:OTL MOD - [2002-01-01 07:24:22 | 00,086,016 | RHS- | M] () – C:\Documents and Settings\user\Ustawienia lokalne\Temp\cvasds0.dll O4 - HKLM…\Run: [KernelFaultCheck] File not found O4 - HKCU…\Run: [cdoosoft] C:\Documents and Settings\user\Ustawienia lokalne\Temp\herss.exe () O4 - Startup: C:\Documents and Settings\user\Menu Start\Programy\Autostart\PowerReg Scheduler.exe () O32 - AutoRun File - [2002-01-01 08:13:52 | 00,000,055 | RHS- | M] () - C:\autorun.inf – [FAT32] O32 - AutoRun File - [2002-01-01 08:13:52 | 00,000,055 | RHS- | M] () - D:\autorun.inf – [NTFS] O33 - MountPoints2{3946a700-494b-11de-b35e-000c6ecaacff}\Shell - “” = AutoRun O33 - MountPoints2{442833b9-9703-11de-b558-000c6ecaacff}\Shell - “” = AutoRun O33 - MountPoints2{442833b9-9703-11de-b558-000c6ecaacff}\Shell\Auto\command - “” = C:\WINDOWS\System32\wupdmgr.exe – [2001-10-26 15:30:06 | 00,032,256 | ---- | M] (Microsoft Corporation) O33 - MountPoints2{697ba1ad-0cc1-11de-804c-806d6172696f}\Shell\AutoRun\command - “” = C:\9xf8.exe – [2010-01-17 22:00:02 | 00,115,712 | RHS- | M] () O33 - MountPoints2{697ba1ad-0cc1-11de-804c-806d6172696f}\Shell\open\Command - “” = C:\9xf8.exe – [2010-01-17 22:00:02 | 00,115,712 | RHS- | M] () O33 - MountPoints2{697ba1ae-0cc1-11de-804c-806d6172696f}\Shell\AutoRun\command - “” = 9xf8.exe O33 - MountPoints2{697ba1ae-0cc1-11de-804c-806d6172696f}\Shell\open\Command - “” = 9xf8.exe O33 - MountPoints2{735a5ad2-ff20-11de-b764-000c6ecaacff}\Shell\AutoRun\command - “” = F:\9xf8.exe – File not found O33 - MountPoints2{735a5ad2-ff20-11de-b764-000c6ecaacff}\Shell\open\Command - “” = F:\9xf8.exe – File not found [2010-01-17 16:27:36 | 00,000,000 | -HSD | C] – C:\FOUND.035 [2009-12-02 04:53:58 | 00,000,000 | -HSD | C] – C:\FOUND.032 [2009-11-22 17:40:00 | 00,000,000 | -HSD | C] – C:\FOUND.031 [2009-10-18 01:22:54 | 00,000,000 | -HSD | C] – C:\FOUND.030 [2009-09-18 21:11:12 | 00,000,000 | -HSD | C] – C:\FOUND.029 [2009-09-10 01:36:46 | 00,000,000 | -HSD | C] – C:\FOUND.028 [2009-09-01 20:05:46 | 00,000,000 | -HSD | C] – C:\FOUND.027 [2009-08-29 08:46:02 | 00,000,000 | -HSD | C] – C:\FOUND.026 [2009-08-21 13:21:12 | 00,000,000 | -HSD | C] – C:\FOUND.025 [2009-08-14 07:23:16 | 00,000,000 | -HSD | C] – C:\FOUND.024 [2009-07-25 09:16:22 | 00,000,000 | -HSD | C] – C:\FOUND.023 [2009-07-05 10:11:10 | 00,000,000 | -HSD | C] – C:\FOUND.022 [2009-07-04 10:54:10 | 00,000,000 | -HSD | C] – C:\FOUND.021 [2009-06-25 20:57:20 | 00,000,000 | -HSD | C] – C:\FOUND.020 [2009-06-24 20:30:06 | 00,000,000 | -HSD | C] – C:\FOUND.019 [2009-06-16 10:21:08 | 00,000,000 | -HSD | C] – C:\FOUND.018 [2009-06-14 09:07:08 | 00,000,000 | -HSD | C] – C:\FOUND.017 [2009-06-11 17:20:10 | 00,000,000 | -HSD | C] – C:\FOUND.016 [2009-06-09 23:35:24 | 00,000,000 | -HSD | C] – C:\FOUND.015 [2009-06-09 06:50:00 | 00,000,000 | -HSD | C] – C:\FOUND.014 [2009-06-08 20:51:58 | 00,000,000 | -HSD | C] – C:\FOUND.013 [2009-06-08 07:06:50 | 00,000,000 | -HSD | C] – C:\FOUND.012 [2009-06-07 09:23:52 | 00,000,000 | -HSD | C] – C:\FOUND.011 [2009-06-06 17:21:28 | 00,000,000 | -HSD | C] – C:\FOUND.010 [2009-06-06 16:13:02 | 00,000,000 | -HSD | C] – C:\FOUND.009 [2009-06-05 13:48:26 | 00,000,000 | -HSD | C] – C:\FOUND.008 [2009-05-18 06:54:52 | 00,000,000 | -HSD | C] – C:\FOUND.007 [2009-05-17 12:13:54 | 00,000,000 | -HSD | C] – C:\FOUND.006 [2009-05-16 09:49:50 | 00,000,000 | -HSD | C] – C:\FOUND.005 [2009-05-15 19:01:34 | 00,000,000 | -HSD | C] – C:\FOUND.004 [2009-05-10 14:17:38 | 00,000,000 | -HSD | C] – C:\FOUND.003 [2009-05-04 10:38:44 | 00,000,000 | -HSD | C] – C:\FOUND.002 [2009-04-11 18:11:20 | 00,000,000 | -HSD | C] – C:\FOUND.001 [2009-03-10 09:51:39 | 00,000,000 | -HSD | C] – C:\Recycled [2009-03-09 16:10:40 | 00,000,000 | -HSD | C] – C:\FOUND.000 [2002-01-01 08:15:08 | 00,000,055 | RHS- | M] () – C:\autorun.inf [2002-01-01 08:08:01 | 00,115,712 | RHS- | C] () – C:\9xf8.exe :Files C:\FOUND.034 D:\9xf8.exe :Reg [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced] “SuperHidden”=dword:00000001 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced] “Hidden”=dword:00000001 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced] “ShowSuperHidden”=dword:00000001 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL] “CheckedValue”=dword:00000001 [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\SuperHidden\Policy\DontShowSuperHidden] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\SuperHidden\Policy\DontShowSuperHidden] @="" :Commands [emptytemp] [Reboot]