Ostatnio zaczełem zauważać że gdy coś zgram na Pendrive’a niezależnie jakiego … zawsze plik normalny zamienia mi się w , skrót ‘’ pliku … Formatowałem pendrive’y , skanowałem antywirusem laptopa - Problem powraca . Jakaś rada ?
Podepnij pendrivy.Użyj USBFix z funkcji Usuń(Clean).Pokaż z niego log.
Pobierz Farbar Recovery Scan Tool http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/ zgodny z wersją systemu 32-bit lub 64-bit.
Uruchom FRST i kliknij Scan. Pokaż raport FRST i Addition.
Raporty umieść na http://wklej.org/ i podaj link.
Otwórz notatnik systemowy i wklej:
HKLM\...\Run: [RtHDVCpl] = C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11725928 2010-12-23] (Realtek Semiconductor)
HKLM-x32\...\RunOnce: [] = [X]
HKU\S-1-5-21-3307512037-3887559704-3403081824-1000\...\MountPoints2: {1be1055f-ee0f-11e2-827b-1c7508f93a4d} - G:\AutoRun.exe
HKU\S-1-5-21-3307512037-3887559704-3403081824-1000\...\MountPoints2: {1be10569-ee0f-11e2-827b-1c7508f93a4d} - G:\AutoRun.exe
HKU\S-1-5-21-3307512037-3887559704-3403081824-1000\...\MountPoints2: {2a43f439-8d30-11e4-8cff-1c7508f93a4d} - I:\Startme.exe
HKU\S-1-5-21-3307512037-3887559704-3403081824-1000\...\MountPoints2: {7895abfc-cacf-11e2-90ba-806e6f6e6963} - F:\DistinguishOS.exe
HKU\S-1-5-21-3307512037-3887559704-3403081824-1000\...\MountPoints2: {d15955a3-ed77-11e2-bc3c-1c7508f93a4d} - G:\AutoRun.exe
HKU\S-1-5-21-3307512037-3887559704-3403081824-1000\...\MountPoints2: {d15955a8-ed77-11e2-bc3c-1c7508f93a4d} - G:\AutoRun.exe
HKU\S-1-5-21-3307512037-3887559704-3403081824-1000\...\Winlogon: [Shell] C:\Windows\expstart.exe [925184 2014-12-03] () ==== ATTENTION
GroupPolicy: Group Policy on Chrome detected ======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction ======= ATTENTION
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
SearchScopes: HKU\.DEFAULT - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3307512037-3887559704-3403081824-1000 - {3933EEFC-F172-455E-B13D-6EE100C061CB} URL = http://search.yahoo.com/search?fr=chr-greentree_ieei=utf-8ilc=12type=501549p={searchTerms}
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
FF Extension: FT DeepDark - C:\Users\Dawid\AppData\Roaming\Mozilla\Firefox\Profiles\kj7h46q6.default-1390573546731\Extensions\{77d2ed30-4cd2-11e0-b8af-0800200c9a66} [2015-01-04]
CHR StartupUrls: Default - "hxxp://www.mystartsearch.com/?type=hpts=1418079454from=smtuid=TOSHIBAXMK7559GSXP_11I3F228SXX11I3F228S"
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.99\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.99\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.99\pdf.dll No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll No File
CHR Extension: (SourceApp) - C:\Users\Dawid\AppData\Local\Google\Chrome\User Data\Default\Extensions\cbhpcldfkfngnofgkbglpfapcbapknme [2014-11-23]
S2 PnkBstrA; No ImagePath
S2 PnkBstrB; No ImagePath
S3 hwdatacard; No ImagePath
S3 VGPU; No ImagePath
S3 xhunter1; No ImagePath
U3 a59119aw; C:\Windows\System32\Drivers\a59119aw.sys [0] (Broadcom Corporation) ==== ATTENTION (zero size file/folder)
R3 MBAMSwissArmy; \\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]
EmptyTemp:
Plik zapisz pod nazwą fixlist.txt i umieść obok FRST w tym samym folderze.
Laptop Już ogarnięty. Dziękować.
Jeśli to nie problem , czy mogę jeszcze FRST i ADDITION z PC(stacjonarnego) dodać do sprawdzenia?
Możesz.