PSW.xVir vaivana Logfile of HijackThis v1.99.1 Scan saved at 22:36:07, on 12.5.2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Video ActiveX Access\imsmain.exe C:\PROGRA~1\Grisoft\AVG7\avgcc.exe C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Video ActiveX Access\imsmn.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\PROGRA~1\Grisoft\AVG7\avgemc.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\JUHO\Työpöytä\hijackthis_sfx.exe C:\Program Files\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O2 - BHO: (no name) - {7A8F5B7A-A74F-495E-8A33-DF6226D2BAD8} - C:\Program Files\Video ActiveX Access\iesplg.dll (file missing) O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
Lataa SmitfraudFix (by S!Ri) työpöydällesi. Tuplaklikkaa tiedostoa SmitfraudFix.exe Valitse optio #1 - Search kirjoittamalla 1 ja painamalla "Enter"; tekstitiedosto avautuu, joka listaa tarttuneet tiedostot (jos olemassa). Postita tämän tekstitiedoston sisältö viestiketjuusi. **Jos työkalu ei käynnisty työpöydältä niin siirrä SmitfraudFix.exe suoraan järjestelmäaseman juureen (yleensä C:). Kokeile sitten käynnistää ohjelma uudestaan sieltä. Huomaa : process.exe filun tunnistaa jotkut Anti-virus ohjelmat (AntiVir, Dr.Web, Kaspersky) "Haittakaluna"; se ei ole virus, vaan ohjelma joka pysäyttää prosesseja. A/V ohjelmat eivät pysty tunnistamaan hyvän ja pahan käytön tälläisten ohjelmian väliltä, silloin ne saattavat varoittaa käyttäjää. http://www.beyondlogic.org/consulting/processutil/processutil.htm
No tuos olis: SmitFraudFix v2.181 Scan done at 11:25:10,59, su 13.05.2007 Run from C:\Documents and Settings\JUHO\Ty”p”yt„\SmitfraudFix OS: Microsoft Windows XP [versio 5.1.2600] - Windows_NT The filesystem type is NTFS Fix run in normal mode »»»»»»»»»»»»»»»»»»»»»»»» Process C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Video ActiveX Access\imsmain.exe C:\PROGRA~1\Grisoft\AVG7\avgcc.exe C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Video ActiveX Access\imsmn.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\PROGRA~1\Grisoft\AVG7\avgemc.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\cmd.exe »»»»»»»»»»»»»»»»»»»»»»»» hosts »»»»»»»»»»»»»»»»»»»»»»»» C:\ »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32 »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\JUHO »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\JUHO\Application Data »»»»»»»»»»»»»»»»»»»»»»»» Start Menu C:\DOCUME~1\ALLUSE~1\KYNNIS~1\Online Security Guide.url FOUND ! C:\DOCUME~1\ALLUSE~1\KYNNIS~1\Security Troubleshooting.url FOUND ! »»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\JUHO\Suosikit C:\DOCUME~1\JUHO\Suosikit\Online Security Test.url FOUND ! »»»»»»»»»»»»»»»»»»»»»»»» Desktop »»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files C:\Program Files\Video ActiveX Access\ FOUND ! »»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys »»»»»»»»»»»»»»»»»»»»»»»» Desktop Components [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0] "Source"="About:Home" "SubscribedURL"="About:Home" "FriendlyName"="Nykyinen kotisivu" »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler] "{735e980d-45d2-4777-af82-9923d3c8d3ae}"="heterandrous" [HKEY_CLASSES_ROOT\CLSID\{735e980d-45d2-4777-af82-9923d3c8d3ae}\InProcServer32] @="C:\WINDOWS\system32\kgkdbsk.dll" [HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{735e980d-45d2-4777-af82-9923d3c8d3ae}\InProcServer32] @="C:\WINDOWS\system32\kgkdbsk.dll" »»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs !!!Attention, following keys are not inevitably infected!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"="" »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System !!!Attention, following keys are not inevitably infected!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] "System"="" »»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32-huy32 »»»»»»»»»»»»»»»»»»»»»»»» DNS Description: Realtek RTL8139 Family PCI Fast Ethernet NIC - Paketinajoituksen miniportti DNS Server Search Order: 62.148.192.130 DNS Server Search Order: 62.148.192.154 HKLM\SYSTEM\CCS\Services\Tcpip\..\{85505910-7BE5-4112-B0A9-B85635E73B6E}: DhcpNameServer=62.148.192.130 62.148.192.154 HKLM\SYSTEM\CS1\Services\Tcpip\..\{85505910-7BE5-4112-B0A9-B85635E73B6E}: DhcpNameServer=62.148.192.130 62.148.192.154 HKLM\SYSTEM\CS2\Services\Tcpip\..\{85505910-7BE5-4112-B0A9-B85635E73B6E}: DhcpNameServer=62.148.192.130 62.148.192.154 HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=62.148.192.130 62.148.192.154 HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=62.148.192.130 62.148.192.154 HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=62.148.192.130 62.148.192.154 »»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection »»»»»»»»»»»»»»»»»»»»»»»» End
Hyppii ruurulle jatkuvasti pop-up ikkunota. Jokka väittää olevansa jotaki microsoftin juttuja tai sitten pyytävät lataamaan jonkun malware cleanerin ja sun muita juttuja.
Moi! Ja nyt ne saa lähtöpassit Printtaa ohjeet ulos tai tallenna nämä tekstitiedostoon. Käynnistä koneesi vikasietotilaan ja valitse tavallinen käyttäjätilisi. Kun vikasietotilassa, tuplaklikkaa tiedostoa SmitfraudFix.exe Valitse optio #2 - Clean kirjoittamalla 2 ja painamalla "Enter" poistaaksesi tarttuneet tiedostot. Sinulta kysytään: "Registry cleaning - Do you want to clean the registry ?"; vastaa "Yes" kirjoittamalla Y ja paina "Enter" poistaaksesi työpöydän taustakuvan ja puhdistaaksesi tarttuneet rekisteriavaimet. Työkalu tarkistaa jos wininet.dll on tarttunut. Sinua saatetaan pyytää korvaamaan tarttunut .dll (jos löytyy); vastaa "Yes" kirjoittamalla Y ja painamalla "Enter". Työkalun saattaa tarvita käynnistää kone uudelleen; jos ei tee niin, käynnistä normaaliin Windowsiin. Tekstitiedosto ilmestyy, puhdistusprosessin jäljiltä; kopioi & liitä tämän raportin tulokset vastaukseesi. Raportti löytyy paikalliselta levyltäsi, useimmiten C:\rapport.txt. Varoitus : Ajamalla optio 2:n EI-tarttuneessa tietokoneessa, poistaa sinun työpöytäsi taustakuvan. ja sitten... Tallenna nämä ohjeet tekstitiedostoon tai tulosta nämä, muuten et pääse niihin käsiksi vikasietotilasta Lataa AVG Anti-Spyware 7.5 ja tallenna ohjelma työpöydällesi. *Kun olet ladannut ohjelman, kaksoisklikkaa asennuohjelman pikakuvaketta työpöydälläsi, asennus alkaa. *Asennuksen jälkeen täytyy ohjelma käynnistää ja sen tunnisteet päivittää. *Käynnistä AVG Anti-Spyware. *Klikkaa "Update" kuvaketta päävalikossa. Sen jälkeen klikkaa "Update now" painiketta. *Sitten klikkaa "Start Update" kuvaketta jolloin päivitys alkaa. *Kun päivitykset on ladattu, klikkaa "Scanner" kuvaketta ikkunan ylälaidassa. Valitse sitten "Settings" välilehti. *Kun "Settings" valikko on auennut, klikkaa "Recommended actions" ja sitten valitse "Quarantine". *Sitten "Reports" valikon alta: *Laita täppi kohtaan "Automatically generate report after every scan" *Ota täppi pois kohdasta"Only if threats were found *Sitten klikkaa "Shield" kuvaketta ikkunan ylälaidassa *"Resident shield is", muuta tila active:sta inactive:ksi *Sulje ohjelma, ÄLÄ skannaa vielä. Käynnistä koneesi vikasietotilaan, Ohje! HUOM! Älä käytä muita ohjelmia AVG skannauksen aikana, tämä saattaa häiritä skannausta. *Kun vikasietotilassa, käynnistä AVG Anti-Spyware. *Klikkaa "Scanner" kuvaketta ikkunan ylälaidassa ja valitse "Scan" välilehti. Sitten klikkaa "Complete System Scan". *AVG aloittaa nyt tietokoneen skannaamisen, ole kärsivällinen sillä skannaus vie aikaa. Kun skannaus on valmis: TÄRKEÄÄ : Älä klikkaa "Save Scan Report" ennen kuin klikkaat "Apply all Actions" *Varmistu, että Set all elements to: näyttää Quarantine (1), jos ei, klikkaa linkkiä ja valitse Quarantine popup-valikosta. *Sinulta kysytään mitä tehdä jos infektioita löytyi, valitse silloin "Apply all actions" *Sitten klikkaa "Reports" kuvaketta ohjelma yläosasta. *Klikkaa "Save report as" painiketta ikkunan vasemmassa alalaidassa ja tallenna raportti työpöydälle. *Sulje ohjelma, käynnistä kone normaalisti ja lähetä AVG:n raportti viestikejuusi. Lähetä Smitfraud-loki + AVG-loki ja uusi hjt-loki
SmitFraudFix v2.181 Scan done at 18:44:17,21, ke 16.05.2007 Run from C:\Documents and Settings\JUHO\Ty”p”yt„\SmitfraudFix OS: Microsoft Windows XP [versio 5.1.2600] - Windows_NT The filesystem type is NTFS Fix run in safe mode »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler] "{735e980d-45d2-4777-af82-9923d3c8d3ae}"="heterandrous" [HKEY_CLASSES_ROOT\CLSID\{735e980d-45d2-4777-af82-9923d3c8d3ae}\InProcServer32] @="C:\WINDOWS\system32\kgkdbsk.dll" [HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{735e980d-45d2-4777-af82-9923d3c8d3ae}\InProcServer32] @="C:\WINDOWS\system32\kgkdbsk.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler] "{6ad686b9-ab56-4ebc-a804-9f70b55b4577}"="floripondio" [HKEY_CLASSES_ROOT\CLSID\{6ad686b9-ab56-4ebc-a804-9f70b55b4577}\InProcServer32] @="C:\WINDOWS\system32\uimcu.dll" [HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{6ad686b9-ab56-4ebc-a804-9f70b55b4577}\InProcServer32] @="C:\WINDOWS\system32\uimcu.dll" »»»»»»»»»»»»»»»»»»»»»»»» Killing process »»»»»»»»»»»»»»»»»»»»»»»» hosts 127.0.0.1 localhost »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix GenericRenosFix by S!Ri »»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files C:\DOCUME~1\ALLUSE~1\KYNNIS~1\Online Security Guide.url Deleted C:\DOCUME~1\ALLUSE~1\KYNNIS~1\Security Troubleshooting.url Deleted C:\DOCUME~1\JUHO\Suosikit\Online Security Test.url Deleted C:\Program Files\Video ActiveX Access\ Deleted »»»»»»»»»»»»»»»»»»»»»»»» DNS HKLM\SYSTEM\CCS\Services\Tcpip\..\{85505910-7BE5-4112-B0A9-B85635E73B6E}: DhcpNameServer=62.148.192.130 62.148.192.154 HKLM\SYSTEM\CS1\Services\Tcpip\..\{85505910-7BE5-4112-B0A9-B85635E73B6E}: DhcpNameServer=62.148.192.130 62.148.192.154 HKLM\SYSTEM\CS2\Services\Tcpip\..\{85505910-7BE5-4112-B0A9-B85635E73B6E}: DhcpNameServer=62.148.192.130 62.148.192.154 HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=62.148.192.130 62.148.192.154 HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=62.148.192.130 62.148.192.154 HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=62.148.192.130 62.148.192.154 »»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System !!!Attention, following keys are not inevitably infected!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] "System"="" »»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning Registry Cleaning done. »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler] "{6ad686b9-ab56-4ebc-a804-9f70b55b4577}"="floripondio" [HKEY_CLASSES_ROOT\CLSID\{6ad686b9-ab56-4ebc-a804-9f70b55b4577}\InProcServer32] @="C:\WINDOWS\system32\uimcu.dll" [HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{6ad686b9-ab56-4ebc-a804-9f70b55b4577}\InProcServer32] @="C:\WINDOWS\system32\uimcu.dll" »»»»»»»»»»»»»»»»»»»»»»»» End --------------------------------------------------------- AVG Anti-Spyware - Scan Report --------------------------------------------------------- + Created at: 20:19:37 16.5.2007 + Scan result: HKU\S-1-5-21-1390067357-152049171-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{31615D5C-5126-448A-818A-A7CDFEE85A9B} -> Adware.Generic : Cleaned with backup (quarantined). HKU\S-1-5-21-1390067357-152049171-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7A8F5B7A-A74F-495E-8A33-DF6226D2BAD8} -> Adware.Generic : Cleaned with backup (quarantined). C:\System Volume Information\_restore{7E820A30-E1E0-4B43-92AC-6DAC6E9D5C6D}\RP33\A0003570.ini -> Adware.Qworke : Cleaned with backup (quarantined). C:\System Volume Information\_restore{7E820A30-E1E0-4B43-92AC-6DAC6E9D5C6D}\RP33\A0003578.exe -> Adware.SpyLocked : Cleaned with backup (quarantined). C:\System Volume Information\_restore{7E820A30-E1E0-4B43-92AC-6DAC6E9D5C6D}\RP30\A0003350.exe -> Downloader.Small.cx : Cleaned with backup (quarantined). C:\System Volume Information\_restore{7E820A30-E1E0-4B43-92AC-6DAC6E9D5C6D}\RP30\A0003368.exe -> Downloader.Small.cx : Cleaned with backup (quarantined). C:\System Volume Information\_restore{7E820A30-E1E0-4B43-92AC-6DAC6E9D5C6D}\RP30\A0003389.exe -> Downloader.Small.cx : Cleaned with backup (quarantined). C:\System Volume Information\_restore{7E820A30-E1E0-4B43-92AC-6DAC6E9D5C6D}\RP30\A0003400.exe -> Downloader.Small.cx : Cleaned with backup (quarantined). C:\System Volume Information\_restore{7E820A30-E1E0-4B43-92AC-6DAC6E9D5C6D}\RP31\A0003413.exe -> Downloader.Small.cx : Cleaned with backup (quarantined). C:\System Volume Information\_restore{7E820A30-E1E0-4B43-92AC-6DAC6E9D5C6D}\RP31\A0003431.exe -> Downloader.Small.cx : Cleaned with backup (quarantined). C:\System Volume Information\_restore{7E820A30-E1E0-4B43-92AC-6DAC6E9D5C6D}\RP31\A0003441.exe -> Downloader.Small.cx : Cleaned with backup (quarantined). C:\System Volume Information\_restore{7E820A30-E1E0-4B43-92AC-6DAC6E9D5C6D}\RP32\A0003451.exe -> Downloader.Small.cx : Cleaned with backup (quarantined). C:\System Volume Information\_restore{7E820A30-E1E0-4B43-92AC-6DAC6E9D5C6D}\RP30\A0003395.exe -> Downloader.Zlob.abw : Cleaned with backup (quarantined). C:\System Volume Information\_restore{7E820A30-E1E0-4B43-92AC-6DAC6E9D5C6D}\RP33\A0003523.exe -> Downloader.Zlob.azc : Cleaned with backup (quarantined). C:\System Volume Information\_restore{7E820A30-E1E0-4B43-92AC-6DAC6E9D5C6D}\RP30\A0003352.exe -> Downloader.Zlob.bfj : Cleaned with backup (quarantined). C:\System Volume Information\_restore{7E820A30-E1E0-4B43-92AC-6DAC6E9D5C6D}\RP30\A0003370.exe -> Downloader.Zlob.bfj : Cleaned with backup (quarantined). C:\System Volume Information\_restore{7E820A30-E1E0-4B43-92AC-6DAC6E9D5C6D}\RP30\A0003390.exe -> Downloader.Zlob.bfj : Cleaned with backup (quarantined). C:\System Volume Information\_restore{7E820A30-E1E0-4B43-92AC-6DAC6E9D5C6D}\RP32\A0003465.exe -> Downloader.Zlob.bng : Cleaned with backup (quarantined). C:\System Volume Information\_restore{7E820A30-E1E0-4B43-92AC-6DAC6E9D5C6D}\RP30\A0003405.exe -> Downloader.Zlob.bor : Cleaned with backup (quarantined). C:\System Volume Information\_restore{7E820A30-E1E0-4B43-92AC-6DAC6E9D5C6D}\RP33\A0003543.exe -> Downloader.Zlob.btq : Cleaned with backup (quarantined). C:\System Volume Information\_restore{7E820A30-E1E0-4B43-92AC-6DAC6E9D5C6D}\RP33\A0003564.exe -> Downloader.Zlob.btq : Cleaned with backup (quarantined). C:\System Volume Information\_restore{7E820A30-E1E0-4B43-92AC-6DAC6E9D5C6D}\RP33\A0003590.exe -> Downloader.Zlob.btq : Cleaned with backup (quarantined). C:\System Volume Information\_restore{7E820A30-E1E0-4B43-92AC-6DAC6E9D5C6D}\RP33\A0003591.exe -> Downloader.Zlob.btq : Cleaned with backup (quarantined). C:\System Volume Information\_restore{7E820A30-E1E0-4B43-92AC-6DAC6E9D5C6D}\RP30\A0003349.dll -> Downloader.Zlob.yt : Cleaned with backup (quarantined). C:\System Volume Information\_restore{7E820A30-E1E0-4B43-92AC-6DAC6E9D5C6D}\RP30\A0003367.dll -> Downloader.Zlob.yt : Cleaned with backup (quarantined). C:\System Volume Information\_restore{7E820A30-E1E0-4B43-92AC-6DAC6E9D5C6D}\RP30\A0003388.dll -> Downloader.Zlob.yt : Cleaned with backup (quarantined). C:\System Volume Information\_restore{7E820A30-E1E0-4B43-92AC-6DAC6E9D5C6D}\RP30\A0003394.exe -> Downloader.Zlob.yt : Cleaned with backup (quarantined). :mozilla.257:C:\Documents and Settings\JUHO\Application Data\Mozilla\Firefox\Profiles\z6rnv914.default\cookies.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.258:C:\Documents and Settings\JUHO\Application Data\Mozilla\Firefox\Profiles\z6rnv914.default\cookies.txt -> TrackingCookie.2o7 : Cleaned. C:\Documents and Settings\JUHO\Cookies\juho@2o7[2].txt -> TrackingCookie.2o7 : Cleaned. C:\Documents and Settings\JUHO\Cookies\juho@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned. :mozilla.48:C:\Documents and Settings\JUHO\Application Data\Mozilla\Firefox\Profiles\z6rnv914.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned. :mozilla.49:C:\Documents and Settings\JUHO\Application Data\Mozilla\Firefox\Profiles\z6rnv914.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned. :mozilla.52:C:\Documents and Settings\JUHO\Application Data\Mozilla\Firefox\Profiles\z6rnv914.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned. :mozilla.55:C:\Documents and Settings\JUHO\Application Data\Mozilla\Firefox\Profiles\z6rnv914.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned. :mozilla.56:C:\Documents and Settings\JUHO\Application Data\Mozilla\Firefox\Profiles\z6rnv914.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned. :mozilla.62:C:\Documents and Settings\JUHO\Application Data\Mozilla\Firefox\Profiles\z6rnv914.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned. :mozilla.63:C:\Documents and Settings\JUHO\Application Data\Mozilla\Firefox\Profiles\z6rnv914.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned. :mozilla.66:C:\Documents and Settings\JUHO\Application Data\Mozilla\Firefox\Profiles\z6rnv914.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned. :mozilla.72:C:\Documents and Settings\JUHO\Application Data\Mozilla\Firefox\Profiles\z6rnv914.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned. :mozilla.79:C:\Documents and Settings\JUHO\Application Data\Mozilla\Firefox\Profiles\z6rnv914.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned. :mozilla.80:C:\Documents and Settings\JUHO\Application Data\Mozilla\Firefox\Profiles\z6rnv914.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned. :mozilla.87:C:\Documents and Settings\JUHO\Application Data\Mozilla\Firefox\Profiles\z6rnv914.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned. :mozilla.47:C:\Documents and Settings\JUHO\Application Data\Mozilla\Firefox\Profiles\z6rnv914.default\cookies.txt -> TrackingCookie.Adengage : Cleaned. :mozilla.32:C:\Documents and Settings\JUHO\Application Data\Mozilla\Firefox\Profiles\z6rnv914.default\cookies.txt -> TrackingCookie.Adtech : Cleaned. :mozilla.33:C:\Documents and Settings\JUHO\Application Data\Mozilla\Firefox\Profiles\z6rnv914.default\cookies.txt -> TrackingCookie.Adtech : Cleaned. C:\Documents and Settings\JUHO\Cookies\juho@adtech[2].txt -> TrackingCookie.Adtech : Cleaned. :mozilla.30:C:\Documents and Settings\JUHO\Application Data\Mozilla\Firefox\Profiles\z6rnv914.default\cookies.txt -> TrackingCookie.Advertising : Cleaned. :mozilla.31:C:\Documents and Settings\JUHO\Application Data\Mozilla\Firefox\Profiles\z6rnv914.default\cookies.txt -> TrackingCookie.Advertising : Cleaned. :mozilla.34:C:\Documents and Settings\JUHO\Application Data\Mozilla\Firefox\Profiles\z6rnv914.default\cookies.txt -> TrackingCookie.Advertising : Cleaned. :mozilla.194:C:\Documents and Settings\JUHO\Application Data\Mozilla\Firefox\Profiles\z6rnv914.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned. :mozilla.195:C:\Documents and Settings\JUHO\Application Data\Mozilla\Firefox\Profiles\z6rnv914.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned. :mozilla.196:C:\Documents and Settings\JUHO\Application Data\Mozilla\Firefox\Profiles\z6rnv914.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned. :mozilla.197:C:\Documents and Settings\JUHO\Application Data\Mozilla\Firefox\Profiles\z6rnv914.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned. :mozilla.198:C:\Documents and Settings\JUHO\Application Data\Mozilla\Firefox\Profiles\z6rnv914.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned. :mozilla.239:C:\Documents and Settings\JUHO\Application Data\Mozilla\Firefox\Profiles\z6rnv914.default\cookies.txt -> TrackingCookie.Clickbank : Cleaned. :mozilla.178:C:\Documents and Settings\JUHO\Application Data\Mozilla\Firefox\Profiles\z6rnv914.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned. :mozilla.179:C:\Documents and Settings\JUHO\Application Data\Mozilla\Firefox\Profiles\z6rnv914.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned. :mozilla.181:C:\Documents and Settings\JUHO\Application Data\Mozilla\Firefox\Profiles\z6rnv914.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned. :mozilla.182:C:\Documents and Settings\JUHO\Application Data\Mozilla\Firefox\Profiles\z6rnv914.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned. C:\Documents and Settings\JUHO\Cookies\juho@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : Cleaned. :mozilla.36:C:\Documents and Settings\JUHO\Application Data\Mozilla\Firefox\Profiles\z6rnv914.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned. :mozilla.205:C:\Documents and Settings\JUHO\Application Data\Mozilla\Firefox\Profiles\z6rnv914.default\cookies.txt -> TrackingCookie.Falkag : Cleaned. :mozilla.206:C:\Documents and Settings\JUHO\Application Data\Mozilla\Firefox\Profiles\z6rnv914.default\cookies.txt -> TrackingCookie.Falkag : Cleaned. :mozilla.207:C:\Documents and Settings\JUHO\Application Data\Mozilla\Firefox\Profiles\z6rnv914.default\cookies.txt -> TrackingCookie.Falkag : Cleaned. :mozilla.221:C:\Documents and Settings\JUHO\Application Data\Mozilla\Firefox\Profiles\z6rnv914.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned. :mozilla.136:C:\Documents and Settings\JUHO\Application Data\Mozilla\Firefox\Profiles\z6rnv914.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned. :mozilla.240:C:\Documents and Settings\JUHO\Application Data\Mozilla\Firefox\Profiles\z6rnv914.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned. :mozilla.216:C:\Documents and Settings\JUHO\Application Data\Mozilla\Firefox\Profiles\z6rnv914.default\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned. :mozilla.217:C:\Documents and Settings\JUHO\Application Data\Mozilla\Firefox\Profiles\z6rnv914.default\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned. :mozilla.166:C:\Documents and Settings\JUHO\Application Data\Mozilla\Firefox\Profiles\z6rnv914.default\cookies.txt -> TrackingCookie.Masterstats : Cleaned. C:\Documents and Settings\JUHO\Cookies\juho@ie.search.msn[1].txt -> TrackingCookie.Msn : Cleaned. :mozilla.167:C:\Documents and Settings\JUHO\Application Data\Mozilla\Firefox\Profiles\z6rnv914.default\cookies.txt -> TrackingCookie.Paycounter : Cleaned. :mozilla.73:C:\Documents and Settings\JUHO\Application Data\Mozilla\Firefox\Profiles\z6rnv914.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned. :mozilla.74:C:\Documents and Settings\JUHO\Application Data\Mozilla\Firefox\Profiles\z6rnv914.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned. :mozilla.75:C:\Documents and Settings\JUHO\Application Data\Mozilla\Firefox\Profiles\z6rnv914.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned. :mozilla.76:C:\Documents and Settings\JUHO\Application Data\Mozilla\Firefox\Profiles\z6rnv914.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned. :mozilla.77:C:\Documents and Settings\JUHO\Application Data\Mozilla\Firefox\Profiles\z6rnv914.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned. :mozilla.78:C:\Documents and Settings\JUHO\Application Data\Mozilla\Firefox\Profiles\z6rnv914.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned. :mozilla.168:C:\Documents and Settings\JUHO\Application Data\Mozilla\Firefox\Profiles\z6rnv914.default\cookies.txt -> TrackingCookie.Sexlist : Cleaned. :mozilla.208:C:\Documents and Settings\JUHO\Application Data\Mozilla\Firefox\Profiles\z6rnv914.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned. :mozilla.209:C:\Documents and Settings\JUHO\Application Data\Mozilla\Firefox\Profiles\z6rnv914.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned. :mozilla.210:C:\Documents and Settings\JUHO\Application Data\Mozilla\Firefox\Profiles\z6rnv914.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned. :mozilla.211:C:\Documents and Settings\JUHO\Application Data\Mozilla\Firefox\Profiles\z6rnv914.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned. :mozilla.212:C:\Documents and Settings\JUHO\Application Data\Mozilla\Firefox\Profiles\z6rnv914.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned. :mozilla.213:C:\Documents and Settings\JUHO\Application Data\Mozilla\Firefox\Profiles\z6rnv914.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned. :mozilla.18:C:\Documents and Settings\JUHO\Application Data\Mozilla\Firefox\Profiles\z6rnv914.default\cookies.txt -> TrackingCookie.Statistik-gallup : Cleaned. C:\Documents and Settings\JUHO\Cookies\juho@statistik-gallup[1].txt -> TrackingCookie.Statistik-gallup : Cleaned. :mozilla.64:C:\Documents and Settings\JUHO\Application Data\Mozilla\Firefox\Profiles\z6rnv914.default\cookies.txt -> TrackingCookie.Toplist : Cleaned. :mozilla.24:C:\Documents and Settings\JUHO\Application Data\Mozilla\Firefox\Profiles\z6rnv914.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned. :mozilla.25:C:\Documents and Settings\JUHO\Application Data\Mozilla\Firefox\Profiles\z6rnv914.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned. :mozilla.199:C:\Documents and Settings\JUHO\Application Data\Mozilla\Firefox\Profiles\z6rnv914.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned. :mozilla.200:C:\Documents and Settings\JUHO\Application Data\Mozilla\Firefox\Profiles\z6rnv914.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned. :mozilla.95:C:\Documents and Settings\JUHO\Application Data\Mozilla\Firefox\Profiles\z6rnv914.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned. :mozilla.133:C:\Documents and Settings\JUHO\Application Data\Mozilla\Firefox\Profiles\z6rnv914.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned. :mozilla.134:C:\Documents and Settings\JUHO\Application Data\Mozilla\Firefox\Profiles\z6rnv914.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned. :mozilla.135:C:\Documents and Settings\JUHO\Application Data\Mozilla\Firefox\Profiles\z6rnv914.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned. :mozilla.172:C:\Documents and Settings\JUHO\Application Data\Mozilla\Firefox\Profiles\z6rnv914.default\cookies.txt -> TrackingCookie.Zedo : Cleaned. :mozilla.173:C:\Documents and Settings\JUHO\Application Data\Mozilla\Firefox\Profiles\z6rnv914.default\cookies.txt -> TrackingCookie.Zedo : Cleaned. :mozilla.174:C:\Documents and Settings\JUHO\Application Data\Mozilla\Firefox\Profiles\z6rnv914.default\cookies.txt -> TrackingCookie.Zedo : Cleaned. C:\System Volume Information\_restore{7E820A30-E1E0-4B43-92AC-6DAC6E9D5C6D}\RP30\A0003404.dll -> Trojan.BHO.a : Cleaned with backup (quarantined). ::Report end Logfile of HijackThis v1.99.1 Scan saved at 20:45:00, on 16.5.2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\PROGRA~1\Grisoft\AVG7\avgcc.exe C:\PROGRA~1\Grisoft\AVG7\avgemc.exe C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe C:\Program Files\Winamp\winampa.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\JUHO\Työpöytä\Älä käytä\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: (no name) - {B8C5186E-EC37-4889-9C2E-F73649FFB7BB} - C:\Program Files\Video ActiveX Access\iesplg.dll (file missing) O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
Moi! Sen verran uusi Smitfraud infektio että Smitfraud fixi minkä latasit ja ajoit 13.5 ei pystynyt poistaa örkit.Nyt pystyy Poista SmitfraudFix.exe koneelta(voi myös löytyä C:\ juuresta jotain) ja lataa uusi Smitfraufix.exe käyttäen samaa linkkiä mitä on siinä pari viestiä ylempänä Ja sitten optio 2 uudelleen ohjeitten mukaisesti..... Printtaa ohjeet ulos tai tallenna nämä tekstitiedostoon. Käynnistä koneesi vikasietotilaan ja valitse tavallinen käyttäjätilisi. Kun vikasietotilassa, tuplaklikkaa tiedostoa SmitfraudFix.exe Valitse optio #2 - Clean kirjoittamalla 2 ja painamalla "Enter" poistaaksesi tarttuneet tiedostot. Sinulta kysytään: "Registry cleaning - Do you want to clean the registry ?"; vastaa "Yes" kirjoittamalla Y ja paina "Enter" poistaaksesi työpöydän taustakuvan ja puhdistaaksesi tarttuneet rekisteriavaimet. Työkalu tarkistaa jos wininet.dll on tarttunut. Sinua saatetaan pyytää korvaamaan tarttunut .dll (jos löytyy); vastaa "Yes" kirjoittamalla Y ja painamalla "Enter". Työkalun saattaa tarvita käynnistää kone uudelleen; jos ei tee niin, käynnistä normaaliin Windowsiin. Tekstitiedosto ilmestyy, puhdistusprosessin jäljiltä; kopioi & liitä tämän raportin tulokset vastaukseesi. Raportti löytyy paikalliselta levyltäsi, useimmiten C:\rapport.txt. Varoitus : Ajamalla optio 2:n EI-tarttuneessa tietokoneessa, poistaa sinun työpöytäsi taustakuvan. Lähetä uusi hjt-loki ja smitfraud-loki
