RÄDDA MIG!

[sussrufs]

laddade ner limewire och en massa musik. sen fick jag en varning och avinstallerade programmet. hade såklart fått massor av spyware och annan skit.

nu har jag kört program som tz, ad aware och spybot i flera veckor, men ännu hittar jag en massa. kan dessutom inte få bort limewire från datorn, en komponent ligger i programlistan på 490 mb som inte går att ta bort.

hur får jag bort detta?

 

körde en hijack this-scan nu, men är osäker på vad som ska väck. här är loggen: (jag fattar inte logfunktionen, förlåt! är evigt tacksam för hjälp.

 

Logfile of HijackThis v1.99.1

Scan saved at 18:54:14, on 2005-03-16

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program\Delade filer\Symantec Shared\ccSetMgr.exe

C:\Program\Delade filer\Symantec Shared\SNDSrvc.exe

C:\Program\Delade filer\Symantec Shared\SPBBC\SPBBCSvc.exe

C:\Program\Delade filer\Symantec Shared\ccEvtMgr.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Program\CA\SharedComponents\CA_LIC\LogWatNT.exe

C:\Program\Norton AntiVirus\navapsvc.exe

C:\Program\Synaptics\SynTP\SynTPLpr.exe

C:\Program\Synaptics\SynTP\SynTPEnh.exe

C:\Program\QuickTime\qttask.exe

C:\Program\Norton AntiVirus\IWP\NPFMntor.exe

C:\Program\Delade filer\Real\Update_OB\realsched.exe

C:\Program\Norton SystemWorks\Norton Utilities\NPROTECT.EXE

D:\iTunesHelper.exe

C:\Program\Delade filer\Symantec Shared\ccApp.exe

C:\Program\Java\jre1.5.0_01\bin\jusched.exe

C:\WINDOWS\system32\sistray.EXE

C:\WINDOWS\system32\khooker.exe

C:\Program\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe

C:\Program\Hewlett-Packard\Digital Imaging\bin\hposol08.exe

C:\Program\Belkin Corporation\Belkin Wireless Network Monitor Utility and Driver\RtlWake.exe

C:\Program\NORTON~1\SPEEDD~1\nopdb.exe

C:\WINDOWS\System32\svchost.exe

C:\Program\Delade filer\Symantec Shared\CCPD-LC\symlcsvc.exe

C:\Program\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe

D:\bin\iPodService.exe

C:\Program\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe

C:\Program\Internet Explorer\iexplore.exe

C:\Program\Internet Explorer\iexplore.exe

C:\Program\Messenger\msmsgs.exe

E:\Anti-spyware\Hijack this\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.toothpastefordinner.com/

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

R3 - Default URLSearchHook is missing

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program\google\googletoolbar2.dll

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program\google\googletoolbar2.dll

O4 - HKLM\..\Run: [synTPLpr] C:\Program\Synaptics\SynTP\SynTPLpr.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Program\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [TkBellExe] "C:\Program\Delade filer\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [iTunesHelper] D:\iTunesHelper.exe

O4 - HKLM\..\Run: [ccApp] "C:\Program\Delade filer\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\Program\SYMNET~1\SNDMon.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program\Java\jre1.5.0_01\bin\jusched.exe

O4 - HKLM\..\Run: [siS Tray] C:\WINDOWS\system32\sistray.EXE

O4 - HKLM\..\Run: [siS KHooker] C:\WINDOWS\system32\khooker.exe

O4 - Global Startup: hpoddt01.exe.lnk = ?

O4 - Global Startup: officejet 6100.lnk = ?

O4 - Global Startup: RtlWake.lnk = ?

O8 - Extra context menu item: &Google Search - res://c:\program\google\GoogleToolbar2.dll/cmsearch.html

O8 - Extra context menu item: Backward Links - res://c:\program\google\GoogleToolbar2.dll/cmbacklinks.html

O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program\google\GoogleToolbar2.dll/cmcache.html

O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~3\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Similar Pages - res://c:\program\google\GoogleToolbar2.dll/cmsimilar.html

O8 - Extra context menu item: Translate into English - res://c:\program\google\GoogleToolbar2.dll/cmtrans.html

O9 - Extra button: Expekt.com Poker - {3852AC86-965F-4abe-A75F-3DCB7E81A4B2} - C:\Program\expektMPP\MPPoker.exe

O9 - Extra button: Referensinformation - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program\MICROS~3\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O12 - Plugin for .spop: C:\Program\Internet Explorer\Plugins\NPDocBox.dll

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab

O23 - Service: CA License Client (CA_LIC_CLNT) - Computer Associates - C:\Program\CA\SharedComponents\CA_LIC\lic98rmt.exe

O23 - Service: CA License Server (CA_LIC_SRVR) - Computer Associates - C:\Program\CA\SharedComponents\CA_LIC\lic98rmtd.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccPwdSvc.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccSetMgr.exe

O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - D:\bin\iPodService.exe

O23 - Service: Event Log Watch (LogWatch) - Computer Associates - C:\Program\CA\SharedComponents\CA_LIC\LogWatNT.exe

O23 - Service: Norton AntiVirus Auto Protect-tjänst (navapsvc) - Symantec Corporation - C:\Program\Norton AntiVirus\navapsvc.exe

O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program\Norton AntiVirus\IWP\NPFMntor.exe

O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program\Norton SystemWorks\Norton Utilities\NPROTECT.EXE

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: SAVScan - Symantec Corporation - C:\Program\Norton AntiVirus\SAVScan.exe

O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\Program\DELADE~1\SYMANT~1\SCRIPT~1\SBServ.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\SNDSrvc.exe

O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\SPBBC\SPBBCSvc.exe

O23 - Service: Speed Disk service - Symantec Corporation - C:\Program\NORTON~1\SPEEDD~1\nopdb.exe

O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\CCPD-LC\symlcsvc.exe

O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\Security Center\SymWSC.exe

 

 

 

[Cecilia]

TZ ska man inte använda, det påstår att man har otrevligheter som man inte har bara för att man ska betala och inte är det mycket den kan ta bort heller, se här:

http://www.spywarewarrior.com/rogue_anti-spyware.htm

Så avinstallera det.

 

Utav gratis antispionprogram så är det bara Ad-aware och Spybot Search & Destroy som är bra att ha.

 

Faktiskt så kan jag inte se något allvarligt i din logg, utan det är bara lite skönhetsfläckar i den.

 

Förklara lite bättre vad du menar med komponent och programlistan.

Har du avinstallerat från Kontrollpanelen - Lägg till och ta bort program?

Går det inte att ta bort någon file? I så fall har du försökt i felsäkert läge. Om det inte heller går så vad får du för felmeddelande?

 

Var säker på att du förstår allt nedan innan du fortsätter, fråga annars.

 

För att du inte ska råka återställa datorn till ett läge med de otrevligheter i som du har haft så bör du ta bort alla systemåterställningspunkter genom att avaktivera systemåterställningsfunktionen.

Den här datorn - högerklick - Egenskaper - Systemåterställning

Funktionen ska sedan sättas på när datorn är ren.

 

Kör HijackThis och skanna. Bocka för dessa rader:

 

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R3 - Default URLSearchHook is missing

 

Om du inte har valt startsidan själv så bocka även för denna rad:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.toothpastefordinner.com/

 

Avsluta alla program och fönster utom HijackThis.

Tryck på Fix checked.

 

Starta om datorn.

 

Ta ut en ny HijackThis-logg.

Skriv i ditt svar här svaren på frågorna ovan, vad Ad-aware och Spybot S&D hittar men inte kan få bort samt bifoga den nya HijackThis-loggen på detta sätt:

Tryck på LOG-knappen i Besvara-fönstret

Klistra in loggen

Tryck igen på LOG-knappen

 

[sussrufs_]

systemåterställningsfunktionen är redan avaktiverad vad jag förstått. den aktiveras när datorn är ren, vad jag förstått?

 

då börjar vi med alla logs.

 

på SPYBOT kom det bara upp DSO exploit, 5 entries. och det har alltid kommit upp när jag scannat.

 

ad aware. [log]

Ad-Aware SE Build 1.05

Logfile Created on:den 17 mars 2005 15:01:41

Created with Ad-Aware SE Personal, free for private use.

Using definitions file:SE1R32 10.03.2005

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

References detected during the scan:

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

MRU List(TAC index:0):33 total references

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

Ad-Aware SE Settings

===========================

Set : Search for negligible risk entries

Set : Safe mode (always request confirmation)

Set : Scan active processes

Set : Scan registry

Set : Deep-scan registry

Set : Scan my IE Favorites for banned URLs

Set : Scan my Hosts file

 

Extended Ad-Aware SE Settings

===========================

Set : Unload recognized processes & modules during scan

Set : Scan registry for all users instead of current user only

Set : Always try to unload modules before deletion

Set : During removal, unload Explorer and IE if necessary

Set : Let Windows remove files in use at next reboot

Set : Delete quarantined objects after restoring

Set : Include basic Ad-Aware settings in log file

Set : Include additional Ad-Aware settings in log file

Set : Include reference summary in log file

Set : Include alternate data stream details in log file

Set : Play sound at scan completion if scan locates critical objects

 

 

2005-03-17 15:01:41 - Scan started. (Full System Scan)

 

MRU List Object Recognized!

Location: : S-1-5-21-3995598635-3807011228-2358100727-1006\software\microsoft\windows\currentversion\applets\paint\recent file list

Description : list of files recently opened using microsoft paint

 

 

MRU List Object Recognized!

Location: : S-1-5-21-3995598635-3807011228-2358100727-1006\software\microsoft\windows\currentversion\explorer\runmru

Description : mru list for items opened in start | run

 

 

MRU List Object Recognized!

Location: : S-1-5-21-3995598635-3807011228-2358100727-1006\software\microsoft\search assistant\acmru

Description : list of recent search terms used with the search assistant

 

 

MRU List Object Recognized!

Location: : S-1-5-21-3995598635-3807011228-2358100727-1006\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru

Description : list of recently saved files, stored according to file extension

 

 

MRU List Object Recognized!

Location: : S-1-5-21-3995598635-3807011228-2358100727-1006\software\microsoft\windows\currentversion\explorer\comdlg32\lastvisitedmru

Description : list of recent programs opened

 

 

MRU List Object Recognized!

Location: : S-1-5-21-3995598635-3807011228-2358100727-1006\software\microsoft\windows\currentversion\explorer\recentdocs

Description : list of recent documents opened

 

 

MRU List Object Recognized!

Location: : S-1-5-21-3995598635-3807011228-2358100727-1006\software\microsoft\mediaplayer\player\recentfilelist

Description : list of recently used files in microsoft windows media player

 

 

MRU List Object Recognized!

Location: : S-1-5-21-3995598635-3807011228-2358100727-1006\software\microsoft\internet explorer\main

Description : last save directory used in microsoft internet explorer

 

 

MRU List Object Recognized!

Location: : S-1-5-21-3995598635-3807011228-2358100727-1006\software\realnetworks\realplayer\6.0\preferences

Description : list of recent skins in realplayer

 

 

MRU List Object Recognized!

Location: : S-1-5-21-3995598635-3807011228-2358100727-1006\software\microsoft\internet explorer

Description : last download directory used in microsoft internet explorer

 

 

MRU List Object Recognized!

Location: : software\microsoft\directdraw\mostrecentapplication

Description : most recent application to use microsoft directdraw

 

 

MRU List Object Recognized!

Location: : S-1-5-21-3995598635-3807011228-2358100727-1006\software\microsoft\microsoft management console\recent file list

Description : list of recent snap-ins used in the microsoft management console

 

 

MRU List Object Recognized!

Location: : S-1-5-21-3995598635-3807011228-2358100727-1006\software\microsoft\mediaplayer\player\settings

Description : last save as directory used in jasc paint shop pro

 

 

MRU List Object Recognized!

Location: : S-1-5-21-3995598635-3807011228-2358100727-1006\software\google\navclient\1.1\history

Description : list of recently used search terms in the google toolbar

 

 

MRU List Object Recognized!

Location: : S-1-5-21-3995598635-3807011228-2358100727-1006\software\microsoft\mediaplayer\preferences

Description : last cd record path used in microsoft windows media player

 

 

MRU List Object Recognized!

Location: : S-1-5-21-3995598635-3807011228-2358100727-1006\software\microsoft\internet explorer\typedurls

Description : list of recently entered addresses in microsoft internet explorer

 

 

MRU List Object Recognized!

Location: : S-1-5-21-3995598635-3807011228-2358100727-1006\software\adobe\acrobat reader\6.0\avgeneral\crecentfiles

Description : list of recently used files in adobe reader

 

 

MRU List Object Recognized!

Location: : S-1-5-21-3995598635-3807011228-2358100727-1006\software\microsoft\mediaplayer\player\settings

Description : last open directory used in jasc paint shop pro

 

 

MRU List Object Recognized!

Location: : S-1-5-21-3995598635-3807011228-2358100727-1006\software\microsoft\direct3d\mostrecentapplication

Description : most recent application to use microsoft direct3d

 

 

MRU List Object Recognized!

Location: : software\microsoft\direct3d\mostrecentapplication

Description : most recent application to use microsoft direct3d

 

 

MRU List Object Recognized!

Location: : S-1-5-21-3995598635-3807011228-2358100727-1006\software\microsoft\mediaplayer\preferences

Description : last playlist index loaded in microsoft windows media player

 

 

MRU List Object Recognized!

Location: : S-1-5-21-3995598635-3807011228-2358100727-1006\software\realnetworks\realplayer\6.0\preferences

Description : list of recent clips in realplayer

 

 

MRU List Object Recognized!

Location: : S-1-5-21-3995598635-3807011228-2358100727-1006\software\microsoft\windows\currentversion\applets\regedit

Description : last key accessed using the microsoft registry editor

 

 

MRU List Object Recognized!

Location: : S-1-5-21-3995598635-3807011228-2358100727-1006\software\microsoft\mediaplayer\preferences

Description : last playlist loaded in microsoft windows media player

 

 

MRU List Object Recognized!

Location: : S-1-5-21-3995598635-3807011228-2358100727-1006\software\realnetworks\realplayer\6.0\preferences

Description : last login time in realplayer

 

 

MRU List Object Recognized!

Location: : S-1-5-21-3995598635-3807011228-2358100727-1006\software\microsoft\mediaplayer\medialibraryui

Description : last selected node in the microsoft windows media player media library

 

 

MRU List Object Recognized!

Location: : S-1-5-21-3995598635-3807011228-2358100727-1006\software\microsoft\direct3d\mostrecentapplication

Description : most recent application to use microsoft direct X

 

 

MRU List Object Recognized!

Location: : software\microsoft\direct3d\mostrecentapplication

Description : most recent application to use microsoft direct X

 

 

MRU List Object Recognized!

Location: : .DEFAULT\software\microsoft\windows media\wmsdk\general

Description : windows media sdk

 

 

MRU List Object Recognized!

Location: : S-1-5-18\software\microsoft\windows media\wmsdk\general

Description : windows media sdk

 

 

MRU List Object Recognized!

Location: : S-1-5-21-3995598635-3807011228-2358100727-1006\software\microsoft\windows media\wmsdk\general

Description : windows media sdk

 

 

MRU List Object Recognized!

Location: : C:\Documents and Settings\Susanne\Application Data\microsoft\office\recent

Description : list of recently opened documents using microsoft office

 

 

MRU List Object Recognized!

Location: : C:\Documents and Settings\Susanne\recent

Description : list of recently opened documents

 

 

Listing running processes

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

#:1 [smss.exe]

FilePath : \SystemRoot\System32 ProcessID : 532

ThreadCreationTime : 2005-03-17 13:52:07

BasePriority : Normal

 

 

#:2 [csrss.exe]

FilePath : \??\C:\WINDOWS\system32 ProcessID : 596

ThreadCreationTime : 2005-03-17 13:52:09

BasePriority : Normal

 

 

#:3 [winlogon.exe]

FilePath : \??\C:\WINDOWS\system32 ProcessID : 620

ThreadCreationTime : 2005-03-17 13:52:10

BasePriority : High

 

 

#:4 [services.exe]

FilePath : C:\WINDOWS\system32 ProcessID : 668

ThreadCreationTime : 2005-03-17 13:52:11

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Operativsystemet Microsoft® Windows®

CompanyName : Microsoft Corporation

FileDescription : Tjänst- och styrenhetsprogram

InternalName : services.exe

LegalCopyright : © Microsoft Corporation. Med ensamrätt.

OriginalFilename : services.exe

 

#:5 [lsass.exe]

FilePath : C:\WINDOWS\system32 ProcessID : 680

ThreadCreationTime : 2005-03-17 13:52:11

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : LSA Shell (Export Version)

InternalName : lsass.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : lsass.exe

 

#:6 [svchost.exe]

FilePath : C:\WINDOWS\system32 ProcessID : 836

ThreadCreationTime : 2005-03-17 13:52:13

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Generic Host Process for Win32 Services

InternalName : svchost.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : svchost.exe

 

#:7 [svchost.exe]

FilePath : C:\WINDOWS\system32 ProcessID : 916

ThreadCreationTime : 2005-03-17 13:52:13

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Generic Host Process for Win32 Services

InternalName : svchost.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : svchost.exe

 

#:8 [svchost.exe]

FilePath : C:\WINDOWS\System32 ProcessID : 1012

ThreadCreationTime : 2005-03-17 13:52:13

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Generic Host Process for Win32 Services

InternalName : svchost.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : svchost.exe

 

#:9 [svchost.exe]

FilePath : C:\WINDOWS\System32 ProcessID : 1104

ThreadCreationTime : 2005-03-17 13:52:13

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Generic Host Process for Win32 Services

InternalName : svchost.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : svchost.exe

 

#:10 [svchost.exe]

FilePath : C:\WINDOWS\System32 ProcessID : 1200

ThreadCreationTime : 2005-03-17 13:52:14

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Generic Host Process for Win32 Services

InternalName : svchost.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : svchost.exe

 

#:11 [ccsetmgr.exe]

FilePath : C:\Program\Delade filer\Symantec Shared ProcessID : 1428

ThreadCreationTime : 2005-03-17 13:52:16

BasePriority : Normal

FileVersion : 103.0.3.8

ProductVersion : 103.0.3.8

ProductName : Client and Host Security Platform

CompanyName : Symantec Corporation

FileDescription : Symantec Settings Manager Service

InternalName : ccSetMgr

LegalCopyright : Copyright © 2000-2004 Symantec Corporation. All rights reserved.

OriginalFilename : ccSetMgr.exe

 

#:12 [sndsrvc.exe]

FilePath : C:\Program\Delade filer\Symantec Shared ProcessID : 1600

ThreadCreationTime : 2005-03-17 13:52:20

BasePriority : Normal

FileVersion : 5.4.4.17

ProductVersion : 5.4

ProductName : Symantec Security Drivers

CompanyName : Symantec Corporation

FileDescription : Network Driver Service

InternalName : SndSrvc

LegalCopyright : Copyright 2002, 2003, 2004 Symantec Corporation

OriginalFilename : SndSrvc.exe

 

#:13 [spbbcsvc.exe]

FilePath : C:\Program\Delade filer\Symantec Shared\SPBBC ProcessID : 1636

ThreadCreationTime : 2005-03-17 13:52:21

BasePriority : Normal

FileVersion : 1,0,1,47

ProductVersion : 1,0,1,47

ProductName : SPBBC

CompanyName : Symantec Corporation

FileDescription : SPBBC Service

InternalName : SPBBCSvc

LegalCopyright : Copyright © 2004 Symantec Corporation. All rights reserved.

OriginalFilename : SPBBCSvc.exe

 

#:14 [ccevtmgr.exe]

FilePath : C:\Program\Delade filer\Symantec Shared ProcessID : 1648

ThreadCreationTime : 2005-03-17 13:52:21

BasePriority : Normal

FileVersion : 103.0.3.8

ProductVersion : 103.0.3.8

ProductName : Client and Host Security Platform

CompanyName : Symantec Corporation

FileDescription : Symantec Event Manager Service

InternalName : ccEvtMgr

LegalCopyright : Copyright © 2000-2004 Symantec Corporation. All rights reserved.

OriginalFilename : ccEvtMgr.exe

 

#:15 [spoolsv.exe]

FilePath : C:\WINDOWS\system32 ProcessID : 1840

ThreadCreationTime : 2005-03-17 13:52:23

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Spooler SubSystem App

InternalName : spoolsv.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : spoolsv.exe

 

#:16 [explorer.exe]

FilePath : C:\WINDOWS ProcessID : 160

ThreadCreationTime : 2005-03-17 13:52:26

BasePriority : Normal

FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 6.00.2900.2180

ProductName : Operativsystemet Microsoft® Windows®

CompanyName : Microsoft Corporation

FileDescription : Utforskaren

InternalName : explorer

LegalCopyright : © Microsoft Corporation. Med ensamrätt.

OriginalFilename : EXPLORER.EXE

 

#:17 [logwatnt.exe]

FilePath : C:\Program\CA\SharedComponents\CA_LIC ProcessID : 396

ThreadCreationTime : 2005-03-17 13:52:28

BasePriority : Normal

FileVersion : 1.52

ProductVersion : 1, 0, 0, 1

ProductName : Computer Associates LogWatNT

CompanyName : Computer Associates

FileDescription : LogWatNT

InternalName : LogWatNT

LegalCopyright : Copyright © 2002

OriginalFilename : LogWatNT.exe

 

#:18 [navapsvc.exe]

FilePath : C:\Program\Norton AntiVirus ProcessID : 424

ThreadCreationTime : 2005-03-17 13:52:28

BasePriority : Normal

FileVersion : 11.0.1.3

ProductVersion : 11.0.1

ProductName : Norton AntiVirus

CompanyName : Symantec Corporation

FileDescription : Norton AntiVirus Auto-Protect Service

InternalName : NAVAPSVC

LegalCopyright : Norton AntiVirus 2005 for Windows 98/ME/2000/XP Copyright © 2004 Symantec Corporation. All rights reserved.

OriginalFilename : NAVAPSVC.EXE

 

#:19 [npfmntor.exe]

FilePath : C:\Program\Norton AntiVirus\IWP ProcessID : 372

ThreadCreationTime : 2005-03-17 13:52:30

BasePriority : Normal

FileVersion : 11.0.1.3

ProductVersion : 11.0.1

ProductName : Norton AntiVirus

CompanyName : Symantec Corporation

FileDescription : Norton AntiVirus Firewall Install Monitor

InternalName : NPFMonitor

LegalCopyright : Norton AntiVirus 2005 for Windows 98/ME/2000/XP Copyright © 2004 Symantec Corporation. All rights reserved.

OriginalFilename : NPFMonitor.EXE

 

#:20 [nprotect.exe]

FilePath : C:\Program\Norton SystemWorks\Norton Utilities ProcessID : 644

ThreadCreationTime : 2005-03-17 13:52:30

BasePriority : Normal

FileVersion : 16.00.0.22

ProductVersion : 16.00.0.22

ProductName : Norton Utilities

CompanyName : Symantec Corporation

FileDescription : Norton Protection Status

InternalName : NPROTECT

LegalCopyright : Copyright © 2003 Symantec Corporation

LegalTrademarks : Norton Utilities

OriginalFilename : NPROTECT.EXE

 

#:21 [nopdb.exe]

FilePath : C:\Program\NORTON~1\SPEEDD~1 ProcessID : 1172

ThreadCreationTime : 2005-03-17 13:52:37

BasePriority : Normal

FileVersion : 7.00.0.24

ProductVersion : 7.00.0.24

ProductName : Norton Speed Disk

CompanyName : Symantec Corporation

FileDescription : NOPDB

InternalName : NOPDB

LegalCopyright : Copyright © 2002

OriginalFilename : NOPDB.dll

 

#:22 [syntplpr.exe]

FilePath : C:\Program\Synaptics\SynTP ProcessID : 1344

ThreadCreationTime : 2005-03-17 13:52:40

BasePriority : Normal

FileVersion : 7.5.12 06Jun03

ProductVersion : 7.5.12 06Jun03

ProductName : Progressive Touch

CompanyName : Synaptics, Inc.

FileDescription : TouchPad Driver Helper Application

InternalName : SynTPLpr

LegalCopyright : Copyright © Synaptics, Inc. 1996-2003

OriginalFilename : SynTPLpr.exe

 

#:23 [syntpenh.exe]

FilePath : C:\Program\Synaptics\SynTP ProcessID : 1416

ThreadCreationTime : 2005-03-17 13:52:42

BasePriority : Normal

FileVersion : 7.5.12 06Jun03

ProductVersion : 7.5.12 06Jun03

ProductName : Progressive Touch

CompanyName : Synaptics, Inc.

FileDescription : Synaptics TouchPad Enhancements

InternalName : Scrolleroo

LegalCopyright : Copyright © Synaptics, Inc. 1996-2003

OriginalFilename : SynTPEnh.exe

 

#:24 [qttask.exe]

FilePath : C:\Program\QuickTime ProcessID : 1476

ThreadCreationTime : 2005-03-17 13:52:43

BasePriority : Normal

FileVersion : 6.5.1

ProductVersion : QuickTime 6.5.1

ProductName : QuickTime

CompanyName : Apple Computer, Inc.

InternalName : QuickTime Task

LegalCopyright : © Apple Computer, Inc. 2001-2004

OriginalFilename : QTTask.exe

 

#:25 [realsched.exe]

FilePath : C:\Program\Delade filer\Real\Update_OB ProcessID : 1484

ThreadCreationTime : 2005-03-17 13:52:44

BasePriority : Normal

FileVersion : 0.1.0.3208

ProductVersion : 0.1.0.3208

ProductName : RealPlayer (32-bit)

CompanyName : RealNetworks, Inc.

FileDescription : RealNetworks Scheduler

InternalName : schedapp

LegalCopyright : Copyright © RealNetworks, Inc. 1995-2004

LegalTrademarks : RealAudio is a trademark of RealNetworks, Inc.

OriginalFilename : realsched.exe

 

#:26 [ituneshelper.exe]

FilePath : D: ProcessID : 1500

ThreadCreationTime : 2005-03-17 13:52:44

BasePriority : Normal

FileVersion : 4.7.1.30

ProductVersion : 4.7.1.30

ProductName : iTunes

CompanyName : Apple Computer, Inc.

FileDescription : iTunesHelper Module

InternalName : iTunesHelper

LegalCopyright : © 2003-2004 Apple Computer, Inc. All Rights Reserved.

OriginalFilename : iTunesHelper.exe

 

#:27 [ccapp.exe]

FilePath : C:\Program\Delade filer\Symantec Shared ProcessID : 1516

ThreadCreationTime : 2005-03-17 13:52:45

BasePriority : Normal

FileVersion : 103.0.3.8

ProductVersion : 103.0.3.8

ProductName : Client and Host Security Platform

CompanyName : Symantec Corporation

FileDescription : Symantec User Session

InternalName : ccApp

LegalCopyright : Copyright © 2000-2004 Symantec Corporation. All rights reserved.

OriginalFilename : ccApp.exe

 

#:28 [svchost.exe]

FilePath : C:\WINDOWS\System32 ProcessID : 1744

ThreadCreationTime : 2005-03-17 13:52:46

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Generic Host Process for Win32 Services

InternalName : svchost.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : svchost.exe

 

#:29 [jusched.exe]

FilePath : C:\Program\Java\jre1.5.0_01\bin ProcessID : 1940

ThreadCreationTime : 2005-03-17 13:52:47

BasePriority : Normal

 

 

#:30 [symlcsvc.exe]

FilePath : C:\Program\Delade filer\Symantec Shared\CCPD-LC ProcessID : 1928

ThreadCreationTime : 2005-03-17 13:52:47

BasePriority : Normal

FileVersion : 1, 8, 54, 419

ProductVersion : 1, 8, 54, 419

ProductName : Symantec Core Component

CompanyName : Symantec Corporation

FileDescription : Symantec Core Component

InternalName : symlcsvc

LegalCopyright : Copyright © 2003

OriginalFilename : symlcsvc.exe

 

#:31 [sistray.exe]

FilePath : C:\WINDOWS\system32 ProcessID : 120

ThreadCreationTime : 2005-03-17 13:52:49

BasePriority : Normal

FileVersion : 0.0.0.2180

ProductVersion : 0.0.0.2180

ProductName : SiS ® Compatible Super VGA SiSTray application for Windows NT4.0/2000/XP

CompanyName : Silicon Integrated Systems Corporation

FileDescription : SiS Compatible Super VGA Tray Application

InternalName : SISTRAY 2.18.01

LegalCopyright : Copyright © Silicon Integrated Systems Corp. 2003-2006

OriginalFilename : SISTRAY.EXE

Comments : SiS Compatible Super VGA Tray Application

 

#:32 [khooker.exe]

FilePath : C:\WINDOWS\system32 ProcessID : 1888

ThreadCreationTime : 2005-03-17 13:52:49

BasePriority : Normal

FileVersion : 0.0.0.2180

ProductVersion : 0.0.0.2180

ProductName : SIS ® Compatible Super VGA keyboard daemon for Windows 2000/XP

CompanyName : Silicon Integrated Systems Corporation

FileDescription : SiS Compatible Super VGA Keyboard Daemon

InternalName : KHOOKER 2.18.50

LegalCopyright : Copyright © Silicon Integrated Systems Corp. 1998-2002

OriginalFilename : KHOOKER.EXE

Comments : SiS Compatible Super VGA Keyboard Daemon

 

#:33 [wdfmgr.exe]

FilePath : C:\WINDOWS\system32 ProcessID : 464

ThreadCreationTime : 2005-03-17 13:52:53

BasePriority : Normal

FileVersion : 5.2.3790.1230 built by: DNSRV(bld4act)

ProductVersion : 5.2.3790.1230

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Windows User Mode Driver Manager

InternalName : WdfMgr

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : WdfMgr.exe

 

#:34 [hpotdd01.exe]

FilePath : C:\Program\Hewlett-Packard\Digital Imaging\bin ProcessID : 480

ThreadCreationTime : 2005-03-17 13:52:53

BasePriority : Normal

FileVersion : 1, 0, 0, 1

ProductVersion : 1, 0, 0, 1

ProductName : Hewlett-Packard hpotdd01

CompanyName : Hewlett-Packard

FileDescription : hpotdd01

InternalName : hpotdd01

LegalCopyright : Copyright © 2002

OriginalFilename : hpotdd01.exe

 

#:35 [hposol08.exe]

FilePath : C:\Program\Hewlett-Packard\Digital Imaging\bin ProcessID : 600

ThreadCreationTime : 2005-03-17 13:52:53

BasePriority : Normal

FileVersion : 4.2.0.020

ProductVersion : 2.4.1.020

ProductName : hp digital imaging - hp all-in-one series

CompanyName : Hewlett-Packard Co.

FileDescription : HP OfficeJet COM Device Objects

InternalName : HPOSOL08

LegalCopyright : Copyright © Hewlett-Packard Co. 1995-2001

OriginalFilename : HPOSOL08.EXE

Comments : HP OfficeJet <Solar> Series COM Device Objects

 

#:36 [rtlwake.exe]

FilePath : C:\Program\Belkin Corporation\Belkin Wireless Network Monitor Utility and Driver ProcessID : 344

ThreadCreationTime : 2005-03-17 13:52:54

BasePriority : Normal

FileVersion : 1, 0, 0, 1

ProductVersion : 1, 0, 0, 1

ProductName : RtlWake Application

FileDescription : RtlWake MFC Application

InternalName : RtlWake

LegalCopyright : Copyright © 2003

OriginalFilename : RtlWake.EXE

 

#:37 [hpoevm08.exe]

FilePath : C:\Program\Hewlett-Packard\Digital Imaging\bin ProcessID : 2044

ThreadCreationTime : 2005-03-17 13:53:10

BasePriority : Normal

FileVersion : 4.2.0.020

ProductVersion : 2.4.1.020

ProductName : hp digital imaging - hp all-in-one series

CompanyName : Hewlett-Packard Co.

FileDescription : HP OfficeJet COM Event Manager

InternalName : HPOEVM08

LegalCopyright : Copyright © Hewlett-Packard Co. 1995-2001

OriginalFilename : HPOEVM08.EXE

Comments : HP OfficeJet COM Event Manager

 

#:38 [ipodservice.exe]

FilePath : D:\bin ProcessID : 2868

ThreadCreationTime : 2005-03-17 13:53:49

BasePriority : Normal

FileVersion : 4.7.1.30

ProductVersion : 4.7.1.30

ProductName : iTunes

CompanyName : Apple Computer, Inc.

FileDescription : iPodService Module

InternalName : iPodService

LegalCopyright : © 2003-2004 Apple Computer, Inc. All Rights Reserved.

OriginalFilename : iPodService.exe

 

#:39 [hposts08.exe]

FilePath : C:\Program\Hewlett-Packard\Digital Imaging\Bin ProcessID : 3136

ThreadCreationTime : 2005-03-17 13:53:56

BasePriority : Normal

FileVersion : 4.2.0.020

ProductVersion : 2.4.1.020

ProductName : hp digital imaging - hp all-in-one series

CompanyName : Hewlett-Packard Co.

FileDescription : HP OfficeJet Status

InternalName : HPOSTS08

LegalCopyright : Copyright © Hewlett-Packard Co. 1995-2001

OriginalFilename : HPOSTS08.EXE

Comments : HP OfficeJet Status

 

#:40 [alg.exe]

FilePath : C:\WINDOWS\System32 ProcessID : 2268

ThreadCreationTime : 2005-03-17 13:54:51

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Application Layer Gateway Service

InternalName : ALG.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : ALG.exe

 

#:41 [spybotsd.exe]

FilePath : C:\Program\Spybot - Search & Destroy ProcessID : 3656

ThreadCreationTime : 2005-03-17 13:58:53

BasePriority : Normal

FileVersion : 1, 3, 0, 12

ProductVersion : 1, 3, 0, 12

ProductName : SpyBot-S&D

CompanyName : Safer Networking Limited

FileDescription : Spybot - Search & Destroy

InternalName : SpybotSD

LegalCopyright : © 2000-2004 Patrick M. Kolla / Safer Networking Limited. Alle Rechte vorbehalten.

LegalTrademarks : "Spybot" und "Spybot - Search & Destroy" sind registrierte Warenzeichen.

OriginalFilename : SpyBotSD.exe

Comments : Software zum Entfernen von Spyware und ähnlichen Bedrohungen.

 

#:42 [ad-aware.exe]

FilePath : C:\Program\Lavasoft\Ad-Aware SE Personal ProcessID : 2884

ThreadCreationTime : 2005-03-17 14:01:18

BasePriority : Normal

FileVersion : 6.2.0.206

ProductVersion : VI.Second Edition

ProductName : Lavasoft Ad-Aware SE

CompanyName : Lavasoft Sweden

FileDescription : Ad-Aware SE Core application

InternalName : Ad-Aware.exe

LegalCopyright : Copyright © Lavasoft Sweden

OriginalFilename : Ad-Aware.exe

Comments : All Rights Reserved

 

Memory scan result:

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

New critical objects: 0

Objects found so far: 33

 

 

Started registry scan

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

Registry Scan result:

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

New critical objects: 0

Objects found so far: 33

 

 

Started deep registry scan

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

Deep registry scan result:

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

New critical objects: 0

Objects found so far: 33

 

 

Started Tracking Cookie scan

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

 

Tracking cookie scan result:

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

New critical objects: 0

Objects found so far: 33

 

 

 

Deep scanning and examining files (C:)

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

Disk Scan Result for C:»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

New critical objects: 0

Objects found so far: 33

 

 

Deep scanning and examining files (D:)

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

Disk Scan Result for D:»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

New critical objects: 0

Objects found so far: 33

 

 

Deep scanning and examining files (E:)

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

Disk Scan Result for E:»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

New critical objects: 0

Objects found so far: 33

 

 

Scanning Hosts file......

Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

Hosts file scan result:

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

1 entries scanned.

New critical objects:0

Objects found so far: 33

 

 

 

 

Performing conditional scans...

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

Conditional scan result:

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

New critical objects: 0

Objects found so far: 33

 

15:21:13 Scan Complete

 

Summary Of This Scan

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Total scanning time:00:19:32.55

Objects scanned:154885

Objects identified:0

Objects ignored:0

New critical objects:0

 

[/log]

 

hijackthis. [log]Logfile of HijackThis v1.99.1

Scan saved at 15:24:11, on 2005-03-17

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program\Delade filer\Symantec Shared\ccSetMgr.exe

C:\Program\Delade filer\Symantec Shared\SNDSrvc.exe

C:\Program\Delade filer\Symantec Shared\SPBBC\SPBBCSvc.exe

C:\Program\Delade filer\Symantec Shared\ccEvtMgr.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Program\CA\SharedComponents\CA_LIC\LogWatNT.exe

C:\Program\Norton AntiVirus\navapsvc.exe

C:\Program\Norton AntiVirus\IWP\NPFMntor.exe

C:\Program\Norton SystemWorks\Norton Utilities\NPROTECT.EXE

C:\Program\NORTON~1\SPEEDD~1\nopdb.exe

C:\Program\Synaptics\SynTP\SynTPLpr.exe

C:\Program\Synaptics\SynTP\SynTPEnh.exe

C:\Program\QuickTime\qttask.exe

C:\Program\Delade filer\Real\Update_OB\realsched.exe

D:\iTunesHelper.exe

C:\Program\Delade filer\Symantec Shared\ccApp.exe

C:\WINDOWS\System32\svchost.exe

C:\Program\Java\jre1.5.0_01\bin\jusched.exe

C:\Program\Delade filer\Symantec Shared\CCPD-LC\symlcsvc.exe

C:\WINDOWS\system32\sistray.EXE

C:\WINDOWS\system32\khooker.exe

C:\Program\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe

C:\Program\Hewlett-Packard\Digital Imaging\bin\hposol08.exe

C:\Program\Belkin Corporation\Belkin Wireless Network Monitor Utility and Driver\RtlWake.exe

C:\Program\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe

D:\bin\iPodService.exe

C:\Program\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe

C:\Program\Spybot - Search & Destroy\SpybotSD.exe

C:\Program\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe

C:\Program\Internet Explorer\iexplore.exe

E:\Anti-spyware\Hijack this\HijackThis.exe

C:\Program\Messenger\msmsgs.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.se

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.toothpastefordinner.com/'>http://www.toothpastefordinner.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.se

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.toothpastefordinner.com/

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program\google\googletoolbar2.dll

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program\google\googletoolbar2.dll

O4 - HKLM\..\Run: [synTPLpr] C:\Program\Synaptics\SynTP\SynTPLpr.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Program\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [TkBellExe] "C:\Program\Delade filer\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [iTunesHelper] D:\iTunesHelper.exe

O4 - HKLM\..\Run: [ccApp] "C:\Program\Delade filer\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\Program\SYMNET~1\SNDMon.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program\Java\jre1.5.0_01\bin\jusched.exe

O4 - HKLM\..\Run: [siS Tray] C:\WINDOWS\system32\sistray.EXE

O4 - HKLM\..\Run: [siS KHooker] C:\WINDOWS\system32\khooker.exe

O4 - Global Startup: hpoddt01.exe.lnk = ?

O4 - Global Startup: officejet 6100.lnk = ?

O4 - Global Startup: RtlWake.lnk = ?

O8 - Extra context menu item: &Google Search - res://c:\program\google\GoogleToolbar2.dll/cmsearch.html

O8 - Extra context menu item: Backward Links - res://c:\program\google\GoogleToolbar2.dll/cmbacklinks.html

O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program\google\GoogleToolbar2.dll/cmcache.html

O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~3\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Similar Pages - res://c:\program\google\GoogleToolbar2.dll/cmsimilar.html

O8 - Extra context menu item: Translate into English - res://c:\program\google\GoogleToolbar2.dll/cmtrans.html

O9 - Extra button: Expekt.com Poker - {3852AC86-965F-4abe-A75F-3DCB7E81A4B2} - C:\Program\expektMPP\MPPoker.exe

O9 - Extra button: Referensinformation - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program\MICROS~3\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O12 - Plugin for .spop: C:\Program\Internet Explorer\Plugins\NPDocBox.dll

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab

O23 - Service: CA License Client (CA_LIC_CLNT) - Computer Associates - C:\Program\CA\SharedComponents\CA_LIC\lic98rmt.exe

O23 - Service: CA License Server (CA_LIC_SRVR) - Computer Associates - C:\Program\CA\SharedComponents\CA_LIC\lic98rmtd.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccPwdSvc.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccSetMgr.exe

O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - D:\bin\iPodService.exe

O23 - Service: Event Log Watch (LogWatch) - Computer Associates - C:\Program\CA\SharedComponents\CA_LIC\LogWatNT.exe

O23 - Service: Norton AntiVirus Auto Protect-tjänst (navapsvc) - Symantec Corporation - C:\Program\Norton AntiVirus\navapsvc.exe

O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program\Norton AntiVirus\IWP\NPFMntor.exe

O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program\Norton SystemWorks\Norton Utilities\NPROTECT.EXE

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: SAVScan - Symantec Corporation - C:\Program\Norton AntiVirus\SAVScan.exe

O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\Program\DELADE~1\SYMANT~1\SCRIPT~1\SBServ.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\SNDSrvc.exe

O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\SPBBC\SPBBCSvc.exe

O23 - Service: Speed Disk service - Symantec Corporation - C:\Program\NORTON~1\SPEEDD~1\nopdb.exe

O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\CCPD-LC\symlcsvc.exe

O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\Security Center\SymWSC.exe

 

[/log]

 

över till limewire 4.4.1 -det ligger i kontrollpanelen, i listan lägg till/ta bort program. när man klickar på "ta bort", säger den att det är ett avinstallationsfel som inträffat och så frågar den om man vill ta bort programmet från listan bara. men det hjälper ju inte att man tar bort det från listan..?

tack för att du tar dig tid!

 

[Cecilia]

Spybot: DSO Exploits inget att bry sig om. Det finns en programfix att ladda ner om du vill slippa rapporteringen.

 

Ad-aware: Har bara hittat att du har program som håller reda på vilka filer du har använt i programmen förut (så kallad MRU lista), t ex vilka filer du har jobbat med i Paint. Är inget att bry sig om på en dator man har hemma.

 

HijackThis: Ser inget konstigt i den längre.

 

Limewire: Ta bort den från listan i Kontrollpanelen-Lägg till/ta bort och sedan letar du upp mappen där filerna ligger och tar bort den, det är nog så mycket som går när inte avinstallationsprogrammet fungerar.

Mappen borde ligga under C:\Program eller C:\Program Files och heta limewire och/eller limeshop.

Titta också i C:\Common Files och C:\Delade Filer.

 

Det kan finnas kvar någon mindre enstaka fil under C:\Windows efter det men det gör nog inte så mycket. Dessutom några registernycklar, om du tycker det är viktigt så finns det registerstädningsprogram som man kan använda. Man ska nog ta Microsoft angivelse av storlek med en nypa salt också.

 

[znej]

Att det står 490 mb utrymme i lägg till ta bort program, kan det betyda att du har hämtat hem så mycket med Limewire? Har för mig att även andra fildelningsprogram har den utformningen men jag kommer inte ihåg något exempel just nu. Jag har i alla fall stött på det med ett fildelningsprogram.

 

Om det är 490 mb som du har laddat ner så bör det finnas i någon mapp där Limewire är installerad (i program-mappen). Mapp med nerladdade filer brukar kallas för Downloaded files eller liknande. Det ska försvinna om du bestämmer dig för att radera manuellt som Cecilia tipsat om.

 

Du kan också prova att installera om Limewire över den gamla installationen och sedan prova lägg till ta bort program. Men gör bara det om du har den gamla installationsfilen 4.41 kvar. Nya versionen heter 4.8 och det är nog inte så bra att försöka installera över gammal installation med den.

 

[sussrufs_]

okej, då verkar läget vara under kontroll. tack!

 

men min dator är fortfarande slö.. kan det bero på för lite utrymme?

lediga utrymmen i % följer här.

 

C: 14 %

D: 63%

E: 74%

 

eller har du andra förslag på vad det kan bero på?

 

[sussrufs_]

ja, det kan nog stämma med siffrorna där. trodde inte att det klassades som limewire-grejer längre bara. jag slängde över låtarna på min ipod, för att sedan lägga in dom på nytt på datorn igen.

 

är inte så pepp på att installera ett nytt limewire, det ska till mkt för att jag gör det..

 

[znej]

Menar du att det var spyware i själva programmet Limewire? Det ska ju vara fritt från sådant enligt deras sajt.

 

Jag har testat Limewire men det var säkert två år sen.

 

Gör då så att du tar bort mappen med Limewire och eventuellt gör en sökning efter filer och mappar med ordet Limewire. Skulle tro att det är installerat endast i program-mappen (+ en del skit i registret förstås).

 

Sedan kan du ju köra ett program för att rensa registret som Cecilia tipsade om.

 

Du kan hämta testversion av Registry Mechanic som är bra. Det tar i alla fall inte bort för mycket. Jag har kört senaste versionen och tagit bort allt som rekommenderats under minst 10 sökningar/körningar, inga problem. Kör full scan.

 

Jag tror att det är 30 dagars testversion.

 

http://www.pctools.com/registry-mechanic/download/

 

eller hämta filen direkt här

 

http://dw.com.com/redir?pid=10309788&merid=6257086&mfgid=6257086&lop=link&edId=3&siteId=4&oId=3002-2094_4-10309788&ontId=2094&destUrl=http%3A%2F%2Fwww.pctools.com%2Fdownloads%2Fdownload.com%2Frminstall.exe

 

 

 

 

 

[inlägget ändrat 2005-03-17 20:22:47 av znej]

[Cecilia]

men min dator är fortfarande slö

Man brukar säga att 10% ledigt ska räcka. Du kanske behöver defragmentera disken/diskarna.

C: - Egenskaper - Verktyg - Defragmentering

 

Du har rätt mycket program/processer igång. I Aktivitetshanteraren fliken Prestanda så kan du se om hur mycket Tillgängligt Fysiskt minne du har, om det är nära 0 så kan det förbättra prestandan om du köper mer minne.