Odpowiedz

Foldery na pendrive zamieniają się w skróty.

 
Rambdal
Młodszy user systemu

Liczba postów: 76
Post: #1

Foldery na pendrive zamieniają się w skróty.


Panowie mam problem.

Jakiś czas temu gry podłączyłem telefon do kompa to zamiast katalogów pokazał mi skróty, to samo tyczy się pendrive. Co się stało i jak to zwalczyć ?

15.09.2014 17:34

Znajdź wszystkie posty użytkownika
Odpowiedz cytując ten post
LadyInBlue
Pani SuperMod

Liczba postów: 19.072
Post: #2

RE: Foldery na pendrive zamieniają się w skróty.


Przeskanuj komputer Malwarebytes Anti-Malware i usuń to co znajdzie. Zrób też logi OTL'em, znajdziesz w dziale instrukcję jak to zrobić.

Żyj tak, aby twoim znajomym zrobiło się nudno, kiedy umrzesz.
[Obrazek: Lady_In_Blue.gif]
[Obrazek: sygnaasia.png]

Windows ❼ Forum

15.09.2014 18:34

Odwiedź stronę użytkownika Znajdź wszystkie posty użytkownika
Odpowiedz cytując ten post
irocket
Senior Moderator

Liczba postów: 2.337
Post: #3

RE: Foldery na pendrive zamieniają się w skróty.


Możesz sprawdzić też pendrive na innym komputerze, na którym zainstalowany, zaktualizowany i uruchomiony jest antywirus (żeby nie roznosić ewentualnego syfu)

15.09.2014 18:37

Znajdź wszystkie posty użytkownika
Odpowiedz cytując ten post
Rambdal
Młodszy user systemu

Liczba postów: 76
Post: #4

RE: Foldery na pendrive zamieniają się w skróty.


Kod:
OTL logfile created on:  2014-09-15 20: 48: 48 - Run 3
OTL by OldTimer - Version 3.2.69.0     Folder = C: \Users\Rambdal\Downloads\OTL
64bit- Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale:  00000415 | Country:  Polska | Language:  PLK | Date Format:  yyyy-MM-dd

3,99 Gb Total Physical Memory | 2,65 Gb Available Physical Memory | 66,22% Memory free
7,99 Gb Paging File | 6,26 Gb Available in Paging File | 78,34% Paging File free
Paging file location(s):  ?: \pagefile.sys [binary data]

%SystemDrive% = C:  | %SystemRoot% = C: \Windows | %ProgramFiles% = C: \Program Files (x86)
Drive C:  | 55,78 Gb Total Space | 25,99 Gb Free Space | 46,60% Space Free | Partition Type:  NTFS
Drive D:  | 370,55 Gb Total Space | 80,19 Gb Free Space | 21,64% Space Free | Partition Type:  NTFS
Drive F:  | 7,38 Gb Total Space | 2,33 Gb Free Space | 31,55% Space Free | Partition Type:  FAT32
Drive G:  | 11,50 Gb Total Space | 6,96 Gb Free Space | 60,53% Space Free | Partition Type:  FAT32

Computer Name:  RAMBDALSKI | User Name:  Rambdal | Logged in as Administrator.
Boot Mode:  Normal | Scan Mode:  Current user | Include 64bit Scans
Company Name Whitelist:  Off | Skip Microsoft Files:  Off | No Company Name Whitelist:  On | File Age = 30 Days

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - [2014-09-15 07: 01: 12 | 000,602,112 | ---- | M] (OldTimer Tools) -- C: \Users\Rambdal\Downloads\OTL\OTL.exe
PRC - [2014-08-31 22: 35: 14 | 000,230,792 | ---- | M] (Google Inc.) -- C: \Users\Rambdal\AppData\Local\Google\Update\1.3.24.15\GoogleCrashHandler.exe
PRC - [2014-05-12 07: 24: 42 | 000,860,472 | ---- | M] (Malwarebytes Corporation) -- C: \Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
PRC - [2014-05-12 07: 24: 40 | 001,809,720 | ---- | M] (Malwarebytes Corporation) -- C: \Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
PRC - [2014-05-12 07: 24: 34 | 006,970,168 | ---- | M] (Malwarebytes Corporation) -- C: \Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
PRC - [2013-03-01 10: 55: 00 | 000,638,976 | ---- | M] (Futuredial Inc.) -- C: \Program Files (x86)\ASUS\ASUS Sync\asusUPCTLoader.exe
PRC - [2011-04-05 11: 39: 46 | 001,518,976 | ---- | M] () -- C: \Program Files (x86)\Ashampoo\Ashampoo HDD Control 2\AHDDC2_Service.exe
PRC - [2011-01-10 14: 49: 20 | 000,014,848 | ---- | M] () -- C: \Program Files (x86)\Dokan\DokanLibrary\mounter.exe
PRC - [2010-10-21 22: 53: 54 | 001,211,216 | ---- | M] (Logitech, Inc.) -- C: \Program Files\Common Files\Logishrd\sp6\LU\LogitechUpdate.exe
PRC - [2010-10-21 22: 53: 46 | 000,341,328 | ---- | M] (Logitech, Inc.) -- C: \Program Files\Common Files\Logishrd\sp6\LU\LULnchr.exe


[color=#E56717]========== Modules (No Company Name) ==========[/color]

MOD - [2014-09-04 05: 01: 18 | 000,331,592 | ---- | M] () -- C: \Users\Rambdal\AppData\Local\Google\Chrome\Application\37.0.2062.120\ppGoogleNaClPluginChrome.dll​
MOD - [2014-09-04 05: 01: 17 | 014,891,848 | ---- | M] () -- C: \Users\Rambdal\AppData\Local\Google\Chrome\Application\37.0.2062.120\PepperFlash\pepflashplayer.d​ll
MOD - [2014-09-04 05: 01: 16 | 008,577,864 | ---- | M] () -- C: \Users\Rambdal\AppData\Local\Google\Chrome\Application\37.0.2062.120\pdf.dll
MOD - [2014-09-04 05: 01: 12 | 001,098,056 | ---- | M] () -- C: \Users\Rambdal\AppData\Local\Google\Chrome\Application\37.0.2062.120\libglesv2.dll
MOD - [2014-09-04 05: 01: 10 | 000,174,408 | ---- | M] () -- C: \Users\Rambdal\AppData\Local\Google\Chrome\Application\37.0.2062.120\libegl.dll
MOD - [2014-09-04 05: 01: 09 | 001,660,232 | ---- | M] () -- C: \Users\Rambdal\AppData\Local\Google\Chrome\Application\37.0.2062.120\ffmpegsumo.dll
MOD - [2013-03-01 10: 55: 00 | 000,559,244 | ---- | M] () -- C: \Program Files (x86)\ASUS\ASUS Sync\sqlite3.7.dll
MOD - [2013-03-01 10: 55: 00 | 000,516,599 | ---- | M] () -- C: \Program Files (x86)\ASUS\ASUS Sync\sqlite3.dll
MOD - [2013-03-01 10: 55: 00 | 000,356,352 | ---- | M] () -- C: \Program Files (x86)\ASUS\ASUS Sync\asusDetect.dll
MOD - [2013-03-01 10: 55: 00 | 000,147,456 | ---- | M] () -- C: \Program Files (x86)\ASUS\ASUS Sync\asusDetectLegend.dll
MOD - [2013-03-01 10: 55: 00 | 000,139,264 | ---- | M] () -- C: \Program Files (x86)\ASUS\ASUS Sync\asusDisk.dll
MOD - [2013-03-01 10: 55: 00 | 000,094,208 | ---- | M] () -- C: \Program Files (x86)\ASUS\ASUS Sync\fdHttpd.dll


[color=#E56717]========== Services (SafeList) ==========[/color]

SRV: [b]64bit: [/b] - [2011-09-27 21: 04: 08 | 000,359,192 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C: \Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV: [b]64bit: [/b] - [2009-07-14 03: 41: 27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C: \Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV: [b]64bit: [/b] - [2009-07-14 03: 40: 01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C: \Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2014-05-12 07: 24: 42 | 000,860,472 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C: \Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2014-05-12 07: 24: 40 | 001,809,720 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C: \Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2013-08-02 01: 24: 40 | 000,117,656 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C: \Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013-07-25 08: 52: 52 | 000,162,672 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C: \Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011-04-05 11: 39: 46 | 001,518,976 | ---- | M] () [Auto | Running] -- C: \Program Files (x86)\Ashampoo\Ashampoo HDD Control 2\AHDDC2_Service.exe -- (AHDDC2)
SRV - [2011-01-10 14: 49: 20 | 000,014,848 | ---- | M] () [Auto | Running] -- C: \Program Files (x86)\Dokan\DokanLibrary\mounter.exe -- (DokanMounter)
SRV - [2010-03-18 13: 16: 28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C: \Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009-08-24 22: 16: 12 | 000,544,768 | ---- | M] (mst software GmbH, Germany) [On_Demand | Stopped] -- C: \Program Files (x86)\Ashampoo\Ashampoo HDD Control 2\DfSdkS64.exe -- (DfSdkS)
SRV - [2009-06-10 23: 23: 09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C: \Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV: [b]64bit: [/b] - [2014-09-15 20: 40: 17 | 000,122,584 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C: \Windows\SysNative\drivers\MBAMSwissArmy.sys -- (MBAMSwissArmy)
DRV: [b]64bit: [/b] - [2014-05-12 07: 26: 10 | 000,063,704 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Running] -- C: \Windows\SysNative\drivers\mwac.sys -- (MBAMWebAccessControl)
DRV: [b]64bit: [/b] - [2014-05-12 07: 25: 56 | 000,025,816 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C: \Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV: [b]64bit: [/b] - [2013-08-26 05: 16: 14 | 000,834,544 | ---- | M] () [Kernel | Boot | Running] -- C: \Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV: [b]64bit: [/b] - [2011-09-02 08: 30: 36 | 000,060,696 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C: \Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)
DRV: [b]64bit: [/b] - [2011-09-02 08: 30: 24 | 000,066,840 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C: \Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)
DRV: [b]64bit: [/b] - [2011-01-10 14: 51: 40 | 000,120,408 | ---- | M] (Windows (R) Win 7 DDK provider) [File_System | Auto | Running] -- C: \Windows\SysNative\drivers\dokan.sys -- (Dokan)
DRV: [b]64bit: [/b] - [2009-07-14 03: 52: 21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C: \Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV: [b]64bit: [/b] - [2009-07-14 03: 52: 21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C: \Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV: [b]64bit: [/b] - [2009-07-14 03: 52: 20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C: \Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV: [b]64bit: [/b] - [2009-07-14 03: 48: 04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C: \Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV: [b]64bit: [/b] - [2009-07-14 03: 47: 48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C: \Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV: [b]64bit: [/b] - [2009-07-14 03: 47: 48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C: \Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV: [b]64bit: [/b] - [2009-07-14 03: 45: 55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C: \Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV: [b]64bit: [/b] - [2009-07-14 02: 06: 32 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C: \Windows\SysNative\drivers\usbser.sys -- (usbser)
DRV: [b]64bit: [/b] - [2009-06-20 04: 09: 57 | 001,394,688 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C: \Windows\SysNative\drivers\athrx.sys -- (athr)
DRV: [b]64bit: [/b] - [2009-06-10 23: 01: 06 | 001,146,880 | ---- | M] (LSI Corp) [Kernel | On_Demand | Stopped] -- C: \Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem)
DRV: [b]64bit: [/b] - [2009-06-10 22: 35: 33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C: \Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV: [b]64bit: [/b] - [2009-06-10 22: 34: 33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C: \Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV: [b]64bit: [/b] - [2009-06-10 22: 34: 28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C: \Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV: [b]64bit: [/b] - [2009-06-10 22: 34: 23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C: \Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV: [b]64bit: [/b] - [2009-06-10 22: 31: 59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C: \Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009-07-14 03: 19: 10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C: \Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


[color=#E56717]========== Standard Registry (SafeList) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]

IE: [b]64bit: [/b] - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE: [b]64bit: [/b] - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}:  "URL" = http: //www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}:  "URL" = http: //www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}:  "URL" = http: //www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings:  "ProxyEnable" = 0


[color=#E56717]========== FireFox ==========[/color]

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer:  C: \Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.3:  C: \Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3:  C: \Users\Rambdal\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9:  C: \Users\Rambdal\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.8\extensions\\Components:  C: \Program Files (x86)\Mozilla Thunderbird\components [2013-08-26 16: 26: 51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.8\extensions\\Plugins:  C: \Program Files (x86)\Mozilla Thunderbird\plugins

[2013-08-26 16: 28: 19 | 000,000,000 | ---D | M] (No name found) -- C: \Users\Rambdal\AppData\Roaming\mozilla\Extensions

[color=#E56717]========== Chrome  ==========[/color]

CHR - default_search_provider:   ()
CHR - default_search_provider:  search_url =
CHR - default_search_provider:  suggest_url =
CHR - homepage:  http: //www.google.com/
CHR - plugin:  Error reading preferences file
CHR - Extension:  Prezentacje Google = C: \Users\Rambdal\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.8_0\
CHR - Extension:  Dokumenty Google = C: \Users\Rambdal\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.7_0\
CHR - Extension:  Dysk Google = C: \Users\Rambdal\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension:  YouTube = C: \Users\Rambdal\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension:  Szukaj w Google = C: \Users\Rambdal\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension:  Arkusze Google = C: \Users\Rambdal\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.0_0\
CHR - Extension:  AdBlock = C: \Users\Rambdal\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.7.13_0\
CHR - Extension:  Google Wallet = C: \Users\Rambdal\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension:  Late Night = C: \Users\Rambdal\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgbdhkpacgdhfabeceekiafonfkipohm\1.0_0\
CHR - Extension:  Gmail = C: \Users\Rambdal\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File:  ([2009-06-10 23: 00: 26 | 000,000,824 | ---- | M]) - C: \Windows\SysNative\drivers\etc\hosts
O4: [b]64bit: [/b] - HKLM..\Run:  [EvtMgr6] C: \Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4 - HKLM..\Run:  [ASUS Sync Loader] C: \Program Files (x86)\ASUS\ASUS Sync\asusUPCTLoader.exe (Futuredial Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer:  NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer:  NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System:  ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System:  ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System:  EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System:  PromptOnSecureDesktop = 0
O9 - Extra 'Tools' menuitem :  Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C: \Program Files (x86)\Java\jre1.5.0_02\bin\npjpi150_02.dll (Sun Microsystems, Inc.)
O9 - Extra Button:  Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C: \PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O13[b]64bit: [/b] - gopher Prefix:  missing
O13 - gopher Prefix:  missing
O16 - DPF:  {8AD9C840-044E-11D1-B3E9-00805F499D93} http: //java.sun.com/update/1.5.0/jinstall-1_5_0_02-windows-i586.cab (Java Plug-in 1.5.0_02)
O16 - DPF:  {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} http: //java.sun.com/update/1.5.0/jinstall-1_5_0_02-windows-i586.cab (Java Plug-in 1.5.0_02)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters:  DhcpNameServer = 188.117.188.117 8.8.8.8
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{85F30DB8-1D32-4BD0-9693-C27CB2CBB124}:  DhcpNameServer = 188.117.188.117 8.8.8.8
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{95282F22-28AD-4A39-8696-9C8FFDA0D179}:  DhcpNameServer = 213.227.72.1 213.227.75.1
O18: [b]64bit: [/b] - Protocol\Handler\ms-help - No CLSID value found
O18: [b]64bit: [/b] - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C: \PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C: \PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20: [b]64bit: [/b] - HKLM Winlogon:  Shell - (explorer.exe) - C: \Windows\explorer.exe (Microsoft Corporation)
O20: [b]64bit: [/b] - HKLM Winlogon:  UserInit - (C: \Windows\system32\userinit.exe) - C: \Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon:  Shell - (explorer.exe) - C: \Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon:  UserInit - (userinit.exe) - C: \Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20: [b]64bit: [/b] - Winlogon\Notify\LBTWlgn:  DllName - (c: \program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c: \Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21: [b]64bit: [/b] - SSODL:  WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL:  WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom:  AutoRun - 1
O33 - MountPoints2\{d324797b-4270-11e3-b204-001377aba843}\Shell - "" = AutoRun
O33 - MountPoints2\{d324797b-4270-11e3-b204-001377aba843}\Shell\AutoRun\command - "" = F: \LaunchU3.exe -a
O34 - HKLM BootExecute:  (autocheck autochk *)
O35: [b]64bit: [/b] - HKLM\..comfile [open] -- "%1" %*
O35: [b]64bit: [/b] - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37: [b]64bit: [/b] - HKLM\...com [@ = comfile] -- "%1" %*
O37: [b]64bit: [/b] - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows:  (ServerDll=winsrv: UserServerDllInitialization,3)
O38 - SubSystems\\Windows:  (ServerDll=winsrv: ConServerDllInitialization,2)
O38 - SubSystems\\Windows:  (ServerDll=sxssrv,4)

NetSvcs: [b]64bit: [/b] AppMgmt - C: \Windows\SysNative\appmgmts.dll (Microsoft Corporation)

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2014-09-15 19: 52: 17 | 000,122,584 | ---- | C] (Malwarebytes Corporation) -- C: \Windows\SysNative\drivers\MBAMSwissArmy.sys
[2014-09-15 19: 51: 52 | 000,000,000 | ---D | C] -- C: \ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
[2014-09-15 19: 51: 49 | 000,091,352 | ---- | C] (Malwarebytes Corporation) -- C: \Windows\SysNative\drivers\mbamchameleon.sys
[2014-09-15 19: 51: 49 | 000,063,704 | ---- | C] (Malwarebytes Corporation) -- C: \Windows\SysNative\drivers\mwac.sys
[2014-09-15 19: 51: 49 | 000,025,816 | ---- | C] (Malwarebytes Corporation) -- C: \Windows\SysNative\drivers\mbam.sys
[2014-09-15 19: 51: 49 | 000,000,000 | ---D | C] -- C: \Program Files (x86)\Malwarebytes Anti-Malware
[2014-09-15 19: 51: 49 | 000,000,000 | ---D | C] -- C: \ProgramData\Malwarebytes
[2014-09-15 18: 07: 53 | 000,000,000 | ---D | C] -- C: \Users\Rambdal\Doctor Web
[2014-09-13 16: 29: 58 | 000,000,000 | ---D | C] -- C: \Program Files\Windows Sidebar
[2014-09-13 16: 23: 13 | 000,000,000 | ---D | C] -- C: \ProgramData\AVAST Software
[2014-09-13 12: 32: 36 | 000,000,000 | ---D | C] -- C: \Users\Rambdal\AppData\Roaming\TS3Client
[2014-09-13 12: 31: 52 | 000,000,000 | ---D | C] -- C: \ProgramData\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client
[2014-09-13 12: 31: 52 | 000,000,000 | ---D | C] -- C: \Program Files (x86)\TeamSpeak 3 Client
[2014-09-12 23: 51: 47 | 000,000,000 | ---D | C] -- C: \Program Files (x86)\ESET
[2014-09-09 18: 24: 01 | 000,000,000 | ---D | C] -- C: \ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2014-09-09 18: 24: 01 | 000,000,000 | ---D | C] -- C: \Program Files (x86)\Common Files\Skype
[2014-09-08 06: 22: 06 | 000,000,000 | ---D | C] -- C: \Users\Rambdal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\XVM FULL 5.3.3 conf by DjVirusPL 0.9.2 v1
[2014-09-08 06: 15: 35 | 000,000,000 | ---D | C] -- C: \Users\Rambdal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ModPack by DjVirusPL FULL  0.9.2 v3
[2014-09-02 23: 45: 39 | 000,000,000 | ---D | C] -- C: \Windows\Minidump
[2014-08-31 22: 30: 17 | 000,000,000 | ---D | C] -- C: \Users\Rambdal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2014-08-31 21: 17: 30 | 000,000,000 | ---D | C] -- C: \Users\Rambdal\Desktop\CV
[2014-08-31 21: 17: 26 | 000,000,000 | ---D | C] -- C: \Users\Rambdal\Desktop\Żłobek

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[2014-09-15 20: 50: 14 | 001,600,270 | ---- | M] () -- C: \Windows\SysNative\PerfStringBackup.INI
[2014-09-15 20: 50: 14 | 000,715,256 | ---- | M] () -- C: \Windows\SysNative\perfh015.dat
[2014-09-15 20: 50: 14 | 000,630,604 | ---- | M] () -- C: \Windows\SysNative\perfh009.dat
[2014-09-15 20: 50: 14 | 000,145,188 | ---- | M] () -- C: \Windows\SysNative\perfc015.dat
[2014-09-15 20: 50: 14 | 000,113,526 | ---- | M] () -- C: \Windows\SysNative\perfc009.dat
[2014-09-15 20: 40: 45 | 000,001,066 | ---- | M] () -- C: \Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3100946446-86368217-4254799296-1000UA.job
[2014-09-15 20: 40: 17 | 000,122,584 | ---- | M] (Malwarebytes Corporation) -- C: \Windows\SysNative\drivers\MBAMSwissArmy.sys
[2014-09-15 20: 39: 45 | 000,067,584 | --S- | M] () -- C: \Windows\bootstat.dat
[2014-09-15 20: 39: 41 | 3216,990,208 | -HS- | M] () -- C: \hiberfil.sys
[2014-09-15 20: 39: 09 | 000,013,584 | -H-- | M] () -- C: \Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014-09-15 20: 39: 09 | 000,013,584 | -H-- | M] () -- C: \Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014-09-14 22: 40: 01 | 000,001,014 | ---- | M] () -- C: \Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3100946446-86368217-4254799296-1000Core.job
[2014-09-12 21: 12: 01 | 000,152,890 | ---- | M] () -- C: \Users\Rambdal\Desktop\5.png
[2014-09-12 19: 48: 02 | 000,569,263 | ---- | M] () -- C: \Users\Rambdal\Desktop\3.png
[2014-09-11 06: 32: 40 | 000,569,166 | ---- | M] () -- C: \Users\Rambdal\Desktop\2.png
[2014-09-11 06: 32: 32 | 000,574,711 | ---- | M] () -- C: \Users\Rambdal\Desktop\1.png
[2014-08-31 22: 46: 57 | 000,018,960 | ---- | M] (Logitech, Inc.) -- C: \Windows\SysNative\drivers\LNonPnP.sys

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2014-09-12 21: 12: 00 | 000,152,890 | ---- | C] () -- C: \Users\Rambdal\Desktop\5.png
[2014-09-12 19: 48: 02 | 000,569,263 | ---- | C] () -- C: \Users\Rambdal\Desktop\3.png
[2014-09-11 06: 32: 40 | 000,569,166 | ---- | C] () -- C: \Users\Rambdal\Desktop\2.png
[2014-09-11 06: 32: 32 | 000,574,711 | ---- | C] () -- C: \Users\Rambdal\Desktop\1.png
[2014-08-31 22: 46: 30 | 3216,990,208 | -HS- | C] () -- C: \hiberfil.sys
[2014-08-31 22: 30: 01 | 000,001,066 | ---- | C] () -- C: \Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3100946446-86368217-4254799296-1000UA.job
[2014-08-31 22: 30: 00 | 000,001,014 | ---- | C] () -- C: \Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3100946446-86368217-4254799296-1000Core.job
[2014-08-31 21: 17: 30 | 000,661,475 | ---- | C] () -- C: \Users\Rambdal\Desktop\all.m3u
[2014-08-31 21: 17: 30 | 000,002,086 | ---- | C] () -- C: \Users\Rambdal\Desktop\Mozilla Thunderbird.lnk
[2014-08-31 21: 17: 30 | 000,001,101 | ---- | C] () -- C: \Users\Rambdal\Desktop\kołysanki.m3u
[2014-08-31 21: 17: 30 | 000,000,898 | ---- | C] () -- C: \Users\Rambdal\Desktop\AQQ.lnk
[2014-08-31 21: 17: 26 | 000,000,870 | ---- | C] () -- C: \Users\Rambdal\Desktop\Downloads.lnk
[2013-08-31 21: 04: 48 | 000,004,096 | ---- | C] () -- C: \Windows\d3dx.dat
[2013-08-26 15: 45: 16 | 000,034,308 | ---- | C] () -- C: \ProgramData\mazuki.dll
[2013-08-26 15: 41: 08 | 000,164,352 | ---- | C] () -- C: \Windows\SysWow64\unrar.dll
[2013-08-26 15: 41: 06 | 003,596,288 | ---- | C] () -- C: \Windows\SysWow64\qt-dx331.dll
[2013-08-25 22: 54: 57 | 000,000,056 | -H-- | C] () -- C: \Windows\SysWow64\ezsidmv.dat
[2013-08-25 21: 14: 57 | 001,637,498 | ---- | C] () -- C: \Windows\SysWow64\PerfStringBackup.INI

[color=#E56717]========== ZeroAccess Check ==========[/color]

[2009-07-14 06: 55: 00 | 000,000,227 | RHS- | M] () -- C: \Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C: \Windows\SysNative\shell32.dll -- [2009-07-14 03: 41: 54 | 014,161,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2009-07-14 03: 16: 14 | 012,866,560 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C: \Windows\SysNative\wbem\fastprox.dll -- [2009-07-14 03: 40: 51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009-07-14 03: 15: 20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C: \Windows\SysNative\wbem\wbemess.dll -- [2009-07-14 03: 41: 56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

[color=#E56717]========== LOP Check ==========[/color]

[2013-10-11 20: 29: 50 | 000,000,000 | ---D | M] -- C: \Users\Rambdal\AppData\Roaming\ASUS
[2013-10-11 20: 30: 03 | 000,000,000 | ---D | M] -- C: \Users\Rambdal\AppData\Roaming\ASUS WebStorage
[2013-10-13 08: 17: 16 | 000,000,000 | ---D | M] -- C: \Users\Rambdal\AppData\Roaming\ASUS.AF361EFD06694D11175EA8BF6E21597A36AD9F1D.1
[2014-09-13 06: 30: 36 | 000,000,000 | ---D | M] -- C: \Users\Rambdal\AppData\Roaming\BitTorrent
[2013-09-09 22: 52: 56 | 000,000,000 | ---D | M] -- C: \Users\Rambdal\AppData\Roaming\DAEMON Tools Lite
[2013-10-11 20: 25: 10 | 000,000,000 | ---D | M] -- C: \Users\Rambdal\AppData\Roaming\eCareme
[2013-09-18 08: 23: 17 | 000,000,000 | ---D | M] -- C: \Users\Rambdal\AppData\Roaming\GHISLER
[2013-08-26 15: 21: 32 | 000,000,000 | ---D | M] -- C: \Users\Rambdal\AppData\Roaming\Leadertech
[2013-11-01 23: 04: 18 | 000,000,000 | ---D | M] -- C: \Users\Rambdal\AppData\Roaming\Mumble
[2013-08-26 16: 28: 17 | 000,000,000 | ---D | M] -- C: \Users\Rambdal\AppData\Roaming\Thunderbird
[2014-09-15 00: 28: 06 | 000,000,000 | ---D | M] -- C: \Users\Rambdal\AppData\Roaming\TS3Client
[2013-08-25 21: 41: 05 | 000,000,000 | ---D | M] -- C: \Users\Rambdal\AppData\Roaming\Wargaming.net
[2013-10-27 00: 49: 19 | 000,000,000 | ---D | M] -- C: \Users\Rambdal\AppData\Roaming\Wildfire

[color=#E56717]========== Purity Check ==========[/color]



[color=#E56717]========== Custom Scans ==========[/color]

[color=#A23BEC]< %systemdrive%\*.* >[/color]
[2009-07-14 03: 38: 58 | 000,383,562 | RHS- | M] () -- C: \bootmgr
[2013-08-25 21: 34: 00 | 000,008,192 | RHS- | M] () -- C: \BOOTSECT.BAK
[2013-08-25 20: 51: 58 | 000,008,192 | ---- | M] () -- C: \bootsect.lxe.bak
[2013-09-02 06: 59: 42 | 000,044,966 | ---- | M] () -- C: \BROM_DLL.log
[2013-08-25 21: 23: 24 | 000,383,592 | RHS- | M] () -- C: \gdrop
[2014-09-15 20: 39: 41 | 3216,990,208 | -HS- | M] () -- C: \hiberfil.sys
[2014-09-15 20: 39: 42 | 4289,323,008 | -HS- | M] () -- C: \pagefile.sys
[2013-10-11 20: 35: 39 | 000,000,276 | ---- | M] () -- C: \SSUUpdater.log
[2013-08-25 21: 23: 24 | 000,171,136 | RHS- | M] () -- C: \xeldr

< End of report >
Malware nic nie wykrył.

15.09.2014 19:56

Znajdź wszystkie posty użytkownika
Odpowiedz cytując ten post
LadyInBlue
Pani SuperMod

Liczba postów: 19.072
Post: #5

RE: Foldery na pendrive zamieniają się w skróty.


Dorzuć jeszcze drugi plik, nazywa się Extras.txt

Żyj tak, aby twoim znajomym zrobiło się nudno, kiedy umrzesz.
[Obrazek: Lady_In_Blue.gif]
[Obrazek: sygnaasia.png]

Windows ❼ Forum

15.09.2014 20:06

Odwiedź stronę użytkownika Znajdź wszystkie posty użytkownika
Odpowiedz cytując ten post
Rambdal
Młodszy user systemu

Liczba postów: 76
Post: #6

RE: Foldery na pendrive zamieniają się w skróty.


tylko ten się pokazał

15.09.2014 20:23

Znajdź wszystkie posty użytkownika
Odpowiedz cytując ten post
Illidan
Ekspert

Liczba postów: 1.024
Post: #7

RE: Foldery na pendrive zamieniają się w skróty.


Temat aktualny jeszcze?


30.09.2014 00:15

Znajdź wszystkie posty użytkownika
Odpowiedz cytując ten post
Odpowiedz

Podobne wątki
Wątek: Autor Odpowiedzi: Wyświetleń: Ostatni post
skróty zamiast folderów na pendrive 1szymon4 1 2.066 12.07.2015 07:58
Ostatni post: Yarec
Rozwiązany Foldery udostępnienia - kwestia do wyjaśnienia mrpablo 1 1.720 18.05.2013 23:56
Ostatni post: thermalfake
Rozwiązany Brak dostępu do pendrive'a (rozwiązany) artmasterp 4 11.307 03.09.2009 13:04
Ostatni post: artmasterp
« Starszy wątek | Nowszy wątek »

Temat został oceniony na 0 w skali 1-5 gwiazdek.
Zebrano 1 głosów.