C:\se12ydam.exe PROSZĘ O POMOC

dezerter75 · 18 Październik 2009 16:35

Witam i proszę o pomoc. Jak to usunąć? Sophos niczego nie wykrywa, awast także. Zrobiłem skan NOD32 i ten nic nie widzi. Zainstalowałem teraz HjT, ale nie wiem jak podać log-jestem zielony. Komp mi każe zamknąć system i skanować w fazie rozruchu. Zrobiłem to 2 razy i dalej to samo. Może ktoś pomoże? Dziękuję z góry.

jessica · 18 Październik 2009 16:44

Zamiast logu z Hijacka lepiej daj log z OTL

Log wklej na http://wklejto.pl/, a w poście podaj tylko link (adres z paska adresów).

jessi

dezerter75 · 18 Październik 2009 17:10

jessica-czy to g+++++ mogło się zainstalować z pendrive? Nic się nie działo dopóki brat nie ściągał plików ze strony asusa, bezpośrednio na pamięć przenośną.

– Dodane 18.10.2009 (N) 19:26 –

http://wklejto.pl/44745 log z otl

– Dodane 18.10.2009 (N) 19:28 –

Pełny log:

OTL logfile created on: 2009-10-18 19:04:26 - Run 1

OTL by OldTimer - Version 3.0.21.0 Folder = H:\otl

Windows XP Professional Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 6.0.2900.5512)

Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

511,48 Mb Total Physical Memory | 145,50 Mb Available Physical Memory | 28,45% Memory free

1,59 Gb Paging File | 1,23 Gb Available in Paging File | 77,02% Paging File free

Paging file location(s): C:\pagefile.sys 384 766H:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 6,83 Gb Total Space | 0,73 Gb Free Space | 10,74% Space Free | Partition Type: NTFS

Drive D: | 14,65 Gb Total Space | 5,59 Gb Free Space | 38,15% Space Free | Partition Type: NTFS

Drive E: | 15,79 Gb Total Space | 1,36 Gb Free Space | 8,59% Space Free | Partition Type: NTFS

F: Drive not present or media not loaded

Drive G: | 18,62 Gb Total Space | 13,34 Gb Free Space | 71,63% Space Free | Partition Type: NTFS

Drive H: | 18,63 Gb Total Space | 2,88 Gb Free Space | 15,48% Space Free | Partition Type: NTFS

I: Drive not present or media not loaded

Computer Name: GRZECHO-BA5B07F

Current User Name: grzecho

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Standard

========== Processes (SafeList) ==========

PRC - [2009-10-18 19:04:05 | 00,521,216 | ---- | M] (OldTimer Tools) – H:\otl\OTL.exe

PRC - [2009-10-03 20:56:21 | 00,307,704 | ---- | M] (Mozilla Corporation) – C:\Program Files\Mozilla Firefox\firefox.exe

PRC - [2009-09-15 12:56:48 | 00,081,000 | ---- | M] (ALWIL Software) – C:\Program Files\Alwil Software\Avast4\ashDisp.exe

PRC - [2009-09-15 12:56:43 | 00,138,680 | ---- | M] (ALWIL Software) – C:\Program Files\Alwil Software\Avast4\ashServ.exe

PRC - [2009-09-15 12:56:28 | 00,254,040 | ---- | M] (ALWIL Software) – C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

PRC - [2009-09-15 12:54:13 | 00,352,920 | ---- | M] (ALWIL Software) – C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

PRC - [2009-09-15 12:49:40 | 00,018,752 | ---- | M] (ALWIL Software) – C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

PRC - [2008-04-14 22:51:18 | 01,035,264 | ---- | M] (Microsoft Corporation) – C:\WINDOWS\Explorer.EXE

PRC - [2007-06-11 16:14:51 | 00,517,040 | ---- | M] ( ) – C:\WINDOWS\System32\lxdicoms.exe

PRC - [2007-06-11 16:14:42 | 00,099,248 | ---- | M] (Lexmark International, Inc.) – C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxdiserv.exe

PRC - [2006-05-03 18:43:46 | 00,413,696 | ---- | M] (ATI Technologies Inc.) – C:\WINDOWS\System32\Ati2evxx.exe

PRC - [2005-01-28 13:44:28 | 00,038,912 | ---- | M] (Microsoft Corporation) – C:\WINDOWS\System32\wdfmgr.exe

PRC - [2003-02-25 07:52:00 | 00,303,104 | ---- | M] (Lexmark International, Inc.) – C:\WINDOWS\System32\LEXBCES.EXE

PRC - [2003-02-25 07:50:00 | 00,174,592 | ---- | M] (Lexmark International, Inc.) – C:\WINDOWS\System32\LEXPPS.EXE

PRC - [2002-04-12 01:00:00 | 00,057,344 | ---- | M] (brother Industries Ltd) – C:\WINDOWS\System32\brsvc01a.exe

PRC - [2001-12-13 01:01:00 | 00,045,056 | ---- | M] (brother Industries Ltd) – C:\WINDOWS\System32\brss01a.exe

========== Win32 Services (SafeList) ==========

SRV - File not found – -- (NMIndexingService [On_Demand | Stopped])

SRV - [2009-10-18 10:08:33 | 00,482,176 | ---- | M] (Sysinternals - www.sysinternals.com) – C:\Documents and Settings\grzecho\Ustawienia lokalne\Temp\XQRKNXYPQXTLWH.exe – (XQRKNXYPQXTLWH [On_Demand | Stopped])

SRV - [2009-10-18 10:07:55 | 00,433,024 | ---- | M] (Sysinternals - www.sysinternals.com) – C:\Documents and Settings\grzecho\Ustawienia lokalne\Temp\YTEQKL.exe – (YTEQKL [On_Demand | Stopped])

SRV - [2009-09-15 12:56:43 | 00,138,680 | ---- | M] (ALWIL Software) – C:\Program Files\Alwil Software\Avast4\ashServ.exe – (avast! Antivirus [Auto | Running])

SRV - [2009-09-15 12:56:28 | 00,254,040 | ---- | M] (ALWIL Software) – C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe – (avast! Mail Scanner [On_Demand | Running])

SRV - [2009-09-15 12:54:13 | 00,352,920 | ---- | M] (ALWIL Software) – C:\Program Files\Alwil Software\Avast4\ashWebSv.exe – (avast! Web Scanner [On_Demand | Running])

SRV - [2009-09-15 12:49:40 | 00,018,752 | ---- | M] (ALWIL Software) – C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe – (aswUpdSv [Auto | Running])

SRV - [2008-07-29 21:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation) – C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe – (FontCache3.0.0.0 [On_Demand | Stopped])

SRV - [2008-07-29 19:24:50 | 00,881,664 | ---- | M] (Microsoft Corporation) – C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe – (idsvc [unknown | Stopped])

SRV - [2008-07-29 19:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation) – C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe – (NetTcpPortSharing [Disabled | Stopped])

SRV - [2008-07-25 11:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) – C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe – (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])

SRV - [2008-07-25 11:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation) – C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe – (aspnet_state [On_Demand | Stopped])

SRV - [2008-04-14 22:50:46 | 00,038,400 | ---- | M] (Microsoft Corporation) – C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll – (helpsvc [Auto | Running])

SRV - [2007-06-11 16:14:51 | 00,517,040 | ---- | M] ( ) – C:\WINDOWS\System32\lxdicoms.exe – (lxdi_device [Auto | Running])

SRV - [2007-06-11 16:14:42 | 00,099,248 | ---- | M] (Lexmark International, Inc.) – C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxdiserv.exe – (lxdiCATSCustConnectService [Auto | Running])

SRV - [2006-10-26 19:49:34 | 00,441,136 | ---- | M] (Microsoft Corporation) – C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE – (odserv [On_Demand | Stopped])

SRV - [2006-10-26 13:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) – C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE – (ose [On_Demand | Stopped])

SRV - [2006-05-03 18:43:46 | 00,413,696 | ---- | M] (ATI Technologies Inc.) – C:\WINDOWS\System32\Ati2evxx.exe – (Ati HotKey Poller [Auto | Running])

SRV - [2006-05-03 11:57:00 | 00,520,192 | ---- | M] () – C:\WINDOWS\System32\ati2sgag.exe – (ATI Smart [Auto | Stopped])

SRV - [2005-01-28 13:44:28 | 00,038,912 | ---- | M] (Microsoft Corporation) – C:\WINDOWS\System32\wdfmgr.exe – (UMWdf [Auto | Running])

SRV - [2003-05-05 20:30:22 | 00,065,536 | ---- | M] (Brother Industries, Ltd.) – C:\WINDOWS\System32\Brmfrmps.exe – (brmfrmps [Disabled | Stopped])

SRV - [2003-02-25 07:52:00 | 00,303,104 | ---- | M] (Lexmark International, Inc.) – C:\WINDOWS\System32\LEXBCES.EXE – (LexBceS [Auto | Running])

SRV - [2002-04-12 01:00:00 | 00,057,344 | ---- | M] (brother Industries Ltd) – C:\WINDOWS\System32\brsvc01a.exe – (Brother XP spl Service [Auto | Running])

========== Driver Services (SafeList) ==========

DRV - [2009-09-15 12:56:14 | 00,094,160 | ---- | M] (ALWIL Software) – C:\WINDOWS\System32\drivers\aswmon2.sys – (aswMon2 [Auto | Running])

DRV - [2009-09-15 12:55:30 | 00,114,768 | ---- | M] (ALWIL Software) – C:\WINDOWS\System32\drivers\aswSP.sys – (aswSP [system | Running])

DRV - [2009-09-15 12:55:19 | 00,020,560 | ---- | M] (ALWIL Software) – C:\WINDOWS\System32\DRIVERS\aswFsBlk.sys – (aswFsBlk [Auto | Running])

DRV - [2009-09-15 12:54:30 | 00,052,368 | ---- | M] (ALWIL Software) – C:\WINDOWS\System32\drivers\aswTdi.sys – (aswTdi [system | Running])

DRV - [2009-09-15 12:54:21 | 00,023,152 | ---- | M] (ALWIL Software) – C:\WINDOWS\System32\drivers\aswRdr.sys – (aswRdr [On_Demand | Running])

DRV - [2009-09-15 12:53:24 | 00,027,408 | ---- | M] (ALWIL Software) – C:\WINDOWS\System32\drivers\aavmker4.sys – (Aavmker4 [system | Running])

DRV - [2009-07-21 10:57:31 | 00,047,360 | ---- | M] (VSO Software) – C:\WINDOWS\System32\Drivers\pcouffin.sys – (pcouffin [On_Demand | Running])

DRV - [2009-01-16 21:41:35 | 00,022,368 | ---- | M] (Sony Ericsson Mobile Communications) – C:\WINDOWS\System32\DRIVERS\ggsemc.sys – (ggsemc [On_Demand | Stopped])

DRV - [2009-01-16 21:41:35 | 00,010,976 | ---- | M] (Sony Ericsson Mobile Communications) – C:\WINDOWS\System32\DRIVERS\ggflt.sys – (ggflt [On_Demand | Stopped])

DRV - [2008-08-20 19:58:58 | 00,044,944 | ---- | M] (Sonic Solutions) – C:\WINDOWS\System32\Drivers\PxHelp20.sys – (PxHelp20 [boot | Running])

DRV - [2008-07-10 15:29:52 | 00,101,376 | ---- | M] (Huawei Technologies Co., Ltd.) – C:\WINDOWS\System32\DRIVERS\ewusbmdm.sys – (hwdatacard [On_Demand | Stopped])

DRV - [2008-05-16 13:33:14 | 00,115,752 | ---- | M] (MCCI Corporation) – C:\WINDOWS\System32\DRIVERS\s0016unic.sys – (s0016unic [On_Demand | Stopped])

DRV - [2008-05-16 13:33:14 | 00,025,512 | ---- | M] (MCCI Corporation) – C:\WINDOWS\System32\DRIVERS\s0016nd5.sys – (s0016nd5 [On_Demand | Stopped])

DRV - [2008-05-16 13:33:14 | 00,015,016 | ---- | M] (MCCI Corporation) – C:\WINDOWS\System32\DRIVERS\s0016mdfl.sys – (s0016mdfl [On_Demand | Stopped])

DRV - [2008-05-16 13:33:12 | 00,120,744 | ---- | M] (MCCI Corporation) – C:\WINDOWS\System32\DRIVERS\s0016mdm.sys – (s0016mdm [On_Demand | Stopped])

DRV - [2008-05-16 13:33:12 | 00,114,216 | ---- | M] (MCCI Corporation) – C:\WINDOWS\System32\DRIVERS\s0016mgmt.sys – (s0016mgmt [On_Demand | Stopped])

DRV - [2008-05-16 13:33:12 | 00,110,632 | ---- | M] (MCCI Corporation) – C:\WINDOWS\System32\DRIVERS\s0016obex.sys – (s0016obex [On_Demand | Stopped])

DRV - [2008-05-16 13:33:12 | 00,089,256 | ---- | M] (MCCI Corporation) – C:\WINDOWS\System32\DRIVERS\s0016bus.sys – (s0016bus [On_Demand | Stopped])

DRV - [2008-04-14 00:15:30 | 00,010,624 | ---- | M] (Microsoft Corporation) – C:\WINDOWS\System32\DRIVERS\gameenum.sys – (gameenum [On_Demand | Running])

DRV - [2007-11-13 12:25:55 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) – C:\WINDOWS\System32\DRIVERS\secdrv.sys – (Secdrv [On_Demand | Stopped])

DRV - [2007-07-11 15:51:48 | 00,019,840 | ---- | M] (LG Electronics Inc.) – C:\WINDOWS\System32\DRIVERS\lgusbdiag.sys – (UsbDiag [On_Demand | Stopped])

DRV - [2007-07-11 10:45:00 | 00,021,632 | ---- | M] (LG Electronics Inc.) – C:\WINDOWS\System32\DRIVERS\lgusbmodem.sys – (USBModem [On_Demand | Stopped])

DRV - [2007-07-11 10:40:18 | 00,012,416 | ---- | M] (LG Electronics Inc.) – C:\WINDOWS\System32\DRIVERS\lgusbbus.sys – (usbbus [On_Demand | Stopped])

DRV - [2007-02-27 12:39:26 | 00,032,256 | ---- | M] () – H:\programy\spyware\SASKUTIL.sys – (SASKUTIL [system | Running])

DRV - [2006-10-10 13:53:48 | 00,005,632 | ---- | M] () – H:\programy\spyware\SASDIFSV.SYS – (SASDIFSV [system | Running])

DRV - [2006-05-03 18:50:42 | 01,540,608 | ---- | M] (ATI Technologies Inc.) – C:\WINDOWS\System32\DRIVERS\ati2mtag.sys – (ati2mtag [On_Demand | Running])

DRV - [2006-02-16 17:51:08 | 00,004,096 | R— | M] (SuperAdBlocker, Inc.) – H:\programy\spyware\SASENUM.SYS – (SASENUM [On_Demand | Stopped])

DRV - [2004-08-04 00:31:34 | 00,020,992 | ---- | M] (Realtek Semiconductor Corporation) – C:\WINDOWS\System32\DRIVERS\RTL8139.SYS – (rtl8139 [On_Demand | Running])

DRV - [2004-08-04 00:29:56 | 01,897,408 | ---- | M] (NVIDIA Corporation) – C:\WINDOWS\System32\DRIVERS\nv4_mini.sys – (nv [On_Demand | Stopped])

DRV - [2004-06-10 01:42:38 | 00,015,429 | R— | M] ( ) – C:\WINDOWS\System32\DRIVERS\Sacm2A.sys – (USBCM [On_Demand | Stopped])

DRV - [2003-12-19 22:15:50 | 00,015,263 | ---- | M] (Brother Industries Ltd.) – C:\WINDOWS\System32\Drivers\BrScnUsb.sys – (BrScnUsb [On_Demand | Stopped])

DRV - [2003-07-18 09:58:20 | 00,036,992 | ---- | M] (Silicon Integrated Systems Corporation) – C:\WINDOWS\system32\DRIVERS\SISAGPX.sys – (sisagp [boot | Running])

DRV - [2003-04-08 09:56:36 | 00,820,133 | R— | M] (Silicon Integrated Systems Corporation) – C:\WINDOWS\System32\drivers\sis7012.sys – (SiS7012 [On_Demand | Running])

DRV - [2001-10-26 17:05:44 | 00,006,912 | ---- | M] (Microsoft Corporation) – C:\WINDOWS\System32\DRIVERS\serscan.sys – (StillCam [On_Demand | Stopped])

DRV - [2001-08-18 00:00:04 | 00,002,944 | ---- | M] (Microsoft Corporation) – C:\WINDOWS\System32\drivers\msmpu401.sys – (ms_mpu401 [On_Demand | Running])

DRV - [2001-08-17 23:49:56 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) – C:\WINDOWS\System32\DRIVERS\ptilink.sys – (Ptilink [On_Demand | Running])

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dl … ar=msnhome

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dl … r=iesearch

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl … r=iesearch

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKLM…\URLSearchHook: {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll File not found

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl … r=iesearch

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.pl/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.google.pl/

IE - HKCU…\URLSearchHook: {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll File not found

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: “ProxyEnable” = 1

========== FireFox ==========

FF - prefs.js…browser.search.defaultenginename: “Winamp Search”

FF - prefs.js…browser.search.defaultthis.engineName: “Odkrywca Customized Web Search”

FF - prefs.js…browser.search.defaulturl: “http://search.conduit.com/ResultsExt.aspx?ctid=CT664217&SearchSource=3&q={searchTerms}”

FF - prefs.js…browser.search.selectedEngine: “Odkrywca Customized Web Search”

FF - prefs.js…browser.search.useDBForOrder: true

FF - prefs.js…browser.startup.homepage: “http://www.google.pl/”

FF - prefs.js…extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1

FF - prefs.js…extensions.enabledItems: 6

FF - prefs.js…extensions.enabledItems: 2

FF - prefs.js…extensions.enabledItems: 48

FF - prefs.js…extensions.enabledItems: {bab31fc4-cb97-46f4-9565-26d65225cc2c}:2.4.0.4

FF - prefs.js…extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.14

FF - HKLM\software\mozilla\Firefox\Extensions\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009-10-01 06:12:40 | 00,000,000 | —D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.0.14\extensions\Components: C:\Program Files\Mozilla Firefox\components [2009-10-04 10:56:30 | 00,000,000 | —D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.0.14\extensions\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009-10-16 11:42:24 | 00,000,000 | —D | M]

[2009-01-11 09:57:21 | 00,000,000 | —D | M] – C:\Documents and Settings\grzecho\Dane aplikacji\mozilla\Extensions

[2009-01-11 09:57:21 | 00,000,000 | —D | M] – C:\Documents and Settings\grzecho\Dane aplikacji\mozilla\Extensions{ec8030f7-c20a-464f-9b0e-13a3a9e97384}

[2009-10-18 00:21:59 | 00,000,000 | —D | M] – C:\Documents and Settings\grzecho\Dane aplikacji\mozilla\Firefox\Profiles\z0i57ee7.default\extensions

[2009-10-09 14:01:19 | 00,000,000 | —D | M] – C:\Documents and Settings\grzecho\Dane aplikacji\mozilla\Firefox\Profiles\z0i57ee7.default\extensions{bab31fc4-cb97-46f4-9565-26d65225cc2c}

[2009-10-06 15:04:52 | 00,000,000 | —D | M] – C:\Documents and Settings\grzecho\Dane aplikacji\mozilla\Firefox\Profiles\z0i57ee7.default\extensions{db73846f-ede5-40bc-9bdc-8baa877be605}

[2009-10-03 20:59:45 | 00,000,000 | —D | M] – C:\Documents and Settings\grzecho\Dane aplikacji\mozilla\Firefox\Profiles\z0i57ee7.default\extensions{E2883E8F-472F-4fb0-9522-AC9BF37916A7}

[2009-09-01 14:04:54 | 00,000,876 | ---- | M] () – C:\Documents and Settings\grzecho\Dane aplikacji\Mozilla\FireFox\Profiles\z0i57ee7.default\searchplugins\conduit.xml

[2009-10-17 18:46:27 | 00,000,000 | —D | M] – C:\Program Files\mozilla firefox\extensions

[2009-10-03 20:56:21 | 00,000,000 | —D | M] – C:\Program Files\mozilla firefox\extensions{972ce4c6-7e08-4474-a285-3208198ce6fd}

[2009-10-03 20:56:15 | 00,023,032 | ---- | M] (Mozilla Foundation) – C:\Program Files\mozilla firefox\components\browserdirprovider.dll

[2009-10-03 20:56:15 | 00,134,648 | ---- | M] (Mozilla Foundation) – C:\Program Files\mozilla firefox\components\brwsrcmp.dll

[2008-01-23 08:20:30 | 00,491,520 | ---- | M] (BitComet) – C:\Program Files\mozilla firefox\plugins\npBitCometAgent.dll

[2009-10-03 20:56:27 | 00,065,528 | ---- | M] (mozilla.org) – C:\Program Files\mozilla firefox\plugins\npnul32.dll

[2006-10-26 20:12:16 | 00,016,192 | ---- | M] (Microsoft Corporation) – C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL

[2003-05-15 10:01:48 | 00,133,376 | ---- | M] (Adobe Systems Inc.) – C:\Program Files\mozilla firefox\plugins\nppdf32.dll

[2009-09-23 16:37:30 | 00,032,448 | ---- | M] (NOS Microsystems Ltd.) – C:\Program Files\mozilla firefox\plugins\np_gp.dll

[2009-10-03 20:56:29 | 00,002,767 | ---- | M] () – C:\Program Files\mozilla firefox\searchplugins\allegro-pl.xml

[2009-10-03 20:56:29 | 00,001,406 | ---- | M] () – C:\Program Files\mozilla firefox\searchplugins\fbc-pl.xml

[2009-10-03 20:56:29 | 00,001,706 | ---- | M] () – C:\Program Files\mozilla firefox\searchplugins\google.xml

[2009-10-03 20:56:29 | 00,000,917 | ---- | M] () – C:\Program Files\mozilla firefox\searchplugins\merlin-pl.xml

[2009-10-03 20:56:29 | 00,000,858 | ---- | M] () – C:\Program Files\mozilla firefox\searchplugins\pwn-pl.xml

[2009-10-03 20:56:29 | 00,001,183 | ---- | M] () – C:\Program Files\mozilla firefox\searchplugins\wikipedia-pl.xml

[2009-10-03 20:56:29 | 00,001,683 | ---- | M] () – C:\Program Files\mozilla firefox\searchplugins\wp-pl.xml

O1 HOSTS File: (96 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts

O1 - Hosts:

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (Shareaza Web Download Hook) - {0EEDB912-C5FA-486F-8334-57288578C627} - C:\programy\bear mp3\BearShare MP3\Plugins\RazaWebHook.dll File not found

O2 - BHO: (Lexmark Pasek narzędzi) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll File not found

O2 - BHO: (Winamp Toolbar Loader) - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll File not found

O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)

O3 - HKLM…\Toolbar: (Lexmark Pasek narzędzi) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll File not found

O3 - HKLM…\Toolbar: (Winamp Toolbar) - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll File not found

O3 - HKCU…\Toolbar\WebBrowser: (Lexmark Pasek narzędzi) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll File not found

O4 - HKLM…\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)

O4 - HKCU…\Run: [cdoosoft] C:\Documents and Settings\grzecho\Ustawienia lokalne\Temp\herss.exe ()

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O8 - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html File not found

O8 - Extra context menu item: Download with &Shareaza - C:\programy\bear mp3\BearShare MP3\Plugins\RazaWebHook.dll File not found

O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - H:\microsoft word\Office12\EXCEL.EXE (Microsoft Corporation)

O9 - Extra ‘Tools’ menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun Microsystems, Inc.)

O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - H:\microsoft word\Office12\REFIEBAR.DLL (Microsoft Corporation)

O9 - Extra ‘Tools’ menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)

O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)

O9 - Extra ‘Tools’ menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)

O15 - HKLM…Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.

O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/ … vc1dmo.cab (Reg Error: Key error.)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://javadl.sun.com/webapps/download/ … leId=23100 (Java Plug-in 1.6.0_07)

O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta … s-i586.cab (Java Plug-in 1.6.0_07)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/sh … wflash.cab (Shockwave Flash Object)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 88.156.96.61 82.139.8.7 88.156.63.9

O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ipp - No CLSID value found

O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp - No CLSID value found

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)

O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)

O20 - Winlogon\Notify!SASWinLogon: DllName - H:\programy\spyware\SASWINLO.dll - H:\programy\spyware\SASWINLO.dll (SUPERAntiSpyware.com)

O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\Ati2evxx.dll (ATI Technologies Inc.)

O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home

O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - H:\programy\spyware\SASSEH.DLL (SuperAdBlocker.com)

O31 - SafeBoot: AlternateShell - cmd.exe

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2008-01-27 13:50:15 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT – [NTFS]

O32 - AutoRun File - [2009-10-18 19:04:56 | 00,000,063 | RHS- | M] () - C:\autorun.inf – [NTFS]

O32 - AutoRun File - [2009-10-18 19:04:57 | 00,000,063 | RHS- | M] () - D:\autorun.inf – [NTFS]

O32 - AutoRun File - [2009-10-18 19:04:57 | 00,000,063 | RHS- | M] () - E:\autorun.inf – [NTFS]

O32 - AutoRun File - [2009-10-18 19:04:57 | 00,000,063 | RHS- | M] () - G:\autorun.inf – [NTFS]

O32 - AutoRun File - [2009-10-18 19:04:57 | 00,000,063 | RHS- | M] () - H:\autorun.inf – [NTFS]

O33 - MountPoints2{3e8bebbc-4220-11de-999e-0050fca86301}\Shell - “” = AutoRun

O33 - MountPoints2{3e8bebbc-4220-11de-999e-0050fca86301}\Shell\AutoRun\command - “” = I:\AutoRun.exe – File not found

O33 - MountPoints2{3e8bebbd-4220-11de-999e-0050fca86301}\Shell - “” = AutoRun

O33 - MountPoints2{3e8bebbd-4220-11de-999e-0050fca86301}\Shell\AutoRun\command - “” = I:\AutoRun.exe – File not found

O33 - MountPoints2{4a527492-a79f-11de-8973-0050fca86301}\Shell - “” = AutoRun

O33 - MountPoints2{55990138-b890-11dd-97bc-806d6172696f}\Shell\AutoRun\command - “” = G:\se12ydam.exe – [2009-10-18 17:16:35 | 00,115,181 | RHS- | M] ()

O33 - MountPoints2{55990138-b890-11dd-97bc-806d6172696f}\Shell\open\Command - “” = G:\se12ydam.exe – [2009-10-18 17:16:35 | 00,115,181 | RHS- | M] ()

O33 - MountPoints2{55990139-b890-11dd-97bc-806d6172696f}\Shell\AutoRun\command - “” = H:\se12ydam.exe – [2009-10-18 17:16:35 | 00,115,181 | RHS- | M] ()

O33 - MountPoints2{55990139-b890-11dd-97bc-806d6172696f}\Shell\open\Command - “” = H:\se12ydam.exe – [2009-10-18 17:16:35 | 00,115,181 | RHS- | M] ()

O33 - MountPoints2{a2a8be90-ce7b-11dd-980b-0050fca86301}\Shell\AutoRun\command - “” = I:\vlvtdflx.exe – File not found

O33 - MountPoints2{a2a8be90-ce7b-11dd-980b-0050fca86301}\Shell\open\Command - “” = I:\vlvtdflx.exe – File not found

O33 - MountPoints2{c55a82da-421f-11de-999d-0050fca86301}\Shell - “” = AutoRun

O33 - MountPoints2{c55a82da-421f-11de-999d-0050fca86301}\Shell\AutoRun\command - “” = I:\AutoRun.exe – File not found

O33 - MountPoints2{eda16c93-ccd2-11dc-96f6-806d6172696f}\Shell\AutoRun\command - “” = D:\se12ydam.exe – [2009-10-18 17:16:35 | 00,115,181 | RHS- | M] ()

O33 - MountPoints2{eda16c93-ccd2-11dc-96f6-806d6172696f}\Shell\open\Command - “” = D:\se12ydam.exe – [2009-10-18 17:16:35 | 00,115,181 | RHS- | M] ()

O33 - MountPoints2{eda16c94-ccd2-11dc-96f6-806d6172696f}\Shell\AutoRun\command - “” = E:\se12ydam.exe – [2009-10-18 17:16:35 | 00,115,181 | RHS- | M] ()

O33 - MountPoints2{eda16c94-ccd2-11dc-96f6-806d6172696f}\Shell\open\Command - “” = E:\se12ydam.exe – [2009-10-18 17:16:35 | 00,115,181 | RHS- | M] ()

O33 - MountPoints2{eda16c96-ccd2-11dc-96f6-806d6172696f}\Shell\AutoRun\command - “” = C:\se12ydam.exe – [2009-10-18 17:16:35 | 00,115,181 | RHS- | M] ()

O33 - MountPoints2{eda16c96-ccd2-11dc-96f6-806d6172696f}\Shell\open\Command - “” = C:\se12ydam.exe – [2009-10-18 17:16:35 | 00,115,181 | RHS- | M] ()

O34 - HKLM BootExecute: (autocheck) - File not found

O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)

O34 - HKLM BootExecute: (*) - File not found

O35 - comfile [open] – “%1” %* File not found

O35 - exefile [open] – “%1” %* File not found

========== Files/Folders - Created Within 30 Days ==========

[1 C:\WINDOWS\System32*.tmp files]

[2009-09-22 05:44:12 | 00,000,000 | —D | C] – C:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\FaxCtr

[2009-10-03 21:21:57 | 00,000,000 | —D | C] – C:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\McAfee

[2009-10-03 21:01:09 | 00,000,000 | —D | C] – C:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\McAfee Security Scan

[2009-10-16 11:34:08 | 00,000,000 | —D | C] – C:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\Microsoft Help

[2009-10-03 20:59:52 | 00,000,000 | —D | C] – C:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\NOS

[2009-10-04 15:55:07 | 00,000,000 | —D | C] – C:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\Skype

[2009-10-12 20:33:10 | 00,000,000 | —D | C] – C:\Documents and Settings\grzecho\Dane aplikacji\ATI

[2009-10-04 15:58:57 | 00,000,000 | —D | C] – C:\Documents and Settings\grzecho\Dane aplikacji\skypePM

[2009-09-29 11:53:21 | 00,000,000 | —D | C] – C:\Documents and Settings\grzecho\Ustawienia lokalne\Dane aplikacji\Ares

[2009-10-12 20:33:10 | 00,000,000 | —D | C] – C:\Documents and Settings\grzecho\Ustawienia lokalne\Dane aplikacji\ATI

[2009-10-10 20:28:19 | 00,000,000 | —D | C] – C:\Documents and Settings\grzecho\Ustawienia lokalne\Dane aplikacji\eSupport.com

[2009-10-16 11:34:52 | 00,000,000 | —D | C] – C:\Documents and Settings\grzecho\Ustawienia lokalne\Dane aplikacji\Microsoft Help

[2009-10-16 11:39:34 | 00,000,000 | —D | C] – C:\Program Files\Common Files\ODBC

[2009-10-06 19:00:35 | 00,000,000 | —D | C] – C:\Program Files\Ares

[2009-10-18 17:18:22 | 00,000,000 | —D | C] – C:\Program Files\ATI Technologies

[2009-09-20 08:34:04 | 00,000,000 | —D | C] – C:\Program Files\AVS4YOU

[2009-09-22 05:41:48 | 00,000,000 | —D | C] – C:\Program Files\Lexmark 3500-4500 Series

[2009-10-16 11:41:32 | 00,000,000 | —D | C] – C:\Program Files\Microsoft Visual Studio

[2009-10-16 11:42:22 | 00,000,000 | —D | C] – C:\Program Files\Microsoft Works

[2009-10-16 11:39:34 | 00,000,000 | —D | C] – C:\Program Files\Microsoft.NET

[2009-09-30 17:49:10 | 00,000,000 | —D | C] – C:\Program Files\MSBuild

[2009-09-30 22:56:40 | 00,000,000 | —D | C] – C:\Program Files\NAPI-PROJEKT

[2009-09-30 17:48:55 | 00,000,000 | —D | C] – C:\Program Files\Reference Assemblies

[2009-10-18 08:56:20 | 00,000,000 | —D | C] – C:\ATI

[2009-10-17 18:34:01 | 00,032,768 | ---- | C] (ATI Technologies Inc.) – C:\WINDOWS\System32\dllcache\ativtmxx.dll

[2009-10-17 18:34:01 | 00,032,768 | ---- | C] (ATI Technologies Inc.) – C:\WINDOWS\System32\ativtmxx.dll

[2009-10-17 14:50:33 | 00,000,000 | —D | C] – C:\Documents and Settings\grzecho\Moje dokumenty\płyta

[2009-10-16 11:35:15 | 00,000,000 | —D | C] – C:\WINDOWS\SHELLNEW

[2009-10-10 20:27:35 | 00,000,000 | —D | C] – C:\Documents and Settings\grzecho\Moje dokumenty\bios

[2009-10-08 06:15:42 | 00,000,000 | —D | C] – C:\pulpit

[2009-09-30 22:56:42 | 00,892,928 | ---- | C] (Free Software Foundation) – C:\WINDOWS\System32\iconv.dll

[2009-09-30 17:49:17 | 00,000,000 | —D | C] – C:\WINDOWS\System32\XPSViewer

[2009-09-30 17:49:06 | 00,000,000 | —D | C] – C:\WINDOWS\System32\en-US

[2009-09-30 17:48:11 | 00,117,760 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\prntvpt.dll

[2009-09-30 17:48:11 | 00,089,088 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\dllcache\filterpipelineprintproc.dll

[2009-09-30 17:48:10 | 01,676,288 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\xpssvcs.dll

[2009-09-30 17:48:10 | 01,676,288 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\dllcache\xpssvcs.dll

[2009-09-30 17:48:10 | 00,597,504 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\dllcache\printfilterpipelinesvc.exe

[2009-09-30 17:48:10 | 00,575,488 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\xpsshhdr.dll

[2009-09-30 17:48:10 | 00,575,488 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\dllcache\xpsshhdr.dll

[2009-09-29 10:16:12 | 00,153,088 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\dllcache\triedit.dll

[2009-09-29 10:15:18 | 00,128,512 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\dllcache\dhtmled.ocx

[2009-09-29 10:14:54 | 01,315,328 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\dllcache\msoe.dll

[2009-09-29 10:12:04 | 00,000,000 | -H-D | C] – C:\WINDOWS$hf_mig$

[2009-09-29 10:11:09 | 00,512,000 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\dllcache\jscript.dll

[2009-09-29 08:46:09 | 00,015,429 | R— | C] ( ) – C:\WINDOWS\System32\drivers\Sacm2A.sys

[2009-09-22 05:42:04 | 00,503,808 | ---- | C] (Lexmark International, Inc.) – C:\WINDOWS\System32\lxdiutil.dll

[2009-09-22 05:42:04 | 00,356,352 | ---- | C] ( ) – C:\WINDOWS\System32\lxdiinpa.dll

[2009-09-22 05:42:04 | 00,339,968 | ---- | C] ( ) – C:\WINDOWS\System32\lxdiiesc.dll

[2009-09-22 05:42:04 | 00,311,296 | ---- | C] ( ) – C:\WINDOWS\System32\lxdihcp.dll

[2009-09-22 05:42:03 | 01,187,840 | ---- | C] ( ) – C:\WINDOWS\System32\lxdiserv.dll

[2009-09-22 05:42:03 | 00,942,080 | ---- | C] ( ) – C:\WINDOWS\System32\lxdiusb1.dll

[2009-09-22 05:42:03 | 00,053,248 | ---- | C] ( ) – C:\WINDOWS\System32\lxdiprox.dll

[2009-09-22 05:42:02 | 00,614,400 | ---- | C] ( ) – C:\WINDOWS\System32\lxdipmui.dll

[2009-09-22 05:42:02 | 00,532,480 | ---- | C] ( ) – C:\WINDOWS\System32\lxdilmpm.dll

[2009-09-22 05:42:02 | 00,147,456 | ---- | C] (Lexmark International, Inc.) – C:\WINDOWS\System32\lxdijswr.dll

[2009-09-22 05:42:02 | 00,053,248 | ---- | C] ( ) – C:\WINDOWS\System32\lxdipplc.dll

[2009-09-22 05:42:01 | 00,320,432 | ---- | C] ( ) – C:\WINDOWS\System32\lxdiih.exe

[2009-09-22 05:42:01 | 00,208,896 | ---- | C] (Lexmark International, Inc.) – C:\WINDOWS\System32\lxdiinsb.dll

[2009-09-22 05:42:01 | 00,176,128 | ---- | C] (Lexmark International, Inc.) – C:\WINDOWS\System32\lxdiins.dll

[2009-09-22 05:42:01 | 00,110,592 | ---- | C] (Lexmark International, Inc.) – C:\WINDOWS\System32\lxdiinsr.dll

[2009-09-22 05:42:00 | 00,671,744 | ---- | C] ( ) – C:\WINDOWS\System32\lxdihbn3.dll

[2009-09-22 05:41:59 | 00,983,121 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\lxdigf.dll

[2009-09-22 05:41:59 | 00,090,112 | ---- | C] (Lexmark International, Inc.) – C:\WINDOWS\System32\lxdicub.dll

[2009-09-22 05:41:59 | 00,036,864 | ---- | C] (Lexmark International, Inc.) – C:\WINDOWS\System32\lxdicur.dll

[2009-09-22 05:41:58 | 00,765,952 | ---- | C] ( ) – C:\WINDOWS\System32\lxdicomc.dll

[2009-09-22 05:41:58 | 00,517,040 | ---- | C] ( ) – C:\WINDOWS\System32\lxdicoms.exe

[2009-09-22 05:41:58 | 00,360,448 | ---- | C] ( ) – C:\WINDOWS\System32\lxdicomm.dll

[2009-09-22 05:41:58 | 00,077,824 | ---- | C] (Lexmark International, Inc.) – C:\WINDOWS\System32\lxdicu.dll

[2009-09-22 05:41:57 | 00,340,912 | ---- | C] ( ) – C:\WINDOWS\System32\lxdicfg.exe

[2009-09-22 05:41:57 | 00,077,906 | ---- | C] (Lexmark International) – C:\WINDOWS\System32\lxdicfg.dll

[2009-02-15 13:23:52 | 00,047,360 | ---- | C] (VSO Software) – C:\Documents and Settings\grzecho\Dane aplikacji\pcouffin.sys

========== Files - Modified Within 30 Days ==========

[1 C:\WINDOWS\System32*.tmp files]

[2009-10-18 19:07:29 | 00,000,063 | RHS- | M] () – C:\autorun.inf

[2009-10-18 18:28:12 | 00,000,542 | ---- | M] () – C:\Documents and Settings\grzecho\Pulpit\HijackThis.lnk

[2009-10-18 17:58:57 | 00,000,006 | -H-- | M] () – C:\WINDOWS\tasks\SA.DAT

[2009-10-18 17:58:45 | 00,002,048 | --S- | M] () – C:\WINDOWS\bootstat.dat

[2009-10-18 17:58:42 | 53,639,9872 | -HS- | M] () – C:\hiberfil.sys

[2009-10-18 17:23:09 | 04,287,018 | -H-- | M] () – C:\Documents and Settings\grzecho\Ustawienia lokalne\Dane aplikacji\IconCache.db

[2009-10-18 17:16:35 | 00,115,181 | RHS- | M] () – C:\se12ydam.exe

[2009-10-18 17:01:53 | 00,000,010 | ---- | M] () – C:\WINDOWS\WININIT.INI

[2009-10-18 09:04:40 | 00,078,912 | ---- | M] () – C:\Documents and Settings\grzecho\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT

[2009-10-17 18:42:27 | 00,000,552 | ---- | M] () – C:\WINDOWS\System32\d3d8caps.dat

[2009-10-17 15:13:22 | 00,115,618 | RHS- | M] () – C:\vlvtdflx.exe

[2009-10-17 15:13:22 | 00,115,618 | RHS- | M] () – C:\vb0hsoay.exe

[2009-10-17 15:12:38 | 00,022,528 | ---- | M] () – C:\Documents and Settings\grzecho\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2009-10-17 14:33:19 | 00,000,036 | ---- | M] () – C:\Documents and Settings\grzecho\Dane aplikacji\AVSDVDPlayer.m3u

[2009-10-16 22:40:47 | 00,033,304 | ---- | M] () – C:\Documents and Settings\grzecho\Moje dokumenty\LOGOKOLEJE.JPG

[2009-10-16 18:55:27 | 00,300,440 | ---- | M] () – C:\WINDOWS\System32\FNTCACHE.DAT

[2009-10-16 17:34:53 | 01,146,368 | ---- | M] () – C:\Documents and Settings\grzecho\Moje dokumenty\ankieta koleje.doc

[2009-10-16 17:08:50 | 00,354,304 | ---- | M] () – C:\Documents and Settings\grzecho\Moje dokumenty\ankieta koleje1.doc

[2009-10-16 11:35:45 | 00,000,628 | ---- | M] () – C:\WINDOWS\win.ini

[2009-10-15 14:47:27 | 01,019,680 | ---- | M] () – C:\Documents and Settings\grzecho\Moje dokumenty\ankieta koleje.odt

[2009-10-15 01:29:58 | 01,042,454 | ---- | M] () – C:\WINDOWS\System32\PerfStringBackup.INI

[2009-10-15 01:29:58 | 00,490,284 | ---- | M] () – C:\WINDOWS\System32\perfh015.dat

[2009-10-15 01:29:58 | 00,432,356 | ---- | M] () – C:\WINDOWS\System32\perfh009.dat

[2009-10-15 01:29:58 | 00,083,660 | ---- | M] () – C:\WINDOWS\System32\perfc015.dat

[2009-10-15 01:29:58 | 00,067,312 | ---- | M] () – C:\WINDOWS\System32\perfc009.dat

[2009-10-15 01:23:26 | 00,001,393 | ---- | M] () – C:\WINDOWS\imsins.BAK

[2009-10-10 20:13:33 | 00,000,227 | ---- | M] () – C:\WINDOWS\system.ini

[2009-10-08 06:25:27 | 00,000,380 | ---- | M] () – C:\Documents and Settings\grzecho\Pulpit\Skrót do pulpit.lnk

[2009-10-02 11:01:58 | 25,198,016 | ---- | M] (Microsoft Corporation) – C:\WINDOWS\System32\MRT.exe

[2009-09-29 10:09:06 | 00,002,645 | ---- | M] () – C:\WINDOWS\System32\CONFIG.NT

[2009-09-28 21:19:28 | 00,002,206 | ---- | M] () – C:\WINDOWS\System32\wpa.dbl

[2009-09-22 05:46:06 | 00,092,748 | ---- | M] () – C:\WINDOWS\System32\LexFiles.ulf

========== Files - No Company Name ==========

[2009-10-18 18:28:12 | 00,000,542 | ---- | C] () – C:\Documents and Settings\grzecho\Pulpit\HijackThis.lnk

[2009-10-18 17:24:22 | 53,639,9872 | -HS- | C] () – C:\hiberfil.sys

[2009-10-18 17:18:44 | 00,520,192 | ---- | C] () – C:\WINDOWS\System32\ati2sgag.exe

[2009-10-18 08:52:00 | 00,115,181 | RHS- | C] () – C:\se12ydam.exe

[2009-10-18 08:51:11 | 00,115,618 | RHS- | C] () – C:\vb0hsoay.exe

[2009-10-17 18:42:27 | 00,000,552 | ---- | C] () – C:\WINDOWS\System32\d3d8caps.dat

[2009-10-17 18:33:38 | 00,000,010 | ---- | C] () – C:\WINDOWS\WININIT.INI

[2009-10-17 15:12:56 | 00,115,618 | RHS- | C] () – C:\vlvtdflx.exe

[2009-10-17 15:12:56 | 00,000,063 | RHS- | C] () – C:\autorun.inf

[2009-10-16 22:40:47 | 00,033,304 | ---- | C] () – C:\Documents and Settings\grzecho\Moje dokumenty\LOGOKOLEJE.JPG

[2009-10-16 17:05:41 | 00,354,304 | ---- | C] () – C:\Documents and Settings\grzecho\Moje dokumenty\ankieta koleje1.doc

[2009-10-16 16:26:19 | 01,146,368 | ---- | C] () – C:\Documents and Settings\grzecho\Moje dokumenty\ankieta koleje.doc

[2009-10-15 14:44:35 | 01,019,680 | ---- | C] () – C:\Documents and Settings\grzecho\Moje dokumenty\ankieta koleje.odt

[2009-10-15 01:22:26 | 00,001,393 | ---- | C] () – C:\WINDOWS\imsins.BAK

[2009-10-08 06:25:27 | 00,000,380 | ---- | C] () – C:\Documents and Settings\grzecho\Pulpit\Skrót do pulpit.lnk

[2009-10-01 06:11:34 | 01,089,883 | ---- | C] () – C:\WINDOWS\System32\dllcache\ntprint.cat

[2009-09-30 22:56:42 | 00,675,840 | ---- | C] () – C:\WINDOWS\System32\ac3filter.ax

[2009-09-29 08:46:09 | 00,135,168 | R— | C] () – C:\WINDOWS\UNDPX2A.exe

[2009-09-29 08:46:09 | 00,053,693 | R— | C] () – C:\WINDOWS\UNDPX2A.sys

[2009-09-22 05:45:28 | 00,040,960 | ---- | C] () – C:\WINDOWS\System32\lxdivs.dll

[2009-09-22 05:45:22 | 00,344,064 | ---- | C] () – C:\WINDOWS\System32\lxdicoin.dll

[2009-09-22 05:44:36 | 00,065,536 | ---- | C] () – C:\WINDOWS\System32\lxdicaps.dll

[2009-09-22 05:44:35 | 00,692,224 | ---- | C] () – C:\WINDOWS\System32\lxdidrs.dll

[2009-09-22 05:44:35 | 00,069,632 | ---- | C] () – C:\WINDOWS\System32\lxdicnv4.dll

[2009-09-22 05:42:20 | 00,000,060 | -H-- | C] () – C:\WINDOWS\System32\lxdirwrd.ini

[2009-09-22 05:42:05 | 00,294,912 | ---- | C] () – C:\WINDOWS\System32\lxdiinst.dll

[2009-09-22 05:42:01 | 01,007,781 | ---- | C] () – C:\WINDOWS\System32\lxdihelp.chm

[2009-09-22 05:42:00 | 00,208,896 | ---- | C] () – C:\WINDOWS\System32\lxdigrd.dll

[2009-09-22 05:41:57 | 00,001,900 | ---- | C] () – C:\WINDOWS\System32\lxdi.loc

[2009-08-08 14:30:50 | 00,022,528 | ---- | C] () – C:\Documents and Settings\grzecho\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2009-07-01 08:50:06 | 00,045,056 | ---- | C] () – C:\WINDOWS\System32\LXF3PMON.DLL

[2009-07-01 08:50:06 | 00,032,768 | ---- | C] () – C:\WINDOWS\System32\LXF3FXPU.DLL

[2009-07-01 08:49:46 | 00,036,864 | ---- | C] () – C:\WINDOWS\System32\lxf3oem.dll

[2009-06-30 16:35:55 | 00,012,288 | ---- | C] () – C:\WINDOWS\System32\LXF3PMRC.DLL

[2009-06-29 21:12:06 | 00,000,394 | ---- | C] () – C:\WINDOWS\capture.ini

[2009-06-26 16:26:16 | 00,000,056 | RHS- | C] () – C:\WINDOWS\System32\DFC82E6B93.sys

[2009-06-26 16:25:53 | 00,001,890 | -HS- | C] () – C:\WINDOWS\System32\KGyGaAvL.sys

[2009-06-11 21:10:02 | 00,000,143 | ---- | C] () – C:\WINDOWS\ODBC.INI

[2009-05-22 19:21:35 | 00,303,104 | ---- | C] () – C:\WINDOWS\System32\FXStudioDLL.dll

[2009-05-22 19:21:34 | 00,235,532 | ---- | C] () – C:\WINDOWS\System32\loadimage.dll

[2009-05-22 19:21:34 | 00,126,976 | ---- | C] () – C:\WINDOWS\System32\NewWaveAnzeige.dll

[2009-05-22 19:21:34 | 00,077,824 | ---- | C] () – C:\WINDOWS\System32\eJ_Tool.dll

[2009-05-22 19:21:34 | 00,045,056 | ---- | C] () – C:\WINDOWS\System32\fader.dll

[2009-05-22 19:21:33 | 00,360,448 | ---- | C] () – C:\WINDOWS\System32\pxd32d5.dll

[2009-05-22 19:21:33 | 00,307,200 | ---- | C] () – C:\WINDOWS\System32\fxstudio.dll

[2009-05-22 19:21:33 | 00,282,624 | ---- | C] () – C:\WINDOWS\System32\Animation2.dll

[2009-05-22 19:21:33 | 00,075,976 | ---- | C] () – C:\WINDOWS\System32\Bassdec.dll

[2009-05-22 19:21:33 | 00,029,696 | ---- | C] () – C:\WINDOWS\System32\pthread.dll

[2009-04-06 22:45:36 | 00,000,107 | ---- | C] () – C:\WINDOWS\CDPLAYER.INI

[2009-03-22 07:19:12 | 00,036,864 | ---- | C] () – C:\WINDOWS\System32\CSDLGE1LIB.dll

[2009-02-21 21:19:59 | 00,000,058 | ---- | C] () – C:\Documents and Settings\grzecho\Dane aplikacji\AVSMediaPlayer.m3u

[2009-02-15 13:23:52 | 00,081,920 | ---- | C] () – C:\Documents and Settings\grzecho\Dane aplikacji\ezpinst.exe

[2009-02-15 13:23:52 | 00,007,176 | ---- | C] () – C:\Documents and Settings\grzecho\Dane aplikacji\pcouffin.cat

[2009-02-15 13:23:52 | 00,001,144 | ---- | C] () – C:\Documents and Settings\grzecho\Dane aplikacji\pcouffin.inf

[2008-12-27 15:34:42 | 00,000,000 | ---- | C] () – C:\WINDOWS\Brownie.ini

[2008-12-27 14:02:18 | 00,000,879 | ---- | C] () – C:\WINDOWS\BRWMARK.INI

[2008-12-27 14:02:18 | 00,000,030 | ---- | C] () – C:\WINDOWS\System32\brss01a.ini

[2008-12-27 14:02:18 | 00,000,027 | ---- | C] () – C:\WINDOWS\BRPP2KA.INI

[2008-10-25 09:21:59 | 00,000,036 | ---- | C] () – C:\Documents and Settings\grzecho\Dane aplikacji\AVSDVDPlayer.m3u

[2008-10-25 09:19:43 | 00,795,648 | ---- | C] () – C:\WINDOWS\System32\xvidcore.dll

[2008-10-25 09:19:43 | 00,139,264 | ---- | C] () – C:\WINDOWS\System32\xvidvfw.dll

[2008-10-02 08:41:58 | 00,003,343 | ---- | C] () – C:\WINDOWS\TVP3XDrv.ini

[2008-08-13 10:11:18 | 00,000,269 | ---- | C] () – C:\WINDOWS\LEXSTAT.INI

[2008-07-30 09:27:08 | 00,000,062 | -HS- | C] () – C:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\desktop.ini

[2008-07-30 08:07:38 | 04,287,018 | -H-- | C] () – C:\Documents and Settings\grzecho\Ustawienia lokalne\Dane aplikacji\IconCache.db

[2008-07-30 08:00:06 | 00,078,912 | ---- | C] () – C:\Documents and Settings\grzecho\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT

[2008-07-30 07:51:05 | 00,000,062 | -HS- | C] () – C:\Documents and Settings\grzecho\Dane aplikacji\desktop.ini

[2001-07-22 00:16:20 | 00,000,628 | ---- | C] () – C:\WINDOWS\win.ini

[2001-07-22 00:15:52 | 00,000,227 | ---- | C] () – C:\WINDOWS\system.ini

jessica · 18 Październik 2009 18:04

Tak, to jest na pewno infekcja z pena.

Uruchom OTL i w oknie Custom Scans/Fixes wklej to:

:OTL O2 - BHO: (Shareaza Web Download Hook) - {0EEDB912-C5FA-486F-8334-57288578C627} - C:\programy\bear mp3\BearShare MP3\Plugins\RazaWebHook.dll File not found O2 - BHO: (Lexmark Pasek narzędzi) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll File not found O2 - BHO: (Winamp Toolbar Loader) - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll File not found O3 - HKLM…\Toolbar: (Lexmark Pasek narzędzi) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll File not found O3 - HKLM…\Toolbar: (Winamp Toolbar) - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll File not found O3 - HKCU…\Toolbar\WebBrowser: (Lexmark Pasek narzędzi) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll File not found O4 - HKCU…\Run: [cdoosoft] C:\Documents and Settings\grzecho\Ustawienia lokalne\Temp\herss.exe () O32 - AutoRun File - [2009-10-18 19:04:56 | 00,000,063 | RHS- | M] () - C:\autorun.inf – [NTFS] O32 - AutoRun File - [2009-10-18 19:04:57 | 00,000,063 | RHS- | M] () - D:\autorun.inf – [NTFS] O32 - AutoRun File - [2009-10-18 19:04:57 | 00,000,063 | RHS- | M] () - E:\autorun.inf – [NTFS] O32 - AutoRun File - [2009-10-18 19:04:57 | 00,000,063 | RHS- | M] () - G:\autorun.inf – [NTFS] O32 - AutoRun File - [2009-10-18 19:04:57 | 00,000,063 | RHS- | M] () - H:\autorun.inf – [NTFS] O33 - MountPoints2{3e8bebbc-4220-11de-999e-0050fca86301}\Shell - “” = AutoRun O33 - MountPoints2{3e8bebbc-4220-11de-999e-0050fca86301}\Shell\AutoRun\command - “” = I:\AutoRun.exe – File not found O33 - MountPoints2{3e8bebbd-4220-11de-999e-0050fca86301}\Shell - “” = AutoRun O33 - MountPoints2{3e8bebbd-4220-11de-999e-0050fca86301}\Shell\AutoRun\command - “” = I:\AutoRun.exe – File not found O33 - MountPoints2{4a527492-a79f-11de-8973-0050fca86301}\Shell - “” = AutoRun O33 - MountPoints2{55990138-b890-11dd-97bc-806d6172696f}\Shell\AutoRun\command - “” = G:\se12ydam.exe – [2009-10-18 17:16:35 | 00,115,181 | RHS- | M] () O33 - MountPoints2{55990138-b890-11dd-97bc-806d6172696f}\Shell\open\Command - “” = G:\se12ydam.exe – [2009-10-18 17:16:35 | 00,115,181 | RHS- | M] () O33 - MountPoints2{55990139-b890-11dd-97bc-806d6172696f}\Shell\AutoRun\command - “” = H:\se12ydam.exe – [2009-10-18 17:16:35 | 00,115,181 | RHS- | M] () O33 - MountPoints2{55990139-b890-11dd-97bc-806d6172696f}\Shell\open\Command - “” = H:\se12ydam.exe – [2009-10-18 17:16:35 | 00,115,181 | RHS- | M] () O33 - MountPoints2{a2a8be90-ce7b-11dd-980b-0050fca86301}\Shell\AutoRun\command - “” = I:\vlvtdflx.exe – File not found O33 - MountPoints2{a2a8be90-ce7b-11dd-980b-0050fca86301}\Shell\open\Command - “” = I:\vlvtdflx.exe – File not found O33 - MountPoints2{c55a82da-421f-11de-999d-0050fca86301}\Shell - “” = AutoRun O33 - MountPoints2{c55a82da-421f-11de-999d-0050fca86301}\Shell\AutoRun\command - “” = I:\AutoRun.exe – File not found O33 - MountPoints2{eda16c93-ccd2-11dc-96f6-806d6172696f}\Shell\AutoRun\command - “” = D:\se12ydam.exe – [2009-10-18 17:16:35 | 00,115,181 | RHS- | M] () O33 - MountPoints2{eda16c93-ccd2-11dc-96f6-806d6172696f}\Shell\open\Command - “” = D:\se12ydam.exe – [2009-10-18 17:16:35 | 00,115,181 | RHS- | M] () O33 - MountPoints2{eda16c94-ccd2-11dc-96f6-806d6172696f}\Shell\AutoRun\command - “” = E:\se12ydam.exe – [2009-10-18 17:16:35 | 00,115,181 | RHS- | M] () O33 - MountPoints2{eda16c94-ccd2-11dc-96f6-806d6172696f}\Shell\open\Command - “” = E:\se12ydam.exe – [2009-10-18 17:16:35 | 00,115,181 | RHS- | M] () O33 - MountPoints2{eda16c96-ccd2-11dc-96f6-806d6172696f}\Shell\AutoRun\command - “” = C:\se12ydam.exe – [2009-10-18 17:16:35 | 00,115,181 | RHS- | M] () O33 - MountPoints2{eda16c96-ccd2-11dc-96f6-806d6172696f}\Shell\open\Command - “” = C:\se12ydam.exe – [2009-10-18 17:16:35 | 00,115,181 | RHS- | M] () :Files C:\vlvtdflx.exe C:\vb0hsoay.exe C:\se12ydam.exe D:\vb0hsoay.exe D:\vlvtdflx.exe D:\se12ydam.exe E:\vlvtdflx.exe E:\vb0hsoay.exe E:\se12ydam.exe G:\vb0hsoay.exe G:\vlvtdflx.exe G:\se12ydam.exe H:\vb0hsoay.exe H:\vlvtdflx.exe H:\se12ydam.exe :Reg [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced] “SuperHidden”=dword:00000001 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced] “Hidden”=dword:00000001 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced] “ShowSuperHidden”=dword:00000001 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL] “CheckedValue”=dword:00000001 [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\SuperHidden\Policy\DontShowSuperHidden] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\SuperHidden\Policy\DontShowSuperHidden] @="" :Commands [emptytemp] [Reboot]

Kliknij w Run Fix. Zatwierdź restart komputera.

Następnie uruchom OTL ponownie, tym razem wywołaj opcję Run Scan.

Pokaż nowy log OTL.txt oraz log z czyszczenia.

Logu nie dawaj do postu, lecz na “wklejto”.

jessi

dezerter75 · 18 Październik 2009 20:14

Zrobiłem co pisałaś. Przy 1 starcie koma pokazała się informacja" nie mogę znaleść pliku" dałem restart i normalnie się włączył. Podaję log z OTL. Może coś podpowiesz o wirusach lub keylogach. Sporo płacę przez neta, więc to dla mnie istotne, aby system był czysty.

– Dodane 18.10.2009 (N) 22:17 –

Log z OTL.

http://wklejto.pl/44756

jessica · 18 Październik 2009 21:16

Log jest czysty, lub prawie czysty. Możnaby jeszcze usunąć parę “rzeczy”, ale one nie stanowią wielkiego zagrożenia, więc tym razem im “odpuścimy”.

Ale jeśli jeszcze kiedyś będziesz miał jakąś infekcję, to przy okazji przydałoby się usunąć:

To nie ma dobrej opinii, zdarza się, że pomaga ściągać wirusy.

jessi

dezerter75 · 19 Październik 2009 06:57

Dziękuję za pomoc. Wszystko śmiga

– Dodane 24.10.2009 (So) 20:48 –

dezerter75 , jest dobrze?