Scan result of Farbar Recovery Scan Tool Version: 25-07-2012 01
Ran by Alta at 30-07-2012 14:22:15
Running from C:\Users\Alta\Desktop
  Service Pack 1 (X64) OS Language: Polish 
Attention: Could not load system hive.Bť¤D: Proces nie moľe uzyska† dost©pu do pliku, poniewaľ jest on uľywany przez inny proces.

ATTENTION:=====> THE TOOL IS NOT RUN FROM RECOVERY ENVIRONMENT AND WILL NOT FUNCTION PROPERLY.


============ One Month Created Files and Folders ==============

2012-07-30 14:19 - 2012-07-30 14:22 - 00000000 ____D C:\FRST
2012-07-30 14:18 - 2012-07-30 14:20 - 00000112 ____A C:\Windows\setupact.log
2012-07-30 14:18 - 2012-07-30 14:18 - 00000000 ____A C:\Windows\setuperr.log
2012-07-30 13:39 - 2012-07-30 12:56 - 00137096 ____A (ESET) C:\Users\Alta\Desktop\ESETSirefefRemover.exe
2012-07-30 13:05 - 2012-07-30 13:05 - 00000000 ____D C:\Users\Public\Desktop\CC Support
2012-07-30 13:04 - 2012-07-30 13:52 - 00000000 ____D C:\Users\Alta\Desktop\sirefef_fix_eseta
2012-07-30 09:25 - 2012-07-30 09:25 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.BCC4DC70EB3EA488
2012-07-30 09:22 - 2012-07-30 09:22 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.2C59B751AC0B4923
2012-07-30 09:19 - 2012-07-30 09:19 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.C3D7CBF06678E8AF
2012-07-30 09:19 - 2012-07-30 09:19 - 00000000 ___RD C:\Users\Alta\Virtual Machines
2012-07-30 09:19 - 2012-07-30 09:19 - 00000000 ____D C:\Users\Alta\AppData\Roaming\CheckPoint
2012-07-30 09:17 - 2012-07-30 09:17 - 00003288 ____N C:\bootsqm.dat
2012-07-30 09:14 - 2012-07-30 09:14 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.7816BAA7CCA89D05
2012-07-30 09:11 - 2012-07-30 09:11 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.F8AF5E3F44DFFF57
2012-07-30 09:05 - 2012-07-30 09:05 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.84E38C5C988D7F68
2012-07-30 09:02 - 2012-07-30 09:02 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.833D37CB130BD7FB
2012-07-30 08:58 - 2012-07-30 08:58 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.64A779F84B9FACD8
2012-07-30 08:33 - 2012-07-30 08:33 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.34CAB5AED928AFB6
2012-07-30 08:33 - 2012-07-30 08:33 - 00050392 ____A C:\Windows\System32\Drivers\xejovldj.sys
2012-07-30 08:31 - 2012-07-30 08:31 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.BA4C1E34FB223730
2012-07-30 08:28 - 2012-07-30 08:28 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.1CEEC4DF5C7CD31F
2012-07-30 08:26 - 2012-07-30 08:26 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.55C815239B1B49AA
2012-07-30 08:23 - 2012-07-30 08:23 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.DB2AC80293FEDAC5
2012-07-30 08:21 - 2012-07-30 08:21 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.F0596C46028E6D30
2012-07-30 08:19 - 2012-07-30 08:19 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.B98C2637DD69FC1B
2012-07-30 08:16 - 2012-07-30 08:16 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.200885A6AFE987A5
2012-07-30 08:13 - 2012-07-30 08:13 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.6DFA279A60CCB001
2012-07-30 08:11 - 2012-07-30 08:11 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.F9A9E73A1D46E168
2012-07-30 07:58 - 2012-07-30 07:58 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.1D7AC3AFC08D6EB7
2012-07-30 07:54 - 2012-07-30 07:54 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.2910C96F290DEDFE
2012-07-30 07:51 - 2012-07-30 07:51 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.866F14AF914718A2
2012-07-30 07:48 - 2012-07-30 07:48 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.567CC8D6CD441B09
2012-07-30 07:45 - 2012-07-30 07:45 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.31254935948C57EA
2012-07-27 23:42 - 2012-07-27 23:42 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.45E03DB3E54AB43F
2012-07-27 23:38 - 2012-07-27 23:38 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.C60D7BA139EE53AF
2012-07-27 23:35 - 2012-07-27 23:35 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.6C11F7DA0B146BAE
2012-07-27 23:32 - 2012-07-27 23:32 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.4F1BE5A7208B6F64
2012-07-27 23:30 - 2012-07-27 23:30 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.99B9D274C0DF36EB
2012-07-27 23:28 - 2012-07-27 23:28 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.AB19CB0818395466
2012-07-27 23:17 - 2012-07-27 23:17 - 00000000 ____D C:\Program Files\Microsoft Security Client
2012-07-27 23:17 - 2012-07-27 23:17 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2012-07-27 22:07 - 2012-07-27 22:07 - 00001810 ____A C:\Users\Zbigniew\Desktop\ArcaVirMicroScan.lnk
2012-07-27 21:53 - 2012-07-27 23:01 - 00000000 ____D C:\Users\Zbigniew\AppData\Roaming\ArcaVirMicroScan
2012-07-27 21:42 - 2012-07-27 21:42 - 00000000 ____D C:\Program Files\SkanerOnline
2012-07-27 21:30 - 2012-07-27 21:30 - 00000000 __SHD C:\Windows\System32\%APPDATA%
2012-07-27 21:04 - 2012-07-27 21:04 - 00002039 ____A C:\Users\Zbigniew\Desktop\Live Security Platinum.lnk
2012-07-27 21:03 - 2012-07-27 21:04 - 00000000 ____D C:\Users\All Users\7531CCA906988757BF5A731BF875EF60
2012-07-27 15:11 - 2012-07-27 15:14 - 00048128 ____A C:\Users\Bogusława Bednarek\Desktop\WYSYŁKI TYDZ 31-TNO.xls
2012-07-27 14:47 - 2012-07-27 15:05 - 00034041 ____A C:\Users\Bogusława Bednarek\Desktop\DŁUŻNICY TYDZ 30 2012.xlsx
2012-07-26 08:59 - 2012-07-27 13:26 - 00000000 ____D C:\Users\Bogusława Bednarek\Desktop\WYSYŁKI TYDZ 31
2012-07-25 15:46 - 2012-07-27 15:10 - 00052736 ____A C:\Users\Bogusława Bednarek\Desktop\WYSYŁKI TYDZ 31.xls
2012-07-25 14:56 - 2012-07-27 15:07 - 00023498 ____A C:\Users\Bogusława Bednarek\Desktop\Kopia INV 30 (2).xlsx
2012-07-25 14:53 - 2012-07-25 14:56 - 00017609 ____A C:\Users\Bogusława Bednarek\Documents\Kopia INV 30 (2).xlsx
2012-07-25 08:50 - 2012-07-26 11:33 - 00000000 ____D C:\Users\Bogusława Bednarek\Desktop\WYSYŁKI TYDZ 30
2012-07-24 10:03 - 2012-07-24 10:03 - 00001311 ____A C:\Users\Bogusława Bednarek\Desktop\hodowcy 2012.xls — skrót.lnk
2012-07-24 10:03 - 2012-07-24 10:03 - 00001293 ____A C:\Users\Bogusława Bednarek\Desktop\insem 2012.xls — skrót.lnk
2012-07-13 15:04 - 2012-07-13 15:09 - 00015519 ____A C:\Users\Bogusława Bednarek\Desktop\DOSTĘPNE BUHAJE.xlsx
2012-07-13 13:38 - 2012-07-26 15:27 - 00054784 ____A C:\Users\Bogusława Bednarek\Desktop\WYSYŁKI TYDZ 30 (2).xls
2012-07-12 10:35 - 2012-07-12 10:35 - 00001464 ____A C:\Users\Bogusława Bednarek\Desktop\Internet Explorer.lnk
2012-07-12 07:57 - 2012-06-12 05:08 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-07-12 07:54 - 2012-06-02 14:49 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-07-12 07:54 - 2012-06-02 14:17 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-07-12 07:54 - 2012-06-02 14:12 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-07-12 07:54 - 2012-06-02 14:05 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-07-12 07:54 - 2012-06-02 14:05 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-07-12 07:54 - 2012-06-02 14:04 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-07-12 07:54 - 2012-06-02 14:04 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-07-12 07:54 - 2012-06-02 14:03 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-07-12 07:54 - 2012-06-02 14:01 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-07-12 07:54 - 2012-06-02 14:00 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-07-12 07:54 - 2012-06-02 13:59 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-07-12 07:54 - 2012-06-02 13:57 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-07-12 07:54 - 2012-06-02 13:57 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-07-12 07:54 - 2012-06-02 13:54 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-07-12 07:54 - 2012-06-02 11:07 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-07-12 07:54 - 2012-06-02 10:43 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-07-12 07:54 - 2012-06-02 10:33 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-07-12 07:54 - 2012-06-02 10:26 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-07-12 07:54 - 2012-06-02 10:25 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-07-12 07:54 - 2012-06-02 10:25 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-07-12 07:54 - 2012-06-02 10:23 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-07-12 07:54 - 2012-06-02 10:21 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-07-12 07:54 - 2012-06-02 10:20 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-07-12 07:54 - 2012-06-02 10:19 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-07-12 07:54 - 2012-06-02 10:19 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-07-12 07:54 - 2012-06-02 10:17 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-07-12 07:54 - 2012-06-02 10:16 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-07-12 07:54 - 2012-06-02 10:14 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-07-11 07:56 - 2012-06-09 07:43 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2012-07-11 07:56 - 2012-06-09 06:41 - 12873728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2012-07-11 07:56 - 2012-06-06 08:06 - 02004480 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
2012-07-11 07:56 - 2012-06-06 08:06 - 01881600 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2012-07-11 07:56 - 2012-06-06 08:02 - 01133568 ____A (Microsoft Corporation) C:\Windows\System32\cdosys.dll
2012-07-11 07:56 - 2012-06-06 07:05 - 01390080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2012-07-11 07:56 - 2012-06-06 07:05 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2012-07-11 07:56 - 2012-06-06 07:03 - 00805376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll
2012-07-11 07:56 - 2012-06-02 07:50 - 00458704 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2012-07-11 07:56 - 2012-06-02 07:48 - 00151920 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2012-07-11 07:56 - 2012-06-02 07:48 - 00095600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2012-07-11 07:56 - 2012-06-02 07:45 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2012-07-11 07:56 - 2012-06-02 07:44 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2012-07-11 07:56 - 2012-06-02 06:40 - 00225280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2012-07-11 07:56 - 2012-06-02 06:40 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2012-07-11 07:56 - 2012-06-02 06:39 - 00219136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2012-07-11 07:56 - 2012-06-02 06:34 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2012-07-11 07:56 - 2010-06-26 05:55 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\msxml3r.dll
2012-07-11 07:56 - 2010-06-26 05:24 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2012-07-11 07:53 - 2010-02-23 10:16 - 00294912 ____A (Microsoft Corporation) C:\Windows\System32\browserchoice.exe
2012-07-07 09:42 - 2012-07-07 09:50 - 00029200 ____A C:\Users\Zbigniew\Documents\BS zaplanowane.xlsx
2012-07-05 14:21 - 2012-07-05 14:21 - 00000000 ____D C:\Users\Bogusława Bednarek\AppData\Local\{7FC6FC69-D5F9-4382-8EC7-7DFC519ED35A}
2012-07-05 14:21 - 2012-07-05 14:21 - 00000000 ____D C:\Users\Bogusława Bednarek\AppData\Local\{751E2893-0D67-4C83-B4DB-203A45B6CCA6}
2012-07-02 21:12 - 2012-07-02 21:12 - 00000000 ____D C:\Program Files (x86)\Panda Security
2012-07-02 21:12 - 2009-06-30 10:37 - 00033800 ____A (Panda Security, S.L.) C:\Windows\System32\Drivers\pavboot64.sys
2012-07-02 20:56 - 2012-07-02 21:47 - 00000051 ____A C:\Users\All Users\jhrfalvumivjnxm
2012-07-02 20:56 - 2012-07-02 20:56 - 00061440 ____N C:\Users\All Users\skvmphty.exe
2012-07-02 20:56 - 2012-07-02 20:56 - 00000000 ____D C:\Users\All Users\drryzlcdaujexnu


============ 3 Months Modified Files ========================

2012-07-30 14:20 - 2012-07-30 14:18 - 00000112 ____A C:\Windows\setupact.log
2012-07-30 14:20 - 2009-07-14 07:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-07-30 14:18 - 2012-07-30 14:18 - 00000000 ____A C:\Windows\setuperr.log
2012-07-30 13:05 - 2010-11-21 14:53 - 00754450 ____A C:\Windows\System32\perfh015.dat
2012-07-30 13:05 - 2010-11-21 14:53 - 00160434 ____A C:\Windows\System32\perfc015.dat
2012-07-30 13:05 - 2009-07-14 07:13 - 01708090 ____A C:\Windows\System32\PerfStringBackup.INI
2012-07-30 12:56 - 2012-07-30 13:39 - 00137096 ____A (ESET) C:\Users\Alta\Desktop\ESETSirefefRemover.exe
2012-07-30 12:48 - 2012-07-30 14:22 - 01438391 ____A (Farbar) C:\Users\Alta\Desktop\FRST64.exe
2012-07-30 09:25 - 2012-07-30 09:25 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.BCC4DC70EB3EA488
2012-07-30 09:22 - 2012-07-30 09:22 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.2C59B751AC0B4923
2012-07-30 09:19 - 2012-07-30 09:19 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.C3D7CBF06678E8AF
2012-07-30 09:17 - 2012-07-30 09:17 - 00003288 ____N C:\bootsqm.dat
2012-07-30 09:14 - 2012-07-30 09:14 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.7816BAA7CCA89D05
2012-07-30 09:11 - 2012-07-30 09:11 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.F8AF5E3F44DFFF57
2012-07-30 09:05 - 2012-07-30 09:05 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.84E38C5C988D7F68
2012-07-30 09:02 - 2012-07-30 09:02 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.833D37CB130BD7FB
2012-07-30 08:58 - 2012-07-30 08:58 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.64A779F84B9FACD8
2012-07-30 08:33 - 2012-07-30 08:33 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.34CAB5AED928AFB6
2012-07-30 08:33 - 2012-07-30 08:33 - 00050392 ____A C:\Windows\System32\Drivers\xejovldj.sys
2012-07-30 08:31 - 2012-07-30 08:31 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.BA4C1E34FB223730
2012-07-30 08:28 - 2012-07-30 08:28 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.1CEEC4DF5C7CD31F
2012-07-30 08:26 - 2012-07-30 08:26 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.55C815239B1B49AA
2012-07-30 08:23 - 2012-07-30 08:23 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.DB2AC80293FEDAC5
2012-07-30 08:21 - 2012-07-30 08:21 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.F0596C46028E6D30
2012-07-30 08:19 - 2012-07-30 08:19 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.B98C2637DD69FC1B
2012-07-30 08:16 - 2012-07-30 08:16 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.200885A6AFE987A5
2012-07-30 08:15 - 2009-07-14 07:08 - 00032608 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-07-30 08:13 - 2012-07-30 08:13 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.6DFA279A60CCB001
2012-07-30 08:11 - 2012-07-30 08:11 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.F9A9E73A1D46E168
2012-07-30 08:08 - 2009-07-14 01:19 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe
2012-07-30 07:58 - 2012-07-30 07:58 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.1D7AC3AFC08D6EB7
2012-07-30 07:54 - 2012-07-30 07:54 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.2910C96F290DEDFE
2012-07-30 07:51 - 2012-07-30 07:51 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.866F14AF914718A2
2012-07-30 07:48 - 2012-07-30 07:48 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.567CC8D6CD441B09
2012-07-30 07:45 - 2012-07-30 07:45 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.31254935948C57EA
2012-07-27 23:42 - 2012-07-27 23:42 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.45E03DB3E54AB43F
2012-07-27 23:38 - 2012-07-27 23:38 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.C60D7BA139EE53AF
2012-07-27 23:35 - 2012-07-27 23:35 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.6C11F7DA0B146BAE
2012-07-27 23:32 - 2012-07-27 23:32 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.4F1BE5A7208B6F64
2012-07-27 23:30 - 2012-07-27 23:30 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.99B9D274C0DF36EB
2012-07-27 23:28 - 2012-07-27 23:28 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.AB19CB0818395466
2012-07-27 23:18 - 2011-08-08 18:22 - 00001912 ____A C:\Windows\epplauncher.mif
2012-07-27 23:17 - 2011-02-15 11:58 - 01730614 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2012-07-27 23:02 - 2009-07-14 06:45 - 00025040 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-07-27 23:02 - 2009-07-14 06:45 - 00025040 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-07-27 22:07 - 2012-07-27 22:07 - 00001810 ____A C:\Users\Zbigniew\Desktop\ArcaVirMicroScan.lnk
2012-07-27 21:04 - 2012-07-27 21:04 - 00002039 ____A C:\Users\Zbigniew\Desktop\Live Security Platinum.lnk
2012-07-27 15:14 - 2012-07-27 15:11 - 00048128 ____A C:\Users\Bogusława Bednarek\Desktop\WYSYŁKI TYDZ 31-TNO.xls
2012-07-27 15:10 - 2012-07-25 15:46 - 00052736 ____A C:\Users\Bogusława Bednarek\Desktop\WYSYŁKI TYDZ 31.xls
2012-07-27 15:07 - 2012-07-25 14:56 - 00023498 ____A C:\Users\Bogusława Bednarek\Desktop\Kopia INV 30 (2).xlsx
2012-07-27 15:05 - 2012-07-27 14:47 - 00034041 ____A C:\Users\Bogusława Bednarek\Desktop\DŁUŻNICY TYDZ 30 2012.xlsx
2012-07-26 15:27 - 2012-07-13 13:38 - 00054784 ____A C:\Users\Bogusława Bednarek\Desktop\WYSYŁKI TYDZ 30 (2).xls
2012-07-25 14:56 - 2012-07-25 14:53 - 00017609 ____A C:\Users\Bogusława Bednarek\Documents\Kopia INV 30 (2).xlsx
2012-07-24 10:03 - 2012-07-24 10:03 - 00001311 ____A C:\Users\Bogusława Bednarek\Desktop\hodowcy 2012.xls — skrót.lnk
2012-07-24 10:03 - 2012-07-24 10:03 - 00001293 ____A C:\Users\Bogusława Bednarek\Desktop\insem 2012.xls — skrót.lnk
2012-07-13 15:09 - 2012-07-13 15:04 - 00015519 ____A C:\Users\Bogusława Bednarek\Desktop\DOSTĘPNE BUHAJE.xlsx
2012-07-13 14:37 - 2012-06-28 08:04 - 00017434 ____A C:\Users\Bogusława Bednarek\Desktop\Kopia STANY MAGAZYNOWE GENOMIC PLAN.xlsx
2012-07-12 12:31 - 2009-07-14 06:45 - 00396680 ____A C:\Windows\System32\FNTCACHE.DAT
2012-07-12 10:35 - 2012-07-12 10:35 - 00001464 ____A C:\Users\Bogusława Bednarek\Desktop\Internet Explorer.lnk
2012-07-12 07:55 - 2011-08-02 14:31 - 59701280 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-07-10 15:30 - 2012-06-01 14:38 - 00011754 ____A C:\Users\Bogusława Bednarek\Desktop\KKR.xlsx
2012-07-07 09:50 - 2012-07-07 09:42 - 00029200 ____A C:\Users\Zbigniew\Documents\BS zaplanowane.xlsx
2012-07-02 21:47 - 2012-07-02 20:56 - 00000051 ____A C:\Users\All Users\jhrfalvumivjnxm
2012-07-02 20:56 - 2012-07-02 20:56 - 00061440 ____N C:\Users\All Users\skvmphty.exe
2012-06-22 14:22 - 2012-06-22 14:22 - 00003119 ____A C:\Users\Bogusława Bednarek\Desktop\Microsoft Outlook 2010.lnk
2012-06-20 19:36 - 2012-03-07 23:50 - 00002395 ____A C:\Windows\System32\Drivers\DisconnectedPolicy.xml
2012-06-12 05:08 - 2012-07-12 07:57 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-06-09 07:43 - 2012-07-11 07:56 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2012-06-09 06:41 - 2012-07-11 07:56 - 12873728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2012-06-06 08:06 - 2012-07-11 07:56 - 02004480 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
2012-06-06 08:06 - 2012-07-11 07:56 - 01881600 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2012-06-06 08:02 - 2012-07-11 07:56 - 01133568 ____A (Microsoft Corporation) C:\Windows\System32\cdosys.dll
2012-06-06 07:05 - 2012-07-11 07:56 - 01390080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2012-06-06 07:05 - 2012-07-11 07:56 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2012-06-06 07:03 - 2012-07-11 07:56 - 00805376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll
2012-06-04 20:58 - 2012-06-04 20:58 - 00419488 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-06-04 20:58 - 2011-08-08 18:29 - 00070304 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-06-03 00:19 - 2012-06-19 08:09 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-03 00:19 - 2012-06-19 08:09 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-03 00:19 - 2012-06-19 08:08 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-03 00:19 - 2012-06-19 08:08 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-03 00:19 - 2012-06-19 08:08 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-03 00:15 - 2012-06-19 08:08 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-03 00:15 - 2012-06-19 08:08 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-02 15:19 - 2012-06-19 08:08 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-02 15:15 - 2012-06-19 08:08 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-06-02 14:49 - 2012-07-12 07:54 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-06-02 14:17 - 2012-07-12 07:54 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-06-02 14:12 - 2012-07-12 07:54 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-06-02 14:05 - 2012-07-12 07:54 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-06-02 14:05 - 2012-07-12 07:54 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-06-02 14:04 - 2012-07-12 07:54 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-06-02 14:04 - 2012-07-12 07:54 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-06-02 14:03 - 2012-07-12 07:54 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-06-02 14:01 - 2012-07-12 07:54 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-06-02 14:00 - 2012-07-12 07:54 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-06-02 13:59 - 2012-07-12 07:54 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-06-02 13:57 - 2012-07-12 07:54 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-06-02 13:57 - 2012-07-12 07:54 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-06-02 13:54 - 2012-07-12 07:54 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-06-02 11:07 - 2012-07-12 07:54 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-06-02 10:43 - 2012-07-12 07:54 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-06-02 10:33 - 2012-07-12 07:54 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-06-02 10:26 - 2012-07-12 07:54 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-06-02 10:25 - 2012-07-12 07:54 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-06-02 10:25 - 2012-07-12 07:54 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-06-02 10:23 - 2012-07-12 07:54 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-06-02 10:21 - 2012-07-12 07:54 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-06-02 10:20 - 2012-07-12 07:54 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-06-02 10:19 - 2012-07-12 07:54 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-06-02 10:19 - 2012-07-12 07:54 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-06-02 10:17 - 2012-07-12 07:54 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-06-02 10:16 - 2012-07-12 07:54 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-06-02 10:14 - 2012-07-12 07:54 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-06-02 07:50 - 2012-07-11 07:56 - 00458704 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2012-06-02 07:48 - 2012-07-11 07:56 - 00151920 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2012-06-02 07:48 - 2012-07-11 07:56 - 00095600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2012-06-02 07:45 - 2012-07-11 07:56 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2012-06-02 07:44 - 2012-07-11 07:56 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2012-06-02 06:40 - 2012-07-11 07:56 - 00225280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2012-06-02 06:40 - 2012-07-11 07:56 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2012-06-02 06:39 - 2012-07-11 07:56 - 00219136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2012-06-02 06:34 - 2012-07-11 07:56 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2012-05-23 19:25 - 2012-05-23 19:25 - 00384000 ____A C:\Users\Zbigniew\AppData\Local\ddtwmxk.exe
2012-05-04 13:06 - 2012-06-14 07:58 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-05-04 12:03 - 2012-06-14 07:58 - 03968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-05-04 12:03 - 2012-06-14 07:58 - 03913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe


ZeroAccess:
C:\Windows\Installer\{6286ff46-16d2-b7eb-68b8-7849d5226930}
C:\Windows\Installer\{6286ff46-16d2-b7eb-68b8-7849d5226930}\@
C:\Windows\Installer\{6286ff46-16d2-b7eb-68b8-7849d5226930}\L
C:\Windows\Installer\{6286ff46-16d2-b7eb-68b8-7849d5226930}\n
C:\Windows\Installer\{6286ff46-16d2-b7eb-68b8-7849d5226930}\U
C:\Windows\Installer\{6286ff46-16d2-b7eb-68b8-7849d5226930}\U\00000001.@

ZeroAccess:
C:\Users\Zbigniew\AppData\Local\{6286ff46-16d2-b7eb-68b8-7849d5226930}
C:\Users\Zbigniew\AppData\Local\{6286ff46-16d2-b7eb-68b8-7849d5226930}\@
C:\Users\Zbigniew\AppData\Local\{6286ff46-16d2-b7eb-68b8-7849d5226930}\L
C:\Users\Zbigniew\AppData\Local\{6286ff46-16d2-b7eb-68b8-7849d5226930}\U

========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe 014A9CB92514E27C0107614DF764BC06 ZeroAccess <==== ATTENTION!.
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

========================= Memory info ====================== 

Percentage of memory in use: 31%
Total physical RAM: 3976.93 MB
Available physical RAM: 2729.99 MB
Total Pagefile: 7952.06 MB
Available Pagefile: 6713.98 MB
Total Virtual: 8192 MB
Available Virtual: 8191.89 MB

======================= Partitions =========================

1 Drive c: (win764bit) (Fixed) (Total:230.76 GB) (Free:166.44 GB) NTFS
2 Drive d: (dane) (Fixed) (Total:222.81 GB) (Free:138.04 GB) NTFS
4 Drive f: (KINGSTON1GB) (Removable) (Total:0.94 GB) (Free:0.91 GB) FAT

Program DiskPart napotka bĄd: Serwer RPC jest niedost©pny.
Aby uzyska† wi©cej informacji, zobacz dziennik zdarzeä systemowych.


==========================================================

Last Boot: 2012-07-24 12:00

======================= End Of Log ==========================