Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 20-09-2012 Ran by Krzysztof at 21-09-2012 13:43:50 Running from F:\ Service Pack 1 (X86) OS Language: Polish Attention: Could not load system hive.BD: Proces nie moe uzyska dostpu do pliku, poniewa jest on uywany przez inny proces. ATTENTION:=====> THE TOOL IS NOT RUN FROM RECOVERY ENVIRONMENT AND WILL NOT FUNCTION PROPERLY. ==================== One Month Created Files and Folders ======== 2012-09-18 21:48 - 2012-09-21 13:43 - 00000000 ____D C:\FRST 2012-09-18 21:35 - 2012-09-18 21:35 - 00000000 ____A C:\Windows\System32\notepad 2012-09-18 20:20 - 2012-09-18 20:20 - 00000000 _RASH C:\MSDOS.SYS 2012-09-18 20:20 - 2012-09-18 20:20 - 00000000 _RASH C:\IO.SYS 2012-09-18 13:54 - 2012-09-21 09:39 - 00000044 ____A C:\Users\Krzysztof\AppData\Roaming\msconfig.ini 2012-09-12 13:00 - 2012-08-22 19:16 - 01292144 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys 2012-09-12 13:00 - 2012-08-22 19:16 - 00712048 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ndis.sys 2012-09-12 13:00 - 2012-08-22 19:16 - 00240496 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\netio.sys 2012-09-12 13:00 - 2012-08-22 19:16 - 00187760 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\FWPKCLNT.SYS 2012-09-12 13:00 - 2012-08-02 18:57 - 00490496 ____A (Microsoft Corporation) C:\Windows\System32\d3d10level9.dll 2012-09-12 13:00 - 2012-07-04 21:45 - 00033280 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\RNDISMP.sys 2012-09-10 14:36 - 2012-09-18 13:23 - 00000000 ____D C:\Program Files\Mozilla Firefox ==================== 3 Months Modified Files ================== 2012-09-21 13:19 - 2011-08-23 14:28 - 01278561 ____A C:\Windows\WindowsUpdate.log 2012-09-21 13:16 - 2011-08-23 14:39 - 00005410 ____A C:\Windows\System32\PerfStringBackup.INI 2012-09-21 13:16 - 2009-07-14 10:07 - 03416392 ____A C:\Windows\System32\perfh015.dat 2012-09-21 13:16 - 2009-07-14 10:07 - 01056394 ____A C:\Windows\System32\perfc015.dat 2012-09-21 09:39 - 2012-09-18 13:54 - 00000044 ____A C:\Users\Krzysztof\AppData\Roaming\msconfig.ini 2012-09-21 09:36 - 2009-07-14 06:34 - 00010240 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2012-09-21 09:36 - 2009-07-14 06:34 - 00010240 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2012-09-21 09:29 - 2009-07-14 06:53 - 00000006 ___AH C:\Windows\Tasks\SA.DAT 2012-09-21 09:29 - 2009-07-14 06:39 - 00120746 ____A C:\Windows\setupact.log 2012-09-18 21:35 - 2012-09-18 21:35 - 00000000 ____A C:\Windows\System32\notepad 2012-09-18 20:20 - 2012-09-18 20:20 - 00000000 _RASH C:\MSDOS.SYS 2012-09-18 20:20 - 2012-09-18 20:20 - 00000000 _RASH C:\IO.SYS 2012-09-12 15:54 - 2011-08-24 09:57 - 62164608 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe 2012-09-06 14:07 - 2009-07-14 06:53 - 00032608 ____A C:\Windows\Tasks\SCHEDLGU.TXT 2012-08-22 19:16 - 2012-09-12 13:00 - 01292144 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys 2012-08-22 19:16 - 2012-09-12 13:00 - 00712048 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ndis.sys 2012-08-22 19:16 - 2012-09-12 13:00 - 00240496 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\netio.sys 2012-08-22 19:16 - 2012-09-12 13:00 - 00187760 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\FWPKCLNT.SYS 2012-08-17 20:15 - 2012-08-17 20:15 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_User_wpdcomp_01_09_00.Wdf 2012-08-17 18:54 - 2011-08-24 08:04 - 00174064 ____A (Oracle Corporation) C:\Windows\System32\javaw.exe 2012-08-17 18:54 - 2011-08-24 08:04 - 00174064 ____A (Oracle Corporation) C:\Windows\System32\java.exe 2012-08-16 08:41 - 2009-07-14 06:33 - 00341424 ____A C:\Windows\System32\FNTCACHE.DAT 2012-08-11 11:49 - 2012-08-11 11:49 - 00057344 ____A C:\Users\Krzysztof\0.6877551491134125.exe 2012-08-11 11:49 - 2012-08-11 11:49 - 00000040 ____A C:\Users\All Users\jylhvozanamqqvf 2012-08-02 18:57 - 2012-09-12 13:00 - 00490496 ____A (Microsoft Corporation) C:\Windows\System32\d3d10level9.dll 2012-07-22 18:16 - 2012-07-22 18:15 - 899590746 ____A C:\Users\Krzysztof\Documents\Image.nrg 2012-07-18 19:47 - 2012-08-16 07:03 - 02345984 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys 2012-07-13 22:03 - 2011-08-24 09:53 - 00002505 ____A C:\Users\Public\Desktop\Skype.lnk 2012-07-11 15:47 - 2009-07-14 04:04 - 00000478 ____A C:\Windows\win.ini 2012-07-10 14:42 - 2012-07-10 14:42 - 00005488 ____A C:\Users\Krzysztof\Desktop\AdwCleaner[S1].txt 2012-07-10 14:41 - 2012-07-10 14:41 - 00002742 ____A C:\Users\Krzysztof\Desktop\FSS.txt 2012-07-10 14:32 - 2012-07-10 14:31 - 00005488 ____A C:\AdwCleaner[S1].txt 2012-07-10 08:17 - 2012-07-10 08:17 - 00039378 ____A C:\Users\Krzysztof\Desktop\OTL.Txt 2012-07-10 08:16 - 2012-07-10 08:16 - 00044358 ____A C:\Users\Krzysztof\Desktop\Extras.Txt 2012-07-05 22:06 - 2012-08-17 18:54 - 00772544 ____A (Oracle Corporation) C:\Windows\System32\npDeployJava1.dll 2012-07-05 22:06 - 2012-08-17 18:54 - 00227760 ____A (Oracle Corporation) C:\Windows\System32\javaws.exe 2012-07-05 22:06 - 2011-08-24 17:10 - 00687544 ____A (Oracle Corporation) C:\Windows\System32\deployJava1.dll 2012-07-04 23:16 - 2012-08-16 07:03 - 00057344 ____A (Microsoft Corporation) C:\Windows\System32\netapi32.dll 2012-07-04 23:14 - 2012-08-16 07:03 - 00102912 ____A (Microsoft Corporation) C:\Windows\System32\browser.dll 2012-07-04 23:14 - 2012-08-16 07:03 - 00041984 ____A (Microsoft Corporation) C:\Windows\System32\browcli.dll 2012-07-04 21:45 - 2012-09-12 13:00 - 00033280 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\RNDISMP.sys 2012-06-29 02:52 - 2012-08-16 07:31 - 12317184 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll 2012-06-29 02:27 - 2012-08-16 07:31 - 09737728 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll 2012-06-29 02:16 - 2012-08-16 07:31 - 01800704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll 2012-06-29 02:09 - 2012-08-16 07:31 - 01129472 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll 2012-06-29 02:09 - 2012-08-16 07:31 - 01103872 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll 2012-06-29 02:08 - 2012-08-16 07:31 - 01427968 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl 2012-06-29 02:07 - 2012-08-16 07:31 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\url.dll 2012-06-29 02:06 - 2012-08-16 07:31 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll 2012-06-29 02:04 - 2012-08-16 07:31 - 00717824 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll 2012-06-29 02:04 - 2012-08-16 07:31 - 00142848 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe 2012-06-29 02:01 - 2012-08-16 07:31 - 01793024 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll 2012-06-29 02:01 - 2012-08-16 07:31 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll 2012-06-29 02:00 - 2012-08-16 07:32 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb 2012-06-29 01:57 - 2012-08-16 07:31 - 00176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe => MD5 is legit C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== Memory info =========================== Percentage of memory in use: 10% Total physical RAM: 3549.12 MB Available physical RAM: 3174.57 MB Total Pagefile: 7096.52 MB Available Pagefile: 6752.91 MB Total Virtual: 2047.88 MB Available Virtual: 1947.33 MB ==================== Partitions ============================= 1 Drive c: () (Fixed) (Total:29.81 GB) (Free:1.53 GB) NTFS 2 Drive d: (Nowy) (Fixed) (Total:119.14 GB) (Free:63.08 GB) NTFS 3 Drive e: (ReatogoPE) (CDROM) (Total:0.28 GB) (Free:0 GB) CDFS 4 Drive f: () (Removable) (Total:0.98 GB) (Free:0.97 GB) FAT Nr dysku Stan Rozmiar Wolne Dyn GPT -------- ------------- ------- ------- --- --- Dysk 0 Online 149 GB 1024 KB Dysk 1 Online 1000 MB 0 B Partitions of Disk 0: =============== Partycja ### Typ Rozmiar Przesunicie ------------- ---------------- ------- ------------ Partycja 1 Podstawowy 100 MB 1024 KB Partycja 2 Podstawowy 29 GB 101 MB Partycja 3 Podstawowy 119 GB 29 GB ========================================================= Disk: 0 Partycja 1 Typ : 07 Ukryta : Nie Aktywna : Tak Przesunicie w bajtach: 1048576 Wolumin ### Lit Etykieta Fs Typ Rozmiar Stan Info ----------- --- ----------- ----- ---------- ------- --------- -------- * Wolumin 1 Zastrzeone NTFS Partycja 100 MB Zdrowy System ========================================================= Disk: 0 Partycja 2 Typ : 07 Ukryta : Nie Aktywna : Nie Przesunicie w bajtach: 105906176 Wolumin ### Lit Etykieta Fs Typ Rozmiar Stan Info ----------- --- ----------- ----- ---------- ------- --------- -------- * Wolumin 2 C NTFS Partycja 29 GB Zdrowy Rozruch ========================================================= Disk: 0 Partycja 3 Typ : 07 Ukryta : Nie Aktywna : Nie Przesunicie w bajtach: 32114737152 Wolumin ### Lit Etykieta Fs Typ Rozmiar Stan Info ----------- --- ----------- ----- ---------- ------- --------- -------- * Wolumin 3 D Nowy NTFS Partycja 119 GB Zdrowy Plik str ========================================================= Partitions of Disk 1: =============== Partycja ### Typ Rozmiar Przesunicie ------------- ---------------- ------- ------------ Partycja 1 Podstawowy 999 MB 16 KB ========================================================= Disk: 1 Partycja 1 Typ : 06 Ukryta : Nie Aktywna : Tak Przesunicie w bajtach: 16384 Wolumin ### Lit Etykieta Fs Typ Rozmiar Stan Info ----------- --- ----------- ----- ---------- ------- --------- -------- * Wolumin 4 F FAT Wymienny 999 MB Zdrowy ========================================================= Last Boot: 2012-08-10 16:38 ==================== End Of Log ============================