Ie kaatuilee jatkuvasti, not responding. Firefox ja Opera toimivat normaalisti.Kone käynnistyy ja sulkeutuu hitaammin kuin normaalisti. Spybot tai adaware ei löytäneet mitään. Kiintolevy defragmentoitu, ei nopeuttanut.
Kiitos jos osaat auttaa!
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:24:45, on 22.8.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\PC Tools Firewall Plus\FWService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\ThreatFire\TFTray.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\RAMASST.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ThreatFire\TFService.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ESTsoft\ALZip\ALZip.exe
C:\HJT\HijackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/ig?hl=fi
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fi\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fi\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
O4 - HKLM\..\Run: [00PCTFW] "C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe" -s
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ThreatFire] C:\Program Files\ThreatFire\TFTray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/FacebookPhotoUploader5.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {0F2F3121-75E2-4C60-9977-C1ADC3D5F3DC} (IFIUploader Control) - http://web01.ifi.fi/Webupload/ActiveX/IfiUploader.cab
O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://picasaweb.google.com/s/v/24.19/uploader2.cab
O16 - DPF: {4F18FFF5-85B9-4378-A1B4-06743830EC70} (WAPUploaderAX Class) - http://www.web-a-photo.com/WebaphotoUploaderXP.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/FacebookPhotoUploader3.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.safety.live.com/resource/download/scanner/wlscbase8460.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1114366392703
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1144254092812
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.kuvaboxi.fi/ImageUploader4.cab
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://www.kuvaboxi.fi/ImageUploader3.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} (Facebook Photo Uploader 4) - http://upload.facebook.com/controls/FacebookPhotoUploader4_5.cab
O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx
O16 - DPF: {FF1CD9A3-00CD-45C1-8182-4EEC229A182D} (Plaxo Auto-Import Utility) - http://www.plaxo.com/activex/plx_upldr-2k-xp.cab
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - (no file)
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - (no file)
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD File System Service (InCDsrv) - AHEAD Software - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: iPod-palvelu (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: PC Tools Firewall Plus (PCToolsFirewallPlus) - PC Tools - C:\Program Files\PC Tools Firewall Plus\FWService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: ThreatFire - PC Tools - C:\Program Files\ThreatFire\TFService.exe
--
End of file - 10736 bytes
Ie (not responding)
9
528
Vastaukset
- 123321
Lataa SDFix by AndyManchesta
http://downloads.andymanchesta.com/RemovalTools/SDFix.zip
ja tallenna se työpöydällesi.
Käynnistä koneesi vikasietotilaan:
sammuta ja käynnistä
käynnistyksen yhteydessä hakkaa F8 nappia
valitse nuolinäppäimellä vikasietotila
paina enter ja enter
valitse käyttäjätilisi
paina kyllä
Jossakin koneissa hakataan F8:sin sijasta F5:tä
• Kun vikasietotilassa, pura tiedoston SDFix.zip sisältö (SDFix kansio) työpöydällesi. Työpöydälle pitäisi ilmestyä kansio nimeltä SDFix.
• Avaa SDFix-kansio ja tuplaklikkaa tiedostoa RunThis.bat käynnistääksesi ohjelman.
• Paina Y käynnistääksesi skriptin.
• Työkalu puhdistaa troijalaisen palvelut ja tekee myös joitakin korjauksia rekisteriin. Lopuksi se pyytää käynnistämään koneen uudelleen, "Press any key to Reboot".
• Paina mitä tahansa näppäintä ja kone käynnistyy uudelleen.
• Käynnistyminen kestää normaalia kauemmin sillä SDFix puhdistaa konetta.
• Kun kone on käynnistynyt ja työpöytä latautunut, SDFix kertoo että puhdistus on suoritettu, "Finished".
• Paina sitten mitä tahansa näppäintä sulkeaksesi skriptin ja ladataksesi pikakuvakkeet työpöydälle.
• Lopuksi avaa SDFix kansio (työpöydällä) ja kopioi & liitä tiedoston Report.txt sisältö viestiketjuusi uuden HijackThis lokin kera.
============
1.Lataa combofix.exe työpöydällesi yhdestä, kahdesta klinkistä:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe
2. Tuplaklikkaa combofix.exe tiedostoa ja seuraa ohjeistuksia.
3. Kun työkalu on valmis, se tuottaa lokin. Lähetä tämä loki viesti ketjuusi.
Huom! Älä klikkaile combofixin ikkunaa käytön aikana. Tämä saattaa aiheuttaa ohjelman jumiutumisen.
===============
Lataa [url=http://www.besttechie.net/tools/mbam-setup.exe][color=red][b]Malwarebytes' Anti-Malware[/b][/color][/url] [b]työpöydällesi[/b].
1. Tuplaklikkaa [b]mbam-setup.exe[/b] ja seuraa ohjeita asentaaksesi ohjelman.
2. Lopuksi varmistu, että seuraavat on valittu: Update [b]Malwarebytes[/b]', [b]Anti-Malware[/b]ja
[b]Launch Malwarebytes[/b]' Anti-Malware ja sen jälkeen klikkaa[b]Finish[/b].
3. Jos päivitys löytyy. ohjelma lataa ja asentaa uusimman version.
4. Kun ohjelma on latautunut, valitse [b]Perform full scan[/b] ja klikkaa [b]Scan[/b].
5. Kun skanni on valmis, klikkaa [b]OK[/b] ja sitten [b]Show Results[/b] nähdäksesi tulokset.
6. Varmistu, että kaikki on merkitty ja klikkaa [b]Remove Selected[/b].
7. Tämän jälkeen loki avautuu muistioon. Tallenna se paikkaan, josta löydät sen helposti. Loki
löytyy myös täältä: C:\Documents and Settings\Käyttäjänimi\Application
Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\[b]log-päiväys.txt[/b]
8. Lähetä lokin sisältö seuraavassa viestissäsi.- Huolestunut tumpelo
[b]SDFix: Version 1.218 [/b]
Run by Administrator on la 23.08.2008 at 08:49
Microsoft Windows XP [Version 5.1.2600]
Running From: C:\Documents and Settings\Bensku\Desktop\vikasietotila\SDFix
[b]Checking Services [/b]:
Restoring Default Security Values
Restoring Default Hosts File
Rebooting
[b]Checking Files [/b]:
No Trojan Files Found
Removing Temp Files
[b]ADS Check [/b]:
[b]Final Check [/b]:
catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-23 09:11:28
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\000a3a5d7ca1]
"0019b77e9950"=hex:94,71,cf,46,3d,6f,b5,32,43,5f,3d,1f,b8,b9,89,52
"001d98f22341"=hex:1f,fd,df,de,e1,37,69,33,6c,60,0a,61,c9,0b,01,21
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\000a3a5d7ca1]
"0019b77e9950"=hex:94,71,cf,46,3d,6f,b5,32,43,5f,3d,1f,b8,b9,89,52
"001d98f22341"=hex:1f,fd,df,de,e1,37,69,33,6c,60,0a,61,c9,0b,01,21
scanning hidden registry entries ...
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\System]
"OODEFRAG04.00.00.01SERVER"="74F067B141B006D7E39150C67C416CB60DE226E3C295FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C8EDD5E5BE2F6E667A6A0AC4980AC7933A6171C11EC38DE3D5D575E7D6A3B9808DF9EC0E43E6C4C65C7D3136E7E4C8103E18F0168C3F6634EF23CB78C89F0F18EB8DC64AADD1A6F623FA3F55EB7AA649DB85A6B1CDBFDB97EF110BE8253B268AC4CA34D0C739430864C92E2FC725663443DA4C63712A5C06A5B5760C7507E5C0510AC6AD6B05F9DBE47B7B45F93434ABA470173B31C6B99C826442958A67E6866BFE7902FCDF56D8DCA5CA7EB03D606D5753AB9DCB3448EE413BA878702544F2F5BF6790C86C2780739825EDEAD6BA801284D42D61616871E23554FFA0F9273D3A5B03F371BA83B5535DDDCC9834FE6B904E71D13843C14E81EE0B7AC82435C5D251EE24FCDFB5735A7530E8DF9431D1272F0BBDCC58667C98B605DE91361B6E6A6014948E60590F73C80BEE3897E47B12180F4CE23B6585FBA083D5479DB52A238C8BB67B382508363B420582FA988D181E282D9E98563573E413C62761822D22C9D64C98024A4CFD0F3C74A6A64A6C047988345EA9B24F36CAAA25DCAED3F511A59D5DBA40F3CEA7D742FECC1C08AE06DD5F9A67E99DF0E5E951BE23E2965895E8A0361F45D6D76242233C9BCC342292F834CEDFA137D90730633E31B8A74FA97744570CD1BB1A7C69C95BAE7E700228F3E4559410D877A4CB76129B0446F3CA78CD77510C8254729B7FBF0549A1B6CD256927EAF84AB5ED0177A495080FE73B77DDC2D1E5D87B2D1FA6FEE16BE0BB8025147C52F683EE4A945BB3352DA6FDD3126D7ABDF40BFDA0FA15E0E462A6F4D69655A6D279936C9C598C3A9906130CB441A31D7C14ED5466F9B1878812688851C82A48485F02E5AD79A1641691A54A0631E35EB325AF60DC70CD42F68F1BECD6EC56670BC39637AD4871A64BF7D9556C6AE14F5A5A773DDAF4A2B8520BE1A2BF885BF6A4232BBA2F6D19ACFF975CE77E87862DA146FC07884E29A2350B2C7311AC839FE8F8D3CDC3E9F489683E37E25885E984FF7DE7732E594828426671C8B72CE3B0F22721149E9C9359DCA9B4B932AF6135FD01854753752AAF7D2EB8B78668596CE7CFB879A835EDA1FC1E5FB8B138D926924AEB83E21453BA389C1AF491F13FBC622B91318521D91295F7DFB68CF203C1F782D291F9047417C05DF47E50B5082559FAECA9CE47D9A9C1E135B9AAEE0160A598ECF3CB3E82E4F80AE3447DA4723A9805169198EA91AAFFDC94EA6C3370E02D6457750816D583D3C8C7B7C03BA3EC9D70E4F0F657C956D00BBAC25E43DF43704B612A6304B7839FDCB47273D9E950DB942FC96C2097AB0ABF27342AFC1FDACF83AB522BBB0AC8A0E33677E061C50A1BF411B5B4516"
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
[b]Remaining Services [/b]:
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\\Program Files\\Last.fm\\LastFM.exe"="C:\\Program Files\\Last.fm\\LastFM.exe:*:Enabled:LastFM"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Messenger"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"
"C:\\Program Files\\Media Player Classic\\mplayerc.exe"="C:\\Program Files\\Media Player Classic\\mplayerc.exe:*:Enabled:Media Player Classic"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\MySpace\\IM\\MySpaceIM.exe"="C:\\Program Files\\MySpace\\IM\\MySpaceIM.exe:*:Enabled:MySpaceIM"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[b]Remaining Files [/b]:
[b]Files with Hidden Attributes [/b]:
Mon 23 Jul 2007 26,768,251 A..H. --- "C:\Program Files\EMCO Malware Destroyer\signatures.zip"
Tue 25 Mar 2008 6,104,632 A..H. --- "C:\Program Files\Picasa2\setup.exe"
Wed 23 Jul 2008 858,704 ...H. --- "C:\Program Files\Qloud\CrashReport.dll"
Wed 23 Jul 2008 588,368 ...H. --- "C:\Program Files\Qloud\QloudEngine.dll"
Thu 24 Jan 2008 334,174 ...H. --- "C:\Program Files\Qloud\sqlite3.dll"
Mon 7 Jul 2008 1,429,840 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SDUpdate.exe"
Mon 7 Jul 2008 4,891,472 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe"
Mon 7 Jul 2008 2,156,368 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"
Sat 28 Jan 2006 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Fri 30 Nov 2007 145,920 ..SHR --- "C:\Program Files\BillP Studios\WinPatrol\Setup.exe"
Thu 30 Nov 2006 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv02.tmp"
Wed 19 Mar 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\52e811b9b8a98e903e9af1663dd13485\BIT2.tmp"
Wed 19 Mar 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\771350e502329b319ea4189fe126f571\BIT1.tmp"
Tue 25 Mar 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\927c988306a93278708f61afaae477cc\BIT1.tmp"
Tue 25 Mar 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\b04031f0b83ee952189dd8beb4ee929a\BIT2.tmp"
Wed 7 May 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\fd0264849c01086f3c6b505dc02dbd44\BIT1.tmp"
Sun 17 Aug 2008 503,808 A..H. --- "C:\Documents and Settings\Bensku\Desktop\talsifileet\turvalassi\Bin\demo32.exe"
[b]Finished![/b] - Huolestunut tumpelo
Tuo Combo-fix oli Threatfiren mielestä uhka, joten sain jatkuvasti "sallia" sille lupia toimia. Toivottavasti se ei haitannut itse prosessia.
ComboFix 08-08-21.02 - Bensku 2008-08-23 9:31:10.5 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.504 [GMT 3:00]
Running from: C:\Documents and Settings\Bensku\Desktop\Nettikuvat\ComboFix.exe
[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\Bensku\Cookies\[email protected][1].txt
.
((((((((((((((((((((((((( Files Created from 2008-07-23 to 2008-08-23 )))))))))))))))))))))))))))))))
.
2008-08-23 08:47 . 2008-08-23 08:47 d-------- C:\WINDOWS\ERUNT
2008-08-22 22:37 . 2008-08-22 22:37 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-08-22 22:37 . 2008-08-22 22:37 d-------- C:\Documents and Settings\Bensku\Application Data\Malwarebytes
2008-08-22 22:37 . 2008-08-22 22:37 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-08-22 22:37 . 2008-08-17 15:01 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-08-22 22:37 . 2008-08-17 15:01 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-08-09 12:19 . 2008-08-09 12:19 d-------- C:\Program Files\ThreatFire
2008-08-09 12:19 . 2008-08-09 12:19 d-------- C:\Documents and Settings\All Users\Application Data\PC Tools
2008-08-09 12:19 . 2008-04-24 16:52 51,520 --a------ C:\WINDOWS\system32\drivers\TfFsMon.sys
2008-08-09 12:19 . 2008-04-24 16:52 38,208 --a------ C:\WINDOWS\system32\drivers\TfSysMon.sys
2008-08-09 12:19 . 2008-04-24 16:52 33,088 --a------ C:\WINDOWS\system32\drivers\TfNetMon.sys
2008-08-09 12:19 . 2008-04-24 16:52 12,608 --a------ C:\WINDOWS\system32\drivers\TfKbMon.sys
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-23 06:39 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-08-20 00:01 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-08-07 13:49 --------- d-----w C:\Program Files\Web Photo Album
2008-08-07 13:48 --------- d-----w C:\Program Files\BlueVoda Website Builder
2008-08-07 13:12 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-08-07 04:01 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-07-30 16:21 --------- d-----w C:\Documents and Settings\All Users\Application Data\DVD Shrink
2008-07-07 20:32 253,952 ----a-w C:\WINDOWS\system32\es.dll
2008-07-06 18:43 --------- d-----w C:\Program Files\Motherboard Monitor 5
2008-07-06 17:41 --------- d-----w C:\Program Files\Arovax AntiSpyware
2008-07-06 17:36 --------- d-----w C:\Program Files\Photo_Resizer_Pro4
2008-07-06 08:34 --------- d-----w C:\Program Files\JalbumWin
2008-07-06 08:01 --------- d-----w C:\Program Files\Opera
2008-07-05 20:40 --------- d-----w C:\Program Files\Photo_Resizer_Pro
2008-06-24 16:23 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
2008-06-23 16:57 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-06-20 17:41 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-03-31 18:48 746 ----a-w C:\Documents and Settings\Bensku\Application Data\wklnhst.dat
2008-03-31 16:06 60,088 ----a-w C:\Documents and Settings\Bensku\Application Data\GDIPFONTCACHEV1.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2004-10-08 11:52 221184]
"WinPatrol"="C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe" [2007-10-26 19:06 292152]
"00PCTFW"="C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe" [2007-11-09 17:00 2598808]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-07-20 18:34 266497]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]
"ThreatFire"="C:\Program Files\ThreatFire\TFTray.exe" [2008-04-24 16:52 259392]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 00:56 110592 C:\WINDOWS\system32\bthprops.cpl]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 00:56 15360]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2008-02-26 04:23 443968]
"MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [2007-12-19 04:47 8720384]
"iLike"="C:\Program Files\iLike\1.1.41\ilikesidebar.exe" [2008-02-12 14:21 63024]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
RAMASST.lnk - C:\WINDOWS\system32\RAMASST.exe [2005-08-31 20:46:11 155648]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2006-09-28 13:22 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3acm"= l3codecp.acm
"vidc.DIV3"= DivXc32.dll
"vidc.DIV4"= DivXc32f.dll
"msacm.divxa32"= DivXa32.acm
"msacm.l3codec"= L3codecp.acm
"vidc.3ivx"= 3ivxVfWCodec.dll
"msacm.avis"= ff_acm.acm
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"a2free"=2 (0x2)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\Last.fm\\LastFM.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\Program Files\\Media Player Classic\\mplayerc.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\MySpace\\IM\\MySpaceIM.exe"=
R0 BsStor;B.H.A Storage Helper Driver;C:\WINDOWS\system32\drivers\BsStor.sys [2002-06-06 01:07]
R0 TfFsMon;TfFsMon;C:\WINDOWS\system32\drivers\TfFsMon.sys [2008-04-24 16:52]
R0 TfSysMon;TfSysMon;C:\WINDOWS\system32\drivers\TfSysMon.sys [2008-04-24 16:52]
R1 Cinemsup;Cinemsup;C:\WINDOWS\system32\drivers\Cinemsup.sys [2002-07-19 09:10]
R1 pctfw2;pctfw2;C:\WINDOWS\system32\drivers\pctfw2.sys [2007-11-09 17:00]
R1 pctmp;PC Tools Firewall Memory Protection Driver;C:\WINDOWS\system32\drivers\pctmp.sys [2007-11-09 17:00]
R1 pctssipc;PC Tools Security Suite IPC Driver;C:\WINDOWS\system32\drivers\pctssipc.sys [2007-11-09 17:00]
R2 SBKUPNT;SBKUPNT;C:\WINDOWS\system32\Drivers\SBKUPNT.SYS [2001-07-13 13:56]
R2 ThreatFire;ThreatFire;C:\Program Files\ThreatFire\TFService.exe service []
R3 DLKRTS;D-Link DFE-538TX 10/100 Adapter;C:\WINDOWS\system32\DRIVERS\DLKRTS.SYS [2001-10-17 20:59]
R3 LCcfltr;Logitech USB Filter Driver;C:\WINDOWS\system32\Drivers\LCcFltr.Sys [2002-11-08 13:50]
R3 TfNetMon;TfNetMon;C:\WINDOWS\system32\drivers\TfNetMon.sys [2008-04-24 16:52]
S3 A3AB;D-Link AirPro 802.11a/b Wireless Adapter Service(A3AB);C:\WINDOWS\system32\DRIVERS\A3AB.sys [2005-03-22 19:17]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f3ba7f76-6c92-11dd-9a99-00046192894e}]
\Shell\Shell00\Command - F:\Start.exe
.
Contents of the 'Scheduled Tasks' folder
2008-07-03 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 17:57]
2005-11-18 C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 1100 series#1114805209.job
- C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-06 00:52]
2008-08-22 C:\WINDOWS\Tasks\User_Feed_Synchronization-{2F390EE9-289E-45EF-8B45-7AC3042BB5DE}.job
- C:\WINDOWS\system32\msfeedssync.exe [2006-10-17 11:58]
.
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Bensku\Application Data\Mozilla\Firefox\Profiles\s7cu27px.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-msgr&p=
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://start.mozilla.org/firefox?client=firefox-a&rls=org.mozilla:fi-FI:official
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-23 09:39:11
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\WINDOWS\system32\lsass.exe
-> C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork1.dll
.
Completion time: 2008-08-23 9:40:44
ComboFix-quarantined-files.txt 2008-08-23 06:40:37
ComboFix2.txt 2008-08-23 05:33:08
ComboFix3.txt 2007-12-06 11:29:16
Pre-Run: 13,336,211,456 bytes free
Post-Run: 13,325,750,272 bytes free
143 --- E O F --- 2008-08-20 00:01:18 - Huolestunut tumpelo
Järjestelmä meni täysin jumiin, kun yritin tehdä täydellisen skannauksen. Quick scan löysi kuitenkin kaksi haittaa.
Silti selain jäi äsken taas jumiin ja kaatui kokonaan. Alkaa olla mystistä. Eikä ollut kuin kaksi välilehteä auki.
Malwarebytes' Anti-Malware 1.25
Database version: 1077
Windows 5.1.2600 Service Pack 2
14:57:11 23.8.2008
mbam-log-08-23-2008 (14-57-11).txt
Scan type: Quick Scan
Objects scanned: 54236
Time elapsed: 5 minute(s), 48 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 3
Files Infected: 3
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{a6573479-9075-4a65-98a6-19fd29cf7374} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
C:\Documents and Settings\Ei kuulu teille\Application Data\RegistrySmart (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ei kuulu teille\Application Data\RegistrySmart\Log (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ei kuulu teille\Application Data\RegistrySmart\Registry Backups (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
Files Infected:
C:\Documents and Settings\Ei kuulu teille\Application Data\RegistrySmart\Errors.stg (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ei kuulu teille\Application Data\RegistrySmart\Results.stg (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ei kuulu teille\Application Data\RegistrySmart\Registry Backups\2007-06-14_23-20-50.reg (Rogue.RegistrySmart) -> Quarantined and deleted successfully. - 123321
Huolestunut tumpelo kirjoitti:
Järjestelmä meni täysin jumiin, kun yritin tehdä täydellisen skannauksen. Quick scan löysi kuitenkin kaksi haittaa.
Silti selain jäi äsken taas jumiin ja kaatui kokonaan. Alkaa olla mystistä. Eikä ollut kuin kaksi välilehteä auki.
Malwarebytes' Anti-Malware 1.25
Database version: 1077
Windows 5.1.2600 Service Pack 2
14:57:11 23.8.2008
mbam-log-08-23-2008 (14-57-11).txt
Scan type: Quick Scan
Objects scanned: 54236
Time elapsed: 5 minute(s), 48 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 3
Files Infected: 3
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{a6573479-9075-4a65-98a6-19fd29cf7374} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
C:\Documents and Settings\Ei kuulu teille\Application Data\RegistrySmart (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ei kuulu teille\Application Data\RegistrySmart\Log (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ei kuulu teille\Application Data\RegistrySmart\Registry Backups (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
Files Infected:
C:\Documents and Settings\Ei kuulu teille\Application Data\RegistrySmart\Errors.stg (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ei kuulu teille\Application Data\RegistrySmart\Results.stg (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ei kuulu teille\Application Data\RegistrySmart\Registry Backups\2007-06-14_23-20-50.reg (Rogue.RegistrySmart) -> Quarantined and deleted successfully.koneen koskas pölyt on imuroitu koneen sisältä
- huolestunut tumpelo
123321 kirjoitti:
koneen koskas pölyt on imuroitu koneen sisältä
Emolevy 36
Suoritin 38
pääkiintolevy 48
toinen kiintolevy 43
Tämän kertoi siis tuo Everest Home Version ja tietokoneen anturit. En ole koskaan nähnyt yli 50 asteen lukemia.
Yritin äsken asentaa sp3-päivitystä, mutta se ei onnistunut. Jotain vikaa lienee jossain.
Täytyy vielä ajaa Regseeker läpi (se löytää 700 punaista fiksattavaa, joille en uskalla tehdä mitään itse).
- huolestunut tumpelo
Kun ei riitä taidot, pitää tyytyä kohtaloon. Firefox toimii eikä jää jumiin. Maksan laskut yms kirjastossa, siellä on ie -- pankille ei kelpaa firefox eikä muutamalle muulle instanssille.
- hiukan harrastellut
Kirjaston koneita EI kannata käyttää pankkiyhteyksiin tai muihin tärkeisiin yhteyksiin. Vie koneesi korjaajalle. Maksaa sen satasen, mutta saat kaiken fiksattua. Otat ensin tietty tiedostot talteen koska ne vetää yleensä sileaäksi kaiken. Wintoosan asennusromppu sulla kaiketi on?
- dgdgdgddfd
http://www.uggboots4-uk.com ugg boots uk
http://www.uggboots4-uk.com ugg boots sale uk
Ketjusta on poistettu 0 sääntöjenvastaista viestiä.
Luetuimmat keskustelut
Kotkalainen Demari Riku Pirinen vangittu Saksassa lapsipornosta
https://www.kymensanomat.fi/paikalliset/8081054 Kotkalainen Demari Riku Pirinen vangittu Saksassa lapsipornon hallussapi1303241Vanhalle ukon rähjälle
Satutit mua niin paljon kun erottiin. Oletko todella niin itsekäs että kuvittelet että huolisin sut kaiken tapahtuneen382573Olen tosi outo....
Päättelen palstajuttujen perusteella mitä mieltä minun kaipauksen kohde minusta on. Joskus kuvittelen tänne selkeitä tap302455Maisa on SALAKUVATTU huumepoliisinsa kanssa!
https://www.seiska.fi/vain-seiskassa/ensimmainen-yhteiskuva-maisa-torpan-ja-poliisikullan-lahiorakkaus-roihuaa/15256631142258Nurmossa kuoli 2 Lasta..
Autokolarissa. Näin kertovat iltapäivälehdet juuri nyt. 22.11. Ja aina ennen Joulua näitä tulee. . .291746- 1141730
Hommaatko kinkkua jouluksi?
Itse tein pakastimeen n. 3Kg:n murekkeen sienillä ja juustokuorrutuksella. Voihan se olla, että jonkun pienen, valmiin k1741428Mikko Koivu yrittää pestä mustan valkoiseksi
Ilmeisesti huomannut, että Helenan tukijoukot kasvaa kasvamistaan. Riistakamera paljasti hiljattain kylmän totuuden Mi3031334Aatteleppa ite!
Jos ei oltaisikaan nyt NATOssa, olisimme puolueettomana sivustakatsojia ja elelisimme tyytyväisenä rauhassa maassamme.3071293- 631120