Rambdal
Młodszy user systemu
Liczba postów: 76
|
RE: Foldery na pendrive zamieniają się w skróty.
Kod:
OTL logfile created on: 2014-09-15 20: 48: 48 - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C: \Users\Rambdal\Downloads\OTL
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd
3,99 Gb Total Physical Memory | 2,65 Gb Available Physical Memory | 66,22% Memory free
7,99 Gb Paging File | 6,26 Gb Available in Paging File | 78,34% Paging File free
Paging file location(s): ?: \pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C: \Windows | %ProgramFiles% = C: \Program Files (x86)
Drive C: | 55,78 Gb Total Space | 25,99 Gb Free Space | 46,60% Space Free | Partition Type: NTFS
Drive D: | 370,55 Gb Total Space | 80,19 Gb Free Space | 21,64% Space Free | Partition Type: NTFS
Drive F: | 7,38 Gb Total Space | 2,33 Gb Free Space | 31,55% Space Free | Partition Type: FAT32
Drive G: | 11,50 Gb Total Space | 6,96 Gb Free Space | 60,53% Space Free | Partition Type: FAT32
Computer Name: RAMBDALSKI | User Name: Rambdal | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
[color=#E56717]========== Processes (SafeList) ==========[/color]
PRC - [2014-09-15 07: 01: 12 | 000,602,112 | ---- | M] (OldTimer Tools) -- C: \Users\Rambdal\Downloads\OTL\OTL.exe
PRC - [2014-08-31 22: 35: 14 | 000,230,792 | ---- | M] (Google Inc.) -- C: \Users\Rambdal\AppData\Local\Google\Update\1.3.24.15\GoogleCrashHandler.exe
PRC - [2014-05-12 07: 24: 42 | 000,860,472 | ---- | M] (Malwarebytes Corporation) -- C: \Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
PRC - [2014-05-12 07: 24: 40 | 001,809,720 | ---- | M] (Malwarebytes Corporation) -- C: \Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
PRC - [2014-05-12 07: 24: 34 | 006,970,168 | ---- | M] (Malwarebytes Corporation) -- C: \Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
PRC - [2013-03-01 10: 55: 00 | 000,638,976 | ---- | M] (Futuredial Inc.) -- C: \Program Files (x86)\ASUS\ASUS Sync\asusUPCTLoader.exe
PRC - [2011-04-05 11: 39: 46 | 001,518,976 | ---- | M] () -- C: \Program Files (x86)\Ashampoo\Ashampoo HDD Control 2\AHDDC2_Service.exe
PRC - [2011-01-10 14: 49: 20 | 000,014,848 | ---- | M] () -- C: \Program Files (x86)\Dokan\DokanLibrary\mounter.exe
PRC - [2010-10-21 22: 53: 54 | 001,211,216 | ---- | M] (Logitech, Inc.) -- C: \Program Files\Common Files\Logishrd\sp6\LU\LogitechUpdate.exe
PRC - [2010-10-21 22: 53: 46 | 000,341,328 | ---- | M] (Logitech, Inc.) -- C: \Program Files\Common Files\Logishrd\sp6\LU\LULnchr.exe
[color=#E56717]========== Modules (No Company Name) ==========[/color]
MOD - [2014-09-04 05: 01: 18 | 000,331,592 | ---- | M] () -- C: \Users\Rambdal\AppData\Local\Google\Chrome\Application\37.0.2062.120\ppGoogleNaClPluginChrome.dll
MOD - [2014-09-04 05: 01: 17 | 014,891,848 | ---- | M] () -- C: \Users\Rambdal\AppData\Local\Google\Chrome\Application\37.0.2062.120\PepperFlash\pepflashplayer.dll
MOD - [2014-09-04 05: 01: 16 | 008,577,864 | ---- | M] () -- C: \Users\Rambdal\AppData\Local\Google\Chrome\Application\37.0.2062.120\pdf.dll
MOD - [2014-09-04 05: 01: 12 | 001,098,056 | ---- | M] () -- C: \Users\Rambdal\AppData\Local\Google\Chrome\Application\37.0.2062.120\libglesv2.dll
MOD - [2014-09-04 05: 01: 10 | 000,174,408 | ---- | M] () -- C: \Users\Rambdal\AppData\Local\Google\Chrome\Application\37.0.2062.120\libegl.dll
MOD - [2014-09-04 05: 01: 09 | 001,660,232 | ---- | M] () -- C: \Users\Rambdal\AppData\Local\Google\Chrome\Application\37.0.2062.120\ffmpegsumo.dll
MOD - [2013-03-01 10: 55: 00 | 000,559,244 | ---- | M] () -- C: \Program Files (x86)\ASUS\ASUS Sync\sqlite3.7.dll
MOD - [2013-03-01 10: 55: 00 | 000,516,599 | ---- | M] () -- C: \Program Files (x86)\ASUS\ASUS Sync\sqlite3.dll
MOD - [2013-03-01 10: 55: 00 | 000,356,352 | ---- | M] () -- C: \Program Files (x86)\ASUS\ASUS Sync\asusDetect.dll
MOD - [2013-03-01 10: 55: 00 | 000,147,456 | ---- | M] () -- C: \Program Files (x86)\ASUS\ASUS Sync\asusDetectLegend.dll
MOD - [2013-03-01 10: 55: 00 | 000,139,264 | ---- | M] () -- C: \Program Files (x86)\ASUS\ASUS Sync\asusDisk.dll
MOD - [2013-03-01 10: 55: 00 | 000,094,208 | ---- | M] () -- C: \Program Files (x86)\ASUS\ASUS Sync\fdHttpd.dll
[color=#E56717]========== Services (SafeList) ==========[/color]
SRV: [b]64bit: [/b] - [2011-09-27 21: 04: 08 | 000,359,192 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C: \Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV: [b]64bit: [/b] - [2009-07-14 03: 41: 27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C: \Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV: [b]64bit: [/b] - [2009-07-14 03: 40: 01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C: \Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2014-05-12 07: 24: 42 | 000,860,472 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C: \Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2014-05-12 07: 24: 40 | 001,809,720 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C: \Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2013-08-02 01: 24: 40 | 000,117,656 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C: \Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013-07-25 08: 52: 52 | 000,162,672 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C: \Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011-04-05 11: 39: 46 | 001,518,976 | ---- | M] () [Auto | Running] -- C: \Program Files (x86)\Ashampoo\Ashampoo HDD Control 2\AHDDC2_Service.exe -- (AHDDC2)
SRV - [2011-01-10 14: 49: 20 | 000,014,848 | ---- | M] () [Auto | Running] -- C: \Program Files (x86)\Dokan\DokanLibrary\mounter.exe -- (DokanMounter)
SRV - [2010-03-18 13: 16: 28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C: \Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009-08-24 22: 16: 12 | 000,544,768 | ---- | M] (mst software GmbH, Germany) [On_Demand | Stopped] -- C: \Program Files (x86)\Ashampoo\Ashampoo HDD Control 2\DfSdkS64.exe -- (DfSdkS)
SRV - [2009-06-10 23: 23: 09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C: \Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
[color=#E56717]========== Driver Services (SafeList) ==========[/color]
DRV: [b]64bit: [/b] - [2014-09-15 20: 40: 17 | 000,122,584 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C: \Windows\SysNative\drivers\MBAMSwissArmy.sys -- (MBAMSwissArmy)
DRV: [b]64bit: [/b] - [2014-05-12 07: 26: 10 | 000,063,704 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Running] -- C: \Windows\SysNative\drivers\mwac.sys -- (MBAMWebAccessControl)
DRV: [b]64bit: [/b] - [2014-05-12 07: 25: 56 | 000,025,816 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C: \Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV: [b]64bit: [/b] - [2013-08-26 05: 16: 14 | 000,834,544 | ---- | M] () [Kernel | Boot | Running] -- C: \Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV: [b]64bit: [/b] - [2011-09-02 08: 30: 36 | 000,060,696 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C: \Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)
DRV: [b]64bit: [/b] - [2011-09-02 08: 30: 24 | 000,066,840 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C: \Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)
DRV: [b]64bit: [/b] - [2011-01-10 14: 51: 40 | 000,120,408 | ---- | M] (Windows (R) Win 7 DDK provider) [File_System | Auto | Running] -- C: \Windows\SysNative\drivers\dokan.sys -- (Dokan)
DRV: [b]64bit: [/b] - [2009-07-14 03: 52: 21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C: \Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV: [b]64bit: [/b] - [2009-07-14 03: 52: 21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C: \Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV: [b]64bit: [/b] - [2009-07-14 03: 52: 20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C: \Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV: [b]64bit: [/b] - [2009-07-14 03: 48: 04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C: \Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV: [b]64bit: [/b] - [2009-07-14 03: 47: 48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C: \Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV: [b]64bit: [/b] - [2009-07-14 03: 47: 48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C: \Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV: [b]64bit: [/b] - [2009-07-14 03: 45: 55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C: \Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV: [b]64bit: [/b] - [2009-07-14 02: 06: 32 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C: \Windows\SysNative\drivers\usbser.sys -- (usbser)
DRV: [b]64bit: [/b] - [2009-06-20 04: 09: 57 | 001,394,688 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C: \Windows\SysNative\drivers\athrx.sys -- (athr)
DRV: [b]64bit: [/b] - [2009-06-10 23: 01: 06 | 001,146,880 | ---- | M] (LSI Corp) [Kernel | On_Demand | Stopped] -- C: \Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem)
DRV: [b]64bit: [/b] - [2009-06-10 22: 35: 33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C: \Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV: [b]64bit: [/b] - [2009-06-10 22: 34: 33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C: \Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV: [b]64bit: [/b] - [2009-06-10 22: 34: 28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C: \Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV: [b]64bit: [/b] - [2009-06-10 22: 34: 23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C: \Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV: [b]64bit: [/b] - [2009-06-10 22: 31: 59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C: \Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009-07-14 03: 19: 10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C: \Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
[color=#E56717]========== Standard Registry (SafeList) ==========[/color]
[color=#E56717]========== Internet Explorer ==========[/color]
IE: [b]64bit: [/b] - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE: [b]64bit: [/b] - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http: //www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http: //www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http: //www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
[color=#E56717]========== FireFox ==========[/color]
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C: \Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.3: C: \Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C: \Users\Rambdal\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C: \Users\Rambdal\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.8\extensions\\Components: C: \Program Files (x86)\Mozilla Thunderbird\components [2013-08-26 16: 26: 51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.8\extensions\\Plugins: C: \Program Files (x86)\Mozilla Thunderbird\plugins
[2013-08-26 16: 28: 19 | 000,000,000 | ---D | M] (No name found) -- C: \Users\Rambdal\AppData\Roaming\mozilla\Extensions
[color=#E56717]========== Chrome ==========[/color]
CHR - default_search_provider: ()
CHR - default_search_provider: search_url =
CHR - default_search_provider: suggest_url =
CHR - homepage: http: //www.google.com/
CHR - plugin: Error reading preferences file
CHR - Extension: Prezentacje Google = C: \Users\Rambdal\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.8_0\
CHR - Extension: Dokumenty Google = C: \Users\Rambdal\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.7_0\
CHR - Extension: Dysk Google = C: \Users\Rambdal\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C: \Users\Rambdal\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Szukaj w Google = C: \Users\Rambdal\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Arkusze Google = C: \Users\Rambdal\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.0_0\
CHR - Extension: AdBlock = C: \Users\Rambdal\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.7.13_0\
CHR - Extension: Google Wallet = C: \Users\Rambdal\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: Late Night = C: \Users\Rambdal\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgbdhkpacgdhfabeceekiafonfkipohm\1.0_0\
CHR - Extension: Gmail = C: \Users\Rambdal\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
O1 HOSTS File: ([2009-06-10 23: 00: 26 | 000,000,824 | ---- | M]) - C: \Windows\SysNative\drivers\etc\hosts
O4: [b]64bit: [/b] - HKLM..\Run: [EvtMgr6] C: \Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4 - HKLM..\Run: [ASUS Sync Loader] C: \Program Files (x86)\ASUS\ASUS Sync\asusUPCTLoader.exe (Futuredial Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C: \Program Files (x86)\Java\jre1.5.0_02\bin\npjpi150_02.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C: \PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O13[b]64bit: [/b] - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http: //java.sun.com/update/1.5.0/jinstall-1_5_0_02-windows-i586.cab (Java Plug-in 1.5.0_02)
O16 - DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} http: //java.sun.com/update/1.5.0/jinstall-1_5_0_02-windows-i586.cab (Java Plug-in 1.5.0_02)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 188.117.188.117 8.8.8.8
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{85F30DB8-1D32-4BD0-9693-C27CB2CBB124}: DhcpNameServer = 188.117.188.117 8.8.8.8
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{95282F22-28AD-4A39-8696-9C8FFDA0D179}: DhcpNameServer = 213.227.72.1 213.227.75.1
O18: [b]64bit: [/b] - Protocol\Handler\ms-help - No CLSID value found
O18: [b]64bit: [/b] - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C: \PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C: \PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20: [b]64bit: [/b] - HKLM Winlogon: Shell - (explorer.exe) - C: \Windows\explorer.exe (Microsoft Corporation)
O20: [b]64bit: [/b] - HKLM Winlogon: UserInit - (C: \Windows\system32\userinit.exe) - C: \Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C: \Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C: \Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20: [b]64bit: [/b] - Winlogon\Notify\LBTWlgn: DllName - (c: \program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c: \Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21: [b]64bit: [/b] - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{d324797b-4270-11e3-b204-001377aba843}\Shell - "" = AutoRun
O33 - MountPoints2\{d324797b-4270-11e3-b204-001377aba843}\Shell\AutoRun\command - "" = F: \LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35: [b]64bit: [/b] - HKLM\..comfile [open] -- "%1" %*
O35: [b]64bit: [/b] - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37: [b]64bit: [/b] - HKLM\...com [@ = comfile] -- "%1" %*
O37: [b]64bit: [/b] - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv: UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv: ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
NetSvcs: [b]64bit: [/b] AppMgmt - C: \Windows\SysNative\appmgmts.dll (Microsoft Corporation)
[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]
[2014-09-15 19: 52: 17 | 000,122,584 | ---- | C] (Malwarebytes Corporation) -- C: \Windows\SysNative\drivers\MBAMSwissArmy.sys
[2014-09-15 19: 51: 52 | 000,000,000 | ---D | C] -- C: \ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
[2014-09-15 19: 51: 49 | 000,091,352 | ---- | C] (Malwarebytes Corporation) -- C: \Windows\SysNative\drivers\mbamchameleon.sys
[2014-09-15 19: 51: 49 | 000,063,704 | ---- | C] (Malwarebytes Corporation) -- C: \Windows\SysNative\drivers\mwac.sys
[2014-09-15 19: 51: 49 | 000,025,816 | ---- | C] (Malwarebytes Corporation) -- C: \Windows\SysNative\drivers\mbam.sys
[2014-09-15 19: 51: 49 | 000,000,000 | ---D | C] -- C: \Program Files (x86)\Malwarebytes Anti-Malware
[2014-09-15 19: 51: 49 | 000,000,000 | ---D | C] -- C: \ProgramData\Malwarebytes
[2014-09-15 18: 07: 53 | 000,000,000 | ---D | C] -- C: \Users\Rambdal\Doctor Web
[2014-09-13 16: 29: 58 | 000,000,000 | ---D | C] -- C: \Program Files\Windows Sidebar
[2014-09-13 16: 23: 13 | 000,000,000 | ---D | C] -- C: \ProgramData\AVAST Software
[2014-09-13 12: 32: 36 | 000,000,000 | ---D | C] -- C: \Users\Rambdal\AppData\Roaming\TS3Client
[2014-09-13 12: 31: 52 | 000,000,000 | ---D | C] -- C: \ProgramData\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client
[2014-09-13 12: 31: 52 | 000,000,000 | ---D | C] -- C: \Program Files (x86)\TeamSpeak 3 Client
[2014-09-12 23: 51: 47 | 000,000,000 | ---D | C] -- C: \Program Files (x86)\ESET
[2014-09-09 18: 24: 01 | 000,000,000 | ---D | C] -- C: \ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2014-09-09 18: 24: 01 | 000,000,000 | ---D | C] -- C: \Program Files (x86)\Common Files\Skype
[2014-09-08 06: 22: 06 | 000,000,000 | ---D | C] -- C: \Users\Rambdal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\XVM FULL 5.3.3 conf by DjVirusPL 0.9.2 v1
[2014-09-08 06: 15: 35 | 000,000,000 | ---D | C] -- C: \Users\Rambdal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ModPack by DjVirusPL FULL 0.9.2 v3
[2014-09-02 23: 45: 39 | 000,000,000 | ---D | C] -- C: \Windows\Minidump
[2014-08-31 22: 30: 17 | 000,000,000 | ---D | C] -- C: \Users\Rambdal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2014-08-31 21: 17: 30 | 000,000,000 | ---D | C] -- C: \Users\Rambdal\Desktop\CV
[2014-08-31 21: 17: 26 | 000,000,000 | ---D | C] -- C: \Users\Rambdal\Desktop\Żłobek
[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]
[2014-09-15 20: 50: 14 | 001,600,270 | ---- | M] () -- C: \Windows\SysNative\PerfStringBackup.INI
[2014-09-15 20: 50: 14 | 000,715,256 | ---- | M] () -- C: \Windows\SysNative\perfh015.dat
[2014-09-15 20: 50: 14 | 000,630,604 | ---- | M] () -- C: \Windows\SysNative\perfh009.dat
[2014-09-15 20: 50: 14 | 000,145,188 | ---- | M] () -- C: \Windows\SysNative\perfc015.dat
[2014-09-15 20: 50: 14 | 000,113,526 | ---- | M] () -- C: \Windows\SysNative\perfc009.dat
[2014-09-15 20: 40: 45 | 000,001,066 | ---- | M] () -- C: \Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3100946446-86368217-4254799296-1000UA.job
[2014-09-15 20: 40: 17 | 000,122,584 | ---- | M] (Malwarebytes Corporation) -- C: \Windows\SysNative\drivers\MBAMSwissArmy.sys
[2014-09-15 20: 39: 45 | 000,067,584 | --S- | M] () -- C: \Windows\bootstat.dat
[2014-09-15 20: 39: 41 | 3216,990,208 | -HS- | M] () -- C: \hiberfil.sys
[2014-09-15 20: 39: 09 | 000,013,584 | -H-- | M] () -- C: \Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014-09-15 20: 39: 09 | 000,013,584 | -H-- | M] () -- C: \Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014-09-14 22: 40: 01 | 000,001,014 | ---- | M] () -- C: \Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3100946446-86368217-4254799296-1000Core.job
[2014-09-12 21: 12: 01 | 000,152,890 | ---- | M] () -- C: \Users\Rambdal\Desktop\5.png
[2014-09-12 19: 48: 02 | 000,569,263 | ---- | M] () -- C: \Users\Rambdal\Desktop\3.png
[2014-09-11 06: 32: 40 | 000,569,166 | ---- | M] () -- C: \Users\Rambdal\Desktop\2.png
[2014-09-11 06: 32: 32 | 000,574,711 | ---- | M] () -- C: \Users\Rambdal\Desktop\1.png
[2014-08-31 22: 46: 57 | 000,018,960 | ---- | M] (Logitech, Inc.) -- C: \Windows\SysNative\drivers\LNonPnP.sys
[color=#E56717]========== Files Created - No Company Name ==========[/color]
[2014-09-12 21: 12: 00 | 000,152,890 | ---- | C] () -- C: \Users\Rambdal\Desktop\5.png
[2014-09-12 19: 48: 02 | 000,569,263 | ---- | C] () -- C: \Users\Rambdal\Desktop\3.png
[2014-09-11 06: 32: 40 | 000,569,166 | ---- | C] () -- C: \Users\Rambdal\Desktop\2.png
[2014-09-11 06: 32: 32 | 000,574,711 | ---- | C] () -- C: \Users\Rambdal\Desktop\1.png
[2014-08-31 22: 46: 30 | 3216,990,208 | -HS- | C] () -- C: \hiberfil.sys
[2014-08-31 22: 30: 01 | 000,001,066 | ---- | C] () -- C: \Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3100946446-86368217-4254799296-1000UA.job
[2014-08-31 22: 30: 00 | 000,001,014 | ---- | C] () -- C: \Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3100946446-86368217-4254799296-1000Core.job
[2014-08-31 21: 17: 30 | 000,661,475 | ---- | C] () -- C: \Users\Rambdal\Desktop\all.m3u
[2014-08-31 21: 17: 30 | 000,002,086 | ---- | C] () -- C: \Users\Rambdal\Desktop\Mozilla Thunderbird.lnk
[2014-08-31 21: 17: 30 | 000,001,101 | ---- | C] () -- C: \Users\Rambdal\Desktop\kołysanki.m3u
[2014-08-31 21: 17: 30 | 000,000,898 | ---- | C] () -- C: \Users\Rambdal\Desktop\AQQ.lnk
[2014-08-31 21: 17: 26 | 000,000,870 | ---- | C] () -- C: \Users\Rambdal\Desktop\Downloads.lnk
[2013-08-31 21: 04: 48 | 000,004,096 | ---- | C] () -- C: \Windows\d3dx.dat
[2013-08-26 15: 45: 16 | 000,034,308 | ---- | C] () -- C: \ProgramData\mazuki.dll
[2013-08-26 15: 41: 08 | 000,164,352 | ---- | C] () -- C: \Windows\SysWow64\unrar.dll
[2013-08-26 15: 41: 06 | 003,596,288 | ---- | C] () -- C: \Windows\SysWow64\qt-dx331.dll
[2013-08-25 22: 54: 57 | 000,000,056 | -H-- | C] () -- C: \Windows\SysWow64\ezsidmv.dat
[2013-08-25 21: 14: 57 | 001,637,498 | ---- | C] () -- C: \Windows\SysWow64\PerfStringBackup.INI
[color=#E56717]========== ZeroAccess Check ==========[/color]
[2009-07-14 06: 55: 00 | 000,000,227 | RHS- | M] () -- C: \Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C: \Windows\SysNative\shell32.dll -- [2009-07-14 03: 41: 54 | 014,161,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2009-07-14 03: 16: 14 | 012,866,560 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C: \Windows\SysNative\wbem\fastprox.dll -- [2009-07-14 03: 40: 51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009-07-14 03: 15: 20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C: \Windows\SysNative\wbem\wbemess.dll -- [2009-07-14 03: 41: 56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
[color=#E56717]========== LOP Check ==========[/color]
[2013-10-11 20: 29: 50 | 000,000,000 | ---D | M] -- C: \Users\Rambdal\AppData\Roaming\ASUS
[2013-10-11 20: 30: 03 | 000,000,000 | ---D | M] -- C: \Users\Rambdal\AppData\Roaming\ASUS WebStorage
[2013-10-13 08: 17: 16 | 000,000,000 | ---D | M] -- C: \Users\Rambdal\AppData\Roaming\ASUS.AF361EFD06694D11175EA8BF6E21597A36AD9F1D.1
[2014-09-13 06: 30: 36 | 000,000,000 | ---D | M] -- C: \Users\Rambdal\AppData\Roaming\BitTorrent
[2013-09-09 22: 52: 56 | 000,000,000 | ---D | M] -- C: \Users\Rambdal\AppData\Roaming\DAEMON Tools Lite
[2013-10-11 20: 25: 10 | 000,000,000 | ---D | M] -- C: \Users\Rambdal\AppData\Roaming\eCareme
[2013-09-18 08: 23: 17 | 000,000,000 | ---D | M] -- C: \Users\Rambdal\AppData\Roaming\GHISLER
[2013-08-26 15: 21: 32 | 000,000,000 | ---D | M] -- C: \Users\Rambdal\AppData\Roaming\Leadertech
[2013-11-01 23: 04: 18 | 000,000,000 | ---D | M] -- C: \Users\Rambdal\AppData\Roaming\Mumble
[2013-08-26 16: 28: 17 | 000,000,000 | ---D | M] -- C: \Users\Rambdal\AppData\Roaming\Thunderbird
[2014-09-15 00: 28: 06 | 000,000,000 | ---D | M] -- C: \Users\Rambdal\AppData\Roaming\TS3Client
[2013-08-25 21: 41: 05 | 000,000,000 | ---D | M] -- C: \Users\Rambdal\AppData\Roaming\Wargaming.net
[2013-10-27 00: 49: 19 | 000,000,000 | ---D | M] -- C: \Users\Rambdal\AppData\Roaming\Wildfire
[color=#E56717]========== Purity Check ==========[/color]
[color=#E56717]========== Custom Scans ==========[/color]
[color=#A23BEC]< %systemdrive%\*.* >[/color]
[2009-07-14 03: 38: 58 | 000,383,562 | RHS- | M] () -- C: \bootmgr
[2013-08-25 21: 34: 00 | 000,008,192 | RHS- | M] () -- C: \BOOTSECT.BAK
[2013-08-25 20: 51: 58 | 000,008,192 | ---- | M] () -- C: \bootsect.lxe.bak
[2013-09-02 06: 59: 42 | 000,044,966 | ---- | M] () -- C: \BROM_DLL.log
[2013-08-25 21: 23: 24 | 000,383,592 | RHS- | M] () -- C: \gdrop
[2014-09-15 20: 39: 41 | 3216,990,208 | -HS- | M] () -- C: \hiberfil.sys
[2014-09-15 20: 39: 42 | 4289,323,008 | -HS- | M] () -- C: \pagefile.sys
[2013-10-11 20: 35: 39 | 000,000,276 | ---- | M] () -- C: \SSUUpdater.log
[2013-08-25 21: 23: 24 | 000,171,136 | RHS- | M] () -- C: \xeldr
< End of report >
Malware nic nie wykrył.
|