:OTL
SRV - [2011-03-26 15:20:00 | 000,000,000 | ---- | M] () [Auto | Stopped] -- C:\Documents and Settings\Krzysiek.MROZEK-2DC3E7A6\Ustawienia lokalne\Temp\DAT1FF.tmp -- (tzrttaqalreozou)
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..extensions.enabledItems: vshare@toolbar:1.0.0
[2011-04-23 15:50:23 | 000,000,000 | ---D | M] (vShare) -- C:\Documents and Settings\Krzysiek.MROZEK-2DC3E7A6\Dane aplikacji\Mozilla\Firefox\Profiles\unr4div0.default\extensions\vshare@toolbar
O2 - BHO: (Sopcast Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - File not found
O3 - HKLM\..\Toolbar: (Sopcast Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - File not found
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
O4 - HKCU..\Run: [Power Mixer] File not found
O4 - HKCU..\Run: [Rubin] File not found
O20 - Winlogon\Notify\cryptnet32: DllName - cryptnet32.dll - C:\WINDOWS\System32\cryptnet32.dll ()
O32 - AutoRun File - [2009-05-05 21:33:52 | 000,000,051 | RHS- | M] () - C:\autorun.inf -- [ NTFS ]
O33 - MountPoints2\{0094d545-a46c-11de-b766-001180c974bb}\Shell - "" = AutoRun
O33 - MountPoints2\{0094d545-a46c-11de-b766-001180c974bb}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -a
O33 - MountPoints2\{0094d546-a46c-11de-b766-001180c974bb}\Shell - "" = AutoRun
O33 - MountPoints2\{0094d546-a46c-11de-b766-001180c974bb}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn
O33 - MountPoints2\{04d88ee6-d291-11dd-ac48-001180c974bb}\Shell - "" = AutoRun
O33 - MountPoints2\{04d88ee6-d291-11dd-ac48-001180c974bb}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn
O33 - MountPoints2\{34215d6e-f78f-11dd-ac9f-001180c974bb}\Shell - "" = AutoRun
O33 - MountPoints2\{34215d6e-f78f-11dd-ac9f-001180c974bb}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn
O33 - MountPoints2\{ca632c83-1102-11e0-b1f3-001180c974bb}\Shell - "" = AutoRun
O33 - MountPoints2\{ca632c83-1102-11e0-b1f3-001180c974bb}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn
O33 - MountPoints2\{dfa28a01-d178-11df-b152-001180c974bb}\Shell - "" = AutoRun
O33 - MountPoints2\{dfa28a01-d178-11df-b152-001180c974bb}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn
O33 - MountPoints2\{dfa28a02-d178-11df-b152-001180c974bb}\Shell - "" = AutoRun
O33 - MountPoints2\{dfa28a02-d178-11df-b152-001180c974bb}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn
O33 - MountPoints2\{ea49543c-47d3-11df-b929-001180c974bb}\Shell - "" = AutoRun
O33 - MountPoints2\{ea49543c-47d3-11df-b929-001180c974bb}\Shell\AutoRun\command - "" = I:\Startme.exe
O33 - MountPoints2\{ed0e5bae-ca49-11df-b145-001180c974bb}\Shell - "" = AutoRun
O33 - MountPoints2\{ed0e5bae-ca49-11df-b145-001180c974bb}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn
[2011-06-17 10:37:32 | 000,000,016 | ---- | M] () -- C:\WINDOWS\System32\crt.dat
[2011-06-17 10:37:31 | 000,026,624 | ---- | M] () -- C:\WINDOWS\System32\dll.dll
[2011-05-27 23:23:47 | 000,296,915 | ---- | M] () -- C:\WINDOWS\System32\shimg.dll
[2011-03-26 15:20:00 | 000,327,743 | ---- | C] () -- C:\WINDOWS\System32\drivers\str.sys
:Reg
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2]
:Commands
[emptytemp]
dajesz log z usuwania i nowe logi z OTL