suoritinkäyttö 100%

avolava · Jul 28, 2005

kone jumii kunnolla-kun katson tehtävienhallinnasta näyttää 100%. olen skannannu koneen viruksilta.ei pitäis olla-mut otan vastaa hyviä skannaus ohjelma vinkkejä. mulla on nortonin torjuntaohjelma ja sit ad-aware ja sit spybot. Sit ku katoin tosta tapahtumien valvonnasta siel oli sovellusten puolella pari jotain application hang-virhettä, luki jotain et lukkiutunut explorer sovellus! apua viisaat
joo sori siis explorer exe.
-joo olen tehny sen escan ei löytyny mitään, toi process explorer en taida oikein osata käyttää sitä! uusin sp2 on ja eiks noi spybot ja ad-aware ole jotain scannereita-mut olen scannannu kyl nortonin ohjelmalla kans.
toi escan antoi tällaisen listan mitä tehdä:
HKEY_LOCAL_MACHINE Software\Classes\Installer\Products\667FCD348386A9F4C8199DD25A68FD7A\SourceList\Net 2.5.2005 8:54:00 1 C:\DOCUME~1\PAKARI~1\LOCALS~1\Temp\IXP000.TMP\
HKEY_LOCAL_MACHINE Software\Classes\Installer\Products\9EC9653600AFC964FAC55E4D9DA3FC19\SourceList\Net 28.7.2005 17:44:33 1 C:\DOCUME~1\PAKARI~1\LOCALS~1\Temp\IXP000.TMP\
HKEY_LOCAL_MACHINE Software\Classes\Installer\Products\C838BEBA7A1AD5C47B1EB83441062050\SourceList\Net 2.5.2005 8:54:00 1 C:\DOCUME~1\PAKARI~1\LOCALS~1\Temp\IXP000.TMP\
HKEY_LOCAL_MACHINE Software\Classes\Installer\Products\DDE7F2BCF1D91C3409CFF425AE1E271A\SourceList\Net 2.5.2005 8:54:00 1 C:\DOCUME~1\PAKARI~1\LOCALS~1\Temp\IXP000.TMP\
HKEY_LOCAL_MACHINE Software\Classes\Installer\Products\FA1A8354498601F4BAADC69B6ECA8F6B\SourceList\Net 2.5.2005 8:54:00 1 C:\DOCUME~1\PAKARI~1\LOCALS~1\Temp\IXP000.TMP\
HKEY_LOCAL_MACHINE Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\667FCD348386A9F4C8199DD25A68FD7A\InstallProperties 2.12.2004 7:10:59 InstallSource C:\DOCUME~1\PAKARI~1\LOCALS~1\Temp\IXP000.TMP\
HKEY_LOCAL_MACHINE Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\9EC9653600AFC964FAC55E4D9DA3FC19\InstallProperties 28.7.2005 17:44:33 InstallSource C:\DOCUME~1\PAKARI~1\LOCALS~1\Temp\IXP000.TMP\
HKEY_LOCAL_MACHINE Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\C838BEBA7A1AD5C47B1EB83441062050\InstallProperties 29.4.2005 8:55:18 InstallSource C:\DOCUME~1\PAKARI~1\LOCALS~1\Temp\IXP000.TMP\
HKEY_LOCAL_MACHINE Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\DDE7F2BCF1D91C3409CFF425AE1E271A\InstallProperties 2.5.2005 8:53:49 InstallSource C:\DOCUME~1\PAKARI~1\LOCALS~1\Temp\IXP000.TMP\
HKEY_LOCAL_MACHINE Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\FA1A8354498601F4BAADC69B6ECA8F6B\InstallProperties 2.12.2004 7:12:15 InstallSource C:\DOCUME~1\PAKARI~1\LOCALS~1\Temp\IXP000.TMP\
HKEY_LOCAL_MACHINE Software\Microsoft\Windows\CurrentVersion\Uninstall\{43DCF766-6838-4F9A-8C91-D92DA586DFA7} 2.5.2005 8:54:04 InstallSource C:\DOCUME~1\PAKARI~1\LOCALS~1\Temp\IXP000.TMP\
HKEY_LOCAL_MACHINE Software\Microsoft\Windows\CurrentVersion\Uninstall\{4538A1AF-6894-4F10-ABDA-6CB9E6ACF8B6} 2.5.2005 8:54:04 InstallSource C:\DOCUME~1\PAKARI~1\LOCALS~1\Temp\IXP000.TMP\
HKEY_LOCAL_MACHINE Software\Microsoft\Windows\CurrentVersion\Uninstall\{63569CE9-FA00-469C-AF5C-E5D4D93ACF91} 28.7.2005 17:44:33 InstallSource C:\DOCUME~1\PAKARI~1\LOCALS~1\Temp\IXP000.TMP\
HKEY_LOCAL_MACHINE Software\Microsoft\Windows\CurrentVersion\Uninstall\{ABEB838C-A1A7-4C5D-B7E1-8B4314600205} 2.5.2005 8:54:04 InstallSource C:\DOCUME~1\PAKARI~1\LOCALS~1\Temp\IXP000.TMP\
HKEY_LOCAL_MACHINE Software\Microsoft\Windows\CurrentVersion\Uninstall\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} 2.5.2005 8:54:04 InstallSource C:\DOCUME~1\PAKARI~1\LOCALS~1\Temp\IXP000.TMP\
HKEY_LOCAL_MACHINE Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2EF6D2EDD5647EC4FBFD8DBE158DD55E 17.5.2005 18:41:48 68AB67CA00008CE74798000000006030 C:\DOCUME~1\PAKARI~1\LOCALS~1\Temp\patch.exe
HKEY_CURRENT_USER Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\avi 19.7.2005 15:40:06 c C:\Downloads\elektra.xvid.avi
HKEY_USERS S-1-5-21-1614895754-1644491937-682003330-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\avi 19.7.2005 15:40:06 c C:\Downloads\elektra.xvid.avi
HKEY_CURRENT_USER Software\Vso\DivxToDvd 10.1.2005 20:29:57 EdSrc C:\Leffat\Finding.Nemo.DVDRip.XViD-ViTE.avi
HKEY_USERS S-1-5-21-1614895754-1644491937-682003330-1004\Software\Vso\DivxToDvd 10.1.2005 20:29:57 EdSrc C:\Leffat\Finding.Nemo.DVDRip.XViD-ViTE.avi
HKEY_CURRENT_USER Software\DVD Shrink\DVD Shrink 3.2\Preferences 11.1.2005 23:58:34 TargetFolder C:\MINDHUNTERS
HKEY_CURRENT_USER Software\DVD Shrink\DVD Shrink 3.2\Recent Targets 12.12.2004 20:13:15 File1 C:\MINDHUNTERS
HKEY_USERS S-1-5-21-1614895754-1644491937-682003330-1004\Software\DVD Shrink\DVD Shrink 3.2\Preferences 11.1.2005 23:58:34 TargetFolder C:\MINDHUNTERS
HKEY_USERS S-1-5-21-1614895754-1644491937-682003330-1004\Software\DVD Shrink\DVD Shrink 3.2\Recent Targets 12.12.2004 20:13:15 File1 C:\MINDHUNTERS
HKEY_LOCAL_MACHINE Software\Microsoft\Windows\CurrentVersion\App Paths\NREN.EXE 2.5.2005 8:54:04 C:\NORMAN\Nvc\Bin\NREN.EXE
HKEY_LOCAL_MACHINE Software\Classes\CLSID\{C0351D61-F7C6-11d6-B886-00D0B76BF81E}\InprocServer32 2.5.2005 8:53:58 C:\PROGRA~1\Creative\SHARED~1\NM2PgHlp.dll
HKEY_LOCAL_MACHINE Software\Classes\CLSID\{83D4679F-B6D7-11D2-BF36-00C04FB90A03}\InprocServer32 2.5.2005 8:53:58 C:\PROGRA~1\MESSEN~1\rtcimsp.dll
HKEY_LOCAL_MACHINE Software\Clients\Media\QuickTime Player\shell\open\command 2.5.2005 8:53:57 C:\PROGRA~1\QUICKT~1\QuickTimePlayer.exe
HKEY_CURRENT_USER Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU 28.7.2005 17:47:28 a C:\Temp\Rape-1
HKEY_USERS S-1-5-21-1614895754-1644491937-682003330-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU 28.7.2005 17:47:28 a C:\Temp\Rape-1
HKEY_LOCAL_MACHINE Software\Microsoft\Windows\CurrentVersion\Explorer\VolumeCaches\Active Setup Temp Folders 2.5.2005 8:54:04 Folder C:\WINDOWS\msdownld.tmp|?:\msdownld.tmp
HKEY_LOCAL_MACHINE Software\Microsoft\Windows\CurrentVersion\SideBySide\Installations\x86_policy.6.0.Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_eb84b25e\Codebases\U_Service Pack 2 2.5.2005 8:54:04 URL C:\WINDOWS\ServicePackFiles\i386/comctl.man
HKEY_LOCAL_MACHINE Software\Microsoft\Windows\CurrentVersion\SideBySide\Installations\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\Codebases\U_Service Pack 2 2.5.2005 8:54:04 URL C:\WINDOWS\ServicePackFiles\i386/controls.man
HKEY_LOCAL_MACHINE Software\Microsoft\Windows\CurrentVersion\SideBySide\Installations\x86_Microsoft.Windows.SystemCompatible_6595b64144ccf1df_5.1.2600.2000_x-ww_bcc9a281\Codebases\U_Service Pack 2 2.5.2005 8:54:04 URL C:\WINDOWS\ServicePackFiles\i386/default.man
HKEY_LOCAL_MACHINE Software\Microsoft\Windows\CurrentVersion\SideBySide\Installations\x86_policy.5.1.Microsoft.Windows.SystemCompatible_6595b64144ccf1df_5.1.2600.2000_x-ww_0e037a8a\Codebases\U_Service Pack 2 2.5.2005 8:54:04 URL C:\WINDOWS\ServicePackFiles\i386/default.man
HKEY_LOCAL_MACHINE Software\Microsoft\Windows\CurrentVersion\SideBySide\Installations\x86_Microsoft.Windows.Networking.Dxmrtp_6595b64144ccf1df_5.2.2.3_x-ww_468466a7\Codebases\U_Service Pack 2 2.5.2005 8:54:04 URL C:\WINDOWS\ServicePackFiles\i386/dxmrtp.man
HKEY_LOCAL_MACHINE Software\Microsoft\Windows\CurrentVersion\SideBySide\Installations\x86_policy.5.2.Microsoft.Windows.Networking.Dxmrtp_6595b64144ccf1df_5.2.2.3_x-ww_cf59288d\Codebases\U_Service Pack 2 2.5.2005 8:54:04 URL C:\WINDOWS\ServicePackFiles\i386/dxmrtp.man
HKEY_LOCAL_MACHINE Software\Microsoft\Windows\CurrentVersion\SideBySide\Installations\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.2180_x-ww_522f9f82\Codebases\U_Service Pack 2 2.5.2005 8:54:04 URL C:\WINDOWS\ServicePackFiles\i386/gdiplus.man
HKEY_LOCAL_MACHINE Software\Microsoft\Windows\CurrentVersion\SideBySide\Installations\x86_policy.1.0.Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.2180_x-ww_5ff735e2\Codebases\U_Service Pack 2 2.5.2005 8:54:04 URL C:\WINDOWS\ServicePackFiles\i386/gdiplus.man
HKEY_LOCAL_MACHINE Software\Microsoft\Windows\CurrentVersion\SideBySide\Installations\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.2180_x-ww_b2505ed9\Codebases\U_Service Pack 2 2.5.2005 8:54:04 URL C:\WINDOWS\ServicePackFiles\i386/mswincrt.man
HKEY_LOCAL_MACHINE Software\Microsoft\Windows\CurrentVersion\SideBySide\Installations\x86_policy.7.0.Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.2180_x-ww_cf5111a1\Codebases\U_Service Pack 2 2.5.2005 8:54:04 URL C:\WINDOWS\ServicePackFiles\i386/mswincrt.man
HKEY_LOCAL_MACHINE Software\Microsoft\Windows\CurrentVersion\SideBySide\Installations\x86_Microsoft.Windows.Networking.RtcDll_6595b64144ccf1df_5.2.2.3_x-ww_d6bd8b95\Codebases\U_Service Pack 2 2.5.2005 8:54:04 URL C:\WINDOWS\ServicePackFiles\i386/rtcdll.man
HKEY_LOCAL_MACHINE Software\Microsoft\Windows\CurrentVersion\SideBySide\Installations\x86_policy.5.2.Microsoft.Windows.Networking.Rtcdll_6595b64144ccf1df_5.2.2.3_x-ww_5f924d7b\Codebases\U_Service Pack 2 2.5.2005 8:54:04 URL C:\WINDOWS\ServicePackFiles\i386/rtcdll.man
HKEY_LOCAL_MACHINE Software\Microsoft\Windows\CurrentVersion\SideBySide\Installations\x86_Microsoft.Windows.Networking.RtcRes_6595b64144ccf1df_5.2.2.3_fi_7def5406\Codebases\U_Service Pack 2 2.5.2005 8:54:04 URL C:\WINDOWS\ServicePackFiles\i386/rtcres.man
HKEY_LOCAL_MACHINE Software\Microsoft\Windows\CurrentVersion\Setup 13.7.2005 6:21:32 ServicePackCachePath c:\windows\ServicePackFiles\ServicePackCache
HKEY_LOCAL_MACHINE Software\Microsoft\Windows\CurrentVersion\WindowsUpdate\Reporting\EventCache\WU 27.6.2005 23:09:27 CurrentCacheFile C:\WINDOWS\SoftwareDistribution\EventCache\{98B40A59-8DC8-417C-B280-89B66FCBDFD7}.bin
HKEY_LOCAL_MACHINE Software\Microsoft\Windows\CurrentVersion\WindowsUpdate\Reporting\EventCache\Sus 27.6.2005 23:09:13 CurrentCacheFile C:\WINDOWS\SoftwareDistribution\EventCache\{EF3CC236-144F-40B7-B5A9-CD977960F312}.bin
HKEY_CURRENT_USER Software\Microsoft\Internet Explorer\Main 28.7.2005 17:44:56 Local Page C:\WINDOWS\system32\blank.htm
HKEY_USERS S-1-5-21-1614895754-1644491937-682003330-1004\Software\Microsoft\Internet Explorer\Main 28.7.2005 17:44:56 Local Page C:\WINDOWS\system32\blank.htm
HKEY_LOCAL_MACHINE Software\Microsoft\Windows\CurrentVersion\App Paths\cmmgr32.exe 2.5.2005 9:25:28 C:\WINDOWS\system32\cmmgr32.exe
HKEY_LOCAL_MACHINE Software\Microsoft\Multimedia\MPlayer2\Groups\Video\DVR-MS 2.5.2005 8:54:04 RequiredFile C:\WINDOWS\system32\enable.dvd
HKEY_LOCAL_MACHINE Software\Classes\CLSID\{CC2C83A6-9BE4-11D0-98E7-00C04FC2CAF5}\InprocServer32 2.5.2005 9:27:31 SystemDB C:\WINDOWS\system32\system.mdw
HKEY_LOCAL_MACHINE Software\Microsoft\WBEM\PROVIDERS\Logging\NTEVT 26.5.2005 12:44:28 File C:\WINDOWS\system32\WBEM\Logs\\NTEVT.log
HKEY_LOCAL_MACHINE Software\Microsoft\WBEM\PROVIDERS\Logging\WBEMSNMP 26.5.2005 12:44:28 File C:\WINDOWS\system32\WBEM\Logs\\WBEMSNMP.log
HKEY_LOCAL_MACHINE Software\Microsoft\Windows Media Device Manager 2.5.2005 9:28:22 Log.Filename C:\WINDOWS\system32\Wmdm.log
HKEY_LOCAL_MACHINE Software\Microsoft\IMAPI\StashInfo 2.5.2005 8:54:03 StashPath C:\WINDOWS\Temp\StashIMAPI.bin
HKEY_USERS .DEFAULT\Software\Microsoft\Windows\ShellNoRoam\MUICache 4.5.2005 11:39:26 C:\Norman\Nvc\BIN\NPFMSG2.EXE NPFMessenger
HKEY_USERS S-1-5-18\Software\Microsoft\Windows\ShellNoRoam\MUICache 4.5.2005 11:39:26 C:\Norman\Nvc\BIN\NPFMSG2.EXE NPFMessenger
HKEY_USERS .DEFAULT\Software\Microsoft\Windows\ShellNoRoam\MUICache 4.5.2005 11:39:26 C:\Norman\Nvc\BIN\NPFSVICE.EXE NPFSVICE
HKEY_USERS S-1-5-18\Software\Microsoft\Windows\ShellNoRoam\MUICache 4.5.2005 11:39:26 C:\Norman\Nvc\BIN\NPFSVICE.EXE NPFSVICE
HKEY_CURRENT_USER Software\Netscape\Netscape Navigator\User Trusted External Applications 16.5.2005 11:37:47 C:\PROGRA~1\QUICKT~1\QuickTimePlayer.exe Yes
HKEY_CURRENT_USER Software\Netscape\Netscape Navigator\User Trusted External Applications 16.5.2005 11:37:47 C:\PROGRA~1\QUICKT~1\PictureViewer.exe Yes
HKEY_USERS S-1-5-21-1614895754-1644491937-682003330-1004\Software\Netscape\Netscape Navigator\User Trusted External Applications 16.5.2005 11:37:47 C:\PROGRA~1\QUICKT~1\QuickTimePlayer.exe Yes
HKEY_USERS S-1-5-21-1614895754-1644491937-682003330-1004\Software\Netscape\Netscape Navigator\User Trusted External Applica

dfwta · Jul 28, 2005

ja sen 100 % vie prosessi nimeltään ...?

dfwta · Jul 28, 2005

Enpä osaa muuta neuvoa antaa kun Windowsin uudelleen asennus. Valitan.

fkock · Jul 28, 2005

1. Onko koneessa paljon video tiedostoja?

2. sp2 asennettu? http://support.microsoft.com/kb/317751/en-us

3. Tarkista ProcessExplorerilla ettei ole mitään turhia ohjelmia käynnissä
-> http://www.sysinternals.com/Utilities/ProcessExplorer.htm

4. Millä olet skannanut koneen?

5. ''Siivonnut'' turhat rekisterit? esim. Easy Cleaner -> http://personal.inet.fi/business/toniarts/ecleane.htm

werppa · Aug 6, 2005

mulla sama ongelma. process explorerilla tulee tämmönen nimellä WMIPRVSE.EXE (samaan aikaan kun suorituskyky on 100%...) ja se on tummanpunasella merkittynä. Lukekaa tästä info: http://www.sophos.com/virusinfo/analyses/w32sonebotb.html
Kannattaako poistaa se?

wipe2000 · Aug 6, 2005

Kyllähän madot yleensä kannattaa poistaa.

werppa · Aug 7, 2005

ja sitten mulla on vielä wuauclt.exeä kaks kappaletta. PID on toisella 1908 ja toisella 2420. 1980:n se ilmottaa välillä punasella. sitten joku Normanin juttu on seonnu koska nvcoas.exe vie suoritinta 98 % pahimmillaan. Kukaan ei todennäkösesti tiedä syytä tähän...

Viljam · Aug 8, 2005

Sophoksen mukaan se on W32/Sonebot.B.Miten sen saa pois?Sysinternal näyttää kolmea eri wmiprvse.exe:ä.Jotain häikkää on koska suoritin huutaa puolen minuutin välein.

aaxxeell · Aug 14, 2005

Itselläki sama homma eli Explorer.exe:n suoritinkäyttö on 100% ja kone tietenki jumittaa pahasti.

Jos joku kokeneempi vois katsoa vähän logia. Itse ainakin koen pientä häikkää tuossa.
Kone on kuitenki tarkistettu viiruksilta ja muilta eikä kyseisiä ole löytynyt. Mesenger Plus on kyllä pahin mitä on löydetty.

Logfile of HijackThis v1.99.1
Scan saved at 2:10:26, on 15.8.2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Documents and Settings\Omistaja\Omat tiedostot\Ohjelmat\Alcohol\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\MSN Apps\Updater\01.03.0000.1005\fi\msnappau.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\ZoneLabs\isafe.exe
C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Omistaja\Omat tiedostot\Ohjelmat\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.fi/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.fi/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\fi\msntb.dll
O3 - Toolbar: HP-nakyma - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\fi\msntb.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.03.0000.1005\fi\msnappau.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [Acme.PCHButton] C:\PROGRA~1\HPPAVI~1\Pavilion\XPHWWBP4\plugin\bin\pchbutton.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\DOCUME~1\Alex\OMATTI~1\Icq\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\DOCUME~1\Alex\OMATTI~1\Icq\ICQ\ICQ.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {701DC9DC-ACD5-4E94-85E3-F3F1ED68611A} (CWebClientCtl Object) - http://download.paltalk.com/webclienttest/webclientctl.cab
O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) - http://download.zonelabs.com/bin/promotions/spywaredetector/ICSScanner.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9B03C5F1-F5AB-47EE-937D-A8EDA626F876} (Anonymizer Anti-Spyware Scanner) - http://download.zonelabs.com/bin/promotions/spywaredetector/WebAAS.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (ASquaredScanForm Element) - http://www.windowsecurity.com/trojanscan/axscan.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O20 - AppInit_DLLs: MsgPlusLoader.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - C:\WINDOWS\system32\ZoneLabs\isafe.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Documents and Settings\Omistaja\Omat tiedostot\Ohjelmat\Alcohol\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

Bado · Aug 14, 2005

No tämä tuskin auttaa jos auttaa niin IHME eli Paina Ctrl + Alt + Delete
Prosessit--->Explorer Lopeta prosessi----->Sovellukset----->Uusi Tehtävä----->Kirjoita Explorer

aaxxeell · Aug 14, 2005

Tuo on hätätilanteessa kokeiltu ja välillä auttanut rauhoittamaan.

Toymaatti · Aug 15, 2005

avolava, tuo ei ole eScanin alalaatikon lista. Laitas HjT loki(mielellään tuonne viruspuolelle)
http://koti.mbnet.fi/pattaya1/hijackthis.htm

werppa, WMIPRVSE.EXE poitoon, wuauclt.exe on OK.
Jos ei onnaa niin laita HjT loki

aaxxeell, ei tuolla muuta fixattavaa näy kuin tuo
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE

Log in or Sign up

suoritinkäyttö 100%

avolava Member

dfwta Regular member

dfwta Regular member

fkock Regular member

werppa Member

wipe2000 Senior member

werppa Member

Viljam Regular member

aaxxeell Regular member

Bado Member

aaxxeell Regular member

Toymaatti Active member

Share This Page

Log in or Sign up

suoritinkäyttö 100%

avolava Member

dfwta Regular member

dfwta Regular member

fkock Regular member

werppa Member

wipe2000 Senior member

werppa Member

Viljam Regular member

aaxxeell Regular member

Bado Member

aaxxeell Regular member

Toymaatti Active member

Share This Page

Useful Searches