Viruksia koneella!! Kone sekaisin ... (hjt-loki)

pilkkim · Dec 18, 2007

Eilen huomasin, että kaikki koneeni tiedostot ovat sekasin mm. musiikit hävinnyt jne. Olen tehnyt vähän avustavia toiminpiteitä.
Eli Kaspersky online skannerilla katoin konettani. Se löysi 5 virusta voisiko joku auttaa vähän nyt. Olen ottanut valmiiksi Hjt-lokin. Sekä olen tyhjentänyt Ccleanerillä konettani.
Samalla huomasin että kone ei sammu oikein. Windowsin sammutuksen jälkeen tulee sininen ruutu jossa lukee että "Windosissa on ongelmia"
tai jotai tuollaista.
Apuja!!

Tässä olisi Hjt-loki:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:01:35, on 18.12.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
C:\WINDOWS\system32\slrundll.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.blues.fi/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http:///
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Zango - {07AA283A-43D7-4CBE-A064-32A21112D94D} - C:\Program Files\Zango\bin\10.0.370.0\HostIE.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: Zango - {07AA283A-43D7-4CBE-A064-32A21112D94D} - C:\Program Files\Zango\bin\10.0.370.0\HostIE.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Error Safe] C:\Program Files\Error Safe Free\ers.exe /scan
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ZangoOE] C:\Program Files\Zango\bin\10.0.370.0\OEAddOn.exe
O4 - HKLM\..\Run: [ZangoSA] "C:\Program Files\Zango\bin\10.0.370.0\ZangoSA.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Error Safe] "C:\Program Files\Error Safe Free\ERS.exe" /min
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [VistaStartMenu] "C:\Program Files\Vista Start Menu\StartMenu.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Verkkopalve')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone -pikakäynnistys.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1162757159390
O22 - SharedTaskScheduler: USB Ware - {E2CA7CD1-1AD9-F1C4-3D2A-DC1A33E7AF9D} - (no file)
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod-palvelu (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MSSQLServerADHelper - Unknown owner - C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe (file missing)
O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\NORMAN\Nvc\BIN\nipsvc.exe
O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\NORMAN\Nvc\BIN\nvcoas.exe
O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman Data Defense Systems - C:\NORMAN\Nvc\BIN\NVCSCHED.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 8300 bytes

pilkkim · Dec 18, 2007

Nyt en tiedä miksi tämä ei postita Kaspersky-lokia(42 Wordin sivua)tuskin pystyy edes laittaa... kokeilen uudestaan jos joku vaivautuu katsomaan konettani.

pilkkim · Dec 19, 2007

Niin voisiko joku katsoa tämän hjt-lokin ?

pilkkim · Dec 21, 2007

niin onko tossa logissa jotai hämärää? alkaa ärsyttää kun kone ei sammu suoraan ja virukset senkuin leviävät..

kalminen · Dec 24, 2007

Törmäsin tähän viestiisi onko ongelma edeleen ???
Kyllä täällä tuntuu tauhkaa olevan runsaasti !!!

1. Käynnistä Spybot-S&D Edistyneessä tilassa
2. Jos se ei ole Edistyneessä tilassa, mene Tila-valikkoon ja valitse Edistynyt tila
3. Klikkaa vasemmalla Työkalut
4. Klikkaa listassa Pysyvä suojaus
5. Ota rasti pois kohdasta "Pysyvä TeaTimer" ja paina OK.
6. Käynnistä kone uudelleen.
------------------------------------------------------
Mene Windowsin ControlPaneliin (Ohjauspaneli) ja sieltä Lisää / Poista sovellus
Vistassa Ohjelmat ja toiminnot
Etsi ja poista ohjelma jonka nimessä on:

Kaikki joiden nimessä on "Seekmo" tai "Zango..."
Sekä "Error Safe"
Norman Virus Control

------------------------------------
Käynnistä kone vikasietotilaan => OHJE
Laita piilotiedostot näkyviin =>vikasiedossa OHJE

Poista kansiot:
C:\Program Files\Error Safe Free\
C:\Program Files\Zango\
C:\NORMAN\
Käynnistä koneesi normaalitilaan.
-----------------------------------------------------
Sammuta selain ja muut ohjelmat Fixin ajaksi. (ei virustorjuntaa)
Käynnistä HijackThis:Scan ja ruksaa seuraavat punaisella listatut tiedostot sekä poista ne.(fix Chekked)

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http:///
O2 - BHO: Zango - {07AA283A-43D7-4CBE-A064-32A21112D94D} - C:\Program Files\Zango\bin\10.0.370.0\HostIE.dll (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: Zango - {07AA283A-43D7-4CBE-A064-32A21112D94D} - C:\Program Files\Zango\bin\10.0.370.0\HostIE.dll (file missing)
O4 - HKLM\..\Run: [Error Safe] C:\Program Files\Error Safe Free\ers.exe /scan
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [ZangoOE] C:\Program Files\Zango\bin\10.0.370.0\OEAddOn.exe
O4 - HKLM\..\Run: [ZangoSA] "C:\Program Files\Zango\bin\10.0.370.0\ZangoSA.exe"
O4 - HKCU\..\Run: [Error Safe] "C:\Program Files\Error Safe Free\ERS.exe" /min
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Image Zone -pikakäynnistys.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O22 - SharedTaskScheduler: USB Ware - {E2CA7CD1-1AD9-F1C4-3D2A-DC1A33E7AF9D} - (no file)
O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\NORMAN\Nvc\BIN\nipsvc.exe
O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman Data Defense Systems - C:\NORMAN\Nvc\BIN\NVCSCHED.EXE

-------------------------------------------
Javan päivitys ja välimuistin tyhjennys:

1. Klikkaa Käynnistä -> Ohjauspaneeli ja tupla-klikkaa Lisää tai poista sovellus Ohjauspaneelissa.
2. Etsi listasta kaikki entiset Java versiosi. (J2SE Runtime Environment.... )
Niissä pitäisi olla seuraava kuva vieressä:
3. Valitse kaikki entiset Java versiosi ja valitse Poista.
4. Asenna uusin Java päivitys seuraavasta linkistä..
5. Käynnistä kone uudelleen asennuksen jälkeen:

http://java.sun.com/javase/downloads/index.jsp

Rullaa alas kohteeseen Java Runtime Environment (JRE) 6 Update 3
Paina Download
Ruksaa Accept, ota online installation, ja asenna se ohjeiden mukaan.

6. Käynnistyksen jälkeen, mene takaisin Ohjauspaneeliin ja avaa Java asetuksesi (Muita Ohjauspaneelin asetuksia -> Java kahvikuppi).

7. General Settings -osion alla, vedä liukusäädintä (Disk Space) pienemmälle, ja klikkaa Delete Files -nappia.

(Jotkut javapohjaiset ohjelmat saattavat tarvita enemmän levytilaa.
Jos huomaat säädön pienentämisen jälkeen koneessa hitautta, siirrä liukusäädintä isommalle).

8. Varmista että kaikki kaksi valintaa ovat rastitettuja:

* Applications and Applets
* Trace and Log Files
Ja paina OK -nappia

9. Klikkaa OK "Temporary Files Settings" -ikkunassasi.
Huomaa: Tämä poistaa kaikki ladatut sovellukset ja appletit VÄLIMUISTISTA.

10. Klikkaa OK jättääksesi Java asetusikkunasi.
-----------------------------------
Tyhjennä roskakori ja käynnistä koneesi uudelleen.

Postita tänne seuraavat lokit:

* Tuore HijackThis loki (Otetaan viimeisenä ennen postitusta)
* Kerro jos jossain kohtaa oli ongelmia ?????
*

pilkkim · Dec 27, 2007

Sori, että meni hetki tehdä tätä... Ongelmia tuli matkaan näissä kohdissa eli en saanut poistettua Normania kummastakaan neuvosta. Ja ohjauspanelissa ei löytynyt kyseisiä tiedostoja ja sama oli vikasieto-tilassa. (norman siis löyty) mutta ei ErrorSafe tai Zango:a

Olisiko vielä neuvoja miten saan koneen sammumaan kunnolla, kun joka kerta kun sammuttaa/käynnistää uudelleen Windowsin sammumisen jälkeen tulee sinisellä taustalla oleva teksti, että on löytynyt ongelmia mistä mahtaa johtua??

Mene Windowsin ControlPaneliin (Ohjauspaneli) ja sieltä Lisää / Poista sovellus
Vistassa Ohjelmat ja toiminnot
Etsi ja poista ohjelma jonka nimessä on:

Kaikki joiden nimessä on "Seekmo" tai "Zango..."
Sekä "Error Safe"
Norman Virus Control

------------------------------------
Käynnistä kone vikasietotilaan => OHJE
Laita piilotiedostot näkyviin =>vikasiedossa OHJE

Poista kansiot:
C:\Program Files\Error Safe Free\
C:\Program Files\Zango\
C:\NORMAN\
Käynnistä koneesi normaalitilaan.

Tässä Vielä Hjt-loki

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:00:33, on 27.12.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\system32\slrundll.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.blues.fi/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [VistaStartMenu] "C:\Program Files\Vista Start Menu\StartMenu.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Verkkopalve')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1162757159390
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MSSQLServerADHelper - Unknown owner - C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe (file missing)
O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\NORMAN\Nvc\BIN\nipsvc.exe
O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\NORMAN\Nvc\BIN\nvcoas.exe
O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman Data Defense Systems - C:\NORMAN\Nvc\BIN\NVCSCHED.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 7000 bytes

kalminen · Dec 28, 2007

Kyllä vielä on neuvoja !!!
Ne virukset joita et löytänyt vaikka ne koneella on.
- Virukset pois
- Päällekäiset virusturvat pois

pilkkim · Jan 2, 2008

Olenko minä tyhmä tässä kun teen noin miten käskit.. niin ei löydy noita Zangoa tai muita tollasiaa ja normannia ei saa poistettuuu siinä vain lukee että sovellusta ei voi poistaa? ja kun teen sen lisää/poista valikosta niin se muka poistaa sen mutta mihinkään se ei katoa! Sori olen ehkä hieman amatööri näitten kanssa.

kalminen · Jan 14, 2008

Onkos tämä vielä kesken ???

pilkkim · Jan 16, 2008

no juu voisi niin sanoa... en ole mitenkää saanut poistettu päällekkäisiä torjuntaohjelmia tai Zangoa en edes löydä....

kalminen · Jan 16, 2008

Kun siellä Zango on ainakin ollut joskus.
Lataa ja pura BFU.zip täältä .
Aja ohjelma ja klikkaa Web nappulaa kuten näytetty tässä:

Käytä tämä webbiosoite "Download script" palkkiin:
http://metallica.geekstogo.com/MediaGateway.BFU

Aja skripti klikkaamalla Execute valintaa.

Jos on mitään kysymyksiä BFU:n käytöstä, lue täällä:
http://metallica.geekstogo.com/BFUinstructions.html (englanniksi)
Rapostti tuosta => tänne
-----------------------------------
Tallenna tämä alla oleva tekstinpätkä nimellä fix.bat muistiossa (Notepad) työpöydälle (tallennusmuoto kaikki tiedostot)
Code:
@echo on
sc stop "Norman Virus Control on-access component"
sc delete "Norman Virus Control on-access component"
sc stop "Norman API-hooking helper"
sc delete "Norman API-hooking helper"
pause
Tuplaklikkaa Työpöydällä fix.bat ja paina kyllä ja ok.

Käynnistä kone vikasietotilaan => OHJE
Laita piilotiedostot näkyviin =>vikasiedossa OHJE
Poista tämä kansio. => C:\NORMAN\
Käynnistä normaalitilaan.
------------------------------------
Sammuta selain ja muut ohjelmat Fixin ajaksi. (ei virustorjuntaa)
Käynnistä HijackThis:ja Scan ja ruksaa seuraavat punaisella listatut tiedostot sekä poista ne.(fix Chekked)

O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\NORMAN\Nvc\BIN\nvcoas.exe
O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\NORMAN\Nvc\BIN\nipsvc.exe

Tyhjennä roskakori ja käynnistä koneesi uudelleen.

Postita tänne seuraavat lokit:
* Tuore HijackThis loki (Otetaan viimeisenä ennen postitusta)
* AVG:n raportti
*

pilkkim · Mar 31, 2008

Norman ei poistu mutta tässä HJT-logi

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:25:49, on 31.3.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.blues.fi/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Verkkopalve')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1162757159390
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod-palvelu (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MSSQLServerADHelper - Unknown owner - C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe (file missing)
O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\NORMAN\Nvc\BIN\nipsvc.exe
O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\NORMAN\Nvc\BIN\nvcoas.exe
O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman Data Defense Systems - C:\NORMAN\Nvc\BIN\NVCSCHED.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 4897 bytes

BFU v1.11.0
Windows XP SP2 (WinNT 5.01.2600 SP2)
Script started at 15:57:56, on 31.3.2008

Failed: DllUnregister C:\Program Files\zango\zangohook.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\Zango Programs\Zango Toolbar\ZangoTB.dll|1 (file not found)
Failed: DllUnregister \MedAccX.dll|1 (file not found)
Failed: DllUnregister \ZbHostIE.dll|1 (file not found)
Failed: RegDeleteKey HKCR\ClientAX.ClientInstaller (key does not exist)
Failed: RegDeleteKey HKCR\ClientAX.ClientInstaller.1 (key does not exist)
Failed: RegDeleteKey HKCR\ClientAX.RequiredComponent (key does not exist)
Failed: RegDeleteKey HKCR\ClientAX.RequiredComponent.1 (key does not exist)
Failed: RegDeleteKey HKCR\ClientAX.ZangoClientAX (key does not exist)
Failed: RegDeleteKey HKCR\ClientAX.ZangoClientAX.1 (key does not exist)
Failed: RegDeleteKey HKCR\Clientax.seekmoclientax (key does not exist)
Failed: RegDeleteKey HKCR\Clientax.seekmoclientax.1 (key does not exist)
Failed: RegDeleteKey HKCR\LMgr180.WMDRMAx (key does not exist)
Failed: RegDeleteKey HKCR\LMgr180.WMDRMAx.1 (key does not exist)
Failed: RegDeleteKey HKCR\MediaGateway.Installer (key does not exist)
Failed: RegDeleteKey HKCR\MediaGateway.Installer.1 (key does not exist)
Failed: RegDeleteKey HKCR\MediaGatewayX.Installer (key does not exist)
Failed: RegDeleteKey HKCR\MediaGatewayX.Installer.1 (key does not exist)
Failed: RegDeleteKey HKCR\MediaGateway.LicenseInstaller (key does not exist)
Failed: RegDeleteKey HKCR\MediaGateway.LicenseInstaller.1 (key does not exist)
Failed: RegDeleteKey HKLM\SOFTWARE\Classes\ncmyb.SABHO (key does not exist)
Failed: RegDeleteKey HKLM\SOFTWARE\Classes\ncmyb.SABHO.1 (key does not exist)
Failed: RegDeleteKey HKCR\zangohook.SABHO (key does not exist)
Failed: RegDeleteKey HKCR\zangohook.SABHO.1 (key does not exist)
Failed: RegDeleteKey HKCR\ZangoToolbar.ZCToolBand (key does not exist)
Failed: RegDeleteKey HKCR\ZangoToolbar.ZCToolBand.1 (key does not exist)
Failed: RegDeleteKey HKCR\MediaAccX.Installer (key does not exist)
Failed: RegDeleteKey HKCR\MediaAccess.Installer (key does not exist)
Failed: RegDeleteKey HKCR\appid\{d28cd14c-50be-4cfa-951e-b37f25da3472} (key does not exist)
Failed: RegDeleteKey HKCR\AppID\{F1F040D5-E8F8-4680-B101-9334E9773841} (key does not exist)
Failed: RegDeleteKey HKCR\AppID\{735c5a0c-f79f-47a1-8ca1-2a2e482662a8} (key does not exist)
Failed: RegDeleteKey HKCR\appid\mediagateway.exe (key does not exist)
Failed: RegDeleteKey HKCR\AppID\LoaderX.EXE (key does not exist)
Failed: RegDeleteKey HKCR\AppID\ZangoToolbar.DLL (key does not exist)
Failed: RegDeleteKey HKCR\CLSID\{0AC49246-419B-4EE0-8917-8818DAAD6A4E} (key does not exist)
Failed: RegDeleteKey HKCR\CLSID\{144B9C7E-235A-4316-9EB3-5E393714C77A} (key does not exist)
Failed: RegDeleteKey HKCR\CLSID\{15ad6789-cdb4-47e1-a9da-992ee8e6bad6} (key does not exist)
Failed: RegDeleteKey HKCR\CLSID\{1E5E0D38-214B-4085-AD2A-D2290E6A2D2C} (key does not exist)
Failed: RegDeleteKey HKCR\CLSID\{1E5F0D38-214B-4085-AD2A-D2290E6A2D2C} (key does not exist)
Failed: RegDeleteKey HKCR\CLSID\{211C4D10-4564-87A0-08B3-B758D5C1FD48} (key does not exist)
Failed: RegDeleteKey HKCR\CLSID\{21B4ACC4-8874-4AEC-AEAC-F567A249B4D4} (key does not exist)
Failed: RegDeleteKey HKCR\clsid\{391b0aa4-1e17-485f-b635-0fe26219e87e} (key does not exist)
Failed: RegDeleteKey HKCR\CLSID\{51CF80DC-A309-4735-BB11-EF18BF4E3AD9} (key does not exist)
Failed: RegDeleteKey HKCR\CLSID\{56F1D444-11BF-4879-A12B-79CF0177F038} (key does not exist)
Failed: RegDeleteKey HKCR\CLSID\{5CBE2611-C31B-401F-89BC-4CBB25E853D7} (key does not exist)
Failed: RegDeleteKey HKCR\clsid\{690b8ed9-7b35-4fbe-b69c-58d58f3e6b07} (key does not exist)
Failed: RegDeleteKey HKCR\clsid\{8FCDF9D9-A28B-480F-8C3D-581F119A8AB8} (key does not exist)
Failed: RegDeleteKey HKCR\CLSID\{99410CDE-6F16-42ce-9D49-3807F78F0287} (key does not exist)
Failed: RegDeleteKey HKCR\CLSID\{D676F999-4608-4dc5-A135-4F51F4212739} (key does not exist)
Failed: RegDeleteKey HKCR\CLSID\{EA0D26BD-9029-431A-86E0-83152D67828A} (key does not exist)
Failed: RegDeleteKey HKCR\CLSID\{F31A5D11-BF0B-4A4E-90AF-274F2090AAA6} (key does not exist)
Failed: RegDeleteKey HKCR\Interface\{00ada225-ea6c-4fb3-82e8-68189201ccb9} (key does not exist)
Failed: RegDeleteKey HKCR\Interface\{2B0ECEAC-F597-4858-A542-D966B49055B9} (key does not exist)
Failed: RegDeleteKey HKCR\interface\{6c092742-10fe-4db2-988d-fc71948de70c} (key does not exist)
Failed: RegDeleteKey HKCR\interface\{7fa8976f-d00c-4e98-8729-a66569233fb5} (key does not exist)
Failed: RegDeleteKey HKCR\interface\{d5175f49-39e5-4af1-ba98-e2234869276d} (key does not exist)
Failed: RegDeleteKey HKCR\interface\{dd469a88-316c-441d-b712-783d9b9a6707} (key does not exist)
Failed: RegDeleteKey HKCR\Interface\{2B0ECEAC-F597-4858-A542-D966B49055B9} (key does not exist)
Failed: RegDeleteKey HKCR\Interface\{610E0E95-8F2F-4B71-966E-F91701D4DC2C} (key does not exist)
Failed: RegDeleteKey HKCR\Interface\{67A89831-6BC7-4CC0-A2C3-560F9A581E64} (key does not exist)
Failed: RegDeleteKey HKCR\Interface\{6C092742-10FE-4DB2-988D-FC71948DE70C} (key does not exist)
Failed: RegDeleteKey HKCR\Interface\{7B178417-3CDA-444F-94FF-312C0A3A78A8} (key does not exist)
Failed: RegDeleteKey HKCR\Interface\{7FA8976F-D00C-4E98-8729-A66569233FB5} (key does not exist)
Failed: RegDeleteKey HKCR\Interface\{A16650A9-B065-40EC-BBD1-F8D370D17FB1} (key does not exist)
Failed: RegDeleteKey HKCR\Interface\{BDDDF1A5-51A9-4F51-B38D-4CD0AD831B31} (key does not exist)
Failed: RegDeleteKey HKCR\Interface\{DDEA2E1D-8555-45E5-AF09-EC9AA4EA27AD} (key does not exist)
Failed: RegDeleteKey HKCR\Interface\{E43DFAA6-8C16-4519-B022-8792408505A4} (key does not exist)
Failed: RegDeleteKey HKCR\Interface\{E775C662-85D0-438E-82F0-6BCE20A8E154} (key does not exist)
Failed: RegDeleteKey HKCR\Interface\{F1F1E775-1B21-454D-8D38-7C16519969E5} (key does not exist)
Failed: RegDeleteKey HKCR\TypeLib\{01BF19C2-59D3-43E9-A2CC-C2D62D8878D3} (key does not exist)
Failed: RegDeleteKey HKCR\typelib\{15696ae2-6ea4-47f4-bea6-a3d32693efc7} (key does not exist)
Failed: RegDeleteKey HKCR\typelib\{15ea8944-438e-471e-860d-6743d4383a37} (key does not exist)
Failed: RegDeleteKey HKCR\TypeLib\{5B6689B5-C2D4-4DC7-BFD1-24AC17E5FCDA} (key does not exist)
Failed: RegDeleteKey HKCR\typelib\{68BF4626-D66B-4383-A6AF-62E57E9B6CD4} (key does not exist)
Failed: RegDeleteKey HKCR\TypeLib\{8BE3FABA-7468-4851-B97C-0750AF2B908E} (key does not exist)
Failed: RegDeleteKey HKCR\TypeLib\{91E523DB-2A1C-4231-BB06-9BE27C28739A} (key does not exist)
Failed: RegDeleteKey HKCR\typelib\{981BDA1D-C8AD-46FF-BE2C-FDDD859AC6F5} (key does not exist)
Failed: RegDeleteKey HKCR\TypeLib\{E5B57AB3-15F8-43A2-ABAC-3E58A9C25818} (key does not exist)
Failed: RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FCDF9D9-A28B-480F-8C3D-581F119A8AB8} (key does not exist)
Failed: RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{99410CDE-6F16-42ce-9D49-3807F78F0287} (key does not exist)
Failed: RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{15ad6789-cdb4-47e1-a9da-992ee8e6bad6} (key does not exist)
Failed: RegDeleteKey HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{21B4ACC4-8874-4AEC-AEAC-F567A249B4D4} (key does not exist)
Failed: RegDeleteKey HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{56F1D444-11BF-4879-A12B-79CF0177F038} (key does not exist)
Failed: RegDeleteKey HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5CBE2611-C31B-401F-89BC-4CBB25E853D7} (key does not exist)
Failed: RegDeleteKey HKLM\SOFTWARE\MediaGateway (key does not exist)
Failed: RegDeleteKey HKLM\SOFTWARE\zango (key does not exist)
Failed: RegDeleteKey HKCU\Software\zango (key does not exist)
Failed: RegDeleteKey HKLM\software\zanu (key does not exist)
Failed: RegDeleteKey HKCU\Software\zanu (key does not exist)
Failed: RegDeleteKey HKLM\software\media gateway lastupdate (key does not exist)
Failed: RegDeleteKey HKLM\software\media gateway param (key does not exist)
Failed: RegDeleteKey HKLM\software\media gateway softwaretable (key does not exist)
Failed: RegDeleteKey HKLM\SOFTWARE\Media Access (key does not exist)
Failed: RegDeleteKey HKLM\software\Zango Programs (key does not exist)
Failed: RegDeleteKey HKLM\software\microsoft\windows\currentversion\uninstall\media gateway (key does not exist)
Failed: RegDeleteKey HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Media Access (key does not exist)
Failed: RegDeleteKey HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Jade Shadow (key does not exist)
Failed: RegDeleteKey HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MediaGateway (key does not exist)
Failed: RegDeleteKey HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\zango (key does not exist)
Failed: RegDeleteKey HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Zango Toolbar (key does not exist)
Failed: RegDeleteKey HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Zango TV Times (key does not exist)
Failed: RegDeleteKey HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\zanu (key does not exist)
Success: RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{8FCDF9D9-A28B-480F-8C3D-581F119A8AB8}|Compatibility Flags|1024
Success: RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{15ad6789-cdb4-47e1-a9da-992ee8e6bad6}|Compatibility Flags|1024
Failed: RegDeleteKey HKUS\.DEFAULT\Software\Zango (key does not exist)
Failed: FolderDelete C:\Documents and Settings\Lasse\Käynnistä-valikko\Ohjelmat\Zango (folder not found)
Failed: FolderDelete C:\Documents and Settings\Lasse\Käynnistä-valikko\Ohjelmat\Zango Games (folder not found)
Failed: FolderDelete C:\Program Files\MediaGateway (folder not found)
Failed: FolderDelete C:\Program Files\Zango Programs (folder not found)
Failed: FolderDelete C:\Program Files\Zango (folder not found)
Failed: FolderDelete C:\Program Files\ZangoClient (folder not found)
Failed: FolderDelete C:\Program Files\Zango Applications (folder not found)
Failed: FolderDelete C:\Program Files\Zango Games (folder not found)
Failed: FolderDelete C:\Program Files\ZangoToolbar (folder not found)
Failed: FolderDelete C:\Program Files\180SearchAssistant (folder not found)
Failed: FolderDelete C:\Program Files\Media Access (folder not found)
Failed: FolderDelete C:\Program Files\Media Pass (folder not found)
Failed: FolderDelete C:\Documents and Settings\Lasse\Application Data\ZangoToolbar (folder not found)
Failed: FolderDelete C:\Documents and Settings\Lasse\Local Settings\Temporary Internet Files\Content.IE5\6P8I1TUM (operation failed)
Failed: FolderDelete C:\Documents and Settings\Lasse\Local Settings\Temporary Internet Files\Content.IE5\F9Y70PEJ (operation failed)
Failed: FolderDelete C:\Documents and Settings\Lasse\Local Settings\Temporary Internet Files\Content.IE5\PQIABUV5 (operation failed)
Success: FolderDelete C:\DOCUME~1\Lasse\LOCALS~1\Temp\MessengerCache
Failed: FolderDelete C:\DOCUME~1\Lasse\LOCALS~1\Temp\Tilapäinen kansio 2 bfu[1].zip (operation failed)
Failed: FileDelete C:\DOCUME~1\Lasse\LOCALS~1\Temp\~DF1C78.tmp (operation failed)
Failed: FileDelete C:\DOCUME~1\Lasse\LOCALS~1\Temp\~DF1CE8.tmp (operation failed)
Failed: FileDelete C:\DOCUME~1\Lasse\LOCALS~1\Temp\~DF2F3D.tmp (operation failed)
Failed: FileDelete C:\DOCUME~1\Lasse\LOCALS~1\Temp\~DF30E8.tmp (operation failed)
Failed: FileDelete C:\DOCUME~1\Lasse\LOCALS~1\Temp\~DFD6FB.tmp (operation failed)
Failed: FileDelete C:\WINDOWS\Temp\ZLT040e9.TMP (operation failed)
Failed: FileDelete C:\WINDOWS\Temp\ZLT04ab0.TMP (operation failed)
Script completed at 15:59:25.

pilkkim · Mar 31, 2008

jäljessä viel BFU raportti....

kalminen · Mar 31, 2008

Norman poisto lataa ja aja: TÄÄLTÄ

Käynnistä kone uudelleen:

Sammuta selain ja muut ohjelmat Fixin ajaksi. (ei virustorjuntaa)
Käynnistä HijackThis:ja Scan ja ruksaa seuraavat punaisella listatut tiedostot sekä poista ne.(fix Chekked)

O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\NORMAN\Nvc\BIN\nipsvc.exe
O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\NORMAN\Nvc\BIN\nvcoas.exe
O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman Data Defense Systems - C:\NORMAN\Nvc\BIN\NVCSCHED.EXE

Poista kansio:
C:\NORMAN\

Tyhjennä roskakori.

Postita tänne seuraavat lokit:
* Tuore HijackThis loki (Otetaan viimeisenä ennen postitusta)
* Onko tälläaikaa ilmennyt uusia ongelmia ????

Log in or Sign up

Viruksia koneella!! Kone sekaisin ... (hjt-loki)

pilkkim Member

pilkkim Member

pilkkim Member

pilkkim Member

kalminen Regular member

pilkkim Member

kalminen Regular member

pilkkim Member

kalminen Regular member

pilkkim Member

kalminen Regular member

pilkkim Member

pilkkim Member

kalminen Regular member

Share This Page

Log in or Sign up

Viruksia koneella!! Kone sekaisin ... (hjt-loki)

pilkkim Member

pilkkim Member

pilkkim Member

pilkkim Member

kalminen Regular member

pilkkim Member

kalminen Regular member

pilkkim Member

kalminen Regular member

pilkkim Member

kalminen Regular member

pilkkim Member

pilkkim Member

kalminen Regular member

Share This Page

Useful Searches