Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 18:21:06, on 9.2.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal kahtokaas onkos tässä jotain mätää Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE C:\WINDOWS\system32\CTsvcCDA.EXE C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe C:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE C:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe C:\Program Files\F-Secure\Anti-Virus\fssm32.exe C:\Program Files\F-Secure\Common\FSMA32.EXE C:\Program Files\F-Secure\Common\FSMB32.EXE C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe C:\WINDOWS\Explorer.EXE C:\Program Files\F-Secure\Common\FCH32.EXE C:\Program Files\F-Secure\Common\FAMEH32.EXE C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\UPHClean\uphclean.exe C:\Program Files\F-Secure\Common\FNRB32.EXE C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe C:\Program Files\F-Secure\Common\FIH32.EXE C:\Program Files\F-Secure\Anti-Virus\fsav32.exe C:\Program Files\F-Secure\Common\FSM32.EXE C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe C:\WINDOWS\CTHELPER.EXE C:\WINDOWS\system32\CTXFIHLP.EXE C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\WINDOWS\V0220Mon.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\WINDOWS\SYSTEM32\CTXFISPI.EXE C:\DOCUME~1\Joni\LOCALS~1\Temp\IXP000.TMP\AnyDVD.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe C:\Program Files\F-Secure\BackWeb\7681197\Program\BackWeb-7681197.exe C:\Program Files\Steam\Steam.exe C:\Program Files\uTorrent\uTorrent.exe C:\Program Files\anysee\anysee-E30\anysee_TR.exe C:\Program Files\Windows Live\Messenger\usnsvc.exe C:\Program Files\Mozilla Firefox\firefox.exe G:\Jonin\lataukset\orthos_exe_20060420\k\ORTHOS.exe G:\Jonin\lataukset\CoreTempBeta\core\Core Temp.exe C:\WINDOWS\system32\taskmgr.exe F:\Lataukset\HiJackThis.exe R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit R3 - URLSearchHook: Live TV Toolbar - {b69a9db4-d0a1-4722-b56b-f20757a29cdf} - C:\Program Files\Live_TV\tbLiv1.dll R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O1 - Hosts: 81.31.239.149 paypal.com O1 - Hosts: 81.31.239.149 paypal.com O1 - Hosts: 81.31.239.149 paypal.com O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.1.2.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Live TV Toolbar - {b69a9db4-d0a1-4722-b56b-f20757a29cdf} - C:\Program Files\Live_TV\tbLiv1.dll O3 - Toolbar: Live TV Toolbar - {b69a9db4-d0a1-4722-b56b-f20757a29cdf} - C:\Program Files\Live_TV\tbLiv1.dll O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure\TNB\TNBUtil.exe" /CHECKALL O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" /r O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" O4 - HKLM\..\Run: [V0220Mon.exe] C:\WINDOWS\V0220Mon.exe O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [AnyDVD] C:\DOCUME~1\Joni\LOCALS~1\Temp\IXP000.TMP\AnyDVD.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Paikallinen palve') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Verkkopalve') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.1.2.dll/206 (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15034/CTPID.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: F-Secure Automatic Update (BackWeb Client - 7681197) - Unknown owner - C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Program Files\F-Secure\Common\FNRB32.EXE O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe -- End of file - 8639 bytes
Escan Ohjeet tuolla sivulla. http://koti.mbnet.fi/pattaya1/escanmwav.htm lataa tuosta http://www.spywareinfo.dk/download/mwav.exe päivitä tuosta http://koti.mbnet.fi/pattaya1/lataus/Mwav.bat laita täpit merkkauksien mukaan http://koti.mbnet.fi/pattaya1/eScan6.jpg scannaa jos ala luukkuun tulee jotain niin kopioi se näin: Käytä komentoa Ctrl+A. Kopioi rivit komennolla Ctrl+C. Liitä rivit komennolla Ctrl+V. Laita virus log tänne. =============== sulla on tuo AVG Anti-Spyware 7.5 päivitä ja aja se vikasiedossa
File C:\DOCUME~1\Joni\LOCALS~1\Temp\64mon.exe infected by "Trojan-Downloader.Win32.Alphabet.gen" Virus. Action Taken: File Deleted. File C:\DOCUME~1\Joni\LOCALS~1\Temp\host16.exe infected by "Trojan-Downloader.Win32.Alphabet.gen" Virus. Action Taken: File Deleted. File C:\WINDOWS\Installer\{a640371d-a8af-41e2-a050-837c1ec1a6b1}\KernelComponent.dll infected by "Trojan.Win32.Agent.evy" Virus. Action Taken: File to be deleted on reboot. File C:\WINDOWS\Installer\{870cf8b2-0593-49b5-837f-907f4614a224}\MonCD.dll infected by "Trojan.Win32.Agent.evy" Virus. Action Taken: File to be deleted on reboot. File C:\WINDOWS\system32\ssqnmlj.dll infected by "Trojan.Win32.BHO.axg" Virus. Action Taken: File to be deleted on reboot. File C:\PROGRA~1\Helper\120265~1.DLL tagged as not-a-virus:AdWare.Win32.E404.a. No Action Taken. File C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys infected by "Trojan-Downloader.Win32.Diehard.dr" Virus. Action Taken: File Deleted. File C:\WINDOWS\SYSTEM32\DRIVERS\JIE08.SYS infected by "Trojan-Downloader.Win32.Agent.ici" Virus. Action Taken: File Deleted. File C:\WINDOWS\system32\4fdw.dll infected by "Trojan.Win32.Agent.fcn" Virus. Action Taken: File Deleted. File C:\WINDOWS\system32\cbxuttq.dll infected by "Trojan.Win32.BHO.axg" Virus. Action Taken: File Deleted. File C:\WINDOWS\system32\efcyvww.dll infected by "Trojan.Win32.BHO.axg" Virus. Action Taken: File Deleted. File C:\WINDOWS\system32\mljgdab.dll tagged as not-a-virus:AdWare.Win32.Virtumonde.gen. No Action Taken. File C:\WINDOWS\system32\pmnllli.dll tagged as not-a-virus:AdWare.Win32.Virtumonde.gen. No Action Taken. File C:\WINDOWS\system32\wingqy32.dll infected by "Trojan.Win32.Dialer.yz" Virus. Action Taken: File to be deleted on reboot. File C:\WINDOWS\system32\winlkk32.dll infected by "Trojan.Win32.Dialer.yz" Virus. Action Taken: File Deleted. File C:\WINDOWS\system32\winnfn32.dll infected by "Trojan.Win32.Dialer.yz" Virus. Action Taken: File Deleted. File C:\Documents and Settings\Joni\Local Settings\Temp\gos14B0.tmp infected by "Trojan.Win32.Dialer.yz" Virus. Action Taken: File Deleted. File C:\Documents and Settings\Joni\Local Settings\Temp\gos157C.tmp infected by "Trojan.Win32.Dialer.yz" Virus. Action Taken: File Deleted. File C:\Documents and Settings\Joni\Local Settings\Temp\win14B9.exe~ infected by "Trojan.Win32.Dialer.yz" Virus. Action Taken: File Deleted. File C:\Documents and Settings\Joni\Local Settings\Temp\win1582.exe~ infected by "Trojan.Win32.Dialer.yz" Virus. Action Taken: File Deleted. File C:\Documents and Settings\Joni\Local Settings\Temp\win174A.exe~ infected by "Trojan.Win32.Dialer.yz" Virus. Action Taken: File Deleted. File C:\Documents and Settings\Joni\Local Settings\Temporary Internet Files\Content.IE5\EIVZR58I\1202656453[1].exe infected by "Trojan-Downloader.Win32.Alphabet.gen" Virus. Action Taken: File Deleted. File C:\Documents and Settings\Joni\Local Settings\Temporary Internet Files\Content.IE5\EIVZR58I\1202656470[1].exe infected by "Trojan-Downloader.Win32.Agent.ipp" Virus. Action Taken: File Deleted. File C:\Documents and Settings\Joni\Local Settings\Temporary Internet Files\Content.IE5\EIVZR58I\lmmqrv[1].htm tagged as not-a-virus:AdWare.Win32.E404.e. No Action Taken. File C:\Documents and Settings\Joni\Local Settings\Temporary Internet Files\Content.IE5\NDU1UF1Q\17PHolmes[1].cmt infected by "Trojan-Downloader.Win32.Agent.iug" Virus. Action Taken: File Deleted. File C:\Documents and Settings\Joni\Local Settings\Temporary Internet Files\Content.IE5\NDU1UF1Q\nwabo[1].txt infected by "Trojan-Downloader.Win32.Agent.hyy" Virus. Action Taken: File Deleted. File C:\Documents and Settings\Joni\Local Settings\Temporary Internet Files\Content.IE5\NDU1UF1Q\sgxllcqhhy[1].htm infected by "Backdoor.Win32.Agobot.app" Virus. Action Taken: File Renamed. File C:\Documents and Settings\Joni\SmitfraudFix\Reboot.exe tagged as not-a-virus:RiskTool.Win32.Reboot.f. No Action Taken. File C:\Documents and Settings\Joni\Työpöytä\VDownloader\VDownloader.exe tagged as not-a-virusownloader.Win32.VDown.a. No Action Taken. File C:\Program Files\Helper\1202656270.dll tagged as not-a-virus:AdWare.Win32.E404.a. No Action Taken. File C:\Program Files\tmp127078.exe infected by "Trojan-Downloader.Win32.Alphabet.gen" Virus. Action Taken: File Deleted. File C:\Program Files\tmp134078.exe infected by "Trojan-Downloader.Win32.Alphabet.gen" Virus. Action Taken: File Deleted. File C:\RECYCLER\S-1-5-21-1482476501-1844237615-725345543-1003\Dc4.exe infected by "Backdoor.Win32.Agobot.app" Virus. Action Taken: File Renamed. File C:\System Volume Information\_restore{860F4BC7-F072-4EAA-9722-280DFB24D517}\RP142\A0042481.exe tagged as not-a-virus:RiskTool.Win32.Reboot.f. No Action Taken. File C:\System Volume Information\_restore{860F4BC7-F072-4EAA-9722-280DFB24D517}\RP142\A0042486.exe tagged as not-a-virus:RiskTool.Win32.Reboot.f. No Action Taken. File C:\System Volume Information\_restore{860F4BC7-F072-4EAA-9722-280DFB24D517}\RP163\A0055500.sys infected by "Trojan-Downloader.Win32.Diehard.dr" Virus. Action Taken: File Deleted. File C:\System Volume Information\_restore{860F4BC7-F072-4EAA-9722-280DFB24D517}\RP163\A0055501.sys infected by "Trojan-Downloader.Win32.Agent.ici" Virus. Action Taken: File Deleted. File C:\System Volume Information\_restore{860F4BC7-F072-4EAA-9722-280DFB24D517}\RP163\A0055504.dll infected by "Trojan.Win32.Agent.fcn" Virus. Action Taken: File Deleted. File C:\System Volume Information\_restore{860F4BC7-F072-4EAA-9722-280DFB24D517}\RP163\A0055506.dll infected by "Trojan.Win32.BHO.axg" Virus. Action Taken: File Deleted. File C:\System Volume Information\_restore{860F4BC7-F072-4EAA-9722-280DFB24D517}\RP163\A0055507.dll infected by "Trojan.Win32.BHO.axg" Virus. Action Taken: File Deleted. File C:\System Volume Information\_restore{860F4BC7-F072-4EAA-9722-280DFB24D517}\RP164\A0055509.dll infected by "Trojan.Win32.Dialer.yz" Virus. Action Taken: File Deleted. File C:\System Volume Information\_restore{860F4BC7-F072-4EAA-9722-280DFB24D517}\RP164\A0055510.dll infected by "Trojan.Win32.Dialer.yz" Virus. Action Taken: File Deleted. File C:\System Volume Information\_restore{860F4BC7-F072-4EAA-9722-280DFB24D517}\RP164\A0055515.exe infected by "Trojan-Downloader.Win32.Agent.hyy" Virus. Action Taken: File Deleted. File C:\System Volume Information\_restore{860F4BC7-F072-4EAA-9722-280DFB24D517}\RP164\A0055516.exe infected by "Trojan-Downloader.Win32.Alphabet.gen" Virus. Action Taken: File Deleted. File C:\System Volume Information\_restore{860F4BC7-F072-4EAA-9722-280DFB24D517}\RP164\A0055517.exe infected by "Trojan-Downloader.Win32.Alphabet.gen" Virus. Action Taken: File Deleted. File C:\System Volume Information\_restore{860F4BC7-F072-4EAA-9722-280DFB24D517}\RP164\A0055518.exe infected by "Backdoor.Win32.Agobot.app" Virus. Action Taken: File Renamed. File C:\WINDOWS\Installer\{07fa74ae-acc1-49be-a76d-d87a898e96ca}\RunOnceCD.dll infected by "Trojan.Win32.Agent.evy" Virus. Action Taken: File Deleted. File C:\WINDOWS\Installer\{3a93b15d-0155-4a50-a9de-a5447cbc2567}\zip.dll infected by "Trojan-Downloader.Win32.BHO.cm" Virus. Action Taken: File to be deleted on reboot. File C:\WINDOWS\system32\mljgdab.dll tagged as not-a-virus:AdWare.Win32.Virtumonde.gen. No Action Taken. File C:\WINDOWS\system32\pmnllli.dll tagged as not-a-virus:AdWare.Win32.Virtumonde.gen. No Action Taken. File F:\Lataukset\Kopio SmitfraudFix.exe tagged as not-a-virus:RiskTool.Win32.Reboot.f. No Action Taken. File F:\Lataukset\SmitfraudFix\Reboot.exe tagged as not-a-virus:RiskTool.Win32.Reboot.f. No Action Taken. File F:\Lataukset\SmitfraudFix(2).exe tagged as not-a-virus:RiskTool.Win32.Reboot.f. No Action Taken. File F:\Lataukset\SmitfraudFix.exe tagged as not-a-virus:RiskTool.Win32.Reboot.f. No Action Taken. File F:\Lataukset\Style_XP_2.16.txt.exe tagged as not-a-virus:AdWare.Win32.Virtumonde.gen. No Action Taken. File F:\RECYCLER\S-1-5-21-1482476501-1844237615-725345543-1003\Df1\install.exe infected by "Trojan-Downloader.Win32.Small.ihc" Virus. Action Taken: File Deleted. File F:\System Volume Information\_restore{860F4BC7-F072-4EAA-9722-280DFB24D517}\RP164\A0055520.exe infected by "Trojan-Downloader.Win32.Small.ihc" Virus. Action Taken: File Deleted. File G:\Jonin\lataukset\Ahead_Nero_7_Premium_7_serial_number.txt.exe tagged as not-a-virus:AdWare.Win32.Virtumonde.gen. No Action Taken. File G:\Jonin\lataukset\SmitfraudFix.exe tagged as not-a-virus:RiskTool.Win32.Reboot.f. No Action Taken. tässä tää virus loki
Lataa tuolta http://www.ccleaner.com/download/builds.aspx CCleaner v2.03.532- Standard Build, ÄLÄ aseenna Yahoo toolbaria! laita asetukset näin: Valinnat --> Lisäasetukset --> Ota ruksi pois kohdasta Poista vain yli 48 tuntia vanhat tilapäistiedostot. aja Puhdistaja > tutki nappi > aja ccleaner nappi oikea alakulma aja Virheet > etsi rekisteri virheitä nappi > Korjaa rekisteri virheet. nappi ================= Lataa VundoFix.exe työpöydällesi. Tupla-klikkaa VundoFix.exe ajaaksesi sen. Klikkaa Scan for Vundo valintaa. Kun skannaus on valmis, klikkaa Remove Vundo valintaa. Sinulta kysytään haluatko poistaa filut - klikkaa YES. Kun olet klikannut yes, työpöytäsi tyhjenee kun se alkaa poistamaan Vundoa. Kun se on valmis, fiksi ilmoittaa käynnistäväsi koneesi uudelleen, klikkaa OK. Postita C:\vundofix.txt lokin sekä tuoreen HijackThis lokin sisältö. Huomaa: Se on mahdollista että VundoFix löysi tiedoston jota se ei pystynyt poistamaan. Tässä tilanteessa, VundoFix ajaa itsensä rebootissa, seuraa vain yläpuolelle olevia ohjeita alkaen kohdasta "Klikkaa Scan for Vundo valintaa." kun VundoFix ilmaantuu uudelleenkäynnistyksen yhteydessä. ================ Uudelleen nimeäminen 1. Klikkaa hiiren oikealla painikkeella HijackThis ikonia. 2. Valitse Uudelleennineä/ Rename. 3. Kirjoita scanner.exe ===== Lataa NoLop työpöydällesi yhdestä seuraavista linkeistä... Linkki1 Linkki2 Linkki3 1.Sulje kaikki ohjelmat, koska tämä vaihe vaatii uudelleenkäynnistyksen 2.Tuplaklikkaa NoLop.exe ajaaksesi sen 3.Klikkaa nappulaa "Search and Destroy" <<Tietokoneesi skannataan saastuneiden tiedostojen osalta>> 4, Kun skannaus on valmis, sinua pyydetään käynnistämään kone uudestaan, jos infektio löytyy. Klikkaa OK 5. Klikkaa "REBOOT"-painiketta. 6. NoLopin pitäisi antaa viesti. Jos ei, tuplaklikkaa ohjelmaa ja se valmistuu. Lähetä C:\NoLop.log-tiedoston sisältö uuden HijackThis-lokin kera. -- Jos saat seuraavan virheen, "mscomctl.ocx or one of its dependencies are not correctly registered," lataa mscomctl.ocx ja tallenna se system32-hakemistoosi (yleensä c:\Windows\system32). Tämän jälkeen aja ohjelma uudestaan. ============== -Lataa tämä ohjelma! HostsXpert.zip - Tee uusi kansio: C:\HostsXpert - Pura kansioon C:\HostsXpert Täältä englanniksi lisäohjeita - Paina HostsXpert.exe ajaaksesi sen (sen pitää siis olla tuolla C:\HostsXpert kansiossa) - Paina "Make Hosts Writable?" oikeassa yläkulmassa (jos toiminnassa) - Klikkaa "Restore Microsoft's Hosts File" ja sitten OK - Paina X lopettaaksesi
