Loading dump 1. Parsing dump 1. Loading dump 2. Parsing dump 2. Comparing the two dumps. Comparsion result: CRE HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\International\CpMRU CRE HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\International\CpMRU\Cache CRE HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\International\CpMRU\Enable CRE HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\International\CpMRU\Factor CRE HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits CRE HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\International\CpMRU\Size CRE HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\LastVisitedMRU\b CRE HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\log CRE HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\log\MRUList CRE HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\log\a CRE HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.log\OpenWithList\b CRE HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.log CRE HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.log\0 CRE HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.log\MRUListEx CRE HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\11 CRE HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU:P:\Cebtenz\Rgurerny\havafgnyy.rkr CRE HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU:P:\Cebtenz\flfgrzfureybpx\qhzc_pbzcner_pbcl.ong CRE HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACVQY:%pfvqy2%\Rgurerny\Havafgnyy Rgurerny.yax CRE HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012005061320050620 CRE HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012005061320050620\CacheLimit CRE HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012005061320050620\CacheOptions CRE HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012005061320050620\CachePath CRE HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012005061320050620\CachePrefix CRE HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012005061320050620\CacheRepair CRE HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012005062220050623 CRE HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012005062220050623\CacheLimit CRE HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012005062220050623\CacheOptions CRE HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012005062220050623\CachePath CRE HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012005062220050623\CachePrefix CRE HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012005062220050623\CacheRepair CRE HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\BagMRU\3 CRE HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\BagMRU\3\MRUListEx CRE HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\BagMRU\3\NodeSlot CRE HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\Bags\16 CRE HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\Bags\16\Shell CRE HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\Bags\16\Shell\FolderType CRE HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache\@%SystemRoot%\inf\unregmp2.exe,-155 CRE HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache\@%SystemRoot%\system32\tourstart.exe,-2 CRE HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache\@%SystemRoot%\system32\xpsp1res.dll,-10078 CRE HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache\@C:\WINDOWS\system32\SHELL32.dll,-22915 CRE HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache\@C:\WINDOWS\system32\netshell.dll,-1200 CRE HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache\@explorer.exe,-7004 CRE HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache\@explorer.exe,-7005 CRE HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache\@shell32.dll,-12691 CRE HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache\C:\DOCUME~1\Roger\LOKALA~1\Temp\A~NSISu_.exe CRE HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache\C:\Program\hjt\HijackThis.exe CRE HKEY_CURRENT_USER\Software\WinRAR SFX CRE HKEY_CURRENT_USER\Software\WinRAR SFX\c%%Program Files%Internet Explorer% CRE HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Direct3D\Name1 CRE HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Direct3D\Name2 CRE HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Direct3D\Name3 CRE HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Direct3D\Version CRE HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DownloadManager CRE HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\d2 CRE HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\d3 CRE HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\gkij CRE HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\svchost CRE HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\HijackThis CRE HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\HijackThis\DisplayIcon CRE HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\HijackThis\DisplayName CRE HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\HijackThis\DisplayVersion CRE HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\HijackThis\Publisher CRE HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\HijackThis\URLInfoAbout CRE HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\HijackThis\UninstallString CRE HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Session Manager\PendingFileRenameOperations CRE HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\PendingFileRenameOperations CRE HKEY_USERS\S-1-5-21-1229272821-413027322-839522115-1003\Software\Microsoft\Internet Explorer\International\CpMRU CRE HKEY_USERS\S-1-5-21-1229272821-413027322-839522115-1003\Software\Microsoft\Internet Explorer\International\CpMRU\Cache CRE HKEY_USERS\S-1-5-21-1229272821-413027322-839522115-1003\Software\Microsoft\Internet Explorer\International\CpMRU\Enable CRE HKEY_USERS\S-1-5-21-1229272821-413027322-839522115-1003\Software\Microsoft\Internet Explorer\International\CpMRU\Factor CRE HKEY_USERS\S-1-5-21-1229272821-413027322-839522115-1003\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits CRE HKEY_USERS\S-1-5-21-1229272821-413027322-839522115-1003\Software\Microsoft\Internet Explorer\International\CpMRU\Size CRE HKEY_USERS\S-1-5-21-1229272821-413027322-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\LastVisitedMRU\b CRE HKEY_USERS\S-1-5-21-1229272821-413027322-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\log CRE HKEY_USERS\S-1-5-21-1229272821-413027322-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\log\MRUList CRE HKEY_USERS\S-1-5-21-1229272821-413027322-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\log\a CRE HKEY_USERS\S-1-5-21-1229272821-413027322-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.log\OpenWithList\b CRE HKEY_USERS\S-1-5-21-1229272821-413027322-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.log CRE HKEY_USERS\S-1-5-21-1229272821-413027322-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.log\0 CRE HKEY_USERS\S-1-5-21-1229272821-413027322-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.log\MRUListEx CRE HKEY_USERS\S-1-5-21-1229272821-413027322-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\11 CRE HKEY_USERS\S-1-5-21-1229272821-413027322-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU:P:\Cebtenz\Rgurerny\havafgnyy.rkr CRE HKEY_USERS\S-1-5-21-1229272821-413027322-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU:P:\Cebtenz\flfgrzfureybpx\qhzc_pbzcner_pbcl.ong CRE HKEY_USERS\S-1-5-21-1229272821-413027322-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACVQY:%pfvqy2%\Rgurerny\Havafgnyy Rgurerny.yax CRE HKEY_USERS\S-1-5-21-1229272821-413027322-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012005061320050620 CRE HKEY_USERS\S-1-5-21-1229272821-413027322-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012005061320050620\CacheLimit CRE HKEY_USERS\S-1-5-21-1229272821-413027322-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012005061320050620\CacheOptions CRE HKEY_USERS\S-1-5-21-1229272821-413027322-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012005061320050620\CachePath CRE HKEY_USERS\S-1-5-21-1229272821-413027322-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012005061320050620\CachePrefix CRE HKEY_USERS\S-1-5-21-1229272821-413027322-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012005061320050620\CacheRepair CRE HKEY_USERS\S-1-5-21-1229272821-413027322-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012005062220050623 CRE HKEY_USERS\S-1-5-21-1229272821-413027322-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012005062220050623\CacheLimit CRE HKEY_USERS\S-1-5-21-1229272821-413027322-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012005062220050623\CacheOptions CRE HKEY_USERS\S-1-5-21-1229272821-413027322-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012005062220050623\CachePath CRE HKEY_USERS\S-1-5-21-1229272821-413027322-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012005062220050623\CachePrefix CRE HKEY_USERS\S-1-5-21-1229272821-413027322-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012005062220050623\CacheRepair CRE HKEY_USERS\S-1-5-21-1229272821-413027322-839522115-1003\Software\Microsoft\Windows\ShellNoRoam\BagMRU\3 CRE HKEY_USERS\S-1-5-21-1229272821-413027322-839522115-1003\Software\Microsoft\Windows\ShellNoRoam\BagMRU\3\MRUListEx CRE HKEY_USERS\S-1-5-21-1229272821-413027322-839522115-1003\Software\Microsoft\Windows\ShellNoRoam\BagMRU\3\NodeSlot CRE HKEY_USERS\S-1-5-21-1229272821-413027322-839522115-1003\Software\Microsoft\Windows\ShellNoRoam\Bags\16 CRE HKEY_USERS\S-1-5-21-1229272821-413027322-839522115-1003\Software\Microsoft\Windows\ShellNoRoam\Bags\16\Shell CRE HKEY_USERS\S-1-5-21-1229272821-413027322-839522115-1003\Software\Microsoft\Windows\ShellNoRoam\Bags\16\Shell\FolderType CRE HKEY_USERS\S-1-5-21-1229272821-413027322-839522115-1003\Software\Microsoft\Windows\ShellNoRoam\MUICache\@%SystemRoot%\inf\unregmp2.exe,-155 CRE HKEY_USERS\S-1-5-21-1229272821-413027322-839522115-1003\Software\Microsoft\Windows\ShellNoRoam\MUICache\@%SystemRoot%\system32\tourstart.exe,-2 CRE HKEY_USERS\S-1-5-21-1229272821-413027322-839522115-1003\Software\Microsoft\Windows\ShellNoRoam\MUICache\@%SystemRoot%\system32\xpsp1res.dll,-10078 CRE HKEY_USERS\S-1-5-21-1229272821-413027322-839522115-1003\Software\Microsoft\Windows\ShellNoRoam\MUICache\@C:\WINDOWS\system32\SHELL32.dll,-22915 CRE HKEY_USERS\S-1-5-21-1229272821-413027322-839522115-1003\Software\Microsoft\Windows\ShellNoRoam\MUICache\@C:\WINDOWS\system32\netshell.dll,-1200 CRE HKEY_USERS\S-1-5-21-1229272821-413027322-839522115-1003\Software\Microsoft\Windows\ShellNoRoam\MUICache\@explorer.exe,-7004 CRE HKEY_USERS\S-1-5-21-1229272821-413027322-839522115-1003\Software\Microsoft\Windows\ShellNoRoam\MUICache\@explorer.exe,-7005 CRE HKEY_USERS\S-1-5-21-1229272821-413027322-839522115-1003\Software\Microsoft\Windows\ShellNoRoam\MUICache\@shell32.dll,-12691 CRE HKEY_USERS\S-1-5-21-1229272821-413027322-839522115-1003\Software\Microsoft\Windows\ShellNoRoam\MUICache\C:\DOCUME~1\Roger\LOKALA~1\Temp\A~NSISu_.exe CRE HKEY_USERS\S-1-5-21-1229272821-413027322-839522115-1003\Software\Microsoft\Windows\ShellNoRoam\MUICache\C:\Program\hjt\HijackThis.exe CRE HKEY_USERS\S-1-5-21-1229272821-413027322-839522115-1003\Software\WinRAR SFX CRE HKEY_USERS\S-1-5-21-1229272821-413027322-839522115-1003\Software\WinRAR SFX\c%%Program Files%Internet Explorer% CRE c:\$$$_.log CRE c:\Documents and Settings\Roger\Cookies\roger@topantivirus[1].txt CRE c:\Documents and Settings\Roger\Lokala inställningar\Temp\40454003C07C.tmp CRE c:\Documents and Settings\Roger\Lokala inställningar\Temp\40458AFE1882.tmp CRE c:\Documents and Settings\Roger\Lokala inställningar\Temp\40459412E4E5.tmp CRE c:\Documents and Settings\Roger\Lokala inställningar\Temp\4045C22FFF6A.tmp CRE c:\Documents and Settings\Roger\Lokala inställningar\Temp\A~NSISu_.exe CRE c:\Documents and Settings\Roger\Lokala inställningar\Temp\~DFB.tmp CRE c:\Documents and Settings\Roger\Lokala inställningar\Temporary Internet Files\Content.IE5\492F49EJ\2[1].htm CRE c:\Documents and Settings\Roger\Lokala inställningar\Temporary Internet Files\Content.IE5\492F49EJ\conf[1].js CRE c:\Documents and Settings\Roger\Lokala inställningar\Temporary Internet Files\Content.IE5\492F49EJ\counter[1].jpg CRE c:\Documents and Settings\Roger\Lokala inställningar\Temporary Internet Files\Content.IE5\492F49EJ\load[1].js CRE c:\Documents and Settings\Roger\Lokala inställningar\Temporary Internet Files\Content.IE5\492F49EJ\proxyrnd[1].exe CRE c:\Documents and Settings\Roger\Lokala inställningar\Temporary Internet Files\Content.IE5\492F49EJ\root[1].htm CRE c:\Documents and Settings\Roger\Lokala inställningar\Temporary Internet Files\Content.IE5\492F49EJ\w170[1].exe CRE c:\Documents and Settings\Roger\Lokala inställningar\Temporary Internet Files\Content.IE5\8XMJGLIZ\1[1].exe CRE c:\Documents and Settings\Roger\Lokala inställningar\Temporary Internet Files\Content.IE5\8XMJGLIZ\3[1].htm CRE c:\Documents and Settings\Roger\Lokala inställningar\Temporary Internet Files\Content.IE5\8XMJGLIZ\classload[1].jar CRE c:\Documents and Settings\Roger\Lokala inställningar\Temporary Internet Files\Content.IE5\8XMJGLIZ\foto[1].js CRE c:\Documents and Settings\Roger\Lokala inställningar\Temporary Internet Files\Content.IE5\8XMJGLIZ\index2[1].htm CRE c:\Documents and Settings\Roger\Lokala inställningar\Temporary Internet Files\Content.IE5\8XMJGLIZ\index[3].htm CRE c:\Documents and Settings\Roger\Lokala inställningar\Temporary Internet Files\Content.IE5\8XMJGLIZ\pic10[1].jpg CRE c:\Documents and Settings\Roger\Lokala inställningar\Temporary Internet Files\Content.IE5\8XMJGLIZ\proxyrnd[1].exe CRE c:\Documents and Settings\Roger\Lokala inställningar\Temporary Internet Files\Content.IE5\C12FS9AV\index[1].hta CRE c:\Documents and Settings\Roger\Lokala inställningar\Temporary Internet Files\Content.IE5\C12FS9AV\index[2].htm CRE c:\Documents and Settings\Roger\Lokala inställningar\Temporary Internet Files\Content.IE5\C12FS9AV\index[3].htm CRE c:\Documents and Settings\Roger\Lokala inställningar\Temporary Internet Files\Content.IE5\C12FS9AV\page1[1].htm CRE c:\Documents and Settings\Roger\Lokala inställningar\Temporary Internet Files\Content.IE5\C12FS9AV\sub_root[1].htm CRE c:\Documents and Settings\Roger\Lokala inställningar\Temporary Internet Files\Content.IE5\C12FS9AV\webb[1].exe CRE c:\Documents and Settings\Roger\Lokala inställningar\Temporary Internet Files\Content.IE5\KHYB4HUB\7[1].ani CRE c:\Documents and Settings\Roger\Lokala inställningar\Temporary Internet Files\Content.IE5\KHYB4HUB\cookies2[1].php CRE c:\Documents and Settings\Roger\Lokala inställningar\Temporary Internet Files\Content.IE5\KHYB4HUB\hta[1].js CRE c:\Documents and Settings\Roger\Lokala inställningar\Temporary Internet Files\Content.IE5\KHYB4HUB\in[2].htm CRE c:\Documents and Settings\Roger\Lokala inställningar\Temporary Internet Files\Content.IE5\KHYB4HUB\index3[1].htm CRE c:\Documents and Settings\Roger\Lokala inställningar\Temporary Internet Files\Content.IE5\KHYB4HUB\index[1].hta CRE c:\Documents and Settings\Roger\Lokala inställningar\Tidigare\History.IE5\MSHist012005061320050620 CRE c:\Documents and Settings\Roger\Lokala inställningar\Tidigare\History.IE5\MSHist012005061320050620\index.dat CRE c:\Documents and Settings\Roger\Lokala inställningar\Tidigare\History.IE5\MSHist012005062220050623 CRE c:\Documents and Settings\Roger\Lokala inställningar\Tidigare\History.IE5\MSHist012005062220050623\index.dat CRE c:\Documents and Settings\Roger\Mina dokument\hijackthis2.log CRE c:\Documents and Settings\Roger\Recent\hijackthis2.log.lnk CRE c:\Documents and Settings\Roger\Skrivbord\m00.exe CRE c:\Program Files CRE c:\Program Files\Internet Explorer CRE c:\Program Files\Internet Explorer\shttps CRE c:\Program Files\Internet Explorer\shttps\err CRE c:\Program Files\Internet Explorer\shttps\hosts CRE c:\Program Files\Internet Explorer\shttps\http.cfg CRE c:\Program Files\Internet Explorer\shttps\http.exe CRE c:\Program Files\Internet Explorer\shttps\outbox CRE c:\Program Files\Internet Explorer\shttps\php CRE c:\Program Files\Internet Explorer\shttps\php\dlls CRE c:\Program Files\Internet Explorer\shttps\php\dlls\libmysql.dll CRE c:\Program Files\Internet Explorer\shttps\php\dlls\msql.dll CRE c:\Program Files\Internet Explorer\shttps\php\dlls\ssleay32.dll CRE c:\Program Files\Internet Explorer\shttps\php\magic.mime CRE c:\Program Files\Internet Explorer\shttps\php\php.exe CRE c:\Program Files\Internet Explorer\shttps\php\php.ini CRE c:\Program Files\Internet Explorer\shttps\php\php4embed.lib CRE c:\Program Files\Internet Explorer\shttps\php\php4ts.dll CRE c:\Program Files\Internet Explorer\shttps\php\php4ts.lib CRE c:\Program Files\Internet Explorer\shttps\start.exe CRE c:\Program Files\Internet Explorer\shttps\svchost.exe CRE c:\Program Files\Internet Explorer\shttps\www CRE c:\Program Files\Internet Explorer\shttps\www\cgi-bin CRE c:\Program Files\Internet Explorer\shttps\www\tools CRE c:\Program Files\Internet Explorer\shttps\www\tools\auth.php CRE c:\Program Files\Internet Explorer\shttps\www\tools\backup.exe CRE c:\Program Files\Internet Explorer\shttps\www\tools\backup.php CRE c:\Program Files\Internet Explorer\shttps\www\tools\change.php CRE c:\Program Files\Internet Explorer\shttps\www\tools\cls.exe CRE c:\Program Files\Internet Explorer\shttps\www\tools\index.zdefault CRE c:\Program Files\Internet Explorer\shttps\www\tools\mito.php CRE c:\Program Files\Internet Explorer\shttps\www\tools\reboot.exe CRE c:\Program Files\Internet Explorer\shttps\www\tools\reboot.php CRE c:\Program Files\Internet Explorer\shttps\www\tools\restore.exe CRE c:\Program Files\Internet Explorer\shttps\www\tools\restore.php CRE c:\Program\Ethereal\network-log-plain.txt CRE c:\Program\Ethereal\network-log.txt CRE c:\Program\systemsherlock\before.dat CRE c:\Program\systemsherlock\network-log-urls.txt CRE c:\RCXC.tmp CRE c:\WINDOWS\Prefetch\AOHGNI32.EXE-2F7DBA7F.pf CRE c:\WINDOWS\Prefetch\A~NSISU_.EXE-1E338B64.pf CRE c:\WINDOWS\Prefetch\GREP.EXE-0EA4342B.pf CRE c:\WINDOWS\Prefetch\HTTP.EXE-2E45F2A6.pf CRE c:\WINDOWS\Prefetch\M00.EXE-2B6F74ED.pf CRE c:\WINDOWS\Prefetch\MSXMIDI.EXE-113A7180.pf CRE c:\WINDOWS\Prefetch\NETLOG.EXE-1A8E82A8.pf CRE c:\WINDOWS\Prefetch\NETSH.EXE-085CFFDE.pf CRE c:\WINDOWS\Prefetch\SC.EXE-012262AF.pf CRE c:\WINDOWS\Prefetch\START.EXE-05542A14.pf CRE c:\WINDOWS\Prefetch\SVCHOST.EXE-22141E01.pf CRE c:\WINDOWS\Prefetch\SYS275834209.EXE-21F32D0F.pf CRE c:\WINDOWS\Prefetch\SYS7520315.EXE-16B4EE35.pf CRE c:\WINDOWS\Prefetch\SYS812213090.EXE-12567788.pf CRE c:\WINDOWS\Prefetch\SYS8566296.EXE-13A191C0.pf CRE c:\WINDOWS\Prefetch\UNINSTALL.EXE-2E9623DD.pf CRE c:\WINDOWS\Prefetch\WEB.EXE-2A1EDBAD.pf CRE c:\WINDOWS\Prefetch\WMPLAYER.EXE-187CF6D7.pf CRE c:\WINDOWS\Prefetch\WMPLAYER1.EXE-05686DA1.pf CRE c:\WINDOWS\msxmidi.exe CRE c:\WINDOWS\system32\Bflooebi.dll CRE c:\WINDOWS\system32\aifcayqvm.exe CRE c:\WINDOWS\system32\hlxkvn.exe CRE c:\WINDOWS\system32\hxzlhrvm.exe CRE c:\WINDOWS\system32\jcirxbtyx.exe CRE c:\WINDOWS\system32\kjxxtz.exe CRE c:\WINDOWS\system32\kltzxmyteiht.exe CRE c:\WINDOWS\system32\ngmpqhvyavpvg.exe CRE c:\WINDOWS\system32\nrvrz.exe CRE c:\WINDOWS\system32\oraoby.exe CRE c:\WINDOWS\system32\pexqbmziobd.exe CRE c:\WINDOWS\system32\qukjooh.exe CRE c:\WINDOWS\system32\rvovtr.exe CRE c:\WINDOWS\system32\unibomnnfi.exe CRE c:\WINDOWS\system32\wtbyalrnwfzbc.exe CRE c:\WINDOWS\system32\xpsvxsvr.exe CRE c:\WINDOWS\system32\xtwkmvjxyo.exe CRE c:\WINDOWS\system32\yfpmosu.exe CRE c:\WINDOWS\wmplayer.exe CRE c:\WINDOWS\wmplayer1.exe CRE c:\sys275834209.exe CRE c:\sys7520315.exe CRE c:\sys8566296.exe CRE c:\web.exe CRE c:\winld32.dll CRE c:\winloadhh.dll DEL HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012005061320050614 DEL HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012005061320050614\CacheLimit DEL HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012005061320050614\CacheOptions DEL HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012005061320050614\CachePath DEL HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012005061320050614\CachePrefix DEL HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012005061320050614\CacheRepair DEL HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012005061820050619 DEL HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012005061820050619\CacheLimit DEL HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012005061820050619\CacheOptions DEL HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012005061820050619\CachePath DEL HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012005061820050619\CachePrefix DEL HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012005061820050619\CacheRepair DEL HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\BackupRestore\FilesNotToBackup\Internet Explorer DEL HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\BackupRestore\FilesNotToBackup\Internet Explorer DEL HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\BackupRestore\FilesNotToBackup\Internet Explorer DEL HKEY_USERS\S-1-5-21-1229272821-413027322-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012005061320050614 DEL HKEY_USERS\S-1-5-21-1229272821-413027322-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012005061320050614\CacheLimit DEL HKEY_USERS\S-1-5-21-1229272821-413027322-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012005061320050614\CacheOptions DEL HKEY_USERS\S-1-5-21-1229272821-413027322-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012005061320050614\CachePath DEL HKEY_USERS\S-1-5-21-1229272821-413027322-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012005061320050614\CachePrefix DEL HKEY_USERS\S-1-5-21-1229272821-413027322-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012005061320050614\CacheRepair DEL HKEY_USERS\S-1-5-21-1229272821-413027322-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012005061820050619 DEL HKEY_USERS\S-1-5-21-1229272821-413027322-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012005061820050619\CacheLimit DEL HKEY_USERS\S-1-5-21-1229272821-413027322-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012005061820050619\CacheOptions DEL HKEY_USERS\S-1-5-21-1229272821-413027322-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012005061820050619\CachePath DEL HKEY_USERS\S-1-5-21-1229272821-413027322-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012005061820050619\CachePrefix DEL HKEY_USERS\S-1-5-21-1229272821-413027322-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012005061820050619\CacheRepair DEL c:\Documents and Settings\Roger\Lokala inställningar\Tidigare\History.IE5\MSHist012005061320050614 DEL c:\Documents and Settings\Roger\Lokala inställningar\Tidigare\History.IE5\MSHist012005061320050614\index.dat DEL c:\Documents and Settings\Roger\Lokala inställningar\Tidigare\History.IE5\MSHist012005061820050619 DEL c:\Documents and Settings\Roger\Lokala inställningar\Tidigare\History.IE5\MSHist012005061820050619\index.dat DEL c:\WINDOWS\system32\CatRoot2\tmp.edb DEL c:\WINDOWS\system32\Restore\MachineGuid.txt MOD HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Window_Placement MOD HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\LastVisitedMRU\MRUList MOD HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\*\MRUList MOD HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\*\d MOD HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.log\OpenWithList\MRUList MOD HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\MRUListEx MOD HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\StartPage\StartMenu_Balloon_Time MOD HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{5E6AB780-7743-11CF-A12B-00AA004AE837}\Count\HRZR_PGYFRFFVBA MOD HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU MOD HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU:P:\Cebtenz\Rgurerny\_ehargu.ong MOD HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU:P:\Cebtenz\Vagrearg Rkcybere\vrkcyber.rkr MOD HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU:P:\Cebtenz\uwg\UvwnpxGuvf.rkr MOD HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU:P:\JVAQBJF\Flfgrz32\ABGRCNQ.RKR MOD HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACVQY MOD HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACVQY:%pfvqy2%\Rgurerny MOD HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACVQY:::{2559N1S4-21Q7-11Q4-OQNS-00P04S60O9S0} MOD HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\SavedLegacySettings MOD HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\BagMRU\MRUListEx MOD HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\BagMRU\NodeSlots MOD HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\Bags\2\Shell\WinPos800x600(1).bottom MOD HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\Bags\2\Shell\WinPos800x600(1).left MOD HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\Bags\2\Shell\WinPos800x600(1).right MOD HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\Bags\2\Shell\WinPos800x600(1).top MOD HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\Bags\8\Shell\ShowCmd MOD HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\Bags\8\Shell\WFlags MOD HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\RNG\Seed MOD HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dhcp\Parameters\{BC24B697-4C1E-4D3C-89B7-B171BA2A583F} MOD HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Start MOD HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{BC24B697-4C1E-4D3C-89B7-B171BA2A583F}\LeaseObtainedTime MOD HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{BC24B697-4C1E-4D3C-89B7-B171BA2A583F}\LeaseTerminatesTime MOD HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{BC24B697-4C1E-4D3C-89B7-B171BA2A583F}\T1 MOD HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{BC24B697-4C1E-4D3C-89B7-B171BA2A583F}\T2 MOD HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{BC24B697-4C1E-4D3C-89B7-B171BA2A583F}\Parameters\Tcpip\LeaseObtainedTime MOD HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{BC24B697-4C1E-4D3C-89B7-B171BA2A583F}\Parameters\Tcpip\LeaseTerminatesTime MOD HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{BC24B697-4C1E-4D3C-89B7-B171BA2A583F}\Parameters\Tcpip\T1 MOD HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{BC24B697-4C1E-4D3C-89B7-B171BA2A583F}\Parameters\Tcpip\T2 MOD HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dhcp\Parameters\{BC24B697-4C1E-4D3C-89B7-B171BA2A583F} MOD HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Start MOD HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{BC24B697-4C1E-4D3C-89B7-B171BA2A583F}\LeaseObtainedTime MOD HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{BC24B697-4C1E-4D3C-89B7-B171BA2A583F}\LeaseTerminatesTime MOD HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{BC24B697-4C1E-4D3C-89B7-B171BA2A583F}\T1 MOD HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{BC24B697-4C1E-4D3C-89B7-B171BA2A583F}\T2 MOD HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\{BC24B697-4C1E-4D3C-89B7-B171BA2A583F}\Parameters\Tcpip\LeaseObtainedTime MOD HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\{BC24B697-4C1E-4D3C-89B7-B171BA2A583F}\Parameters\Tcpip\LeaseTerminatesTime MOD HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\{BC24B697-4C1E-4D3C-89B7-B171BA2A583F}\Parameters\Tcpip\T1 MOD HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\{BC24B697-4C1E-4D3C-89B7-B171BA2A583F}\Parameters\Tcpip\T2 MOD HKEY_USERS\S-1-5-21-1229272821-413027322-839522115-1003\Software\Microsoft\Internet Explorer\Main\Window_Placement MOD HKEY_USERS\S-1-5-21-1229272821-413027322-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\LastVisitedMRU\MRUList MOD HKEY_USERS\S-1-5-21-1229272821-413027322-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\*\MRUList MOD HKEY_USERS\S-1-5-21-1229272821-413027322-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\*\d MOD HKEY_USERS\S-1-5-21-1229272821-413027322-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.log\OpenWithList\MRUList MOD HKEY_USERS\S-1-5-21-1229272821-413027322-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\MRUListEx MOD HKEY_USERS\S-1-5-21-1229272821-413027322-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\StartPage\StartMenu_Balloon_Time MOD HKEY_USERS\S-1-5-21-1229272821-413027322-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{5E6AB780-7743-11CF-A12B-00AA004AE837}\Count\HRZR_PGYFRFFVBA MOD HKEY_USERS\S-1-5-21-1229272821-413027322-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU MOD HKEY_USERS\S-1-5-21-1229272821-413027322-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU:P:\Cebtenz\Rgurerny\_ehargu.ong MOD HKEY_USERS\S-1-5-21-1229272821-413027322-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU:P:\Cebtenz\Vagrearg Rkcybere\vrkcyber.rkr MOD HKEY_USERS\S-1-5-21-1229272821-413027322-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU:P:\Cebtenz\uwg\UvwnpxGuvf.rkr MOD HKEY_USERS\S-1-5-21-1229272821-413027322-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU:P:\JVAQBJF\Flfgrz32\ABGRCNQ.RKR MOD HKEY_USERS\S-1-5-21-1229272821-413027322-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACVQY MOD HKEY_USERS\S-1-5-21-1229272821-413027322-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACVQY:%pfvqy2%\Rgurerny MOD HKEY_USERS\S-1-5-21-1229272821-413027322-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACVQY:::{2559N1S4-21Q7-11Q4-OQNS-00P04S60O9S0} MOD HKEY_USERS\S-1-5-21-1229272821-413027322-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\SavedLegacySettings MOD HKEY_USERS\S-1-5-21-1229272821-413027322-839522115-1003\Software\Microsoft\Windows\ShellNoRoam\BagMRU\MRUListEx MOD HKEY_USERS\S-1-5-21-1229272821-413027322-839522115-1003\Software\Microsoft\Windows\ShellNoRoam\BagMRU\NodeSlots MOD HKEY_USERS\S-1-5-21-1229272821-413027322-839522115-1003\Software\Microsoft\Windows\ShellNoRoam\Bags\2\Shell\WinPos800x600(1).bottom MOD HKEY_USERS\S-1-5-21-1229272821-413027322-839522115-1003\Software\Microsoft\Windows\ShellNoRoam\Bags\2\Shell\WinPos800x600(1).left MOD HKEY_USERS\S-1-5-21-1229272821-413027322-839522115-1003\Software\Microsoft\Windows\ShellNoRoam\Bags\2\Shell\WinPos800x600(1).right MOD HKEY_USERS\S-1-5-21-1229272821-413027322-839522115-1003\Software\Microsoft\Windows\ShellNoRoam\Bags\2\Shell\WinPos800x600(1).top MOD HKEY_USERS\S-1-5-21-1229272821-413027322-839522115-1003\Software\Microsoft\Windows\ShellNoRoam\Bags\8\Shell\ShowCmd MOD HKEY_USERS\S-1-5-21-1229272821-413027322-839522115-1003\Software\Microsoft\Windows\ShellNoRoam\Bags\8\Shell\WFlags MOD c:\ MOD c:\Documents and Settings\Roger\Application Data\Ethereal\recent MOD c:\Documents and Settings\Roger\Cookies MOD c:\Documents and Settings\Roger\Cookies\index.dat MOD c:\Documents and Settings\Roger\Lokala inställningar\Temp MOD c:\Documents and Settings\Roger\Lokala inställningar\Temporary Internet Files\Content.IE5\492F49EJ MOD c:\Documents and Settings\Roger\Lokala inställningar\Temporary Internet Files\Content.IE5\8XMJGLIZ MOD c:\Documents and Settings\Roger\Lokala inställningar\Temporary Internet Files\Content.IE5\C12FS9AV MOD c:\Documents and Settings\Roger\Lokala inställningar\Temporary Internet Files\Content.IE5\KHYB4HUB MOD c:\Documents and Settings\Roger\Lokala inställningar\Temporary Internet Files\Content.IE5\index.dat MOD c:\Documents and Settings\Roger\Lokala inställningar\Tidigare\History.IE5 MOD c:\Documents and Settings\Roger\Lokala inställningar\Tidigare\History.IE5\index.dat MOD c:\Documents and Settings\Roger\Mina dokument MOD c:\Documents and Settings\Roger\NTUSER.DAT.LOG MOD c:\Documents and Settings\Roger\Recent MOD c:\Documents and Settings\Roger\Skrivbord MOD c:\Program\Ethereal MOD c:\Program\Ethereal\snmp\mibs\.index MOD c:\Program\Windows Media Player\wmplayer.exe MOD c:\Program\hjt MOD c:\Program\systemsherlock MOD c:\Program\systemsherlock\dump_compare_copy.bat MOD c:\WINDOWS MOD c:\WINDOWS\Prefetch MOD c:\WINDOWS\Prefetch\CMD.EXE-087B4001.pf MOD c:\WINDOWS\Prefetch\ETHEREAL.EXE-0D6AF674.pf MOD c:\WINDOWS\Prefetch\HIJACKTHIS.EXE-06DDFE72.pf MOD c:\WINDOWS\Prefetch\IEXPLORE.EXE-350E1020.pf MOD c:\WINDOWS\Prefetch\MSHTA.EXE-331DF029.pf MOD c:\WINDOWS\Prefetch\NOTEPAD.EXE-336351A9.pf MOD c:\WINDOWS\Prefetch\SED.EXE-07C7F123.pf MOD c:\WINDOWS\Prefetch\SYSTEMSHERLOCK.EXE-3ABE9B82.pf MOD c:\WINDOWS\Prefetch\WMIPRVSE.EXE-28F301A9.pf MOD c:\WINDOWS\Temp MOD c:\WINDOWS\setupapi.log MOD c:\WINDOWS\system32 MOD c:\WINDOWS\system32\CatRoot2 MOD c:\WINDOWS\system32\CatRoot2\dberr.txt MOD c:\WINDOWS\system32\CatRoot2\edb.chk MOD c:\WINDOWS\system32\CatRoot2\edb.log MOD c:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb MOD c:\WINDOWS\system32\Restore MOD c:\WINDOWS\system32\config\SAM.LOG MOD c:\WINDOWS\system32\config\default.LOG MOD c:\WINDOWS\system32\config\software.LOG MOD c:\WINDOWS\system32\config\system.LOG MOD c:\WINDOWS\system32\drivers\etc\hosts Compare finished.