USBFix użyty, mbam wykrył 10 zainfekowanych plików które wyrzucił, cureit nie znalazł nic. w załączniku logi z OTL Zamieszczając załączniki niezbędne do rozwiązania problemu proszę dbać o to, by nie posiadały prowizji! Post poprawiam,
OTL Extras logfile created on: 2011-11-26 12:25:31 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Grzegorz\Pulpit
Windows XP Home Edition Dodatek Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd
1,99 Gb Total Physical Memory | 1,66 Gb Available Physical Memory | 83,48% Memory free
3,84 Gb Paging File | 3,51 Gb Available in Paging File | 91,47% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 48,83 Gb Total Space | 40,92 Gb Free Space | 83,81% Space Free | Partition Type: NTFS
Drive E: | 100,22 Gb Total Space | 99,86 Gb Free Space | 99,64% Space Free | Partition Type: NTFS
Computer Name: 13B5613BDF844E4 | User Name: Grzegorz | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
[color=#E56717]========== Extra Registry (SafeList) ==========[/color]
[color=#E56717]========== File Associations ==========[/color]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ & lt; extension & gt; ]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL " %1 " ,%*
.html [@ = Opera.HTML] -- C:\Program Files\Opera\Opera.exe (Opera Software)
.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l
[HKEY_CURRENT_USER\SOFTWARE\Classes\ & lt; extension & gt; ]
.html [@ = Opera.HTML] -- C:\Program Files\Opera\Opera.exe (Opera Software)
[color=#E56717]========== Shell Spawning ==========[/color]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ & lt; key & gt; \shell\[command]\command]
batfile [open] -- " %1 " %*
cmdfile [open] -- " %1 " %*
comfile [open] -- " %1 " %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL " %1 " ,%*
exefile [open] -- " %1 " %*
htmlfile [edit] -- Reg Error: Key error.
https [open] -- " C:\Program Files\Opera\Opera.exe " " %1 " (Opera Software)
InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l
piffile [open] -- " %1 " %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- " %1 "
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- " %1 " /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[color=#E56717]========== Security Center Settings ==========[/color]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
" FirstRunDisabled " = 1
" AntiVirusDisableNotify " = 0
" FirewallDisableNotify " = 0
" UpdatesDisableNotify " = 0
" AntiVirusOverride " = 0
" FirewallOverride " = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
[color=#E56717]========== System Restore Settings ==========[/color]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
" DisableSR " = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
" Start " = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
" Start " = 2
[color=#E56717]========== Firewall Settings ==========[/color]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[color=#E56717]========== Authorized Applications List ==========[/color]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
" C:\Program Files\uTorrent\uTorrent.exe " = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
" C:\Program Files\Opera\opera.exe " = C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser -- (Opera Software)
[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
" {1F1C2DFC-2D24-3E06-BCB8-725134ADF989} " = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
" {26A24AE4-039D-4CA4-87B4-2F83216029FF} " = Java(TM) 6 Update 29
" {350C9415-3D7C-4EE8-BAA9-00BCB3D54227} " = WebFldrs XP
" {45A66726-69BC-466B-A7A4-12FCBA4883D7} " = HiJackThis
" {4A03706F-666A-4037-7777-5F2748764D10} " = Java Auto Updater
" {6BE2A4A4-99FB-48ED-AE1E-4E850389F804} " = PartitionMagic
" {AC76BA86-7AD7-1045-7B44-AA1000000001} " = Adobe Reader X (10.1.0) - Polish
" {ACCA20B0-C4D1-4BF5-BF21-0A0EB5EF9730} " = REALTEK GbE & FE Ethernet PCI NIC Driver
" {B2DC3F08-2EB2-49A5-AA24-15DFC8B1CB83} " = @BIOS
" {D64833F8-860D-4216-8EDC-DD08AD68C0B5} " = LibreOffice 3.4
" {F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC} " = Realtek High Definition Audio Driver
" Adobe Flash Player Plugin " = Adobe Flash Player 11 Plugin
" AIDA64 Extreme Edition_is1 " = AIDA64 Extreme Edition v1.80
" EVEREST Home Edition_is1 " = EVEREST Home Edition v2.20
" HDMI " = Intel(R) Graphics Media Accelerator Driver
" InstallShield_{6BE2A4A4-99FB-48ED-AE1E-4E850389F804} " = PowerQuest PartitionMagic 8.0
" KLiteCodecPack_is1 " = K-Lite Codec Pack 8.0.0 (Full)
" Malwarebytes' Anti-Malware_is1 " = Malwarebytes' Anti-Malware wersja 1.51.2.1300
" Mozilla Firefox 8.0.1 (x86 pl) " = Mozilla Firefox 8.0.1 (x86 pl)
" Opera 11.52.1100 " = Opera 11.52
" Usbfix " = UsbFix By El Desaparecido
" uTorrent " = µTorrent
" WinRAR archiver " = WinRAR 4.01 (32-bitowy)
[color=#E56717]========== Last 10 Event Log Errors ==========[/color]
[ Application Events ]
Error - 2011-11-26 05:09:32 | Computer Name = 13B5613BDF844E4 | Source = MsiInstaller | ID = 1013
Description = Product: PartitionMagic -- 1: This installation can not be run by
directly launching the MSI package; you must run setup.exe.
Error - 2011-11-26 06:00:03 | Computer Name = 13B5613BDF844E4 | Source = PerfNet | ID = 2004
Description = Nie można otworzyć usługi Server. Dane wydajności usługi Server nie
zostaną zwrócone. Zwrócony kod stanu to dane DWORD 0.
[ System Events ]
Error - 2011-11-26 05:57:58 | Computer Name = 13B5613BDF844E4 | Source = DCOM | ID = 10005
Description = Model DCOM odebrał błąd „%1084” podczas próby uruchomienia usługi
EventSystem z argumentami „” w celu uruchomienia serwera: {1BE1F766-5536-11D1-B726-00C04FB926AF}
Error - 2011-11-26 05:58:03 | Computer Name = 13B5613BDF844E4 | Source = DCOM | ID = 10005
Description = Model DCOM odebrał błąd „%1084” podczas próby uruchomienia usługi
netman z argumentami „” w celu uruchomienia serwera: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
Error - 2011-11-26 05:58:13 | Computer Name = 13B5613BDF844E4 | Source = Service Control Manager | ID = 7001
Description = Usługa Klient DHCP zależy od usługi NetBios przez TCP/IP, której nie
można uruchomić z powodu następującego błędu: %%31
Error - 2011-11-26 05:58:13 | Computer Name = 13B5613BDF844E4 | Source = Service Control Manager | ID = 7001
Description = Usługa Klient DNS zależy od usługi Sterownik protokołu TCP/IP, której
nie można uruchomić z powodu następującego błędu: %%31
Error - 2011-11-26 05:58:13 | Computer Name = 13B5613BDF844E4 | Source = Service Control Manager | ID = 7001
Description = Usługa Pomoc TCP/IP NetBIOS zależy od usługi AFD, której nie można
uruchomić z powodu następującego błędu: %%31
Error - 2011-11-26 05:58:13 | Computer Name = 13B5613BDF844E4 | Source = Service Control Manager | ID = 7001
Description = Usługa Usługi IPSEC zależy od usługi Sterownik IPSEC, której nie można
uruchomić z powodu następującego błędu: %%31
Error - 2011-11-26 05:58:13 | Computer Name = 13B5613BDF844E4 | Source = Service Control Manager | ID = 7026
Description = Nie można załadować następujących sterowników startu rozruchowego
lub systemowego: AFD BHDrvx86 ccSet_NAV eeCtrl Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd
Rdbss
SRTSP
SRTSPX
SymIRON
SYMTDI
Tcpip
Error - 2011-11-26 05:58:22 | Computer Name = 13B5613BDF844E4 | Source = DCOM | ID = 10005
Description = Model DCOM odebrał błąd „%1084” podczas próby uruchomienia usługi
EventSystem z argumentami „” w celu uruchomienia serwera: {1BE1F766-5536-11D1-B726-00C04FB926AF}
Error - 2011-11-26 05:59:02 | Computer Name = 13B5613BDF844E4 | Source = DCOM | ID = 10005
Description = Model DCOM odebrał błąd „%1084” podczas próby uruchomienia usługi
EventSystem z argumentami „” w celu uruchomienia serwera: {1BE1F766-5536-11D1-B726-00C04FB926AF}
Error - 2011-11-26 06:04:08 | Computer Name = 13B5613BDF844E4 | Source = PlugPlayManager | ID = 11
Description = Urządzenie Root\LEGACY_SYMEVENT\0000 zniknęło z systemu bez uprzedniego
przygotowania go do usunięcia.
& lt; End of report & gt;