lokitiedot

kone yskii .... avast ilmoittelee jostain troijalaisesta



Logfile of HijackThis v1.99.1
Scan saved at 15:28:56, on 15.5.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\dcomcfg.exe
C:\WINDOWS\system32\carpserv.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\HPQ\One-Touch\OneTouch.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\Logi_MwX.Exe
C:\Program Files\TrojanHunter 4.5\THGuard.exe
C:\WINDOWS\system32\flcss.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Wireless LAN Utility\Am772cfg.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\HPConfig.exe
C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\LVComsX.exe
C:\Documents and Settings\Toni Nieminen\Työpöytä\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://haku.soneraplaza.fi/haku/queryie5.jsp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.soneraplaza.fi
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer - toimittaja Sonera Internet
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.dial.inet.fi:800
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.fi;*.*.fi;*.*.*.fi;;localhost;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: Nothing - {b0398eca-0bcd-4645-8261-5e9dc70248d0} - C:\WINDOWS\system32\hpC9DA.tmp
O3 - Toolbar: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [Display Settings] C:\Program Files\HPQ\Notebook Utilities\hptasks.exe /s
O4 - HKLM\..\Run: [QT4HPOT] C:\Program Files\HPQ\One-Touch\OneTouch.EXE
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.5\THGuard.exe"
O4 - HKLM\..\Run: [F-Secure Anti-FunLove] C:\WINDOWS\system32\flcss.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Startup: AM772CFG.lnk = ?
O14 - IERESET.INF: START_PAGE_URL=http://www.soneraplaza.fi
O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://support.f-secure.com/ols3/fscax.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: HP Configuration Interface Service (HPConfig) - Hewlett-Packard - C:\WINDOWS\system32\HPConfig.exe
O23 - Service: HPWirelessMgr - Hewlett-Packard Co. - C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

 

Lataa SmitfraudFix (c) S!Ri
http://siri.urz.free.fr/Fix/SmitfraudFix.zip
Pura sisältö (kansio nimeltä SmitfraudFix) työpöydällesi:

Avaa SmitfraudFix kansio ja tupla-klikkaa smitfraudfix.cmd
Valitse optio #1 - Search kirjoittamalla 1 ja painamalla "Enter"; tekstitiedosto avautuu, joka listaa tarttuneet tiedostot (jos olemassa).
Postita tämän tekstitiedoston sisältö viestiketjuusi.

 

SmitFraudFix v2.44

Fichier Process.exe absent !
Dezippez la totalité de l'archive dans un dossier.

Process.exe file missing !
Unzip all the archive in a folder.

Jatka painamalla mitä tahansa näppäintä . . .



jotakin tollast heitti kone ilmoille

 

Jep, avast poisti process.exen ja siksi ei toiminut.

Älä anna sen poistaa sitä.

Jos se silti poistaa sen, tee näin:

1) Ota nettipiuha pois päältä
2) Ota avast! pois päältä
3) Pura se zippi uudestaan työpöydälle
4) Aja smitfraud.cmd
5) Laita avast! takaisin päälle
6) Laita nettipiuha takaisin päälle.

Pitäisi toimia

 

samaa kone herjaa eli

SmitFraudFix v2.44

Fichier Process.exe absent !
Dezippez la totalité de l'archive dans un dossier.

Process.exe file missing !
Unzip all the archive in a folder.

Jatka painamalla mitä tahansa näppäintä . . .



käynnistelin uudelleen koko koneen mut ei vaan auttanu....


eli irotin piuhan ja avast pois ja silleen , vois ehkä onnistuu kus osais laittaa avastiin sallituk sen Process.exen

 

avasti hälytys listasta löytyy jotain juttui siitä pöpöstä lei liitän sen tiedot tähän (kuulemma joka pöpöl on oma poisto ohjelma,mun mieles se on herjannu 3-erilaisesta


tässä lista

10.5.2006 13:07:37 SYSTEM 636 Sign of "Win32:Trojano-CL [Trj]" has been found in "C:\WINDOWS\system32\1024\ldABD.tmp\[UPX]" file.
10.5.2006 13:26:24 SYSTEM 680 Sign of "Win32:Trojano-CL [Trj]" has been found in "C:\WINDOWS\system32\1024\ld13DC.tmp\[UPX]" file.
10.5.2006 16:17:10 SYSTEM 680 Sign of "Win32:Trojano-CL [Trj]" has been found in "C:\WINDOWS\system32\1024\ld6CA4.tmp\[UPX]" file.
10.5.2006 16:41:41 SYSTEM 680 Sign of "Win32:Trojano-CL [Trj]" has been found in "C:\WINDOWS\system32\1024\ld618D.tmp\[UPX]" file.
10.5.2006 17:48:58 SYSTEM 680 Sign of "Win32:Trojano-CL [Trj]" has been found in "C:\WINDOWS\system32\1024\ldFA66.tmp\[UPX]" file.
10.5.2006 18:18:54 SYSTEM 680 Sign of "Win32:Trojano-CL [Trj]" has been found in "C:\WINDOWS\system32\1024\ld5F4B.tmp\[UPX]" file.
10.5.2006 20:45:13 SYSTEM 680 Sign of "Win32:Trojano-CL [Trj]" has been found in "C:\WINDOWS\system32\1024\ld4F6D.tmp\[UPX]" file.
10.5.2006 21:12:11 SYSTEM 680 Sign of "Win32:Trojano-CL [Trj]" has been found in "C:\WINDOWS\system32\1024\ldF443.tmp\[UPX]" file.
10.5.2006 21:38:27 SYSTEM 680 Sign of "Win32:Trojano-CL [Trj]" has been found in "C:\WINDOWS\system32\1024\ldE1C.tmp\[UPX]" file.
10.5.2006 21:48:53 SYSTEM 680 Sign of "Win32:Trojano-2062 [Trj]" has been found in "C:\Program Files\Error Safe Free\is-TFNV2.tmp" file.
10.5.2006 21:49:39 SYSTEM 680 Sign of "Win32:Trojano-2062 [Trj]" has been found in "C:\Program Files\Error Safe Free\is-M2BPV.tmp" file.
10.5.2006 21:49:58 SYSTEM 680 Sign of "Win32:Trojano-2062 [Trj]" has been found in "C:\Program Files\Error Safe Free\is-R4R3N.tmp" file.
10.5.2006 21:50:21 SYSTEM 680 Sign of "Win32:Trojano-2062 [Trj]" has been found in "C:\Program Files\Error Safe Free\is-ANC4O.tmp" file.
10.5.2006 21:55:30 SYSTEM 680 Sign of "Win32:Trojano-2062 [Trj]" has been found in "C:\RECYCLER\S-1-5-21-117609710-1580818891-1708537768-1004\Dc4.tmp" file.
10.5.2006 22:03:55 SYSTEM 680 Sign of "Win32:Trojano-CL [Trj]" has been found in "C:\WINDOWS\system32\1024\ld5FA2.tmp\[UPX]" file.
10.5.2006 22:29:38 SYSTEM 680 Sign of "Win32:Trojano-CL [Trj]" has been found in "C:\WINDOWS\system32\1024\ldEC39.tmp\[UPX]" file.
10.5.2006 22:55:52 SYSTEM 680 Sign of "Win32:Trojano-CL [Trj]" has been found in "C:\WINDOWS\system32\1024\ldE7F3.tmp\[UPX]" file.
10.5.2006 23:23:47 SYSTEM 680 Sign of "Win32:Trojano-CL [Trj]" has been found in "C:\WINDOWS\system32\1024\ld5FB7.tmp\[UPX]" file.
10.5.2006 23:26:06 SYSTEM 680 Sign of "Win32:Trojano-CL [Trj]" has been found in "C:\WINDOWS\system32\1024\ld5FB7.tmp\[UPX]" file.
10.5.2006 23:58:49 SYSTEM 716 Sign of "Win32:Trojano-CL [Trj]" has been found in "C:\WINDOWS\system32\1024\ld1685.tmp\[UPX]" file.
11.5.2006 0:24:35 SYSTEM 716 Sign of "Win32:Zlob-BN [Trj]" has been found in "C:\WINDOWS\system32\1024\ldA865.tmp\[Upack]" file.
11.5.2006 6:06:39 SYSTEM 716 Sign of "Win32:Trojano-CL [Trj]" has been found in "C:\WINDOWS\system32\1024\ldDE72.tmp\[UPX]" file.
11.5.2006 6:24:09 SYSTEM 720 Sign of "Win32:Zlob-BN [Trj]" has been found in "C:\WINDOWS\system32\1024\ld2179.tmp\[Upack]" file.
11.5.2006 6:24:43 SYSTEM 720 Sign of "Win32:Trojano-CL [Trj]" has been found in "C:\WINDOWS\system32\1024\ldA8B5.tmp\[UPX]" file.
11.5.2006 6:50:04 SYSTEM 720 Sign of "Win32:Zlob-BN [Trj]" has been found in "C:\WINDOWS\system32\1024\ldD4FD.tmp\[Upack]" file.
11.5.2006 6:50:27 SYSTEM 720 Sign of "Win32:Trojano-CL [Trj]" has been found in "C:\WINDOWS\system32\1024\ld375F.tmp\[UPX]" file.
11.5.2006 7:03:55 SYSTEM 880 Sign of "Win32:Zlob-BN [Trj]" has been found in "C:\WINDOWS\system32\1024\ld1816.tmp\[Upack]" file.
11.5.2006 7:05:54 SYSTEM 880 Sign of "Win32:Trojano-CL [Trj]" has been found in "C:\WINDOWS\system32\1024\ldEDBF.tmp\[UPX]" file.
11.5.2006 7:33:01 SYSTEM 828 Sign of "Win32:Zlob-BN [Trj]" has been found in "C:\WINDOWS\system32\1024\ld2794.tmp\[Upack]" file.
11.5.2006 7:33:40 SYSTEM 828 Sign of "Win32:Trojano-CL [Trj]" has been found in "C:\WINDOWS\system32\1024\ldC5DA.tmp\[UPX]" file.
11.5.2006 7:57:48 SYSTEM 704 Sign of "Win32:Zlob-BN [Trj]" has been found in "C:\WINDOWS\system32\1024\ld1C64.tmp\[Upack]" file.
11.5.2006 7:58:17 SYSTEM 704 Sign of "Win32:Trojano-CL [Trj]" has been found in "C:\WINDOWS\system32\1024\ld8F34.tmp\[UPX]" file.
11.5.2006 8:23:35 SYSTEM 704 Sign of "Win32:Zlob-BN [Trj]" has been found in "C:\WINDOWS\system32\1024\ldAEE3.tmp\[Upack]" file.
11.5.2006 8:24:20 SYSTEM 704 Sign of "Win32:Trojano-CL [Trj]" has been found in "C:\WINDOWS\system32\1024\ld69CC.tmp\[UPX]" file.
11.5.2006 8:49:56 SYSTEM 704 Sign of "Win32:Zlob-BN [Trj]" has been found in "C:\WINDOWS\system32\1024\ldD5E1.tmp\[Upack]" file.
11.5.2006 8:50:28 SYSTEM 704 Sign of "Win32:Trojano-CL [Trj]" has been found in "C:\WINDOWS\system32\1024\ld568A.tmp\[UPX]" file.
11.5.2006 9:16:15 SYSTEM 704 Sign of "Win32:Zlob-BN [Trj]" has been found in "C:\WINDOWS\system32\1024\ldAD08.tmp\[Upack]" file.
11.5.2006 9:17:39 SYSTEM 704 Sign of "Win32:Trojano-CL [Trj]" has been found in "C:\WINDOWS\system32\1024\ld32BB.tmp\[UPX]" file.
11.5.2006 14:01:50 SYSTEM 684 Sign of "Win32:Zlob-BN [Trj]" has been found in "C:\WINDOWS\system32\1024\ld1E3A.tmp\[Upack]" file.
11.5.2006 14:02:14 SYSTEM 684 Sign of "Win32:Zlob-BM [Trj]" has been found in "C:\WINDOWS\system32\atmclk.exe\[Upack]" file.
11.5.2006 14:02:32 SYSTEM 684 Sign of "Win32:Trojano-CL [Trj]" has been found in "C:\WINDOWS\system32\1024\ld8205.tmp\[UPX]" file.
11.5.2006 14:27:52 SYSTEM 684 Sign of "Win32:Zlob-BN [Trj]" has been found in "C:\WINDOWS\system32\1024\ldFA81.tmp\[Upack]" file.
11.5.2006 14:28:08 SYSTEM 684 Sign of "Win32:Trojano-CL [Trj]" has been found in "C:\WINDOWS\system32\1024\ld38C8.tmp\[UPX]" file.
11.5.2006 14:53:27 SYSTEM 684 Sign of "Win32:Zlob-BN [Trj]" has been found in "C:\WINDOWS\system32\1024\ld6646.tmp\[Upack]" file.
11.5.2006 14:53:39 SYSTEM 684 Sign of "Win32:Trojano-CL [Trj]" has been found in "C:\WINDOWS\system32\1024\ld940B.tmp\[UPX]" file.
11.5.2006 15:18:53 SYSTEM 684 Sign of "Win32:Zlob-BN [Trj]" has been found in "C:\WINDOWS\system32\1024\ldAD3B.tmp\[Upack]" file.
11.5.2006 15:31:39 SYSTEM 684 Sign of "Win32:Trojano-CL [Trj]" has been found in "C:\WINDOWS\system32\1024\ld5D31.tmp\[UPX]" file.
11.5.2006 18:27:03 SYSTEM 684 Sign of "Win32:Zlob-BN [Trj]" has been found in "C:\WINDOWS\system32\1024\ldEA7B.tmp\[Upack]" file.
11.5.2006 18:30:30 SYSTEM 684 Sign of "Win32:Trojano-CL [Trj]" has been found in "C:\WINDOWS\system32\1024\ld19FD.tmp\[UPX]" file.
11.5.2006 18:55:58 SYSTEM 684 Sign of "Win32:Zlob-BN [Trj]" has been found in "C:\WINDOWS\system32\1024\ld6799.tmp\[Upack]" file.
11.5.2006 19:27:42 SYSTEM 684 Sign of "Win32:Trojano-CL [Trj]" has been found in "C:\WINDOWS\system32\1024\ld7137.tmp\[UPX]" file.
11.5.2006 19:53:14 SYSTEM 684 Sign of "Win32:Zlob-BN [Trj]" has been found in "C:\WINDOWS\system32\1024\ldD529.tmp\[Upack]" file.
11.5.2006 20:03:50 SYSTEM 684 Sign of "Win32:Trojano-CL [Trj]" has been found in "C:\WINDOWS\system32\1024\ld8E54.tmp\[UPX]" file.
11.5.2006 20:29:41 SYSTEM 684 Sign of "Win32:Zlob-BN [Trj]" has been found in "C:\WINDOWS\system32\1024\ld3888.tmp\[Upack]" file.
11.5.2006 20:37:11 SYSTEM 684 Sign of "Win32:Trojano-CL [Trj]" has been found in "C:\WINDOWS\system32\1024\ld160F.tmp\[UPX]" file.
11.5.2006 21:31:01 SYSTEM 684 Sign of "Win32:Zlob-BN [Trj]" has been found in "C:\WINDOWS\system32\1024\ld4048.tmp\[Upack]" file.
11.5.2006 21:32:52 SYSTEM 684 Sign of "Win32:Trojano-CL [Trj]" has been found in "C:\WINDOWS\system32\1024\ldEFA.tmp\[UPX]" file.
11.5.2006 21:46:56 SYSTEM 688 Sign of "Win32:Zlob-BN [Trj]" has been found in "C:\WINDOWS\system32\1024\ld1C8C.tmp\[Upack]" file.
11.5.2006 21:47:53 SYSTEM 688 Sign of "Win32:Trojano-CL [Trj]" has been found in "C:\WINDOWS\system32\1024\ldFCA8.tmp\[UPX]" file.
11.5.2006 22:13:24 SYSTEM 688 Sign of "Win32:Zlob-BN [Trj]" has been found in "C:\WINDOWS\system32\1024\ld4E9C.tmp\[Upack]" file.
11.5.2006 22:15:32 SYSTEM 688 Sign of "Win32:Trojano-CL [Trj]" has been found in "C:\WINDOWS\system32\1024\ld4C99.tmp\[UPX]" file.
11.5.2006 22:41:54 SYSTEM 688 Sign of "Win32:Zlob-BN [Trj]" has been found in "C:\WINDOWS\system32\1024\ld5C3D.tmp\[Upack]" file.
11.5.2006 22:43:49 SYSTEM 688 Sign of "Win32:Trojano-CL [Trj]" has been found in "C:\WINDOWS\system32\1024\ld2DA2.tmp\[UPX]" file.
11.5.2006 23:56:29 SYSTEM 688 Sign of "Win32:CTX" has been found in "C:\WINDOWS\system32\ActiveScan\SET2B.tmp" file.
11.5.2006 23:57:35 SYSTEM 688 Sign of "Win32:CTX" has been found in "C:\WINDOWS\system32\ActiveScan\SET2C.tmp" file.
11.5.2006 23:57:49 SYSTEM 688 Sign of "Win32:CTX" has been found in "C:\WINDOWS\system32\ActiveScan\pskavs.dll" file.
12.5.2006 0:38:16 SYSTEM 688 Sign of "Win32:Zlob-BN [Trj]" has been found in "C:\DOCUME~1\TONINI~1\LOCALS~1\Temp\VCI8FHa03280\[Upack]" file.
12.5.2006 0:39:15 SYSTEM 688 Sign of "Win32:Trojano-CL [Trj]" has been found in "C:\DOCUME~1\TONINI~1\LOCALS~1\Temp\VCI8FHa03280" file.
12.5.2006 8:23:55 SYSTEM 712 Sign of "Win32:Zlob-BN [Trj]" has been found in "C:\WINDOWS\system32\1024\ld2300.tmp\[Upack]" file.
12.5.2006 8:24:19 SYSTEM 712 Sign of "Win32:Trojano-CL [Trj]" has been found in "C:\WINDOWS\system32\1024\ld7FC0.tmp\[UPX]" file.
12.5.2006 8:49:44 SYSTEM 712 Sign of "Win32:Zlob-BN [Trj]" has been found in "C:\WINDOWS\system32\1024\ldACD0.tmp\[Upack]" file.
12.5.2006 8:50:58 SYSTEM 712 Sign of "Win32:Trojano-CL [Trj]" has been found in "C:\WINDOWS\system32\1024\ldE0B8.tmp\[UPX]" file.
12.5.2006 9:33:35 Toni Nieminen 572 Sign of "Win32:Agent-TF [Trj]" has been found in "C:\Documents and Settings\Toni Nieminen\Local Settings\Temporary Internet Files\Content.IE5\TBZL7BXS\mw_install[1].exe" file.
12.5.2006 10:55:52 Toni Nieminen 572 Sign of "Win32:Zlob-BN [Trj]" has been found in "C:\Program Files\Alwil Software\Avast4\DATA\moved\[Upack].vir\[Upack]" file.
12.5.2006 11:04:06 Toni Nieminen 572 Sign of "Win32:Trojano-CL [Trj]" has been found in "C:\Program Files\Alwil Software\Avast4\DATA\moved\[UPX].vir\[UPX]" file.
12.5.2006 19:32:56 SYSTEM 708 Sign of "Win32:Zlob-BN [Trj]" has been found in "C:\WINDOWS\system32\1024\ld6E80.tmp\[Upack]" file.
12.5.2006 19:33:21 SYSTEM 708 Sign of "Win32:Trojano-CL [Trj]" has been found in "C:\WINDOWS\system32\1024\ldD196.tmp\[UPX]" file.
12.5.2006 19:58:43 SYSTEM 708 Sign of "Win32:Zlob-BN [Trj]" has been found in "C:\WINDOWS\system32\1024\ld6B5.tmp\[Upack]" file.
12.5.2006 20:08:06 SYSTEM 708 Sign of "Win32:Trojano-CL [Trj]" has been found in "C:\WINDOWS\system32\1024\ldA439.tmp\[UPX]" file.
14.5.2006 10:56:18 SYSTEM 108 Sign of "Win32:Zlob-BN [Trj]" has been found in "C:\WINDOWS\system32\1024\ld70E3.tmp\[Upack]" file.
14.5.2006 10:56:43 SYSTEM 108 Sign of "Win32:Zlob-BM [Trj]" has been found in "C:\WINDOWS\system32\atmclk.exe\[Upack]" file.
14.5.2006 10:56:56 SYSTEM 108 Sign of "Win32:Trojano-CL [Trj]" has been found in "C:\WINDOWS\system32\1024\ldD99B.tmp\[UPX]" file.
14.5.2006 11:22:10 SYSTEM 108 Sign of "Win32:Zlob-BN [Trj]" has been found in "C:\WINDOWS\system32\1024\ld248E.tmp\[Upack]" file.
14.5.2006 11:22:25 SYSTEM 108 Sign of "Win32:Trojano-CL [Trj]" has been found in "C:\WINDOWS\system32\1024\ld6018.tmp\[UPX]" file.
15.5.2006 8:49:59 SYSTEM 652 Sign of "Win32:Zlob-BN [Trj]" has been found in "C:\WINDOWS\system32\1024\ld71D3.tmp\[Upack]" file.
15.5.2006 8:51:25 SYSTEM 652 Sign of "Win32:Zlob-BM [Trj]" has been found in "C:\WINDOWS\system32\atmclk.exe\[Upack]" file.
15.5.2006 8:52:11 SYSTEM 652 Sign of "Win32:Trojano-CL [Trj]" has been found in "C:\WINDOWS\system32\1024\ldC9D6.tmp\[UPX]" file.
15.5.2006 9:52:32 SYSTEM 652 Sign of "Win32:Zlob-BN [Trj]" has been found in "C:\WINDOWS\system32\1024\ldBA13.tmp\[Upack]" file.
15.5.2006 9:53:09 SYSTEM 652 Sign of "Win32:Zlob-BM [Trj]" has been found in "C:\WINDOWS\system32\atmclk.exe\[Upack]" file.
15.5.2006 9:53:23 SYSTEM 652 Sign of "Win32:Trojano-CL [Trj]" has been found in "C:\WINDOWS\system32\1024\ld4D33.tmp\[UPX]" file.
15.5.2006 10:21:36 SYSTEM 652 Sign of "Win32:Zlob-BN [Trj]" has been found in "C:\WINDOWS\system32\1024\ld59B2.tmp\[Upack]" file.
15.5.2006 10:22:00 SYSTEM 652 Sign of "Win32:Zlob-BM [Trj]" has been found in "C:\WINDOWS\system32\atmclk.exe\[Upack]" file.
15.5.2006 10:22:09 SYSTEM 652 Sign of "Win32:Trojano-CL [Trj]" has been found in "C:\WINDOWS\system32\1024\ldB7A9.tmp\[UPX]" file.
15.5.2006 14:53:04 SYSTEM 720 Sign of "Win32:Zlob-BN [Trj]" has been found in "C:\WINDOWS\system32\1024\ldBB45.tmp\[Upack]" file.
15.5.2006 14:54:17 SYSTEM 720 Sign of "Win32:Trojano-CL [Trj]" has been found in "C:\WINDOWS\system32\1024\ldE1F3.tmp\[UPX]" file.
15.5.2006 15:19:33 SYSTEM 720 Sign of "Win32:Zlob-BN [Trj]" has been found in "C:\WINDOWS\system32\1024\ldFD55.tmp\[Upack]" file.
15.5.2006 15:20:29 SYSTEM 720 Sign of "Win32:Trojano-CL [Trj]" has been found in "C:\WINDOWS\system32\1024\ldDE07.tmp\[UPX]" file.
15.5.2006 15:45:47 SYSTEM 720 Sign of "Win32:Zlob-BN [Trj]" has been found in "C:\WINDOWS\system32\1024\ld467.tmp\[Upack]" file.
15.5.2006 15:46:22 SYSTEM 720 Sign of "Win32:Trojano-CL [Trj]" has been found in "C:\WINDOWS\system32\1024\ld918B.tmp\[UPX]" file.
15.5.2006 16:11:44 SYSTEM 720 Sign of "Win32:Zlob-BN [Trj]" has been found in "C:\WINDOWS\system32\1024\ldC8DB.tmp\[Upack]" file.
15.5.2006 16:13:08 SYSTEM 720 Sign of "Win32:Trojano-CL [Trj]" has been found in "C:\WINDOWS\system32\1024\ld1156.tmp\[UPX]" file.
15.5.2006 16:38:15 SYSTEM 720 Sign of "Win32:Zlob-BN [Trj]" has been found in "C:\WINDOWS\system32\1024\ld130E.tmp\[Upack]" file.
15.5.2006 16:51:13 SYSTEM 720 Sign of "Win32:Trojano-CL [Trj]" has been found in "C:\WINDOWS\system32\1024\ldF0FA.tmp\[UPX]" file.
15.5.2006 17:16:31 SYSTEM 720 Sign of "Win32:Zlob-BN [Trj]" has been found in "C:\WINDOWS\system32\1024\ld1B7F.tmp\[Upack]" file.
15.5.2006 17:16:55 SYSTEM 720 Sign of "Win32:Trojano-CL [Trj]" has been found in "C:\WINDOWS\system32\1024\ld76C3.tmp\[UPX]" file.
15.5.2006 17:43:21 SYSTEM 720 Sign of "Win32:Zlob-BN [Trj]" has been found in "C:\WINDOWS\system32\1024\ld8EC5.tmp\[Upack]" file.
15.5.2006 17:43:57 SYSTEM 720 Sign of "Win32:Trojano-CL [Trj]" has been found in "C:\WINDOWS\system32\1024\ld3221.tmp\[UPX]" file.
15.5.2006 18:09:16 SYSTEM 720 Sign of "Win32:Zlob-BN [Trj]" has been found in "C:\WINDOWS\system32\1024\ld641F.tmp\[Upack]" file.
15.5.2006 18:09:38 SYSTEM 720 Sign of "Win32:Trojano-CL [Trj]" has been found in "C:\WINDOWS\system32\1024\ldBD32.tmp\[UPX]" file.

 

Sitten tehdään näin kun mikään muu ei auta eli suoraan fixiin:

Poista ohjauspaneelista, jos on:

Error Safe free

Tyhjennä IE:n väliaikaistiedostot.

Hae,asenna ja päivitä ewido -> http://keskustelu.afterdawn.com/thread_view.cfm/269186

Printtaa ohjeet ulos.

Käynnistä koneesi vikasietotilaan ja valitse tavallinen käyttäjätilisi.

Kun vikasietotilassa, avaa SmitfraudFix kansio ja tupla-klikkaa smitfraudfix.cmd
Valitse optio #2 - Clean kirjoittamalla 2 ja painamalla "Enter" poistaaksesi tarttuneet tiedostot.

Sinulta kysytään: "Registry cleaning - Do you want to clean the registry ?"; vastaa "Yes" kirjoittamalla Y ja paina "Enter" poistaaksesi työpöydän taustakuvan ja puhdistaaksesi tarttuneet rekisteriavaimet.

Työkalu tarkistaa jos wininet.dll on tarttunut. Sinua saatetaan pyytää korvaamaan tarttunut .dll (jos löytyy); vastaa "Yes" kirjoittamalla Y ja painamalla "Enter".

Työkalun saattaa tarvita käynnistää kone uudelleen; jos ei tee niin, käynnistä normaaliin Windowsiin.
Tekstitiedosto ilmestyy, puhdistusprosessin jäljiltä; kopioi & liitä tämän raportin tulokset vastaukseesi.
Raportti löytyy paikalliselta levyltäsi, useimmiten C:\rapport.txt.

Skannaa ewidolla, anna poistaa mitä löytää ja tallenna raportti.

Lähetä C:\rapport.txt-sisältö, ewidon raportti ja uusi HjT-loki

 

täytyy koittaa tota juttuu,mut saattaa mennä huomiseen tai yöhön on niin perkel.... töitä, mut onneks toinen kone toimii moitteetomasti kun ei oo ollu ikinä verkossa .....

 

No niin nyt kun kone taas toimii niin meinas tärkein unohtuu eli KIITOS
ja ISO KÄSI Kemistille .ollaan taas yhteydessä kun tarvetta ilmenee

 

Mukava kuulla, mutta niitä lokeja/raportteja vielä kaipailen

 

tässä olis se ewidon raportti ei se paljon mieltä ylennä SNIF...



--------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 21:35:34, 31.5.2006
+ Report-Checksum: EE1FC0F0

+ Scan result:

:mozilla.6:C:\Documents and Settings\Toni Nieminen\Application Data\Mozilla\Firefox\Profiles\m03g8okh.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.7:C:\Documents and Settings\Toni Nieminen\Application Data\Mozilla\Firefox\Profiles\m03g8okh.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.9:C:\Documents and Settings\Toni Nieminen\Application Data\Mozilla\Firefox\Profiles\m03g8okh.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.16:C:\Documents and Settings\Toni Nieminen\Application Data\Mozilla\Firefox\Profiles\m03g8okh.default\cookies.txt -> TrackingCookie.Adtech : Cleaned with backup
:mozilla.17:C:\Documents and Settings\Toni Nieminen\Application Data\Mozilla\Firefox\Profiles\m03g8okh.default\cookies.txt -> TrackingCookie.Adtech : Cleaned with backup
:mozilla.24:C:\Documents and Settings\Toni Nieminen\Application Data\Mozilla\Firefox\Profiles\m03g8okh.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.28:C:\Documents and Settings\Toni Nieminen\Application Data\Mozilla\Firefox\Profiles\m03g8okh.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup
:mozilla.36:C:\Documents and Settings\Toni Nieminen\Application Data\Mozilla\Firefox\Profiles\m03g8okh.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.37:C:\Documents and Settings\Toni Nieminen\Application Data\Mozilla\Firefox\Profiles\m03g8okh.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.38:C:\Documents and Settings\Toni Nieminen\Application Data\Mozilla\Firefox\Profiles\m03g8okh.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.39:C:\Documents and Settings\Toni Nieminen\Application Data\Mozilla\Firefox\Profiles\m03g8okh.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.40:C:\Documents and Settings\Toni Nieminen\Application Data\Mozilla\Firefox\Profiles\m03g8okh.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.41:C:\Documents and Settings\Toni Nieminen\Application Data\Mozilla\Firefox\Profiles\m03g8okh.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.52:C:\Documents and Settings\Toni Nieminen\Application Data\Mozilla\Firefox\Profiles\m03g8okh.default\cookies.txt -> TrackingCookie.Com : Cleaned with backup
:mozilla.53:C:\Documents and Settings\Toni Nieminen\Application Data\Mozilla\Firefox\Profiles\m03g8okh.default\cookies.txt -> TrackingCookie.Com : Cleaned with backup
:mozilla.57:C:\Documents and Settings\Toni Nieminen\Application Data\Mozilla\Firefox\Profiles\m03g8okh.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned with backup
:mozilla.58:C:\Documents and Settings\Toni Nieminen\Application Data\Mozilla\Firefox\Profiles\m03g8okh.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup
:mozilla.63:C:\Documents and Settings\Toni Nieminen\Application Data\Mozilla\Firefox\Profiles\m03g8okh.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.64:C:\Documents and Settings\Toni Nieminen\Application Data\Mozilla\Firefox\Profiles\m03g8okh.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.65:C:\Documents and Settings\Toni Nieminen\Application Data\Mozilla\Firefox\Profiles\m03g8okh.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.66:C:\Documents and Settings\Toni Nieminen\Application Data\Mozilla\Firefox\Profiles\m03g8okh.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.70:C:\Documents and Settings\Toni Nieminen\Application Data\Mozilla\Firefox\Profiles\m03g8okh.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.71:C:\Documents and Settings\Toni Nieminen\Application Data\Mozilla\Firefox\Profiles\m03g8okh.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.72:C:\Documents and Settings\Toni Nieminen\Application Data\Mozilla\Firefox\Profiles\m03g8okh.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.73:C:\Documents and Settings\Toni Nieminen\Application Data\Mozilla\Firefox\Profiles\m03g8okh.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.74:C:\Documents and Settings\Toni Nieminen\Application Data\Mozilla\Firefox\Profiles\m03g8okh.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.75:C:\Documents and Settings\Toni Nieminen\Application Data\Mozilla\Firefox\Profiles\m03g8okh.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
C:\Documents and Settings\Toni Nieminen\Cookies\toni nieminen@dw.com[1].txt -> TrackingCookie.Com : Cleaned with backup
C:\Documents and Settings\Toni Nieminen\Cookies\toni nieminen@news.com[1].txt -> TrackingCookie.Com : Cleaned with backup
C:\Documents and Settings\Toni Nieminen\Cookies\toni nieminen@techrepublic.com[1].txt -> TrackingCookie.Com : Cleaned with backup
C:\Program Files\ABC\abc.exe -> Logger.KeyLogger.jm : Cleaned with backup
C:\WINDOWS\system32\1024 -> Trojan.Small : Cleaned with backup


::Report End

 

TÄSSÄ Hijackthis lista
ja se pitäiskö noi ruksaa ja poistaa tai jotain ...


Logfile of HijackThis v1.99.1
Scan saved at 21:43:55, on 31.5.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\HPConfig.exe
C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\carpserv.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\HPQ\One-Touch\OneTouch.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\Logi_MwX.Exe
C:\WINDOWS\system32\flcss.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Wireless LAN Utility\Am772cfg.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Documents and Settings\Toni Nieminen\Työpöytä\HijackThis_v1.99.1.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://haku.soneraplaza.fi/haku/queryie5.jsp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.soneraplaza.fi
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer - toimittaja Sonera Internet
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.dial.inet.fi:800
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.fi;*.*.fi;*.*.*.fi;;localhost;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [Display Settings] C:\Program Files\HPQ\Notebook Utilities\hptasks.exe /s
O4 - HKLM\..\Run: [QT4HPOT] C:\Program Files\HPQ\One-Touch\OneTouch.EXE
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [F-Secure Anti-FunLove] C:\WINDOWS\system32\flcss.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Free Download Manager] C:\Program Files\Free Download Manager\fdm.exe -autorun
O4 - Startup: AM772CFG.lnk = ?
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download web site with Free Download Manager - file://C:\Program Files\Free Download Manager\dlpage.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O14 - IERESET.INF: START_PAGE_URL=http://www.soneraplaza.fi
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {94EB57FE-2720-496C-B33F-D9353C6E23F7} (F-Secure Online Scanner 2.1) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://support.f-secure.com/ols3/fscax.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: HP Configuration Interface Service (HPConfig) - Hewlett-Packard - C:\WINDOWS\system32\HPConfig.exe
O23 - Service: HPWirelessMgr - Hewlett-Packard Co. - C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

 

tätä ei tunnu löytyvän mistään: C:\rapport.txt-

 

Etsi etsi-toiminnolla -> rapport.txt ja lähetä sisältö tänne, jos löytyy.

 

ei löytäny

 

Teitkö sitten ollenkaan tätä?

Käynnistä koneesi vikasietotilaan ja valitse tavallinen käyttäjätilisi.

Kun vikasietotilassa, avaa SmitfraudFix kansio ja tupla-klikkaa smitfraudfix.cmd
Valitse optio #2 - Clean kirjoittamalla 2 ja painamalla "Enter" poistaaksesi tarttuneet tiedostot.

Sinulta kysytään: "Registry cleaning - Do you want to clean the registry ?"; vastaa "Yes" kirjoittamalla Y ja paina "Enter" poistaaksesi työpöydän taustakuvan ja puhdistaaksesi tarttuneet rekisteriavaimet.

Työkalu tarkistaa jos wininet.dll on tarttunut. Sinua saatetaan pyytää korvaamaan tarttunut .dll (jos löytyy); vastaa "Yes" kirjoittamalla Y ja painamalla "Enter".

Työkalun saattaa tarvita käynnistää kone uudelleen; jos ei tee niin, käynnistä normaaliin Windowsiin.
Tekstitiedosto ilmestyy, puhdistusprosessin jäljiltä; kopioi & liitä tämän raportin tulokset vastaukseesi.
Raportti löytyy paikalliselta levyltäsi, useimmiten C:\rapport.txt.

Koska tuo tiedosto on jos fixi on ajettu, se on varma.

 

no niin koneen onnistuin käynnistää vikasietotilaan,mut siihen se melkein jäikin.

jotain se fix-homma kuitenkin herjas ja tähän se tais viimeksikin jäädä,mut silloin jostain syystä avast lopetti sen herjaamisen siitä troijalaisesta oisko sillä ewidolla jotain tekemistä asian kanssa.
ja selviskö sulle noista jo lähetetyistä raporteista jotain (ewido löys 32 örkki,mut pystyykö se poistaa ne lopullisesti ainakin se ilmoitti ne puhdistanees)

Täsä on se fix ilmoitus
onk mitään tehtävissä

SmitFraudFix v2.44

Fichier Process.exe absent !
Dezippez la totalité de l'archive dans un dossier.

Process.exe file missing !
Unzip all the archive in a folder.

Jatka painamalla mitä tahansa näppäintä . . .

 

Avast poistaa yhden filun, siks se pitää ottaa vähäks aikaa pois päältä.

Tee tarkalleen näin:

- Hae uusi versio SmitFraudfixistä -> http://siri.urz.free.fr/Fix/SmitfraudFix.zip
- Poista se vanha työpöydältä
- Ota avast pois päältä ja nettipiuha pois (tärkeää!!)
- Pura smitfraudfix työpöydälle
- Käynnistä vikasietotilaan ja tee se ajo optio 2:lla
- Käynnistä uudelleen, laita avast päälle, nettipiuha takas ja lähetä c:\rapport.txt-sisältö tänne.

 

näin koitetaan mut menee varmaan yli viikonlopun