XP pro: voitteko antaa vinkkiä?

careliano · 14.10.2007

Tässä näytille uusin raportti kun näytölle tulee jakuvasti virus varoituksia jotka siirtävät Argentiinalaiselle virustorjunta ohjelma sivulle koko ajan. Lisäksi vilkkuu oik.alakulmassa keltainen kolmio missä on sisällä varoitusmerkki. Muuten kone toimii ja olen skannannut F-Securella, ei voi poistaa kuitenkaan;

Logfile of HijackThis v1.99.1
Scan saved at 15:52:27, on 14.10.2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
D:\Program Files\F-Secure Internet Security\Anti-Virus\fsgk32st.exe
D:\Program Files\F-Secure Internet Security\Anti-Virus\FSGK32.EXE
D:\Program Files\F-Secure Internet Security\Common\FSMA32.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
D:\Program Files\F-Secure Internet Security\Common\FSMB32.EXE
D:\Program Files\F-Secure Internet Security\Common\FCH32.EXE
D:\Program Files\F-Secure Internet Security\Common\FAMEH32.EXE
D:\Program Files\F-Secure Internet Security\Anti-Virus\fsqh.exe
D:\Program Files\F-Secure Internet Security\FSAUA\program\fsaua.exe
D:\Program Files\F-Secure Internet Security\FWES\Program\fsdfwd.exe
D:\Program Files\F-Secure Internet Security\Anti-Virus\fssm32.exe
D:\Program Files\F-Secure Internet Security\FSAUA\program\fsus.exe
C:\WINDOWS\Explorer.EXE
D:\Program Files\F-Secure Internet Security\Anti-Virus\fsav32.exe
C:\WINDOWS\System32\CTHELPER.EXE
D:\Program Files\F-Secure Internet Security\Common\FSM32.EXE
D:\Program Files\F-Secure Internet Security\FSGUI\fsguidll.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Opera\Opera.exe
C:\WINDOWS\System32\msiexec.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\WinZip\WINZIP32.EXE
C:\Documents and Settings\Marko P\Omat tiedostot\Unzipped\hijackthis_199\HijackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://zonealarm/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\System32\xkvcqpms.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [F-Secure Manager] "D:\Program Files\F-Secure Internet Security\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "D:\Program Files\F-Secure Internet Security\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [SearchIndexer] rundll32.exe "C:\WINDOWS\System32\lqoyipnw.dll",sitypnow
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O10 - Unknown file in Winsock LSP: d:\program files\f-secure internet security\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: d:\program files\f-secure internet security\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: d:\program files\f-secure internet security\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: d:\program files\f-secure internet security\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: d:\program files\f-secure internet security\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: d:\program files\f-secure internet security\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: d:\program files\f-secure internet security\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: d:\program files\f-secure internet security\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: d:\program files\f-secure internet security\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: d:\program files\f-secure internet security\fsps\program\fslsp.dll
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/fi/securityadvisor/virusinfo/webscan.cab
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - D:\Program Files\F-Secure Internet Security\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - D:\Program Files\F-Secure Internet Security\FSAUA\program\fsaua.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - D:\Program Files\F-Secure Internet Security\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - D:\Program Files\F-Secure Internet Security\Common\FSMA32.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: PDExchange - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDExchange.exe
O23 - Service: Windows Management Service (wms) - Unknown owner - C:\WINDOWS\System32\wms.exe (file missing)

AfterDawn

Hujo · 14.10.2007

Lataa VundoFix.exe työpöydällesi.

Tupla-klikkaa VundoFix.exe ajaaksesi sen.
Klikkaa Scan for Vundo valintaa.
Kun skannaus on valmis, klikkaa Remove Vundo valintaa.
Sinulta kysytään haluatko poistaa filut - klikkaa YES.
Kun olet klikannut yes, työpöytäsi tyhjenee kun se alkaa poistamaan Vundoa.
Kun se on valmis, fiksi ilmoittaa käynnistäväsi koneesi uudelleen, klikkaa OK.
Postita C:\vundofix.txt lokin sekä tuoreen HijackThis lokin sisältö.

Huomaa: Se on mahdollista että VundoFix löysi tiedoston jota se ei pystynyt poistamaan.
Tässä tilanteessa, VundoFix ajaa itsensä rebootissa, seuraa vain yläpuolelle olevia ohjeita alkaen kohdasta "Klikkaa Scan for Vundo valintaa." kun VundoFix ilmaantuu uudelleenkäynnistyksen yhteydessä.

===============

Laita HijackThis.exe omaan kansioon

C:\HJT\HijackThis.exe sitten tuossa alla uudelleen nimeäminen

===============

Uudelleen nimeäminen

1. Klikkaa hiiren oikealla painikkeella HijackThis ikonia.

2. Valitse Uudelleennineä/ Rename.

3. Kirjoita scanner.exe

careliano · 14.10.2007

kiitos Hujo.
skannaus on nyt kesken, seurasin aikaisempia neuvojasi näillä sivuilla ja nyt on eScan-ajossa tällä hetkellä; eräässä ohjeessasi näin neuvoit ja olen seurannut niiden mukaan tämän päivän .
Tässä tämä Hizäkki, liitän myöhemmin muut kunhan ne saan!:

Logfile of HijackThis v1.99.1
Scan saved at 15:52:27, on 14.10.2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
D:\Program Files\F-Secure Internet Security\Anti-Virus\fsgk32st.exe
D:\Program Files\F-Secure Internet Security\Anti-Virus\FSGK32.EXE
D:\Program Files\F-Secure Internet Security\Common\FSMA32.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
D:\Program Files\F-Secure Internet Security\Common\FSMB32.EXE
D:\Program Files\F-Secure Internet Security\Common\FCH32.EXE
D:\Program Files\F-Secure Internet Security\Common\FAMEH32.EXE
D:\Program Files\F-Secure Internet Security\Anti-Virus\fsqh.exe
D:\Program Files\F-Secure Internet Security\FSAUA\program\fsaua.exe
D:\Program Files\F-Secure Internet Security\FWES\Program\fsdfwd.exe
D:\Program Files\F-Secure Internet Security\Anti-Virus\fssm32.exe
D:\Program Files\F-Secure Internet Security\FSAUA\program\fsus.exe
C:\WINDOWS\Explorer.EXE
D:\Program Files\F-Secure Internet Security\Anti-Virus\fsav32.exe
C:\WINDOWS\System32\CTHELPER.EXE
D:\Program Files\F-Secure Internet Security\Common\FSM32.EXE
D:\Program Files\F-Secure Internet Security\FSGUI\fsguidll.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Opera\Opera.exe
C:\WINDOWS\System32\msiexec.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\WinZip\WINZIP32.EXE
C:\Documents and Settings\Marko P\Omat tiedostot\Unzipped\hijackthis_199\HijackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://zonealarm/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\System32\xkvcqpms.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [F-Secure Manager] "D:\Program Files\F-Secure Internet Security\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "D:\Program Files\F-Secure Internet Security\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [SearchIndexer] rundll32.exe "C:\WINDOWS\System32\lqoyipnw.dll",sitypnow
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O10 - Unknown file in Winsock LSP: d:\program files\f-secure internet security\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: d:\program files\f-secure internet security\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: d:\program files\f-secure internet security\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: d:\program files\f-secure internet security\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: d:\program files\f-secure internet security\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: d:\program files\f-secure internet security\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: d:\program files\f-secure internet security\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: d:\program files\f-secure internet security\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: d:\program files\f-secure internet security\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: d:\program files\f-secure internet security\fsps\program\fslsp.dll
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/fi/securityadvisor/virusinfo/webscan.cab
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - D:\Program Files\F-Secure Internet Security\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - D:\Program Files\F-Secure Internet Security\FSAUA\program\fsaua.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - D:\Program Files\F-Secure Internet Security\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - D:\Program Files\F-Secure Internet Security\Common\FSMA32.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: PDExchange - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDExchange.exe
O23 - Service: Windows Management Service (wms) - Unknown owner - C:\WINDOWS\System32\wms.exe (file missing)

careliano · 14.10.2007

TÄSSÄ vielä uunituore,juuri tullut eScan:in örkkilista:

Mitäs nytten?

File C:\WINDOWS\System32\.0XE infected by "Backdoor.Win32.IRCBot.afl" Virus. Action Taken: File Renamed.
File C:\WINDOWS\System32\FDTNWTVS.0XE infected by "Trojan.Win32.Agent.bck" Virus. Action Taken: File Deleted.
File C:\WINDOWS\System32\swtfhvjq.exe.bak infected by "Trojan.Win32.Agent.bck" Virus. Action Taken: File Deleted.
File C:\WINDOWS\System32\WMS.0XE infected by "Backdoor.Win32.IRCBot.afl" Virus. Action Taken: File Renamed.
File C:\Documents and Settings\Marko P\Local Settings\Temp\alpixxkl.0xe infected by "Trojan.Win32.Agent.bck" Virus. Action Taken: File Deleted.
File C:\Documents and Settings\Marko P\Local Settings\Temp\BVHJTJCY.0XE infected by "Trojan.Win32.Agent.bck" Virus. Action Taken: File Deleted.
File C:\Documents and Settings\Marko P\Local Settings\Temp\HDPKOCNC.0XE infected by "Trojan.Win32.Agent.bck" Virus. Action Taken: File Deleted.
File C:\Documents and Settings\Marko P\Local Settings\Temp\lwrocali.0xe infected by "Trojan.Win32.Agent.bck" Virus. Action Taken: File Deleted.
File C:\Documents and Settings\Marko P\Local Settings\Temp\mvpynhgk.0xe infected by "Trojan.Win32.Agent.bck" Virus. Action Taken: File Deleted.
File C:\Documents and Settings\Marko P\Local Settings\Temp\vlmrlvvu.0xe infected by "Trojan.Win32.Agent.bck" Virus. Action Taken: File Deleted.
File C:\Documents and Settings\Marko P\Local Settings\Temporary Internet Files\Content.IE5\4T232TWR\VALERA[1].0 infected by "Trojan.Win32.Agent.bck" Virus. Action Taken: File Deleted.
File C:\Documents and Settings\Marko P\Local Settings\Temporary Internet Files\Content.IE5\P072NATO\VALERA[1].0 infected by "Trojan.Win32.Agent.bck" Virus. Action Taken: File Deleted.

careliano · 14.10.2007

VUNDO:n logissa luki näin kun en saa sitä liitettyä thän suoraan niin kirjoitan käsin:
C:\WINDOWS\system32\icwvcccg.dll
c:\windows\system32\iystuing.dll
ei muuta , aieemin siinä oli enemmän ilmoituksia.
Sitten olisi vielä kysyttävää näistä ilmoituksista joita pukkaa nyt alinomaan:

"Critical System Warning" -lukee ilmoitusikkunan ylälaidassa. Ikkuna(t) ilmestyvät aika-ajoi.

"Your system is Probably infected with latest version of
Spyware.CyberLog-X.
Type: Spyware
Infection lenght: 266.129 bytes
Risk: High
System affected: Windows 95,98,2000,NT,2003 Server, Windows XP
Behaviors: Spyware, CyberLog-X is a spyware program that monitors user activity, logs keystrokes and traks web sites visited.
Symptoms: Low internet connection speed
Low system perfomance
Security center alerts
Strange popup windows
Protection: Click "ON" to Download antispyware sowtware"

Myös seuraava ilmoitus on kirjoitettu ylös:

"Microsoft Internet Explorer"

"W32.myzor.fk@yf is a virus that files with .exe extensions. It attenps to steal passwords and private and information from the infected computer.
TYPE: Virus
Infection lenght: 138.293 bytes
System Affected: WIndows 95,98,ME,NT (all versions),2003,windows XP(all service packs)
Systems NOT affected: COS,EPOC,Linux,MacIntosh,Novell Netware, OS/2, UNIX.
Technical details : 1. Creates files in %windir&\directory.
By default, this is a C:\windows
2. Adds values to registery keys:
HK_LOCAL_MNACHINE\software\microsoft\windows\current version\run
3. Scans the ahrddrive for .exe files and infects
any executable files.
Searches for paswords information,which it
may sed to a remote attacker.
Recomendations: Click"OK" to download offically approved security software. Always keep you patch levels uo-ti-date"

Joo,eikä siinä kaikki; näytööle ilmestyy myös aika-ajoin explorerin kautta sivuja joissa voi ladata antivirus-ohjelmia vaikka olisin toisella "Opera" selaimella itse...
Myös "Fatal Error" ilmoitus on näkynyt, viitta johonkin muistiin...
Voinko tarkistaa muistin jotekin?
Neuvoista kiitollisin....

Hujo · 14.10.2007

Tuossa vundofixsin alla on ohje tee se ja ota sitten uusi hjt;n loki

careliano · 15.10.2007

Päivää Hujo ja muutkin.
Tässä uunituore raportti:

Logfile of HijackThis v1.99.1
Scan saved at 15:06:08, on 15.10.2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
D:\Program Files\F-Secure Internet Security\Anti-Virus\fsgk32st.exe
D:\Program Files\F-Secure Internet Security\Anti-Virus\FSGK32.EXE
D:\Program Files\F-Secure Internet Security\Common\FSMA32.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
D:\Program Files\F-Secure Internet Security\Common\FSMB32.EXE
C:\WINDOWS\Explorer.EXE
D:\Program Files\F-Secure Internet Security\Common\FCH32.EXE
C:\WINDOWS\System32\CTHELPER.EXE
D:\Program Files\F-Secure Internet Security\Common\FAMEH32.EXE
D:\Program Files\F-Secure Internet Security\Common\FSM32.EXE
D:\Program Files\F-Secure Internet Security\Anti-Virus\fsqh.exe
C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
C:\Program Files\WinZip\WZQKPICK.EXE
D:\Program Files\F-Secure Internet Security\FSAUA\program\fsaua.exe
D:\Program Files\F-Secure Internet Security\FSGUI\fsguidll.exe
D:\Program Files\F-Secure Internet Security\FWES\Program\fsdfwd.exe
D:\Program Files\F-Secure Internet Security\Anti-Virus\fssm32.exe
D:\Program Files\F-Secure Internet Security\FSAUA\program\fsus.exe
D:\Program Files\F-Secure Internet Security\Anti-Virus\fsav32.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Opera\Opera.exe
C:\Documents and Settings\Marko P\Omat tiedostot\Unzipped\hijackthis_199\scanner.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://zonealarm/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: (no name) - {16868439-464B-4E06-BFD6-F7B6D5F6B17E} - C:\WINDOWS\System32\sstrs.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {89AD4D75-2429-462e-BD4E-443F233F6033} - C:\WINDOWS\System32\yxxheyit.dll
O2 - BHO: (no name) - {A95B2816-1D7E-4561-A202-68C0DE02353A} - C:\WINDOWS\System32\yefapptn.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\System32\yefapptn.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [F-Secure Manager] "D:\Program Files\F-Secure Internet Security\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "D:\Program Files\F-Secure Internet Security\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [SearchIndexer] rundll32.exe "C:\WINDOWS\System32\hbteaxfj.dll",sitypnow
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O10 - Unknown file in Winsock LSP: d:\program files\f-secure internet security\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: d:\program files\f-secure internet security\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: d:\program files\f-secure internet security\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: d:\program files\f-secure internet security\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: d:\program files\f-secure internet security\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: d:\program files\f-secure internet security\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: d:\program files\f-secure internet security\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: d:\program files\f-secure internet security\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: d:\program files\f-secure internet security\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: d:\program files\f-secure internet security\fsps\program\fslsp.dll
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/fi/securityadvisor/virusinfo/webscan.cab
O20 - Winlogon Notify: yefapptn - C:\WINDOWS\SYSTEM32\yefapptn.dll
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - D:\Program Files\F-Secure Internet Security\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - D:\Program Files\F-Secure Internet Security\FSAUA\program\fsaua.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - D:\Program Files\F-Secure Internet Security\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - D:\Program Files\F-Secure Internet Security\Common\FSMA32.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: PDExchange - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDExchange.exe
O23 - Service: Windows Management Service (wms) - Unknown owner - C:\WINDOWS\System32\wms.exe (file missing)

Jospa se tästä....?
Scannaus tehty ensin Vundolla.
Miten Vundon raportti saadaan tähän muuten kuin käsin?
Kone varoittelee koko ajan...

careliano · 15.10.2007

tämä ilmoitus tuli ja liitän vielä Vundo:n otteen.

"Fatal error!
Unhalleed Exeption:
Invalid operation: The insturction at "0x66f7d450" referenced.
Memory at "0x00000d0".
If You were in the middle of something, the information you were
working on might be lost.
This fatal error probably occured because at a virus on Your PC.
Would You like to download latest version of antivirus software"

Vundo:
C:\windows\System32\hbteaxfj.dell
C:\windows\System32\jfxaetbh.ini
C:\windows\System32\yefapptn.dll
C:\windows\System32\yxxheyit.dll

eikä muuta nyt näkynyt.
Onko toivoa??

Hujo · 15.10.2007

Poistas tuo vanha Vundofix ja lataa uusi

ajas sitten tuo vundofix uudestaan

Haje se loki tuolta

C:\vundofix.txt
klikkaa siinä lokin päällä hiiren oikenpuoleisella napilla ja valitse kaikki siten klikaat uudeleen oikean puoleisella napilla valise kopioi ja laita liitäen se tänne viesti ketjuun

careliano · 15.10.2007

Jep, kiitos Hujo, tajusin

VundoFix V6.1.5

Checking Java version...

Sun Java not detected
Scan started at 16:35:18 15.10.2007

Listing files found while scanning....

No infected files were found.

Beginning removal...

sellainen ilmoitus vaan mitä ny?

Tämä vielä juuri tullut:

Logfile of HijackThis v1.99.1
Scan saved at 16:51:49, on 15.10.2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
D:\Program Files\F-Secure Internet Security\Anti-Virus\fsgk32st.exe
D:\Program Files\F-Secure Internet Security\Anti-Virus\FSGK32.EXE
D:\Program Files\F-Secure Internet Security\Common\FSMA32.EXE
C:\WINDOWS\System32\CTHELPER.EXE
C:\WINDOWS\System32\nvsvc32.exe
D:\Program Files\F-Secure Internet Security\Common\FSM32.EXE
C:\Program Files\WinZip\WZQKPICK.EXE
D:\Program Files\F-Secure Internet Security\Common\FSMB32.EXE
C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
D:\Program Files\F-Secure Internet Security\Common\FCH32.EXE
D:\Program Files\F-Secure Internet Security\Common\FAMEH32.EXE
D:\Program Files\F-Secure Internet Security\Anti-Virus\fsqh.exe
C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
D:\Program Files\F-Secure Internet Security\FSAUA\program\fsaua.exe
D:\Program Files\F-Secure Internet Security\FSGUI\fsguidll.exe
D:\Program Files\F-Secure Internet Security\FWES\Program\fsdfwd.exe
D:\Program Files\F-Secure Internet Security\Anti-Virus\fssm32.exe
D:\Program Files\F-Secure Internet Security\FSAUA\program\fsus.exe
C:\WINDOWS\System32\wocqwnxa.exe
D:\Program Files\F-Secure Internet Security\Anti-Virus\fsav32.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Opera\Opera.exe
C:\Documents and Settings\Marko P\Omat tiedostot\Unzipped\hijackthis_199\scanner.exe
C:\Program Files\Internet Explorer\iexplore.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://zonealarm/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {89AD4D75-2429-462e-BD4E-443F233F6033} - C:\WINDOWS\System32\iovosbdc.dll
O2 - BHO: (no name) - {A95B2816-1D7E-4561-A202-68C0DE02353A} - C:\WINDOWS\System32\dkzhryam.dll
O2 - BHO: (no name) - {ECD4322B-2B41-42A4-9DE0-1AA4E595F743} - C:\WINDOWS\System32\sstrs.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\System32\dkzhryam.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [F-Secure Manager] "D:\Program Files\F-Secure Internet Security\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "D:\Program Files\F-Secure Internet Security\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [SearchIndexer] rundll32.exe "C:\WINDOWS\System32\nhxywaev.dll",sitypnow
O4 - HKCU\..\Run: [DDC] C:\WINDOWS\System32\wocqwnxa.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O10 - Unknown file in Winsock LSP: d:\program files\f-secure internet security\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: d:\program files\f-secure internet security\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: d:\program files\f-secure internet security\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: d:\program files\f-secure internet security\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: d:\program files\f-secure internet security\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: d:\program files\f-secure internet security\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: d:\program files\f-secure internet security\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: d:\program files\f-secure internet security\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: d:\program files\f-secure internet security\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: d:\program files\f-secure internet security\fsps\program\fslsp.dll
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/fi/securityadvisor/virusinfo/webscan.cab
O20 - Winlogon Notify: dkzhryam - C:\WINDOWS\SYSTEM32\dkzhryam.dll
O23 - Service: DomainService - Unknown owner - C:\WINDOWS\System32\wocqwnxa.exe (file missing)
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - D:\Program Files\F-Secure Internet Security\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - D:\Program Files\F-Secure Internet Security\FSAUA\program\fsaua.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - D:\Program Files\F-Secure Internet Security\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - D:\Program Files\F-Secure Internet Security\Common\FSMA32.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: PDExchange - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDExchange.exe
O23 - Service: Windows Management Service (wms) - Unknown owner - C:\WINDOWS\System32\wms.exe (file missing)

Ok, mutta ei auta, vielä mitä?

Hujo · 15.10.2007

Uusin versio on kylläkin 6.5.10 ja näkyy näin

VundoFix V6.5.10

Checking Java version...

Scan started at 16:56:43 15.10.2007

Listing files found while scanning....

No infected files were found.

Viskaa tuolta kakki vundofix txt roskiin
C:\vundofix.txt
ja kato kun käynnistät vundofixsin että on juuri tuo versio.

Beginning removal...

careliano · 21.10.2007

Tervehdys Hujo ja muut..
Tässä on vundofixilä uusin logi..

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:51:59, on 21.10.2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
D:\Program Files\F-Secure Internet Security\Anti-Virus\fsgk32st.exe
D:\Program Files\F-Secure Internet Security\Anti-Virus\FSGK32.EXE
D:\Program Files\F-Secure Internet Security\Common\FSMA32.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
D:\Program Files\F-Secure Internet Security\Common\FSMB32.EXE
C:\WINDOWS\Explorer.EXE
D:\Program Files\F-Secure Internet Security\Common\FCH32.EXE
D:\Program Files\F-Secure Internet Security\Common\FAMEH32.EXE
D:\Program Files\F-Secure Internet Security\Anti-Virus\fsqh.exe
C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
D:\Program Files\F-Secure Internet Security\FSAUA\program\fsaua.exe
D:\Program Files\F-Secure Internet Security\FWES\Program\fsdfwd.exe
D:\Program Files\F-Secure Internet Security\Anti-Virus\fssm32.exe
D:\Program Files\F-Secure Internet Security\FSAUA\program\fsus.exe
D:\Program Files\F-Secure Internet Security\Anti-Virus\fsav32.exe
C:\WINDOWS\System32\CTHELPER.EXE
D:\Program Files\F-Secure Internet Security\Common\FSM32.EXE
C:\Program Files\WinZip\WZQKPICK.EXE
D:\Program Files\F-Secure Internet Security\FSGUI\fsguidll.exe
C:\PROGRA~1\WINZIP\winzip32.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://zonealarm/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: (no name) - {11A69AE4-FBED-4832-A2BF-45AF82825583} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [F-Secure Manager] "D:\Program Files\F-Secure Internet Security\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "D:\Program Files\F-Secure Internet Security\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/fi/securityadvisor/virusinfo/webscan.cab
O23 - Service: DomainService - Unknown owner - C:\WINDOWS\System32\wocqwnxa.exe (file missing)
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - D:\Program Files\F-Secure Internet Security\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - D:\Program Files\F-Secure Internet Security\FSAUA\program\fsaua.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - D:\Program Files\F-Secure Internet Security\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - D:\Program Files\F-Secure Internet Security\Common\FSMA32.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: PDExchange - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDExchange.exe
O23 - Service: Windows Management Service (wms) - Unknown owner - C:\WINDOWS\System32\wms.exe (file missing)

--
End of file - 4760 bytes

Voisiko olla että nyt ei ole haittoja??

tomato71 · 23.10.2007

moi!
uudelleen nimeä HijackThis.exe vaikkapa careliano.exe:s

poista kaikki vundofix.exe koneelta

Lataa VundoFix.exe työpöydällesi.
*Tupla-klikkaa VundoFix.exe ajaaksesi sen.
*Klikkaa Scan for Vundo valintaa.
*Kun skannaus on valmis, klikkaa Remove Vundo valintaa.
*Sinulta kysytään haluatko poistaa filut - klikkaa YES.
*Kun olet klikannut yes, työpöytäsi tyhjenee kun se alkaa poistamaan Vundoa.
*Kun se on valmis, fiksi ilmoittaa käynnistäväsi koneesi uudelleen, klikkaa OK.
*Postita C:\vundofix.txt lokin sekä tuoreen HijackThis lokin sisältö.

Huomaa: Se on mahdollista että VundoFix löysi tiedoston jota se ei pystynyt poistamaan.
Tässä tilanteessa, VundoFix ajaa itsensä rebootissa, seuraa vain yläpuolelle olevia ohjeita alkaen kohdasta "Klikkaa Scan for Vundo valintaa." kun VundoFix ilmaantuu uudelleenkäynnistyksen yhteydessä.

ja sitten....

1. Lataa combofix.exe työpöydällesi jommastakummasta linkistä:
combofix.exe
combofix.exe

2. Tuplaklikkaa combofix.exe tiedostoa ja seuraa ohjeistuksia.
3. Kun työkalu on valmis, se tuottaa lokin. (C:\ComboFix.txt) Lähetä tämä loki viesti ketjuusi.
Huom! Älä klikkaile combofixin ikkunaa käytön aikana. Tämä saattaa aiheuttaa ohjelman jumiutumisen

Lähetä C:\vundofix.txt +C:\ComboFix.txt + uusi hjt-loki(uudelleen nimeämisen jälkeen)

Kirjaudu tai liity jäseneksi

XP pro: voitteko antaa vinkkiä?

careliano Member

Hujo Guest

careliano Member

careliano Member

careliano Member

Hujo Guest

careliano Member

careliano Member

Hujo Guest

careliano Member

Hujo Guest

careliano Member

tomato71 Regular member

Jaa tämä sivu

Kirjaudu tai liity jäseneksi

XP pro: voitteko antaa vinkkiä?

careliano Member

Hujo Guest

careliano Member

careliano Member

careliano Member

Hujo Guest

careliano Member

careliano Member

Hujo Guest

careliano Member

Hujo Guest

careliano Member

tomato71 Regular member

Jaa tämä sivu

Hyödyllisiä hakuja