:OTL PRC - [2011-08-21 14:39:54 | 000,634,880 | ---- | M] () – F:\WINDOWS\update.2\svchost.exe PRC - [2011-08-21 14:39:54 | 000,634,880 | ---- | M] () – F:\WINDOWS\update.2\svchost.exe PRC - [2011-08-20 22:35:07 | 000,232,960 | ---- | M] () – F:\WINDOWS\l1rezerv.exe PRC - [2011-08-20 22:33:53 | 000,348,672 | ---- | M] () – F:\WINDOWS\update.5.0\svchost.exe PRC - [2011-08-20 22:33:53 | 000,348,672 | ---- | M] () – F:\WINDOWS\update.5.0\svchost.exe PRC - [2011-08-20 22:29:37 | 000,382,464 | ---- | M] () – F:\WINDOWS\update.7.1\svchostdriver.exe PRC - [2011-08-20 22:25:09 | 000,258,048 | ---- | M] () – F:\WINDOWS\sysdriver32.exe PRC - [2011-08-20 22:11:29 | 001,216,000 | -H-- | M] () – F:\WINDOWS\update.tray-2-0\svchost.exe PRC - [2011-08-20 22:11:29 | 001,216,000 | -H-- | M] () – F:\WINDOWS\update.1\svchost.exe PRC - [2011-06-29 12:20:24 | 000,743,936 | ---- | M] (Ufasoft) – F:\WINDOWS\ufa\ufa.exe MOD - [2011-08-21 14:39:54 | 000,634,880 | ---- | M] () – F:\WINDOWS\update.2\svchost.exe MOD - [2011-08-20 22:35:07 | 000,232,960 | ---- | M] () – F:\WINDOWS\l1rezerv.exe MOD - [2011-08-20 22:33:53 | 000,348,672 | ---- | M] () – F:\WINDOWS\update.5.0\svchost.exe MOD - [2011-08-20 22:29:37 | 000,382,464 | ---- | M] () – F:\WINDOWS\update.7.1\svchostdriver.exe MOD - [2011-08-20 22:25:09 | 000,258,048 | ---- | M] () – F:\WINDOWS\sysdriver32.exe MOD - [2011-08-20 22:11:29 | 001,216,000 | -H-- | M] () – F:\WINDOWS\update.tray-2-0\svchost.exe MOD - [2011-08-20 22:11:29 | 001,216,000 | -H-- | M] () – F:\WINDOWS\update.1\svchost.exe SRV - [2011-08-21 14:39:54 | 000,634,880 | ---- | M] () [Auto | Running] – F:\WINDOWS\update.2\svchost.exe – (srviecheck) SRV - [2011-08-20 22:33:53 | 000,348,672 | ---- | M] () [Auto | Running] – F:\WINDOWS\update.5.0\svchost.exe – (srvbtcclient) SRV - [2011-08-20 22:29:37 | 000,382,464 | ---- | M] () [Auto | Running] – F:\WINDOWS\update.7.1\svchostdriver.exe – (ddservice) SRV - [2011-08-20 22:25:09 | 000,258,048 | ---- | M] () [Auto | Running] – F:\WINDOWS\sysdriver32.exe – (srvsysdriver32) SRV - [2011-08-20 22:11:29 | 001,216,000 | -H-- | M] () [Auto | Running] – F:\WINDOWS\update.1\svchost.exe – (wxpdrivers) IE - HKU\S-1-5-21-1123561945-602609370-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource= … =CT2475029 FF - HKLM\Software\MozillaPlugins@real.com/nsJSRealPlayerPlugin;version=: File not found O2 - BHO: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - F:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.) O2 - BHO: (MyAshampoo Toolbar) - {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - F:\Program Files\MyAshampoo\prxtbMyA0.dll (Conduit Ltd.) O3 - HKLM…\Toolbar: (MyAshampoo Toolbar) - {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - F:\Program Files\MyAshampoo\prxtbMyA0.dll (Conduit Ltd.) O3 - HKU.DEFAULT…\Toolbar\WebBrowser: (MyAshampoo Toolbar) - {A1E75A0E-4397-4BA8-BB50-E19FB66890F4} - F:\Program Files\MyAshampoo\prxtbMyA0.dll (Conduit Ltd.) O3 - HKU\S-1-5-18…\Toolbar\WebBrowser: (MyAshampoo Toolbar) - {A1E75A0E-4397-4BA8-BB50-E19FB66890F4} - F:\Program Files\MyAshampoo\prxtbMyA0.dll (Conduit Ltd.) O3 - HKU\S-1-5-21-1123561945-602609370-725345543-1003…\Toolbar\WebBrowser: (MyAshampoo Toolbar) - {A1E75A0E-4397-4BA8-BB50-E19FB66890F4} - F:\Program Files\MyAshampoo\prxtbMyA0.dll (Conduit Ltd.) O4 - HKLM…\Run: [2973479.exe] F:\WINDOWS\TEMP\2973479.exe () O4 - HKLM…\Run: [3193687.exe] F:\WINDOWS\TEMP\3193687.exe () O4 - HKLM…\Run: [5882630.exe] F:\Documents and Settings\AGACIA\Ustawienia lokalne\Temp\5882630.exe () O4 - HKLM…\Run: [6192336.exe] F:\WINDOWS\TEMP\6192336.exe () O4 - HKLM…\Run: [70057979-loader2.exe] F:\WINDOWS\TEMP\70057979-loader2.exe () O4 - HKLM…\Run: [egui] File not found O4 - HKLM…\Run: [l1rezerv.exe] F:\WINDOWS\l1rezerv.exe () O4 - HKLM…\Run: [sysdriver32.exe] F:\WINDOWS\sysdriver32.exe () O4 - HKLM…\Run: [sysdriver32_.exe] F:\WINDOWS\sysdriver32_.exe () O4 - HKLM…\Run: [TaskTray] File not found O4 - HKLM…\Run: [tray_ico] File not found O4 - HKLM…\Run: [tray_ico0] F:\WINDOWS\update.tray-2-0\svchost.exe () O4 - HKLM…\Run: [tray_ico1] File not found O4 - HKLM…\Run: [tray_ico2] File not found O4 - HKLM…\Run: [tray_ico3] File not found O4 - HKLM…\Run: [tray_ico4] File not found O4 - HKLM…\Run: [WOOTASKBARICON] File not found O4 - HKLM…\Run: [wxpdrv] F:\WINDOWS\services32.exe () O4 - HKU\S-1-5-21-1123561945-602609370-725345543-1003…\Run: [Gadu-Gadu 10] File not found O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O32 - AutoRun File - [2004-05-01 00:01:00 | 000,000,053 | -HS- | M] () - C:\AUTORUN.INF – [NTFS] [2011-08-20 22:41:23 | 000,000,000 | —D | C] – F:\WINDOWS\ufa [2011-08-20 22:41:23 | 000,000,000 | —D | C] – F:\WINDOWS\rpcminer [2011-08-20 22:41:23 | 000,000,000 | —D | C] – F:\WINDOWS\phoenix [2011-08-20 22:33:55 | 000,000,000 | -H-D | C] – F:\WINDOWS\update.5.0 [2011-08-20 22:30:02 | 000,000,000 | -H-D | C] – F:\WINDOWS\update.2 [2011-08-20 22:29:38 | 000,000,000 | -H-D | C] – F:\WINDOWS\update.7.1 [2011-08-20 22:25:00 | 000,000,000 | —D | C] – F:\WINDOWS\av_ico [2011-08-20 22:22:05 | 000,000,000 | -H-D | C] – F:\WINDOWS\update.1 [2011-08-20 22:21:53 | 000,000,000 | -H-D | C] – F:\WINDOWS\update.tray-2-0-lnk [2011-08-20 22:21:53 | 000,000,000 | -H-D | C] – F:\WINDOWS\update.tray-2-0 [2011-08-21 18:02:41 | 000,000,179 | ---- | M] () – F:\WINDOWS\info1 [2011-08-21 18:02:01 | 000,000,734 | ---- | M] () – F:\WINDOWS\System32\drivers\etc\hîsts [2011-08-20 22:41:22 | 005,589,370 | ---- | M] () – F:\WINDOWS\phoenix.rar [2011-08-20 22:41:22 | 000,246,272 | ---- | M] () – F:\WINDOWS\unrar.exe [2011-08-20 22:41:22 | 000,182,617 | ---- | M] () – F:\WINDOWS\ufa.rar [2011-08-20 22:41:21 | 001,075,284 | ---- | M] () – F:\WINDOWS\rpcminer.rar[2011-08-20 22:35:07 | 000,232,960 | ---- | M] () – F:\WINDOWS\l1rezerv.exe [2011-08-20 22:29:56 | 000,904,792 | ---- | M] () – F:\WINDOWS\geoiplist.rar [2011-08-20 22:26:27 | 000,000,000 | ---- | M] () – F:\WINDOWS\loader2.exe_ok [2011-08-20 22:25:09 | 000,258,048 | ---- | M] () – F:\WINDOWS\sysdriver32_.exe [2011-08-20 22:25:09 | 000,258,048 | ---- | M] () – F:\WINDOWS\sysdriver32.exe [2011-08-20 22:11:29 | 001,216,000 | ---- | M] () – F:\WINDOWS\services32.exe [2011-08-20 22:29:57 | 004,636,907 | ---- | C] () – F:\WINDOWS\geoiplist :Reg [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] “F:\WINDOWS\update.1\svchost.exe”=- “F:\WINDOWS\update.tray-2-0\svchost.exe”=- “F:\WINDOWS\update.2\svchost.exe”=- :Commands [CLEARALLRESTOREPOINTS] [RESETHOSTS] [emptytemp]