Scan result of Farbar Recovery Scan Tool Version: 28-06-2012 02 Ran by SYSTEM at 29-06-2012 12:09:25 Running from G:\ Windows 7 Professional Service Pack 1 (X64) OS Language: Polish The current controlset is ControlSet001 ========================== Registry (Whitelisted) ============= HKLM\...\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe [x] HKLM\...\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1271168 2012-03-26] (Microsoft Corporation) HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-03] (Adobe Systems Incorporated) HKLM-x32\...\Run: [tvncontrol] "C:\Program Files (x86)\TightVNC\tvnserver.exe" -controlservice -slave [828944 2011-08-03] (GlavSoft LLC.) HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2012-01-18] (Sun Microsystems, Inc.) HKLM-x32\...\Run: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start [1987976 2012-02-28] (LogMeIn Inc.) HKLM-x32\...\Run: [IndexSearch] "C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe" [46368 2010-03-09] (Nuance Communications, Inc.) HKLM-x32\...\Run: [PaperPort PTD] "C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe" [29984 2010-03-09] (Nuance Communications, Inc.) HKLM-x32\...\Run: [PPort12reminder] "C:\Program Files (x86)\Nuance\PaperPort\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\PaperPort\12\Config\Ereg\Ereg.ini" [376 2012-06-29] () HKLM-x32\...\Run: [PDFHook] C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfpro5hook.exe [636192 2010-03-05] (Nuance Communications, Inc.) HKLM-x32\...\Run: [PDF5 Registry Controller] C:\Program Files (x86)\Nuance\PDF Viewer Plus\RegistryController.exe [62752 2010-03-05] (Nuance Communications, Inc.) HKLM-x32\...\Run: [ControlCenter4] C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe /autorun [139264 2011-04-20] (Brother Industries, Ltd.) HKLM-x32\...\Run: [BrStsMon00] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe /AUTORUN [2629632 2011-05-19] (Brother Industries, Ltd.) HKLM-x32\...\Run: [ATB manager] D:\AVR\SoftPack_ATB\ATBmanager\ATBmanager.exe [x] HKU\Wojciech Ferenc\...\Run: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler [222496 2009-05-05] (Acresso Corporation) HKU\Wojciech Ferenc\...\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun [3671872 2012-04-17] (DT Soft Ltd) Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 194.204.152.34 194.204.159.1 ==================== Services (Whitelisted) ====== 3 BrYNSvc; "C:\Program Files (x86)\Browny02\BrYNSvc.exe" [245760 2010-01-25] (Brother Industries, Ltd.) 2 Hamachi2Svc; "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe" -s [2343816 2012-02-28] (LogMeIn Inc.) 2 MsMpSvc; "C:\Program Files\Microsoft Security Client\MsMpEng.exe" [12600 2012-03-26] (Microsoft Corporation) 2 PDFProFiltSrvPP; C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [144672 2010-03-09] (Nuance Communications, Inc.) 2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [75136 2011-11-28] () 2 RapiMgr; C:\Windows\WindowsMobile\rapimgr.dll [225672 2007-05-31] (Microsoft Corporation) 2 tvnserver; "C:\Program Files (x86)\TightVNC\tvnserver.exe" -service [828944 2011-08-03] (GlavSoft LLC.) 2 WcesComm; C:\Windows\WindowsMobile\wcescomm.dll [443784 2007-05-31] (Microsoft Corporation) ========================== Drivers (Whitelisted) ============= 1 dtsoftbus01; C:\Windows\System32\Drivers\dtsoftbus01.sys [283200 2012-05-29] (DT Soft Ltd) 3 FTDIBUS; C:\Windows\System32\Drivers\FTDIBUS.sys [74376 2011-03-18] (FTDI Ltd.) 3 FTSER2K; C:\Windows\System32\Drivers\FTSER2K.sys [84808 2010-03-30] (FTDI Ltd.) 3 hamachi; C:\Windows\System32\Drivers\hamachi.sys [33856 2009-03-18] (LogMeIn, Inc.) 2 inpoutx64; C:\Windows\System32\Drivers\inpoutx64.sys [15008 2011-11-23] (Highresolution Enterprises [www.highrez.co.uk]) 3 NmPar; C:\Windows\System32\Drivers\NmPar.sys [95744 2010-01-12] (Windows (R) Codename Longhorn DDK provider) 3 nmserial; C:\Windows\System32\Drivers\nmserial.sys [75264 2010-01-07] (Windows (R) Codename Longhorn DDK provider) 3 NVENETFD; C:\Windows\System32\DRIVERS\nvm62x64.sys [408960 2009-06-10] (NVIDIA Corporation) 3 PYCH_CoreDriver; C:\Windows\System32\Drivers\PYCH_CoreDriver.sys [259080 2012-06-05] (Jungo) ========================== NetSvcs (Whitelisted) =========== ============ One Month Created Files and Folders ============== 2012-06-29 12:09 - 2012-06-29 12:09 - 00000000 ____D C:\FRST 2012-06-29 10:49 - 2012-06-29 10:49 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.753736FE89BDF613 2012-06-29 10:47 - 2012-06-29 10:47 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.888662AC693FC693 2012-06-29 10:44 - 2012-06-29 10:44 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.1DCC7EA2E0405D85 2012-06-29 10:41 - 2012-06-29 10:41 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.FF40DE6985294D36 2012-06-29 10:21 - 2012-06-29 10:22 - 00000000 ____D C:\Program Files\Microsoft Security Client 2012-06-29 10:21 - 2012-06-29 10:21 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client 2012-06-29 10:20 - 2012-06-29 10:21 - 12633984 ____A (Microsoft Corporation) C:\Users\Wojciech Ferenc\Desktop\mseinstall.exe 2012-06-29 10:10 - 2012-06-29 10:10 - 00677376 ____A C:\Users\Wojciech Ferenc\Desktop\MicrosoftFixit50687.msi 2012-06-28 18:17 - 2000-10-26 18:07 - 75673667 ____A C:\Users\Wojciech Ferenc\Desktop\Return Of The Time Machine.exe 2012-06-28 16:50 - 2012-06-28 16:50 - 00000000 __SHD C:\Windows\System32\%APPDATA% 2012-06-28 09:45 - 2012-06-28 09:45 - 00140832 ____A C:\Windows\SysWOW64\Drivers\str.sys 2012-06-28 09:41 - 2012-06-28 09:41 - 00000000 ____D C:\Windows\Sun 2012-06-24 19:33 - 2012-06-24 19:33 - 00009195 ____A C:\Users\Wojciech Ferenc\Desktop\czujnik_zmierzch.brd 2012-06-24 17:06 - 2012-06-24 17:06 - 00000000 ____D C:\Users\Wojciech Ferenc\Desktop\eagle-win-5.1.0 2012-06-24 17:02 - 2012-06-24 17:04 - 25409300 ____A C:\Users\Wojciech Ferenc\Desktop\eagle-win-5.1.0.zip 2012-06-21 10:06 - 2012-06-02 23:19 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll 2012-06-21 10:06 - 2012-06-02 23:19 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll 2012-06-21 10:06 - 2012-06-02 23:19 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe 2012-06-21 10:06 - 2012-06-02 23:19 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll 2012-06-21 10:06 - 2012-06-02 23:19 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll 2012-06-21 10:06 - 2012-06-02 23:15 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll 2012-06-21 10:06 - 2012-06-02 23:15 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll 2012-06-21 10:06 - 2012-06-02 14:19 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll 2012-06-21 10:06 - 2012-06-02 14:15 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe 2012-06-16 17:03 - 2012-06-16 18:35 - 00000000 ____D C:\AVRDUDE_FT232R 2012-06-16 16:47 - 2010-03-30 14:25 - 00055112 ____A (FTDI Ltd.) C:\Windows\System32\ftserui2.dll 2012-06-16 16:44 - 2012-06-16 16:44 - 00000000 ____D C:\Users\Wojciech Ferenc\workspace 2012-06-16 14:42 - 2012-06-16 18:46 - 00000000 ____D C:\WinAVR-20100110 2012-06-16 13:53 - 2012-06-16 13:53 - 00000000 ____D C:\Users\Wojciech Ferenc\AppData\Local\Macromedia 2012-06-15 16:21 - 2012-05-18 03:06 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll 2012-06-15 16:21 - 2012-05-18 02:59 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll 2012-06-15 16:21 - 2012-05-18 02:59 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll 2012-06-15 16:21 - 2012-05-18 02:58 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl 2012-06-15 16:21 - 2012-05-18 02:58 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll 2012-06-15 16:21 - 2012-05-18 02:56 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll 2012-06-15 16:21 - 2012-05-18 02:55 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll 2012-06-15 16:21 - 2012-05-18 02:55 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe 2012-06-15 16:21 - 2012-05-18 02:54 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll 2012-06-15 16:21 - 2012-05-18 02:51 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb 2012-06-15 16:21 - 2012-05-18 02:51 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll 2012-06-15 16:21 - 2012-05-18 02:47 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll 2012-06-15 16:21 - 2012-05-17 23:45 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2012-06-15 16:21 - 2012-05-17 23:36 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2012-06-15 16:21 - 2012-05-17 23:35 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2012-06-15 16:21 - 2012-05-17 23:35 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2012-06-15 16:21 - 2012-05-17 23:33 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll 2012-06-15 16:21 - 2012-05-17 23:31 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2012-06-15 16:21 - 2012-05-17 23:29 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2012-06-15 16:21 - 2012-05-17 23:29 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2012-06-15 16:21 - 2012-05-17 23:27 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2012-06-15 16:21 - 2012-05-17 23:25 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2012-06-15 16:21 - 2012-05-17 23:24 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2012-06-15 16:21 - 2012-05-17 23:20 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2012-06-15 16:20 - 2012-05-18 03:47 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll 2012-06-15 16:20 - 2012-05-18 03:16 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll 2012-06-15 16:20 - 2012-05-18 00:11 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2012-06-15 16:20 - 2012-05-17 23:48 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2012-06-15 16:20 - 2012-05-04 12:00 - 00366592 ____A (Microsoft Corporation) C:\Windows\System32\qdvd.dll 2012-06-15 16:20 - 2012-05-04 10:59 - 00514560 ____A (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll 2012-06-15 15:34 - 2012-04-26 06:41 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll 2012-06-15 15:34 - 2012-04-26 06:41 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll 2012-06-15 15:34 - 2012-04-26 06:34 - 00009216 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe 2012-06-15 15:33 - 2012-05-01 06:40 - 00209920 ____A (Microsoft Corporation) C:\Windows\System32\profsvc.dll 2012-06-15 14:49 - 2012-05-04 12:06 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe 2012-06-15 14:49 - 2012-05-04 11:03 - 03968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe 2012-06-15 14:49 - 2012-05-04 11:03 - 03913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe 2012-06-15 14:48 - 2012-05-15 02:32 - 03146752 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys 2012-06-15 14:48 - 2012-04-28 04:55 - 00210944 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys 2012-06-15 14:48 - 2012-04-24 06:37 - 01462272 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll 2012-06-15 14:48 - 2012-04-24 06:37 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll 2012-06-15 14:48 - 2012-04-24 06:37 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll 2012-06-15 14:48 - 2012-04-24 05:36 - 01158656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll 2012-06-15 14:48 - 2012-04-24 05:36 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll 2012-06-15 14:48 - 2012-04-24 05:36 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll 2012-06-15 14:48 - 2012-04-07 13:31 - 03216384 ____A (Microsoft Corporation) C:\Windows\System32\msi.dll 2012-06-15 14:48 - 2012-04-07 12:26 - 02342400 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll 2012-06-07 11:40 - 2012-06-07 11:40 - 00000000 ____D C:\Users\Wojciech Ferenc\AppData\Roaming\Patcher 2012-06-07 10:33 - 2012-06-07 11:35 - 00000000 ____D C:\Users\Wojciech Ferenc\Desktop\AM6.10D 2012-06-05 14:05 - 2012-06-05 14:05 - 00259080 ____A (Jungo) C:\Windows\System32\Drivers\PYCH_CoreDriver.sys 2012-06-05 14:05 - 2012-06-05 14:05 - 00000000 ____D C:\Windows\System32\ClonePlusDriver_x86_64bit ============ 3 Months Modified Files and Folders ============= 2012-06-29 12:09 - 2012-06-29 12:09 - 00000000 ____D C:\FRST 2012-06-29 10:51 - 2011-11-12 23:32 - 00000000 ____D C:\Users\Wojciech Ferenc\AppData\Local\LogMeIn Hamachi 2012-06-29 10:51 - 2011-11-12 19:22 - 00000000 ____D C:\Users\All Users\NVIDIA 2012-06-29 10:51 - 2009-07-14 06:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT 2012-06-29 10:51 - 2009-07-14 05:51 - 00073596 ____A C:\Windows\setupact.log 2012-06-29 10:49 - 2012-06-29 10:49 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.753736FE89BDF613 2012-06-29 10:47 - 2012-06-29 10:47 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.888662AC693FC693 2012-06-29 10:44 - 2012-06-29 10:44 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.1DCC7EA2E0405D85 2012-06-29 10:44 - 2012-01-11 17:26 - 00000000 __SHD C:\Users\Wojciech Ferenc\AppData\Local\{f0c79dd9-feaf-9725-47f4-d1b0f65aea46} 2012-06-29 10:41 - 2012-06-29 10:41 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.FF40DE6985294D36 2012-06-29 10:30 - 2011-11-12 17:36 - 02017667 ____A C:\Windows\WindowsUpdate.log 2012-06-29 10:22 - 2012-06-29 10:21 - 00000000 ____D C:\Program Files\Microsoft Security Client 2012-06-29 10:22 - 2011-11-12 18:32 - 01575706 ____A C:\Windows\SysWOW64\PerfStringBackup.INI 2012-06-29 10:22 - 2011-11-12 18:32 - 00001912 ____A C:\Windows\epplauncher.mif 2012-06-29 10:22 - 2011-04-12 14:21 - 00700024 ____A C:\Windows\System32\perfh015.dat 2012-06-29 10:22 - 2011-04-12 14:21 - 00136034 ____A C:\Windows\System32\perfc015.dat 2012-06-29 10:21 - 2012-06-29 10:21 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client 2012-06-29 10:21 - 2012-06-29 10:20 - 12633984 ____A (Microsoft Corporation) C:\Users\Wojciech Ferenc\Desktop\mseinstall.exe 2012-06-29 10:10 - 2012-06-29 10:10 - 00677376 ____A C:\Users\Wojciech Ferenc\Desktop\MicrosoftFixit50687.msi 2012-06-29 09:51 - 2012-04-25 15:28 - 00000930 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job 2012-06-29 09:37 - 2009-07-14 05:45 - 00022032 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2012-06-29 09:37 - 2009-07-14 05:45 - 00022032 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2012-06-29 09:36 - 2009-07-14 06:13 - 01556580 ____A C:\Windows\System32\PerfStringBackup.INI 2012-06-28 23:16 - 2011-10-25 17:43 - 00146167 ____A C:\Users\Wojciech Ferenc\Desktop\music.m3u 2012-06-28 18:52 - 2011-11-28 20:05 - 00268952 ____A C:\Windows\SysWOW64\PnkBstrB.xtr 2012-06-28 18:52 - 2011-11-28 20:04 - 00268952 ____A C:\Windows\SysWOW64\PnkBstrB.exe 2012-06-28 16:50 - 2012-06-28 16:50 - 00000000 __SHD C:\Windows\System32\%APPDATA% 2012-06-28 09:45 - 2012-06-28 09:45 - 00140832 ____A C:\Windows\SysWOW64\Drivers\str.sys 2012-06-28 09:41 - 2012-06-28 09:41 - 00000000 ____D C:\Windows\Sun 2012-06-28 08:19 - 2011-11-28 20:04 - 00268952 ____A C:\Windows\SysWOW64\PnkBstrB.ex0 2012-06-24 19:33 - 2012-06-24 19:33 - 00009195 ____A C:\Users\Wojciech Ferenc\Desktop\czujnik_zmierzch.brd 2012-06-24 17:06 - 2012-06-24 17:06 - 00000000 ____D C:\Users\Wojciech Ferenc\Desktop\eagle-win-5.1.0 2012-06-24 17:04 - 2012-06-24 17:02 - 25409300 ____A C:\Users\Wojciech Ferenc\Desktop\eagle-win-5.1.0.zip 2012-06-23 20:52 - 2012-04-25 15:28 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2012-06-23 20:52 - 2011-11-12 18:31 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2012-06-23 15:41 - 2012-01-16 19:24 - 00001792 ____A C:\Users\Public\Desktop\CDBurnerXP.lnk 2012-06-23 15:41 - 2011-12-28 17:58 - 00001702 ____A C:\Users\Public\Desktop\Recuva.lnk 2012-06-23 15:04 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache 2012-06-20 15:04 - 2011-11-12 18:33 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird 2012-06-18 21:52 - 2010-10-04 00:21 - 00000000 ____D C:\Users\Wojciech Ferenc\Documents\mkAVRCalculator 2012-06-17 20:35 - 2011-12-24 21:29 - 00000000 ____D C:\Users\Wojciech Ferenc\AppData\Roaming\TS3Client 2012-06-17 07:27 - 2012-05-03 11:32 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2012-06-16 19:00 - 2011-11-12 18:32 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2012-06-16 18:46 - 2012-06-16 14:42 - 00000000 ____D C:\WinAVR-20100110 2012-06-16 18:35 - 2012-06-16 17:03 - 00000000 ____D C:\AVRDUDE_FT232R 2012-06-16 16:44 - 2012-06-16 16:44 - 00000000 ____D C:\Users\Wojciech Ferenc\workspace 2012-06-16 16:44 - 2011-11-12 17:50 - 00000000 ____D C:\users\Wojciech Ferenc 2012-06-16 13:53 - 2012-06-16 13:53 - 00000000 ____D C:\Users\Wojciech Ferenc\AppData\Local\Macromedia 2012-06-16 13:46 - 2009-07-14 05:45 - 00343544 ____A C:\Windows\System32\FNTCACHE.DAT 2012-06-15 16:31 - 2011-11-13 18:55 - 00000000 ____D C:\Users\All Users\Microsoft Help 2012-06-15 16:26 - 2011-11-12 18:02 - 58957832 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe 2012-06-07 11:40 - 2012-06-07 11:40 - 00000000 ____D C:\Users\Wojciech Ferenc\AppData\Roaming\Patcher 2012-06-07 11:35 - 2012-06-07 10:33 - 00000000 ____D C:\Users\Wojciech Ferenc\Desktop\AM6.10D 2012-06-07 10:35 - 2011-03-27 11:02 - 00000000 ____D C:\Users\Wojciech Ferenc\Desktop\Elektronika 2012-06-07 10:34 - 2010-12-04 22:51 - 00000000 ____D C:\Users\Wojciech Ferenc\Desktop\ETK 2012-06-06 23:02 - 2011-11-16 22:53 - 00000600 ____A C:\Users\Wojciech Ferenc\AppData\Local\PUTTY.RND 2012-06-06 18:13 - 2011-12-24 21:29 - 00000000 ____D C:\Program Files (x86)\TeamSpeak 3 Client 2012-06-06 15:17 - 2009-07-14 06:08 - 00032608 ____A C:\Windows\Tasks\SCHEDLGU.TXT 2012-06-05 14:10 - 2012-05-10 15:30 - 00000000 ____D C:\Users\Wojciech Ferenc\AppData\Local\Deployment 2012-06-05 14:05 - 2012-06-05 14:05 - 00259080 ____A (Jungo) C:\Windows\System32\Drivers\PYCH_CoreDriver.sys 2012-06-05 14:05 - 2012-06-05 14:05 - 00000000 ____D C:\Windows\System32\ClonePlusDriver_x86_64bit 2012-06-05 14:05 - 2012-05-10 15:31 - 00158208 ____A (Jungo) C:\Windows\SysWOW64\wdapi1021.dll 2012-06-05 14:05 - 2012-05-10 15:31 - 00158208 ____A (Jungo) C:\Windows\System32\wdapi1021.dll 2012-06-02 23:19 - 2012-06-21 10:06 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll 2012-06-02 23:19 - 2012-06-21 10:06 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll 2012-06-02 23:19 - 2012-06-21 10:06 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe 2012-06-02 23:19 - 2012-06-21 10:06 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll 2012-06-02 23:19 - 2012-06-21 10:06 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll 2012-06-02 23:15 - 2012-06-21 10:06 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll 2012-06-02 23:15 - 2012-06-21 10:06 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll 2012-06-02 14:19 - 2012-06-21 10:06 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll 2012-06-02 14:15 - 2012-06-21 10:06 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe 2012-05-29 23:02 - 2012-05-29 23:01 - 00000000 ____D C:\Users\Wojciech Ferenc\Documents\NFSTR 2012-05-29 21:48 - 2012-05-29 21:48 - 00000000 ____D C:\Games 2012-05-29 21:48 - 2012-05-29 21:46 - 00000000 ____D C:\Users\Wojciech Ferenc\AppData\Roaming\DAEMON Tools Lite 2012-05-29 21:48 - 2012-05-29 21:46 - 00000000 ____D C:\Users\All Users\DAEMON Tools Lite 2012-05-29 21:46 - 2012-05-29 21:46 - 00283200 ____A (DT Soft Ltd) C:\Windows\System32\Drivers\dtsoftbus01.sys 2012-05-29 21:46 - 2012-05-29 21:46 - 00000000 ____D C:\Program Files (x86)\DAEMON Tools Lite 2012-05-28 19:29 - 2012-05-28 19:29 - 00000000 ____A C:\Users\Wojciech Ferenc\Documents\Nuance Image Printer Writer Port 2012-05-24 10:49 - 2012-05-24 10:49 - 00000000 ____D C:\Users\Wojciech Ferenc\Documents\Moje dokumenty programu PaperPort 2012-05-24 10:49 - 2012-05-24 10:49 - 00000000 ____D C:\Users\Wojciech Ferenc\AppData\Roaming\Zeon 2012-05-24 10:49 - 2012-03-07 18:00 - 00000000 ____D C:\Users\Wojciech Ferenc\AppData\Roaming\Nuance 2012-05-19 16:34 - 2012-05-15 19:50 - 00000000 ____D C:\Users\Wojciech Ferenc\Desktop\Wolfenstein - Enemy Territory 2012-05-18 03:47 - 2012-06-15 16:20 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll 2012-05-18 03:16 - 2012-06-15 16:20 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll 2012-05-18 03:06 - 2012-06-15 16:21 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll 2012-05-18 02:59 - 2012-06-15 16:21 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll 2012-05-18 02:59 - 2012-06-15 16:21 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll 2012-05-18 02:58 - 2012-06-15 16:21 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl 2012-05-18 02:58 - 2012-06-15 16:21 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll 2012-05-18 02:56 - 2012-06-15 16:21 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll 2012-05-18 02:55 - 2012-06-15 16:21 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll 2012-05-18 02:55 - 2012-06-15 16:21 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe 2012-05-18 02:54 - 2012-06-15 16:21 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll 2012-05-18 02:51 - 2012-06-15 16:21 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb 2012-05-18 02:51 - 2012-06-15 16:21 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll 2012-05-18 02:47 - 2012-06-15 16:21 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll 2012-05-18 00:11 - 2012-06-15 16:20 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2012-05-17 23:48 - 2012-06-15 16:20 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2012-05-17 23:45 - 2012-06-15 16:21 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2012-05-17 23:36 - 2012-06-15 16:21 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2012-05-17 23:35 - 2012-06-15 16:21 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2012-05-17 23:35 - 2012-06-15 16:21 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2012-05-17 23:33 - 2012-06-15 16:21 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll 2012-05-17 23:31 - 2012-06-15 16:21 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2012-05-17 23:29 - 2012-06-15 16:21 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2012-05-17 23:29 - 2012-06-15 16:21 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2012-05-17 23:27 - 2012-06-15 16:21 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2012-05-17 23:25 - 2012-06-15 16:21 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2012-05-17 23:24 - 2012-06-15 16:21 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2012-05-17 23:20 - 2012-06-15 16:21 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2012-05-17 15:56 - 2012-05-17 15:56 - 00000000 ____A C:\Users\Wojciech Ferenc\Sti_Trace.log 2012-05-15 02:32 - 2012-06-15 14:48 - 03146752 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys 2012-05-14 17:15 - 2009-07-14 06:32 - 00000000 ____D C:\Windows\System32\FxsTmp 2012-05-10 15:31 - 2012-05-10 15:31 - 00000000 ____D C:\Windows\System32\ClonePlusDriver_x86_64 2012-05-10 15:30 - 2012-05-10 15:30 - 00000000 ____D C:\Users\Wojciech Ferenc\AppData\Local\Apps\2.0 2012-05-09 20:38 - 2011-11-12 19:04 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight 2012-05-09 19:36 - 2011-04-12 14:32 - 00000000 ____D C:\Program Files\Windows Journal 2012-05-06 13:16 - 2012-05-06 13:16 - 00000000 ____D C:\Users\Wojciech Ferenc\SystemRequirementsLab 2012-05-06 13:16 - 2012-05-06 13:16 - 00000000 ____D C:\Program Files (x86)\SystemRequirementsLab 2012-05-04 12:06 - 2012-06-15 14:49 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe 2012-05-04 12:00 - 2012-06-15 16:20 - 00366592 ____A (Microsoft Corporation) C:\Windows\System32\qdvd.dll 2012-05-04 11:03 - 2012-06-15 14:49 - 03968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe 2012-05-04 11:03 - 2012-06-15 14:49 - 03913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe 2012-05-04 10:59 - 2012-06-15 16:20 - 00514560 ____A (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll 2012-05-03 11:32 - 2012-05-03 11:32 - 00000000 ____D C:\Users\All Users\Mozilla 2012-05-01 06:40 - 2012-06-15 15:33 - 00209920 ____A (Microsoft Corporation) C:\Windows\System32\profsvc.dll 2012-04-28 04:55 - 2012-06-15 14:48 - 00210944 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys 2012-04-26 06:41 - 2012-06-15 15:34 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll 2012-04-26 06:41 - 2012-06-15 15:34 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll 2012-04-26 06:34 - 2012-06-15 15:34 - 00009216 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe 2012-04-24 06:37 - 2012-06-15 14:48 - 01462272 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll 2012-04-24 06:37 - 2012-06-15 14:48 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll 2012-04-24 06:37 - 2012-06-15 14:48 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll 2012-04-24 05:36 - 2012-06-15 14:48 - 01158656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll 2012-04-24 05:36 - 2012-06-15 14:48 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll 2012-04-24 05:36 - 2012-06-15 14:48 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll 2012-04-23 20:18 - 2012-04-23 18:22 - 00000000 ____D C:\Program Files (x86)\SIMARIS design 6.0 2012-04-23 18:24 - 2012-04-23 18:24 - 00000000 ____D C:\Users\Wojciech Ferenc\AppData\Local\SIEMENS 2012-04-23 18:23 - 2012-04-23 18:23 - 00001104 ____A C:\Users\Public\Desktop\SIMARIS design 6.0.lnk 2012-04-07 19:04 - 2011-12-28 13:39 - 00000600 ____A C:\Users\Wojciech Ferenc\AppData\Roaming\winscp.rnd 2012-04-07 13:31 - 2012-06-15 14:48 - 03216384 ____A (Microsoft Corporation) C:\Windows\System32\msi.dll 2012-04-07 12:26 - 2012-06-15 14:48 - 02342400 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll ZeroAccess: C:\Windows\Installer\{f0c79dd9-feaf-9725-47f4-d1b0f65aea46} C:\Windows\Installer\{f0c79dd9-feaf-9725-47f4-d1b0f65aea46}\@ C:\Windows\Installer\{f0c79dd9-feaf-9725-47f4-d1b0f65aea46}\L C:\Windows\Installer\{f0c79dd9-feaf-9725-47f4-d1b0f65aea46}\n C:\Windows\Installer\{f0c79dd9-feaf-9725-47f4-d1b0f65aea46}\U C:\Windows\Installer\{f0c79dd9-feaf-9725-47f4-d1b0f65aea46}\U\00000001.@ C:\Windows\Installer\{f0c79dd9-feaf-9725-47f4-d1b0f65aea46}\U\80000000.@ C:\Windows\Installer\{f0c79dd9-feaf-9725-47f4-d1b0f65aea46}\U\800000cb.@ ZeroAccess: C:\Users\Wojciech Ferenc\AppData\Local\{f0c79dd9-feaf-9725-47f4-d1b0f65aea46} C:\Users\Wojciech Ferenc\AppData\Local\{f0c79dd9-feaf-9725-47f4-d1b0f65aea46}\@ C:\Users\Wojciech Ferenc\AppData\Local\{f0c79dd9-feaf-9725-47f4-d1b0f65aea46}\L C:\Users\Wojciech Ferenc\AppData\Local\{f0c79dd9-feaf-9725-47f4-d1b0f65aea46}\U ========================= Known DLLs (Whitelisted) ============ ========================= Bamital & volsnap Check ============ C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe 014A9CB92514E27C0107614DF764BC06 ZeroAccess <==== ATTENTION!. C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== EXE ASSOCIATION ===================== HKLM\...\.exe: exefile => OK HKLM\...\exefile\DefaultIcon: %1 => OK HKLM\...\exefile\open\command: "%1" %* => OK ========================= Memory info ====================== Percentage of memory in use: 13% Total physical RAM: 4095.43 MB Available physical RAM: 3545.91 MB Total Pagefile: 4093.63 MB Available Pagefile: 3534.29 MB Total Virtual: 8192 MB Available Virtual: 8191.89 MB ======================= Partitions ========================= 1 Drive c: () (Fixed) (Total:176.07 GB) (Free:33.14 GB) NTFS ==>[Drive with boot components (obtained from BCD)] 2 Drive d: () (Fixed) (Total:177.44 GB) (Free:40.94 GB) NTFS 3 Drive e: () (Fixed) (Total:577.98 GB) (Free:77.64 GB) NTFS 5 Drive g: (WOODY) (Removable) (Total:0.96 GB) (Free:0.18 GB) FAT 6 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS Nr dysku Stan Rozmiar Wolne Dyn GPT -------- ------------- ------- ------- --- --- Dysk 0 Online 931 GB 8 MB Dysk 1 Online 984 MB 0 B Partitions of Disk 0: =============== Partycja ### Typ Rozmiar Przesuni©cie ------------- ---------------- ------- ------------ Partycja 1 Podstawowy 176 GB 31 KB Partycja 0 Rozszerzony 755 GB 176 GB Partycja 2 Logiczny 177 GB 176 GB Partycja 3 Logiczny 577 GB 353 GB ====================================================================================================== Disk: 0 Partycja 1 Typ : 07 Ukryta : Nie Aktywna : Tak Przesuni©cie w bajtach: 32256 Wolumin ### Lit Etykieta Fs Typ Rozmiar Stan Info ----------- --- ----------- ----- ---------- ------- --------- -------- * Wolumin 1 C NTFS Partycja 176 GB Zdrowy ====================================================================================================== Disk: 0 Partycja 2 Typ : 07 Ukryta : Nie Aktywna : Nie Przesuni©cie w bajtach: 189058093056 Wolumin ### Lit Etykieta Fs Typ Rozmiar Stan Info ----------- --- ----------- ----- ---------- ------- --------- -------- * Wolumin 2 D NTFS Partycja 177 GB Zdrowy ====================================================================================================== Disk: 0 Partycja 3 Typ : 07 Ukryta : Nie Aktywna : Nie Przesuni©cie w bajtach: 379588478976 Wolumin ### Lit Etykieta Fs Typ Rozmiar Stan Info ----------- --- ----------- ----- ---------- ------- --------- -------- * Wolumin 3 E NTFS Partycja 577 GB Zdrowy ====================================================================================================== Partitions of Disk 1: =============== Partycja ### Typ Rozmiar Przesuni©cie ------------- ---------------- ------- ------------ Partycja 1 Podstawowy 983 MB 31 KB ====================================================================================================== Disk: 1 Partycja 1 Typ : 0E Ukryta : Nie Aktywna : Tak Przesuni©cie w bajtach: 32256 Wolumin ### Lit Etykieta Fs Typ Rozmiar Stan Info ----------- --- ----------- ----- ---------- ------- --------- -------- * Wolumin 4 G WOODY FAT Wymienny 983 MB Zdrowy ====================================================================================================== ========================================================== Last Boot: 2012-06-28 10:33 ======================= End Of Log ==========================