Suoritinkäyttö nousee 100%, näkeekö vian tästä?

JasonSco · Jun 2, 2007

_UUDEMPI LOGI ON ALEMPANA_

Hujo · Jun 2, 2007

Poista lisää poista sovelutuksesta

Trend Micro HijackThis v2.0.0 (BETA)

lataa tuosta uudelleen

Lataa hjt:n tuosta http://koti.mbnet.fi/pattaya1/lataus/hijackthis_self.exe

asenna naputtele numero järjestyksessä

1.Unzip
2.OK
3.Close

scannaa paina tuosta > Do a system scan and save a logfile

Kopioi ponnahtava muistio hjt loki ja laita tänne.

JasonSco · Jun 2, 2007

Eli ongelmana on, että kun klikkaan oma tietokone > D:, niin koneen suoritin käyttö nousee 100% ja puolen minuutin jälkeen tulee ilmoitus "explorer.exe on havainnut virheen ja tuote on suljettava" ja explorer käynnistyy uudelleen...

olen jo ajanut:

Nortonin
spybotin D&S
CCleanerin
Spyware Doctor
Avast!
ad-aware
Regcleaner
ATF-cleaner

, mutta mikään ei ole auttanut

(formatointi auttaa, mutta parin viikon kuluttua ongelma on takasin)

toivottavasti ongelma selviää tämän login avulla...

Logfile of HijackThis v1.99.1
Scan saved at 17:56:00, on 2.6.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Acer\Empowering Technology\admServ.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Acer\Empowering Technology\admtray.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\Acer\Empowering Technology\eRecovery\Monitor.exe
C:\PROGRA~1\LAUNCH~1\LManager.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Sonera\InternetAvustaja\bin\sprtcmd.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\PeerGuardian2\pg2.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\igfxext.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\DOCUME~1\JASONS~1\LOCALS~1\Temp\RtkBtMnt.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\Program Files\BitComet\BitComet.exe
C:\Program Files\Webteh\BSplayerPro\bsplayer.exe
C:\Program Files\Webteh\BSplayerPro\bsplayer.exe
C:\Program Files\TweakNow RegCleaner Std\RegCleaner.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Messenger\msmsgs.exe
C:\HJT\HijackThis.exe

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ADMTray.exe] "C:\Acer\Empowering Technology\admtray.exe"
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [Acer ePower Management] C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe boot
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe /idle
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [anysee_TR] C:\Program Files\anysee\anysee-E30\anysee_TR.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Sonera] "C:\Program Files\Sonera\InternetAvustaja\bin\sprtcmd.exe" /P Sonera
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AdminWorks Agent X6 (AWService) - Avocent Inc. - C:\Acer\Empowering Technology\admServ.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: iPod-palvelu (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

Hujo · Jun 2, 2007

scannaa hjt:llä merkkaa paina Fix checked

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

================

Escan
Ohjeet tuolla sivulla.
http://koti.mbnet.fi/pattaya1/escanmwav.htm
lataa tuosta
http://www.spywareinfo.dk/download/mwav.exe
päivitä tuosta
http://koti.mbnet.fi/pattaya1/lataus/Mwav.bat
laita täpit merkkauksien mukaan
http://koti.mbnet.fi/pattaya1/eScan6.jpg

scannaa

jos ala luukkuun tulee jotain niin kopioi se näin:
Käytä komentoa Ctrl+A.
Kopioi rivit komennolla Ctrl+C.
Liitä rivit komennolla Ctrl+V.

Laita virus log tänne.

================

Avastin saat poistaa
C:\Program Files\Alwil Software Löytyykö vielä lisää poista sovelutuksesta jos löytyy poista

=================

1. Lataa combofix.exe työpöydällesi jommastakummasta linkistä:
http://www.techsupportforum.com/sectools/sUBs/ComboFix.exe
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

2. Tuplaklikkaa combofix.exe tiedostoa ja seuraa ohjeistuksia.
3. Kun työkalu on valmis, se tuottaa lokin. Lähetä tämä loki viesti ketjuusi.
Huom! Älä klikkaile combofixin ikkunaa käytön aikana. Tämä saattaa aiheuttaa ohjelman jumiutumisen.

=================

combofix loki
uusi hjt loki

JasonSco · Jun 2, 2007

No seuraavat tulivat tuolla E'Scanilla...:

File C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3E0A3F16.sys infected by "Rootkit.Win32.Agent.eq" Virus. Action Taken: File Renamed.
File C:\Documents and Settings\Jason Scott\My Documents\Asennukset\SmitfraudFix (Haittaohjelmien poistaja)\SmitfraudFix.exe tagged as not-a-virus:RiskTool.Win32.Reboot.f. No Action Taken.
File C:\Documents and Settings\Jason Scott\My Documents\Asennukset\SmitfraudFix (Haittaohjelmien poistaja)\SmitfraudFix\Reboot.exe tagged as not-a-virus:RiskTool.Win32.Reboot.f. No Action Taken.
File C:\System Volume Information\_restore{A2051995-3578-430A-9D27-4F28155DE65C}\RP49\A0005827.sys infected by "Rootkit.Win32.Agent.eq" Virus. Action Taken: File Renamed.

...ja seuraavat tulivat ComboFixillä...-----------------------------------------------

"Jason Scott" - 2007-06-02 23:12:36 Service Pack 2
ComboFix 07-05.27.BV - Running from: "C:\Documents and Settings\Jason Scott\Desktop\"

((((((((((((((((((((((((((((((( Files Created from 2007-05-02 to 2007-06-02 ))))))))))))))))))))))))))))))))))

2007-06-02 19:50 <KANSIO> d-------- C:\Kaspersky
2007-06-02 17:52 <KANSIO> d-------- C:\HJT
2007-06-02 17:05 5,374 --a------ C:\WINDOWS\system32\tmp.reg
2007-06-02 16:28 <KANSIO> d-------- C:\Program Files\TweakNow RegCleaner Std
2007-06-02 16:22 <KANSIO> d-------- C:\DOCUME~1\JASONS~1\APPLIC~1\Lavasoft
2007-06-02 15:50 50,944 --a------ C:\WINDOWS\system32\drivers\ikhlayer.sys
2007-06-02 15:50 30,560 --a------ C:\WINDOWS\system32\drivers\ikhfile.sys
2007-06-02 15:50 <KANSIO> d-------- C:\Program Files\Spyware Doctor
2007-06-02 15:50 <KANSIO> d-------- C:\DOCUME~1\JASONS~1\APPLIC~1\PC Tools
2007-06-02 15:43 85,960 --a------ C:\WINDOWS\system32\build_dol.exe
2007-06-02 15:21 <KANSIO> d-------- C:\Program Files\Alwil Software
2007-05-30 11:25 <KANSIO> d-------- C:\Program Files\Webteh
2007-05-30 11:25 <KANSIO> d-------- C:\DOCUME~1\JASONS~1\APPLIC~1\BSplayer Pro
2007-05-28 12:15 <KANSIO> d-------- C:\Program Files\Sonera
2007-05-28 12:00 <KANSIO> d-------- C:\Program Files\Common Files\SupportSoft
2007-05-28 01:38 <KANSIO> d-------- C:\DOCUME~1\JASONS~1\APPLIC~1\AdobeUM
2007-05-25 16:13 <KANSIO> d-------- C:\Program Files\Gabest
2007-05-25 16:13 <KANSIO> d-------- C:\Program Files\AviSynth 2.5
2007-05-25 16:13 <KANSIO> d-------- C:\Program Files\AutoGK
2007-05-25 15:55 <KANSIO> d-------- C:\DOCUME~1\JASONS~1\APPLIC~1\CyberLink
2007-05-25 15:54 <KANSIO> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\CyberLink
2007-05-23 14:43 <KANSIO> d-------- C:\Program Files\MagicISO
2007-05-22 22:56 765,952 --a------ C:\WINDOWS\system32\xvidcore.dll
2007-05-22 22:56 <KANSIO> d-------- C:\Program Files\K-Lite Codec Pack
2007-05-18 22:31 <KANSIO> d-------- C:\Program Files\Google
2007-05-18 22:31 <KANSIO> d-------- C:\DOCUME~1\JASONS~1\APPLIC~1\Google
2007-05-18 22:27 724,992 --a------ C:\WINDOWS\iun6002.exe
2007-05-18 22:27 <KANSIO> d-------- C:\DOCUME~1\JASONS~1\APPLIC~1\Zepsoft
2007-05-18 15:39 <KANSIO> d-------- C:\Program Files\iTunes
2007-05-18 15:39 <KANSIO> d-------- C:\Program Files\iPod
2007-05-18 15:39 <KANSIO> d-------- C:\Program Files\Apple Software Update
2007-05-15 20:26 <KANSIO> d-------- C:\DOCUME~1\JASONS~1\APPLIC~1\Apple Computer
2007-05-15 20:18 <KANSIO> d-------- C:\Program Files\QuickTime
2007-05-15 20:18 <KANSIO> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
2007-05-06 15:54 0 --a------ C:\WINDOWS\1 Click & Lock.dat
2007-05-05 13:56 <KANSIO> d---s---- C:\Documents and Settings\JASONS~1\UserData
2007-05-05 13:56 <KANSIO> d---s---- C:\DOCUME~1\JASONS~1\UserData
2007-05-05 11:11 <KANSIO> d--h----- C:\WINDOWS\PIF
2007-05-04 17:16 188 --a------ C:\WINDOWS\system32\eDataSecurity.dat
2007-05-04 15:03 671 --a------ C:\WINDOWS\mozver.dat
2007-05-03 23:24 23,040 --------- C:\WINDOWS\kb913800.exe
2007-05-03 22:31 <KANSIO> d-------- C:\Program Files\Common Files\xing shared
2007-05-03 22:30 <KANSIO> d-------- C:\Program Files\Real
2007-05-03 22:30 <KANSIO> d-------- C:\Program Files\Common Files\Real
2007-05-03 22:30 <KANSIO> d-------- C:\DOCUME~1\JASONS~1\APPLIC~1\Real
2007-05-03 19:01 32,592 --a------ C:\WINDOWS\system32\msonpmon.dll
2007-05-03 18:59 <KANSIO> d-------- C:\Program Files\MSBuild
2007-05-03 18:59 <KANSIO> d-------- C:\Program Files\Microsoft Works
2007-05-03 18:58 <KANSIO> d-------- C:\Program Files\Microsoft.NET
2007-05-03 18:52 <KANSIO> dr-h----- C:\MSOCache
2007-05-03 18:47 <KANSIO> d-------- C:\WINDOWS\system32\appmgmt
2007-05-03 18:42 <KANSIO> d-------- C:\WINDOWS\SHELLNEW
2007-05-03 18:41 <KANSIO> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft Help
2007-05-03 18:31 <KANSIO> d-------- C:\Elokuvat & TV
2007-05-03 18:20 <KANSIO> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2007-05-03 18:19 <KANSIO> d-------- C:\Program Files\Windows Journal Viewer
2007-05-03 18:19 <KANSIO> d-------- C:\Program Files\PeerGuardian2
2007-05-03 18:17 0 --a------ C:\WINDOWS\nsreg.dat
2007-05-03 18:16 15,360 --a------ C:\WINDOWS\system32\drivers\MPE.sys
2007-05-03 18:16 11,776 --a------ C:\WINDOWS\system32\drivers\BdaSup.sys
2007-05-03 18:15 <KANSIO> d-------- C:\Program Files\Common Files\IviSDK
2007-05-03 18:15 <KANSIO> d-------- C:\Program Files\anysee
2007-05-03 18:14 14,944 --------- C:\WINDOWS\system32\drivers\wg6n.sys
2007-05-03 18:14 14,944 --------- C:\WINDOWS\system32\drivers\wg5n.sys
2007-05-03 18:14 14,944 --------- C:\WINDOWS\system32\drivers\wg4n.sys
2007-05-03 18:14 <KANSIO> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-05-03 18:14 <KANSIO> d-------- C:\Program Files\CCleaner
2007-05-03 18:12 5,504 --------- C:\WINDOWS\system32\drivers\imagedrv.sys
2007-05-03 18:12 476,320 --------- C:\WINDOWS\system32\ImagXpr7.dll
2007-05-03 18:12 471,040 --------- C:\WINDOWS\system32\ImagXRA7.dll
2007-05-03 18:12 262,144 --------- C:\WINDOWS\system32\ImagXR7.dll
2007-05-03 18:12 155,648 --a------ C:\WINDOWS\system32\NeroCheck.exe
2007-05-03 18:12 125,184 --------- C:\WINDOWS\system32\drivers\imagesrv.sys
2007-05-03 18:12 106,496 --a------ C:\WINDOWS\system32\TwnLib20.dll
2007-05-03 18:12 1,568,768 --------- C:\WINDOWS\system32\ImagX7.dll
2007-05-03 18:12 <KANSIO> d-------- C:\Program Files\Common Files\Ahead
2007-05-03 18:12 <KANSIO> d-------- C:\Program Files\Ahead
2007-05-03 18:11 5,248 --a------ C:\WINDOWS\system32\drivers\d347prt.sys
2007-05-03 18:11 155,136 --a------ C:\WINDOWS\system32\drivers\d347bus.sys
2007-05-03 18:11 <KANSIO> d-------- C:\Program Files\D-Tools
2007-05-03 17:42 <KANSIO> d--hs---- C:\Recycled
2007-05-03 17:30 <KANSIO> d---s---- C:\Program Files\Xfire
2007-05-03 17:30 <KANSIO> d-------- C:\DOCUME~1\JASONS~1\APPLIC~1\Xfire
2007-05-03 17:28 <KANSIO> d-------- C:\Program Files\MSN Messenger
2007-05-03 17:27 109,568 --------- C:\WINDOWS\system32\pxinsi64.exe
2007-05-03 17:27 108,544 --------- C:\WINDOWS\system32\pxcpyi64.exe
2007-05-03 17:27 <KANSIO> d-------- C:\Program Files\DivX
2007-05-03 17:26 <KANSIO> d-------- C:\Program Files\BitComet
2007-05-03 17:19 <KANSIO> d-------- C:\WINDOWS\system32\PreInstall
2007-05-03 17:15 <KANSIO> d-------- C:\Program Files\Yahoo!
2007-05-03 17:14 <KANSIO> d-------- C:\WINDOWS\Options
2007-05-03 17:14 <KANSIO> d-------- C:\WINDOWS\Acer
2007-05-03 17:12 258,048 --a------ C:\WINDOWS\system32\Uninstall_eRecovery.exe
2007-05-03 17:11 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
2007-05-03 17:11 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
2007-05-03 17:11 <KANSIO> d-------- C:\Program Files\Launch Manager
2007-05-03 17:10 5,120 --a------ C:\WINDOWS\system32\FILTRCOI.DLL
2007-05-03 17:10 16,896 --a------ C:\WINDOWS\system32\drivers\DKbFltr.SYS
2007-05-03 17:09 53,248 --a------ C:\WINDOWS\system32\acpimof.dll
2007-05-03 17:09 225,350 --a------ C:\WINDOWS\system32\Epm-Po.dll
2007-05-03 17:09 <KANSIO> d-------- C:\DOCUME~1\JASONS~1\APPLIC~1\Symantec
2007-05-03 17:08 3,670,016 --ah----- C:\Documents and Settings\JASONS~1\NTUSER.DAT
2007-05-03 17:08 3,670,016 --ah----- C:\DOCUME~1\JASONS~1\NTUSER.DAT
2007-05-03 17:08 262,144 --a------ C:\DOCUME~1\ALLUSE~1\NTUSER.DAT
2007-05-03 17:08 <KANSIO> d--hs---- C:\System Volume Information
2007-05-03 17:08 <KANSIO> d-------- C:\WINDOWS\system32\SoftwareDistribution
2007-05-03 17:08 <KANSIO> d-------- C:\DOCUME~1\JASONS~1\APPLIC~1\Acer
2007-05-03 17:08 <KANSIO> d-------- C:\DOCUME~1\DEFAUL~1\APPLIC~1\Acer
2007-05-03 17:04 <KANSIO> d--hs---- C:\FOUND.000
2007-05-03 16:29 85,376 --a------ C:\WINDOWS\system32\drivers\NABTSFEC.sys
2007-05-03 16:29 53,760 --a------ C:\WINDOWS\system32\vfwwdm32.dll
2007-05-03 16:29 5,504 --a------ C:\WINDOWS\system32\drivers\MSTEE.sys
2007-05-03 16:29 19,328 --a------ C:\WINDOWS\system32\drivers\WSTCODEC.SYS
2007-05-03 16:29 17,024 --a------ C:\WINDOWS\system32\drivers\CCDECODE.sys
2007-05-03 16:29 15,360 --a------ C:\WINDOWS\system32\drivers\StreamIP.sys
2007-05-03 16:29 11,136 --a------ C:\WINDOWS\system32\drivers\SLIP.sys
2007-05-03 16:29 10,880 --a------ C:\WINDOWS\system32\drivers\NdisIP.sys
2007-05-03 16:29 <KANSIO> d-------- C:\WINDOWS\BisonCam
2007-05-03 16:02 261,627 --a------ C:\WINDOWS\EMEAWG.EXE
2007-05-03 16:02 1,154,584 --a------ C:\WINDOWS\YTB.EXE

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-06-02 12:24:46 12 ----a-w C:\WINDOWS\bthservsdp.dat
2007-05-03 14:08:46 1,003 ----a-w C:\WINDOWS\CLEANUP.CMD
2007-05-03 13:01:52 62 ----a-w C:\WINDOWS\HotFix.bat
2007-04-18 16:12:24 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
2007-04-16 19:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2007-04-16 19:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-04-16 19:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-04-16 19:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-04-16 19:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-04-16 19:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-04-16 19:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-04-16 19:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
2007-03-28 15:51:54 538,256 ----a-w C:\WINDOWS\system32\SymNeti.dll
2007-03-28 15:51:52 161,424 ----a-w C:\WINDOWS\system32\SymRedir.dll
2007-03-17 13:43:02 292,864 ----a-w C:\WINDOWS\system32\winsrv.dll
2007-03-08 15:36:28 577,536 ----a-w C:\WINDOWS\system32\user32.dll
2007-03-08 15:36:28 40,960 ----a-w C:\WINDOWS\system32\mf3216.dll
2007-03-08 15:36:28 281,600 ----a-w C:\WINDOWS\system32\gdi32.dll
2007-03-08 13:47:48 1,843,584 ----a-w C:\WINDOWS\system32\win32k.sys

(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}=c:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2004-12-14 01:56]
{5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB}=C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll [2006-05-05 13:55]
{72853161-30C5-4D22-B7F9-0BBC1D38A37E}=C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL [2006-10-27 00:48]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll [2007-03-14 03:43]
{A8F38D8D-E480-4D52-B7A2-731BB6995FDD}=C:\Program Files\Norton AntiVirus\NavShExt.dll [2007-04-02 19:19]
{B56A7D7D-6927-48C8-A975-17DF180C71AC}=C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll [2007-06-02 15:51]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 00:56 C:\WINDOWS\system32\bthprops.cpl]
"LaunchApp"="Alaunch" []
"RTHDCPL"="RTHDCPL.EXE" []
"SkyTel"="SkyTel.EXE" []
"AzMixerSel"="C:\Program Files\Realtek\InstallShield\AzMixerSel.exe" [2005-12-21 15:02]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-03 13:07]
"ADMTray.exe"="C:\Acer\Empowering Technology\admtray.exe" [2005-10-24 16:45]
"eDataSecurity Loader"="C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2005-12-27 15:50]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2005-09-17 15:27]
"ePower_DMC"="C:\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2006-08-10 19:29]
"Acer ePower Management"="C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe" [2006-05-22 12:54]
"LManager"="C:\PROGRA~1\LAUNCH~1\LManager.exe" [2006-07-20 22:15]
"eRecoveryService"="C:\Acer\Empowering Technology\eRecovery\Monitor.exe" [2006-01-24 18:00]
"WarReg_PopUp"="C:\Acer\WR_PopUp\WarReg_PopUp.exe" [2006-09-23 13:08]
"DAEMON Tools-1033"="C:\Program Files\D-Tools\daemon.exe" [2004-08-22 17:05]
"anysee_TR"="C:\Program Files\anysee\anysee-E30\anysee_TR.exe" [2006-06-24 10:43]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-05-03 22:30]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 09:41]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-04-27 11:25]
"Sonera"="C:\Program Files\Sonera\InternetAvustaja\bin\sprtcmd.exe" [2007-04-19 11:09]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2006-01-24 20:24]
"PeerGuardian"="C:\Program Files\PeerGuardian2\pg2.exe" [2005-09-18 18:44]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 20:00]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Spyware Doctor"=

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"="C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [2006-10-27 00:48]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs BthServ

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost *netsvcs*

*Newly Created Service* - AAVMKER4
*Newly Created Service* - ASWMON2
*Newly Created Service* - ASWRDR
*Newly Created Service* - ASWTDI
*Newly Created Service* - AVAST!_ANTIVIRUS
*Newly Created Service* - IKHFILE
*Newly Created Service* - IKHLAYER
*Newly Created Service* - INT15.SYS
*Newly Created Service* - MCHINJDRV
*Newly Created Service* - SDHELPER

Contents of the 'Scheduled Tasks' folder
2007-06-01 17:59:28 C:\WINDOWS\tasks\Norton AntiVirus - Run Full System Scan - Jason Scott.job
2007-05-29 09:44:02 C:\WINDOWS\tasks\AppleSoftwareUpdate.job

********************************************************************

catchme 0.3.692 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-06-02 23:18:10
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scanning hidden processes ...

scanning hidden services ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0

********************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\BTHPORT\Parameters\Services\{00001000-0000-1000-8000-00805f9b34fb}]

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\BTHPORT\Parameters\Services\{00001115-0000-1000-8000-00805f9b34fb}]

Completion time: 2007-06-02 23:19:02

--- E O F ---

...ja tässä uusi hjt log-------------------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 23:23:31, on 2.6.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Acer\Empowering Technology\admServ.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Acer\Empowering Technology\admtray.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\Acer\Empowering Technology\eRecovery\Monitor.exe
C:\PROGRA~1\LAUNCH~1\LManager.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Sonera\InternetAvustaja\bin\sprtcmd.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\PeerGuardian2\pg2.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\igfxext.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\DOCUME~1\JASONS~1\LOCALS~1\Temp\RtkBtMnt.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\Program Files\TweakNow RegCleaner Std\RegCleaner.exe
C:\Program Files\BitComet\BitComet.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Real\RealPlayer\realplay.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Messenger\msmsgs.exe
C:\HJT\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ADMTray.exe] "C:\Acer\Empowering Technology\admtray.exe"
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [Acer ePower Management] C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe boot
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe /idle
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [anysee_TR] C:\Program Files\anysee\anysee-E30\anysee_TR.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Sonera] "C:\Program Files\Sonera\InternetAvustaja\bin\sprtcmd.exe" /P Sonera
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AdminWorks Agent X6 (AWService) - Avocent Inc. - C:\Acer\Empowering Technology\admServ.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: iPod-palvelu (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

Toivottavasti näkyy jotaa...

Auttaja · Jun 2, 2007

njaa, ihan off topiccina

Suoritinkäytön nouseminen saattaa johtua tästä http://neko.1g.fi/ohje/mucpu100.html

Tutki sivu tarkkaan.

JasonSco · Jun 3, 2007

Ei auttanut mikään noista :/ Heittää vieläkin 100% jos menee oma tietokone ja D:...
eli voin kyllä mennä esim. real player > open > D: >ja selata D:n tietoja...se ei nosta kierroksia olenkaan

tomato71 · Jun 3, 2007

Moro!
Poista tuo SpyWare Doctor lisää/poista sovelluksen kautta,tuo ohjelma ei
tule toimeen Nortonin kanssa.Poista myös Avastin jos vielä löytyy lisää/poista sovelluksessa,vain 1 virustorjunta ohjelma koneella
tämä oli vaan välikommentti,Hujo jatkaa lokien kanssa

Log in or Sign up

Suoritinkäyttö nousee 100%, näkeekö vian tästä?

JasonSco Member

Hujo Guest

JasonSco Member

Hujo Guest

JasonSco Member

Auttaja Guest

JasonSco Member

tomato71 Regular member

Share This Page

Log in or Sign up

Suoritinkäyttö nousee 100%, näkeekö vian tästä?

JasonSco Member

Hujo Guest

JasonSco Member

Hujo Guest

JasonSco Member

Auttaja Guest

JasonSco Member

tomato71 Regular member

Share This Page

Useful Searches