ZeroAcces/Sirefef

MrSkacowany · 24 Września 2012

Użytkownik z forum pclab.pl, filutka78 wysłała mnie tu. Oto link do tematu.

Logi:

OTL.txt

Extras.txt

picasso · 24 Września 2012

Masz także uszkodzone ścieżki folderów powłoki, co skutkuje tym kuriozalnym odczyten w OTL:

Pokaż ukrytą zawartość

O4 - Startup: C:\Users\All Users\036DFF8500000402F1331E26F875F020 [2012-07-27 14:20:21 | 000,000,000 | ---D | M]

O4 - Startup: C:\Users\All Users\4Sync [2012-03-19 09:47:17 | 000,000,000 | ---D | M]

O4 - Startup: C:\Users\All Users\Adobe [2012-08-27 10:58:03 | 000,000,000 | ---D | M]

O4 - Startup: C:\Users\All Users\Application Data [2009-07-14 09:34:28 | 000,000,000 | -HSD | M]

O4 - Startup: C:\Users\All Users\ashampoo [2012-03-13 18:24:00 | 000,000,000 | ---D | M]

O4 - Startup: C:\Users\All Users\AutoUpdate [2012-03-19 21:06:14 | 000,000,000 | ---D | M]

O4 - Startup: C:\Users\All Users\Avanquest [2012-03-28 18:05:36 | 000,000,000 | ---D | M]

O4 - Startup: C:\Users\All Users\Babylon [2012-08-04 13:15:06 | 000,000,000 | ---D | M]

O4 - Startup: C:\Users\All Users\boost_interprocess [2012-09-01 14:14:09 | 000,000,000 | ---D | M]

O4 - Startup: C:\Users\All Users\BVRP Software [2012-03-28 18:04:22 | 000,000,000 | ---D | M]

O4 - Startup: C:\Users\All Users\Codemasters [2012-07-09 23:20:55 | 000,000,000 | ---D | M]

O4 - Startup: C:\Users\All Users\DAEMON Tools Lite [2012-02-07 14:17:21 | 000,000,000 | ---D | M]

O4 - Startup: C:\Users\All Users\Dane aplikacji [2012-01-19 21:06:28 | 000,000,000 | -HSD | M]

O4 - Startup: C:\Users\All Users\Desktop [2009-07-14 09:34:28 | 000,000,000 | -HSD | M]

O4 - Startup: C:\Users\All Users\Documents [2009-07-14 09:34:28 | 000,000,000 | -HSD | M]

O4 - Startup: C:\Users\All Users\Dokumenty [2012-01-19 21:06:28 | 000,000,000 | -HSD | M]

O4 - Startup: C:\Users\All Users\ESL Wire [2012-02-07 23:02:33 | 000,000,000 | ---D | M]

O4 - Startup: C:\Users\All Users\Favorites [2009-07-14 09:34:28 | 000,000,000 | -HSD | M]

O4 - Startup: C:\Users\All Users\GarenaMessenger [2012-08-04 21:00:08 | 000,000,000 | ---D | M]

O4 - Startup: C:\Users\All Users\GG [2012-08-20 12:18:19 | 000,000,000 | ---D | M]

O4 - Startup: C:\Users\All Users\Installations [2012-03-19 10:05:06 | 000,000,000 | ---D | M]

O4 - Startup: C:\Users\All Users\IObit [2012-08-19 13:08:55 | 000,000,000 | ---D | M]

O4 - Startup: C:\Users\All Users\LGMOBILEAX [2012-03-21 21:51:44 | 000,000,000 | ---D | M]

O4 - Startup: C:\Users\All Users\McAfee [2012-01-22 17:58:39 | 000,000,000 | ---D | M]

O4 - Startup: C:\Users\All Users\McAfee Security Scan [2012-02-03 23:02:25 | 000,000,000 | ---D | M]

O4 - Startup: C:\Users\All Users\Menu Start [2012-01-19 21:06:28 | 000,000,000 | -HSD | M]

O4 - Startup: C:\Users\All Users\Microsoft [2012-08-13 21:51:53 | 000,000,000 | --SD | M]

O4 - Startup: C:\Users\All Users\Mozilla [2012-03-17 22:02:05 | 000,000,000 | ---D | M]

O4 - Startup: C:\Users\All Users\NVIDIA [2012-08-19 17:48:45 | 000,000,000 | ---D | M]

O4 - Startup: C:\Users\All Users\NVIDIA Corporation [2012-01-19 21:10:56 | 000,000,000 | ---D | M]

O4 - Startup: C:\Users\All Users\OpenFM [2012-01-30 17:23:00 | 000,000,000 | ---D | M]

O4 - Startup: C:\Users\All Users\PC Suite [2012-03-19 10:07:42 | 000,000,000 | ---D | M]

O4 - Startup: C:\Users\All Users\PC Tools [2012-01-19 21:31:26 | 000,000,000 | ---D | M]

O4 - Startup: C:\Users\All Users\PMB Files [2012-08-19 14:27:49 | 000,000,000 | ---D | M]

O4 - Startup: C:\Users\All Users\Pulpit [2012-01-19 21:06:28 | 000,000,000 | -HSD | M]

O4 - Startup: C:\Users\All Users\Skype [2012-08-25 13:29:09 | 000,000,000 | ---D | M]

O4 - Startup: C:\Users\All Users\Sony [2012-03-28 18:52:18 | 000,000,000 | ---D | M]

O4 - Startup: C:\Users\All Users\Sony Ericsson [2012-03-28 18:02:41 | 000,000,000 | ---D | M]

O4 - Startup: C:\Users\All Users\Start Menu [2009-07-14 09:34:28 | 000,000,000 | -HSD | M]

O4 - Startup: C:\Users\All Users\Sun [2012-01-24 12:41:43 | 000,000,000 | ---D | M]

O4 - Startup: C:\Users\All Users\Szablony [2012-01-19 21:06:28 | 000,000,000 | -HSD | M]

O4 - Startup: C:\Users\All Users\TEMP [2012-09-07 13:19:28 | 000,000,000 | ---D | M]

O4 - Startup: C:\Users\All Users\Templates [2009-07-14 09:34:28 | 000,000,000 | -HSD | M]

O4 - Startup: C:\Users\All Users\Tunngle [2012-07-22 13:41:08 | 000,000,000 | ---D | M]

O4 - Startup: C:\Users\All Users\Ubisoft [2012-07-27 19:22:28 | 000,000,000 | ---D | M]

O4 - Startup: C:\Users\All Users\Ulubione [2012-01-19 21:06:28 | 000,000,000 | -HSD | M]

O4 - Startup: C:\Users\All Users\VPNDirect Limited [2012-08-17 12:51:41 | 000,000,000 | ---D | M]

O4 - Startup: C:\Users\All Users\Web Installer [2012-08-17 12:50:27 | 000,000,000 | ---D | M]

O4 - Startup: C:\Users\All Users\Winamp Toolbar [2012-02-08 03:20:43 | 000,000,000 | ---D | M]

O4 - Startup: C:\Users\All Users\WNR [2012-08-14 10:46:21 | 000,000,000 | ---D | M]

O4 - Startup: C:\Users\Default\AppData [2009-07-14 04:37:05 | 000,000,000 | -H-D | M]

O4 - Startup: C:\Users\Default\Application Data [2009-07-14 09:34:28 | 000,000,000 | -HSD | M]

O4 - Startup: C:\Users\Default\Cookies [2009-07-14 09:34:28 | 000,000,000 | -HSD | M]

O4 - Startup: C:\Users\Default\Dane aplikacji [2012-01-19 21:06:28 | 000,000,000 | -HSD | M]

O4 - Startup: C:\Users\Default\Desktop [2009-07-14 04:04:25 | 000,000,000 | R--D | M]

O4 - Startup: C:\Users\Default\Documents [2012-01-19 21:06:28 | 000,000,000 | R--D | M]

O4 - Startup: C:\Users\Default\Downloads [2009-07-14 04:04:25 | 000,000,000 | R--D | M]

O4 - Startup: C:\Users\Default\Favorites [2009-07-14 04:04:25 | 000,000,000 | R--D | M]

O4 - Startup: C:\Users\Default\Links [2009-07-14 04:04:25 | 000,000,000 | R--D | M]

O4 - Startup: C:\Users\Default\Local Settings [2009-07-14 09:34:28 | 000,000,000 | -HSD | M]

O4 - Startup: C:\Users\Default\Menu Start [2012-01-19 21:06:28 | 000,000,000 | -HSD | M]

O4 - Startup: C:\Users\Default\Moje dokumenty [2012-01-19 21:06:27 | 000,000,000 | -HSD | M]

O4 - Startup: C:\Users\Default\Music [2009-07-14 04:04:25 | 000,000,000 | R--D | M]

O4 - Startup: C:\Users\Default\My Documents [2009-07-14 09:34:28 | 000,000,000 | -HSD | M]

O4 - Startup: C:\Users\Default\NetHood [2009-07-14 09:34:28 | 000,000,000 | -HSD | M]

O4 - Startup: C:\Users\Default\NTUSER.DAT ()

O4 - Startup: C:\Users\Default\NTUSER.DAT.LOG ()

O4 - Startup: C:\Users\Default\NTUSER.DAT.LOG1 ()

O4 - Startup: C:\Users\Default\NTUSER.DAT.LOG2 ()

O4 - Startup: C:\Users\Default\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TM.blf ()

O4 - Startup: C:\Users\Default\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000001.regtrans-ms ()

O4 - Startup: C:\Users\Default\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000002.regtrans-ms ()

O4 - Startup: C:\Users\Default\Pictures [2009-07-14 04:04:25 | 000,000,000 | R--D | M]

O4 - Startup: C:\Users\Default\PrintHood [2009-07-14 09:34:28 | 000,000,000 | -HSD | M]

O4 - Startup: C:\Users\Default\Recent [2009-07-14 09:34:28 | 000,000,000 | -HSD | M]

O4 - Startup: C:\Users\Default\Saved Games [2009-07-14 04:04:25 | 000,000,000 | ---D | M]

O4 - Startup: C:\Users\Default\SendTo [2009-07-14 09:34:28 | 000,000,000 | -HSD | M]

O4 - Startup: C:\Users\Default\Start Menu [2009-07-14 09:34:28 | 000,000,000 | -HSD | M]

O4 - Startup: C:\Users\Default\Szablony [2012-01-19 21:06:28 | 000,000,000 | -HSD | M]

O4 - Startup: C:\Users\Default\Templates [2009-07-14 09:34:28 | 000,000,000 | -HSD | M]

O4 - Startup: C:\Users\Default\Ustawienia lokalne [2012-01-19 21:06:28 | 000,000,000 | -HSD | M]

O4 - Startup: C:\Users\Default\Videos [2009-07-14 04:04:25 | 000,000,000 | R--D | M]

O4 - Startup: C:\Users\Public\Desktop [2012-09-16 18:37:01 | 000,000,000 | RH-D | M]

O4 - Startup: C:\Users\Public\Documents [2012-07-22 13:37:03 | 000,000,000 | R--D | M]

O4 - Startup: C:\Users\Public\Downloads [2009-07-14 09:26:34 | 000,000,000 | R--D | M]

O4 - Startup: C:\Users\Public\Favorites [2009-07-14 04:04:25 | 000,000,000 | RH-D | M]

O4 - Startup: C:\Users\Public\Libraries [2009-07-14 09:26:34 | 000,000,000 | RH-D | M]

O4 - Startup: C:\Users\Public\Music [2009-07-14 09:26:34 | 000,000,000 | R--D | M]

O4 - Startup: C:\Users\Public\Pictures [2012-01-19 21:11:35 | 000,000,000 | R--D | M]

O4 - Startup: C:\Users\Public\Videos [2009-07-14 09:26:34 | 000,000,000 | R--D | M]

O4 - Startup: C:\Users\r\.gimp-2.6 [2012-08-28 10:33:38 | 000,000,000 | ---D | M]

O4 - Startup: C:\Users\r\.gimp-2.8 [2012-08-23 13:58:35 | 000,000,000 | ---D | M]

O4 - Startup: C:\Users\r\.minecraft [2012-09-15 12:03:30 | 000,000,000 | ---D | M]

O4 - Startup: C:\Users\r\.recently-used.xbel ()

O4 - Startup: C:\Users\r\.thumbnails [2012-02-23 17:15:49 | 000,000,000 | ---D | M]

O4 - Startup: C:\Users\r\AppData [2012-01-19 21:06:36 | 000,000,000 | -H-D | M]

O4 - Startup: C:\Users\r\Contacts [2012-08-19 17:50:42 | 000,000,000 | R--D | M]

O4 - Startup: C:\Users\r\Cookies [2012-01-19 21:06:36 | 000,000,000 | -HSD | M]

O4 - Startup: C:\Users\r\Dane aplikacji [2012-01-19 21:06:36 | 000,000,000 | -HSD | M]

O4 - Startup: C:\Users\r\Desktop [2012-09-15 19:28:02 | 000,000,000 | R--D | M]

O4 - Startup: C:\Users\r\Documents [2012-09-03 14:30:12 | 000,000,000 | R--D | M]

O4 - Startup: C:\Users\r\Downloads [2012-09-21 22:26:43 | 000,000,000 | R--D | M]

O4 - Startup: C:\Users\r\Favorites [2012-08-20 12:20:50 | 000,000,000 | R--D | M]

O4 - Startup: C:\Users\r\GG dysk [2012-08-20 12:21:21 | 000,000,000 | --SD | M]

O4 - Startup: C:\Users\r\Links [2012-08-19 17:50:56 | 000,000,000 | R--D | M]

O4 - Startup: C:\Users\r\Local Settings [2012-05-31 13:49:06 | 000,000,000 | ---D | M]

O4 - Startup: C:\Users\r\LocalLow [2012-03-19 09:47:22 | 000,000,000 | ---D | M]

O4 - Startup: C:\Users\r\Menu Start [2012-01-19 21:06:36 | 000,000,000 | -HSD | M]

O4 - Startup: C:\Users\r\Moje dokumenty [2012-01-19 21:06:36 | 000,000,000 | -HSD | M]

O4 - Startup: C:\Users\r\Music [2012-08-19 17:50:42 | 000,000,000 | R--D | M]

O4 - Startup: C:\Users\r\NetHood [2012-01-19 21:06:36 | 000,000,000 | -HSD | M]

O4 - Startup: C:\Users\r\ntuser.dat ()

O4 - Startup: C:\Users\r\ntuser.dat.LOG1 ()

O4 - Startup: C:\Users\r\ntuser.dat.LOG2 ()

O4 - Startup: C:\Users\r\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TM.blf ()

O4 - Startup: C:\Users\r\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000001.regtrans-ms ()

O4 - Startup: C:\Users\r\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000002.regtrans-ms ()

O4 - Startup: C:\Users\r\ntuser.dat{a49b89fc-45b8-11e1-9ea2-406186fbc8f5}.TM.blf ()

O4 - Startup: C:\Users\r\ntuser.dat{a49b89fc-45b8-11e1-9ea2-406186fbc8f5}.TMContainer00000000000000000001.regtrans-ms ()

O4 - Startup: C:\Users\r\ntuser.dat{a49b89fc-45b8-11e1-9ea2-406186fbc8f5}.TMContainer00000000000000000002.regtrans-ms ()

O4 - Startup: C:\Users\r\ntuser.dat{c2add0e6-4ea8-11e1-b536-406186fbc8f5}.TM.blf ()

O4 - Startup: C:\Users\r\ntuser.dat{c2add0e6-4ea8-11e1-b536-406186fbc8f5}.TMContainer00000000000000000001.regtrans-ms ()

O4 - Startup: C:\Users\r\ntuser.dat{c2add0e6-4ea8-11e1-b536-406186fbc8f5}.TMContainer00000000000000000002.regtrans-ms ()

O4 - Startup: C:\Users\r\ntuser.dat{f882aaa8-44e1-11e1-8e3a-406186fbc8f5}.TM.blf ()

O4 - Startup: C:\Users\r\ntuser.dat{f882aaa8-44e1-11e1-8e3a-406186fbc8f5}.TMContainer00000000000000000001.regtrans-ms ()

O4 - Startup: C:\Users\r\ntuser.dat{f882aaa8-44e1-11e1-8e3a-406186fbc8f5}.TMContainer00000000000000000002.regtrans-ms ()

O4 - Startup: C:\Users\r\ntuser.ini ()

O4 - Startup: C:\Users\r\Pictures [2012-08-19 17:50:42 | 000,000,000 | R--D | M]

O4 - Startup: C:\Users\r\PrintHood [2012-01-19 21:06:36 | 000,000,000 | -HSD | M]

O4 - Startup: C:\Users\r\Recent [2012-01-19 21:06:36 | 000,000,000 | -HSD | M]

O4 - Startup: C:\Users\r\Saved Games [2012-08-19 17:50:56 | 000,000,000 | R--D | M]

O4 - Startup: C:\Users\r\Searches [2012-08-19 17:50:51 | 000,000,000 | R--D | M]

O4 - Startup: C:\Users\r\SendTo [2012-01-19 21:06:36 | 000,000,000 | -HSD | M]

O4 - Startup: C:\Users\r\Start Menu [2012-01-22 12:48:09 | 000,000,000 | ---D | M]

O4 - Startup: C:\Users\r\SystemRequirementsLab [2012-02-05 16:01:36 | 000,000,000 | ---D | M]

O4 - Startup: C:\Users\r\Szablony [2012-01-19 21:06:36 | 000,000,000 | -HSD | M]

O4 - Startup: C:\Users\r\temp [2012-07-04 15:14:28 | 000,000,000 | ---D | M]

O4 - Startup: C:\Users\r\Ustawienia lokalne [2012-01-19 21:06:36 | 000,000,000 | -HSD | M]

O4 - Startup: C:\Users\r\Videos [2012-08-19 17:50:42 | 000,000,000 | R--D | M]

O4 - Startup: C:\Users\UpdatusUser\AppData [2012-06-08 19:06:13 | 000,000,000 | -H-D | M]

O4 - Startup: C:\Users\UpdatusUser\Contacts [2012-06-08 19:06:15 | 000,000,000 | ---D | M]

O4 - Startup: C:\Users\UpdatusUser\Cookies [2012-06-08 19:06:13 | 000,000,000 | -HSD | M]

O4 - Startup: C:\Users\UpdatusUser\Dane aplikacji [2012-06-08 19:06:13 | 000,000,000 | -HSD | M]

O4 - Startup: C:\Users\UpdatusUser\Desktop [2012-07-05 11:07:25 | 000,000,000 | R--D | M]

O4 - Startup: C:\Users\UpdatusUser\Documents [2012-06-08 19:06:13 | 000,000,000 | R--D | M]

O4 - Startup: C:\Users\UpdatusUser\Downloads [2009-07-14 04:04:25 | 000,000,000 | R--D | M]

O4 - Startup: C:\Users\UpdatusUser\Favorites [2009-07-14 04:04:25 | 000,000,000 | R--D | M]

O4 - Startup: C:\Users\UpdatusUser\Links [2009-07-14 04:04:25 | 000,000,000 | R--D | M]

O4 - Startup: C:\Users\UpdatusUser\Menu Start [2012-06-08 19:06:13 | 000,000,000 | -HSD | M]

O4 - Startup: C:\Users\UpdatusUser\Moje dokumenty [2012-06-08 19:06:13 | 000,000,000 | -HSD | M]

O4 - Startup: C:\Users\UpdatusUser\Music [2009-07-14 04:04:25 | 000,000,000 | R--D | M]

O4 - Startup: C:\Users\UpdatusUser\NetHood [2012-06-08 19:06:13 | 000,000,000 | -HSD | M]

O4 - Startup: C:\Users\UpdatusUser\NTUSER.DAT ()

O4 - Startup: C:\Users\UpdatusUser\ntuser.dat.LOG1 ()

O4 - Startup: C:\Users\UpdatusUser\ntuser.dat.LOG2 ()

O4 - Startup: C:\Users\UpdatusUser\NTUSER.DAT{0327c9af-ca74-11e1-b6cd-406186fbc8f5}.TM.blf ()

O4 - Startup: C:\Users\UpdatusUser\NTUSER.DAT{0327c9af-ca74-11e1-b6cd-406186fbc8f5}.TMContainer00000000000000000001.regtrans-ms ()

O4 - Startup: C:\Users\UpdatusUser\NTUSER.DAT{0327c9af-ca74-11e1-b6cd-406186fbc8f5}.TMContainer00000000000000000002.regtrans-ms ()

O4 - Startup: C:\Users\UpdatusUser\NTUSER.DAT{050f2965-eaf4-11e1-a64f-406186fbc8f5}.TM.blf ()

O4 - Startup: C:\Users\UpdatusUser\NTUSER.DAT{050f2965-eaf4-11e1-a64f-406186fbc8f5}.TMContainer00000000000000000001.regtrans-ms ()

O4 - Startup: C:\Users\UpdatusUser\NTUSER.DAT{050f2965-eaf4-11e1-a64f-406186fbc8f5}.TMContainer00000000000000000002.regtrans-ms ()

O4 - Startup: C:\Users\UpdatusUser\NTUSER.DAT{108d89fa-ea14-11e1-a4e0-806e6f6e6963}.TM.blf ()

O4 - Startup: C:\Users\UpdatusUser\NTUSER.DAT{108d89fa-ea14-11e1-a4e0-806e6f6e6963}.TMContainer00000000000000000001.regtrans-ms ()

O4 - Startup: C:\Users\UpdatusUser\NTUSER.DAT{108d89fa-ea14-11e1-a4e0-806e6f6e6963}.TMContainer00000000000000000002.regtrans-ms ()

O4 - Startup: C:\Users\UpdatusUser\NTUSER.DAT{1aa49bde-ba3c-11e1-a44e-406186fbc8f5}.TM.blf ()

O4 - Startup: C:\Users\UpdatusUser\NTUSER.DAT{1aa49bde-ba3c-11e1-a44e-406186fbc8f5}.TMContainer00000000000000000001.regtrans-ms ()

O4 - Startup: C:\Users\UpdatusUser\NTUSER.DAT{1aa49bde-ba3c-11e1-a44e-406186fbc8f5}.TMContainer00000000000000000002.regtrans-ms ()

O4 - Startup: C:\Users\UpdatusUser\NTUSER.DAT{340f6ff6-e864-11e1-8334-406186fbc8f5}.TM.blf ()

O4 - Startup: C:\Users\UpdatusUser\NTUSER.DAT{340f6ff6-e864-11e1-8334-406186fbc8f5}.TMContainer00000000000000000001.regtrans-ms ()

O4 - Startup: C:\Users\UpdatusUser\NTUSER.DAT{340f6ff6-e864-11e1-8334-406186fbc8f5}.TMContainer00000000000000000002.regtrans-ms ()

O4 - Startup: C:\Users\UpdatusUser\NTUSER.DAT{57e4d0d4-ff3a-11e1-8761-406186fbc8f5}.TM.blf ()

O4 - Startup: C:\Users\UpdatusUser\NTUSER.DAT{57e4d0d4-ff3a-11e1-8761-406186fbc8f5}.TMContainer00000000000000000001.regtrans-ms ()

O4 - Startup: C:\Users\UpdatusUser\NTUSER.DAT{57e4d0d4-ff3a-11e1-8761-406186fbc8f5}.TMContainer00000000000000000002.regtrans-ms ()

O4 - Startup: C:\Users\UpdatusUser\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TM.blf ()

O4 - Startup: C:\Users\UpdatusUser\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000001.regtrans-ms ()

O4 - Startup: C:\Users\UpdatusUser\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000002.regtrans-ms ()

O4 - Startup: C:\Users\UpdatusUser\NTUSER.DAT{9ec2bae7-d41a-11e1-a92d-406186fbc8f5}.TM.blf ()

O4 - Startup: C:\Users\UpdatusUser\NTUSER.DAT{9ec2bae7-d41a-11e1-a92d-406186fbc8f5}.TMContainer00000000000000000001.regtrans-ms ()

O4 - Startup: C:\Users\UpdatusUser\NTUSER.DAT{9ec2bae7-d41a-11e1-a92d-406186fbc8f5}.TMContainer00000000000000000002.regtrans-ms ()

O4 - Startup: C:\Users\UpdatusUser\NTUSER.DAT{c61b2254-bb08-11e1-8498-406186fbc8f5}.TM.blf ()

O4 - Startup: C:\Users\UpdatusUser\NTUSER.DAT{c61b2254-bb08-11e1-8498-406186fbc8f5}.TMContainer00000000000000000001.regtrans-ms ()

O4 - Startup: C:\Users\UpdatusUser\NTUSER.DAT{c61b2254-bb08-11e1-8498-406186fbc8f5}.TMContainer00000000000000000002.regtrans-ms ()

O4 - Startup: C:\Users\UpdatusUser\NTUSER.DAT{d008ba37-f05a-11e1-82ac-406186fbc8f5}.TM.blf ()

O4 - Startup: C:\Users\UpdatusUser\NTUSER.DAT{d008ba37-f05a-11e1-82ac-406186fbc8f5}.TMContainer00000000000000000001.regtrans-ms ()

O4 - Startup: C:\Users\UpdatusUser\NTUSER.DAT{d008ba37-f05a-11e1-82ac-406186fbc8f5}.TMContainer00000000000000000002.regtrans-ms ()

O4 - Startup: C:\Users\UpdatusUser\NTUSER.DAT{e7385bd8-bc4b-11e1-a09e-406186fbc8f5}.TM.blf ()

O4 - Startup: C:\Users\UpdatusUser\NTUSER.DAT{e7385bd8-bc4b-11e1-a09e-406186fbc8f5}.TMContainer00000000000000000001.regtrans-ms ()

O4 - Startup: C:\Users\UpdatusUser\NTUSER.DAT{e7385bd8-bc4b-11e1-a09e-406186fbc8f5}.TMContainer00000000000000000002.regtrans-ms ()

O4 - Startup: C:\Users\UpdatusUser\ntuser.ini ()

O4 - Startup: C:\Users\UpdatusUser\Pictures [2009-07-14 04:04:25 | 000,000,000 | R--D | M]

O4 - Startup: C:\Users\UpdatusUser\PrintHood [2012-06-08 19:06:13 | 000,000,000 | -HSD | M]

O4 - Startup: C:\Users\UpdatusUser\Recent [2012-06-08 19:06:13 | 000,000,000 | -HSD | M]

O4 - Startup: C:\Users\UpdatusUser\Saved Games [2009-07-14 04:04:25 | 000,000,000 | ---D | M]

O4 - Startup: C:\Users\UpdatusUser\Searches [2012-06-08 19:06:15 | 000,000,000 | ---D | M]

O4 - Startup: C:\Users\UpdatusUser\SendTo [2012-06-08 19:06:13 | 000,000,000 | -HSD | M]

O4 - Startup: C:\Users\UpdatusUser\Szablony [2012-06-08 19:06:13 | 000,000,000 | -HSD | M]

O4 - Startup: C:\Users\UpdatusUser\Ustawienia lokalne [2012-06-08 19:06:13 | 000,000,000 | -HSD | M]

O4 - Startup: C:\Users\UpdatusUser\Videos [2009-07-14 04:04:25 | 000,000,000 | R--D | M]

Wymagane podatkowe skany pod kątem powyższego oraz ZeroAccess:

1. Uruchom SystemLook i w oknie wklej:

:reg
HKEY_CURRENT_USER\Software\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1} /s
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1} /s
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders
 
:filefind
services.exe

Klik w Look.

2. Zrób log z Farbar Service Scanner.

.

MrSkacowany · 24 Września 2012

1. SystemLook.txt

2. FSS.txt

picasso · 24 Września 2012

Infekcja ZeroAccess w wariancie infekujących plik systemowy services.exe.

1. Start > w polu szukania wpisz cmd > z prawokliku Uruchom jako Administrator > wklej komendę:

sfc /scanfile=C:\Windows\system32\services.exe

Konieczny restart komputera, by dokończyć leczenie pliku.

2. Start > w polu szukania wpisz cmd > z prawokliku Uruchom jako Administrator > wklej komendę:

netsh winsock reset

Również konieczny restart komputera, by sfinalizować reset Winsock.

3. Uruchom OTL i w sekcji Własne opcje skanowania / skrypt wklej:

:Files
C:\Windows\assembly\GAC\Desktop.ini
C:\Windows\Installer\{9de99c34-a768-9581-bcc1-de4352db1b94}
C:\Users\r\AppData\Local\{9de99c34-a768-9581-bcc1-de4352db1b94}
C:\Users\All Users\036DFF8500000402F1331E26F875F020
C:\Users\All Users\Babylon
C:\Program Files\Mozilla Firefox\extensions\ffxtlbr@babylon.com
C:\Program Files\mozilla firefox\searchplugins\babylon.xml
C:\user.js
 
:OTL
F3 - HKU\S-1-5-21-2741791824-338667453-693480273-1000 WinNT: Load - (C:\Users\r\LOCALS~1\Temp\msvveu.cmd) - C:\Users\r\Local Settings\Temp\msvveu.cmd (UKo7rtWAYU Y8Kw GAqVJgg4)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (GGSAFERDriver)
 
 
:Commands
[emptytemp]

Adnotacja dla innych czytających: skrypt unikatowy - dopasowany tylko i wyłącznie pod ten system, proszę nie stosować na swoich systemach.

Klik w Wykonaj skrypt. System zostanie zrestartowany.

4. Przez Panel sterowania odinstaluj adware Winamp Toolbar, Download Updater (AOL LLC), Ashampoo PO Toolbar.

5. Rekonstrukcja usług Centrum zabezpieczeń, Windows Defender i Windows Update oraz korekta folderów powłoki. Otwórz Notatnik i wklej w nim:

Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]

"!Do not use this registry key"="Use the SHGetFolderPath or SHGetKnownFolderPath function instead"

"AppData"="C:\\Users\\r\\AppData\\Roaming"

"Local AppData"="C:\\Users\\r\\AppData\\Local"

"My Video"="C:\\Users\\r\\Videos"

"{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}"="C:\\Users\\r\\AppData\\Roaming\\Microsoft\\Windows\\Libraries"

"My Pictures"="C:\\Users\\r\\Pictures"

"Desktop"="C:\\Users\\r\\Desktop"

"History"="C:\\Users\\r\\AppData\\Local\\Microsoft\\Windows\\History"

"NetHood"="C:\\Users\\r\\AppData\\Roaming\\Microsoft\\Windows\\Network Shortcuts"

"{56784854-C6CB-462B-8169-88E350ACB882}"="C:\\Users\\r\\Contacts"

"Cookies"="C:\\Users\\r\\AppData\\Roaming\\Microsoft\\Windows\\Cookies"

"Favorites"="C:\\Users\\r\\Favorites"

"SendTo"="C:\\Users\\r\\AppData\\Roaming\\Microsoft\\Windows\\SendTo"

"Start Menu"="C:\\Users\\r\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu"

"My Music"="C:\\Users\\r\\Music"

"Programs"="C:\\Users\\r\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs"

"Recent"="C:\\Users\\r\\AppData\\Roaming\\Microsoft\\Windows\\Recent"

"CD Burning"="C:\\Users\\r\\AppData\\Local\\Microsoft\\Windows\\Burn\\Burn"

"PrintHood"="C:\\Users\\r\\AppData\\Roaming\\Microsoft\\Windows\\Printer Shortcuts"

"{7D1D3A04-DEBB-4115-95CF-2F29DA2920DA}"="C:\\Users\\r\\Searches"

"{374DE290-123F-4565-9164-39C4925E467B}"="C:\\Users\\r\\Downloads"

"{A520A1A4-1780-4FF6-BD18-167343C5AF16}"="C:\\Users\\r\\AppData\\LocalLow"

"Startup"="C:\\Users\\r\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup"

"Administrative Tools"="C:\\Users\\r\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Administrative Tools"

"Personal"="C:\\Users\\r\\Documents"

"{BFB9D5E0-C6A9-404C-B2B2-AE6DB6AF4968}"="C:\\Users\\r\\Links"

"Cache"="C:\\Users\\r\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files"

"Templates"="C:\\Users\\r\\AppData\\Roaming\\Microsoft\\Windows\\Templates"

"{4C5C32FF-BB9D-43B0-B5B4-2D72E54EAAA4}"="C:\\Users\\r\\Saved Games"

"Fonts"="C:\\Windows\\Fonts"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders]

"AppData"=hex(2):25,00,55,00,53,00,45,00,52,00,50,00,52,00,4f,00,46,00,49,00,\

4c,00,45,00,25,00,5c,00,41,00,70,00,70,00,44,00,61,00,74,00,61,00,5c,00,52,\

00,6f,00,61,00,6d,00,69,00,6e,00,67,00,00,00

"Cache"=hex(2):25,00,55,00,53,00,45,00,52,00,50,00,52,00,4f,00,46,00,49,00,4c,\

00,45,00,25,00,5c,00,41,00,70,00,70,00,44,00,61,00,74,00,61,00,5c,00,4c,00,\

6f,00,63,00,61,00,6c,00,5c,00,4d,00,69,00,63,00,72,00,6f,00,73,00,6f,00,66,\

00,74,00,5c,00,57,00,69,00,6e,00,64,00,6f,00,77,00,73,00,5c,00,54,00,65,00,\

6d,00,70,00,6f,00,72,00,61,00,72,00,79,00,20,00,49,00,6e,00,74,00,65,00,72,\

00,6e,00,65,00,74,00,20,00,46,00,69,00,6c,00,65,00,73,00,00,00

"Cookies"=hex(2):25,00,55,00,53,00,45,00,52,00,50,00,52,00,4f,00,46,00,49,00,\

4c,00,45,00,25,00,5c,00,41,00,70,00,70,00,44,00,61,00,74,00,61,00,5c,00,52,\

00,6f,00,61,00,6d,00,69,00,6e,00,67,00,5c,00,4d,00,69,00,63,00,72,00,6f,00,\

73,00,6f,00,66,00,74,00,5c,00,57,00,69,00,6e,00,64,00,6f,00,77,00,73,00,5c,\

00,43,00,6f,00,6f,00,6b,00,69,00,65,00,73,00,00,00

"Desktop"=hex(2):25,00,55,00,53,00,45,00,52,00,50,00,52,00,4f,00,46,00,49,00,\

4c,00,45,00,25,00,5c,00,44,00,65,00,73,00,6b,00,74,00,6f,00,70,00,00,00

"Favorites"=hex(2):25,00,55,00,53,00,45,00,52,00,50,00,52,00,4f,00,46,00,49,00,\

4c,00,45,00,25,00,5c,00,46,00,61,00,76,00,6f,00,72,00,69,00,74,00,65,00,73,\

00,00,00

"History"=hex(2):25,00,55,00,53,00,45,00,52,00,50,00,52,00,4f,00,46,00,49,00,\

4c,00,45,00,25,00,5c,00,41,00,70,00,70,00,44,00,61,00,74,00,61,00,5c,00,4c,\

00,6f,00,63,00,61,00,6c,00,5c,00,4d,00,69,00,63,00,72,00,6f,00,73,00,6f,00,\

66,00,74,00,5c,00,57,00,69,00,6e,00,64,00,6f,00,77,00,73,00,5c,00,48,00,69,\

00,73,00,74,00,6f,00,72,00,79,00,00,00

"Local AppData"=hex(2):25,00,55,00,53,00,45,00,52,00,50,00,52,00,4f,00,46,00,\

49,00,4c,00,45,00,25,00,5c,00,41,00,70,00,70,00,44,00,61,00,74,00,61,00,5c,\

00,4c,00,6f,00,63,00,61,00,6c,00,00,00

"My Music"=hex(2):25,00,55,00,53,00,45,00,52,00,50,00,52,00,4f,00,46,00,49,00,\

4c,00,45,00,25,00,5c,00,4d,00,75,00,73,00,69,00,63,00,00,00

"My Pictures"=hex(2):25,00,55,00,53,00,45,00,52,00,50,00,52,00,4f,00,46,00,49,\

00,4c,00,45,00,25,00,5c,00,50,00,69,00,63,00,74,00,75,00,72,00,65,00,73,00,\

00,00

"My Video"=hex(2):25,00,55,00,53,00,45,00,52,00,50,00,52,00,4f,00,46,00,49,00,\

4c,00,45,00,25,00,5c,00,56,00,69,00,64,00,65,00,6f,00,73,00,00,00

"NetHood"=hex(2):25,00,55,00,53,00,45,00,52,00,50,00,52,00,4f,00,46,00,49,00,\

4c,00,45,00,25,00,5c,00,41,00,70,00,70,00,44,00,61,00,74,00,61,00,5c,00,52,\

00,6f,00,61,00,6d,00,69,00,6e,00,67,00,5c,00,4d,00,69,00,63,00,72,00,6f,00,\

73,00,6f,00,66,00,74,00,5c,00,57,00,69,00,6e,00,64,00,6f,00,77,00,73,00,5c,\

00,4e,00,65,00,74,00,77,00,6f,00,72,00,6b,00,20,00,53,00,68,00,6f,00,72,00,\

74,00,63,00,75,00,74,00,73,00,00,00

"Personal"=hex(2):25,00,55,00,53,00,45,00,52,00,50,00,52,00,4f,00,46,00,49,00,\

4c,00,45,00,25,00,5c,00,44,00,6f,00,63,00,75,00,6d,00,65,00,6e,00,74,00,73,\

00,00,00

"Programs"=hex(2):25,00,55,00,53,00,45,00,52,00,50,00,52,00,4f,00,46,00,49,00,\

4c,00,45,00,25,00,5c,00,41,00,70,00,70,00,44,00,61,00,74,00,61,00,5c,00,52,\

00,6f,00,61,00,6d,00,69,00,6e,00,67,00,5c,00,4d,00,69,00,63,00,72,00,6f,00,\

73,00,6f,00,66,00,74,00,5c,00,57,00,69,00,6e,00,64,00,6f,00,77,00,73,00,5c,\

00,53,00,74,00,61,00,72,00,74,00,20,00,4d,00,65,00,6e,00,75,00,5c,00,50,00,\

72,00,6f,00,67,00,72,00,61,00,6d,00,73,00,00,00

"Recent"=hex(2):25,00,55,00,53,00,45,00,52,00,50,00,52,00,4f,00,46,00,49,00,4c,\

00,45,00,25,00,5c,00,41,00,70,00,70,00,44,00,61,00,74,00,61,00,5c,00,52,00,\

6f,00,61,00,6d,00,69,00,6e,00,67,00,5c,00,4d,00,69,00,63,00,72,00,6f,00,73,\

00,6f,00,66,00,74,00,5c,00,57,00,69,00,6e,00,64,00,6f,00,77,00,73,00,5c,00,\

52,00,65,00,63,00,65,00,6e,00,74,00,00,00

"SendTo"=hex(2):25,00,55,00,53,00,45,00,52,00,50,00,52,00,4f,00,46,00,49,00,4c,\

00,45,00,25,00,5c,00,41,00,70,00,70,00,44,00,61,00,74,00,61,00,5c,00,52,00,\

6f,00,61,00,6d,00,69,00,6e,00,67,00,5c,00,4d,00,69,00,63,00,72,00,6f,00,73,\

00,6f,00,66,00,74,00,5c,00,57,00,69,00,6e,00,64,00,6f,00,77,00,73,00,5c,00,\

53,00,65,00,6e,00,64,00,54,00,6f,00,00,00

"Startup"=hex(2):25,00,55,00,53,00,45,00,52,00,50,00,52,00,4f,00,46,00,49,00,\

4c,00,45,00,25,00,5c,00,41,00,70,00,70,00,44,00,61,00,74,00,61,00,5c,00,52,\

00,6f,00,61,00,6d,00,69,00,6e,00,67,00,5c,00,4d,00,69,00,63,00,72,00,6f,00,\

73,00,6f,00,66,00,74,00,5c,00,57,00,69,00,6e,00,64,00,6f,00,77,00,73,00,5c,\

00,53,00,74,00,61,00,72,00,74,00,20,00,4d,00,65,00,6e,00,75,00,5c,00,50,00,\

72,00,6f,00,67,00,72,00,61,00,6d,00,73,00,5c,00,53,00,74,00,61,00,72,00,74,\

00,75,00,70,00,00,00

"Start Menu"=hex(2):25,00,55,00,53,00,45,00,52,00,50,00,52,00,4f,00,46,00,49,\

00,4c,00,45,00,25,00,5c,00,41,00,70,00,70,00,44,00,61,00,74,00,61,00,5c,00,\

52,00,6f,00,61,00,6d,00,69,00,6e,00,67,00,5c,00,4d,00,69,00,63,00,72,00,6f,\

00,73,00,6f,00,66,00,74,00,5c,00,57,00,69,00,6e,00,64,00,6f,00,77,00,73,00,\

5c,00,53,00,74,00,61,00,72,00,74,00,20,00,4d,00,65,00,6e,00,75,00,00,00

"Templates"=hex(2):25,00,55,00,53,00,45,00,52,00,50,00,52,00,4f,00,46,00,49,00,\

4c,00,45,00,25,00,5c,00,41,00,70,00,70,00,44,00,61,00,74,00,61,00,5c,00,52,\

00,6f,00,61,00,6d,00,69,00,6e,00,67,00,5c,00,4d,00,69,00,63,00,72,00,6f,00,\

73,00,6f,00,66,00,74,00,5c,00,57,00,69,00,6e,00,64,00,6f,00,77,00,73,00,5c,\

00,54,00,65,00,6d,00,70,00,6c,00,61,00,74,00,65,00,73,00,00,00

"{374DE290-123F-4565-9164-39C4925E467B}"=hex(2):25,00,55,00,53,00,45,00,52,00,\

50,00,52,00,4f,00,46,00,49,00,4c,00,45,00,25,00,5c,00,44,00,6f,00,77,00,6e,\

00,6c,00,6f,00,61,00,64,00,73,00,00,00

"PrintHood"=hex(2):25,00,55,00,53,00,45,00,52,00,50,00,52,00,4f,00,46,00,49,00,\

4c,00,45,00,25,00,5c,00,41,00,70,00,70,00,44,00,61,00,74,00,61,00,5c,00,52,\

00,6f,00,61,00,6d,00,69,00,6e,00,67,00,5c,00,4d,00,69,00,63,00,72,00,6f,00,\

73,00,6f,00,66,00,74,00,5c,00,57,00,69,00,6e,00,64,00,6f,00,77,00,73,00,5c,\

00,50,00,72,00,69,00,6e,00,74,00,65,00,72,00,20,00,53,00,68,00,6f,00,72,00,\

74,00,63,00,75,00,74,00,73,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BITS]

"DisplayName"="@%SystemRoot%\\system32\\qmgr.dll,-1000"

"ImagePath"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,\

74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,\

00,76,00,63,00,68,00,6f,00,73,00,74,00,2e,00,65,00,78,00,65,00,20,00,2d,00,\

6b,00,20,00,6e,00,65,00,74,00,73,00,76,00,63,00,73,00,00,00

"Description"="@%SystemRoot%\\system32\\qmgr.dll,-1001"

"ObjectName"="LocalSystem"

"ErrorControl"=dword:00000001

"Start"=dword:00000002

"DelayedAutoStart"=dword:00000001

"Type"=dword:00000020

"DependOnService"=hex(7):52,00,70,00,63,00,53,00,73,00,00,00,45,00,76,00,65,00,\

6e,00,74,00,53,00,79,00,73,00,74,00,65,00,6d,00,00,00,00,00

"ServiceSidType"=dword:00000001

"RequiredPrivileges"=hex(7):53,00,65,00,43,00,72,00,65,00,61,00,74,00,65,00,47,\

00,6c,00,6f,00,62,00,61,00,6c,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,\

67,00,65,00,00,00,53,00,65,00,49,00,6d,00,70,00,65,00,72,00,73,00,6f,00,6e,\

00,61,00,74,00,65,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,\

00,00,53,00,65,00,54,00,63,00,62,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,\

00,67,00,65,00,00,00,53,00,65,00,41,00,73,00,73,00,69,00,67,00,6e,00,50,00,\

72,00,69,00,6d,00,61,00,72,00,79,00,54,00,6f,00,6b,00,65,00,6e,00,50,00,72,\

00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,53,00,65,00,49,00,6e,00,\

63,00,72,00,65,00,61,00,73,00,65,00,51,00,75,00,6f,00,74,00,61,00,50,00,72,\

00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,00,00

"FailureActions"=hex:80,51,01,00,00,00,00,00,00,00,00,00,03,00,00,00,14,00,00,\

00,01,00,00,00,60,ea,00,00,01,00,00,00,c0,d4,01,00,00,00,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BITS\Parameters]

"ServiceDll"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,\

00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,\

71,00,6d,00,67,00,72,00,2e,00,64,00,6c,00,6c,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BITS\Performance]

"Library"="bitsperf.dll"

"Open"="PerfMon_Open"

"Collect"="PerfMon_Collect"

"Close"="PerfMon_Close"

"InstallType"=dword:00000001

"PerfIniFile"="bitsctrs.ini"

"First Counter"=dword:000007d2

"Last Counter"=dword:000007e2

"First Help"=dword:000007d3

"Last Help"=dword:000007e3

"Object List"="2002"

"PerfMMFileName"="Global\\MMF_BITS_s"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BITS\Security]

"Security"=hex:01,00,14,80,90,00,00,00,a0,00,00,00,14,00,00,00,34,00,00,00,02,\

00,20,00,01,00,00,00,02,c0,18,00,00,00,0c,00,01,02,00,00,00,00,00,05,20,00,\

00,00,20,02,00,00,02,00,5c,00,04,00,00,00,00,02,14,00,ff,01,0f,00,01,01,00,\

00,00,00,00,05,12,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,\

20,00,00,00,20,02,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,05,04,\

00,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,05,06,00,00,00,01,02,\

00,00,00,00,00,05,20,00,00,00,20,02,00,00,01,02,00,00,00,00,00,05,20,00,00,\

00,20,02,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\wscsvc]

"DisplayName"="@%SystemRoot%\\System32\\wscsvc.dll,-200"

"ErrorControl"=dword:00000001

"ImagePath"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,\

74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,\

00,76,00,63,00,68,00,6f,00,73,00,74,00,2e,00,65,00,78,00,65,00,20,00,2d,00,\

6b,00,20,00,4c,00,6f,00,63,00,61,00,6c,00,53,00,65,00,72,00,76,00,69,00,63,\

00,65,00,4e,00,65,00,74,00,77,00,6f,00,72,00,6b,00,52,00,65,00,73,00,74,00,\

72,00,69,00,63,00,74,00,65,00,64,00,00,00

"Start"=dword:00000002

"Type"=dword:00000020

"Description"="@%SystemRoot%\\System32\\wscsvc.dll,-201"

"DependOnService"=hex(7):52,00,70,00,63,00,53,00,73,00,00,00,57,00,69,00,6e,00,\

4d,00,67,00,6d,00,74,00,00,00,00,00

"ObjectName"="NT AUTHORITY\\LocalService"

"ServiceSidType"=dword:00000001

"RequiredPrivileges"=hex(7):53,00,65,00,43,00,68,00,61,00,6e,00,67,00,65,00,4e,\

00,6f,00,74,00,69,00,66,00,79,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,\

67,00,65,00,00,00,53,00,65,00,49,00,6d,00,70,00,65,00,72,00,73,00,6f,00,6e,\

00,61,00,74,00,65,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,\

00,00,00,00

"DelayedAutoStart"=dword:00000001

"FailureActions"=hex:80,51,01,00,00,00,00,00,00,00,00,00,03,00,00,00,14,00,00,\

00,01,00,00,00,c0,d4,01,00,01,00,00,00,e0,93,04,00,00,00,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\wscsvc\Parameters]

"ServiceDllUnloadOnStop"=dword:00000001

"ServiceDll"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,\

00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,\

77,00,73,00,63,00,73,00,76,00,63,00,2e,00,64,00,6c,00,6c,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\wscsvc\Security]

"Security"=hex:01,00,14,80,c8,00,00,00,d4,00,00,00,14,00,00,00,30,00,00,00,02,\

00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\

00,00,02,00,98,00,06,00,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,\

05,12,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,\

20,02,00,00,00,00,14,00,9d,01,02,00,01,01,00,00,00,00,00,05,04,00,00,00,00,\

00,14,00,8d,01,02,00,01,01,00,00,00,00,00,05,06,00,00,00,00,00,14,00,00,01,\

00,00,01,01,00,00,00,00,00,05,0b,00,00,00,00,00,28,00,15,00,00,00,01,06,00,\

00,00,00,00,05,50,00,00,00,49,59,9d,77,91,56,e5,55,dc,f4,e2,0e,a7,8b,eb,ca,\

7b,42,13,56,01,01,00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,\

00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WinDefend]

"DisplayName"="@%ProgramFiles%\\Windows Defender\\MsMpRes.dll,-103"

"ErrorControl"=dword:00000001

"ImagePath"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,\

74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,\

00,76,00,63,00,68,00,6f,00,73,00,74,00,2e,00,65,00,78,00,65,00,20,00,2d,00,\

6b,00,20,00,73,00,65,00,63,00,73,00,76,00,63,00,73,00,00,00

"Start"=dword:00000002

"Type"=dword:00000020

"Description"="@%ProgramFiles%\\Windows Defender\\MsMpRes.dll,-1176"

"DependOnService"=hex(7):52,00,70,00,63,00,53,00,73,00,00,00,00,00

"ObjectName"="LocalSystem"

"ServiceSidType"=dword:00000001

"RequiredPrivileges"=hex(7):53,00,65,00,49,00,6d,00,70,00,65,00,72,00,73,00,6f,\

00,6e,00,61,00,74,00,65,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,\

65,00,00,00,53,00,65,00,42,00,61,00,63,00,6b,00,75,00,70,00,50,00,72,00,69,\

00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,53,00,65,00,52,00,65,00,73,00,\

74,00,6f,00,72,00,65,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,\

00,00,00,53,00,65,00,44,00,65,00,62,00,75,00,67,00,50,00,72,00,69,00,76,00,\

69,00,6c,00,65,00,67,00,65,00,00,00,53,00,65,00,43,00,68,00,61,00,6e,00,67,\

00,65,00,4e,00,6f,00,74,00,69,00,66,00,79,00,50,00,72,00,69,00,76,00,69,00,\

6c,00,65,00,67,00,65,00,00,00,53,00,65,00,53,00,65,00,63,00,75,00,72,00,69,\

00,74,00,79,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,\

53,00,65,00,53,00,68,00,75,00,74,00,64,00,6f,00,77,00,6e,00,50,00,72,00,69,\

00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,53,00,65,00,49,00,6e,00,63,00,\

72,00,65,00,61,00,73,00,65,00,51,00,75,00,6f,00,74,00,61,00,50,00,72,00,69,\

00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,53,00,65,00,41,00,73,00,73,00,\

69,00,67,00,6e,00,50,00,72,00,69,00,6d,00,61,00,72,00,79,00,54,00,6f,00,6b,\

00,65,00,6e,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,\

00,00

"DelayedAutoStart"=dword:00000001

"FailureActions"=hex:80,51,01,00,00,00,00,00,00,00,00,00,03,00,00,00,14,00,00,\

00,01,00,00,00,60,ea,00,00,01,00,00,00,60,ea,00,00,00,00,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WinDefend\Parameters]

"ServiceDllUnloadOnStop"=dword:00000001

"ServiceDll"=hex(2):25,00,50,00,72,00,6f,00,67,00,72,00,61,00,6d,00,46,00,69,\

00,6c,00,65,00,73,00,25,00,5c,00,57,00,69,00,6e,00,64,00,6f,00,77,00,73,00,\

20,00,44,00,65,00,66,00,65,00,6e,00,64,00,65,00,72,00,5c,00,6d,00,70,00,73,\

00,76,00,63,00,2e,00,64,00,6c,00,6c,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WinDefend\Security]

"Security"=hex:01,00,14,80,dc,00,00,00,e8,00,00,00,14,00,00,00,30,00,00,00,02,\

00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\

00,00,02,00,ac,00,06,00,00,00,00,00,28,00,ff,01,0f,00,01,06,00,00,00,00,00,\

05,50,00,00,00,b5,89,fb,38,19,84,c2,cb,5c,6c,23,6d,57,00,77,6e,c0,02,64,87,\

00,0b,28,00,00,00,00,10,01,06,00,00,00,00,00,05,50,00,00,00,b5,89,fb,38,19,\

84,c2,cb,5c,6c,23,6d,57,00,77,6e,c0,02,64,87,00,00,14,00,fd,01,02,00,01,01,\

00,00,00,00,00,05,12,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,\

05,20,00,00,00,20,02,00,00,00,00,14,00,9d,01,02,00,01,01,00,00,00,00,00,05,\

04,00,00,00,00,00,14,00,9d,01,02,00,01,01,00,00,00,00,00,05,06,00,00,00,01,\

01,00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WinDefend\TriggerInfo]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WinDefend\TriggerInfo\0]

"Type"=dword:00000005

"Action"=dword:00000001

"GUID"=hex:e6,ca,9f,65,db,5b,a9,4d,b1,ff,ca,2a,17,8d,46,e0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\wuauserv]

"PreshutdownTimeout"=dword:036ee800

"DisplayName"="Windows Update"

"ImagePath"=hex(2):25,00,73,00,79,00,73,00,74,00,65,00,6d,00,72,00,6f,00,6f,00,\

74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,\

00,76,00,63,00,68,00,6f,00,73,00,74,00,2e,00,65,00,78,00,65,00,20,00,2d,00,\

6b,00,20,00,6e,00,65,00,74,00,73,00,76,00,63,00,73,00,00,00

"Description"="@%systemroot%\\system32\\wuaueng.dll,-106"

"ObjectName"="LocalSystem"

"ErrorControl"=dword:00000001

"Start"=dword:00000002

"DelayedAutoStart"=dword:00000001

"Type"=dword:00000020

"DependOnService"=hex(7):72,00,70,00,63,00,73,00,73,00,00,00,00,00

"ServiceSidType"=dword:00000001

"RequiredPrivileges"=hex(7):53,00,65,00,41,00,75,00,64,00,69,00,74,00,50,00,72,\

00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,53,00,65,00,43,00,72,00,\

65,00,61,00,74,00,65,00,47,00,6c,00,6f,00,62,00,61,00,6c,00,50,00,72,00,69,\

00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,53,00,65,00,43,00,72,00,65,00,\

61,00,74,00,65,00,50,00,61,00,67,00,65,00,46,00,69,00,6c,00,65,00,50,00,72,\

00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,53,00,65,00,54,00,63,00,\

62,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,53,00,65,\

00,41,00,73,00,73,00,69,00,67,00,6e,00,50,00,72,00,69,00,6d,00,61,00,72,00,\

79,00,54,00,6f,00,6b,00,65,00,6e,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,\

00,67,00,65,00,00,00,53,00,65,00,49,00,6d,00,70,00,65,00,72,00,73,00,6f,00,\

6e,00,61,00,74,00,65,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,\

00,00,00,53,00,65,00,49,00,6e,00,63,00,72,00,65,00,61,00,73,00,65,00,51,00,\

75,00,6f,00,74,00,61,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,\

00,00,00,53,00,65,00,53,00,68,00,75,00,74,00,64,00,6f,00,77,00,6e,00,50,00,\

72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,00,00

"FailureActions"=hex:80,51,01,00,00,00,00,00,00,00,00,00,03,00,00,00,14,00,00,\

00,01,00,00,00,60,ea,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\wuauserv\Parameters]

"ServiceDll"=hex(2):25,00,73,00,79,00,73,00,74,00,65,00,6d,00,72,00,6f,00,6f,\

00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,\

77,00,75,00,61,00,75,00,65,00,6e,00,67,00,2e,00,64,00,6c,00,6c,00,00,00

"ServiceMain"="WUServiceMain"

"ServiceDllUnloadOnStop"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\wuauserv\Security]

"Security"=hex:01,00,14,80,78,00,00,00,84,00,00,00,14,00,00,00,30,00,00,00,02,\

00,1c,00,01,00,00,00,02,80,14,00,ff,00,0f,00,01,01,00,00,00,00,00,01,00,00,\

00,00,02,00,48,00,03,00,00,00,00,00,14,00,9d,00,02,00,01,01,00,00,00,00,00,\

05,0b,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,\

20,02,00,00,00,00,14,00,ff,01,0f,00,01,01,00,00,00,00,00,05,12,00,00,00,01,\

01,00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes]

"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]

"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C}]

Adnotacja dla innych czytających: import dopasowany do Windows 7.

Z menu Notatnika > Plik > Zapisz jako > Ustaw rozszerzenie na Wszystkie pliki > Zapisz jako FIX.REG

Kliknij prawym na plik i wybierz z menu opcję Scal. Potwierdź import do rejestru. Zresetuj system.

6. Rekonstrukcja usług Zapory systemu Windows (BFE + MpsSvc + SharedAccess i ich uprawnień przez SetACL): KLIK. Omiń sfc /scannow, nie jest potrzebne. Po wszystkim zresetuj system.

7. Zrób nowy log OTL z opcji Skanuj (już bez Extras) oraz Farbar Service Scanner.

.

MrSkacowany · 25 Września 2012

OTL.txt

FSS.txt

picasso · 25 Września 2012

Większość zadań wykonana, ale mamy jeszcze co robić, bo nadal są pliki infekcji na dysku i jeden z wpisów startowych wcale nie został usunięty.

1. Uruchom OTL i w sekcji Własne opcje skanowania / skrypt wklej:

:OTL
F3 - HKU\S-1-5-21-2741791824-338667453-693480273-1000 WinNT: Load - (C:\Users\r\LOCALS~1\Temp\msfpvv.cmd) - C:\Users\r\Local Settings\Temp\msfpvv.cmd (OI6 B4d WBGm53)
 
:Files
C:\Users\r\AppData\Roaming\*.exe
C:\Users\r\AppData\Roaming\FacebookUpdater.zgy
C:\Users\r\AppData\Local\vsbst.exe
C:\Users\r\Desktop\%APPDATA%
C:\Users\r\Documents\%APPDATA%
C:\Users\r\AppData\Roaming\Babylon
C:\Users\r\AppData\Roaming\Mozilla\Firefox\Profiles\byolqf7z.default\extensions\4sharedToolbar.xpi
 
:Commands
[emptytemp]

Adnotacja dla innych czytających: skrypt unikatowy - dopasowany tylko i wyłącznie pod ten system, proszę nie stosować na swoich systemach.

Klik w Wykonaj skrypt. System zostanie zrestartowany.

2. Uruchom AdwCleaner i zastosuj Delete. Na dysku C powstanie log z usuwania.

3. Zrób nowy log OTL z opcji Skanuj. Dołącz log wyprodukowany przez AdwCleaner.

.

MrSkacowany · 26 Września 2012

OTL.txt

AdwCleaner[s1].txt

picasso · 26 Września 2012

Zadania pomyślnie wykonane.

1. Mała drobnostka w Google Chrome, czyli zostały szczątkowe wtyczki Downloadera AOL:

========== Chrome  ========== 
CHR - plugin: downloadUpdater (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdnu.dll
CHR - plugin: downloadUpdater2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdnupdater2.dll

Ich usunięcie z Google Chrome wymaga edycji pliku Preferences, podobnie jak tu w punkcie 3: KLIK. Oczywiście u Ciebie wtyczki nazywają się inaczej, czyli downloadUpdater + downloadUpdater2.

2. Wyczyść po narzędziach: w AdwCleaner użyj Uninstall, w OTL uruchom Sprzątanie, a SetACL i ręcznie robione fiksy ręcznie możesz usunąć.

3. Wyczyść foldery Przywracania systemu: KLIK.

4. Wykonaj pełne skanowanie w Malwarebytes Anti-Malware. Jeśli coś wykryje, przedstaw raport.

.

MrSkacowany · 26 Września 2012

Nie mam czasu kodowac,

http://www.wklej.org/id/837309/

picasso · 26 Września 2012

"Nie mam czasu kodowac" = ekhm, "kodowanie" to opinia na wyrost (tylko wycięcie dwóch bloków owych wtyczek) i to jest robota na pół minuty ... Obiekty są śmieciami.

1. Wyniki MBAM: większość to trojany (oraz instalatory adware) i usuń. Do ominięcia te, bo zdają się fałszywymi alarmami:

C:\Downloads\Mass.Effect.3.Multi7-RU.Repack\DVD2\Redistributables\DirectX\dsetup.dll (Malware.Packer.Gen) -> Nie wykonano akcji.C:\Users\r\Downloads\BitComet 1.25.exe (Trojan.StartPage) -> Nie wykonano akcji.
C:\Users\r\Downloads\word_2003.exe (Trojan.StartPage) -> Nie wykonano akcji.
C:\Users\r\Downloads\LigiMT2.exe (Trojan.Downloader) -> Nie wykonano akcji.
C:\Users\r\Downloads\Update_Service_Setup-2.10.11.10.exe (Trojan.StartPage) -> Nie wykonano akcji.
C:\Users\r\Downloads\HLC_1_setup.exe (Worm.Magania) -> Nie wykonano akcji.
C:\Users\r\Downloads\ventrilo-2.1.4-Windows-i386.exe (Trojan.Dropper) -> Nie wykonano akcji.
C:\Users\r\Downloads\VLCMediaPlayerSetup.exe (PUP.BundleInstaller.BI) -> Nie wykonano akcji.
C:\Users\r\Downloads\Metin 2 Client 091022.exe (Trojan.StartPage) -> Nie wykonano akcji.
C:\Users\r\Downloads\BSM\BSM\BiNPDA.Security.Manager.v1.0.S60v3.SymbianOS9.Internal-BiNPDA\RootSiGN.exe (Hacktool.RootSign) -> Nie wykonano akcji.
C:\Users\r\Downloads\Connect Changer 1.7.2\Metin2 Connect Changer\CruelMT2.exe (Trojan.Downloader) -> Nie wykonano akcji.
C:\Users\r\Downloads\Connect Changer 1.7.2\Metin2 Connect Changer\Galapagos.exe (Trojan.Downloader) -> Nie wykonano akcji.
C:\Users\r\Downloads\Connect Changer 1.7.2\Metin2 Connect Changer\ligi.exe (Trojan.Downloader) -> Nie wykonano akcji.
C:\Users\r\Downloads\Connect Changer 1.7.2\Metin2 Connect Changer\m2.bin (Trojan.Downloader) -> Nie wykonano akcji.
C:\Users\r\Downloads\Connect Changer 1.7.2\Metin2 Connect Changer\Sandia.exe (Trojan.Downloader) -> Nie wykonano akcji.
C:\Users\r\Downloads\Connect Changer 1.7.2\Metin2 Connect Changer\YheRun.exe (Trojan.Downloader) -> Nie wykonano akcji.
D:\Nowy folder\PrivyHamachi\Galapagos.exe (Trojan.Downloader) -> Nie wykonano akcji.
D:\Nowy folder\PrivyHamachi\ligi.exe (Trojan.Downloader) -> Nie wykonano akcji.
D:\Nowy folder\PrivyHamachi\LigiMT2.exe (Trojan.Downloader) -> Nie wykonano akcji.
D:\Nowy folder\PrivyHamachi\Sandia.exe (Trojan.Downloader) -> Nie wykonano akcji.
D:\Nowy folder\PrivyHamachi\Spolszczenie.exe (Trojan.Downloader) -> Nie wykonano akcji.
D:\Nowy folder\PrivyHamachi\YheRun.exe (Trojan.Downloader) -> Nie wykonano akcji.
D:\Nowy folder\PrivyHamachi\[A]Safir.exe (Backdoor.Hupigon) -> Nie wykonano akcji.
D:\Gry\SafirMT2\Safir\metin2.bin (Backdoor.Hupigon) -> Nie wykonano akcji.
D:\Gry\SafirMT2\Safir\[A]Safir.exe (Backdoor.Hupigon) -> Nie wykonano akcji.

2. Po operacji usuwania w MBAM jeszcze na wszelki wypadek ponów czyszczenie lokalizacji tymczasowych (TFC - Temp Cleaner) + wyczyść foldery Przywracania systemu.

3. Zaktualizuj wyliczone poniżej aplikacje: KLIK. Aktualnie widać wersje i starego antywirusa:

========== HKEY_LOCAL_MACHINE Uninstall List ========== 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight 5.0.61118.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX (wtyczka dla IE)
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin (wtyczka dla Firefox)
"PC Tools AntiVirus_is1" = PC Tools AntiVirus4.0
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-2741791824-338667453-693480273-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome 21.0.1180.89
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_265.dll ()

I możesz odinstalować zbędny McAfee Security Scan.

4. Prewencyjnie zmień hasła logowania w serwisach.

.

Zaloguj się

ZeroAcces/Sirefef

Rekomendowane odpowiedzi

MrSkacowany

Odnośnik do komentarza

picasso

Odnośnik do komentarza

MrSkacowany

Odnośnik do komentarza

picasso

Odnośnik do komentarza

MrSkacowany

Odnośnik do komentarza

picasso

Odnośnik do komentarza

MrSkacowany

Odnośnik do komentarza

picasso

Odnośnik do komentarza

MrSkacowany

Odnośnik do komentarza

picasso

Odnośnik do komentarza

Ostatnio przeglądający 0 użytkowników

Przeglądaj

Cała aktywność