a------ C:\WINDOWS\system32\drivers\audstub.sys

2006-11-08 23:43 2,944 --a------ C:\WINDOWS\system32\drivers\drmkaud.sys

2006-11-08 23:43 172,416 --a------ C:\WINDOWS\system32\drivers\kmixer.sys

2006-11-08 23:43 142,464 --a------ C:\WINDOWS\system32\drivers\aec.sys

2006-11-08 23:42 93,952 --a------ C:\WINDOWS\system32\drivers\cwcwdm.sys

2006-11-08 23:42 9,344 --a------ C:\WINDOWS\system32\drivers\compbatt.sys

2006-11-08 23:42 82,432 --a------ C:\WINDOWS\system32\tp4mon.exe

2006-11-08 23:42 60,288 --a------ C:\WINDOWS\system32\drivers\drmk.sys

2006-11-08 23:42 58,112 --a------ C:\WINDOWS\system32\drivers\redbook.sys

2006-11-08 23:42 42,496 --a------ C:\WINDOWS\system32\tp4res.dll

2006-11-08 23:42 4,096 --a------ C:\WINDOWS\system32\ksuser.dll

2006-11-08 23:42 31,744 --a------ C:\WINDOWS\system32\tp4.dll

2006-11-08 23:42 145,792 --a------ C:\WINDOWS\system32\drivers\portcls.sys

2006-11-08 23:42 14,080 --a------ C:\WINDOWS\system32\drivers\CmBatt.sys

2006-11-08 23:42 14,080 --a------ C:\WINDOWS\system32\drivers\battc.sys

2006-11-08 23:42 11,520 --a------ C:\WINDOWS\system32\drivers\TwoTrack.sys

2006-11-08 23:42 10,624 --a------ C:\WINDOWS\system32\drivers\gameenum.sys

2006-11-08 23:41 87,424 --a------ C:\WINDOWS\system32\drivers\irda.sys

2006-11-08 23:41 8,192 --a------ C:\WINDOWS\system32\wshirda.dll

2006-11-08 23:41 75,392 --a------ C:\WINDOWS\system32\drivers\s3savmxm.sys

2006-11-08 23:41 75,264 --a------ C:\WINDOWS\system32\usbui.dll

2006-11-08 23:41 606,812 --a------ C:\WINDOWS\system32\drivers\ltmdmnt.sys

2006-11-08 23:41 28,672 --a------ C:\WINDOWS\system32\drivers\nscirda.sys

2006-11-08 23:41 27,136 --a------ C:\WINDOWS\system32\irmon.dll

2006-11-08 23:41 245,632 --a------ C:\WINDOWS\system32\s3savmx.dll

2006-11-08 23:41 19,584 --a------ C:\WINDOWS\system32\drivers\rasirda.sys

2006-11-08 23:41 153,088 --a------ C:\WINDOWS\system32\irftp.exe

2006-11-08 23:40 42,368 --a------ C:\WINDOWS\system32\drivers\AGP440.SYS

2006-11-08 23:40 3,712 --a------ C:\WINDOWS\system32\drivers\cwcos.sys

2006-11-08 23:40 117,760 --a------ C:\WINDOWS\system32\drivers\e100b325.sys

2006-11-08 23:40 112,384 --a------ C:\WINDOWS\system32\drivers\cwcspud.sys

2006-11-08 23:40 <KAT> d-------- C:\WINDOWS\cwcdata

2006-11-08 23:38 9,936 --a------ C:\WINDOWS\system\LZEXPAND.DLL

2006-11-08 23:38 9,072 --a------ C:\WINDOWS\system\VER.DLL

2006-11-08 23:38 85,020 --a------ C:\WINDOWS\system32\dgsetup.dll

2006-11-08 23:38 82,944 --a------ C:\WINDOWS\system\OLECLI.DLL

2006-11-08 23:38 8,704 --a------ C:\WINDOWS\system32\batt.dll

2006-11-08 23:38 8,192 -ra------ C:\WINDOWS\system32\kbdhept.dll

2006-11-08 23:38 70,128 --a------ C:\WINDOWS\system\AVICAP.DLL

2006-11-08 23:38 7,168 -ra------ C:\WINDOWS\system32\kbdcz.dll

2006-11-08 23:38 6,656 -ra------ C:\WINDOWS\system32\kbdycl.dll

2006-11-08 23:38 6,656 -ra------ C:\WINDOWS\system32\kbdsl1.dll

2006-11-08 23:38 6,656 -ra------ C:\WINDOWS\system32\kbdsl.dll

2006-11-08 23:38 6,656 -ra------ C:\WINDOWS\system32\kbdpl.dll

2006-11-08 23:38 6,656 -ra------ C:\WINDOWS\system32\kbdhu.dll

2006-11-08 23:38 6,656 -ra------ C:\WINDOWS\system32\kbdhela3.dll

2006-11-08 23:38 6,656 -ra------ C:\WINDOWS\system32\kbdcz2.dll

2006-11-08 23:38 6,656 -ra------ C:\WINDOWS\system32\kbdcz1.dll

2006-11-08 23:38 6,656 -ra------ C:\WINDOWS\system32\kbdcr.dll

2006-11-08 23:38 6,656 -ra------ C:\WINDOWS\system32\KBDAL.DLL

2006-11-08 23:38 6,144 -ra------ C:\WINDOWS\system32\kbdtuq.dll

2006-11-08 23:38 6,144 -ra------ C:\WINDOWS\system32\kbdtuf.dll

2006-11-08 23:38 6,144 -ra------ C:\WINDOWS\system32\kbdlv1.dll

2006-11-08 23:38 6,144 -ra------ C:\WINDOWS\system32\kbdlv.dll

2006-11-08 23:38 6,144 -ra------ C:\WINDOWS\system32\kbdhela2.dll

2006-11-08 23:38 6,144 -ra------ C:\WINDOWS\system32\kbdgkl.dll

2006-11-08 23:38 6,144 -ra------ C:\WINDOWS\system32\kbdest.dll

2006-11-08 23:38 5,632 -ra------ C:\WINDOWS\system32\kbdycc.dll

2006-11-08 23:38 5,632 -ra------ C:\WINDOWS\system32\kbduzb.dll

2006-11-08 23:38 5,632 -ra------ C:\WINDOWS\system32\kbdur.dll

2006-11-08 23:38 5,632 -ra------ C:\WINDOWS\system32\kbdtat.dll

2006-11-08 23:38 5,632 -ra------ C:\WINDOWS\system32\kbdru1.dll

2006-11-08 23:38 5,632 -ra------ C:\WINDOWS\system32\kbdru.dll

2006-11-08 23:38 5,632 -ra------ C:\WINDOWS\system32\kbdro.dll

2006-11-08 23:38 5,632 -ra------ C:\WINDOWS\system32\kbdpl1.dll

2006-11-08 23:38 5,632 -ra------ C:\WINDOWS\system32\kbdmon.dll

2006-11-08 23:38 5,632 -ra------ C:\WINDOWS\system32\kbdlt1.dll

2006-11-08 23:38 5,632 -ra------ C:\WINDOWS\system32\kbdlt.dll

2006-11-08 23:38 5,632 -ra------ C:\WINDOWS\system32\kbdkyr.dll

2006-11-08 23:38 5,632 -ra------ C:\WINDOWS\system32\kbdkaz.dll

2006-11-08 23:38 5,632 -ra------ C:\WINDOWS\system32\kbdhu1.dll

2006-11-08 23:38 5,632 -ra------ C:\WINDOWS\system32\kbdhe319.dll

2006-11-08 23:38 5,632 -ra------ C:\WINDOWS\system32\kbdhe220.dll

2006-11-08 23:38 5,632 -ra------ C:\WINDOWS\system32\kbdhe.dll

2006-11-08 23:38 5,632 -ra------ C:\WINDOWS\system32\kbdbu.dll

2006-11-08 23:38 5,632 -ra------ C:\WINDOWS\system32\kbdblr.dll

2006-11-08 23:38 5,632 -ra------ C:\WINDOWS\system32\kbdazel.dll

2006-11-08 23:38 5,632 -ra------ C:\WINDOWS\system32\kbdaze.dll

2006-11-08 23:38 5,120 --a------ C:\WINDOWS\system\SHELL.DLL

2006-11-08 23:38 33,008 --a------ C:\WINDOWS\system\COMMDLG.DLL

2006-11-08 23:38 24,661 --a------ C:\WINDOWS\system32\spxcoins.dll

2006-11-08 23:38 24,064 --a------ C:\WINDOWS\system\OLESVR.DLL

2006-11-08 23:38 19,200 --a------ C:\WINDOWS\system\TAPI.DLL

2006-11-08 23:38 176,157 --a------ C:\WINDOWS\system32\dgrpsetu.dll

2006-11-08 23:38 15,360 --a------ C:\WINDOWS\TASKMAN.EXE

2006-11-08 23:38 13,312 --a------ C:\WINDOWS\system32\irclass.dll

2006-11-08 23:38 126,928 --a------ C:\WINDOWS\system\MSVIDEO.DLL

2006-11-08 23:38 11,264 --a------ C:\WINDOWS\system32\drivers\irenum.sys

2006-11-08 23:38 109,504 --a------ C:\WINDOWS\system\AVIFILE.DLL

2006-11-08 23:38 103,424 --a------ C:\WINDOWS\system32\EqnClass.Dll

2006-11-08 23:38 <KAT> d-a------ C:\Program\Delade filer\..

2006-11-08 23:38 <KAT> d-a------ C:\Program\Delade filer\.

2006-11-08 23:38 <KAT> d-a------ C:\Program\Delade filer

2006-11-08 23:38 <KAT> d-a------ C:\Program\.

2006-11-08 23:38 <KAT> d-a------ C:\Program

2006-11-08 23:38 <KAT> d--hs---- C:\WINDOWS\Installer

2006-11-08 23:38 <KAT> d--hs---- C:\Program\..

2006-11-08 23:38 <KAT> d-------- C:\Program\Delade filer\SpeechEngines

2006-11-08 23:38 <KAT> d-------- C:\Program\Delade filer\ODBC

2006-11-08 23:38 <KAT> d-------- C:\Program\Delade filer\Microsoft Shared

2006-11-08 23:37 75,264 --a------ C:\WINDOWS\system32\storprop.dll

2006-11-08 23:37 69,632 --a------ C:\WINDOWS\NOTEPAD.EXE

2006-11-08 23:37 69,072 --a------ C:\WINDOWS\system\MMSYSTEM.DLL

2006-11-08 23:37 <KAT> dr-h----- C:\Documents and Settings\All Users\Application Data\.

2006-11-08 23:37 <KAT> dr-h----- C:\Documents and Settings\All Users\Application Data

2006-11-08 23:37 <KAT> dr------- C:\Documents and Settings\All Users\Start-meny

2006-11-08 23:37 <KAT> dr------- C:\Documents and Settings\All Users\Dokument

2006-11-08 23:37 <KAT> d--h----- C:\Documents and Settings\All Users\Mallar

2006-11-08 23:37 <KAT> d---s---- C:\Documents and Settings\All Users\Application Data\Microsoft

2006-11-08 23:37 <KAT> d-------- C:\WINDOWS\system32\CatRoot2

2006-11-08 23:37 <KAT> d-------- C:\WINDOWS\system32\CatRoot

2006-11-08 23:37 <KAT> d-------- C:\Documents and Settings\All Users\Skrivbord

2006-11-08 23:37 <KAT> d-------- C:\Documents and Settings\All Users\Favoriter

2006-11-08 23:37 <KAT> d-------- C:\Documents and Settings\All Users\Application Data\..

2006-11-08 23:36 <KAT> d--hs---- C:\System Volume Information

2006-11-08 23:36 <KAT> d-------- C:\Documents and Settings\All Users\..

2006-11-08 23:36 <KAT> d-------- C:\Documents and Settings\All Users\.

2006-11-08 23:36 <KAT> d-------- C:\Documents and Settings

2006-11-08 23:30 <KAT> dr-hsc--- C:\WINDOWS\system32\dllcache

2006-11-08 23:30 <KAT> dr--s---- C:\WINDOWS\Fonts

2006-11-08 23:30 <KAT> dr------- C:\WINDOWS\Web

2006-11-08 23:30 <KAT> d--hs---- C:\WINDOWS\..

2006-11-08 23:30 <KAT> d--h----- C:\WINDOWS\inf

2006-11-08 23:30 <KAT> d-------- C:\WINDOWS\WinSxS

2006-11-08 23:30 <KAT> d-------- C:\WINDOWS\twain_32

2006-11-08 23:30 <KAT> d-------- C:\WINDOWS\Temp

2006-11-08 23:30 <KAT> d-------- C:\WINDOWS\system32\wins

2006-11-08 23:30 <KAT> d-------- C:\WINDOWS\system32\wbem

2006-11-08 23:30 <KAT> d-------- C:\WINDOWS\system32\usmt

2006-11-08 23:30 <KAT> d-------- C:\WINDOWS\system32\spool

2006-11-08 23:30 <KAT> d-------- C:\WINDOWS\system32\ShellExt

2006-11-08 23:30 <KAT> d-------- C:\WINDOWS\system32\Setup

2006-11-08 23:30 <KAT> d-------- C:\WINDOWS\system32\ras

2006-11-08 23:30 <KAT> d-------- C:\WINDOWS\system32\oobe

2006-11-08 23:30 <KAT> d-------- C:\WINDOWS\system32\npp

2006-11-08 23:30 <KAT> d-------- C:\WINDOWS\system32\mui

2006-11-08 23:30 <KAT> d-------- C:\WINDOWS\system32\inetsrv

2006-11-08 23:30 <KAT> d-------- C:\WINDOWS\system32\IME

2006-11-08 23:30 <KAT> d-------- C:\WINDOWS\system32\icsxml

2006-11-08 23:30 <KAT> d-------- C:\WINDOWS\system32\ias

2006-11-08 23:30 <KAT> d-------- C:\WINDOWS\system32\export

2006-11-08 23:30 <KAT> d-------- C:\WINDOWS\system32\drivers\etc

2006-11-08 23:30 <KAT> d-------- C:\WINDOWS\system32\drivers\disdn

2006-11-08 23:30 <KAT> d-------- C:\WINDOWS\system32\drivers\..

2006-11-08 23:30 <KAT> d-------- C:\WINDOWS\system32\drivers\.

2006-11-08 23:30 <KAT> d-------- C:\WINDOWS\system32\drivers

2006-11-08 23:30 <KAT> d-------- C:\WINDOWS\system32\dhcp

2006-11-08 23:30 <KAT> d-------- C:\WINDOWS\system32\config

2006-11-08 23:30 <KAT> d-------- C:\WINDOWS\system32\3com_dmi

2006-11-08 23:30 <KAT> d-------- C:\WINDOWS\system32\3076

2006-11-08 23:30 <KAT> d-------- C:\WINDOWS\system32\2052

2006-11-08 23:30 <KAT> d-------- C:\WINDOWS\system32\1054

2006-11-08 23:30 <KAT> d-------- C:\WINDOWS\system32\1053

2006-11-08 23:30 <KAT> d-------- C:\WINDOWS\system32\1042

2006-11-08 23:30 <KAT> d-------- C:\WINDOWS\system32\1041

2006-11-08 23:30 <KAT> d-------- C:\WINDOWS\system32\1037

2006-11-08 23:30 <KAT> d-------- C:\WINDOWS\system32\1033

2006-11-08 23:30 <KAT> d-------- C:\WINDOWS\system32\1031

2006-11-08 23:30 <KAT> d-------- C:\WINDOWS\system32\1028

2006-11-08 23:30 <KAT> d-------- C:\WINDOWS\system32\1025

2006-11-08 23:30 <KAT> d-------- C:\WINDOWS\system32\..

2006-11-08 23:30 <KAT> d-------- C:\WINDOWS\system32\.

2006-11-08 23:30 <KAT> d-------- C:\WINDOWS\system32

2006-11-08 23:30 <KAT> d-------- C:\WINDOWS\system\..

2006-11-08 23:30 <KAT> d-------- C:\WINDOWS\system\.

2006-11-08 23:30 <KAT> d-------- C:\WINDOWS\system

2006-11-08 23:30 <KAT> d-------- C:\WINDOWS\security

2006-11-08 23:30 <KAT> d-------- C:\WINDOWS\Resources

2006-11-08 23:30 <KAT> d-------- C:\WINDOWS\repair

2006-11-08 23:30 <KAT> d-------- C:\WINDOWS\Provisioning

2006-11-08 23:30 <KAT> d-------- C:\WINDOWS\PeerNet

2006-11-08 23:30 <KAT> d-------- C:\WINDOWS\pchealth

2006-11-08 23:30 <KAT> d-------- C:\WINDOWS\mui

2006-11-08 23:30 <KAT> d-------- C:\WINDOWS\msapps

2006-11-08 23:30 <KAT> d-------- C:\WINDOWS\msagent

2006-11-08 23:30 <KAT> d-------- C:\WINDOWS\Media

2006-11-08 23:30 <KAT> d-------- C:\WINDOWS\java

2006-11-08 23:30 <KAT> d-------- C:\WINDOWS\ime

2006-11-08 23:30 <KAT> d-------- C:\WINDOWS\Help

2006-11-08 23:30 <KAT> d-------- C:\WINDOWS\ehome

2006-11-08 23:30 <KAT> d-------- C:\WINDOWS\Driver Cache

2006-11-08 23:30 <KAT> d-------- C:\WINDOWS\Debug

2006-11-08 23:30 <KAT> d-------- C:\WINDOWS\Cursors

2006-11-08 23:30 <KAT> d-------- C:\WINDOWS\Connection Wizard

2006-11-08 23:30 <KAT> d-------- C:\WINDOWS\Config

2006-11-08 23:30 <KAT> d-------- C:\WINDOWS\AppPatch

2006-11-08 23:30 <KAT> d-------- C:\WINDOWS\addins

2006-11-08 23:30 <KAT> d-------- C:\WINDOWS\.

2006-11-08 23:30 <KAT> d-------- C:\WINDOWS

2006-11-08 23:10 <KAT> dr-h----- C:\Documents and Settings\Diego Nash\SendTo

2006-11-08 23:10 <KAT> dr-h----- C:\Documents and Settings\Diego Nash\Recent

2006-11-08 23:10 <KAT> dr-h----- C:\Documents and Settings\Diego Nash\Application Data\.

2006-11-08 23:10 <KAT> dr-h----- C:\Documents and Settings\Diego Nash\Application Data

2006-11-08 23:10 <KAT> dr------- C:\Documents and Settings\Diego Nash\Start-meny

2006-11-08 23:10 <KAT> dr------- C:\Documents and Settings\Diego Nash\Mina dokument

2006-11-08 23:10 <KAT> dr------- C:\Documents and Settings\Diego Nash\Favoriter

2006-11-08 23:10 <KAT> d--h----- C:\Program\Uninstall Information

2006-11-08 23:10 <KAT> d--h----- C:\Documents and Settings\Diego Nash\Skrivare

2006-11-08 23:10 <KAT> d--h----- C:\Documents and Settings\Diego Nash\N„tverket

2006-11-08 23:10 <KAT> d--h----- C:\Documents and Settings\Diego Nash\Mallar

2006-11-08 23:10 <KAT> d--h----- C:\Documents and Settings\Diego Nash\Lokala inst„llningar

2006-11-08 23:10 <KAT> d---s---- C:\Documents and Settings\Diego Nash\Cookies

2006-11-08 23:10 <KAT> d---s---- C:\Documents and Settings\Diego Nash\Application Data\Microsoft

2006-11-08 23:10 <KAT> d-------- C:\Documents and Settings\Diego Nash\Skrivbord

2006-11-08 23:10 <KAT> d-------- C:\Documents and Settings\Diego Nash\Application Data\Identities

2006-11-08 23:10 <KAT> d-------- C:\Documents and Settings\Diego Nash\Application Data\..

2006-11-08 23:10 <KAT> d-------- C:\Documents and Settings\Diego Nash\..

2006-11-08 23:10 <KAT> d-------- C:\Documents and Settings\Diego Nash\.

2006-11-08 23:08 <KAT> d---s---- C:\WINDOWS\system32\Microsoft

2006-11-08 23:08 <KAT> d-------- C:\WINDOWS\SoftwareDistribution

2006-11-08 23:08 <KAT> d-------- C:\WINDOWS\Prefetch

2006-11-08 23:02 <KAT> d-------- C:\WINDOWS\system32\xircom

2006-11-08 23:02 <KAT> d-------- C:\Program\xerox

2006-11-08 23:02 <KAT> d-------- C:\Program\microsoft frontpage

2006-11-08 23:01 0 -rahs---- C:\MSDOS.SYS

2006-11-08 23:01 0 -rahs---- C:\IO.SYS

2006-11-08 23:01 0 --a------ C:\CONFIG.SYS

2006-11-08 23:01 0 --a------ C:\AUTOEXEC.BAT

2006-11-08 23:00 112,128 --a------ C:\WINDOWS\system32\mapi32.dll

2006-11-08 22:59 <KAT> d--hs---- C:\Documents and Settings\All Users\DRM

2006-11-08 22:58 <KAT> dr------- C:\WINDOWS\Offline Web Pages

2006-11-08 22:58 <KAT> d--h----- C:\Program\WindowsUpdate

2006-11-08 22:58 <KAT> d---s---- C:\WINDOWS\Downloaded Program Files

2006-11-08 22:58 <KAT> d-------- C:\Program\Onlinetj„nster

2006-11-08 22:57 64,512 --a------ C:\WINDOWS\system32\acctres.dll

2006-11-08 22:57 12,288 --a------ C:\WINDOWS\system32\nmevtmsg.dll

2006-11-08 22:57 11,264 --a------ C:\WINDOWS\system32\atrace.dll

2006-11-08 22:57 <KAT> d-------- C:\WINDOWS\system32\DirectX

2006-11-08 22:57 <KAT> d-------- C:\Program\Delade filer\Services

2006-11-08 22:56 81,920 --a------ C:\WINDOWS\system32\isign32.dll

2006-11-08 22:56 81,920 --a------ C:\WINDOWS\system32\ils.dll

2006-11-08 22:56 8,192 --a------ C:\WINDOWS\system32\bitsprx2.dll

2006-11-08 22:56 73,728 --a------ C:\WINDOWS\system32\icwdial.dll

2006-11-08 22:56 73,344 --a------ C:\WINDOWS\system32\drivers\sr.sys

2006-11-08 22:56 7,168 --a------ C:\WINDOWS\system32\bitsprx3.dll

2006-11-08 22:56 69,632 --a------ C:\WINDOWS\system32\msconf.dll

2006-11-08 22:56 679,424 --a------ C:\WINDOWS\system32\inetcomm.dll

2006-11-08 22:56 67,584 --a------ C:\WINDOWS\system32\srclient.dll

2006-11-08 22:56 65,536 --a------ C:\WINDOWS\system32\icwphbk.dll

2006-11-08 22:56 6,656 --a------ C:\WINDOWS\system32\wuauserv.dll

2006-11-08 22:56 48,640 --a------ C:\WINDOWS\system32\inetres.dll

2006-11-08 22:56 465,176 --a------ C:\WINDOWS\system32\wuapi.dll

2006-11-08 22:56 45,568 --a------ C:\WINDOWS\system32\safrslv.dll

2006-11-08 22:56 43,520 --a------ C:\WINDOWS\system32\safrcdlg.dll

2006-11-08 22:56 43,520 --a------ C:\WINDOWS\system32\racpldlg.dll

2006-11-08 22:56 41,240 --a------ C:\WINDOWS\system32\wups.dll

2006-11-08 22:56 382,464 --a------ C:\WINDOWS\system32\qmgr.dll

2006-11-08 22:56 34,560 --a------ C:\WINDOWS\system32\mnmdd.dll

2006-11-08 22:56 32,768 --a------ C:\WINDOWS\system32\mnmsrvc.exe

2006-11-08 22:56 32,768 --a------ C:\WINDOWS\system32\isrdbg32.dll

2006-11-08 22:56 29,696 --a------ C:\WINDOWS\system32\safrdm.dll

2006-11-08 22:56 28,672 --a------ C:\WINDOWS\system32\nmmkcert.dll

2006-11-08 22:56 277,504 --a------ C:\WINDOWS\system32\mstask.dll

2006-11-08 22:56 274,432 --a------ C:\WINDOWS\system32\inetcfg.dll

2006-11-08 22:56 252,928 --a------ C:\WINDOWS\system32\msoeacct.dll

2006-11-08 22:56 240,640 --a------ C:\WINDOWS\system32\srrstr.dll

2006-11-08 22:56 23,040 --a------ C:\WINDOWS\system32\fltmc.exe

2006-11-08 22:56 194,328 --a------ C:\WINDOWS\system32\wuaueng1.dll

2006-11-08 22:56 191,488 --a------ C:\WINDOWS\system32\schedsvc.dll

2006-11-08 22:56 18,944 --a------ C:\WINDOWS\system32\qmgrprxy.dll

2006-11-08 22:56 173,536 --a------ C:\WINDOWS\system32\wuweb.dll

2006-11-08 22:56 173,336 --a------ C:\WINDOWS\system32\wuauclt1.exe

2006-11-08 22:56 170,496 --a------ C:\WINDOWS\system32\srsvc.dll

2006-11-08 22:56 16,896 --a------ C:\WINDOWS\system32\fltlib.dll

2006-11-08 22:56 16,384 --a------ C:\WINDOWS\system32\icfgnt5.dll

2006-11-08 22:56 128,896 --a------ C:\WINDOWS\system32\drivers\fltmgr.sys

2006-11-08 22:56 127,768 --a------ C:\WINDOWS\system32\wucltui.dll

2006-11-08 22:56 124,184 --a------ C:\WINDOWS\system32\wuauclt.exe

2006-11-08 22:56 12,288 --a------ C:\WINDOWS\system32\mstinit.exe

2006-11-08 22:56 105,984 --a------ C:\WINDOWS\system32\msoert2.dll

2006-11-08 22:56 1,343,768 --a------ C:\WINDOWS\system32\wuaueng.dll

2006-11-08 22:56 <KAT> d---s---- C:\WINDOWS\Tasks

2006-11-08 22:56 <KAT> d-------- C:\WINDOWS\system32\Restore

2006-11-08 22:56 <KAT> d-------- C:\WINDOWS\system32\Macromed

2006-11-08 22:56 <KAT> d-------- C:\WINDOWS\srchasst

2006-11-08 22:56 <KAT> d-------- C:\Program\Outlook Express

2006-11-08 22:56 <KAT> d-------- C:\Program\NetMeeting

2006-11-08 22:56 <KAT> d-------- C:\Program\Movie Maker

2006-11-08 22:56 <KAT> d-------- C:\Program\Internet Explorer

2006-11-08 22:56 <KAT> d-------- C:\Program\Delade filer\System

2006-11-08 22:56 <KAT> d-------- C:\Program\Delade filer\MSSoap

2006-11-08 22:54 5,632 --a------ C:\WINDOWS\system32\write.exe

2006-11-08 22:54 <KAT> d-------- C:\WINDOWS\Registration

2006-11-08 22:54 <KAT> d-------- C:\Program\Windows Media Player

2006-11-08 22:54 <KAT> d-------- C:\Program\MSN Gaming Zone

2006-11-08 22:54 <KAT> d-------- C:\Program\Messenger

2006-11-08 22:54 <KAT> d-------- C:\Program\ComPlus Applications

2006-11-08 22:53 97,792 --a------ C:\WINDOWS\system32\comrepl.dll

2006-11-08 22:53 956,416 --a------ C:\WINDOWS\system32\msdtctm.dll

2006-11-08 22:53 94,208 --a------ C:\WINDOWS\system32\tscfgwmi.dll

2006-11-08 22:53 91,136 --a------ C:\WINDOWS\system32\mtxoci.dll

2006-11-08 22:53 9,728 --a------ C:\WINDOWS\system32\reset.exe

2006-11-08 22:53 87,176 --a------ C:\WINDOWS\system32\rdpwsx.dll

2006-11-08 22:53 85,504 --a------ C:\WINDOWS\system32\catsrvps.dll

2006-11-08 22:53 80,896 --a------ C:\WINDOWS\system32\charmap.exe

2006-11-08 22:53 73,216 --a------ C:\WINDOWS\system32\avwav.dll

2006-11-08 22:53 67,072 --a------ C:\WINDOWS\system32\rdshost.exe

2006-11-08 22:53 655,360 --a------ C:\WINDOWS\system32\mstscax.dll

2006-11-08 22:53 625,152 --a------ C:\WINDOWS\system32\catsrvut.dll

2006-11-08 22:53 62,464 --a------ C:\WINDOWS\system32\rdpclip.exe

2006-11-08 22:53 605,696 --a------ C:\WINDOWS\system32\getuname.dll

2006-11-08 22:53 60,928 --a------ C:\WINDOWS\system32\remotepg.dll

2006-11-08 22:53 60,416 --a------ C:\WINDOWS\system32\colbact.dll

2006-11-08 22:53 6,144 --a------ C:\WINDOWS\system32\msdtc.exe

2006-11-08 22:53 58,880 --a------ C:\WINDOWS\system32\msdtclog.dll

2006-11-08 22:53 58,880 --a------ C:\WINDOWS\system32\licwmi.dll

2006-11-08 22:53 56,832 --a------ C:\WINDOWS\system32\sol.exe

2006-11-08 22:53 56,320 --a------ C:\WINDOWS\system32\servdeps.dll

2006-11-08 22:53 55,296 --a------ C:\WINDOWS\system32\freecell.exe

2006-11-08 22:53 540,160 --a------ C:\WINDOWS\system32\comuid.dll

2006-11-08 22:53 54,272 --a------ C:\WINDOWS\system32\stclient.dll

2006-11-08 22:53 538,624 --a------ C:\WINDOWS\system32\spider.exe

2006-11-08 22:53 5,120 --a------ C:\WINDOWS\system32\dcomcnfg.exe

2006-11-08 22:53 498,688 --a------ C:\WINDOWS\system32\clbcatq.dll

2006-11-08 22:53 44,544 --a------ C:\WINDOWS\system32\tscupgrd.exe

2006-11-08 22:53 44,544 --a------ C:\WINDOWS\system32\hticons.dll

2006-11-08 22:53 426,496 --a------ C:\WINDOWS\system32\msdtcprx.dll

2006-11-08 22:53 406,528 --a------ C:\WINDOWS\system32\mstsc.exe

2006-11-08 22:53 40,840 --a------ C:\WINDOWS\system32\drivers\termdd.sys

2006-11-08 22:53 4,096 --a------ C:\WINDOWS\system32\rdpcfgex.dll

2006-11-08 22:53 4,096 --a------ C:\WINDOWS\system32\mtxex.dll

2006-11-08 22:53 38,912 --a------ C:\WINDOWS\system32\cfgbkend.dll

2006-11-08 22:53 35,328 --a------ C:\WINDOWS\system32\winchat.exe

2006-11-08 22:53 349,696 --a------ C:\WINDOWS\system32\hypertrm.dll

2006-11-08 22:53 343,552 --a------ C:\WINDOWS\system32\mspaint.exe

2006-11-08 22:53 33,792 --a------ C:\WINDOWS\system32\regini.exe

2006-11-08 22:53 295,424 --a------ C:\WINDOWS\system32\termsrv.dll

2006-11-08 22:53 25,600 --a------ C:\WINDOWS\system32\comaddin.dll

2006-11-08 22:53 25,088 --a------ C:\WINDOWS\system32\mtxlegih.dll

2006-11-08 22:53 228,352 --a------ C:\WINDOWS\system32\avtapi.dll

2006-11-08 22:53 225,792 --a------ C:\WINDOWS\system32\catsrv.dll

2006-11-08 22:53 22,528 --a------ C:\WINDOWS\system32\qwinsta.exe

2006-11-08 22:53 22,016 --a------ C:\WINDOWS\system32\msg.exe

2006-11-08 22:53 21,896 --a------ C:\WINDOWS\system32\drivers\tdtcp.sys

2006-11-08 22:53 20,480 --a------ C:\WINDOWS\system32\qprocess.exe

2006-11-08 22:53 20,480 --a------ C:\WINDOWS\system32\mtxdm.dll

2006-11-08 22:53 196,864 --a------ C:\WINDOWS\system32\drivers\rdpdr.sys

2006-11-08 22:53 19,968 --a------ C:\WINDOWS\system32\rdpsnd.dll

2006-11-08 22:53 185,856 --a------ C:\WINDOWS\system32\cmprops.dll

2006-11-08 22:53 184,320 --a------ C:\WINDOWS\system32\accwiz.exe

2006-11-08 22:53 17,408 --a------ C:\WINDOWS\system32\tsshutdn.exe

2006-11-08 22:53 17,408 --a------ C:\WINDOWS\system32\mmfutil.dll

2006-11-08 22:53 161,280 --a------ C:\WINDOWS\system32\msdtcuiu.dll

2006-11-08 22:53 16,896 --a------ C:\WINDOWS\system32\qappsrv.exe

2006-11-08 22:53 16,384 --a------ C:\WINDOWS\system32\tskill.exe

2006-11-08 22:53 16,384 --a------ C:\WINDOWS\system32\rwinsta.exe

2006-11-08 22:53 16,384 --a------ C:\WINDOWS\system32\avmeter.dll

2006-11-08 22:53 15,872 --a------ C:\WINDOWS\system32\cdmodem.dll

2006-11-08 22:53 15,360 --a------ C:\WINDOWS\system32\tscon.exe

2006-11-08 22:53 15,360 --a------ C:\WINDOWS\system32\logoff.exe

2006-11-08 22:53 147,968 --a------ C:\WINDOWS\system32\rdchost.dll

2006-11-08 22:53 147,456 --a------ C:\WINDOWS\system32\comsnap.dll

2006-11-08 22:53 140,800 --a------ C:\WINDOWS\system32\sessmgr.exe

2006-11-08 22:53 14,848 --a------ C:\WINDOWS\system32\tsdiscon.exe

2006-11-08 22:53 14,848 --a------ C:\WINDOWS\system32\shadow.exe

2006-11-08 22:53 139,528 --a------ C:\WINDOWS\system32\drivers\rdpwd.sys

2006-11-08 22:53 139,264 --a------ C:\WINDOWS\system32\sndvol32.exe

2006-11-08 22:53 131,584 --a------ C:\WINDOWS\system32\sndrec32.exe

2006-11-08 22:53 13,824 --a------ C:\WINDOWS\system32\rdsaddin.exe

2006-11-08 22:53 127,488 --a------ C:\WINDOWS\system32\mshearts.exe

2006-11-08 22:53 123,904 --a------ C:\WINDOWS\system32\mplay32.exe

2006-11-08 22:53 12,040 --a------ C:\WINDOWS\system32\drivers\tdpipe.sys

2006-11-08 22:53 119,808 --a------ C:\WINDOWS\system32\winmine.exe

2006-11-08 22:53 114,688 --a------ C:\WINDOWS\system32\calc.exe

2006-11-08 22:53 110,080 --a------ C:\WINDOWS\system32\clbcatex.dll

2006-11-08 22:53 11,776 --a------ C:\WINDOWS\system32\xolehlp.dll

2006-11-08 22:53 11,264 --a------ C:\WINDOWS\system32\icaapi.dll

2006-11-08 22:53 102,912 --a------ C:\WINDOWS\system32\clipbrd.exe

2006-11-08 22:53 1,267,200 --a------ C:\WINDOWS\system32\comsvcs.dll

2006-11-08 22:53 1,161 --a------ C:\WINDOWS\system32\usrlogon.cmd

2006-11-08 22:53 <KAT> d-------- C:\WINDOWS\system32\MsDtc

2006-11-08 22:53 <KAT> d-------- C:\WINDOWS\system32\Com

2006-11-08 22:53 <KAT> d-------- C:\Program\Windows NT

 

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

 

 

 

(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

 

*Note* empty entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]

"CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe"

"MSMSGS"="\"C:\\Program\\Messenger\\msmsgs.exe\" /background"

"MySpaceIM"="C:\\Program\\MySpace\\IM\\MySpaceIM.exe"

"LNM Client"="\"C:\\Program\\LNM Client\\Client.exe\""

"swg"="C:\\Program\\Google\\GoogleToolbarNotifier\\1.2.908.5008\\GoogleToolbarNotifier.exe"

"MsnMsgr"="\"C:\\Program\\MSN Messenger\\MsnMsgr.Exe\" /background"

"SUPERAntiSpyware"="C:\\Program\\SUPERAntiSpyware\\SUPERAntiSpyware.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]

"TrackPointSrv"="tp4mon.exe"

"AVG7_CC"="C:\\Program\\Grisoft\\AVGFRE~1\\avgcc.exe /STARTUP"

"NI.ERS_9999_N91S2007"="\"C:\\Documents and Settings\\Diego Nash\\Lokala inställningar\\Temporary Internet Files\\Content.IE5\\6ZQB2LUN\\ErrorSafeSpecialOfferInstall[1].exe\" -nag "

"SunJavaUpdateSched"="\"C:\\Program\\Java\\jre1.5.0_09\\bin\\jusched.exe\""

"!AVG Anti-Spyware"="\"C:\\Program\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]

"DeskHtmlVersion"=dword:00000110

"DeskHtmlMinorVersion"=dword:00000005

"Settings"=dword:00000001

"GeneralFlags"=dword:00000001

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]

"Source"="About:Home"

"SubscribedURL"="About:Home"

"FriendlyName"="Min aktuella startsida"

"Flags"=dword:00000002

"Position"=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,e2,02,00,00,00, 00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00

"CurrentState"=hex:04,00,00,40

"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff, ff,ff,04,00,00,00

"RestoredStateInfo"=hex:18,00,00,00,f2,01,00,00,b9,00,00,00,7c,00,00,00,72,00, 00,00,01,00,00,00

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]

"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"

"AVG7_Run"="C:\\Program\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]

"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"

"AVG7_Run"="C:\\Program\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]

"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"

"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]

"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""

"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=""

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"NoDriveTypeAutoRun"=dword:00000091

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"dontdisplaylastusername"=dword:00000000

"legalnoticecaption"=""

"legalnoticetext"=""

"shutdownwithoutlogon"=dword:00000001

"undockwithoutlogon"=dword:00000001

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]

"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]

"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]

"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"

"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"

"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"

"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]

"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

 

Contents of the 'Scheduled Tasks' folder

C:\WINDOWS\tasks\Check Updates for Windows Live Toolbar.job

Completion time: 06-11-29 21:18:00.52

C:\ComboFix.txt ... 06-11-29 21:18

[/log]

 

 

[log]Logfile of HijackThis v1.99.1

Scan saved at 21:21:34, on 2006-11-29

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\ibmpmsvc.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\Program\Grisoft\AVGFRE~1\avgamsvr.exe

C:\Program\Grisoft\AVGFRE~1\avgupsvc.exe

C:\Program\Grisoft\AVGFRE~1\avgemc.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\tp4mon.exe

C:\Program\Grisoft\AVGFRE~1\avgcc.exe

C:\Program\Java\jre1.5.0_09\bin\jusched.exe

C:\Program\Grisoft\AVG Anti-Spyware 7.5\avgas.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program\Messenger\msmsgs.exe

C:\Program\MySpace\IM\MySpaceIM.exe

C:\Program\LNM Client\Client.exe

C:\Program\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe

C:\Program\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\Program\Internet Explorer\iexplore.exe

C:\Program\Internet Explorer\iexplore.exe

C:\Program\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre1.5.0_09\bin\ssv.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program\google\googletoolbar2.dll

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program\Windows Live Toolbar\msntb.dll

O2 - BHO: System - {D1C8F9CE-563E-11D8-813C-005022E14DE3} - C:\Program\LNM Client\AddAPI.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program\google\googletoolbar2.dll

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program\Windows Live Toolbar\msntb.dll

O4 - HKLM\..\Run: [TrackPointSrv] tp4mon.exe

O4 - HKLM\..\Run: [AVG7_CC] C:\Program\Grisoft\AVGFRE~1\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [NI.ERS_9999_N91S2007] "C:\Documents and Settings\Diego Nash\Lokala inställningar\Temporary Internet Files\Content.IE5\6ZQB2LUN\ErrorSafeSpecialOfferInstall[1].exe" -nag

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program\Java\jre1.5.0_09\bin\jusched.exe"

O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [MySpaceIM] C:\Program\MySpace\IM\MySpaceIM.exe

O4 - HKCU\..\Run: [LNM Client] "C:\Program\LNM Client\Client.exe"

O4 - HKCU\..\Run: [swg] C:\Program\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program\SUPERAntiSpyware\SUPERAntiSpyware.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O8 - Extra context menu item: &Windows Live Search - res://C:\Program\Windows Live Toolbar\msntb.dll/search.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_09\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_09\bin\ssv.dll

O9 - Extra button: LNM Client - {5D602A21-B929-11d7-A5D3-005022E14DE3} - http://www.lnm.eu/ (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab

O16 - DPF: {E055C02E-6258-40FF-80A7-3BDA52FACAD7} - http://activex.matcash.com/speedtest2.dll

O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab

O20 - Winlogon Notify: !SASWinLogon - C:\Program\SUPERAntiSpyware\SASWINLO.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\Program\Grisoft\AVGFRE~1\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\Program\Grisoft\AVGFRE~1\avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\Program\Grisoft\AVGFRE~1\avgemc.exe

O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\system32\ibmpmsvc.exe

[/log]

 

/Pär

 

[Cecilia]

Kontrollpanelen - Lägg till eller ta bort program

Ta bort följande om de finns där:

LNM Client

LooknMeet

 

Skanna med HijackThis och bocka för:

 

O2 - BHO: System - {D1C8F9CE-563E-11D8-813C-005022E14DE3} - C:\Program\LNM Client\AddAPI.dll

O4 - HKLM\..\Run: [NI.ERS_9999_N91S2007] "C:\Documents and Settings\Diego Nash\Lokala inställningar\Temporary Internet Files\Content.IE5\6ZQB2LUN\ErrorSafeSpecialOfferInstall[1].e

xe" -nag

O4 - HKCU\..\Run: [LNM Client] "C:\Program\LNM Client\Client.exe"

O9 - Extra button: LNM Client - {5D602A21-B929-11d7-A5D3-005022E14DE3} - http://www.lnm.eu/ (file missing)

O16 - DPF: {E055C02E-6258-40FF-80A7-3BDA52FACAD7} - http://activex.matcash.com/speedtest2.dll

 

Avsluta alla andra program.

Tryck Fix checked.

 

Starta om datorn i felsäkert läge (tryck F8 upprepade gånger under uppstarten och välj felsäkert läge i menyn).

 

Ställ in Utforskaren så att du kan se alla filer:

Verktyg - (Mapp)alternativ eller liknande - Visning

Välj Visa dolda filer och mappar

Avbocka Dölj filnamnstillägg för kända filtyper

Avbocka Dölj skyddade operativsystemfiler

 

Ta bort mapparna (om de finns kvar):

C:\Documents and Settings\Diego Nash\Application Data\ZangoToolbar

C:\Program\LNM Client

 

Ta bort tillfälliga internet-filer:

Kontrollpanelen - Internet-alternativ - Ta bort filer - Kryssa i rutan - OK - OK

 

Starta om i normalt läge och så en ny HijackThis-logg.

 

[PärH]

Fantastiskt att få sådan hjälp, du är guld värd Cecilia!

 

Har gått igenom stegen du gav, dock fick vi ej bort:

 

O4 - HKLM\..\Run: [NI.ERS_9999_N91S2007] "C:\Documents and Settings\Diego Nash\Lokala inställningar\Temporary Internet Files\Content.IE5\6ZQB2LUN\ErrorSafeSpecialOfferInstall[1].exe" -nag

 

Körde även HJT i felsäkert läge för att testa, men den är kvar.

Detta är väl en registernyckel, så man kan ta bort den i regedit??

(Vet dock inte om jag vågar guida en novis på datorer genom registret över telefon)

Eller är det något annat skräp kvar som låser?

 

Här är den nya loggen:

 

[log]Logfile of HijackThis v1.99.1

Scan saved at 19:37:17, on 2006-11-30

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\ibmpmsvc.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\tp4mon.exe

C:\Program\Grisoft\AVGFRE~1\avgcc.exe

C:\Program\Java\jre1.5.0_09\bin\jusched.exe

C:\Program\Grisoft\AVG Anti-Spyware 7.5\avgas.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program\Messenger\msmsgs.exe

C:\Program\MySpace\IM\MySpaceIM.exe

C:\Program\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe

C:\Program\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\Program\Adobe\Acrobat 7.0\Reader\reader_sl.exe

C:\Program\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\Program\Grisoft\AVGFRE~1\avgamsvr.exe

C:\Program\Grisoft\AVGFRE~1\avgupsvc.exe

C:\Program\Grisoft\AVGFRE~1\avgemc.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre1.5.0_09\bin\ssv.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program\google\googletoolbar2.dll

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program\Windows Live Toolbar\msntb.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program\google\googletoolbar2.dll

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program\Windows Live Toolbar\msntb.dll

O4 - HKLM\..\Run: [TrackPointSrv] tp4mon.exe

O4 - HKLM\..\Run: [AVG7_CC] C:\Program\Grisoft\AVGFRE~1\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [NI.ERS_9999_N91S2007] "C:\Documents and Settings\Diego Nash\Lokala inställningar\Temporary Internet Files\Content.IE5\6ZQB2LUN\ErrorSafeSpecialOfferInstall[1].exe" -nag

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program\Java\jre1.5.0_09\bin\jusched.exe"

O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [MySpaceIM] C:\Program\MySpace\IM\MySpaceIM.exe

O4 - HKCU\..\Run: [swg] C:\Program\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program\SUPERAntiSpyware\SUPERAntiSpyware.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O8 - Extra context menu item: &Windows Live Search - res://C:\Program\Windows Live Toolbar\msntb.dll/search.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_09\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_09\bin\ssv.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab

O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab

O20 - Winlogon Notify: !SASWinLogon - C:\Program\SUPERAntiSpyware\SASWINLO.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\Program\Grisoft\AVGFRE~1\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\Program\Grisoft\AVGFRE~1\avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\Program\Grisoft\AVGFRE~1\avgemc.exe

O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\system32\ibmpmsvc.exe

[/log]

 

[Cecilia]

Om inte HijackThis kan få bort raden ur registret så tror jag inte att din bekant kan det heller. Utan det är nog något annat som förhindrar det. Filen är nog också kvar fast alla tillfälliga internet-filer skulle bort (dvs mappen tömmas).

 

Någon på internet fick bort den filen med AVG Anti-Spyware och det programmet finns ju på datorn, så uppdatera programmet. Starta sedan i felsäkert läge och skanna igenom datorn. Det finns anvisningar här:

http://rstones12.geekstogo.com/ewidosetup.htm

för hur man lämpligen sätter upp programmet och hur man trycker för att skanna. Klistra gärna in loggen därifrån om du vill.

 

Om det inte heller hjälper för att få bort filen så får vi väl ta reda på lite mer.

Gå till http://www.virustotal.com/ klistra in ett av följande filnamn i rutan, tryck på Send och vänta tills resultatet är klart (Status blir Finished). Klistra in resultatet (inkl. filstorlek) här.

C:\WINDOWS\system32\mfc71.dll

C:\Documents and Settings\Diego Nash\Lokala inställningar\Temporary Internet Files\Content.IE5\6ZQB2LUN\ErrorSafeSpecialOfferInstall[1].exe