fixeiros dll contaminados com virus

andrelima · 27 de Março de 2007

Ultimamente tenho reparado q o meu pc nao estava bem, 1º começou a ficar lento e 2º começou a reiniciar-se sozinho, fiz varios scans e todos eles me diziam q tava infectado pelo winlogon.exe mas tb aparecia uns fixeiros dll na pasta de windows\system32 q tb apareciam no scan como virus, os fixeiros dll sao os seguintes espkeblokgri.dll e o nbmkqsyhwqmc.dll infelismente nao consigo apagar nenhum deles, queria saber se alguem me pode ajudar.

Na pagina virustotal fiz um scan aos fixeiros e o resultado foi o seguinte: espkeblokgri.dll

Antivirus Version Update Result
AhnLab-V3 2007.3.27.0 03.26.2007 Win-Trojan/Xema.variant
AntiVir 7.3.1.44 03.26.2007 TR/WinLogonHook.D.4
Authentium 4.93.8 03.26.2007 W32/Downloader.BETZ
Avast 4.7.936.0 03.25.2007 Win32:Trojan-gen. {Other}
AVG 7.5.0.447 03.26.2007 Clicker.EGY
BitDefender 7.2 03.27.2007 Trojan.WinLogonHook.D
CAT-QuickHeal 9.00 03.26.2007 TrojanDownloader.Delf.amb
ClamAV devel-20070312 03.27.2007 Trojan.Downloader-3238
DrWeb 4.33 03.26.2007 Trojan.DownLoader.19262
eSafe 7.0.14.0 03.26.2007 no virus found
eTrust-Vet 30.6.3512 03.26.2007 no virus found
Ewido 4.0 03.25.2007 Hijacker.BHO.naj
FileAdvisor 1 03.27.2007 no virus found
Fortinet 2.85.0.0 03.26.2007 no virus found
F-Prot 4.3.1.45 03.26.2007 W32/Downloader.BETZ
F-Secure 6.70.13030.0 03.26.2007 Trojan-Downloader.Win32.Delf.amb
Ikarus T3.1.1.3 03.26.2007 Trojan.WinlogonHook.D
Kaspersky 4.0.2.24 03.27.2007 Trojan-Downloader.Win32.Delf.amb
McAfee 4992 03.26.2007 no virus found
Microsoft 1.2306 03.27.2007 no virus found
NOD32v2 2145 03.26.2007 Win32/TrojanClicker.BHO.NAJ
Norman 5.80.02 03.23.2007 W32/Delf.ACVW
Panda 9.0.0.4 03.27.2007 Suspicious file
Prevx1 V2 03.27.2007 no virus found
Sophos 4.15.0 03.23.2007 no virus found
Sunbelt 2.2.907.0 03.24.2007 no virus found
Symantec 10 03.27.2007 no virus found
TheHacker 6.1.6.080 03.23.2007 no virus found
UNA 1.83 03.16.2007 TrojanDownloader.Win32.Delf.1DA7
VBA32 3.11.2 03.26.2007 suspected of Trojan-Downloader.Delf.2
VirusBuster 4.3.7:9 03.26.2007 Trojan.WinlogonHook.Gen
Webwasher-Gateway 6.0.1 03.26.2007 Trojan.WinLogonHook.D.4

Aditional Information
File size: 71223 bytes
MD5: febe42f165c8bad131ddb69c8627e95c
SHA1: f8a95bfeeff27009cf2c0e6fe864cfc9b692e080
packers: UPX
packers: UPX

o resultado para nbmkqsyhwqmc.dll

Antivirus Version Update Result
AhnLab-V3 2007.3.27.0 03.26.2007 Win-Trojan/Xema.variant
AntiVir 7.3.1.44 03.26.2007 TR/WinLogonHook.D.4
Authentium 4.93.8 03.26.2007 W32/Downloader.BETZ
Avast 4.7.936.0 03.25.2007 Win32:Trojan-gen. {Other}
AVG 7.5.0.447 03.26.2007 Clicker.EGY
BitDefender 7.2 03.27.2007 Trojan.WinLogonHook.D
CAT-QuickHeal 9.00 03.26.2007 TrojanDownloader.Delf.amb
ClamAV devel-20070312 03.27.2007 Trojan.Downloader-3238
DrWeb 4.33 03.26.2007 Trojan.DownLoader.19262
eSafe 7.0.14.0 03.26.2007 no virus found
eTrust-Vet 30.6.3512 03.26.2007 no virus found
Ewido 4.0 03.25.2007 Hijacker.BHO.naj
FileAdvisor 1 03.27.2007 no virus found
Fortinet 2.85.0.0 03.26.2007 no virus found
F-Prot 4.3.1.45 03.26.2007 W32/Downloader.BETZ
F-Secure 6.70.13030.0 03.26.2007 Trojan-Downloader.Win32.Delf.amb
Ikarus T3.1.1.3 03.26.2007 Trojan.WinlogonHook.D
Kaspersky 4.0.2.24 03.27.2007 Trojan-Downloader.Win32.Delf.amb
McAfee 4992 03.26.2007 no virus found
Microsoft 1.2306 03.27.2007 no virus found
NOD32v2 2145 03.26.2007 Win32/TrojanClicker.BHO.NAJ
Norman 5.80.02 03.23.2007 W32/Delf.ACVW
Panda 9.0.0.4 03.27.2007 Suspicious file
Prevx1 V2 03.27.2007 no virus found
Sophos 4.15.0 03.23.2007 no virus found
Sunbelt 2.2.907.0 03.24.2007 no virus found
Symantec 10 03.27.2007 no virus found
TheHacker 6.1.6.080 03.23.2007 no virus found
UNA 1.83 03.16.2007 TrojanDownloader.Win32.Delf.1DA7
VBA32 3.11.2 03.26.2007 suspected of Trojan-Downloader.Delf.2
VirusBuster 4.3.7:9 03.26.2007 Trojan.WinlogonHook.Gen
Webwasher-Gateway 6.0.1 03.26.2007 Trojan.WinLogonHook.D.4

Aditional Information
File size: 71223 bytes
MD5: 2a85fb168edf3f88ecee7c085399a32e
SHA1: f1cb2a3de150d2b8e8e2a4fb29b982db12618f03
packers: UPX
packers: UPX
packers: UPX

Sera q alguem me pode ajudar?!
Obrigado

DavidJamez · 27 de Março de 2007

usa o killbox e mandas fazer delete on reboot a esses ficheiros dll, assim ja nao devem ser carregados pelo winlogon. depois de fazeres reboot fazes um scan com o hijackthis e postas aqui o log

andrelima · 28 de Março de 2007

DavidJamez disse:
usa o killbox e mandas fazer delete on reboot a esses ficheiros dll, assim ja nao devem ser carregados pelo winlogon. depois de fazeres reboot fazes um scan com o hijackthis e postas aqui o log

tentei fazer o scan com o hijackthis mas ao abri-lo ele fecha-se logo de seguida nao da tempo a fazer nada, tentei fazer uma pesquisa na net a procura de outro hijackthis pois pensei q podia ter uma versao desatualizada mas qd abre a pagina de resultados fecha-se logo a janela tentei de tudo mas nao consegui, sera q posso fazer mais alguma coisa

DavidJamez · 28 de Março de 2007

se o hijackthis fecha sozinho é pk existe algum processo na memoria que o obriga a fechar. tenta fazer isso em modo de segurança para ver se o problema se mantem.
presumo que tenhas ja apagado os dll's com o killbox, certo?

luikki · 28 de Março de 2007

se o hjt fecha sózinho quer dizer que está bem infectado!
vê aqui instruções de comop resolver.....

andrelima · 28 de Março de 2007

DavidJamez disse:
se o hijackthis fecha sozinho é pk existe algum processo na memoria que o obriga a fechar. tenta fazer isso em modo de segurança para ver se o problema se mantem.
presumo que tenhas ja apagado os dll's com o killbox, certo?

ja consegui abrir o hijackthis aqui vai o log

Logfile of HijackThis v1.99.1
Scan saved at 12:53:23, on 28-03-2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programas\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O4 - HKLM\..\Run: [CTAvTray] C:\Programas\Creative\SBLive\Program\CTAvTray.EXE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\RunOnce: [CTAVTray] C:\Programas\Creative\SBLive\Program\CTAvStub.EXE EAX.AVI
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.5.0_10\bin\npjpi150_10.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.5.0_10\bin\npjpi150_10.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe (file missing)
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1168895376031
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/PhtPkMSN.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {A1F2F2CE-06AF-483C-9F12-D3BAA72477D6} (BatchDownloader Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/DigWXMSN.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: espkeblokgri - C:\WINDOWS\system32\espkeblokgri.dll (file missing)
O20 - Winlogon Notify: nbmkqsyhwqmc - C:\WINDOWS\system32\nbmkqsyhwqmc.dll (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Programas\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Programas\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe

DavidJamez · 28 de Março de 2007

O20 - Winlogon Notify: espkeblokgri - C:\WINDOWS\system32\espkeblokgri.dll (file missing)
O20 - Winlogon Notify: nbmkqsyhwqmc - C:\WINDOWS\system32\nbmkqsyhwqmc.dll (file missing)

remove estes 2 e faz reboot.
tenta depois abrir o hijackthis novamente. se voltar a fechar sozinho é pk deve haver algum rootkit ai metido.

andrelima · 28 de Março de 2007

DavidJamez disse:
O20 - Winlogon Notify: espkeblokgri - C:\WINDOWS\system32\espkeblokgri.dll (file missing)
O20 - Winlogon Notify: nbmkqsyhwqmc - C:\WINDOWS\system32\nbmkqsyhwqmc.dll (file missing)

remove estes 2 e faz reboot.
tenta depois abrir o hijackthis novamente. se voltar a fechar sozinho é pk deve haver algum rootkit ai metido.

agora nao encontro esses 2 ficheiros, mas ja consigo abrir o hijackthis fiz o scan e o log parece ser o mesmo

Logfile of HijackThis v1.99.1
Scan saved at 14:15:03, on 28-03-2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Programas\Alwil Software\Avast4\aswUpdSv.exe
C:\Programas\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\Programas\Creative\SBLive\Program\CTAvTray.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Programas\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Programas\Alwil Software\Avast4\ashWebSv.exe
C:\Programas\MSN Messenger\usnsvc.exe
C:\Programas\eMule\emule.exe
C:\Programas\Mozilla Firefox\firefox.exe
C:\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pt/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 165.228.128.10:3128
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hiperligações
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programas\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O4 - HKLM\..\Run: [CTAvTray] C:\Programas\Creative\SBLive\Program\CTAvTray.EXE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\RunOnce: [CTAVTray] C:\Programas\Creative\SBLive\Program\CTAvStub.EXE EAX.AVI
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe (file missing)
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1168895376031
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/PhtPkMSN.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {A1F2F2CE-06AF-483C-9F12-D3BAA72477D6} (BatchDownloader Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/DigWXMSN.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: espkeblokgri - C:\WINDOWS\system32\espkeblokgri.dll (file missing)
O20 - Winlogon Notify: nbmkqsyhwqmc - C:\WINDOWS\system32\nbmkqsyhwqmc.dll (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Programas\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Programas\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe

sera q tenho de fazer mais alguma coisa?!
mais uma vez obrigado

DavidJamez · 28 de Março de 2007

aquelas 2 linhas que pedi para removeres voltaram a aparecer mas como os dll's em causa ja foram apagados eu sugeria que deixasses ficar isso assim.

andrelima · 28 de Março de 2007

DavidJamez disse:
aquelas 2 linhas que pedi para removeres voltaram a aparecer mas como os dll's em causa ja foram apagados eu sugeria que deixasses ficar isso assim.

ok, mas sabes me dizer se de resto ta td bem ou aparenta estar?!
mais uma vez obrigado

DavidJamez · 28 de Março de 2007

de resto nada de perigoso a assinalar.

andrelima · 29 de Março de 2007

DavidJamez disse:
de resto nada de perigoso a assinalar.

ok
obrigado mais uma vez

fixeiros dll contaminados com virus

andrelima

Membro

DavidJamez

Power Member

andrelima

Membro

DavidJamez

Power Member

luikki

Power Member

andrelima

Membro

DavidJamez

Power Member

andrelima

Membro

DavidJamez

Power Member

andrelima

Membro

DavidJamez

Power Member

andrelima

Membro