Wydaje mi się że to może być rootkit zero access .
w okno Własne opcje skanowania / skrypt wklej:
:OTL
O3 - HKLM…\Toolbar: (&Yahoo! Companion) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_0_1.dll File not found
O3 - HKU\S-1-5-21-2568112518-2826930539-3053999018-500…\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O3 - HKU\S-1-5-21-2568112518-2826930539-3053999018-500…\Toolbar\WebBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
O3 - HKU\S-1-5-21-2568112518-2826930539-3053999018-500…\Toolbar\WebBrowser: (&Yahoo! Companion) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_0_1.dll File not found
O4 - HKLM…\Run: [userFaultCheck] %systemroot%\system32\dumprep 0 -u File not found
O9 - Extra ‘Tools’ menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll File not found
O32 - AutoRun File - [2011-12-07 10:42:16 | 000,000,128 | R— | M] () - D:\autorun.inf – [CDFS]
O33 - MountPoints2{3388f35a-d2c6-11df-8856-0016e658c282}\Shell - “” = AutoRun
O33 - MountPoints2{3388f35a-d2c6-11df-8856-0016e658c282}\Shell\AutoRun\command - “” = G:\LaunchU3.exe -a
O33 - MountPoints2{437cce8a-0d0f-11dd-864c-806d6172696f}\Shell\AutoRun\command - “” = D:\b.com
O33 - MountPoints2{437cce8a-0d0f-11dd-864c-806d6172696f}\Shell\explore\Command - “” = D:\b.com
O33 - MountPoints2{437cce8a-0d0f-11dd-864c-806d6172696f}\Shell\open\Command - “” = D:\b.com
O33 - MountPoints2{4e1c76ea-7a9f-11df-8835-0016e658c282}\Shell - “” = AutoRun
O33 - MountPoints2{4e1c76ea-7a9f-11df-8835-0016e658c282}\Shell\AutoRun\command - “” = G:\LaunchU3.exe -a
O33 - MountPoints2{646147a5-4c2c-11de-8751-0016e658c282}\Shell - “” = AutoRun
O33 - MountPoints2{646147a5-4c2c-11de-8751-0016e658c282}\Shell\AutoRun\command - “” = G:\LaunchU3.exe -a
O33 - MountPoints2{d38d9910-2285-11dd-865e-0016e658c282}\Shell\AutoRun\command - “” = G:\ranvrgn.exe
O33 - MountPoints2{d38d9910-2285-11dd-865e-0016e658c282}\Shell\explore\Command - “” = G:\ranvrgn.exe
O33 - MountPoints2{d38d9910-2285-11dd-865e-0016e658c282}\Shell\open\Command - “” = G:\ranvrgn.exe
O33 - MountPoints2{efa42ebe-117f-11df-87d3-0016e658c282}\Shell - “” = Autorun
O33 - MountPoints2{efa42ebe-117f-11df-87d3-0016e658c282}\Shell\AutoRun\command - “” = C:\WINDOWS\System32\setup.exe – [2008-04-14 18:21:39 | 000,023,040 | ---- | M] (Microsoft Corporation)
O33 - MountPoints2\D\Shell\Option1\Command - “” = D:\HBCD\HBCDMenu.exe – [2011-12-07 10:42:16 | 000,018,432 | R— | M] (http://www.hiren.info)
MsConfig - StartUpReg: DemonStarter - hkey= - key= - C:\Program Files\PWN\Definicje\BIN\Starter.exe ()
MsConfig - StartUpReg: HPUsageTracking - hkey= - key= - C:\Program Files\HP\HP UT\bin\hppusg.exe ( )
MsConfig - StartUpReg: NeroFilterCheck - hkey= - key= - File not found
MsConfig - StartUpReg: PinnacleDriverCheck - hkey= - key= - File not found
:Reg
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2]
:Commands
[emptytemp]
Klikasz na Wykonaj skrypt.Zatwierdź restart komputera. Zapisz raport, który pokaże się po restarcie. Następnie uruchom OTL ponownie, tym razem kliknij (Skanuj).
Pokaż nowy log OTL.txt oraz raport z usuwania.