Kone hidastunut, Inbound blocked 6000, hjt loki

mormoni · Jul 13, 2007

Koneen käynnistys ja käyttö hidastunut huomattavasti. Symantecin palomuuri nähtävästi blokkaa koko ajan jotain, kun Inbound Blockedluku kasvaa sekunnissa kahdella.

Ehdotuksia?

Kiitos!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:18:00, on 14.7.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\program files\common files\Logitech\Bluetooth\LBTSERV.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\SYMANT~2\vptray.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Logitech\SetPoint\LBTWiz.exe
C:\Program Files\Logitech\Easy Synchronization\LogitechEasySync.exe
C:\program files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\WIDCOMM\Bluetooth-ohjelmisto\bin\btwdins.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\System32\GEARSec.exe
C:\Program Files\Logitech\Easy Synchronization\servicestub.exe
C:\Program Files\Logitech\Easy Synchronization\LogitechEasySync.exe
C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\oodag.exe
C:\program files\WIDCOMM\Bluetooth-ohjelmisto\BTTray.exe
C:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\program files\Logitech\SetPoint\SetPoint.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\program files\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
C:\program files\common files\Logitech\khalshared\KHALMNPR.EXE
C:\WINDOWS\system32\taskmgr.exe
C:\PROGRA~1\MOZILL~2\FIREFOX.EXE
C:\Hjt\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: EWPBrowseObject Class - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~2\\vptray.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Logitech BT Wizard] LBTWiz.exe -silent
O4 - HKLM\..\Run: [Easy Synchronization] C:\Program Files\Logitech\Easy Synchronization\LogitechEasySync.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\RunOnce: [Easy Synchronization] C:\Program Files\Logitech\Easy Synchronization\LogitechEasySync.exe --ports
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-21-606747145-2025429265-725345543-1005\..\RunOnce: [NeroHomeFirstStart] C:\Program Files\Common Files\Ahead\Lib\NMFirstStart.exe (User 'postgres')
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\program files\Logitech\SetPoint\SetPoint.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O8 - Extra context menu item: Lähetä &Bluetooth-laitteeseen - C:\Program Files\WIDCOMM\Bluetooth-ohjelmisto\btsendto_ie_ctx.htm
O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Pokeri softat\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Pokeri softat\PartyGaming\PartyPoker\RunApp.exe
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\program files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation - C:\Program Files\WIDCOMM\Bluetooth-ohjelmisto\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: IS Service (ISSVC) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech Inc. - C:\program files\common files\Logitech\Bluetooth\LBTSERV.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Logitech Easy Synchronization - Unknown owner - C:\Program Files\Logitech\Easy Synchronization\servicestub.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: PostgreSQL Database Server 8.2 (pgsql-8.2) - PostgreSQL Global Development Group - C:\Program Files\PostgreSQL\8.2\bin\pg_ctl.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\program files\CyberLink\Shared files\RichVideo.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Symantec SecurePort (SymSecurePort) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe

--
End of file - 11338 bytes

Auttaja · Jul 13, 2007

Avaa hijackthis merkkaa seuraavat rivi(t) ja paina fix checked, sulje muut ohjelmat siksi aikaa.

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

Tässä ohje miten merkataan:

==========

Tarkista koneesi F-Securen online skannerilla

Huom, skanneri toimii vain Internet Explorer selaimella

* Lue sivun ohjeet huolella läpi
* Klikkaa Start scanning
* Mikäli saat Internet Explorer -suojausvaroituksen, klikkaa Asenna
* Klikkaa Accept
* Klikkaa Custom Scan
* Säädä asetukset seuraavasti

o "Virus Scan Option" kohdasta valitse Scan whole system
o "Other Scan Option" kohdasta valitse Scan All Files
o Valitse Scan whole system for rootkits
o Valitse Scan whole system for spyware
o Laita ruksi kohtaan Scan inside archives
o Varmista että Use advanced heuristics on valittuna

* Klikkaa Start
* Skannaus käynnistyy kun tarvittavat tiedostot/päivitykset on ladattu
* Odota kärsivällisesti
* Kun sakannaus on suoritettu, klikkaa Automatic cleaning
* Klikkaa Show Report
* Raportti aukeaa selaimessa, kopioi teksti kokonaan
* Liitä kopioitu teksti esim. muistioon tai Wordiin ja tallenna työpöydälle
* Voit sulkea skannerin
* Lähetä raportti viestiketjuusi

==========

Tämä jos tunnet tietokoneesi olevan hitaan puoleinen, etkä ole eheyttänyt pitkään aikaan:

Avaa Oma tietokone
-> Tee seuraava toimenpide kaikille Paikallisille levyille

==========

Lataa CCleaner ja asenna se:
Avaa "Options", sieltä "Language" ja valitse "Suomi (Finnish)"

Avaa "Virheet" kohta, paina "Etsi rekisterin virheitä", paina "Korjaa valitut rekisterin virheet..". Paina "Kyllä", kun ohjelma kysyy "Haluatko varmuuskopioida muutokset rekisteriin", tallenna tiedosto esim. työpöydälle.

Avaa "Puhdistaja", paina "Tutki" ja tämän jälkeen "Aja Ccleaner". Puhdista väliaikaistiedostot ja -kansiot ohjelmalla säännöllisesti.

==========

Jos sinulla ei ole tätä java versiota (6.2): Vanha java saastuttaa helposti koneesi!

Javan päivitys ja välimuistin tyhjennys:

1. Klikkaa Käynnistä -> Ohjauspaneeli ja tupla-klikkaa Lisää tai poista sovellus Ohjauspaneelissa.
2. Etsi listasta kaikki entiset Java versiosi. (J2SE Runtime Environment.... )
Niissä pitäisi olla seuraava kuva vieressä:
3. Valitse kaikki entiset Java versiosi ja valitse Poista.
4. Asenna uusin Java päivitys seuraavasta linkistä..
5. Käynnistä kone uudelleen asennuksen jälkeen:

http://java.sun.com/javase/downloads/index.jsp
tai http://www.filehippo.com/download_java_runtime/

Rullaa alas kohteeseen Java Runtime Environment (JRE) 6u2

Paina Download

Ruksaa Accept, ota offline installation, tallenna vaikka työpöydälle ja asenna se.

6. Käynnistyksen jälkeen, mene takaisin Ohjauspaneeliin ja avaa Java asetuksesi (Muita Ohjauspaneelin asetuksia -> Java kahvikuppi).

7. General Settings -osion alla, vedä liukusäädintä (Disk Space) pienemmälle, ja klikkaa Delete Files -nappia.

(Jotkut javapohjaiset ohjelmat saattavat tarvita enemmän levytilaa.
Jos huomaat säädön pienentämisen jälkeen koneessa hitautta, siirrä liukusäädintä isommalle).

8. Varmista että kaikki kaksi valintaa ovat rastitettuja:

*Applications and Applets

*Trace and Log Files

Ja paina OK -nappia

9. Klikkaa OK "Temporary Files Settings" -ikkunassasi.

10. Klikkaa OK jättääksesi Java asetusikkunasi.

==========

Lataa Deckard's System Scanner Työpöydällesi.

Huomioi: Sinulla tulee olla Järjestelmänvalvojan oikeudet ajaaksesi ohjelman.

[*]Sulje kaikki avoimet ikkunat ja ohjelmat.
[*]Tupla Klikkaa Dss.exe tiedostoa ajaaksesi ohjelman, seuraa ohjeita.
[*]Kun Scannaus on valmis 2 textitiedostoa pitäisi avautua, Main.txt ja extra.txt
[*]Näppäile Kopioi ( CTRL+A -> CTRL + C ) ja liitä ( CTRL + V )
[*]kopioi ja liitä Extra.txt & Main.txt sisältö seuraavaan vastaukseesi.

myös F-securen raportti

mormoni · Jul 14, 2007

Deckard's System Scanner v20070711.54
Run by NKO on 2007-07-14 at 16:19:39
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

System Restore is disabled; attempting to re-enable...success.

-- Last 1 Restore Point(s) --
1: 2007-07-14 13:19:42 UTC - RP1 - System Checkpoint

Backed up registry hives.

Performed disk cleanup.

-- HijackThis (run as NKO.exe) -------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:20:41, on 14.7.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\program files\common files\Logitech\Bluetooth\LBTSERV.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\SYMANT~2\vptray.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Logitech\SetPoint\LBTWiz.exe
C:\Program Files\Logitech\Easy Synchronization\LogitechEasySync.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\program files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\WIDCOMM\Bluetooth-ohjelmisto\bin\btwdins.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\GEARSec.exe
C:\Program Files\Logitech\Easy Synchronization\servicestub.exe
C:\Program Files\Logitech\Easy Synchronization\LogitechEasySync.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
C:\program files\WIDCOMM\Bluetooth-ohjelmisto\BTTray.exe
C:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\program files\Logitech\SetPoint\SetPoint.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\oodag.exe
C:\program files\common files\Logitech\khalshared\KHALMNPR.EXE
C:\program files\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\NKO\Desktop\dss.exe
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
C:\APUOHJ~1\Hjt\NKO.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: EWPBrowseObject Class - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~2\\vptray.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Logitech BT Wizard] LBTWiz.exe -silent
O4 - HKLM\..\Run: [Easy Synchronization] C:\Program Files\Logitech\Easy Synchronization\LogitechEasySync.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\RunOnce: [Easy Synchronization] C:\Program Files\Logitech\Easy Synchronization\LogitechEasySync.exe --ports
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-21-606747145-2025429265-725345543-1005\..\RunOnce: [NeroHomeFirstStart] C:\Program Files\Common Files\Ahead\Lib\NMFirstStart.exe (User 'postgres')
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\program files\Logitech\SetPoint\SetPoint.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O8 - Extra context menu item: Lähetä &Bluetooth-laitteeseen - C:\Program Files\WIDCOMM\Bluetooth-ohjelmisto\btsendto_ie_ctx.htm
O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Pokeri softat\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Pokeri softat\PartyGaming\PartyPoker\RunApp.exe
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\program files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation - C:\Program Files\WIDCOMM\Bluetooth-ohjelmisto\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: IS Service (ISSVC) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech Inc. - C:\program files\common files\Logitech\Bluetooth\LBTSERV.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Logitech Easy Synchronization - Unknown owner - C:\Program Files\Logitech\Easy Synchronization\servicestub.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: PostgreSQL Database Server 8.2 (pgsql-8.2) - PostgreSQL Global Development Group - C:\Program Files\PostgreSQL\8.2\bin\pg_ctl.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\program files\CyberLink\Shared files\RichVideo.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Symantec SecurePort (SymSecurePort) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe

--
End of file - 11258 bytes

-- HijackThis Fixed Entries (C:\APUOHJ~1\Hjt\backups\) -------------------------

backup-20070714-130859-348 R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
backup-20070714-130859-431 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

-- File Associations -----------------------------------------------------------

All associations okay.

-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 PQV2i - c:\windows\system32\drivers\pqv2i.sys <Not Verified; StorageCraft; V2i Protector>
R1 PQIMount - c:\windows\system32\drivers\pqimount.sys <Not Verified; PowerQuest Corporation; V2i Protector>
R1 PQNTDrv - c:\windows\system32\drivers\pqntdrv.sys
R3 vsbus (Virtual Serial Bus Enumerator) - c:\windows\system32\drivers\vsb.sys <Not Verified; ELTIMA Software; ELTIMA Virtual Serial Bus>

S3 TFBULK (Topfield USB client driver) - c:\windows\system32\drivers\tfbulk.sys <Not Verified; Topfield Co., Ltd.; >
S3 TVICHW32 - c:\windows\system32\drivers\tvichw32.sys <Not Verified; EnTech Taiwan; TVicHW32 Generic Device Driver for Windows 95/98/ME/NT/2000/2003/XP/XP64>
S3 vserial (ELTIMA Virtual Serial Ports Driver) - c:\windows\system32\drivers\vserial.sys <Not Verified; ELTIMA Software; ELTIMA Virtual Serial Ports>

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 GEARSecurity - c:\windows\system32\gearsec.exe <Not Verified; GEAR Software; gearsec>
R2 LBTServ (Logitech Bluetooth Service) - c:\program files\common files\logitech\bluetooth\lbtserv.exe <Not Verified; Logitech Inc.; Logitech SetPoint>
R2 Logitech Easy Synchronization - c:\program files\logitech\easy synchronization\servicestub.exe
R2 O&O Defrag - c:\windows\system32\oodag.exe <Not Verified; O&O Software GmbH; O&O Defrag>
R2 pgsql-8.2 (PostgreSQL Database Server 8.2) - "c:\program files\postgresql\8.2\bin\pg_ctl.exe" runservice -n "pgsql-8.2" -d "c:\program files\postgresql\8.2\data\" <Not Verified; PostgreSQL Global Development Group; PostgreSQL>
R2 RichVideo (Cyberlink RichVideo Service(CRVS)) - "c:\program files\cyberlink\shared files\richvideo.exe" <Not Verified; ; RichVideo Module>

S3 ServiceLayer - "c:\program files\pc connectivity solution\servicelayer.exe" <Not Verified; Nokia.; PC Connectivity Solution>

-- Scheduled Tasks -------------------------------------------------------------

2007-07-14 16:18:28 330 --ah----- C:\WINDOWS\Tasks\MP Scheduled Scan.job

-- Files created between 2007-06-14 and 2007-07-14 -----------------------------

2007-07-14 16:10:43 0 d-------- C:\Program Files\Java
2007-07-14 16:10:41 0 d-------- C:\Program Files\Common Files\Java
2007-07-14 16:04:44 0 dr-h----- C:\Documents and Settings\NKO\Recent
2007-07-12 22:14:17 369664 --a------ C:\WINDOWS\system32\sqliteodbcu.dll <Not Verified; Christian Werner Software & Consulting; ODBC Driver for SQLite 2.8.17>
2007-07-12 22:14:17 360960 --a------ C:\WINDOWS\system32\sqliteodbc.dll <Not Verified; Christian Werner Software & Consulting; ODBC Driver for SQLite 2.8.17>
2007-07-12 22:14:17 441344 --a------ C:\WINDOWS\system32\sqlite3odbc.dll <Not Verified; Christian Werner Software & Consulting; ODBC Driver for SQLite3 3.3.7>
2007-07-12 22:14:17 0 d-------- C:\Program Files\SQLite ODBC Driver
2007-07-12 21:54:42 0 d--h----- C:\Documents and Settings\postgres\Templates
2007-07-12 21:54:42 0 dr------- C:\Documents and Settings\postgres\Start Menu
2007-07-12 21:54:42 0 dr-h----- C:\Documents and Settings\postgres\SendTo
2007-07-12 21:54:42 0 d--h----- C:\Documents and Settings\postgres\Recent
2007-07-12 21:54:42 0 d--h----- C:\Documents and Settings\postgres\PrintHood
2007-07-12 21:54:42 229376 --ah----- C:\Documents and Settings\postgres\NTUSER.DAT
2007-07-12 21:54:42 0 d--h----- C:\Documents and Settings\postgres\NetHood
2007-07-12 21:54:42 0 d-------- C:\Documents and Settings\postgres\My Documents
2007-07-12 21:54:42 0 d--h----- C:\Documents and Settings\postgres\Local Settings
2007-07-12 21:54:42 0 d-------- C:\Documents and Settings\postgres\Favorites
2007-07-12 21:54:42 0 d-------- C:\Documents and Settings\postgres\Desktop
2007-07-12 21:54:42 0 d---s---- C:\Documents and Settings\postgres\Cookies
2007-07-12 21:54:42 0 dr-h----- C:\Documents and Settings\postgres\Application Data
2007-07-12 21:54:42 0 d---s---- C:\Documents and Settings\postgres\Application Data\Microsoft
2007-07-12 21:54:10 0 d-------- C:\Program Files\PostgreSQL
2007-07-12 17:28:34 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2007-07-11 17:09:22 0 d-------- C:\Documents and Settings\All Users\Application Data\nView_Profiles
2007-07-11 17:05:46 0 d-------- C:\WINDOWS\nview
2007-07-11 16:51:03 8 --a------ C:\WINDOWS\system32\nvModes.dat
2007-07-11 15:50:40 23600 --a------ C:\WINDOWS\system32\drivers\TVICHW32.SYS <Not Verified; EnTech Taiwan; TVicHW32 Generic Device Driver for Windows 95/98/ME/NT/2000/2003/XP/XP64>
2007-07-11 15:39:52 0 d-------- C:\Documents and Settings\NKO\Application Data\WinRAR
2007-07-11 14:36:33 0 d--h----- C:\WINDOWS\system32\GroupPolicy
2007-07-11 14:35:46 0 d-------- C:\Documents and Settings\NKO\Application Data\Help
2007-07-11 14:32:02 0 d-------- C:\Documents and Settings\LocalService\Application Data\Logitech
2007-07-11 14:31:52 47104 --a------ C:\WINDOWS\system32\drivers\vserial.sys <Not Verified; ELTIMA Software; ELTIMA Virtual Serial Ports>
2007-07-11 14:31:52 18167 --a------ C:\WINDOWS\system32\drivers\vsb.sys <Not Verified; ELTIMA Software; ELTIMA Virtual Serial Bus>
2007-07-11 14:30:11 69632 --a------ C:\WINDOWS\system32\KemXML.dll <Not Verified; Logitech Inc.; Logitech SetPoint>
2007-07-11 14:30:11 110592 --a------ C:\WINDOWS\system32\KemWnd.dll <Not Verified; Logitech Inc.; Logitech SetPoint>
2007-07-11 14:30:11 135168 --a------ C:\WINDOWS\system32\KemUtil.dll <Not Verified; Logitech Inc.; Logitech SetPoint>
2007-07-11 14:30:11 163840 --a------ C:\WINDOWS\system32\kemutb.dll <Not Verified; Logitech Inc.; Logitech SetPoint>
2007-07-11 14:30:00 0 d-------- C:\Documents and Settings\All Users\Application Data\Logitech
2007-07-06 20:58:48 70656 --a------ C:\WINDOWS\system32\yv12vfw.dll <Not Verified; www.helixcommunity.org; Helix YV12 YUV Codec>
2007-07-06 20:58:48 394240 --a------ C:\WINDOWS\system32\Smab.dll
2007-07-06 20:58:48 70656 --a------ C:\WINDOWS\system32\i420vfw.dll <Not Verified; www.helixcommunity.org; Helix I420 YUV Codec>
2007-07-06 20:58:48 719872 --a------ C:\WINDOWS\system32\devil.dll <Not Verified; Abysmal Software; Developer's Image Library (DevIL)>
2007-07-06 20:58:48 27648 --a------ C:\WINDOWS\system32\AVSredirect.dll
2007-07-06 20:58:48 318976 --a------ C:\WINDOWS\system32\avisynth.dll <Not Verified; The Public; Avisynth 2.5>
2007-07-06 20:58:48 66560 --a------ C:\WINDOWS\MOTA113.exe
2007-07-06 20:58:47 217073 --a------ C:\WINDOWS\meta4.exe
2007-07-06 20:58:47 0 d-------- C:\Program Files\AviSynth 2.5
2007-07-06 20:57:10 31232 -r-hs---- C:\WINDOWS\system32\msfDX.dll <Not Verified; Hans Mayerl; msfDX.dll>
2007-07-06 20:57:10 163328 -r-hs---- C:\WINDOWS\system32\flvDX.dll <Not Verified; Gabest; FLV Splitter>
2007-07-06 00:11:46 0 d-------- C:\Program Files\Common Files\PCSuite
2007-07-06 00:09:51 0 d-------- C:\Program Files\PC Connectivity Solution
2007-07-06 00:08:07 0 d-------- C:\Documents and Settings\All Users\Application Data\Installations
2007-07-03 16:33:10 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft

-- Find3M Report ---------------------------------------------------------------

2007-07-14 15:19:53 40 --a------ C:\WINDOWS\system32\profile.dat
2007-07-14 00:02:07 0 d-------- C:\Documents and Settings\NKO\Application Data\uTorrent
2007-07-12 20:35:26 0 d-------- C:\Documents and Settings\NKO\Application Data\Microgaming
2007-07-12 12:33:27 0 d-------- C:\Program Files\Common Files\Symantec Shared
2007-07-11 19:11:54 0 d-------- C:\Documents and Settings\NKO\Application Data\Nokia Multimedia Player
2007-07-11 18:59:58 0 d-------- C:\Program Files\Nokia
2007-07-11 18:59:58 0 d-------- C:\Program Files\Common Files\Nokia
2007-07-11 15:40:20 0 d-------- C:\Program Files\Any Password
2007-07-11 14:55:12 0 d-------- C:\Program Files\TrueMoneyGames
2007-07-11 14:44:02 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-07-11 14:32:08 0 d-------- C:\Program Files\Logitech
2007-07-11 14:31:57 0 d-------- C:\Documents and Settings\NKO\Application Data\Logitech
2007-07-11 14:30:16 0 d-------- C:\Program Files\Common Files\Logitech
2007-07-09 11:41:44 0 d-------- C:\Documents and Settings\NKO\Application Data\Canon
2007-07-06 00:25:10 0 d-------- C:\Documents and Settings\NKO\Application Data\Nokia
2007-07-06 00:10:03 0 d-------- C:\Program Files\DIFX
2007-06-30 03:51:23 4 --a------ C:\WINDOWS\bytespersecond.dat
2007-05-29 19:13:48 0 d-------- C:\Documents and Settings\NKO\Application Data\paradisepoker
2007-05-23 10:43:35 0 d-------- C:\Program Files\Combined Community Codec Pack
2007-04-23 18:53:02 40 --a------ C:\WINDOWS\ujf635.bin
2007-04-19 13:26:00 1019904 --a------ C:\WINDOWS\system32\nvwimg.dll
2007-04-19 13:26:00 1703936 --a------ C:\WINDOWS\system32\nvwdmcpl.dll
2007-04-19 13:26:00 466944 --a------ C:\WINDOWS\system32\nvshell.dll
2007-04-19 13:26:00 286720 --a------ C:\WINDOWS\system32\nvnt4cpl.dll
2007-04-19 13:26:00 1626112 --a------ C:\WINDOWS\system32\nwiz.exe
2007-04-19 13:26:00 1474560 --a------ C:\WINDOWS\system32\nview.dll
2007-04-19 13:26:00 581632 --a------ C:\WINDOWS\system32\nvhwvid.dll
2007-04-19 13:26:00 1339392 --a------ C:\WINDOWS\system32\nvdspsch.exe
2007-04-19 13:26:00 442368 --a------ C:\WINDOWS\system32\nvappbar.exe
2007-04-19 13:26:00 212992 --a------ C:\WINDOWS\system32\nvapi.dll
2007-04-19 13:26:00 425984 --a------ C:\WINDOWS\system32\keystone.exe
2007-04-15 16:49:55 673610 --a------ C:\WINDOWS\unins000.exe <Not Verified; ; Inno Setup>
2007-04-15 16:49:55 2589 --a------ C:\WINDOWS\unins000.dat

-- Registry Dump ---------------------------------------------------------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{53707962-6F74-2D53-2644-206D7942484F} C:\PROGRA~1\SPYBOT~1\SDHelper.dll
{68F9551E-0411-48E4-9AAF-4BC42A6A46BE} C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
{AA58ED58-01DD-4d91-8333-CF10577473F7} c:\program files\google\googletoolbar2.dll
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE"
"vptray"="C:\\PROGRA~1\\SYMANT~1\\SYMANT~2\\\\vptray.exe"
"Windows Defender"="\"C:\\Program Files\\Windows Defender\\MSASCui.exe\" -hide"
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE"
"Logitech BT Wizard"="LBTWiz.exe -silent"
"Easy Synchronization"="C:\\Program Files\\Logitech\\Easy Synchronization\\LogitechEasySync.exe"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /install"
"NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.6.0_02\\bin\\jusched.exe\""

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\GoogleToolbarNotifier.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce]
"Easy Synchronization"="C:\\Program Files\\Logitech\\Easy Synchronization\\LogitechEasySync.exe --ports"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Nokia.PCSync"="C:\\Program Files\\Nokia\\Nokia PC Suite 6\\PcSync2.exe /NoDialog"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=dword:00000000

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoViewOnDrive"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"
"{FE24CD78-7C63-465D-8787-4EDF7FC79895}"="ShellExecuteHook class"

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"appinit_dlls"="C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL"

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages REG_MULTI_SZ msv1_0\0\0
Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0
Notification Packages REG_MULTI_SZ scecli\0\0

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Driver
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Guard
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\WdfLoadGroup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^NKO^Start Menu^Programs^Startup^Valid.lnk]
"path"="C:\\Documents and Settings\\NKO\\Start Menu\\Programs\\Startup\\Valid.lnk"
"backup"="C:\\WINDOWS\\pss\\Valid.lnkStartup"
"location"="Startup"
"command"="C:\\Valid.bat "
"item"="Valid"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"=""
"hkey"="HKLM"
"command"=""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="GoogleDesktop"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Google\\Google Desktop Search\\GoogleDesktop.exe\" /startup"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="dumprep 0 -k"
"hkey"="HKLM"
"command"="%systemroot%\\system32\\dumprep 0 -k"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Language"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\CyberLink\\PowerDVD\\Language\\Language.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="MsnMsgr"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NeroCheck"
"hkey"="HKLM"
"command"="C:\\Program Files\\Common Files\\Ahead\\Lib\\NeroCheck.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Norton Ghost 9.0]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="GhostTray"
"hkey"="HKLM"
"command"="C:\\Program Files\\Symantec\\Norton Ghost\\Agent\\GhostTray.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE4]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="OpwareSE4"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\ScanSoft\\OmniPageSE4.0\\OpwareSE4.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="LaunchApplication"
"hkey"="HKLM"
"command"="C:\\Program Files\\Nokia\\Nokia PC Suite 6\\LaunchApplication.exe -startup"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="PDVDServ"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\CyberLink\\PowerDVD\\PDVDServ.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SOUNDMAN"
"hkey"="HKLM"
"command"="SOUNDMAN.EXE"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SSBkgdupdate"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Common Files\\Scansoft Shared\\SSBkgdUpdate\\SSBkgdupdate.exe\" -Embedding -boot"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="steam"
"hkey"="HKCU"
"command"="\"c:\\progra~1\\steam\\steam.exe\" -silent"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="GoogleToolbarNotifier"
"hkey"="HKCU"
"command"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\GoogleToolbarNotifier.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ddeac138-4bb5-11db-82f7-0011d88d951b}]

-- End of Deckard's System Scanner: finished at 2007-07-14 at 16:21:13 ---------

Scanning Report
Saturday, July 14, 2007 13:12:00 - 15:08:16

Computer name: ANTEC
Scanning type: Scan system for viruses, rootkits, spyware
Target: C:\ D:\ E:\ F:\ G:\
Result: 0 malware found
Statistics
Scanned:

* Files: 340786
* System: 4321
* Not scanned: 111

Actions:

* Disinfected: 0
* Renamed: 0
* Deleted: 0
* None: 0
* Submitted: 0

Files not scanned:

* �St �Ft ES\SYMANTEC CLIENT SECURITY\SYMANTEC ANTIVIRUS\SAVRT\0693NAV~.TMP C:\PROGRAM FILES\POSTGRESQL\8.2\DATA\PG_SUBTRANS\0000
* C:\PROGRAM FILES\POSTGRESQL\8.2\DATA\PG_MULTIXACT\OFFSETS\0000
* C:\PROGRAM FILES\POSTGRESQL\8.2\DATA\PG_MULTIXACT\MEMBERS\0000
* C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\USERS\NKO\DATA\CHANDIR.DAT
* C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\USERS\NKO\DATA\L0000001.FCS
* C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\USERS\NKO\DATA\PRS.DAT
* C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\USERS\NKO\DATA\STORYDB.DAT
* C:\program files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\Ad-Aware SE Default.skn
* pft.dat
* C:\DOCUMENTS AND SETTINGS\POSTGRES\NTUSER.DAT
* C:\DOCUMENTS AND SETTINGS\POSTGRES\LOCAL SETTINGS\APPLICATION DATA\MICROSOFT\WINDOWS\USRCLASS.DAT
* C:\DOCUMENTS AND SETTINGS\NKO\NTUSER.DAT
* C:\DOCUMENTS AND SETTINGS\NKO\LOCAL SETTINGS\APPLICATION DATA\X1 DESKTOP SEARCH\ALL-BODY-OFFS-0.DAT
* C:\DOCUMENTS AND SETTINGS\NKO\LOCAL SETTINGS\APPLICATION DATA\X1 DESKTOP SEARCH\ALL-BODY-OFFS-1.DAT
* C:\DOCUMENTS AND SETTINGS\NKO\LOCAL SETTINGS\APPLICATION DATA\X1 DESKTOP SEARCH\ALL-NOTES-OFFS-0.DAT
* C:\DOCUMENTS AND SETTINGS\NKO\LOCAL SETTINGS\APPLICATION DATA\X1 DESKTOP SEARCH\ALL-NOTES-OFFS-1.DAT
* C:\DOCUMENTS AND SETTINGS\NKO\LOCAL SETTINGS\APPLICATION DATA\X1 DESKTOP SEARCH\ALL-NOTES-OFFS-2-BACK.DAT
* C:\DOCUMENTS AND SETTINGS\NKO\LOCAL SETTINGS\APPLICATION DATA\X1 DESKTOP SEARCH\ALL-NOTES-OFFS-2.DAT
* C:\DOCUMENTS AND SETTINGS\NKO\LOCAL SETTINGS\APPLICATION DATA\X1 DESKTOP SEARCH\ALL-OTHER-OFFS-0.DAT
* C:\DOCUMENTS AND SETTINGS\NKO\LOCAL SETTINGS\APPLICATION DATA\X1 DESKTOP SEARCH\ALL-OTHER-OFFS-1.DAT
* C:\DOCUMENTS AND SETTINGS\NKO\LOCAL SETTINGS\APPLICATION DATA\MICROSOFT\WINDOWS DEFENDER\FILETRACKER\{6143B4C4-74E2-4B74-ABB9-2CA76BF96B92}
* C:\DOCUMENTS AND SETTINGS\NKO\LOCAL SETTINGS\APPLICATION DATA\MICROSOFT\WINDOWS\USRCLASS.DAT
* C:\DOCUMENTS AND SETTINGS\NKO\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\GOOGLE DESKTOP\D204AC7DA59C\DBDAM
* C:\DOCUMENTS AND SETTINGS\NKO\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\GOOGLE DESKTOP\D204AC7DA59C\DBEAM
* C:\DOCUMENTS AND SETTINGS\NKO\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\ZA8Y6Q5R.DEFAULT\PARENT.LOCK
* C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\NTUSER.DAT
* C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\LOCAL SETTINGS\APPLICATION DATA\MICROSOFT\WINDOWS\USRCLASS.DAT
* C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\NTUSER.DAT
* C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\LOCAL SETTINGS\APPLICATION DATA\MICROSOFT\WINDOWS\USRCLASS.DAT
* C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\HotsearchBar.zip\nst61.tmp
* C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterFirewallDisableNotify.zip\sbRecovery.reg
* C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterFirewallDisableNotify1.zip\sbRecovery.reg
* C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterFirewallDisableNotify10.zip\sbRecovery.reg
* C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterFirewallDisaM� � E

Options
Scanning engines:

* F-Secure Libra: 2.4.2, 2007-07-13
* F-Secure AVP: 7.0.171, 2007-07-13
* F-Secure Orion: 1.2.37, 2007-07-13
* F-Secure Blacklight: 1.0.64
* F-Secure Draco: 1.0.35, 0260-23-12
* F-Secure Pegasus: 1.19.0, 2007-06-12

Scanning options:

* Scan all files
* Scan inside archives
* Use Advanced heuristics

Copyright © 1998-2006 Product support |Send virus sample to F-Secure
F-Secure assumes no responsibility for material created or published by third parties that F-Secure World Wide Web pages have a link to. Unless you have clearly stated otherwise, by submitting material to any of our servers, for example by E-mail or via our F-Secure's CGI E-mail, you agree that the material you make available may be published in the F-Secure World Wide Pages or hard-copy publications. You will reach F-Secure public web site by clicking on underlined links. While doing this, your access will be logged to our private access statistics with your domain name.This information will not be given to any third party. You agree not to take action against us in relation to material that you submit. Unless you have clearly stated otherwise, by submitting material you warrant that F-Secure may incorporate any concepts described in it in the F-Secure products/publications without liability.
_____________

Mulla on O&O Defrag käytössä, joten pirstaloitumista ei ole.

Ajan CCleanerin ja korjaan rekisterin virheet n. kerran viikossa

Vanhoja Javoja oli paljon. Nyt Java päivitetty ja vanhat poistettu.

c: aseman (windows) virheentarkistus meni läpi, mutta d: aseman (samaa fyysistä c: aseman kanssa) jumitti Phase 4 kohtaan. g: asema (toinen kovo) jumitti myös kohtaan Phase 4. Mulla on PartitionMagic 7.0 käytössä.

Inbound Blocked palomuurissa kasvaa jatkuvasti.

Ominaisuus Arvo
ATA-laitteet
Mallin tunnus ST3200822AS
Sarjanumero 5LJ1X4K9
Revisio 3.01
Puskurointi 8 MB
Sektoreita 16
ECC-tavuja 4

ATA-laitteen fyysiset tiedot
Valmistaja Seagate
Kiintolevy Barracuda 7200.7 SATA 200822
Muoto 3.5"
Koko alustettuna 200 GB
Levyjä 2
Tallennuspintoja 4
Fyysiset mitat 146.56 x 101.85 x 26.1 mm
Enimmäispaino 635 g
Keskimääräinen pyörintäviive 4.16 ms
Pyörimisnopeus 7200 RPM
Enimmäissiirtonopeus 683 Mbittiä/s
Keskimääräinen hakunopeus 8.5 ms
Rajapinta SATA
Puskuri-isäntä-siirtonopeus 150 MB/s
Puskurin koko 8 MB
Heräteaika 10 s

ATA-laitevalmistaja
Yritys Seagate Technology LLC
Tuotetiedot http://www.seagate.com/products

EDIT Diskcheck meni läpi asemassa g: phase 4 kesti vaan todella kauan, kokeilen myös uudestaan asemassa d:

Auttaja · Jul 14, 2007

Se on ihan normaalia että palomuuri blockkaa koko ajan liikennettä.

mormoni · Jul 14, 2007

Disk error check meni läpi kaikissa asemissa.

mormoni · Jul 14, 2007

Päivitin utorrentin 1.7 ja asensin PostrgeSQL, ja näitten jälkeen minusta hitaus alkoi. Utorrentin päivityksen jälkeen alkoivat hyökkäykset koneeseen, tai sitten vaan kiinnitin huomiota asiaan.

Auttaja · Jul 14, 2007

Poista tää kansio C:\Program Files\Any Password ja ohjelma ohjauspaneelin lisää/poista sovelluksen kautta.

mormoni · Jul 14, 2007

öö, mitä tuo ohjelma aiheuttaa? Oon käyttänyt sitä jo useamman vuoden passujen tekoon ja säilytykseen ilman ongelmia.

Auttaja · Jul 14, 2007

Jaaha

http://www.siteadvisor.com/sites/anypassword.com?ref=safesearch&aff_id=0

Mieti sitten uudelleen, voi tietty olla ihan luotettava ohjelma.

mormoni · Jul 14, 2007

Ok, täytyy vaihtaa ohjelmaa.

Oliko vielä muita ehdotuksia?

Ja kiitos näistä ja ajastasi!

Auttaja · Jul 14, 2007

Eipä tässä kai enää muuta.

Pysy puhtaana

-> Tyhjennä järjestelmänpalautus Ohjeet
Tyhjennä järjestelmänpalautuskansio ja luo uusi palautuspiste. Tämä puhdistaa palautuskansion mahdollisista haittaohjelmajäännöksistä.

-> Käytä CCleaneria -> CCleaner
Lataa ja asenna CCleaner. Puhdista väliaikaistiedostot ja -kansiot ohjelmalla säännöllisesti.

-> Asenna SpywareBlaster -> SpywareBlaster
SpywareBlaster estää haittaohjelmia asentumasta koneellesi. Ei kuluta muistia!
Opas saatavilla suomeksi! Nimimerkki Ad-Awaren opas

-> Asenna MVPS Hosts tiedosto -> MVPS Hosts
Estää koneesi yhteyden haitallisiin sivustoihin.
Opas saatavilla suomeksi! Nimimerkki Axelin opas

-> Vaihda selaimesi Firefoxiin -> Firefox
Firefox on nopeampi, turvallisempi ja parempi selain kuin Internet Explorer.

-> Pidä järjestelmäsi ajantasalla. -> Windows Update
Vieraile Windows Updatessa säännöllisesti.

-> Pidä palomuuri ja virustorjunta ajantasalla
Päivitä ja skannaa koneesi säännöllisesti virustorjuntaohjelmallasi.
ja hyvä myös escan http://koti.mbnet.fi/pattaya1/escanmwav.htm

->Pidä ohjelmistosi ajantasalla. -> Secunia Software Inspector
Secunia Software Inspector tutkii sinun järjestälmäsi ja ohjelmistosi puuttuvien turvallisuuspäivityksien osalta. Tavallinen tutkinta kestää normaalisti 5-40 sekuntia, kun läpikotainen (thorough system inspection) voi kestää useita minuutteja.

->Seuraa säännöllisesti viestintäviraston tietoja uusista haavoittuvuuksista -> CERT-FI

Jos tulevaisuudessa tulee haittaohjelmien kanssa ongelmia, älä epäröi laittaa Hijackthis-logia tarkistettavaksi!

Log in or Sign up

Kone hidastunut, Inbound blocked 6000, hjt loki

mormoni Member

Auttaja Guest

mormoni Member

Auttaja Guest

mormoni Member

mormoni Member

Auttaja Guest

mormoni Member

Auttaja Guest

mormoni Member

Auttaja Guest

Share This Page

Log in or Sign up

Kone hidastunut, Inbound blocked 6000, hjt loki

mormoni Member

Auttaja Guest

mormoni Member

Auttaja Guest

mormoni Member

mormoni Member

Auttaja Guest

mormoni Member

Auttaja Guest

mormoni Member

Auttaja Guest

Share This Page

Useful Searches