Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 30-04-2013 01 Ran by SYSTEM on 01-05-2013 17:33:55 Running from H:\ Windows 7 Ultimate (X86) OS Language: Polish Internet Explorer Version 9 Boot Mode: Recovery The current controlset is ControlSet001 ATTENTION!:=====> THE OPERATING SYSTEM IS A X64 SYSTEM BUT THE BOOT DISK THAT IS USED TO BOOT TO RECOVERY ENVIRONMENT IS A X86 SYSTEM DISK. ==================== Registry (Whitelisted) ================== HKLM\...\Run: [Mam3PAN.exe] Mam3PAN.exe [x] HKLM\...\Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [446392 2012-04-04] (Adobe Systems Incorporated) HKU\DM\...\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun [ 2012-02-13] (DT Soft Ltd) HKU\DM\...\Run: [Media Finder] "C:\Program Files (x86)\Media Finder\Media Finder.exe" /opentotray [x] HKU\DM\...\Winlogon: [Shell] explorer.exe,C:\Users\DM\AppData\Roaming\skype.dat <==== ATTENTION Startup: C:\Users\DM\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> (No File) Startup: C:\Users\DM\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe (No File) ========================== Services (Whitelisted) ================= S2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [63960 2012-07-27] (Adobe Systems Incorporated) S3 AdobeFlashPlayerUpdateSvc; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [253656 2013-03-12] (Adobe Systems Incorporated) S3 clr_optimization_v2.0.50727_64; C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [89920 2009-06-10] (Microsoft Corporation) S4 Creative ALchemy AL6 Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [79360 2011-07-04] (Creative Labs) S4 Creative Audio Engine Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2011-07-04] (Creative Labs) S4 CTAudSvcService; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [307200 2009-02-23] (Creative Technology Ltd) S3 FontCache3.0.0.0; C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe [42856 2010-11-05] (Microsoft Corporation) S2 gupdate; C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [136176 2011-08-16] (Google Inc.) S3 gupdatem; C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [136176 2011-08-16] (Google Inc.) S3 idsvc; C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe [856400 2010-11-05] (Microsoft Corporation) S2 LMS; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [326168 2011-02-01] (Intel Corporation) S2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [655944 2012-07-03] (Malwarebytes Corporation) S3 MozillaMaintenance; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [115608 2013-04-11] (Mozilla Foundation) S4 Nero BackItUp Scheduler 4.0; C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe [935208 2008-12-05] (Nero AG) S4 NetTcpPortSharing; C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe [116560 2009-06-10] (Microsoft Corporation) S3 PerfHost; C:\Windows\SysWow64\perfhost.exe [20992 2009-07-14] (Microsoft Corporation) S3 Sound Blaster X-Fi MB Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\XMBLicensing.exe [79360 2011-07-04] (Creative Labs) S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) S2 UNS; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2656280 2011-02-01] (Intel Corporation) ==================== Drivers (Whitelisted) ==================== S3 athrusb; C:\Windows\System32\DRIVERS\athrxusb.sys [559104 2006-12-22] (Atheros Communications, Inc.) S3 AtiHDAudioService; C:\Windows\System32\drivers\AtihdW76.sys [115216 2010-11-17] (Advanced Micro Devices) S3 b06bdrv; C:\Windows\system32\DRIVERS\bxvbda.sys [468480 2009-06-10] (Broadcom Corporation) S3 b57nd60a; C:\Windows\System32\DRIVERS\b57nd60a.sys [270848 2009-06-10] (Broadcom Corporation) S1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2012-03-18] (DT Soft Ltd) S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation) S3 EtronHub3; C:\Windows\System32\Drivers\EtronHub3.sys [39936 2011-02-08] (Etron Technology Inc) S3 EtronXHCI; C:\Windows\System32\Drivers\EtronXHCI.sys [64512 2011-02-08] (Etron Technology Inc) S3 FNETTBOH_305; C:\Windows\System32\drivers\FNETTBOH_305.SYS [31808 2011-07-04] (FNet Co., Ltd.) S1 FNETURPX; C:\Windows\System32\drivers\FNETURPX.SYS [15936 2011-07-04] (FNet Co., Ltd.) S3 ksthunk; C:\Windows\system32\drivers\ksthunk.sys [20992 2009-07-14] (Microsoft Corporation) S1 Mam3.sys; C:\Windows\System32\DRIVERS\Mam3.sys [56040 2012-04-26] () S3 Mam3WDM.sys; C:\Windows\System32\DRIVERS\Mam3WDM.sys [44264 2012-04-26] () S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [24904 2012-07-03] (Malwarebytes Corporation) S3 MEIx64; C:\Windows\System32\DRIVERS\HECIx64.sys [56344 2010-10-19] (Intel Corporation) S0 PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys [56208 2011-11-03] (Rovi Corporation) S3 RTL8167; C:\Windows\System32\DRIVERS\Rt64win7.sys [344680 2010-06-23] (Realtek ) S3 s1029bus; C:\Windows\System32\DRIVERS\s1029bus.sys [116264 2009-05-25] (MCCI Corporation) S3 s1029mdfl; C:\Windows\System32\DRIVERS\s1029mdfl.sys [19496 2009-05-25] (MCCI Corporation) S3 s1029mdm; C:\Windows\System32\DRIVERS\s1029mdm.sys [158760 2009-05-25] (MCCI Corporation) S3 s1029mgmt; C:\Windows\System32\DRIVERS\s1029mgmt.sys [139304 2009-05-25] (MCCI Corporation) S3 s1029nd5; C:\Windows\System32\DRIVERS\s1029nd5.sys [34856 2009-05-25] (MCCI Corporation) S3 s1029obex; C:\Windows\System32\DRIVERS\s1029obex.sys [135208 2009-05-25] (MCCI Corporation) S3 s1029unic; C:\Windows\System32\DRIVERS\s1029unic.sys [151592 2009-05-25] (MCCI Corporation) S3 vpcbus; C:\Windows\System32\DRIVERS\vpchbus.sys [194944 2010-11-20] (Microsoft Corporation) S1 vpcnfltr; C:\Windows\System32\DRIVERS\vpcnfltr.sys [59392 2010-11-20] (Microsoft Corporation) S3 vpcusb; C:\Windows\System32\DRIVERS\vpcusb.sys [95232 2010-11-20] (Microsoft Corporation) S1 vpcvmm; C:\Windows\System32\drivers\vpcvmm.sys [360832 2010-11-20] (Microsoft Corporation) S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [x] S3 tsusbhub; system32\drivers\tsusbhub.sys [x] S3 VGPU; System32\drivers\rdvgkmd.sys [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-05-01 17:30 - 2013-05-01 17:30 - 00000000 ____D C:\FRST 2013-05-01 00:20 - 2013-05-01 16:19 - 00000004 ____A C:\Users\DM\AppData\Roaming\skype.ini 2013-04-28 11:16 - 2013-04-28 11:16 - 00000000 ____D C:\Users\DM\AppData\Local\{AEAB3F22-8567-4C3E-AD4C-C305A305F01F} 2013-04-24 06:18 - 2013-04-12 15:45 - 01656680 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys 2013-04-20 18:31 - 2013-04-20 18:33 - 46165618 ____A C:\Users\DM\Desktop\File.aspx 2013-04-20 18:29 - 2013-04-20 18:31 - 46165618 ____A C:\Users\DM\Downloads\Znaki drogowe.avi 2013-04-11 21:57 - 2013-04-11 21:57 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2013-04-10 11:07 - 2013-02-22 07:57 - 17817088 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll 2013-04-10 11:07 - 2013-02-22 07:29 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll 2013-04-10 11:07 - 2013-02-22 07:27 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll 2013-04-10 11:07 - 2013-02-22 07:21 - 01346560 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll 2013-04-10 11:07 - 2013-02-22 07:20 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll 2013-04-10 11:07 - 2013-02-22 07:19 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl 2013-04-10 11:07 - 2013-02-22 07:18 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll 2013-04-10 11:07 - 2013-02-22 07:17 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll 2013-04-10 11:07 - 2013-02-22 07:15 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll 2013-04-10 11:07 - 2013-02-22 07:15 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll 2013-04-10 11:07 - 2013-02-22 07:15 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe 2013-04-10 11:07 - 2013-02-22 07:14 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll 2013-04-10 11:07 - 2013-02-22 07:13 - 02147840 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll 2013-04-10 11:07 - 2013-02-22 07:13 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll 2013-04-10 11:07 - 2013-02-22 07:12 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb 2013-04-10 11:07 - 2013-02-22 07:09 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll 2013-04-10 11:07 - 2013-02-22 05:05 - 12324352 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2013-04-10 11:07 - 2013-02-22 04:47 - 09738752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2013-04-10 11:07 - 2013-02-22 04:46 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2013-04-10 11:07 - 2013-02-22 04:38 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2013-04-10 11:07 - 2013-02-22 04:38 - 01104384 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2013-04-10 11:07 - 2013-02-22 04:37 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2013-04-10 11:07 - 2013-02-22 04:36 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll 2013-04-10 11:07 - 2013-02-22 04:35 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2013-04-10 11:07 - 2013-02-22 04:34 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2013-04-10 11:07 - 2013-02-22 04:34 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2013-04-10 11:07 - 2013-02-22 04:34 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2013-04-10 11:07 - 2013-02-22 04:33 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2013-04-10 11:07 - 2013-02-22 04:32 - 01796096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2013-04-10 11:07 - 2013-02-22 04:31 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2013-04-10 11:07 - 2013-02-22 04:31 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2013-04-10 11:07 - 2013-02-22 04:28 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2013-04-10 05:58 - 2013-03-19 07:04 - 05550424 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe 2013-04-10 05:58 - 2013-03-19 06:46 - 00043520 ____A (Microsoft Corporation) C:\Windows\System32\csrsrv.dll 2013-04-10 05:58 - 2013-03-19 06:04 - 03968856 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe 2013-04-10 05:58 - 2013-03-19 06:04 - 03913560 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe 2013-04-10 05:58 - 2013-03-19 05:47 - 00006656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll 2013-04-10 05:58 - 2013-03-19 04:06 - 00112640 ____A (Microsoft Corporation) C:\Windows\System32\smss.exe 2013-04-10 05:58 - 2013-03-01 04:36 - 03153408 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys 2013-04-10 05:58 - 2013-02-15 07:08 - 00044032 ____A (Microsoft Corporation) C:\Windows\System32\tsgqec.dll 2013-04-10 05:58 - 2013-02-15 07:06 - 03717632 ____A (Microsoft Corporation) C:\Windows\System32\mstscax.dll 2013-04-10 05:58 - 2013-02-15 07:02 - 00158720 ____A (Microsoft Corporation) C:\Windows\System32\aaclient.dll 2013-04-10 05:58 - 2013-02-15 05:37 - 03217408 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll 2013-04-10 05:58 - 2013-02-15 05:34 - 00131584 ____A (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll 2013-04-10 05:58 - 2013-02-15 04:25 - 00036864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll 2013-04-07 23:44 - 2013-04-07 23:44 - 00177322 ____A C:\Users\DM\Downloads\compass(1).zip 2013-04-07 23:44 - 2013-04-07 23:44 - 00066362 ____A C:\Users\DM\Downloads\jonathan-hill_corbert.zip 2013-04-07 23:43 - 2013-04-07 23:43 - 00275299 ____A C:\Users\DM\Downloads\gust-e-foundry_texgyreadventor.zip 2013-04-04 18:53 - 2013-04-04 18:53 - 00001238 ____A C:\Users\DM\Desktop\bujaczek_opis.txt 2013-04-01 16:06 - 2013-04-01 15:05 - 395088793 ____N C:\Users\DM\Desktop\MVI_0360.MOV ==================== One Month Modified Files and Folders ======== 2013-05-01 17:33 - 2012-10-11 18:16 - 00262144 ____A C:ProgramData\NTUser.dat 2013-05-01 17:33 - 2012-10-11 18:16 - 00005120 __ASH C:ProgramData\NTUser.dat.LOG1 2013-05-01 17:30 - 2013-05-01 17:30 - 00000000 ____D C:\FRST 2013-05-01 16:19 - 2013-05-01 00:20 - 00000004 ____A C:\Users\DM\AppData\Roaming\skype.ini 2013-05-01 16:18 - 2009-07-14 05:45 - 00010416 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2013-05-01 16:18 - 2009-07-14 05:45 - 00010416 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2013-05-01 16:17 - 2009-07-14 18:55 - 10801684 ____A C:\Windows\System32\perfh015.dat 2013-05-01 16:17 - 2009-07-14 18:55 - 03900874 ____A C:\Windows\System32\perfc015.dat 2013-05-01 16:17 - 2009-07-14 06:13 - 00004572 ____A C:\Windows\System32\PerfStringBackup.INI 2013-05-01 16:14 - 2012-09-13 21:14 - 00000000 ___RD C:\Users\DM\Dropbox 2013-05-01 16:14 - 2012-09-13 21:09 - 00000000 ____D C:\Users\DM\AppData\Roaming\Dropbox 2013-05-01 16:13 - 2011-08-16 18:14 - 00001036 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2013-05-01 16:13 - 2009-07-14 06:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT 2013-05-01 16:13 - 2009-07-14 05:51 - 00180111 ____A C:\Windows\setupact.log 2013-05-01 16:11 - 2011-07-05 01:27 - 01219744 ____A C:\Windows\WindowsUpdate.log 2013-05-01 16:06 - 2012-08-14 07:37 - 00000930 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job 2013-05-01 16:06 - 2011-08-16 18:14 - 00001040 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2013-04-28 11:16 - 2013-04-28 11:16 - 00000000 ____D C:\Users\DM\AppData\Local\{AEAB3F22-8567-4C3E-AD4C-C305A305F01F} 2013-04-26 22:06 - 2011-07-13 18:01 - 00000000 ____D C:\Users\DM\AppData\Local\CrashDumps 2013-04-25 19:05 - 2009-07-14 06:08 - 00032608 ____A C:\Windows\Tasks\SCHEDLGU.TXT 2013-04-20 18:33 - 2013-04-20 18:31 - 46165618 ____A C:\Users\DM\Desktop\File.aspx 2013-04-20 18:31 - 2013-04-20 18:29 - 46165618 ____A C:\Users\DM\Downloads\Znaki drogowe.avi 2013-04-15 16:12 - 2011-07-23 13:40 - 00000000 ____D C:\Users\DM\Desktop\Faktury 2013-04-12 15:45 - 2013-04-24 06:18 - 01656680 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys 2013-04-12 15:43 - 2012-08-02 16:17 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2013-04-12 14:40 - 2009-07-14 04:20 - 00000000 ___RD C:\Program Files (x86) 2013-04-11 21:57 - 2013-04-11 21:57 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2013-04-10 11:56 - 2009-07-14 05:45 - 04927392 ____A C:\Windows\System32\FNTCACHE.DAT 2013-04-10 11:53 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\SysWOW64 2013-04-07 23:44 - 2013-04-07 23:44 - 00177322 ____A C:\Users\DM\Downloads\compass(1).zip 2013-04-07 23:44 - 2013-04-07 23:44 - 00066362 ____A C:\Users\DM\Downloads\jonathan-hill_corbert.zip 2013-04-07 23:43 - 2013-04-07 23:43 - 00275299 ____A C:\Users\DM\Downloads\gust-e-foundry_texgyreadventor.zip 2013-04-04 19:09 - 2013-01-05 09:36 - 00000000 ____D C:\Users\DM\AppData\Local\LooksBuilder 2013-04-04 18:53 - 2013-04-04 18:53 - 00001238 ____A C:\Users\DM\Desktop\bujaczek_opis.txt 2013-04-04 18:52 - 2012-10-30 17:33 - 00000000 ____D C:\Users\DM\AppData\Roaming\Winamp 2013-04-01 15:05 - 2013-04-01 16:06 - 395088793 ____N C:\Users\DM\Desktop\MVI_0360.MOV Other Malware: =========== C:\Users\DM\AppData\Roaming\skype.dat C:\Users\DM\AppData\Roaming\skype.ini ==================== Known DLLs (Whitelisted) ============ ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe [2012-01-29 09:26] - [2010-11-20 14:24] - 2872320 ____A (Microsoft Corporation) AC4C51EB24AA95B77F705AB159189E24 C:\Windows\System32\winlogon.exe [2012-01-29 09:32] - [2010-11-20 14:25] - 0390656 ____A (Microsoft Corporation) 1151B1BAA6F350B1DB6598E0FEA7C457 C:\Windows\System32\wininit.exe [2009-07-14 00:52] - [2009-07-14 02:39] - 0129024 ____A (Microsoft Corporation) 94355C28C1970635A31B3FE52EB7CEBA C:\Windows\System32\svchost.exe [2009-07-14 00:31] - [2009-07-14 02:39] - 0027136 ____A (Microsoft Corporation) C78655BC80301D76ED4FEF1C1EA40A7D C:\Windows\System32\services.exe [2009-07-14 00:19] - [2009-07-14 02:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB C:\Windows\System32\User32.dll [2012-01-29 09:32] - [2010-11-20 14:27] - 1008128 ____A (Microsoft Corporation) FE70103391A64039A921DBFFF9C7AB1B C:\Windows\System32\userinit.exe [2012-01-29 09:32] - [2010-11-20 14:25] - 0030720 ____A (Microsoft Corporation) BAFE84E637BF7388C96EF48D4D3FDD53 C:\Windows\System32\Drivers\volsnap.sys [2012-01-29 09:33] - [2010-11-20 14:34] - 0295808 ____A (Microsoft Corporation) 0D08D2F3B3FF84E433346669B5E0F639 ==================== EXE ASSOCIATION ===================== HKLM\...\.exe: exefile => OK HKLM\...\exefile\DefaultIcon: %1 => OK HKLM\...\exefile\open\command: "%1" %* => OK ==================== Restore Points ========================= Restore point made on: 2013-04-24 16:42:03 Restore point made on: 2013-04-30 13:54:17 ==================== Memory info =========================== Percentage of memory in use: 15% Total physical RAM: 3062.09 MB Available physical RAM: 2583.05 MB Total Pagefile: 3058.3 MB Available Pagefile: 2593.07 MB Total Virtual: 2047.88 MB Available Virtual: 1960.69 MB ==================== Drives ================================ Drive c: (Zastrze¿one przez system) (Fixed) (Total:97.66 GB) (Free:6.98 GB) NTFS ==>[System with boot components (obtained from reading drive)] Drive d: () (Fixed) (Total:78.13 GB) (Free:37.99 GB) NTFS Drive e: () (Fixed) (Total:387.62 GB) (Free:150.5 GB) NTFS Drive f: () (Fixed) (Total:833.85 GB) (Free:634.13 GB) NTFS Drive g: (Win7pl-w-code5-patch) (CDROM) (Total:3.41 GB) (Free:0 GB) UDF Drive h: (USB DISK) (Removable) (Total:7.41 GB) (Free:2.97 GB) FAT32 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS Nr dysku Stan Rozmiar Wolne Dyn GPT -------- ------------- ------- ------- --- --- Dysk 0 Online 931 GB 0 B Dysk 1 Online 465 GB 9 MB Dysk 2 Online 7602 MB 0 B Partitions of Disk 0: =============== Identyfikator dysku: 056D3F5F Partycja ### Typ Rozmiar Przesuni©cie ------------- ---------------- ------- ------------ Partycja 1 Podstawowy 97 GB 1024 KB Partycja 2 Podstawowy 833 GB 97 GB ================================================================================== Disk: 0 Partycja 1 Typ : 07 Ukryta : Nie Aktywna : Tak Przesuni©cie w bajtach: 1048576 Wolumin ### Lit Etykieta Fs Typ Rozmiar Stan Info ----------- --- ----------- ----- ---------- ------- --------- -------- * Wolumin 1 C Zastrze¾one NTFS Partycja 97 GB Zdrowy ========================================================= Disk: 0 Partycja 2 Typ : 07 Ukryta : Nie Aktywna : Nie Przesuni©cie w bajtach: 104858648576 Wolumin ### Lit Etykieta Fs Typ Rozmiar Stan Info ----------- --- ----------- ----- ---------- ------- --------- -------- * Wolumin 2 F NTFS Partycja 833 GB Zdrowy ========================================================= Partitions of Disk 1: =============== Identyfikator dysku: 24C024C0 Partycja ### Typ Rozmiar Przesuni©cie ------------- ---------------- ------- ------------ Partycja 1 Podstawowy 78 GB 31 KB Partycja 0 Rozszerzony 387 GB 78 GB Partycja 2 Logiczny 387 GB 78 GB ================================================================================== Disk: 1 Partycja 1 Typ : 07 Ukryta : Nie Aktywna : Tak Przesuni©cie w bajtach: 32256 Wolumin ### Lit Etykieta Fs Typ Rozmiar Stan Info ----------- --- ----------- ----- ---------- ------- --------- -------- * Wolumin 3 D NTFS Partycja 78 GB Zdrowy ========================================================= Disk: 1 Partycja 2 Typ : 07 Ukryta : Nie Aktywna : Nie Przesuni©cie w bajtach: 83889662976 Wolumin ### Lit Etykieta Fs Typ Rozmiar Stan Info ----------- --- ----------- ----- ---------- ------- --------- -------- * Wolumin 4 E NTFS Partycja 387 GB Zdrowy ========================================================= Partitions of Disk 2: =============== Identyfikator dysku: C3072E18 Partycja ### Typ Rozmiar Przesuni©cie ------------- ---------------- ------- ------------ Partycja 1 Podstawowy 7598 MB 3276 KB ================================================================================== Disk: 2 Partycja 1 Typ : 0C Ukryta : Nie Aktywna : Tak Przesuni©cie w bajtach: 3354624 Wolumin ### Lit Etykieta Fs Typ Rozmiar Stan Info ----------- --- ----------- ----- ---------- ------- --------- -------- * Wolumin 5 H USB DISK FAT32 Wymienny 7598 MB Zdrowy ========================================================= ============================== MBR & Partition Table ================== ==================================================================== Disk: 0 (Size: 932 GB) (Disk ID: 056D3F5F) Partition 1: (Active) - (Size=98 GB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=834 GB) - (Type=07 NTFS) ==================================================================== Disk: 1 (Size: 466 GB) (Disk ID: 24C024C0) Partition 1: (Active) - (Size=78 GB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=388 GB) - (Type=OF Extended) ==================================================================== Disk: 2 (MBR Code: Windows XP) (Size: 7 GB) (Disk ID: C3072E18) Partition 1: (Active) - (Size=7 GB) - (Type=0C) Last Boot: 2013-04-24 07:14 ==================== End Of Log ============================