TR/Dldr.ConHook.Y

kytherae · Mar 11, 2006

Tällainen on vaivannut jo todella pitkään. Antivir löytää tämän jatkuvasti skannatessaan system32 hakemistoa, mutta ei kuitenkaan kykene poistamaan sitä millään tavalla. (Tai poistaa / siirtää karanteeniin, mutta tiedosto kuitenkin pysyy paikallaan koko ajan.)

Saan usein näitä hälytyksiä eikä mm. Stinger pystynyt sitä havaitsemaan. Välillä saatan saada jotain pop-uppeja blackworm viruksesta ja pyyntöä lataamaan puhdistusohjelmia, jotka luonnollisesti ovat maksullisia.

Tiedosto vaivaa osoitteesta C:\WINDOWS\system32\qopnk.dll tai nimellä QOPNK.dll.

Tietoa ohjelmasta joka tämän kykenisi poistamaan? Tarvitseeko lähettää hijack logia?

Kiitoksia paljon jo etukäteen, varsinkin heille jotka auttoivat minua edellisessä ongelmassani.

blade81 · Mar 11, 2006

Kyllä lähtisin hjt-lokin katsomisesta liikkeelle.

-kemisti- · Mar 11, 2006

Lokia juu vaan tänne, tuo voi olla Vundo

Laita HjT-loki, ohjelman saat täältä -> http://koti.mbnet.fi/pattaya1/HijackThis.exe . Tallenna hakemistoon c:\hjt, käynnistä, klikkaa do a system scan and save a logfile ja lähetä loki tänne.

kytherae · Mar 12, 2006

Jep, tässä on tätä lokia.
-------------------------------------------------------
Logfile of HijackThis v1.99.1
Scan saved at 4:34:34, on 13.3.2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\AVPersonal\AVWUPSRV.EXE
C:\Program Files\Network Monitor\netmon.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Hijack\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://home.microsoft.
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchURL = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank
O2 - BHO: (no name) - {20D57A66-F7DF-467d-907B-9B7F4A118AB7} - C:\WINDOWS\System32\qopnk.dll
O2 - BHO: ATLDistrib Object - {83A5F7B7-DC75-44CE-9195-264F41709FA9} - C:\WINDOWS\System32\wvwxw.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: XBTB04715 - {A8B0BDED-64A5-495b-97DA-42C0301E229B} - C:\PROGRA~1\TOOLBA~1\TOOLBA~1.DLL
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-gb\msntb.dll
O3 - Toolbar: Toolbar888 - {77FBF9B8-1D37-4FF2-9CED-192D8E3ABA6F} - C:\Program Files\Toolbar888\ToolBar888.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-gb\msntb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [bxmon] rundll32.exe C:\WINDOWS\System32\bxmon.dll,start
O4 - HKLM\..\Run: [tcsvc] rundll32.exe C:\WINDOWS\System32\tcsvc.dll,start
O4 - HKLM\..\Run: [winsysban] C:\windows\winsysban11.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [wlib32] rundll32.exe C:\WINDOWS\System32\wlib32.dll,start
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\RunServices: [Windows Firewall Monitor] C:\inp.exe
O4 - HKLM\..\RunServices: [win msdt service] mswindtc.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [win msdt service] mswindtc.exe
O4 - HKCU\..\RunServices: [win msdt service] mswindtc.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O16 - DPF: {74CD40EA-EF77-4BAD-808A-B5982DA73F20} - http://yax-download.yazzle.net/YazzleActiveX.cab?refid=1123
O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/PhtPkMSN.cab
O16 - DPF: {A1F2F2CE-06AF-483C-9F12-D3BAA72477D6} (BatchDownloader Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/DigWXMSN.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: qopnk - C:\WINDOWS\SYSTEM32\qopnk.dll
O20 - Winlogon Notify: winsgf32 - winsgf32.dll (file missing)
O20 - Winlogon Notify: wvwxw - C:\WINDOWS\System32\wvwxw.dll
O23 - Service: AntiVir Scheduler (AntiVirScheduler) - H+BEDV Datentechnik GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Program Files\AVPersonal\AVWUPSRV.EXE
O23 - Service: IpManager (IPtable) - Unknown owner - C:\WINDOWS\ipconfg32.exe (file missing)
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
-------------------------------------------------------

Olen kaukana asiantuntijasta mutta ei toi kovin puhtoiselta vaikuta. Valittelee myös konetta käynnistäessä puuttuvista dll tiedostoista, joten nekin varmaan korjautunevat oikeat kohdat poistettaessa.

Ja näkyyhän tuolla olevan tuttuja tiedostonimiä, jotka saavat jo naaman muuttumaan punaiseksi niitä tuijottaessa.

-Kytherae

-kemisti- · Mar 12, 2006

Mun naama muuttuu myös punaiseksi ja syy on se, että ei ole service packkejä Ja kone on kaukana puhtaasta myös.

Fixaa HjT:llä (do a system scan only, merkkaa ja paina fix checked):

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchURL = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank
O2 - BHO: (no name) - {20D57A66-F7DF-467d-907B-9B7F4A118AB7} - C:\WINDOWS\System32\qopnk.dll
O2 - BHO: ATLDistrib Object - {83A5F7B7-DC75-44CE-9195-264F41709FA9} - C:\WINDOWS\System32\wvwxw.dll
O2 - BHO: XBTB04715 - {A8B0BDED-64A5-495b-97DA-42C0301E229B} - C:\PROGRA~1\TOOLBA~1\TOOLBA~1.DLL
O3 - Toolbar: Toolbar888 - {77FBF9B8-1D37-4FF2-9CED-192D8E3ABA6F} - C:\Program Files\Toolbar888\ToolBar888.dll
O4 - HKLM\..\Run: [bxmon] rundll32.exe C:\WINDOWS\System32\bxmon.dll,start
O4 - HKLM\..\Run: [tcsvc] rundll32.exe C:\WINDOWS\System32\tcsvc.dll,start
O4 - HKLM\..\Run: [winsysban] C:\windows\winsysban11.exe
O4 - HKLM\..\Run: [wlib32] rundll32.exe C:\WINDOWS\System32\wlib32.dll,start
O4 - HKLM\..\RunServices: [Windows Firewall Monitor] C:\inp.exe
O4 - HKLM\..\RunServices: [win msdt service] mswindtc.exe
O4 - HKCU\..\Run: [win msdt service] mswindtc.exe
O4 - HKCU\..\RunServices: [win msdt service] mswindtc.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O16 - DPF: {74CD40EA-EF77-4BAD-808A-B5982DA73F20} - http://yax-download.yazzle.net/YazzleActiveX.cab?refid=1123
O20 - Winlogon Notify: qopnk - C:\WINDOWS\SYSTEM32\qopnk.dll
O20 - Winlogon Notify: winsgf32 - winsgf32.dll (file missing)
O20 - Winlogon Notify: wvwxw - C:\WINDOWS\System32\wvwxw.dll
O23 - Service: IpManager (IPtable) - Unknown owner - C:\WINDOWS\ipconfg32.exe (file missing)
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe

Sitten käynnistä -> suorita -> services.msc -> ok
Etsi listalta:

IpManager
Network Monitor

Tuplaklikkaa niitä, paina seis ja valitse käynnistymistavaksi ei käytössä.

Avaa hjt -> open misc tools -> delete nt service
Syötä nämä yksi kerrallaan ja paina ok:

IPtable
Network Monitor

Hae VundoFix.exe ->http://www.atribune.org/ccount/click.php?id=4 ja tallenna työpöydälle
[*]Tuplaklikkaa VundoFix.exe
[*]Klikkaa Scan for Vundo
[*]Kun skanni on valmis, klikkaa Remove Vundo -nappulaa
[*]Kun kysytään, haluatko poistaa tiedostot, vastaa YES
[*]Kun klikkaat yes, työpöytä häviää, kun Vundon poisto alkaa.
[*]Kun se on valmis, fixi ilmoittaa, että kone sammutetaan. Klikkaa ok.
[*]Käynnistä kone uudelleen

Hae, asenna ja päivitä ewido -> http://keskustelu.afterdawn.com/thread_view.cfm/269186

Käynnistä vikasietotilaan (F8 käynnistyksen yhteydessä)

Poista, jos löytyy:

C:\PROGRA~1\TOOLBA~1
C:\Program Files\Toolbar888
C:\WINDOWS\System32\bxmon.dll
C:\WINDOWS\System32\tcsvc.dll
C:\windows\winsysban11.exe
C:\WINDOWS\System32\wlib32.dll
C:\inp.exe
mswindtc.exe (etsi Etsi-toiminnolla)
C:\WINDOWS\web\related.htm
winsgf32.dll (etsi Etsi-toiminnolla)
C:\WINDOWS\ipconfg32.exe
C:\Program Files\Network Monitor

Skannaa ewidolla ja anna poistaa, mitä löytää, tallenna raportti

Käynnistä uudelleen, lähetä C:\vundofix.txt-tiedoston sisältö, ewidon raportti ja uusi HiJackThis-loki.

kytherae · Mar 13, 2006

Jep, tulipahan tehtyä ja hyvältä tuntu.
-----------------------------------------------------------

VundoFix V4.2.33

Checking Java version...

Java version is 1.5.0.2

Java version is 1.5.0.4

Java version is 1.5.0.6

Scan started at 13:19:51 13.3.2006

Listing files found while scanning....

C:\WINDOWS\System32\wvwxw.dll
C:\WINDOWS\System32\wxwvw.ini
C:\WINDOWS\System32\wxwvw.bak1
C:\WINDOWS\System32\wxwvw.bak2
C:\WINDOWS\System32\wxwvw.ini2
C:\WINDOWS\system32\qopnk.dll

C:\WINDOWS\system32\wxwvw.bak1
C:\WINDOWS\system32\wxwvw.bak2
C:\WINDOWS\system32\wxwvw.ini
C:\WINDOWS\system32\wxwvw.ini2
C:\WINDOWS\system32\wvwxw.dll
C:\WINDOWS\system32\wxwvw.ini2
C:\WINDOWS\system32\wxwvw.bak2
C:\WINDOWS\system32\wxwvw.ini
C:\WINDOWS\system32\wxwvw.ini2
C:\WINDOWS\system32\wvwxw.dll
Attempting to delete C:\WINDOWS\System32\wvwxw.dll
C:\WINDOWS\System32\wvwxw.dll Has been deleted!

Attempting to delete C:\WINDOWS\System32\wxwvw.ini
C:\WINDOWS\System32\wxwvw.ini Has been deleted!

Attempting to delete C:\WINDOWS\System32\wxwvw.bak1
C:\WINDOWS\System32\wxwvw.bak1 Has been deleted!

Attempting to delete C:\WINDOWS\System32\wxwvw.bak2
C:\WINDOWS\System32\wxwvw.bak2 Has been deleted!

Attempting to delete C:\WINDOWS\System32\wxwvw.ini2
C:\WINDOWS\System32\wxwvw.ini2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\qopnk.dll
C:\WINDOWS\system32\qopnk.dll Has been deleted!

Performing Repairs to the registry.
Done!
-----------------------------------------------------------
---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 18:06:32, 13.3.2006
+ Report-Checksum: 95A76B67

+ Scan result:

C:\Documents and Settings\Kytherae\Cookies\kytherae@2o7[2].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Kytherae\Cookies\kytherae@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Kytherae\Cookies\kytherae@cpvfeed[1].txt -> TrackingCookie.Cpvfeed : Cleaned with backup
C:\Documents and Settings\Kytherae\Cookies\kytherae@data1.perf.overture[1].txt -> TrackingCookie.Overture : Cleaned with backup
C:\Documents and Settings\Kytherae\Cookies\kytherae@findwhat[1].txt -> TrackingCookie.Findwhat : Cleaned with backup
C:\Documents and Settings\Kytherae\Cookies\kytherae@perf.overture[1].txt -> TrackingCookie.Overture : Cleaned with backup
C:\Documents and Settings\Kytherae\Cookies\kytherae@revenue[1].txt -> TrackingCookie.Revenue : Cleaned with backup
C:\Documents and Settings\Kytherae\Cookies\kytherae@server.iad.liveperson[1].txt -> TrackingCookie.Liveperson : Cleaned with backup
C:\Documents and Settings\Kytherae\Cookies\kytherae@stats1.reliablestats[1].txt -> TrackingCookie.Reliablestats : Cleaned with backup
C:\Documents and Settings\Kytherae\Cookies\kytherae@tradedoubler[2].txt -> TrackingCookie.Tradedoubler : Cleaned with backup
C:\Documents and Settings\Kytherae\Cookies\kytherae@www.myaffiliateprogram[2].txt -> TrackingCookie.Myaffiliateprogram : Cleaned with backup
C:\Documents and Settings\Kytherae\cx32.exe/rm32.dll -> Downloader.ConHook.y : Cleaned with backup
C:\Documents and Settings\Kytherae\cx32.exe/dr32.exe -> Downloader.VB.vz : Cleaned with backup
C:\Documents and Settings\Kytherae\Local Settings\Temporary Internet Files\Content.IE5\0IP15LZW\YazzleActiveX[1].cab/YazzleActiveX.ocx -> Adware.MediaTickets : Cleaned with backup
C:\Documents and Settings\LocalService.NT AUTHORITY.002\Cookies\system@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\LocalService.NT AUTHORITY.002\Cookies\system@casinotropez[1].txt -> TrackingCookie.Casinotropez : Cleaned with backup
C:\Documents and Settings\LocalService.NT AUTHORITY.002\Cookies\system@tradedoubler[2].txt -> TrackingCookie.Tradedoubler : Cleaned with backup
C:\Documents and Settings\LocalService.NT AUTHORITY.002\Cookies\system@www.casinotropez[2].txt -> TrackingCookie.Casinotropez : Cleaned with backup
C:\Documents and Settings\LocalService.NT AUTHORITY.002\Local Settings\Temporary Internet Files\Content.IE5\GWLPHCP5\id[1].exe -> Adware.ISearch : Cleaned with backup
C:\Documents and Settings\Mikko Tervonen.COMPUTER\Cookies\mikko tervonen@www.web-stat[1].txt -> TrackingCookie.Web-stat : Cleaned with backup
C:\Hijack\backups\backup-20060313-130029-230.dll -> Adware.Virtumonde : Cleaned with backup
C:\Hijack\backups\backup-20060313-130029-632.dll -> Adware.Softomate : Cleaned with backup
C:\Hijack\backups\backup-20060313-130029-751.dll -> Downloader.ConHook.y : Cleaned with backup
C:\Program Files\Common Files\Windows\services32.exe -> Adware.Maxifiles : Cleaned with backup
C:\Program Files\Network Monitor\netmon.exe -> Not-A-Virus.Monitor.Win32.NetMon.a : Cleaned with backup
C:\Program Files\TheSearchAccelerator -> Adware.UCmore : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\UWFX6_0001_N68M2301NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.d : Cleaned with backup
C:\WINDOWS\system32\cx32.exe/rm32.dll -> Downloader.ConHook.y : Cleaned with backup
C:\WINDOWS\system32\cx32.exe/dr32.exe -> Downloader.VB.vz : Cleaned with backup
C:\WINDOWS\system32\khfef.dll -> Adware.Virtumonde : Cleaned with backup
C:\WINDOWS\Temp\ddl117C.tmp.exe -> Dialer.Agent.z : Cleaned with backup
C:\WINDOWS\Temp\ddl1937.tmp.exe -> Dialer.Agent.z : Cleaned with backup
C:\WINDOWS\Temp\ddl19E4.tmp.exe -> Dialer.Agent.z : Cleaned with backup
C:\WINDOWS\Temp\ddl912.tmp.exe -> Dialer.Agent.z : Cleaned with backup
C:\WINDOWS\Temp\ddlCC4.tmp.exe -> Dialer.Agent.z : Cleaned with backup
C:\WINDOWS\Temp\svchost.exe -> Adware.ISearch : Cleaned with backup
C:\WINDOWS\Temp\tmp00c58702 -> Adware.Virtumonde : Cleaned with backup

::Report End
-----------------------------------------------------------
Ja sitten vielä tämä äsken otettu hjt-loki.
Logfile of HijackThis v1.99.1
Scan saved at 18:13:55, on 13.3.2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\AVPersonal\AVWUPSRV.EXE
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Hijack\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://home.microsoft.
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-gb\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-gb\msntb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/PhtPkMSN.cab
O16 - DPF: {A1F2F2CE-06AF-483C-9F12-D3BAA72477D6} (BatchDownloader Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/DigWXMSN.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: AntiVir Scheduler (AntiVirScheduler) - H+BEDV Datentechnik GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Program Files\AVPersonal\AVWUPSRV.EXE
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

-----------------------------------------------------------
Roskiahan löytyy aina, mut tuntuisi vaikuttavan ihan hyvältä nyt. Jokunen siellä vielä taitaa kutsua poistoa. Miltä vaikuttaa?

blade81 · Mar 13, 2006

Tämän voi vielä fixata (tuollaista osoitetta ei ole kuitenkaan ):
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://home.microsoft.

Vaikuttaa paljon paremmalta. Service packiä asentamaan.

-kemisti- · Mar 13, 2006

Jep, kunnossa näkyy olevan

kytherae · Mar 13, 2006

Kiitokset kaikille, varsinkin sinulle -kemisti- selkeistä ohjeista. SP2 en ole asentanut (enkä päivitellyt mitään) Windowsin uudelleen laiton jälkeen, koska en tunnu saavan sitä mistään. Automatic updatet eivät toimi enkä tunnu pääsevän siihen osoitteeseen manuaalisesti enkä mitään muutakaan kautta.

Ohjauspaneelissa ei tunnu olevan nykyään edes sellaista kohtaa kuin Automatic updates.

Ihan sama yritänkö yhdistää osoitteeseen IE:n vaiko Mozillan avulla.

-K

-kemisti- · Mar 13, 2006

Olepa hyvä

SP2:sen suora linkki ->
http://www.microsoft.com/downloads/...BE-3B8E-4F30-8245-9E368D3CDB5A&displaylang=en

Vaihda kieli ensin suomeksi.

Log in or Sign up

TR/Dldr.ConHook.Y

kytherae Member

blade81 Active member

-kemisti- Active member

kytherae Member

-kemisti- Active member

kytherae Member

blade81 Active member

-kemisti- Active member

kytherae Member

-kemisti- Active member

Share This Page

Log in or Sign up

TR/Dldr.ConHook.Y

kytherae Member

blade81 Active member

-kemisti- Active member

kytherae Member

-kemisti- Active member

kytherae Member

blade81 Active member

-kemisti- Active member

kytherae Member

-kemisti- Active member

Share This Page

Useful Searches