x-kom hosting

Wysokie pingi, gubienie pakietów.

komputerowiec_16
utworzono
utworzono (edytowane)

Witam.

 

Otoz od okolo miesiaca borykam sie z duzymi pingami i czestym gubieniem pakietow. Problem wystepuje tylko na moim komputerze stacjonarnym. Byl serwis od dostawcy internetu i u nich zadnego bledu nie ma. Internet mam podlaczony bezposrednio pod karte sieciowa, nie posiadam zadnego routera. Jest to internet radiowy, lecz nigdy nie bylo z nim takich problemow.

 

Zdjecia pingowania lacza:
dq7vy1.jpg96khtw.jpg

 

Nizej przedstawiam logi z OTL oraz Gmer'a:

OTL

a) OTL.exe:
[log]

OTL logfile created on: 2014-05-08 17:23:08 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Majdi\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17041)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd
 
3,96 Gb Total Physical Memory | 1,57 Gb Available Physical Memory | 39,68% Memory free
7,93 Gb Paging File | 5,06 Gb Available in Paging File | 63,89% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 104,34 Gb Total Space | 64,28 Gb Free Space | 61,61% Space Free | Partition Type: NTFS
Drive D: | 361,33 Gb Total Space | 131,07 Gb Free Space | 36,28% Space Free | Partition Type: NTFS
Drive F: | 5,33 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: MAJDI-PC | User Name: Majdi | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014-05-08 17:16:18 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Majdi\Downloads\OTL.exe
PRC - [2014-04-30 10:37:41 | 001,397,880 | ---- | M] () -- C:\Program Files (x86)\Opera\21.0.1432.57\opera_crashreporter.exe
PRC - [2014-04-30 10:37:39 | 045,763,704 | ---- | M] (Opera Software) -- C:\Program Files (x86)\Opera\21.0.1432.57\opera.exe
PRC - [2014-04-26 06:07:01 | 001,266,520 | ---- | M] (BitTorrent Inc.) -- C:\Users\Majdi\AppData\Roaming\uTorrent\uTorrent.exe
PRC - [2014-04-01 07:44:15 | 004,023,360 | ---- | M] (GG Network S.A.) -- C:\Users\Majdi\AppData\Local\GG\Application\gghub.exe
PRC - [2014-04-01 07:44:15 | 000,132,672 | ---- | M] (GG Network S.A.) -- C:\Users\Majdi\AppData\Local\GG\Application\ggapp.exe
PRC - [2014-04-01 07:44:15 | 000,076,352 | ---- | M] (GG Network S.A.) -- C:\Users\Majdi\AppData\Local\GG\Application\xulrunner\gghub.exe
PRC - [2014-03-25 11:16:21 | 001,702,344 | ---- | M] (AIMP DevTeam) -- C:\Program Files (x86)\AIMP3\AIMP3.exe
PRC - [2014-03-04 13:32:56 | 000,411,936 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2014-02-19 15:00:30 | 005,222,976 | ---- | M] (GG Network S.A.) -- C:\Users\Majdi\AppData\Local\GG\Application\ggdrive\ggdrive.exe
PRC - [2013-12-21 08:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2014-04-30 10:37:46 | 000,877,688 | ---- | M] () -- C:\Program Files (x86)\Opera\21.0.1432.57\libGLESv2.dll
MOD - [2014-04-30 10:37:45 | 000,135,800 | ---- | M] () -- C:\Program Files (x86)\Opera\21.0.1432.57\libEGL.dll
MOD - [2014-04-30 10:37:43 | 000,957,048 | ---- | M] () -- C:\Program Files (x86)\Opera\21.0.1432.57\ffmpegsumo.dll
MOD - [2014-04-30 10:37:41 | 001,397,880 | ---- | M] () -- C:\Program Files (x86)\Opera\21.0.1432.57\opera_crashreporter.exe
MOD - [2014-04-29 20:36:57 | 016,351,920 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_206.dll
MOD - [2014-04-01 07:44:15 | 003,205,184 | ---- | M] () -- C:\Users\Majdi\AppData\Local\GG\Application\xulrunner\mozjs.dll
MOD - [2014-03-25 11:16:21 | 001,733,120 | ---- | M] () -- C:\Program Files (x86)\AIMP3\Modules\aimp_libvorbis.dll
MOD - [2014-03-25 11:16:21 | 000,505,344 | ---- | M] () -- C:\Program Files (x86)\AIMP3\sqlite3.dll
MOD - [2014-03-25 11:16:21 | 000,294,400 | ---- | M] () -- C:\Program Files (x86)\AIMP3\Modules\libFLAC.dll
MOD - [2014-03-25 11:16:21 | 000,237,568 | ---- | M] () -- C:\Program Files (x86)\AIMP3\Plugins\OptimFROG.dll
MOD - [2014-03-25 11:16:21 | 000,220,672 | ---- | M] () -- C:\Program Files (x86)\AIMP3\Modules\MACDll.dll
MOD - [2014-03-25 11:16:21 | 000,218,112 | ---- | M] () -- C:\Program Files (x86)\AIMP3\libsoxr.dll
MOD - [2014-03-25 11:16:21 | 000,141,768 | ---- | M] () -- C:\Program Files (x86)\AIMP3\Plugins\PandemicAnalogMeter.dll
MOD - [2014-03-25 11:16:21 | 000,072,136 | ---- | M] () -- C:\Program Files (x86)\AIMP3\Plugins\aimp_lastfm.dll
MOD - [2014-03-25 11:16:21 | 000,026,624 | ---- | M] () -- C:\Program Files (x86)\AIMP3\Plugins\Aorta.svp
MOD - [2014-02-19 15:00:30 | 016,166,248 | ---- | M] () -- C:\Users\Majdi\AppData\Local\GG\Application\FMSBWChecker\Adobe AIR\Versions\1.0\Resources\NPSWF32.dll
MOD - [2014-02-19 15:00:30 | 000,122,432 | ---- | M] () -- C:\Users\Majdi\AppData\Local\GG\Application\ggdrive\zlib1.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2014-03-06 10:29:14 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2013-05-27 07:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2010-12-13 15:37:16 | 000,194,416 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft LifeCam\MSCamS64.exe -- (MSCamSvc)
SRV - [2014-04-29 20:36:57 | 000,257,712 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014-03-04 13:32:56 | 000,411,936 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2013-12-21 08:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013-10-23 09:15:08 | 000,172,192 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013-09-11 22:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009-09-20 12:55:20 | 001,037,824 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2009-06-10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2014-04-02 14:02:01 | 000,283,064 | ---- | M] (Disc Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2014-03-25 00:03:02 | 000,344,680 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2013-10-02 04:22:20 | 000,056,832 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2013-01-19 01:52:08 | 000,046,568 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ISCTD64.sys -- (ISCT)
DRV:64bit: - [2012-08-23 16:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012-08-23 16:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012-03-01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011-05-13 03:21:04 | 000,177,640 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdm.sys -- (ssadmdm)
DRV:64bit: - [2011-05-13 03:21:04 | 000,146,920 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadserd.sys -- (ssadserd)
DRV:64bit: - [2011-05-13 03:21:02 | 000,157,672 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadbus.sys -- (ssadbus)
DRV:64bit: - [2011-05-13 03:21:02 | 000,036,328 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadadb.sys -- (androidusb)
DRV:64bit: - [2011-05-13 03:21:02 | 000,016,872 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdfl.sys -- (ssadmdfl)
DRV:64bit: - [2011-03-11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011-03-11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010-12-13 15:37:18 | 000,036,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nx6000.sys -- (MSHUSBVideo)
DRV:64bit: - [2010-11-21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010-10-20 00:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2009-07-14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009-07-14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009-07-14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009-06-10 22:35:58 | 000,047,872 | ---- | M] (VIA Technologies, Inc.              ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\fet6x64.sys -- (FETNDIS)
DRV:64bit: - [2009-06-10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009-06-10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009-06-10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009-06-10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009-07-14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-1230153739-321785479-325974831-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1230153739-321785479-325974831-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR
IE - HKU\S-1-5-21-1230153739-321785479-325974831-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_206.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_206.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2014-03-25 15:56:32 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2014-03-25 15:56:32 | 000,000,000 | ---D | M]
 
 
O1 HOSTS File: ([2009-06-10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [LifeCam] C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1230153739-321785479-325974831-1000..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (Disc Soft Ltd)
O4 - HKU\S-1-5-21-1230153739-321785479-325974831-1000..\Run: [GG] C:\Users\Majdi\AppData\Local\GG\Application\gghub.exe (GG Network S.A.)
O4 - HKU\S-1-5-21-1230153739-321785479-325974831-1000..\Run: [uTorrent] C:\Users\Majdi\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc.)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Majdi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B0F21119-83EE-46B8-B727-AD9C68901AD0}: NameServer = 82.160.204.2,82.160.204.3
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [1999-12-12 00:00:00 | 000,000,041 | R--- | M] () - F:\Autorun.inf -- [ CDFS ]
O33 - MountPoints2\{9694bdf9-b960-11e3-8326-002522ffe19c}\Shell - "" = AutoRun
O33 - MountPoints2\{9694bdf9-b960-11e3-8326-002522ffe19c}\Shell\AutoRun\command - "" = F:\setup.exe -- [1999-12-12 00:00:00 | 000,650,281 | R--- | M] (CODEX                                                       )
O33 - MountPoints2\{e9bf79e2-bbcd-11e3-a2dd-002522ffe19c}\Shell - "" = AutoRun
O33 - MountPoints2\{e9bf79e2-bbcd-11e3-a2dd-002522ffe19c}\Shell\AutoRun\command - "" = G:\setup.exe AUTORUN=1
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\setup.exe AUTORUN=1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014-05-07 02:38:03 | 000,000,000 | --SD | C] -- C:\Windows\SysNative\CompatTel
[2014-05-07 00:58:02 | 000,465,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aepdu.dll
[2014-05-07 00:58:02 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aeinv.dll
[2014-05-04 19:09:27 | 000,000,000 | -HSD | C] -- C:\Users\Majdi\AppData\Local\EmieUserList
[2014-05-04 19:09:27 | 000,000,000 | -HSD | C] -- C:\Users\Majdi\AppData\Local\EmieSiteList
[2014-04-30 14:53:56 | 000,000,000 | ---D | C] -- C:\Users\Majdi\AppData\Local\Diagnostics
[2014-04-28 13:31:00 | 000,574,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2014-04-28 13:31:00 | 000,440,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2014-04-28 13:30:57 | 000,548,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2014-04-28 13:30:51 | 000,586,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2014-04-28 13:30:51 | 000,038,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\JavaScriptCollectionAgent.dll
[2014-04-28 13:30:51 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2014-04-28 13:30:51 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollectorres.dll
[2014-04-28 13:30:50 | 000,752,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9diag.dll
[2014-04-28 13:30:50 | 000,453,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2014-04-28 13:30:50 | 000,296,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2014-04-28 13:30:50 | 000,195,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2014-04-28 13:30:50 | 000,164,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2014-04-28 13:30:49 | 000,628,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2014-04-28 13:30:49 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2014-04-28 13:30:49 | 000,112,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2014-04-28 13:30:49 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2014-04-28 13:30:49 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2014-04-28 13:30:49 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2014-04-28 13:30:49 | 000,032,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
[2014-04-28 13:30:46 | 000,846,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2014-04-28 13:30:46 | 000,704,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2014-04-28 13:30:46 | 000,592,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9diag.dll
[2014-04-28 13:30:46 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieetwproxystub.dll
[2014-04-28 13:30:46 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwproxystub.dll
[2014-04-28 13:30:45 | 000,940,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe
[2014-04-28 13:30:45 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollector.exe
[2014-04-28 13:30:43 | 002,043,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2014-04-28 13:30:43 | 001,967,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2014-04-28 13:30:41 | 005,784,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2014-04-28 11:12:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2014-04-28 11:12:21 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2014-04-28 11:12:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2014-04-28 00:36:34 | 000,000,000 | ---D | C] -- C:\Users\Majdi\Documents\Dokumenty AFi
[2014-04-25 20:56:38 | 000,000,000 | ---D | C] -- C:\Users\Majdi\Documents\DVDVideoSoft
[2014-04-25 20:56:11 | 000,000,000 | ---D | C] -- C:\Users\Majdi\AppData\Roaming\DVDVideoSoft
[2014-04-25 18:44:30 | 000,000,000 | ---D | C] -- C:\Users\Majdi\Documents\efile
[2014-04-25 18:44:30 | 000,000,000 | ---D | C] -- C:\Users\Majdi\AppData\Roaming\com.efile.epity2013
[2014-04-25 16:51:29 | 000,000,000 | ---D | C] -- C:\Users\Majdi\Documents\TrialsFusion
[2014-04-25 16:50:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trials Fusion
[2014-04-22 10:42:55 | 000,000,000 | ---D | C] -- C:\Users\Majdi\Documents\HeroBlade Logs
[2014-04-21 23:25:34 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\BitRaider
[2014-04-21 23:25:23 | 000,000,000 | ---D | C] -- C:\Users\Majdi\AppData\Local\SWTORPerf
[2014-04-21 23:24:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\BioWare
[2014-04-18 19:41:25 | 000,000,000 | ---D | C] -- C:\Users\Majdi\Desktop\500 Lajków!
[2014-04-18 00:26:26 | 000,000,000 | ---D | C] -- C:\Users\Majdi\AppData\Local\MixedInKey
[2014-04-18 00:25:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mixed In Key
[2014-04-18 00:25:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mixed In Key
[2014-04-16 15:20:10 | 000,000,000 | ---D | C] -- C:\Users\Majdi\AppData\Local\screenSHU
[2014-04-16 15:19:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\screenSHU
[2014-04-14 11:52:32 | 000,000,000 | ---D | C] -- C:\Users\Majdi\AppData\Local\Blizzard
[2014-04-14 11:41:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hearthstone
[2014-04-14 11:40:19 | 000,000,000 | ---D | C] -- C:\Users\Majdi\AppData\Local\Blizzard Entertainment
[2014-04-14 11:40:12 | 000,000,000 | ---D | C] -- C:\Users\Majdi\AppData\Roaming\Battle.net
[2014-04-14 11:40:12 | 000,000,000 | ---D | C] -- C:\Users\Majdi\AppData\Local\Battle.net
[2014-04-14 11:40:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Blizzard Entertainment
[2014-04-14 11:40:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Blizzard Entertainment
[2014-04-14 11:40:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battle.net
[2014-04-14 11:40:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Battle.net
[2014-04-14 11:38:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Battle.net
[2014-04-10 13:01:16 | 000,190,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\storport.sys
[2014-04-10 13:01:16 | 000,027,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\Diskdump.sys
[2014-04-10 13:01:16 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iologmsg.dll
[2014-04-10 13:01:16 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iologmsg.dll
[2014-04-10 13:01:14 | 001,163,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2014-04-10 13:01:14 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll
[2014-04-10 13:01:14 | 000,243,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2014-04-10 13:01:14 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2014-04-10 13:01:14 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll
[2014-04-10 13:01:14 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2014-04-10 13:01:14 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll
[2014-04-10 13:01:14 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2014-04-10 13:01:14 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2014-04-10 13:01:14 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2014-04-08 22:53:39 | 000,000,000 | ---D | C] -- C:\Users\Majdi\Desktop\Untitled Export
[2014-04-08 22:41:56 | 000,000,000 | ---D | C] -- C:\Users\Majdi\Documents\Adobe
[2014-04-08 22:26:06 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2014-04-08 22:25:21 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
 
========== Files - Modified Within 30 Days ==========
 
[2014-05-08 17:25:34 | 000,671,352 | ---- | M] () -- C:\Users\Majdi\Desktop\pingi2.jpg
[2014-05-08 17:22:41 | 000,302,563 | ---- | M] () -- C:\Users\Majdi\Desktop\pingi.jpg
[2014-05-08 16:57:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014-05-08 16:00:07 | 000,021,296 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014-05-08 16:00:07 | 000,021,296 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014-05-08 15:57:15 | 000,781,298 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014-05-08 15:57:15 | 000,653,526 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014-05-08 15:57:15 | 000,121,398 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014-05-08 15:52:55 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014-05-08 15:52:50 | 3192,688,640 | -HS- | M] () -- C:\hiberfil.sys
[2014-05-07 20:29:54 | 000,111,326 | ---- | M] () -- C:\Users\Majdi\Desktop\matma niewymiernosc.jpeg
[2014-05-02 22:05:32 | 077,430,699 | ---- | M] () -- C:\Users\Majdi\Desktop\[02.05.2014r.] MiDy - B-Day Party DJ Glancu [www.radio-viva.pl] [www.majdifp.tk].mp3
[2014-05-01 18:05:08 | 083,209,194 | ---- | M] () -- C:\Users\Majdi\Desktop\[01.05.2014r.] MiDy - Majówka z Vivą! [www,radio-viva.pl] [www.majdifp.tk].mp3
[2014-05-01 13:17:01 | 003,153,572 | ---- | M] () -- C:\Users\Majdi\Desktop\untitled.mp3
[2014-04-29 20:36:57 | 000,692,400 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2014-04-29 20:36:57 | 000,070,832 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2014-04-25 20:52:08 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2014-04-25 20:13:48 | 001,829,033 | ---- | M] () -- C:\Users\Majdi\Desktop\PIT-37 (19) [2014-04-25] Kupiec Bożena [ind.]
[2014-04-25 19:47:05 | 001,150,174 | ---- | M] () -- C:\Users\Majdi\Desktop\PIT-37 (19) [2014-04-25] Krzysztof Kupiec.pdf
[2014-04-23 23:51:13 | 000,024,316 | ---- | M] () -- C:\Users\Majdi\Documents\TR1_2842.pdf
[2014-04-21 23:24:01 | 000,000,000 | ---- | M] () -- C:\end
[2014-04-21 20:59:02 | 000,061,442 | ---- | M] () -- C:\Users\Majdi\Desktop\Untitled.jpg
[2014-04-21 20:37:50 | 092,063,040 | ---- | M] () -- C:\Users\Majdi\Desktop\1_midy.mp3
[2014-04-18 21:11:02 | 001,282,915 | ---- | M] () -- C:\Users\Majdi\Documents\D19940083.pdf
[2014-04-18 00:25:34 | 000,001,135 | ---- | M] () -- C:\Users\Majdi\Desktop\Mixed In Key.lnk
[2014-04-17 21:07:38 | 018,296,162 | ---- | M] () -- C:\Users\Majdi\Desktop\MiDy - Próbka z audycji (Podanie Radio FTB k. 4Clubbers).mp3
[2014-04-16 16:28:39 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_ssadadb_01005.Wdf
[2014-04-16 15:19:53 | 000,001,019 | ---- | M] () -- C:\Users\Majdi\Desktop\screenSHU.lnk
[2014-04-15 22:12:55 | 000,123,610 | ---- | M] () -- C:\Users\Majdi\Documents\1397592747-1001-14010.pdf
[2014-04-14 20:44:44 | 130,968,111 | ---- | M] () -- C:\Users\Majdi\Desktop\[14.04.2014r.]Paczka MP3 - MiDy (www.radio-viva.pl).rar
[2014-04-14 20:32:03 | 000,071,184 | ---- | M] () -- C:\Users\Majdi\Desktop\oie_THEgbhERyFQ0.png
[2014-04-14 11:41:54 | 000,000,808 | ---- | M] () -- C:\Users\Public\Desktop\Hearthstone.lnk
[2014-04-14 11:40:09 | 000,001,146 | ---- | M] () -- C:\Users\Public\Desktop\Battle.net.lnk
[2014-04-14 04:24:46 | 000,465,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\aepdu.dll
[2014-04-14 04:19:37 | 000,424,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\aeinv.dll
[2014-04-11 08:16:48 | 000,173,023 | ---- | M] () -- C:\Users\Majdi\Documents\Praeparanda_17.04.2014.pdf
[2014-04-10 16:59:06 | 000,112,573 | ---- | M] () -- C:\Users\Majdi\Documents\2012-12-19_milukante_4_mg,_5_mg_pil_2012-02-013_clean.pdf
[2014-04-10 16:34:21 | 000,224,894 | ---- | M] () -- C:\Users\Majdi\Documents\Harm_egzaminow_2014.pdf
[2014-04-08 22:26:05 | 000,002,055 | ---- | M] () -- C:\Users\Public\Desktop\Lightroom 5.2 64-bit.lnk
 
========== Files Created - No Company Name ==========
 
[2014-05-08 17:25:34 | 000,671,352 | ---- | C] () -- C:\Users\Majdi\Desktop\pingi2.jpg
[2014-05-08 17:16:01 | 000,302,563 | ---- | C] () -- C:\Users\Majdi\Desktop\pingi.jpg
[2014-05-07 20:30:15 | 000,111,326 | ---- | C] () -- C:\Users\Majdi\Desktop\matma niewymiernosc.jpeg
[2014-05-02 22:02:35 | 077,430,699 | ---- | C] () -- C:\Users\Majdi\Desktop\[02.05.2014r.] MiDy - B-Day Party DJ Glancu [www.radio-viva.pl] [www.majdifp.tk].mp3
[2014-05-01 18:00:05 | 083,209,194 | ---- | C] () -- C:\Users\Majdi\Desktop\[01.05.2014r.] MiDy - Majówka z Vivą! [www,radio-viva.pl] [www.majdifp.tk].mp3
[2014-05-01 13:16:41 | 003,153,572 | ---- | C] () -- C:\Users\Majdi\Desktop\untitled.mp3
[2014-04-25 20:54:33 | 039,944,663 | ---- | C] () -- C:\Users\Majdi\Desktop\WP_20140315_002.mp4
[2014-04-25 20:52:08 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2014-04-25 20:13:48 | 001,829,033 | ---- | C] () -- C:\Users\Majdi\Desktop\PIT-37 (19) [2014-04-25] Kupiec Bożena [ind.]
[2014-04-25 19:47:05 | 001,150,174 | ---- | C] () -- C:\Users\Majdi\Desktop\PIT-37 (19) [2014-04-25] Krzysztof Kupiec.pdf
[2014-04-23 23:51:12 | 000,024,316 | ---- | C] () -- C:\Users\Majdi\Documents\TR1_2842.pdf
[2014-04-21 23:24:00 | 000,000,000 | ---- | C] () -- C:\end
[2014-04-21 20:55:24 | 000,061,442 | ---- | C] () -- C:\Users\Majdi\Desktop\Untitled.jpg
[2014-04-21 20:35:39 | 092,063,040 | ---- | C] () -- C:\Users\Majdi\Desktop\1_midy.mp3
[2014-04-18 21:11:01 | 001,282,915 | ---- | C] () -- C:\Users\Majdi\Documents\D19940083.pdf
[2014-04-18 00:25:34 | 000,001,135 | ---- | C] () -- C:\Users\Majdi\Desktop\Mixed In Key.lnk
[2014-04-17 20:40:52 | 018,296,162 | ---- | C] () -- C:\Users\Majdi\Desktop\MiDy - Próbka z audycji (Podanie Radio FTB k. 4Clubbers).mp3
[2014-04-16 16:28:39 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_ssadadb_01005.Wdf
[2014-04-16 15:19:53 | 000,001,049 | ---- | C] () -- C:\Users\Majdi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\screenSHU.lnk
[2014-04-16 15:19:53 | 000,001,019 | ---- | C] () -- C:\Users\Majdi\Desktop\screenSHU.lnk
[2014-04-15 22:12:54 | 000,123,610 | ---- | C] () -- C:\Users\Majdi\Documents\1397592747-1001-14010.pdf
[2014-04-14 20:43:53 | 130,968,111 | ---- | C] () -- C:\Users\Majdi\Desktop\[14.04.2014r.]Paczka MP3 - MiDy (www.radio-viva.pl).rar
[2014-04-14 20:32:01 | 000,071,184 | ---- | C] () -- C:\Users\Majdi\Desktop\oie_THEgbhERyFQ0.png
[2014-04-14 11:41:54 | 000,000,808 | ---- | C] () -- C:\Users\Public\Desktop\Hearthstone.lnk
[2014-04-14 11:40:09 | 000,001,146 | ---- | C] () -- C:\Users\Public\Desktop\Battle.net.lnk
[2014-04-11 08:16:47 | 000,173,023 | ---- | C] () -- C:\Users\Majdi\Documents\Praeparanda_17.04.2014.pdf
[2014-04-10 16:59:06 | 000,112,573 | ---- | C] () -- C:\Users\Majdi\Documents\2012-12-19_milukante_4_mg,_5_mg_pil_2012-02-013_clean.pdf
[2014-04-10 16:34:20 | 000,224,894 | ---- | C] () -- C:\Users\Majdi\Documents\Harm_egzaminow_2014.pdf
[2014-04-08 22:26:05 | 000,002,075 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop Lightroom 5.2 64-bit.lnk
[2014-04-08 22:26:05 | 000,002,055 | ---- | C] () -- C:\Users\Public\Desktop\Lightroom 5.2 64-bit.lnk
[2014-03-25 15:53:56 | 000,205,840 | ---- | C] () -- C:\Windows\hpoins30.dat
[2014-03-25 15:53:56 | 000,000,587 | ---- | C] () -- C:\Windows\hpomdl30.dat
[2014-03-25 12:09:04 | 000,765,280 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012-07-02 22:11:02 | 000,016,384 | ---- | C] () -- C:\Windows\SysWow64\theowl.dll
 
========== ZeroAccess Check ==========
 
[2009-07-14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013-07-26 04:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013-07-26 03:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009-07-14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010-11-21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009-07-14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2014-05-08 17:19:44 | 000,000,000 | ---D | M] -- C:\Users\Majdi\AppData\Roaming\AIMP3
[2014-05-03 14:34:51 | 000,000,000 | ---D | M] -- C:\Users\Majdi\AppData\Roaming\Audacity
[2014-04-14 11:41:36 | 000,000,000 | ---D | M] -- C:\Users\Majdi\AppData\Roaming\Battle.net
[2014-04-25 18:44:30 | 000,000,000 | ---D | M] -- C:\Users\Majdi\AppData\Roaming\com.efile.epity2013
[2014-04-02 14:03:02 | 000,000,000 | ---D | M] -- C:\Users\Majdi\AppData\Roaming\DAEMON Tools Lite
[2014-05-08 17:00:43 | 000,000,000 | ---D | M] -- C:\Users\Majdi\AppData\Roaming\DVDVideoSoft
[2014-03-26 23:05:10 | 000,000,000 | ---D | M] -- C:\Users\Majdi\AppData\Roaming\FlowStone
[2014-05-08 15:59:34 | 000,000,000 | ---D | M] -- C:\Users\Majdi\AppData\Roaming\GG
[2014-03-26 22:59:23 | 000,000,000 | ---D | M] -- C:\Users\Majdi\AppData\Roaming\Image-Line
[2014-04-04 19:38:43 | 000,000,000 | ---D | M] -- C:\Users\Majdi\AppData\Roaming\LolClient
[2014-04-03 20:01:39 | 000,000,000 | ---D | M] -- C:\Users\Majdi\AppData\Roaming\MKKE
[2014-03-25 16:12:14 | 000,000,000 | ---D | M] -- C:\Users\Majdi\AppData\Roaming\OpenOffice.org
[2014-03-25 00:13:26 | 000,000,000 | ---D | M] -- C:\Users\Majdi\AppData\Roaming\Opera Software
[2014-03-27 14:43:25 | 000,000,000 | ---D | M] -- C:\Users\Majdi\AppData\Roaming\PhotoFiltre 7
[2014-05-04 21:44:53 | 000,000,000 | ---D | M] -- C:\Users\Majdi\AppData\Roaming\TS3Client
[2014-05-08 17:25:50 | 000,000,000 | ---D | M] -- C:\Users\Majdi\AppData\Roaming\uTorrent
[2014-04-01 11:25:19 | 000,000,000 | ---D | M] -- C:\Users\Majdi\AppData\Roaming\Wargaming.net
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 168 bytes -> C:\Users\Majdi\Desktop\zdjecie.jpeg:3or4kl4x13tuuug3Byamue2s4b
@Alternate Data Stream - 168 bytes -> C:\Users\Majdi\Desktop\matma niewymiernosc.jpeg:3or4kl4x13tuuug3Byamue2s4b
 
< End of report >
 

[/log]

 

b) Extras.exe:

[log]

OTL Extras logfile created on: 2014-05-08 17:23:08 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Majdi\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17041)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd
 
3,96 Gb Total Physical Memory | 1,57 Gb Available Physical Memory | 39,68% Memory free
7,93 Gb Paging File | 5,06 Gb Available in Paging File | 63,89% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 104,34 Gb Total Space | 64,28 Gb Free Space | 61,61% Space Free | Partition Type: NTFS
Drive D: | 361,33 Gb Total Space | 131,07 Gb Free Space | 36,28% Space Free | Partition Type: NTFS
Drive F: | 5,33 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: MAJDI-PC | User Name: Majdi | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = OperaStable] -- C:\Program Files (x86)\Opera\Launcher.exe (Opera Software)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = OperaStable] -- C:\Program Files (x86)\Opera\Launcher.exe (Opera Software)
 
[HKEY_USERS\S-1-5-21-1230153739-321785479-325974831-1000\SOFTWARE\Classes\<extension>]
.html [@ = OperaStable] -- C:\Program Files (x86)\Opera\Launcher.exe (Opera Software)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Opera\launcher.exe" -noautoupdate "%1" (Opera Software)
https [open] -- "C:\Program Files (x86)\Opera\launcher.exe" -noautoupdate "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Opera\launcher.exe" -noautoupdate "%1" (Opera Software)
https [open] -- "C:\Program Files (x86)\Opera\launcher.exe" -noautoupdate "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{05155327-F3F1-4DAE-9EBB-23170625887A}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.2787\agent.exe | 
"{07EAC154-4561-462E-BE33-48F704E3CF5E}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqsudi.exe | 
"{0A2F2AC6-6143-4346-92BA-9E1B899D3115}" = protocol=17 | dir=in | app=c:\users\majdi\appdata\roaming\utorrent\utorrent.exe | 
"{0D7D4276-3936-4472-9424-8D5E33DAF132}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifetray.exe | 
"{0E96DE71-90E8-4C8E-9AAC-F4B1F72FDEE0}" = protocol=17 | dir=in | app=c:\program files (x86)\battle.net\battle.net.exe | 
"{1053B7DD-42C2-491C-B858-2373362494F4}" = dir=in | app=c:\program files (x86)\hp\digital imaging\smart web printing\smartwebprintexe.exe | 
"{19662C45-0B9D-4C73-94D8-AEE62BCB5352}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgh.exe | 
"{19CA12FC-509E-4A95-8663-ABA9485B90D5}" = dir=in | app=c:\program files (x86)\hp\hp software update\hpwucli.exe | 
"{1A484A69-B0E5-48D4-90EB-4CED264E9CCD}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifeexp.exe | 
"{1C90AC67-72AA-4ED6-A8CF-F3FE12ABA8D5}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpfccopy.exe | 
"{2CF71BC3-6651-4527-830F-86862BC1D7C3}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifeenc2.exe | 
"{34D24968-4300-45BD-AC40-C9B68FF9F1B7}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgplgtupl.exe | 
"{3503E039-5FB2-4186-9A6C-564BF5AA9527}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpiscnapp.exe | 
"{367D322A-509A-4BEA-86B5-DB45C555CC78}" = protocol=6 | dir=in | app=c:\program files (x86)\battle.net\battle.net.exe | 
"{4667FF72-1C24-4858-8005-BE6A6D171078}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgm.exe | 
"{4AB27781-94AF-4913-8A07-BD7CC2982D1F}" = protocol=6 | dir=in | app=c:\users\majdi\appdata\roaming\utorrent\utorrent.exe | 
"{60759012-B138-48C7-B860-CDA7E1AABAA4}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.2816\agent.exe | 
"{6E0FA0CE-B21F-4BBD-955F-7B6E3ABCEC1D}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifecam.exe | 
"{717DF340-BABE-4E9B-963C-4EE04527F0B0}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpoews01.exe | 
"{71CC8FB0-BD55-4657-8E93-C6FFBA300A48}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqcopy2.exe | 
"{8144B321-C3C1-4A15-A9E6-011BFB7A3542}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposid01.exe | 
"{82DBE2D6-6A06-44B1-BE58-CDA8375CFB43}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{880AF032-D2B9-4FB6-9B5B-72364C7AB8F8}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqste08.exe | 
"{89AB1757-7E24-43D6-BA4A-33622619AE32}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifecam.exe | 
"{9063F5E4-10BD-4465-973E-5300D3C46CA4}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqtra08.exe | 
"{9381B6DD-03BD-4D97-8826-10BEF6F0C8A6}" = protocol=6 | dir=in | app=d:\hearthstone\hearthstone\hearthstone.exe | 
"{9A07765B-2AC2-4832-8C77-B9402DB5EDB0}" = protocol=17 | dir=in | app=d:\hearthstone\hearthstone\hearthstone.exe | 
"{A4C46923-E838-426C-863A-BCE1A052E13C}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqpsapp.exe | 
"{ACD0C9F4-9613-408C-B7C4-A5F2D566CD7C}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgpc01.exe | 
"{B6E7A18F-A17C-44ED-96BF-A63C4DB4012E}" = protocol=6 | dir=in | app=c:\users\majdi\downloads\utorrent.exe | 
"{BB0C9D7B-9870-4856-B014-3CF29A937C61}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifeexp.exe | 
"{BC8E3C14-03EE-4413-BE15-2F94DF3FF56E}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.2717\agent.exe | 
"{C4227C4D-484E-40D5-B246-C580D5BBC220}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.2816\agent.exe | 
"{C657CEBB-0CF2-44FD-A58E-66ED4FCB9191}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifeenc2.exe | 
"{C700F73F-4586-4776-925C-6530DD8EEB46}" = protocol=17 | dir=in | app=c:\users\majdi\downloads\utorrent.exe | 
"{D3E1206D-8D0C-4EB1-BD14-CD9986726FC5}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqpse.exe | 
"{E5DA7566-8E8B-4360-A02C-696B05915E99}" = dir=in | app=c:\program files (x86)\common files\hp\digital imaging\bin\hpqphotocrm.exe | 
"{F1A356F7-72EF-4C19-B16C-0C43EC856136}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.2717\agent.exe | 
"{F4AD1DE6-02C1-4412-9461-25555B2F2736}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqkygrp.exe | 
"{F4E11E9A-5FAE-46C2-BC51-A653E7292633}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.2787\agent.exe | 
"{F9745AFC-1FFE-46E2-9D9D-37E430DB032F}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifetray.exe | 
"TCP Query User{24955FC1-F591-43F4-A8A5-B2792BE38D87}D:\age of wonders iii\aow3.exe" = protocol=6 | dir=in | app=d:\age of wonders iii\aow3.exe | 
"TCP Query User{482F4028-E0B9-41CB-B41E-68DFE43056CC}D:\left 4 dead 2 2013 pc full game 2.1.2.5 mp+sp ^^nosteam^^\left4dead 2 2013\left4dead2.exe" = protocol=6 | dir=in | app=d:\left 4 dead 2 2013 pc full game 2.1.2.5 mp+sp ^^nosteam^^\left4dead 2 2013\left4dead2.exe | 
"TCP Query User{570C7342-E452-4B82-8564-9F91BE2E3119}D:\world of tanks\worldoftanks.exe" = protocol=6 | dir=in | app=d:\world of tanks\worldoftanks.exe | 
"TCP Query User{5BEFFD69-3B94-4DC3-9BA2-CD118B3FD71B}D:\world of tanks\wotlauncher.exe" = protocol=6 | dir=in | app=d:\world of tanks\wotlauncher.exe | 
"TCP Query User{7FFC4C65-6FC4-4145-9BCD-1AE4E8286135}D:\infinite crisis\infinitecrisis\infinitecrisis.exe" = protocol=6 | dir=in | app=d:\infinite crisis\infinitecrisis\infinitecrisis.exe | 
"TCP Query User{E8B7E18F-0D37-4BC4-9F2A-1591A12E4AEA}D:\mortal kombat\mortal kombat komplete edition\disccontentpc\mkke.exe" = protocol=6 | dir=in | app=d:\mortal kombat\mortal kombat komplete edition\disccontentpc\mkke.exe | 
"UDP Query User{48D19A05-EE61-41FA-8FCA-FF9CB61161B3}D:\infinite crisis\infinitecrisis\infinitecrisis.exe" = protocol=17 | dir=in | app=d:\infinite crisis\infinitecrisis\infinitecrisis.exe | 
"UDP Query User{4B208B27-A010-4023-81C9-4BC90ACA8D18}D:\age of wonders iii\aow3.exe" = protocol=17 | dir=in | app=d:\age of wonders iii\aow3.exe | 
"UDP Query User{5F6633FF-E038-49F5-A57C-7B3E3C89DB12}D:\world of tanks\wotlauncher.exe" = protocol=17 | dir=in | app=d:\world of tanks\wotlauncher.exe | 
"UDP Query User{85C16FE2-E52D-4572-8291-4E5D01F16517}D:\left 4 dead 2 2013 pc full game 2.1.2.5 mp+sp ^^nosteam^^\left4dead 2 2013\left4dead2.exe" = protocol=17 | dir=in | app=d:\left 4 dead 2 2013 pc full game 2.1.2.5 mp+sp ^^nosteam^^\left4dead 2 2013\left4dead2.exe | 
"UDP Query User{A708C074-3E84-4CB7-A62C-20AA296B9820}D:\world of tanks\worldoftanks.exe" = protocol=17 | dir=in | app=d:\world of tanks\worldoftanks.exe | 
"UDP Query User{EE9514FF-108F-49C9-BAAD-D7FCD7317FC9}D:\mortal kombat\mortal kombat komplete edition\disccontentpc\mkke.exe" = protocol=17 | dir=in | app=d:\mortal kombat\mortal kombat komplete edition\disccontentpc\mkke.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{05EFBF37-0E52-4579-875C-7EEF0DFB4FCB}" = Network64
"{54E6C675-3AD4-42E4-957F-31666ABF1603}" = Adobe Photoshop Lightroom 5.2 64-bit
"{55D55008-E5F6-47D6-B16F-B2A40D4D145F}" = 64 Bit HP CIO Components Installer
"{5CE7E3F5-9803-4F32-AA89-2D8848A80109}" = Microsoft LifeCam
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{7DEBE4EB-6B40-3766-BB35-5CBBC385DA37}" = Microsoft .NET Framework 4.5.1
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1
"{9C5A08BF-BB99-4998-81BD-F6CC32483B34}" = Microsoft Corporation
"{AA6F009F-0CCD-4DD6-A462-28419C101D54}" = HP Photosmart C4500 All-In-One Driver Software 13.0 Rel. 4
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 335.23
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 335.23
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 335.23
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller Driver 335.21
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.13.1220
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Photosmart Essential" = HP Photosmart Essential 3.5
"HP Smart Web Printing" = HP Smart Web Printing 4.51
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"Shop for HP Supplies" = Shop for HP Supplies
"Sylenth1_is1" = Sylenth1 v2.20
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"WinRAR archiver" = WinRAR 5.01 (64-bitowy)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0EF5BEA9-B9D3-46d7-8958-FB69A0BAEACC}" = Status
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{18192D3F-5537-4560-AD89-D695F72AF91D}" = OpenOffice.org 3.4.1
"{1EC71BFB-01A3-4239-B6AF-B1AE656B15C0}" = TrayApp
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{2FF8C687-DB7D-4adc-A5DC-57983EC25046}" = DeviceDiscovery
"{3C92B2E6-380D-4fef-B4DF-4A3B4B669771}" = Copy
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{681B698F-C997-42C3-B184-B489C6CA24C9}" = HPPhotoSmartDiscLabelContent1
"{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}" = Skype™ 6.14
"{80407BA7-7763-4395-AB98-5233F1B34E65}" = NVIDIA PhysX
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9DC11D9A-6DCD-4064-8363-63914A0122AB}" = C4500
"{AC76BA86-7AD7-1045-7B44-AB0000000001}" = Adobe Reader XI (11.0.06) - Polish
"{B3BC9DB1-0B0A-48B0-B86B-EA77CAA7F800}" = Microsoft Corporation
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CF408B76-8698-4298-B549-5E6A94931B64}" = PS_AIO_04_C4500_Software_Min
"{D79113E7-274C-470B-BD46-01B10219DF6A}" = HPPhotosmartEssential
"{DC635845-46D3-404B-BCB1-FC4A91091AFA}" = SmartWebPrinting
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"Adobe Flash Player ActiveX" = Adobe Flash Player 13 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 13 Plugin
"AIMP3" = AIMP3
"Audacity_is1" = Audacity 2.0.5
"Battle.net" = Battle.net
"DAEMON Tools Lite" = DAEMON Tools Lite
"FL Studio 11" = FL Studio 11
"FlowStone" = FlowStone FL 3.0
"Hearthstone" = Hearthstone
"IL Shared Libraries" = IL Shared Libraries
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Opera 21.0.1432.57" = Opera Stable 21.0.1432.57
"screenSHU" = screenSHU - the fastest screen capture ever.
"Virtual DJ - Atomix Productions" = Virtual DJ - Atomix Productions
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-1230153739-321785479-325974831-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"GG" = GG
"PhotoFiltre 7" = PhotoFiltre 7
"uTorrent" = µTorrent
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 2014-05-03 15:04:46 | Computer Name = Majdi-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 2014-05-03 15:13:09 | Computer Name = Majdi-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 2014-05-04 05:41:14 | Computer Name = Majdi-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 2014-05-04 08:05:33 | Computer Name = Majdi-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 2014-05-04 15:11:15 | Computer Name = Majdi-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 2014-05-06 18:54:10 | Computer Name = Majdi-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 2014-05-07 12:18:48 | Computer Name = Majdi-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 2014-05-08 00:36:26 | Computer Name = Majdi-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 2014-05-08 07:13:04 | Computer Name = Majdi-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 2014-05-08 09:54:42 | Computer Name = Majdi-PC | Source = WinMgmt | ID = 10
Description = 
 
[ System Events ]
Error - 2014-04-17 18:53:18 | Computer Name = Majdi-PC | Source = DCOM | ID = 10005
Description = 
 
Error - 2014-04-17 18:53:18 | Computer Name = Majdi-PC | Source = Service Control Manager | ID = 7038
Description = The upnphost service was unable to log on as NT AUTHORITY\LocalService
 with the currently configured password due to the following error:   %%1352    To ensure
 that the service is configured properly, use the Services snap-in in Microsoft 
Management Console (MMC).
 
Error - 2014-04-17 18:53:18 | Computer Name = Majdi-PC | Source = Service Control Manager | ID = 7000
Description = The UPnP Device Host service failed to start due to the following 
error:   %%1069
 
Error - 2014-04-18 11:09:41 | Computer Name = Majdi-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 17:08:54 on ?2014-?04-?18 was unexpected.
 
Error - 2014-04-21 17:25:34 | Computer Name = Majdi-PC | Source = Service Control Manager | ID = 7030
Description = The BitRaider Mini-Support Service service is marked as an interactive
 service.  However, the system is configured to not allow interactive services. 
 This service may not function properly.
 
Error - 2014-04-23 10:12:35 | Computer Name = Majdi-PC | Source = DCOM | ID = 10010
Description = 
 
Error - 2014-04-30 19:23:29 | Computer Name = Majdi-PC | Source = DCOM | ID = 10010
Description = 
 
Error - 2014-05-02 02:46:02 | Computer Name = Majdi-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 08:38:24 on ?2014-?05-?02 was unexpected.
 
Error - 2014-05-04 08:04:04 | Computer Name = Majdi-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 14:00:22 on ?2014-?05-?04 was unexpected.
 
Error - 2014-05-06 18:52:54 | Computer Name = Majdi-PC | Source = volsnap | ID = 393245
Description = The shadow copies of volume C: were aborted during detection.
 
 
< End of report >
 

[/log]

 

Gmer

 

a) Szybki skan zaraz po uruchomieniu:

[log]

GMER 2.1.19357 - http://www.gmer.net
Rootkit scan 2014-05-08 17:54:07
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 Intel___ rev.1.0. 465,77GB
Running: rs3n4bhj.exe; Driver: C:\Users\Majdi\AppData\Local\Temp\pgloypob.sys
 
 
---- Threads - GMER 2.1 ----
 
Thread   C:\Program Files\Windows Media Player\wmpnetwk.exe [2740:2428]                                                                                               000007fefb3d2a7c
Thread   C:\Program Files\Windows Media Player\wmpnetwk.exe [2740:2892]                                                                                               000007fef8a35124
Thread   C:\Windows\System32\svchost.exe [4836:4784]                                                                                                                  000007fef1919688
Thread   C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [4364:4120]                                                                                       0000000076b07587
Thread   C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [4364:4372]                                                                                       0000000062617712
Thread   C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [4364:992]                                                                                        0000000077542e65
Thread   C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [4364:4604]                                                                                       0000000077543e85
Thread   C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [4364:4972]                                                                                       0000000077543e85
---- Processes - GMER 2.1 ----
 
Library  C:\ProgramData\GG\ggdrive\ggdrive-overlay.dll (*** suspicious ***) @ C:\Windows\Explorer.EXE [1668] (GG drive overlay/GG Network S.A.)(2014-04-01 05:44:31)  000000005c080000
 
---- EOF - GMER 2.1 ----
 

[/log]

 

b) Skan normalny:
[log]

GMER 2.1.19357 - http://www.gmer.net
Rootkit scan 2014-05-08 18:05:01
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 Intel___ rev.1.0. 465,77GB
Running: rs3n4bhj.exe; Driver: C:\Users\Majdi\AppData\Local\Temp\pgloypob.sys
 
 
---- Kernel code sections - GMER 2.1 ----
 
INITKDBG  C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 528                                                                                           fffff80002dfb000 16 bytes [8B, E3, 41, 5F, 41, 5E, 41, ...]
INITKDBG  C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 545                                                                                           fffff80002dfb011 35 bytes {LEA ECX, [RSP+0x70]; CALL 0x3d64f}
 
---- User code sections - GMER 2.1 ----
 
.text     C:\Program Files (x86)\Skype\Phone\Skype.exe[2684] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                   00000000774c1465 2 bytes [4C, 77]
.text     C:\Program Files (x86)\Skype\Phone\Skype.exe[2684] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                  00000000774c14bb 2 bytes [4C, 77]
.text     ...                                                                                                                                                          * 2
.text     C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[700] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                     00000000774c1465 2 bytes [4C, 77]
.text     C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[700] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                    00000000774c14bb 2 bytes [4C, 77]
.text     ...                                                                                                                                                          * 2
 
---- Threads - GMER 2.1 ----
 
Thread    C:\Program Files\Windows Media Player\wmpnetwk.exe [2740:2428]                                                                                               000007fefb3d2a7c
Thread    C:\Program Files\Windows Media Player\wmpnetwk.exe [2740:2892]                                                                                               000007fef8a35124
Thread    C:\Windows\System32\svchost.exe [4836:4784]                                                                                                                  000007fef1919688
Thread    C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [4364:4120]                                                                                       0000000076b07587
Thread    C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [4364:4372]                                                                                       0000000062617712
Thread    C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [4364:992]                                                                                        0000000077542e65
Thread    C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [4364:4604]                                                                                       0000000077543e85
Thread    C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [4364:4972]                                                                                       0000000077543e85
---- Processes - GMER 2.1 ----
 
Library   C:\ProgramData\GG\ggdrive\ggdrive-overlay.dll (*** suspicious ***) @ C:\Windows\Explorer.EXE [1668] (GG drive overlay/GG Network S.A.)(2014-04-01 05:44:31)  000000005c080000
Library   C:\Users\Majdi\AppData\Local\Temp\Setup000007e0\OSETUPUI.DLL (*** suspicious ***) @ F:\SETUP.EXE [2016]                                                      000007feefde0000
 
---- EOF - GMER 2.1 ----

[/log]

 

Jezeli umiescilem temat w zlym dziale, to prosze o przeniesienie. Z gory przepraszam w razie pomylki.

szynszyl1337
komentarz
komentarz

Wpisz  "tracert (tu wpisz jakiś hosting)" i sprawdź w którym miejscu występuje problem.

W jaki sposób jest zbudowana twoja sieć ? (komputer > router > antena > i dalej nadajnik hosta ?)

Inne urządzenia są podpięte poprzez wifi czy kabel ? 

komputerowiec_16
komentarz
komentarz

Proszę, o to screen z komendy "tracert":
5luz4a.jpg

 

Jeżeli chodzi o budowę sieci. Z komputera idzie kabel do router'a, który jest umieszczony na górze klatki schodowej (mieszkam w bloku i łącze dzieli się na kilka mieszkańców), potem idzie kabel z routera do anteny, która jest umieszczona na dachu bloku i stamtad antena zbiera sygnał z hosta :)

 

Jak już pisałem, nie posiadam routera i kabel jest połączony bezpośrednio do komputera. Inne urządzenia nie są podpięte w jednym momencie :)

szynszyl1337
komentarz
komentarz

Wydaje mi się, że twój dostawca ma przeciążoną sieć i dlatego występują te problemy, przyczyną może też być źle zbudowana sieć i widać IP 10.0.0.5 gubi pakiety, co prawdopodobnie jest końcem sieci twojego dostawcy.

komputerowiec_16
komentarz
komentarz

No ale ten problem jest od miesiąca. W dodatku podczas wizyty serwisu podpieli kabel do swojego notebook'a i tam wszystko było okej. Problem jest tylko na moim stacjonarnym.

szynszyl1337
komentarz
komentarz (edytowane)

Skoro problem bez zależności w jakim czasie występuje tylko na jednym urządzeniu kup kartę sieciową, bo twoja obecna musi być uszkodzona np. http://www.morele.net/karta-sieciowa-zyxel-pci-1xrj45-10-100mbps-fn312-101729/ (oczywiście sprawdziłeś czy komputer nie pobiera aktualizacji bądź innych plików ?)

komputerowiec_16
komentarz
komentarz

Tez o tym pomyslalem, bo do tej pory kabel byl podlaczony pod zintegrowana karte sieciowa. Mialem w domu zewnetrzna karte, podlaczylem ją i problem niestety dalej sie powtarza ;/

szynszyl1337
komentarz
komentarz

Musisz sprawdzić czy twój komputer nie korzysta z sieci gdy ty jej nie używasz. 

W innym przypadku problem musi leżeć po stronie operatora.

komputerowiec_16
komentarz
komentarz

A jak mam to sprawdzić?

Zayfi
komentarz
komentarz

Ode mnie kilka słów: to nie jest problem infekcji.

 

Skasuj z dysku folder C:\end

komputerowiec_16
komentarz
komentarz

Jezeli to mialo pomoc, to nie pomoglo

Zayfi
komentarz
komentarz

Nie to nie miało pomóc. Nie lubie trywialnych postaw roszceniowych. Masz problemy stricte sieciowe.

Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!

Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.

×
×
  • Dodaj nową pozycję...

Powiadomienie o plikach cookie

Strona wykorzystuje pliki cookies w celu prawidłowego świadczenia usług i wygody użytkowników. Warunki przechowywania i dostępu do plików cookies możesz zmienić w ustawieniach przeglądarki.