Cpu usage 99% by svchosts.exe (verkkopalvelu) auttakaa mua???

täs ois toi hjt logi jos löytyy kiinnostusta auttaa kun toi menee aina itsekseen päälle ja aina jo käynnistyksessä välillä se menee pois ja sen voi lopettaa prosessien hallinnasta.

Logfile of HijackThis v1.99.1
Scan saved at 17:50:07, on 29.12.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\F-Secure Internet Security\Common\FSM32.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\PROGRA~1\F-SECU~1\backweb\4476822\Program\SERVIC~1.EXE
C:\Program Files\F-Secure Internet Security\Anti-Virus\fsgk32st.exe
C:\Program Files\F-Secure Internet Security\Anti-Virus\FSGK32.EXE
C:\Program Files\F-Secure Internet Security\backweb\4476822\program\fsbwsys.exe
C:\Program Files\F-Secure Internet Security\Anti-Virus\fssm32.exe
C:\Program Files\F-Secure Internet Security\Common\FSMA32.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\F-Secure Internet Security\Common\FSMB32.EXE
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\F-Secure Internet Security\Common\FCH32.EXE
C:\Program Files\F-Secure Internet Security\backweb\4476822\Program\fspex.exe
C:\Program Files\F-Secure Internet Security\Common\FAMEH32.EXE
C:\Program Files\F-Secure Internet Security\Anti-Virus\fsqh.exe
C:\Program Files\F-Secure Internet Security\Anti-Virus\fsrw.exe
C:\Program Files\F-Secure Internet Security\FSPC\fspc.exe
C:\Program Files\F-Secure Internet Security\Anti-Virus\fsav32.exe
C:\Program Files\F-Secure Internet Security\FWES\Program\fsdfwd.exe
C:\PROGRA~1\F-SECU~1\ANTI-S~1\fsaw.exe
C:\Program Files\F-Secure Internet Security\FSGUI\fsguidll.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\hp\KBD\kbd.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.co.uk/0SEENWW/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.phnet.fi:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.fi; .fi
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure Internet Security\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure Internet Security\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\F-Secure Internet Security\FSGUI\FSSW.EXE" /reboot
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - Global Startup: F-Secure 2006.lnk = C:\Program Files\F-Secure Internet Security\backweb\4476822\Program\fspex.exe
O8 - Extra context menu item: &Estä tämä kohoikkuna - C:\Program Files\F-Secure Internet Security\Anti-Spyware\blockpopups.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\npjpi150_10.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\npjpi150_10.dll
O9 - Extra button: Web-suodatin - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\F-Secure Internet Security\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\F-Secure Internet Security\FSPC\fspcmsie.dll
O9 - Extra 'Tools' menuitem: Web-suodatin - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\F-Secure Internet Security\FSPC\fspcmsie.dll
O9 - Extra button: IE-suojaus - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\F-Secure Internet Security\Anti-Spyware\ieshield.dll
O9 - Extra 'Tools' menuitem: IE-suojaus... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\F-Secure Internet Security\Anti-Spyware\ieshield.dll
O9 - Extra button: Yhteysohje - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Yhteysohje - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Broken Internet access because of LSP provider 'winsflt.dll' missing
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1155994160968
O16 - DPF: {74CD40EA-EF77-4BAD-808A-B5982DA73F20} - http://yax-download.yazzle.net/YazzleActiveX.cab?refid=1162
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: winauq32 - winauq32.dll (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: F-Secure 2006 (BackWeb Plug-in - 4476822) - F-Secure Internet Security 2005 - C:\PROGRA~1\F-SECU~1\backweb\4476822\Program\SERVIC~1.EXE
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\Anti-Virus\fsgk32st.exe
O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\F-Secure Internet Security\backweb\4476822\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure HTTP Server (fshttps) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\FSPC\fshttps\fshttps.exe
O23 - Service: FSMA - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\Common\FSMA32.EXE
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

tossa nyt ei näy se mikä vie sen 99 % kun ei se nyt oo taas päällä

 

täs ois tää uus missä on se svchost.exe(verkkopalvelu) päällä ja vie 99% prossun tehoja

Logfile of HijackThis v1.99.1
Scan saved at 20:10:15, on 29.12.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\F-Secure Internet Security\Common\FSM32.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\PROGRA~1\F-SECU~1\backweb\4476822\Program\SERVIC~1.EXE
C:\Program Files\F-Secure Internet Security\Anti-Virus\fsgk32st.exe
C:\Program Files\F-Secure Internet Security\backweb\4476822\program\fsbwsys.exe
C:\Program Files\F-Secure Internet Security\Anti-Virus\FSGK32.EXE
C:\Program Files\F-Secure Internet Security\Anti-Virus\fssm32.exe
C:\Program Files\F-Secure Internet Security\Common\FSMA32.EXE
C:\Program Files\F-Secure Internet Security\Common\FSMB32.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\F-Secure Internet Security\Common\FCH32.EXE
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\F-Secure Internet Security\backweb\4476822\Program\fspex.exe
C:\Program Files\F-Secure Internet Security\Common\FAMEH32.EXE
C:\Program Files\F-Secure Internet Security\Anti-Virus\fsqh.exe
C:\Program Files\F-Secure Internet Security\Anti-Virus\fsrw.exe
C:\Program Files\F-Secure Internet Security\FSPC\fspc.exe
C:\Program Files\F-Secure Internet Security\Anti-Virus\fsav32.exe
C:\Program Files\F-Secure Internet Security\FWES\Program\fsdfwd.exe
C:\PROGRA~1\F-SECU~1\ANTI-S~1\fsaw.exe
C:\Program Files\F-Secure Internet Security\FSGUI\fsguidll.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =

http://g.msn.co.uk/0SEENWW/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.phnet.fi:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.fi; .fi
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program

Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program

Files\Java\jre1.5.0_10\bin\ssv.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [HPHUPD08] c:\Program Files\HP\Digital

Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure Internet Security\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure Internet Security\TNB\TNBUtil.exe" /CHECKALL

/WAITFORSW
O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\F-Secure Internet Security\FSGUI\FSSW.EXE" /reboot
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - Global Startup: F-Secure 2006.lnk = C:\Program Files\F-Secure Internet

Security\backweb\4476822\Program\fspex.exe
O8 - Extra context menu item: &Estä tämä kohoikkuna - C:\Program Files\F-Secure Internet

Security\Anti-Spyware\blockpopups.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program

Files\Java\jre1.5.0_10\bin\npjpi150_10.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program

Files\Java\jre1.5.0_10\bin\npjpi150_10.dll
O9 - Extra button: Web-suodatin - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\F-Secure

Internet Security\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\F-Secure Internet

Security\FSPC\fspcmsie.dll
O9 - Extra 'Tools' menuitem: Web-suodatin - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program

Files\F-Secure Internet Security\FSPC\fspcmsie.dll
O9 - Extra button: IE-suojaus - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\F-Secure Internet

Security\Anti-Spyware\ieshield.dll
O9 - Extra 'Tools' menuitem: IE-suojaus... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program

Files\F-Secure Internet Security\Anti-Spyware\ieshield.dll
O9 - Extra button: Yhteysohje - {E2D4D26B-0180-43a4-B05F-462D6D54C789} -

C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Yhteysohje - {E2D4D26B-0180-43a4-B05F-462D6D54C789} -

C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network

Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} -

%windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

Files\Messenger\msmsgs.exe
O10 - Broken Internet access because of LSP provider 'winsflt.dll' missing
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) -

http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) -

http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -

http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} -

http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) -

http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) -

http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -

http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1155994160968
O16 - DPF: {74CD40EA-EF77-4BAD-808A-B5982DA73F20} -

http://yax-download.yazzle.net/YazzleActiveX.cab?refid=1162
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) -

https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file

missing)
O20 - Winlogon Notify: winauq32 - winauq32.dll (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Unknown owner - C:\Program

Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: F-Secure 2006 (BackWeb Plug-in - 4476822) - F-Secure Internet Security 2005 -

C:\PROGRA~1\F-SECU~1\backweb\4476822\Program\SERVIC~1.EXE
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\F-Secure

Internet Security\Anti-Virus\fsgk32st.exe
O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\F-Secure Internet

Security\backweb\4476822\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure

Internet Security\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure HTTP Server (fshttps) - F-Secure Corporation - C:\Program Files\F-Secure Internet

Security\FSPC\fshttps\fshttps.exe
O23 - Service: FSMA - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\Common\FSMA32.EXE
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec

Shared\CCPD-LC\symlcsvc.exe

 

Moi!

Tee uusi hjt-scannaus Do a System scan only
Sulje kaikki muut ikkunat ja selaimen.Merkkaa nämä rivit ja paina Fix checked

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O16 - DPF: {74CD40EA-EF77-4BAD-808A-B5982DA73F20} - http://yax-download.yazzle.net/YazzleActiveX.cab?refid=1162
O20 - Winlogon Notify: winauq32 - winauq32.dll (file missing)

Tallenna nämä ohjeet tekstitiedostoon tai tulosta nämä, muuten et pääse niihin käsiksi vikasietotilasta

Lataa AVG Anti-Spyware 7.5 ja tallenna ohjelma työpöydällesi.
[*]Kun olet ladannut ohjelman, kaksoisklikkaa asennuohjelman pikakuvaketta työpöydälläsi, asennus alkaa.
[*]Asennuksen jälkeen täytyy ohjelma käynnistää ja sen tunnisteet päivittää.
[*]Käynnistä AVG Anti-Spyware.
[*]Klikkaa "Update" kuvaketta päävalikossa. Sen jälkeen klikkaa "Update now" painiketta.
[*]Sitten klikkaa "Start Update" kuvaketta jolloin päivitys alkaa.

[*]Kun päivitykset on ladattu, klikkaa "Scanner" kuvaketta ikkunan ylälaidassa. Valitse sitten "Settings" välilehti.
[*]Kun "Settings" valikko on auennut, klikkaa "Recommended actions" ja sitten valitse "Quarantine".
[*]Sitten "Reports" valikon alta:
[*]Laita täppi kohtaan "Automatically generate report after every scan"
[*]Ota täppi pois kohdasta"Only if threats were found

[*]Sitten klikkaa "Shield" kuvaketta ikkunan ylälaidassa
[*]"Resident shield is", muuta tila active:sta inactive:ksi
[*]Sulje ohjelma, ÄLÄ skannaa vielä.
Käynnistä koneesi vikasietotilaan,
Ohje!



HUOM! Älä käytä muita ohjelmia AVG skannauksen aikana, tämä saattaa häiritä skannausta.
[*]Kun vikasietotilassa, käynnistä AVG Anti-Spyware.
[*]Klikkaa "Scanner" kuvaketta ikkunan ylälaidassa ja valitse "Scan" välilehti. Sitten klikkaa "Complete System Scan".
[*]AVG aloittaa nyt tietokoneen skannaamisen, ole kärsivällinen sillä skannaus vie aikaa.

Kun skannaus on valmis:
TÄRKEÄÄ : Älä klikkaa "Save Scan Report" ennen kuin klikkaat "Apply all Actions"
[*]Varmistu, että Set all elements to: näyttää Quarantine (1), jos ei, klikkaa linkkiä ja valitse Quarantine popup-valikosta.
[*]Sinulta kysytään mitä tehdä jos infektioita löytyi, valitse silloin "Apply all actions"

[*]Sitten klikkaa "Reports" kuvaketta ohjelma yläosasta.
[*]Klikkaa "Save report as" painiketta ikkunan vasemmassa alalaidassa ja tallenna raportti työpöydälle.
[*]Sulje ohjelma, käynnistä kone normaalisti ja lähetä AVG:n raportti viestikejuusi.

Lähetä uusi Hjt-loki ja Avg -raportti

 

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 20:22:42 31.12.2006

+ Scan result:



C:\System Volume Information\_restore{7BD41464-2CC7-4899-A278-DFE2F6B620D8}\RP376\A0052549.exe -> Adware.Maxifiles : Cleaned with backup (quarantined).
C:\Program Files\Digital Guitar Tuner\VVSNInst.exe -> Adware.SaveNow : Cleaned with backup (quarantined).
C:\Program Files\Common Files\{1C4A3C45-07C5-1035-1207-050505240166}\system.dll -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{7BD41464-2CC7-4899-A278-DFE2F6B620D8}\RP376\A0052585.exe -> Adware.Softomate : Cleaned with backup (quarantined).
H:\System Volume Information\_restore{7BD41464-2CC7-4899-A278-DFE2F6B620D8}\RP367\A0051985.exe -> Adware.Softomate : Cleaned with backup (quarantined).
H:\System Volume Information\_restore{7BD41464-2CC7-4899-A278-DFE2F6B620D8}\RP346\A0049615.exe -> Trojan.Proxcrak.A : Cleaned with backup (quarantined).


::Report end

tossa toi avg ja sit tässä tää hjt


Logfile of HijackThis v1.99.1
Scan saved at 20:31:20, on 31.12.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\F-Secure Internet Security\Common\FSM32.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\LClock\LClock.exe
C:\Program Files\VisualTooltip\VisualToolTip.exe
C:\Program Files\Styler\Styler.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\F-SECU~1\backweb\4476822\Program\SERVIC~1.EXE
C:\Program Files\F-Secure Internet Security\Anti-Virus\fsgk32st.exe
C:\Program Files\F-Secure Internet Security\Anti-Virus\FSGK32.EXE
C:\Program Files\F-Secure Internet Security\backweb\4476822\program\fsbwsys.exe
C:\Program Files\F-Secure Internet Security\Common\FSMA32.EXE
C:\Program Files\F-Secure Internet Security\Anti-Virus\fssm32.exe
C:\Program Files\F-Secure Internet Security\Common\FSMB32.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\F-Secure Internet Security\Common\FCH32.EXE
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\DOCUME~1\HP_OMI~1\LOCALS~1\Temp\{BD9E43AB-64BE-41B3-AEB3-D735812E9AF1}\Blaero Start Orb.exe
C:\Program Files\F-Secure Internet Security\Anti-Virus\fsqh.exe
C:\Program Files\F-Secure Internet Security\Common\FAMEH32.EXE
C:\DOCUME~1\HP_OMI~1\LOCALS~1\Temp\{3C6300A8-0F08-41E9-90CF-F287C6C9E7BF}\sidebar.exe
C:\Program Files\F-Secure Internet Security\Anti-Virus\fsrw.exe
C:\Program Files\F-Secure Internet Security\FSPC\fspc.exe
C:\Program Files\F-Secure Internet Security\backweb\4476822\Program\fspex.exe
C:\Program Files\hijackthis\HijackThis.exe
C:\Program Files\F-Secure Internet Security\Anti-Virus\fsav32.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\F-Secure Internet Security\FWES\Program\fsdfwd.exe
C:\PROGRA~1\F-SECU~1\ANTI-S~1\fsaw.exe
C:\Program Files\F-Secure Internet Security\FSGUI\fsguidll.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.co.uk/0SEENWW/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.phnet.fi:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.fi; .fi
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\Styler\TB\StylerTB.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure Internet Security\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure Internet Security\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\F-Secure Internet Security\FSGUI\FSSW.EXE" /reboot
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [LClock] C:\Program Files\LClock\LClock.exe
O4 - HKLM\..\Run: [Vista Sidebar] C:\Program Files\Vista Sidebar\sidebar.exe
O4 - HKLM\..\Run: [VisualTooltip] C:\Program Files\VisualTooltip\VisualToolTip.exe
O4 - HKLM\..\Run: [Blaero Start Orb] C:\Program Files\Blaero Start Orb\Blaero Start Orb.exe
O4 - HKLM\..\Run: [Styler] C:\Program Files\Styler\Styler.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: F-Secure 2006.lnk = C:\Program Files\F-Secure Internet Security\backweb\4476822\Program\fspex.exe
O8 - Extra context menu item: &Estä tämä kohoikkuna - C:\Program Files\F-Secure Internet Security\Anti-Spyware\blockpopups.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Web-suodatin - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\F-Secure Internet Security\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\F-Secure Internet Security\FSPC\fspcmsie.dll
O9 - Extra 'Tools' menuitem: Web-suodatin - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\F-Secure Internet Security\FSPC\fspcmsie.dll
O9 - Extra button: IE-suojaus - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\F-Secure Internet Security\Anti-Spyware\ieshield.dll
O9 - Extra 'Tools' menuitem: IE-suojaus... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\F-Secure Internet Security\Anti-Spyware\ieshield.dll
O9 - Extra button: Yhteysohje - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Yhteysohje - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Broken Internet access because of LSP provider 'winsflt.dll' missing
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1155994160968
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: F-Secure 2006 (BackWeb Plug-in - 4476822) - F-Secure Internet Security 2005 - C:\PROGRA~1\F-SECU~1\backweb\4476822\Program\SERVIC~1.EXE
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\Anti-Virus\fsgk32st.exe
O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\F-Secure Internet Security\backweb\4476822\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure HTTP Server (fshttps) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\FSPC\fshttps\fshttps.exe
O23 - Service: FSMA - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\Common\FSMA32.EXE
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

 

tein muutes kaiken ton paitsi sen ...local page... koska asensin ie7 niin ne hävis sillä pois hjt logista

 

Loki on puhdas.Ainoastaan norttonin jämä siellä vielä pyörii

Kirjoita seuraavat rivit muistiolla ja tallenna poista.bat (varmista, että tallennusmuoto on kaikki tiedostot) työpöydälle:

@echo off
sc stop "Symantec Core LC"
sc delete "Symantec Core LC"

Tuplaklikkaa poista.batia ajaaksesi sen.
Käynnistä kone uudelleen
Tämän jälkeen poista (tarvittaessa vikasietotilassa)

C:\Program Files\Common Files\Symantec Shared

Lähetä vielä uusi hjt-loki niin nähdään että se norttoni poistu

 

Logfile of HijackThis v1.99.1
Scan saved at 4:14:38, on 1.1.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\F-Secure Internet Security\Common\FSM32.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\LClock\LClock.exe
C:\Program Files\VisualTooltip\VisualToolTip.exe
C:\Program Files\Styler\Styler.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\F-SECU~1\backweb\4476822\Program\SERVIC~1.EXE
C:\Program Files\F-Secure Internet Security\Anti-Virus\fsgk32st.exe
C:\Program Files\F-Secure Internet Security\Anti-Virus\FSGK32.EXE
C:\Program Files\F-Secure Internet Security\backweb\4476822\program\fsbwsys.exe
C:\Program Files\F-Secure Internet Security\Common\FSMA32.EXE
C:\Program Files\F-Secure Internet Security\Anti-Virus\fssm32.exe
C:\Program Files\F-Secure Internet Security\Common\FSMB32.EXE
C:\WINDOWS\system32\svchost.exe
C:\DOCUME~1\HP_OMI~1\LOCALS~1\Temp\{D14B33A4-295D-4C1A-AA47-6BC9F9900D0B}\Blaero Start Orb.exe
C:\Program Files\F-Secure Internet Security\Common\FCH32.EXE
C:\Program Files\F-Secure Internet Security\backweb\4476822\Program\fspex.exe
C:\Program Files\F-Secure Internet Security\Common\FAMEH32.EXE
C:\Program Files\F-Secure Internet Security\Anti-Virus\fsqh.exe
C:\Program Files\F-Secure Internet Security\Anti-Virus\fsrw.exe
C:\Program Files\F-Secure Internet Security\FSPC\fspc.exe
C:\Program Files\hijackthis\HijackThis.exe
C:\Program Files\F-Secure Internet Security\Anti-Virus\fsav32.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\F-Secure Internet Security\FWES\Program\fsdfwd.exe
C:\PROGRA~1\F-SECU~1\ANTI-S~1\fsaw.exe
C:\Program Files\F-Secure Internet Security\FSGUI\fsguidll.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.co.uk/0SEENWW/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.phnet.fi:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.fi; .fi
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\Styler\TB\StylerTB.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure Internet Security\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure Internet Security\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\F-Secure Internet Security\FSGUI\FSSW.EXE" /reboot
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [LClock] C:\Program Files\LClock\LClock.exe
O4 - HKLM\..\Run: [Vista Sidebar] C:\Program Files\Vista Sidebar\sidebar.exe
O4 - HKLM\..\Run: [VisualTooltip] C:\Program Files\VisualTooltip\VisualToolTip.exe
O4 - HKLM\..\Run: [Blaero Start Orb] C:\Program Files\Blaero Start Orb\Blaero Start Orb.exe
O4 - HKLM\..\Run: [Styler] C:\Program Files\Styler\Styler.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: F-Secure 2006.lnk = C:\Program Files\F-Secure Internet Security\backweb\4476822\Program\fspex.exe
O8 - Extra context menu item: &Estä tämä kohoikkuna - C:\Program Files\F-Secure Internet Security\Anti-Spyware\blockpopups.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Web-suodatin - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\F-Secure Internet Security\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\F-Secure Internet Security\FSPC\fspcmsie.dll
O9 - Extra 'Tools' menuitem: Web-suodatin - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\F-Secure Internet Security\FSPC\fspcmsie.dll
O9 - Extra button: IE-suojaus - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\F-Secure Internet Security\Anti-Spyware\ieshield.dll
O9 - Extra 'Tools' menuitem: IE-suojaus... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\F-Secure Internet Security\Anti-Spyware\ieshield.dll
O9 - Extra button: Yhteysohje - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Yhteysohje - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Broken Internet access because of LSP provider 'winsflt.dll' missing
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1155994160968
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: F-Secure 2006 (BackWeb Plug-in - 4476822) - F-Secure Internet Security 2005 - C:\PROGRA~1\F-SECU~1\backweb\4476822\Program\SERVIC~1.EXE
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\Anti-Virus\fsgk32st.exe
O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\F-Secure Internet Security\backweb\4476822\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure HTTP Server (fshttps) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\FSPC\fshttps\fshttps.exe
O23 - Service: FSMA - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\Common\FSMA32.EXE
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

tossa mut silti vaan se svchost.exe(verkkopalv) vie alotuksessa jo 99% prossun tehoja ja välillä kun laitan ie tai mozillan päälle ni sit se vie taas sen

 

Moi! Vaikeeta sanoa mikä mättää tässä kuitenkin muutama idea:

Mene Ohjauspaneeli -> Verkkoyhteydet. Sitten klikkaa hiiren oikealla yhteyskuvaketta -> ominaisuudet. Valitse TCP/IP ja sitten ominaisuudet. Valitse "hae IP-osoite automaattisesti" ja klikkaa ok

Sitten käynnistä -> suorita
Kirjoita cmd ja klikkaa ok
Kirjoita ipconfig /flushdns , paina enter, kirjoita exit
ja paina enter

Jos ei toimi, mene käynnistä -> apuohjelmat -> komentorivi ja kirjoita ipconfig /flushdns sinne ja paina enter. Kirjoita exit ja enter
Käynnistä uudestaan


Ja sitten voisit asentaa Ccleaneri,ottaa muut roskat pois
Asenna Ccleaner!
Ccleaner puhdistaa väliaikaistiedostot ja puhdistaa rekisteriä.
Ccleaner latauslinkki!
Cleaner opas!

 

voiskohan johtua siitä et ois 2 ohjelmaa päällekkäin tai sit jonkun ohjelman jäänteitä esim tässä hjt logissa 2 x toi C:\Program Files\ATI Technologies\ATI.ACE\cli.exe

Logfile of HijackThis v1.99.1
Scan saved at 20:31:20, on 31.12.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\F-Secure Internet Security\Common\FSM32.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\LClock\LClock.exe
C:\Program Files\VisualTooltip\VisualToolTip.exe
C:\Program Files\Styler\Styler.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\F-SECU~1\backweb\4476822\Program\SERVIC~1.EXE
C:\Program Files\F-Secure Internet Security\Anti-Virus\fsgk32st.exe
C:\Program Files\F-Secure Internet Security\Anti-Virus\FSGK32.EXE
C:\Program Files\F-Secure Internet Security\backweb\4476822\program\fsbwsys.exe
C:\Program Files\F-Secure Internet Security\Common\FSMA32.EXE
C:\Program Files\F-Secure Internet Security\Anti-Virus\fssm32.exe
C:\Program Files\F-Secure Internet Security\Common\FSMB32.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\F-Secure Internet Security\Common\FCH32.EXE
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\DOCUME~1\HP_OMI~1\LOCALS~1\Temp\{BD9E43AB-64BE-41B3-AEB3-D735812E9AF1}\Blaero Start Orb.exe
C:\Program Files\F-Secure Internet Security\Anti-Virus\fsqh.exe
C:\Program Files\F-Secure Internet Security\Common\FAMEH32.EXE
C:\DOCUME~1\HP_OMI~1\LOCALS~1\Temp\{3C6300A8-0F08-41E9-90CF-F287C6C9E7BF}\sidebar.exe
C:\Program Files\F-Secure Internet Security\Anti-Virus\fsrw.exe
C:\Program Files\F-Secure Internet Security\FSPC\fspc.exe
C:\Program Files\F-Secure Internet Security\backweb\4476822\Program\fspex.exe
C:\Program Files\hijackthis\HijackThis.exe
C:\Program Files\F-Secure Internet Security\Anti-Virus\fsav32.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\F-Secure Internet Security\FWES\Program\fsdfwd.exe
C:\PROGRA~1\F-SECU~1\ANTI-S~1\fsaw.exe
C:\Program Files\F-Secure Internet Security\FSGUI\fsguidll.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.co.uk/0SEENWW/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.phnet.fi:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.fi; .fi
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\Styler\TB\StylerTB.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure Internet Security\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure Internet Security\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\F-Secure Internet Security\FSGUI\FSSW.EXE" /reboot
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [LClock] C:\Program Files\LClock\LClock.exe
O4 - HKLM\..\Run: [Vista Sidebar] C:\Program Files\Vista Sidebar\sidebar.exe
O4 - HKLM\..\Run: [VisualTooltip] C:\Program Files\VisualTooltip\VisualToolTip.exe
O4 - HKLM\..\Run: [Blaero Start Orb] C:\Program Files\Blaero Start Orb\Blaero Start Orb.exe
O4 - HKLM\..\Run: [Styler] C:\Program Files\Styler\Styler.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: F-Secure 2006.lnk = C:\Program Files\F-Secure Internet Security\backweb\4476822\Program\fspex.exe
O8 - Extra context menu item: &Estä tämä kohoikkuna - C:\Program Files\F-Secure Internet Security\Anti-Spyware\blockpopups.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Web-suodatin - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\F-Secure Internet Security\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\F-Secure Internet Security\FSPC\fspcmsie.dll
O9 - Extra 'Tools' menuitem: Web-suodatin - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\F-Secure Internet Security\FSPC\fspcmsie.dll
O9 - Extra button: IE-suojaus - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\F-Secure Internet Security\Anti-Spyware\ieshield.dll
O9 - Extra 'Tools' menuitem: IE-suojaus... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\F-Secure Internet Security\Anti-Spyware\ieshield.dll
O9 - Extra button: Yhteysohje - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Yhteysohje - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Broken Internet access because of LSP provider 'winsflt.dll' missing
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1155994160968
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: F-Secure 2006 (BackWeb Plug-in - 4476822) - F-Secure Internet Security 2005 - C:\PROGRA~1\F-SECU~1\backweb\4476822\Program\SERVIC~1.EXE
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\Anti-Virus\fsgk32st.exe
O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\F-Secure Internet Security\backweb\4476822\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure HTTP Server (fshttps) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\FSPC\fshttps\fshttps.exe
O23 - Service: FSMA - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\Common\FSMA32.EXE
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

niin ja tässä 1 linkki mikä viittaa kanssa tonne päin http://forums.windrivers.com/showthread.php?t=66685

 

niin huomasin just että mulla on toi 1349 yhteys 2 päällä et en tiiä tarvitseeko sen olla ja olen aikas varma että toi ongelma johtuu ati catalyst näyttiksen ajureista tää ongelma on aika monella hp koneen ja ati näyttiksen omavaalla.

 

niin ja sit vielä sellanen juttu et saan jotain perfnet hälytyksiä event logissa et siinä on punainen x sen kohdalla ja ajotuskin sopisi tähän kyseiseen ongelmaan se perfnet ja pun x tulee aina käynnistyksessä ja sit kun laitan vaikka mozillan päälle ja se tulee se 99 % svchots.exe päälle niin silloinkin on tää perfnet jos nyt ymmärrät kun vaikea selittää

 

kun näitä viestejä ei vissiin pysty muokkaamaan niin tässä viel 1 linkki jos jaksat katsoa et voisko liittyä asiaan niin ja mulla on ccleaner ja käytän sitä ad-awarea sun muita

 

Tapahtuman lajiVirhe
Tapahtuman lähdePerfNet
Tapahtuman luokkaEi mitään
Tunnus2004
Päivämäärä1.1.2007
Aika22:01:33
Käyttäjä -
TietokoneYOUR-B62381BA23
Kuvaus:
Palvelinpalvelua ei voi avata. Palvelimen resurssitietoja ei palauteta. Palautettu virhekoodi on ensimmäisessä DWORD-tavussa.

Lisätietoja ohjeissa: http://go.microsoft.com/fwlink/events.asp.
Tiedot:
0000: 34 00 00 c0 4..À

Tollanen on eventeissä aina kun se svchost.exe käyttää 99% prossun tehoja se vissiin yrittää päivittää jotain????

 

Moi!
Tuo C:\Program Files\ATI Technologies\ATI.ACE\cli.exe ei ole mitenkään tärkeä -->lue
Sen voi poistaa käynnistyksestä klikkaa käynnistä -->suorita -->kirjoita msconfig--->mene välilehteen Käynnistys-->
ota ruksi pois ATICCC edestä--->paina ok
Samlla voit poistaa käynnistyksestä muita turhia,riippuen tottakai mitä koneella teet.Seuraavat ovat suht turhia niitä voi käynnistää manuaalisesti tarvittaessa
HPHUPD08
ATIPTA
HP Software Update
ISUSPM Startup
ISUSScheduler
NeroFilterCheck

ja noi vista jutu on itsestään kiinni haluaako että ne käynnistuu windowsin yhteydessä.Niitä pystyy laittaa takaisin päälle jos tuntuu että sammutti jotain tärkeetä kunhan ei koske F-securen juttuihin
Tästä voi tarkistaa ennen kun ottaa käynnistyksestä pois http://www.bleepingcomputer.com/startups/

ja tuo perfnet... laillinen tiedosto sijaitsee c:\windows\system32\dllcache\perfnet.dll jos muualla niin voi olla örkki
ja jos kyseessä on perfnet.exe niin se pahis ja pitäis lymyillä Windows/system32 kansiossa

 

MZ�   ÿÿ ¸ @ Ø º ´ Í!¸
LÍ!This program cannot be run in DOS mode.$ s]Â�7<¬Î7<¬Î7<¬Î7<­Î(<¬Î͵Î0<¬ÎÍ“Î6<¬Î éÎ6<¬Îí°Î><¬ÎÍ‘Î6<¬ÎRich7<¬Î PE L
 ùѽ; à !
  & ¯  0 Í^   


€  dp       ' � $ P P @ p <
€  p L  | .text �    `.data P 0   @ À.rsrc @ P  . @ @.reloc ´
p  @ @ Bà};( þ};2
à};( ðн;? ntdll.dll KERNEL32.dll ADVAPI32.dll °ÜwkÜweÜwšÜw�¼Üw¹jÞw ñ~çwèwŒçwo)çwý¥çw&ÇçwnçwÃçwøõw—õw}õw æ÷wCå÷wé‡õwßõ÷wóè÷wƒî÷w‡õ÷wõwóê÷w™%õw õw _…};   D D P e r f N e t \Device\LanmanServer B l o c k i n g Q u e u e \ D e v i c e \ L a n m a n R e d i r e c t o r I_BrowserQueryStatistics N e t A p i 3 2 . D l l G l o b a l F o r e i g n C o s t l y T o t a l I n s t a n c e N a m e _ T o t a l E v e n t L o g L e v e l S O F T W A R E \ M i c r o s o f t \ W i n d o w s N T \ C u r r e n t V e r s i o n \ P e r f l i b NB10 _…};
perfnet.pdb ƒ=ì@Í^ uj j
j ÿ0Í^…À£ì@Í^tƒ=è@Í^ uhœÍ^èô £è@Í^3À@ U‹ìQSV3ö3Û95ô@Í^‰uüuXW‹}Wè& ;ƉEütC‰uüWèÌ ;ƉEütC‰uüWèÞ ;ƉEütC‰uüWè5 ;ƉEü_tC‰uüƒûsÇð@Í^
ÿô@Í^‹Eü^[ÉÂ �EüPVjVVhè €Vj
ÿ5è@Í^ÿÍ^ëØU‹ìƒìS3ÛW3ÿ9ð@Í^‰]ô‰}üu89ø@Í^uSSSSShé ÀSj
ÿ5è@Í^ÿÍ^£ø@Í^‹E‰‹E‰‰]ôé˜ VÿuèÈ Ht0HtH‰]üë.3öÿuÿ¶ @Í^è; …Àt¾¤@Í^ƒÆƒþ@rà‰}üëÇEü ‹}‹u‰‹‰Eø‰E‰‹Eü…ƒ¤@Í^t/ƒeð �EðP�EøPÿuÿ“¬@Í^…À‰Eôu‹Eð
‹Eø
)E‹E‰EøƒÃƒû@r¾^‹Eô_[É ƒ=ô@Í^ v
ÿ
ô@Í^ƒ=ô@Í^ uèM è. è¸
è
3Àáô@Í^…Àtƒø
v
Çô@Í^
è´ÿÿÿƒ%ô@Í^ ¡ì@Í^…ÀtPÿ4Í^ƒ%ì@Í^ ƒ=è@Í^ tèŸ
ƒ%è@Í^ 3À@ ÿt$ÿ8Í^‹D$ƒè tHt3À@ëÿt$è�ýÿÿë ÿt$è{ÿÿÿÂ U‹ìƒì4Vh¬Í^�EìPÿdÍ^j
�EìP�Eô3öP‰uøÿhÍ^;ƉEü|?j �EôV‰EÔ�EäP�EÌPh  h(AÍ^ÇEÌ ‰uÐÇEØ@ ‰u܉uàÿlÍ^;ƉEü})�EüPVjVVhÔ ÀVj
ÿ5è@Í^‰5(AÍ^‰5à@Í^ÿÍ^9uø^t
�EôPÿpÍ^ÿuüÿtÍ^É j j,hü@Í^j ÿ`Í^…À}Æ$AÍ^ ¾$AÍ^@�@ÁàPjÿ5ì@Í^£0AÍ^ÿ<Í^…À£,AÍ^u!à@Í^3À U�l$”�ì¼ S3Û9(AÍ^u3Àë‹Ex�8Ð s¸ê ‹Mx‰‹M|‰éf
‹Et‹ VWh ‹ø¹
¾ 0Í^ó¥�°P ‰Eh�E°PSSh
�E`PSSSÇ€ ÿ5(AÍ^ÿ\Í^;ÃŒ¶ ‹E¸EÀ‹M¼MĉF‰N‹E¸‰F‹E¼‰F‹EÀ‰F‹EĉF‹ẺF ‹EЉF$‹EÔ‰F(‹E؉F,‹E܉F0‹Eà‰F4‹Eä‰F8‹Eè‰F<‹Eì‰F@‹Eð‰FD‹Eô‰FH‹Eø‰FL‹Eü‰FP‹E ‰FT‹E‰FX‹E‰F\‹E‰F`‹E‰Fd‹E‰Fh‹E‰Fl‹E(‰Fp‹EȉFx‹EȉFtë;‰EP‹E`‰ET‹Ed‰EX�EPPSjSShÕ ÀSj
ÿ5è@Í^ÿÍ^j Y3À‹þó«Ç€ ‹Mt�†€ +uh‰
‹Ex�Æ€ ‰0‹E|_Ç
3À^[ƒÅlÉÂ U‹ìƒìPS3Û9à@Í^VWu3À‹M‰‹M‰é¾ ‹E�8p ‚( ÿ50AÍ^‹Eÿ5,AÍ^‹8SShH
¹º ¾P4Í^�E°‰}ðó¥‰Eì�EàPSSSÿ5(AÍ^f‰]èfÇEê ÿ\Í^;ÃŒ% ‹}ð�Çè 3ö8$AÍ^ÇEøè ŽŽ
‰]ô‹E�Eø� ‹ ;Eø‚
�EèPj
VÿTÍ^ÿuì�EüjÿSSPWè6 ‹EüÇ p ‹Uü‹Mô¡,AÍ^Á‹‰J‹H‹Uü‰J‹H‹Uü‰J‹H‹Uü‰J‹H‹Uü‰J‹H‹Uü‰J‹H‹Uü‰J‹H ‹Uü‰J ‹H$‹Uü‰J$‹Mü‹Ñ‹z ‰y0‹J$‹Uü‰J4‹H(‹Uü‰J(‹H,‹Uü‰J,‹Uü�J0‹R(
‹Uü‹R,Q‹H0‹Uü‰J8‹H4‹Uü‰J<‹Mü‹Ñ‹z8‰y`‹J<‹Uü‰Jd‹H8‹Uü‰J@‹H<‹Uü‰JD‹Mü‹Ñ‹z@‰yX‹JD‹Uü‰J\‹H@‹Uü‰JH‹HD‹Uü‰JL‹Uü�J`‹RH
‹Uü‹RLQ‹HH‹Uü‰JP‹HL‹Uü‰JT‹Uü�JX‹RP
‹Uü‹RTQ‹@X‹MüƒEô`‰Ah‹Eü�xp¾$AÍ^F;ðŒuþÿÿhÄÍ^�EèPÿXÍ^·Eè‹MøƒÀ ƒàø�„ˆ ‹M9
s
¸ê é°ýÿÿÿuì�EüjÿSSPWè™ ‹EüÇ p ‹Uü�vÁà,AÍ^‹‰J‹H‹Uü‰J‹H‹Uü‰J‹Mü‰Y‹Mü‰Y‹Mü‰Y‹Mü‰Y‹H ‹Uü‰J ‹H$‹Uü‰J$‹Mü‹Ñ‹z ‰y0‹J$‹Uü‰J4‹H(‹Uü‰J(‹H,‹Uü‰J,‹Uü�J0‹R(
‹Uü‹R,Q‹Mü‰Y8‹Mü‰Y<‹H8‹Uü‰J@‹H<‹Uü‰JD‹Mü‹Ñ‹z@‰yX‹JD‹Uü‰J\‹Mü‰YH‹Mü‰YL‹HH‹Uü‰JP‹HL‹Uü‰JT‹Uü�JX‹RP
‹Uü‹RTQ‹Mü‹Uð‰Y`‹Mü‰Yd‹@X‹Mü‰Ah‹MüƒÁpF‹Á+‰‰r(‹U‰‹E‰‹EÇ
ë6‰EЋEà‰EÔ‹Eä‰EØ�EÐPSjSShÖ ÀSj
ÿ5è@Í^ÿÍ^‹E‰‹E‰3À_^[ÉÂ ¡(AÍ^…ÀtPÿPÍ^ƒ%(AÍ^ 3ÀË
ì@Í^…Ét¡,AÍ^…ÀtPj Qÿ@Í^ƒ%,AÍ^ 3ÀÃU‹ìƒì,VhäÍ^�EôPÿXÍ^3öVVj jjh€ �EôV‰EÜ�EìP�EÔPh  h4AÍ^ÇEÔ ‰uØÇEà@ ‰uä‰uèÿLÍ^;ƉEü}�EüPVjVVhÒ ÀVj
ÿ5è@Í^ÿÍ^ÿuüÿtÍ^^É U‹ì�ìè 3Ò94AÍ^‰Uüu3Àë‹E�8à s¸ê ‹M‰‹M‰é„ ‹E‹ SVW‹ø¹‚
¾87Í^ó¥�° ‰Eø»Ø S�… ÿÿÿPRRhÐ
 �…ÿÿÿPRRR‰ÿ54AÍ^ÿ\Í^3É;Á‰EüŒá
‹…Xÿÿÿ…(ÿÿÿ‹�\ÿÿÿ�,ÿÿÿ‰F‰N‹E�‹M¤ȉN‹…`ÿÿÿ…0ÿÿÿ‹�dÿÿÿ�4ÿÿÿ‰F‰N‹…(ÿÿÿ‰F ‹…,ÿÿÿ‰F$‹…0ÿÿÿ‰F(‹…4ÿÿÿ‰F,‹…8ÿÿÿ‰F0‹…<ÿÿÿ‰F4‹…@ÿÿÿ‰F8‹…Dÿÿÿ‰F<‹…Hÿÿÿ‰F@‹…Lÿÿÿ‰FD‹…Pÿÿÿ‰FH‹…Tÿÿÿ‰FL‹…Xÿÿÿ‰FP‹…\ÿÿÿ‰FT‹…`ÿÿÿ‰FX‹…dÿÿÿ‰F\‹…hÿÿÿ‰F`‹…lÿÿÿ‰Fd‹…pÿÿÿ‰Fh‹…tÿÿÿ‰Fl‹…xÿÿÿ‰Fp‹…|ÿÿÿ‰Ft‹E€‰Fx‹E„‰F|‹E�‰†€ ‹E”‰†„ ‹E˜‰†ˆ ‹Eœ‰†Œ ‹E ‰†� ‹E¤‰†” ‹E¨‰†˜ ‹E¬‰†œ ‹E°‰† ‹E´‰†¤ ‹E¸‰†¨ ‹E¼‰†¬ ‹EÀ‰†° ‹Eĉ†´ ‹Ẻ†¸ ‹EЉ†¼ ‹EÔ‰†À ‹E؉†Ä ‹E܉†È ‹Eà‰†Ì ‹E䉆Р‹Eð‰†Ô ë(�EüPQjQQhÓ ÀQj
ÿ5è@Í^ÿÍ^j6Y3À‹þ󫉋M�†Ø +uø‰
‹Eó‰0‹E_^Ç
3À[ÉÂ ¡4AÍ^…ÀtPÿPÍ^ƒ%4AÍ^ 3ÀÃU‹ìQQSVW‹=$Í^3ÛC3öS‰uüÿ×h4Í^‰Eø‰@AÍ^ÿ(Í^;Æ£<AÍ^tAƒøÿt<hÍ^Pÿ,Í^;Æ£8AÍ^uXÿDÍ^‰Eü�EüPVjVVhÑ ÀVSÿ5è@Í^ÿÍ^ë+ÿDÍ^‰Eü�EüPVjVVhÐ ÀVSÿ5è@Í^ÿÍ^‰58AÍ^‰5@AÍ^ÿuøÿ׋Eü_^[É U‹ìƒìh3Ò9@AÍ^�E˜‰Uü‰Eøu3Àë‹E�8È s¸ê ‹M‰‹M‰éJ
‹ES‹VW¹Ø ¾@=Í^‹ûó¥‹}øj3ÀYó«¡8AÍ^;Â�³` t�MøQRÿЉEü3ÒëÇEüA
À9UüŒ« jhX‰‹M ‰N‹M¤‰N‹M ‰N‹M¤‰N‹M¨‰N‹M¬‰N‹M¨
N‹M¬N‹M°‰N ‹M´‰N$‹M¸‰N(‹M¼‰N,‹MÀ‰N0‹MĉN4‹MÀ‹UÄÑU¼‰V8‹MȉN<‹M̉N@‹MЉND‹MÔ‰NH‹M؉NL‹M܉NP‹Mà‰NT‹Mä‰NX‹Mè‰N\‹Mð‰N`‹Mô‰Ndë398AÍ^t�EüPRjRRhÑ ÀRj
ÿ5è@Í^ÿÍ^jY3À‹þó«jhX‰‹U�Nh+óð‹E‰
‰0‹E_^Ç
3À[ÉÂ ¡<AÍ^…ÀtPÿ Í^ƒ%<AÍ^ ƒ%8AÍ^ 3ÀÃU‹ì�ì˜ VWjY¾ØÍ^�½hÿÿÿó¥f¥jY¾¸Í^�}Ôó¥3ö95LAÍ^u`�EüPh  V�…hÿÿÿPh €ÿÍ^;ÆÇEô u3�EôP�EøP�EðPV�EÔPÿuüÿÍ^ÿuü÷ØÀ÷Ð#Eø£LAÍ^ÿÍ^ë‰5LAÍ^¡è@Í^;ÆuÿuVÿÍ^;Æ£è@Í^tÿHAÍ^_^É ¡è@Í^…Àtÿ
HAÍ^uPÿ Í^ËL$…Étfƒ9 u3À@ëySVW¿PÍ^j‹Ñ+ùXf‹4f…ötf‹Ðf;Þufƒ: uç3À@ëI¿`Í^‹Ñ+ùf‹4f…ötf‹Ðf;Þu
fƒ: uçjë"¾pÍ^+ñf‹f…Òtf‹9Èf;úu fƒ9 uçjX_^[ U‹ìQQ‹ES3Û;É]øu3Àé™ VW3ö3ÿF‰E‹Æ‰uü‹Mf‹fƒú ujYëf…Òtöfƒú0sjëî3Éf¹9 f;ÊɃáAIt/ItIu?3Ûë;…Ût;}u ƒeü ‰uøë3Ûf…Òuƒeü ë‹Æ3ÿë…Àt3À‹Þ…Ût
·Ò�¿�|JЃEƒ}ü …{ÿÿÿ‹Eø_^[É U‹ìV‹uWVÿÍ^�L ‹E�Q‰‹U‰P‹U‰H‰P‹U‰P‹ÑÁéÇ@ �xó¥‹Ê‹Uƒáó¤‹�L
ƒáø‰
+È_‰3À^]Â ÌÌ $ ÿÿÿÿÿÿÿÿº% L p$ ÿÿÿÿÿÿÿÿp&  T$ ÿÿÿÿÿÿÿÿð&  Ø& È& ´& ¦& Ž& ~& d& V& F& 6& $& Ä% Ò% à% ü% & & ª% % „% l% Z% >% .% % % è$ Ð$ ºRtlNtStatusToDosError =RtlFreeUnicodeString ¿ NtOpenFile �
RtlAnsiStringToUnicodeString lRtlInitString ú NtQuerySystemInformation Ÿ NtFsControlFile mRtlInitUnicodeString €RtlIntegerToUnicodeString b NtClose n NtCreateFile ntdll.dll ñ
HeapCreate ó
HeapDestroy € DisableThreadLibraryCalls ï
HeapAlloc õ
HeapFree Z
GetLastError ‰
GetProcAddress 1LoadLibraryW ëSetErrorMode å FreeLibrary ŸlstrlenW KERNEL32.dll ReportEventA þ
RegisterEventSourceW È
RegCloseKey ì
RegQueryValueExW â
RegOpenKeyExW ¯ DeregisterEventSource ADVAPI32.dll Ú~}; F'
  (' 4' @' * 7 œ R' e' ~'
 PerfNet.dll CloseNetSvcsObject CollectNetSvcsObjectData OpenNetSvcsObject Ð P @ J
K
d  ÿÿÿÿ ( „
‹
üÿÿÿd A  ( 
M
üÿÿÿÈ A  ( 
O
üÿÿÿÈ A  ( T
U
È
 ( V
W
È
 $ ( X
Y
È
 ( ( Z
[
È
 , ( \
]
È
 0 ( ^
_
d
 4 ( `
a
È
 8 ( b
c
,

 < ( d
e
È A @ ( f
g
È A D ( h
i
ýÿÿÿd
 H ( j
k
d
 L ( :
m
d
 P ( n
o
È
 T ( : q
üÿÿÿ,

 X ( r
s
�
A \ ( t
u
üÿÿÿ,

 ` ( 8 w
üÿÿÿ,

 d ( x
y
�

 h ( z
{
üÿÿÿÈ
 l ( ”
•
ÿÿÿÿd A p ( ´ µ
d A t ( ì í
d
 x X è @   È  (   È
  (   È
  (   È
  (   È
  (   È
  (  ! È
  ( " # È
  ( 
% üÿÿÿÈ A ( ú
' üÿÿÿÈ A ( ( ( ) üÿÿÿÈ A 0 (
+ È A 8 ( , - üÿÿÿÈ A @ ( *
/ È A H ( 0 1 üÿÿÿÈ A P ( ü
3 üÿÿÿÈ A X ( 4 5 È A ` ( ”
•
È A h à  @ 

d % ÿÿÿÿ ( „
…
üÿÿÿd A  ( –
‡
d A  ( �
‘
ÿÿÿÿd A  ( 

üÿÿÿÈ A (


ÿÿÿÿÈ A ( ( 


üÿÿÿ,
A 0 ( 

üÿÿÿ,
A 8 ( 

üÿÿÿ,
A @ ( 

üÿÿÿd A H ( 

üÿÿÿÈ A P ( 

ÿÿÿÿÈ A X ( 

üÿÿÿ,
A 0 ( 

üÿÿÿ,
A h ( 

üÿÿÿ,
A p ( 

üÿÿÿd A x (
!
d A € ( "
#
ÿÿÿÿÈ A „ ( $
%
ÿÿÿÿÈ A ˆ ( &
'
,
A Π( (
)
ÿÿÿÿ,
A � (  +
d A ” ( ,
-
ÿÿÿÿÈ A ˜ ( .
/
ÿÿÿÿÈ A œ ( 0
1
,
A ( 2
3
ÿÿÿÿ,
A ¤ ( 4
5
È A ¨ ( 6
7
È A ¬ ( 8
9
d A ° ( :
;
d
 ´ ( <
=
È
 ¸ ( >
?
È
 ¼ ( @
A
È
 À ( B
C
È
 Ä ( D
E
È
 È ( F
G
È
 Ì ( H
I
È
 Ð ( ˆ
‰
È
 Ô È ` @ 4 5 d  ÿÿÿÿ ( 6 7 d A  ( N O d A  ( ¼ - d A  ( P Q d A ( R S d A $ ( T U d A ( ( œ ¡ d A , ( ž £ d A 0 ( ¥ d A 4 ( ¾ / d A 8 ( ¢ § d
 < ( ¤ © d
 @ ( ¦ « d
 D ( ¨ }
d A H ( ª 
d
 L ( & �
d
 P ( ( ƒ
d
 T ( * ' d A X ( , ) d
 \ ( . + d A ` J

êÍ^  ‘Í^
 HÍ^4  ÚÍ^
   € 8 € 

P € 

h € 
 € 
 � P À ä `] à ä  è €è €( é Àé À
Ð ÀÖ ÀÜ
Ø
V e r k k o p a l v e l u i d e n r e s u r s s i o b j e k t i a e i v o i a v a t a . P a l a u t e t t u t i l a k o o d i o n

e n s i m m ä i s e s s ä D W O R D - t a v u s s a .

Ü
V e r k k o p a l v e l u i d e n r e s u r s s i t i e t o j e n k e r ä ä m i n e n e p ä o n n i s t u i , k o s k a D L L - t i e d o s t o n

a v a a m i n e n e i o n n i s t u n u t .

h

N e t a p i 3 2 . d l l - t i e d o s t o a e i v o i a v a t a s e l a u k s e n r e s u r s s i t i e t o j e n k e r ä y s t ä v a r t e n .

S e l a u k s e n r e s u r s s i t i e t o j a e i p a l a u t e t a . P a l a u t e t t u v i r h e k o o d i o n

e n s i m m ä i s e s s ä D W O R D - t a v u s s a .

¸

S e l a u k s e n r e s u r s s i t i e t o j e n k y s e l y f u n k t i o t a e i l ö y d y

N e t a p i 3 2 . d l l - t i e d o s t o s t a s e l a i m e n r e s u r s s i t i e t o j e n k e r ä y s t ä v a r t e n .

S e l a i m e n r e s u r s s i t i e t o j a e i p a l a u t e t a . P a l a u t e t t u v i r h e k o o d i o n

e n s i m m ä i s e s s ä D W O R D - t a v u s s a .

$

U u d e l l e e n o h j a u s p a l v e l u a e i v o i a v a t a . U u d e l l e e n o h j a u k s e n r e s u r s s i t i e t o j a

e i p a l a u t e t a . P a l a u t e t t u v i r h e k o o d i o n e n s i m m ä i s e s s ä D W O R D - t a v u s s a .

h

R e s u r s s i t i e t o j a e i v o i l u k e a u u d e l l e e n o h j a u s p a l v e l u s t a .

U u d e l l e e n o h j a u k s e n r e s u r s s i t i e t o j a e i p a l a u t e t a t ä h ä n m a l l i i n .

P a l a u t e t t u v i r h e k o o d i o n e n s i m m ä i s e s s ä D W O R D - t a v u s s a .



P a l v e l i n p a l v e l u a e i v o i a v a t a . P a l v e l i m e n r e s u r s s i t i e t o j a

e i p a l a u t e t a . P a l a u t e t t u v i r h e k o o d i o n e n s i m m ä i s e s s ä D W O R D - t a v u s s a .


P a l v e l i n p a l v e l u n v a l v o n t a t i e t o j a e i v o i l u k e a .

P a l v e l i m e n r e s u r s s i t i e t o j a e i p a l a u t e t a t ä h ä n m a l l i i n .

P a l a u t e t t u v i r h e k o o d i o n e n s i m m ä i s e s s ä D W O R D - t a v u s s a j a I O S B : s s ä . T i l a o n t o i s e s s a D W O R D - t a v u s s a j a

I O S B : s s ä . T i e d o t o v a t k o l m a n n e s s a D W O R D - t a v u s s a .

,
P a l v e l i n j o n o n r e s u r s s i t i e t o j a e i v o i l u k e a p a l v e l i n p a l v e l u s t a .

P a l v e l i n j o n o n r e s u r s s i t i e t o j a e i p a l a u t e t a t ä h ä n m a l l i i n .

P a l a u t e t t u v i r h e k o o d i o n e n s i m m ä i s e s s ä D W O R D - t a v u s s a j a I O S B : s s ä . T i l a o n t o i s e s s a D W O R D - t a v u s s a j a

I O S B : s s ä . T i e d o t o v a t k o l m a n n e s s a D W O R D - t a v u s s a .

Ø4 V S _ V E R S I O N _ I N F O ½ïþ

 (

 (
?    8
S t r i n g F i l e I n f o 
0 4 0 B 0 4 B 0 L 
C o m p a n y N a m e M i c r o s o f t C o r p o r a t i o n ˜ 8
F i l e D e s c r i p t i o n W i n d o w s i n V e r k k o p a l v e l u n r e s u r s s i o b j e k t i e n D L L - t i e d o s t o d "
F i l e V e r s i o n 5 . 1 . 2 6 0 0 . 0 ( x p c l i e n t . 0 1 0 8 1 7 - 1 1 4 8 ) 8 
I n t e r n a l N a m e P E R F N E T . D L L Ž 5
L e g a l C o p y r i g h t © M i c r o s o f t C o r p o r a t i o n . K a i k k i o i k e u d e t p i d ä t e t ä ä n . @ 
O r i g i n a l F i l e n a m e P E R F N E T . D L L p '
P r o d u c t N a m e M i c r o s o f t ® W i n d o w s ® - k ä y t t ö j ä r j e s t e l m ä ; 
P r o d u c t V e r s i o n 5 . 1 . 2 6 0 0 . 0 D
V a r F i l e I n f o $  T r a n s l a t i o n ° PADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDING  ì b2q2x2€2ˆ2’2¨2
33+313E3S3h3n3s3¥3´3ã3ú3,454;4Z4i4x4~4‰4�4–4¤4µ4é4ó45*5G5e5k5q5w5‡5�5�5¥5¯5·5Ç5Ì5Ò5Ù5á5ú576`6f6J7P7œ7Æ7Ï7â7ú7
8#8U8z8µ9Ã9Í9:];c;{;†;Œ;–;Ÿ;­;³;Ã;Í;õ;<0<6<?<U<‘<Â<È<Í>Ó>
???-?=?F?L?S?_?f?m?u?Ž?”?œ?µ?»?Á?Ç?ä? @ $0701)1/1e1p1v1}1”1¦1³1Ñ1ö12
222(2/272B2L2U2q2›2Á2«3 @  ¬0¼0Ì0Ü0

tollasta se sisälti ja mulla 2 paikassa toi tiedosto C:\WINDOWS\system32 tuolla ja sit viel täällä C:\WINDOWS\system32\dllcache

 

Lokien puolesta kaikki on ok.
Ja tähän toiseen ongelmaan mun taidot ei valitettavasti riitä

 

no mutta erittäin paljon kiitoksia avusta luulisin että jos poistan ati catalystin ja asennan vanhemman tai uusimman version niin sillä pitäisi poistua ongelma tai sit joudun asentamaan wintoosan uusiksi yritän löytää jonkun ohjelman joka tietäisi että mikä ohjelma sen auheuttaa sen
svchost.exe jutun.
No mutta näkyillään.

 

Kokeile olisko joku näistä ohjelmista apuja
http://www.microsoft.com/technet/sysinternals/Processesandthreadsutilities.mspx

 

no sain selville että se on joku dns palvelu tässä lisä infoa jos siitä apua

Process PID CPU Description Company Name
System Idle Process 0 100.00
procexp.exe 2036 Sysinternals Process Explorer Sysinternals
wuauclt.exe 3140 Automaattiset päivitykset Microsoft Corporation
wmiprvse.exe 3100 WMI Microsoft Corporation
wmiprvse.exe 2656 WMI Microsoft Corporation
wmiapsrv.exe 3488 WMI Performance Adapter Service Microsoft Corporation
winlogon.exe 516 Windows NT -kirjaus Microsoft Corporation
wdfmgr.exe 1136 Windows User Mode Driver Manager Microsoft Corporation
System 4
svchost.exe 904 Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 876 Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 804 Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 924 Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 732 Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 1016 Generic Host Process for Win32 Services Microsoft Corporation
spoolsv.exe 1380 Spooler SubSystem App Microsoft Corporation
smss.exe 424 Windows NT:n istunnonhallinta Microsoft Corporation
services.exe 560 Palvelu- ja ohjainohjelma Microsoft Corporation
SERVIC~1.EXE 1812 F-Secure 2006 F-Secure Internet Security 2005
lsass.exe 572 LSA Shell (Export Version) Microsoft Corporation
Interrupts n/a Hardware Interrupts
hpsysdrv.exe 1580 hpsysdrv Hewlett-Packard Company
fssm32.exe 200 fssm32 F-Secure Corp.
FSRW.exe 2112 F-Secure System Control F-Secure Corporation
fsqh.exe 1780 F-Secure Quarantine Handler F-Secure Corporation
fspex.exe 1148 F-Secure 2006 F-Secure Internet Security 2005
fspc.exe 2120 F-Secure Parental Control F-Secure Corporation
FSMB32.EXE 404 F-Secure Message Broker F-Secure Corporation
FSMA32.EXE 180 F-Secure Management Agent F-Secure Corporation
FSM32.EXE 1596 F-Secure Settings and Statistics F-Secure Corporation
fshttps.exe 2692 F-Secure Http Server F-Secure Corporation
fsguidll.exe 3820 F-Secure GUI component F-Secure Corporation
fsgk32st.exe 1840 fsgk32st F-Secure Corporation
fsgk32.exe 1868 Gatekeeper Handler II F-Secure Corp.
fsdfwd.exe 2804 F-Secure Anti-Virus Internet Shield daemon F-Secure Corporation
fsbwsys.exe 1876 fsbwsys F-Secure Corp.
FSAV32.exe 2492 FSAV Handler F-Secure Corporation
FSAW.exe 3556 F-Secure Browser Control F-Secure Corporation
firefox.exe 3264 Firefox Mozilla Corporation
FCH32.EXE 608 F-Secure Configuration Handler F-Secure Corporation
FAMEH32.EXE 1776 F-Secure Alert and Management Extension Handler F-Secure Corporation
explorer.exe 1292 Resurssienhallinta Microsoft Corporation
DPCs n/a Deferred Procedure Calls
ctfmon.exe 1652 CTF Loader Microsoft Corporation
csrss.exe 480 Client Server Runtime Process Microsoft Corporation
CLI.exe 1636 CLI Application (Command Line Interface) ATI Technologies Inc.
CLI.exe 2688 CLI Application (Command Line Interface) ATI Technologies Inc.
CLI.exe 2708 CLI Application (Command Line Interface) ATI Technologies Inc.
ati2evxx.exe 1224 ATI External Event Utility EXE Module ATI Technologies Inc.
ati2evxx.exe 720 ATI External Event Utility EXE Module ATI Technologies Inc.
alg.exe 2952 Application Layer Gateway Service Microsoft Corporation

sen tiedoston nimi mikä käyttää svchost.exeä on dnsrslvr.dll joku mikä selvittää dns osoitteita??

 

Kokeile ottaa dns-asiakas palvelu pois päältä.
(tässä linkissä sama ongelma enkuksi)
http://www.tek-tips.com/viewthread.cfm?qid=1239575&page=1