Mulla on joku pop up virus joka avaa tonne alas jotai virus varotuksii ja sit heittelee koko ajan jonnekki virus torjunta ohjelmasivuille.. oon scannannu eri virus ohjelmilla läpi mutta ei löydä mitää. sit oon tehny tolla avg anti-spyvarella ohjeitten mukaa mutta en oo saanu pois.. sit oli viel joku combomix ohjelma minkä netin keskustelu sivuilta löysin.. alkaa pikku hiljaa mennä hermot voisko joku kattoo tota lokii.. en oo varma noista nii laitan noita mitä on erillaisii mitä on eri ohjelmilla tullu: . (((((((((((((((((((((((((((((( Rekisterin k„ynnistyskohteet ))))))))))))))))))))))))))))))))))))))))))))) . . *Huom* Tyhji„ arvoja ja laillisia oletusarvoja ei n„ytet„ [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A95B2816-1D7E-4561-A202-68C0DE02353A}] 2007-12-02 14:57 145984 --a------ C:\WINDOWS\system32\gfymdaax.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{11A69AE4-FBED-4832-A2BF-45AF82825583}"= C:\WINDOWS\system32\gfymdaax.dll [2007-12-02 14:57 145984] [HKEY_CLASSES_ROOT\clsid\{11a69ae4-fbed-4832-a2bf-45af82825583}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AtiTrayTools"="C:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe" [2006-01-17 07:35] "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:55] "Steam"="d:\progra~1\steam\steam.ex -silent" [] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2003-12-08 17:35] "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-11-25 21:10] "NVMixerTray"="C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" [2004-12-20 17:12] "AVGCtrl"="C:\Program Files\AVPersonal\AVGNT.exe" [2005-11-03 17:06] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 13:03] "PCSuiteTrayApplication"="D:\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-03-23 12:20] "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 11:25] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "Nokia.PCSync"="D:\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-03-27 14:58] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system] "DisableRegistryTools"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\gfymdaax] gfymdaax.dll 2007-12-02 14:57 145984 C:\WINDOWS\system32\gfymdaax.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] "Authentication Packages"= msv1_0 C:\WINDOWS\System32\gebyy.dll R1 atitray;atitray;\??\C:\Program Files\Ray Adams\ATI Tray Tools\atitray.sys R1 fwdrv;Firewall Driver;C:\WINDOWS\System32\drivers\fwdrv.sys R1 khips;Kerio HIPS Driver;C:\WINDOWS\System32\drivers\khips.sys R2 AVWUpSrv;AntiVir Update;"C:\Program Files\AVPersonal\AVWUPSRV.EXE" R2 SPF4;Sunbelt Personal Firewall 4;C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe *Newly Created Service* - ALG *Newly Created Service* - IPNAT . ************************************************************************** catchme 0.3.1318 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-12-02 22:17:49 Windows 5.1.2600 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2007-12-02 22:19:09 - machine was rebooted . --- E O F --- the end --------------------------------------------------------------------- siotte tämmönen tuli jollai ohjelmalla SmitFraudFix v2.256 Scan done at 17:14:31,90, su 02.12.2007 Run from C:\Documents and Settings\Mikko\Ty”p”yt„\SmitfraudFix OS: Microsoft Windows XP [versio 5.1.2600] - Windows_NT The filesystem type is NTFS Fix run in safe mode »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» Killing process »»»»»»»»»»»»»»»»»»»»»»»» hosts 127.0.0.1 localhost »»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix S!Ri's WS2Fix: LSP not Found. »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix GenericRenosFix by S!Ri »»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files »»»»»»»»»»»»»»»»»»»»»»»» DNS HKLM\SYSTEM\CCS\Services\Tcpip\..\{83B0B1D4-F086-400C-8D3D-703A020BA705}: DhcpNameServer=192.168.0.1 HKLM\SYSTEM\CS1\Services\Tcpip\..\{83B0B1D4-F086-400C-8D3D-703A020BA705}: DhcpNameServer=192.168.0.1 HKLM\SYSTEM\CS2\Services\Tcpip\..\{83B0B1D4-F086-400C-8D3D-703A020BA705}: DhcpNameServer=192.168.0.1 HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.0.1 HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.0.1 HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.0.1 »»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System !!!Attention, following keys are not inevitably infected!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] "System"="" »»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning Registry Cleaning done. »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» End SmitFraudFix v2.256 the end --------------------------------------------------------------- sit eka skannaus agv:lla ennen päivitystä --------------------------------------------------------- AVG Anti-Spyware - Scan Report --------------------------------------------------------- + Created at: 18:56:21 2.12.2007 + Scan result: C:\System Volume Information\_restore{D87E10F5-5436-4509-A1D2-2ADE0F3DC0EE}\RP119\A0087590.dll -> Adware.CommAd : Cleaned with backup (quarantined). HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\Salestart -> Adware.RogueSuspect : Cleaned with backup (quarantined). C:\System Volume Information\_restore{D87E10F5-5436-4509-A1D2-2ADE0F3DC0EE}\RP119\A0087588.exe -> Downloader.Small.buy : Cleaned with backup (quarantined). C:\WINDOWS\Downloaded Program Files\gsda.dll -> Not-A-Virus.Downloader.Win32.SpyGame : Cleaned with backup (quarantined). C:\Documents and Settings\Muut\Cookies\muut@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned. C:\Documents and Settings\Muut\Cookies\muut@3.adbrite[2].txt -> TrackingCookie.Adbrite : Cleaned. C:\Documents and Settings\Muut\Cookies\muut@ads.adbrite[1].txt -> TrackingCookie.Adbrite : Cleaned. C:\Documents and Settings\Muut\Cookies\muut@adtiger[1].txt -> TrackingCookie.Adtiger : Cleaned. C:\Documents and Settings\Muut\Cookies\muut@advertising[1].txt -> TrackingCookie.Advertising : Cleaned. C:\Documents and Settings\Muut\Cookies\muut@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned. C:\Documents and Settings\Muut\Cookies\muut@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned. C:\Documents and Settings\Muut\Cookies\muut@adopt.euroclick[1].txt -> TrackingCookie.Euroclick : Cleaned. C:\Documents and Settings\Muut\Cookies\muut@search.live[2].txt -> TrackingCookie.Live : Cleaned. C:\Documents and Settings\Muut\Cookies\muut@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned. C:\Documents and Settings\Muut\Cookies\muut@auto.search.msn[1].txt -> TrackingCookie.Msn : Cleaned. C:\Documents and Settings\Mikko\Cookies\mikko@ssl-hints.netflame[1].txt -> TrackingCookie.Netflame : Cleaned. C:\Documents and Settings\Muut\Cookies\muut@bs.serving-sys[2].txt -> TrackingCookie.Serving-sys : Cleaned. C:\Documents and Settings\Muut\Cookies\muut@serving-sys[1].txt -> TrackingCookie.Serving-sys : Cleaned. C:\Documents and Settings\Muut\Cookies\muut@statistik-gallup[1].txt -> TrackingCookie.Statistik-gallup : Cleaned. C:\Documents and Settings\Muut\Cookies\muut@tradedoubler[1].txt -> TrackingCookie.Tradedoubler : Cleaned. C:\Documents and Settings\Muut\Cookies\muut@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned. C:\WINDOWS\Xw\rT.vbs -> Trojan.Small : Cleaned with backup (quarantined). C:\WINDOWS\uninstall_nmon.vbs -> Trojan.Small : Cleaned with backup (quarantined). ::Report end ------------------------------------------------------------ sit viel toka --------------------------------------------------------- AVG Anti-Spyware - Scan Report --------------------------------------------------------- + Created at: 21:45:44 2.12.2007 + Scan result: HKLM\SOFTWARE\Classes\WR -> Adware.Generic : Cleaned with backup (quarantined). HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Outerinfo -> Adware.Generic : Cleaned with backup (quarantined). C:\Program Files\WinAble\winable.exe -> Downloader.Adload.ni : Cleaned with backup (quarantined). C:\WINDOWS\b122.exe -> Downloader.Agent.erf : Cleaned with backup (quarantined). C:\WINDOWS\system32\rfvenwmn.exe -> Downloader.Tiny.id : Cleaned with backup (quarantined). C:\WINDOWS\Downloaded Program Files\UGA6P_0001_N122M2210NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.au : Cleaned with backup (quarantined). C:\Program Files\Temporary\wininstall.exe -> Trojan.Agent.crf : Cleaned with backup (quarantined). C:\WINDOWS\system32\awtspon.dll -> Trojan.Obfuscated.lf : Cleaned with backup (quarantined). C:\WINDOWS\system32\khfeeef.dll -> Trojan.Obfuscated.lf : Cleaned with backup (quarantined). C:\WINDOWS\system32\rqrqqon.dll -> Trojan.Obfuscated.lf : Cleaned with backup (quarantined). C:\WINDOWS\system32\urqnnlk.dll -> Trojan.Obfuscated.lf : Cleaned with backup (quarantined). C:\WINDOWS\system32\yayaxvs.dll -> Trojan.Obfuscated.lf : Cleaned with backup (quarantined). ::Report end en mikää tietokone virtuoosi ole mutta toivottavasti joku vois ees vähä auttaa ja kertoo jos näkee jotai outoo
nii ja en tiiä onko nää niitä lokeja vai raportteja ja näkeekö näistä mitää mut kertokaa Username "Mikko" - 02.12.2007 23:18:06 [Fixwareout edited 9/01/2007] ~~~~~ Prerun check DNS-tulkintatoiminnon välimuistin tyhjentäminen onnistui. System was rebooted successfully. ~~~~~ Postrun check HKLM\SOFTWARE\~\Winlogon\ "System"="" .... .... ~~~~~ Misc files. .... ~~~~~ Checking for older varients. .... ~~~~~ Current runs (hklm hkcu "run" Keys Only) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run] "RemoteControl"="\"C:\\Program Files\\CyberLink\\PowerDVD\\PDVDServ.exe\"" "ATIPTA"="C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe" "NVMixerTray"="\"C:\\Program Files\\NVIDIA Corporation\\NvMixer\\NVMixerTray.exe\"" "AVGCtrl"="\"C:\\Program Files\\AVPersonal\\AVGNT.EXE\" /min" "SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_06\\bin\\jusched.exe" "PCSuiteTrayApplication"="D:\\Nokia\\Nokia PC Suite 6\\LaunchApplication.exe -startup" "!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AtiTrayTools"="\"C:\\Program Files\\Ray Adams\\ATI Tray Tools\\atitray.exe\"" "MsnMsgr"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background" "Steam"="\"d:\\progra~1\\steam\\steam.ex\" -silent" "SpybotSD TeaTimer"="C:\\Program Files\\Spybot - Search & Destroy\\TeaTimer.exe" .... Hosts file was reset, If you use a custom hosts file please replace it... ~~~~~ End report ~~~~~
