Problem z samootwierajacymi sie stronami w firefox

[tm72]

Witam,

przeskanowalem wszystkim czym tylko mozna ale namietnie i bez skrupulow dalej wyskakuja same od siebie okna w firefox do update to win 7 to java itd ... prosze o sprawdzenie LOG-a ...

Kod: Zaznacz wszystko

OTL logfile created on: 9/14/2014 2:11:58 AM - Run 3
OTL by OldTimer - Version 3.2.69.0     Folder = E:\pobrane\bezpieczenstwo
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

7.47 Gb Total Physical Memory | 5.37 Gb Available Physical Memory | 71.81% Memory free
14.95 Gb Paging File | 12.63 Gb Available in Paging File | 84.51% Paging File free
Paging file location(s): e:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 40.15 Gb Total Space | 4.64 Gb Free Space | 11.56% Space Free | Partition Type: NTFS
Drive E: | 507.19 Gb Total Space | 325.79 Gb Free Space | 64.23% Space Free | Partition Type: NTFS
Drive F: | 48.83 Gb Total Space | 19.05 Gb Free Space | 39.01% Space Free | Partition Type: NTFS

Computer Name: TOMI-PC | User Name: tomi | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - [2014/09/09 19:04:39 | 001,870,000 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_152.exe
PRC - [2014/06/06 00:38:12 | 000,275,568 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2014/03/27 14:01:28 | 000,602,112 | ---- | M] (OldTimer Tools) -- E:\pobrane\bezpieczenstwo\OTL_[www.programosy.pl].exe
PRC - [2013/12/21 02:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/02/02 06:01:04 | 003,034,432 | ---- | M] (DT Soft Ltd) -- C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe
PRC - [2011/12/08 17:15:12 | 000,393,216 | ---- | M] (AMD) -- C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe
PRC - [2011/03/14 23:44:38 | 000,414,800 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LMutilps32.exe
PRC - [2011/03/14 23:44:38 | 000,334,416 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LMworker.exe
PRC - [2011/03/14 23:44:36 | 001,081,424 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LManager.exe
PRC - [2011/03/14 23:44:36 | 000,352,336 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe
PRC - [2011/01/31 16:55:14 | 000,244,624 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe
PRC - [2011/01/17 19:01:46 | 011,322,880 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
PRC - [2011/01/17 19:01:46 | 011,314,688 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
PRC - [2011/01/12 16:41:42 | 000,810,144 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
PRC - [2010/01/08 09:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
PRC - [2009/10/01 22:32:04 | 004,584,288 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Ghost\Agent\VProSvc.exe


[color=#E56717]========== Modules (No Company Name) ==========[/color]

MOD - [2014/09/09 19:04:38 | 016,825,520 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll
MOD - [2014/06/06 00:38:45 | 003,852,912 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2011/12/11 10:31:42 | 000,985,088 | ---- | M] () -- C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll


[color=#E56717]========== Services (SafeList) ==========[/color]

SRV:[b]64bit:[/b] - [2014/05/19 16:51:42 | 000,204,576 | ---- | M] (Microsoft) [Auto | Running] -- C:\Program Files\Softland\novaPDF 8\Server\novapdfs.exe -- (NovaPdfServer)
SRV:[b]64bit:[/b] - [2013/12/06 16:52:10 | 000,239,616 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:[b]64bit:[/b] - [2013/12/06 16:06:06 | 000,344,064 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV:[b]64bit:[/b] - [2011/02/23 00:00:46 | 000,873,064 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe -- (ePowerSvc)
SRV:[b]64bit:[/b] - [2011/01/31 16:55:14 | 000,244,624 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe -- (Live Updater Service)
SRV:[b]64bit:[/b] - [2011/01/12 16:44:02 | 000,042,360 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe -- (EhttpSrv)
SRV:[b]64bit:[/b] - [2011/01/12 16:41:42 | 000,810,144 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe -- (ekrn)
SRV:[b]64bit:[/b] - [2010/09/22 21:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:[b]64bit:[/b] - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2014/09/09 19:04:40 | 000,267,440 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/06/06 00:38:37 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/12/21 02:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/10/23 09:15:08 | 000,172,192 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/07/09 00:40:10 | 000,104,912 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2011/11/12 11:18:37 | 000,419,624 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011/05/19 15:50:48 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011/03/14 23:44:36 | 000,352,336 | ---- | M] (Dritek System Inc.) [Auto | Running] -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe -- (DsiWMIService)
SRV - [2010/01/08 09:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe -- (GREGService)
SRV - [2009/10/01 22:32:04 | 004,584,288 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Ghost\Agent\VProSvc.exe -- (Norton Ghost)
SRV - [2009/09/21 21:25:34 | 001,571,336 | ---- | M] (Symantec) [On_Demand | Stopped] -- C:\Program Files (x86)\Norton Ghost\Shared\Drivers\GenericMountHelper.exe -- (GenericMount Helper Service)
SRV - [2009/09/21 21:19:22 | 002,963,960 | ---- | M] (Symantec) [On_Demand | Running] -- C:\Program Files (x86)\Norton Ghost\Shared\Drivers\SymSnapServicex64.exe -- (SymSnapService)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/09/08 08:59:00 | 000,575,488 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)


[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV:[b]64bit:[/b] - [2013/12/06 17:52:14 | 013,207,552 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:[b]64bit:[/b] - [2013/12/06 16:21:44 | 000,626,176 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:[b]64bit:[/b] - [2013/09/24 10:53:50 | 000,094,208 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:[b]64bit:[/b] - [2013/09/19 23:05:02 | 000,059,648 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.2.0)
DRV:[b]64bit:[/b] - [2012/03/22 12:44:42 | 000,970,336 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\timntr.sys -- (timounter)
DRV:[b]64bit:[/b] - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:[b]64bit:[/b] - [2012/02/23 11:07:49 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:[b]64bit:[/b] - [2011/09/02 22:29:54 | 000,019,936 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\pwdrvio.sys -- (pwdrvio)
DRV:[b]64bit:[/b] - [2011/09/02 22:29:52 | 000,013,280 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\pwdspio.sys -- (pwdspio)
DRV:[b]64bit:[/b] - [2011/08/17 16:44:46 | 000,053,376 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:[b]64bit:[/b] - [2011/07/27 11:30:40 | 000,024,456 | ---- | M] (IVT Corporation.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\BtHidBus.sys -- (BtHidBus)
DRV:[b]64bit:[/b] - [2011/07/25 17:44:46 | 000,074,752 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb)
DRV:[b]64bit:[/b] - [2011/07/20 14:58:22 | 000,044,032 | ---- | M] (Research in Motion Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimSerial_AMD64.sys -- (RimVSerPort)
DRV:[b]64bit:[/b] - [2011/06/16 15:08:26 | 000,040,064 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_xata.sys -- (amd_xata)
DRV:[b]64bit:[/b] - [2011/06/16 15:08:24 | 000,079,488 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_sata.sys -- (amd_sata)
DRV:[b]64bit:[/b] - [2011/04/12 20:46:30 | 000,051,240 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bScsiMSa.sys -- (bScsiMSa)
DRV:[b]64bit:[/b] - [2011/04/05 23:26:26 | 000,142,632 | ---- | M] (ELAN Microelectronics Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD)
DRV:[b]64bit:[/b] - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:[b]64bit:[/b] - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:[b]64bit:[/b] - [2011/03/02 02:33:16 | 004,720,704 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:[b]64bit:[/b] - [2011/02/14 22:19:56 | 000,412,712 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a)
DRV:[b]64bit:[/b] - [2011/01/20 21:15:30 | 000,019,496 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\b57xdmp.sys -- (b57xdmp)
DRV:[b]64bit:[/b] - [2011/01/20 21:15:28 | 000,067,624 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\b57xdbd.sys -- (b57xdbd)
DRV:[b]64bit:[/b] - [2011/01/13 21:22:24 | 000,085,544 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bScsiSDa.sys -- (bScsiSDa)
DRV:[b]64bit:[/b] - [2010/12/21 15:04:06 | 000,170,640 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\eamonm.sys -- (eamonm)
DRV:[b]64bit:[/b] - [2010/12/21 15:04:06 | 000,141,264 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ehdrv.sys -- (ehdrv)
DRV:[b]64bit:[/b] - [2010/12/21 13:47:38 | 000,170,640 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\epfw.sys -- (epfw)
DRV:[b]64bit:[/b] - [2010/12/21 13:47:38 | 000,050,624 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\epfwwfp.sys -- (epfwwfp)
DRV:[b]64bit:[/b] - [2010/12/21 13:47:38 | 000,034,144 | ---- | M] (ESET) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\epfwndis.sys -- (Epfwndis)
DRV:[b]64bit:[/b] - [2010/11/20 23:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:[b]64bit:[/b] - [2010/11/20 23:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:[b]64bit:[/b] - [2010/11/20 23:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:[b]64bit:[/b] - [2010/11/20 23:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:[b]64bit:[/b] - [2010/06/14 09:32:54 | 000,016,448 | ---- | M] (Teruten Inc) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TFsExDisk.sys -- (TFsExDisk)
DRV:[b]64bit:[/b] - [2010/05/12 06:14:54 | 000,159,208 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdm.sys -- (ssadmdm)
DRV:[b]64bit:[/b] - [2010/05/12 06:14:54 | 000,126,952 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadserd.sys -- (ssadserd)
DRV:[b]64bit:[/b] - [2010/05/12 06:14:52 | 000,125,416 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadbus.sys -- (ssadbus)
DRV:[b]64bit:[/b] - [2010/05/12 06:14:52 | 000,036,328 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadadb.sys -- (androidusb)
DRV:[b]64bit:[/b] - [2010/05/12 06:14:52 | 000,016,872 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdfl.sys -- (ssadmdfl)
DRV:[b]64bit:[/b] - [2010/04/26 22:25:20 | 000,172,104 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdmdm.sys -- (sscdmdm)
DRV:[b]64bit:[/b] - [2010/04/26 22:25:20 | 000,141,384 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdserd.sys -- (sscdserd)
DRV:[b]64bit:[/b] - [2010/04/26 22:25:20 | 000,136,264 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdbus.sys -- (sscdbus)
DRV:[b]64bit:[/b] - [2010/04/26 22:25:20 | 000,019,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV:[b]64bit:[/b] - [2010/04/06 19:33:10 | 000,030,088 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btnetBus.sys -- (btnetBUs)
DRV:[b]64bit:[/b] - [2010/04/06 19:32:48 | 000,027,016 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\IvtBtBus.sys -- (IvtBtBUs)
DRV:[b]64bit:[/b] - [2010/02/18 10:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64)
DRV:[b]64bit:[/b] - [2009/10/01 23:03:40 | 000,154,168 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV:[b]64bit:[/b] - [2009/09/21 21:40:14 | 000,020,528 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vproeventmonitor.sys -- (VProEventMonitor)
DRV:[b]64bit:[/b] - [2009/09/21 21:20:42 | 000,170,032 | ---- | M] (StorageCraft) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\symsnap.sys -- (symsnap)
DRV:[b]64bit:[/b] - [2009/09/21 20:26:10 | 000,054,320 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GenericMount.sys -- (GenericMount)
DRV:[b]64bit:[/b] - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:[b]64bit:[/b] - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:[b]64bit:[/b] - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:[b]64bit:[/b] - [2009/07/13 20:10:47 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rootmdm.sys -- (ROOTMODEM)
DRV:[b]64bit:[/b] - [2009/07/13 20:09:50 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx)
DRV:[b]64bit:[/b] - [2009/06/19 22:09:57 | 000,054,272 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\L1E62x64.sys -- (L1E)
DRV:[b]64bit:[/b] - [2009/06/10 16:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:[b]64bit:[/b] - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:[b]64bit:[/b] - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:[b]64bit:[/b] - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:[b]64bit:[/b] - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:[b]64bit:[/b] - [2009/05/18 15:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:[b]64bit:[/b] - [2008/08/28 13:44:42 | 000,025,600 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys -- (pccsmcfd)
DRV - [2010/06/14 09:32:54 | 000,016,448 | ---- | M] (Teruten Inc) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\TFsExDisk.Sys -- (TFsExDisk)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


[color=#E56717]========== Standard Registry (SafeList) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]

IE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://acer.msn.com
IE:[b]64bit:[/b] - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-8616609-2142783543-1502305995-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL =
IE - HKU\S-1-5-21-8616609-2142783543-1502305995-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com
IE - HKU\S-1-5-21-8616609-2142783543-1502305995-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-8616609-2142783543-1502305995-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.onet.pl/?utm_source=appliki&utm_medium=12578&utm_campaign=onetsg_start_pliki
IE - HKU\S-1-5-21-8616609-2142783543-1502305995-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com
IE - HKU\S-1-5-21-8616609-2142783543-1502305995-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com
IE - HKU\S-1-5-21-8616609-2142783543-1502305995-1000\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-8616609-2142783543-1502305995-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-8616609-2142783543-1502305995-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

[color=#E56717]========== FireFox ==========[/color]

FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.startup.homepage: "http://www.onet.pl/"
FF - prefs.js..extensions.enabledAddons: %7Bcc6cc772-f121-49e0-b1f0-c26583cb0c5e%7D:0.1
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:30.0
FF - user.js - File not found

FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll File not found
FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.10.2: C:\Windows\system32\npDeployJava1.dll File not found
FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.67.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.67.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 30.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 30.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2011/08/22 07:09:53 | 000,000,000 | ---D | M]

[2012/01/23 20:30:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\tomi\AppData\Roaming\Mozilla\Extensions
[2012/01/23 20:30:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\tomi\AppData\Roaming\Mozilla\Extensions\home2@tomtom.com
[2014/09/14 01:27:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\tomi\AppData\Roaming\Mozilla\Firefox\Profiles\nun30cei.default\extensions
[2014/09/07 20:14:09 | 000,000,000 | ---D | M] ("Website Counselor") -- C:\Users\tomi\AppData\Roaming\Mozilla\Firefox\Profiles\nun30cei.default\extensions\{cc6cc772-f121-49e0-b1f0-c26583cb0c5e}
[2014/09/04 20:48:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\tomi\AppData\Roaming\Mozilla\Firefox\Profilesnun30cei.default\extensions
[2014/09/04 20:48:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\tomi\AppData\Roaming\Mozilla\Firefox\Profilesnun30cei.default\extensions\staged
[2014/07/23 15:13:57 | 000,967,685 | ---- | M] () (No name found) -- C:\Users\tomi\AppData\Roaming\Mozilla\Firefox\Profiles\nun30cei.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2014/09/12 20:59:01 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2014/09/12 20:59:01 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

Hosts file not found
O2:[b]64bit:[/b] - BHO: (SteadyVideoBHO Class) - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
O2 - BHO: (SteadyVideoBHO Class) - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4:[b]64bit:[/b] - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4:[b]64bit:[/b] - HKLM..\Run: [Power Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated)
O4:[b]64bit:[/b] - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:[b]64bit:[/b] - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Dolby Advanced Audio v2] C:\Dolby PCEE4\pcee4.exe (Dolby Laboratories Inc.)
O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [Resume copy] copyfstq.exe /startup File not found
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-8616609-2142783543-1502305995-1000..\Run: [DAEMON Tools Pro Agent] C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-8616609-2142783543-1502305995-1000..\Run: [HydraVisionDesktopManager] C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe (AMD)
O4 - HKU\.DEFAULT..\RunOnce: [IsMyWinLockerReboot] msiexec.exe /qn /x{voidguid} File not found
O4 - HKU\S-1-5-18..\RunOnce: [IsMyWinLockerReboot] msiexec.exe /qn /x{voidguid} File not found
O4 - HKU\S-1-5-19..\RunOnce: [IsMyWinLockerReboot] msiexec.exe /qn /x{voidguid} File not found
O4 - HKU\S-1-5-20..\RunOnce: [IsMyWinLockerReboot] msiexec.exe /qn /x{voidguid} File not found
O4 - Startup: C:\Users\tomi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O13[b]64bit:[/b] - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C49036B5-89BD-4A1A-A6F2-0B9AE4B723C7}: DhcpNameServer = 192.168.2.1
O18:[b]64bit:[/b] - Protocol\Handler\livecall - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\msnim - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\skype4com - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\wlmailhtml - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18:[b]64bit:[/b] - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found
O18:[b]64bit:[/b] - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found
O18:[b]64bit:[/b] - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found
O18:[b]64bit:[/b] - Protocol\Filter\video/mp4 {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O18:[b]64bit:[/b] - Protocol\Filter\video/x-flv {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found
O18 - Protocol\Filter\video/mp4 {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O18 - Protocol\Filter\video/x-flv {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O20:[b]64bit:[/b] - HKLM Winlogon: Shell - (explorer.exe) -  File not found
O20:[b]64bit:[/b] - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:[b]64bit:[/b] - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -  File not found
O20 - HKLM Winlogon: UserInit - (userinit.exe) -  File not found
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -  File not found
O21:[b]64bit:[/b] - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O29:[b]64bit:[/b] - HKLM SecurityProviders - (credssp.dll) -  File not found
O29 - HKLM SecurityProviders - (credssp.dll) -  File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012/04/14 18:52:43 | 000,000,000 | ---D | M] - C:\AutoHideIP -- [ NTFS ]
O33 - MountPoints2\{d446678c-77f2-11e1-9a92-206a8a483e13}\Shell - "" = AutoRun
O33 - MountPoints2\{d446678c-77f2-11e1-9a92-206a8a483e13}\Shell\AutoRun\command - "" = I:\TLBootstrap_WPP.exe
O33 - MountPoints2\{d4466791-77f2-11e1-9a92-206a8a483e13}\Shell - "" = AutoRun
O33 - MountPoints2\{d4466791-77f2-11e1-9a92-206a8a483e13}\Shell\AutoRun\command - "" = I:\TLBootstrap_WPP.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:[b]64bit:[/b] - HKLM\..comfile [open] -- "%1" %*
O35:[b]64bit:[/b] - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:[b]64bit:[/b] - HKLM\...com [@ = comfile] -- "%1" %*
O37:[b]64bit:[/b] - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2014/09/12 20:59:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2014/09/11 21:06:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2014/09/11 21:06:32 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2014/09/11 21:06:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2014/09/11 20:49:19 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2014/09/11 18:51:59 | 000,000,000 | ---D | C] -- C:\FRST
[2014/09/04 21:59:52 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2014/09/04 21:59:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD AVT
[2014/09/04 21:59:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD
[2014/09/04 21:58:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Catalyst Control Center
[2014/09/04 20:50:03 | 000,000,000 | ---D | C] -- C:\Users\tomi\AppData\Roaming\sparta111
[2014/09/04 20:49:59 | 000,000,000 | ---D | C] -- C:\Users\tomi\AppData\Local\Sparta
[2014/09/04 20:31:35 | 000,000,000 | ---D | C] -- C:\Program Files\AMD
[2014/09/04 20:31:34 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ATI Technologies
[2014/09/04 20:31:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\ATI Technologies
[2014/09/04 20:31:26 | 000,053,376 | ---- | C] (Advanced Micro Devices) -- C:\Windows\SysNative\drivers\usbfilter.sys
[2014/09/04 20:28:54 | 000,079,488 | ---- | C] (Advanced Micro Devices) -- C:\Windows\SysNative\drivers\amd_sata.sys
[2014/09/04 20:28:54 | 000,040,064 | ---- | C] (Advanced Micro Devices) -- C:\Windows\SysNative\drivers\amd_xata.sys
[2014/09/04 20:28:52 | 001,828,864 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWow64\atiumdmv.dll
[2014/09/04 20:28:52 | 001,113,088 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\atiumd6v.dll
[2014/09/04 20:28:52 | 000,356,352 | ---- | C] (ATI Technologies, Inc.) -- C:\Windows\SysWow64\atipdlxx.dll
[2014/09/04 20:28:52 | 000,126,336 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWow64\atiuxpag.dll
[2014/09/04 20:28:51 | 008,406,024 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWow64\atidxx32.dll
[2014/09/04 20:28:51 | 001,100,216 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWow64\aticfx32.dll
[2014/09/04 20:28:51 | 000,059,392 | ---- | C] (ATI Technologies, Inc.) -- C:\Windows\SysNative\atiedu64.dll
[2014/09/04 20:28:50 | 000,043,520 | ---- | C] (ATI Technologies, Inc.) -- C:\Windows\SysWow64\ati2edxx.dll
[2014/09/04 19:49:40 | 000,000,000 | ---D | C] -- C:\Users\tomi\AppData\Local\DriverToolkit
[2014/09/04 19:49:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DriverToolkit
[2014/09/04 19:25:55 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\RTCOM
[2014/09/04 19:23:46 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek
[2014/09/04 19:23:44 | 002,578,576 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\WavesGUILib.dll
[2014/09/04 19:23:44 | 000,518,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSX64.dll
[2014/09/04 19:23:44 | 000,220,496 | ---- | C] (Virage Logic Corporation / Sonic Focus) -- C:\Windows\SysNative\SFNHK64.dll
[2014/09/04 19:23:44 | 000,211,184 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSH64.dll
[2014/09/04 19:23:44 | 000,198,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSHP64.dll
[2014/09/04 19:23:44 | 000,155,888 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSWOW64.dll
[2014/09/04 19:23:44 | 000,121,744 | ---- | C] (Sony Corporation) -- C:\Windows\SysNative\SFSS_APO.dll
[2014/09/04 19:23:43 | 003,308,376 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEP64A.dll
[2014/09/04 19:23:43 | 003,048,552 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkAPO64.dll
[2014/09/04 19:23:43 | 002,392,168 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtPgEx64.dll
[2014/09/04 19:23:43 | 001,242,216 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RTCOM64.dll
[2014/09/04 19:23:43 | 001,146,984 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RTSnMg64.cpl
[2014/09/04 19:23:43 | 000,952,320 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RCoRes64.dat
[2014/09/04 19:23:43 | 000,648,808 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkApi64.dll
[2014/09/04 19:23:43 | 000,426,328 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EED64A.dll
[2014/09/04 19:23:43 | 000,375,128 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEP64A.dll
[2014/09/04 19:23:43 | 000,332,392 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtlCPAPI64.dll
[2014/09/04 19:23:43 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DHT64.dll
[2014/09/04 19:23:43 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DAA64.dll
[2014/09/04 19:23:43 | 000,204,120 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEED64A.dll
[2014/09/04 19:23:43 | 000,149,608 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkCfg64.dll
[2014/09/04 19:23:43 | 000,136,024 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEL64A.dll
[2014/09/04 19:23:43 | 000,118,104 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEA64A.dll
[2014/09/04 19:23:43 | 000,101,208 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEL64A.dll
[2014/09/04 19:23:43 | 000,081,232 | ---- | C] (Virage Logic Corporation / Sonic Focus) -- C:\Windows\SysNative\SFCOM64.dll
[2014/09/04 19:23:43 | 000,078,680 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEG64A.dll
[2014/09/04 19:23:43 | 000,078,160 | ---- | C] (Virage Logic Corporation / Sonic Focus) -- C:\Windows\SysNative\SFAPO64.dll
[2014/09/04 19:23:43 | 000,077,824 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RCoInst64.dll
[2014/09/04 19:23:43 | 000,074,072 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEG64A.dll
[2014/09/04 19:23:43 | 000,074,064 | ---- | C] (Virage Logic Corporation / Sonic Focus) -- C:\Windows\SysWow64\SFCOM.dll
[2014/09/04 19:23:42 | 002,197,264 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioEQ.dll
[2014/09/04 19:23:42 | 002,075,712 | ---- | C] (Fortemedia Corporation) -- C:\Windows\SysNative\FMAPO64.dll
[2014/09/04 19:23:42 | 001,868,944 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioRealtek.dll
[2014/09/04 19:23:42 | 001,327,208 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSS2SpeakerDLL64.dll
[2014/09/04 19:23:42 | 001,179,752 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSS2HeadphoneDLL64.dll
[2014/09/04 19:23:42 | 000,491,112 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSSymmetryDLL64.dll
[2014/09/04 19:23:42 | 000,475,752 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSVoiceClarityDLL64.dll
[2014/09/04 19:23:42 | 000,341,336 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO30.dll
[2014/09/04 19:23:42 | 000,334,680 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxVolumeSDAPO.dll
[2014/09/04 19:23:42 | 000,318,808 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO20.dll
[2014/09/04 19:23:42 | 000,317,032 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSNeoPCDLL64.dll
[2014/09/04 19:23:42 | 000,269,928 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSLimiterDLL64.dll
[2014/09/04 19:23:42 | 000,266,856 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGainCompensatorDLL64.dll
[2014/09/04 19:23:42 | 000,126,056 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSLFXAPO64.dll
[2014/09/04 19:23:42 | 000,125,544 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGFXAPO64.dll
[2014/09/04 19:23:42 | 000,125,032 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGFXAPONS64.dll
[2014/09/04 19:23:41 | 001,111,656 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSBoostDLL64.dll
[2014/09/04 19:23:41 | 000,504,936 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSBassEnhancementDLL64.dll
[2014/09/04 19:23:41 | 000,200,800 | ---- | C] (Andrea Electronics Corporation) -- C:\Windows\SysNative\AERTAC64.dll
[2014/09/04 19:23:41 | 000,108,960 | ---- | C] (Andrea Electronics Corporation) -- C:\Windows\SysNative\AERTAR64.dll
[3 \*.tmp files -> \*.tmp -> ]

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[2014/09/14 02:04:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/09/14 02:00:59 | 000,024,656 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/09/14 02:00:59 | 000,024,656 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/09/14 01:53:12 | 1724,469,247 | -HS- | M] () -- C:\hiberfil.sys
[2014/09/11 18:23:36 | 000,007,680 | ---- | M] () -- C:\Users\tomi\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2014/09/11 18:09:58 | 000,122,584 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2014/09/09 19:11:49 | 000,780,612 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/09/09 19:11:49 | 000,665,918 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/09/09 19:11:49 | 000,126,092 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/09/09 19:04:40 | 000,701,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2014/09/09 19:04:40 | 000,071,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2014/09/04 21:49:45 | 000,764,922 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2014/09/04 20:50:03 | 000,002,125 | ---- | M] () -- C:\Users\tomi\Application Data\Microsoft\Internet Explorer\Quick Launch\Sparta.lnk
[2014/09/04 19:05:14 | 000,000,000 | -H-- | M] () -- C:\ProgramData\DP45977C.lfl

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2014/09/04 20:50:03 | 000,002,125 | ---- | C] () -- C:\Users\tomi\Application Data\Microsoft\Internet Explorer\Quick Launch\Sparta.lnk
[2014/09/04 19:05:14 | 000,000,000 | -H-- | C] () -- C:\ProgramData\DP45977C.lfl
[2013/12/06 17:38:38 | 000,995,342 | ---- | C] () -- C:\Windows\SysWow64\amdocl_as32.exe
[2013/12/06 17:38:38 | 000,798,734 | ---- | C] () -- C:\Windows\SysWow64\amdocl_ld32.exe
[2013/12/06 16:44:26 | 000,038,912 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2013/12/06 16:39:24 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2013/12/06 16:39:24 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2013/07/30 17:37:02 | 000,000,968 | ---- | C] () -- C:\Windows\COVERMASTER.INI
[2013/07/06 06:30:56 | 006,894,413 | ---- | C] () -- C:\Users\tomi\zoo.jpg
[2013/06/26 14:30:09 | 003,571,885 | ---- | C] () -- C:\Users\tomi\piotrek.jpg
[2013/03/17 14:26:12 | 000,007,609 | ---- | C] () -- C:\Users\tomi\AppData\Local\Resmon.ResmonCfg
[2012/12/27 11:54:57 | 006,676,512 | ---- | C] () -- C:\Users\tomi\ATIH2011_userguide_pl-PL.pdf
[2012/10/24 20:02:28 | 000,000,092 | ---- | C] () -- C:\Users\tomi\tomi.ssi
[2012/04/28 09:41:17 | 000,021,474 | ---- | C] () -- \platnosci allegro.odt
[2012/04/05 20:20:36 | 007,487,509 | ---- | C] () -- \DSC00205.gif
[2012/04/01 11:32:38 | 001,300,846 | ---- | C] () -- \niagara.jpg
[2012/04/01 10:41:21 | 000,214,070 | ---- | C] () -- \biznes.jpg
[2012/03/27 21:29:59 | 000,004,998 | ---- | C] () -- C:\ProgramData\mtbjfghn.xbe
[2011/08/31 19:41:09 | 000,007,680 | ---- | C] () -- C:\Users\tomi\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/08/26 09:23:34 | 000,000,199 | ---- | C] () -- C:\Users\tomi\AppData\Roaming\burnaware.ini
[2011/08/24 02:43:26 | 000,001,038 | ---- | C] () -- C:\Users\tomi\Documents - Shortcut.lnk

[color=#E56717]========== ZeroAccess Check ==========[/color]

[2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/01/04 06:44:25 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/01/04 04:59:38 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 23:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

[color=#E56717]========== LOP Check ==========[/color]

[2011/11/15 17:23:14 | 000,000,000 | ---D | M] -- C:\Users\Guest\AppData\Roaming\ESET
[2012/06/13 19:16:32 | 000,000,000 | ---D | M] -- C:\Users\tomi\AppData\Roaming\.minecraft
[2012/12/27 13:09:20 | 000,000,000 | ---D | M] -- C:\Users\tomi\AppData\Roaming\Acronis
[2014/03/27 21:03:30 | 000,000,000 | ---D | M] -- C:\Users\tomi\AppData\Roaming\AIMP3
[2012/07/19 17:21:12 | 000,000,000 | ---D | M] -- C:\Users\tomi\AppData\Roaming\AnvSoft
[2012/02/21 13:20:42 | 000,000,000 | ---D | M] -- C:\Users\tomi\AppData\Roaming\AutoHideIP
[2013/07/27 13:29:20 | 000,000,000 | ---D | M] -- C:\Users\tomi\AppData\Roaming\AutoUpdate
[2012/09/02 11:37:54 | 000,000,000 | ---D | M] -- C:\Users\tomi\AppData\Roaming\BANDISOFT
[2013/07/09 20:42:40 | 000,000,000 | ---D | M] -- C:\Users\tomi\AppData\Roaming\BESTplayer
[2011/08/25 11:14:26 | 000,000,000 | ---D | M] -- C:\Users\tomi\AppData\Roaming\Canneverbe Limited
[2012/03/27 21:33:34 | 000,000,000 | ---D | M] -- C:\Users\tomi\AppData\Roaming\Carambis
[2012/10/24 19:42:19 | 000,000,000 | ---D | M] -- C:\Users\tomi\AppData\Roaming\Codeton
[2011/08/30 17:06:12 | 000,000,000 | ---D | M] -- C:\Users\tomi\AppData\Roaming\Command and Conquer 4
[2012/03/17 18:42:46 | 000,000,000 | ---D | M] -- C:\Users\tomi\AppData\Roaming\DAEMON Tools Lite
[2014/09/14 01:45:51 | 000,000,000 | ---D | M] -- C:\Users\tomi\AppData\Roaming\DAEMON Tools Pro
[2011/08/22 07:10:29 | 000,000,000 | ---D | M] -- C:\Users\tomi\AppData\Roaming\ESET
[2012/10/01 19:38:02 | 000,000,000 | ---D | M] -- C:\Users\tomi\AppData\Roaming\EurekaLog
[2011/08/22 02:05:40 | 000,000,000 | ---D | M] -- C:\Users\tomi\AppData\Roaming\funkitron
[2012/01/11 17:42:57 | 000,000,000 | ---D | M] -- C:\Users\tomi\AppData\Roaming\Gadu-Gadu 10
[2011/12/18 11:10:33 | 000,000,000 | ---D | M] -- C:\Users\tomi\AppData\Roaming\GHISLER
[2012/08/05 11:56:16 | 000,000,000 | ---D | M] -- C:\Users\tomi\AppData\Roaming\Hide IP NG
[2014/04/10 17:58:00 | 000,000,000 | ---D | M] -- C:\Users\tomi\AppData\Roaming\ImgBurn
[2012/06/08 22:47:39 | 000,000,000 | ---D | M] -- C:\Users\tomi\AppData\Roaming\ipla
[2012/02/19 09:32:56 | 000,000,000 | ---D | M] -- C:\Users\tomi\AppData\Roaming\IrfanView
[2013/07/27 14:24:45 | 000,000,000 | ---D | M] -- C:\Users\tomi\AppData\Roaming\Kamerzysta
[2012/03/27 21:10:02 | 000,000,000 | ---D | M] -- C:\Users\tomi\AppData\Roaming\MOBILedit
[2011/08/22 01:57:38 | 000,000,000 | ---D | M] -- C:\Users\tomi\AppData\Roaming\Namco
[2011/09/25 20:09:37 | 000,000,000 | ---D | M] -- C:\Users\tomi\AppData\Roaming\NapiProjekt
[2011/08/26 23:29:38 | 000,000,000 | ---D | M] -- C:\Users\tomi\AppData\Roaming\Nuance
[2011/09/05 15:03:09 | 000,000,000 | ---D | M] -- C:\Users\tomi\AppData\Roaming\OpenFM
[2011/12/11 10:32:17 | 000,000,000 | ---D | M] -- C:\Users\tomi\AppData\Roaming\OpenOffice.org
[2012/03/31 21:00:12 | 000,000,000 | ---D | M] -- C:\Users\tomi\AppData\Roaming\PC Suite
[2012/08/05 12:01:23 | 000,000,000 | ---D | M] -- C:\Users\tomi\AppData\Roaming\PlatinumHideIP
[2011/10/02 17:41:35 | 000,000,000 | ---D | M] -- C:\Users\tomi\AppData\Roaming\RayV
[2011/11/06 11:12:14 | 000,000,000 | ---D | M] -- C:\Users\tomi\AppData\Roaming\Rovio
[2012/04/14 19:03:26 | 000,000,000 | ---D | M] -- C:\Users\tomi\AppData\Roaming\Samsung
[2014/06/04 17:54:17 | 000,000,000 | ---D | M] -- C:\Users\tomi\AppData\Roaming\Softland
[2014/09/04 20:50:03 | 000,000,000 | ---D | M] -- C:\Users\tomi\AppData\Roaming\sparta111
[2012/01/18 14:27:29 | 000,000,000 | ---D | M] -- C:\Users\tomi\AppData\Roaming\TeamViewer
[2012/09/06 22:20:52 | 000,000,000 | ---D | M] -- C:\Users\tomi\AppData\Roaming\TechSmith
[2012/12/17 21:10:02 | 000,000,000 | ---D | M] -- C:\Users\tomi\AppData\Roaming\Temp
[2012/01/23 20:30:32 | 000,000,000 | ---D | M] -- C:\Users\tomi\AppData\Roaming\TomTom
[2012/10/24 19:58:37 | 000,000,000 | ---D | M] -- C:\Users\tomi\AppData\Roaming\TonCut
[2012/05/16 19:44:49 | 000,000,000 | ---D | M] -- C:\Users\tomi\AppData\Roaming\Trine2
[2014/09/14 01:45:50 | 000,000,000 | ---D | M] -- C:\Users\tomi\AppData\Roaming\uTorrent
[2014/07/31 17:30:08 | 000,000,000 | ---D | M] -- C:\Users\tomi\AppData\Roaming\VOS
[2011/11/15 23:04:43 | 000,000,000 | ---D | M] -- C:\Users\tomi\AppData\Roaming\Wargaming.net

[color=#E56717]========== Purity Check ==========[/color]



[color=#E56717]========== Alternate Data Streams ==========[/color]

@Alternate Data Stream - 192 bytes -> C:\ProgramData\Temp:9E00596C

< End of report >


Kod: Zaznacz wszystko

GMER 2.1.19357 - http://www.gmer.net
Rootkit scan 2014-09-14 02:51:55
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\00000072 TOSHIBA_ rev.GN00 596.17GB
Running: ttdpv0gs.exe; Driver: C:\Users\tomi\AppData\Local\Temp\kgldipod.sys


---- User code sections - GMER 2.1 ----

.text   C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe[1920] C:\Windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter  00000000769b8799 4 bytes [C2, 04, 00, 00]
.text   C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe[1920] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 69       00000000754e1465 2 bytes [4E, 75]
.text   C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe[1920] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 155      00000000754e14bb 2 bytes [4E, 75]
.text   ...                                                                                                                         * 2
.text   C:\Program Files (x86)\Launch Manager\LManager.exe[2360] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69            00000000754e1465 2 bytes [4E, 75]
.text   C:\Program Files (x86)\Launch Manager\LManager.exe[2360] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155           00000000754e14bb 2 bytes [4E, 75]
.text   ...                                                                                                                         * 2
.text   C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[2640] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69   00000000754e1465 2 bytes [4E, 75]
.text   C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[2640] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155  00000000754e14bb 2 bytes [4E, 75]
.text   ...                                                                                                                         * 2
.text   C:\Program Files (x86)\Skype\Phone\Skype.exe[3496] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                  00000000754e1465 2 bytes [4E, 75]
.text   C:\Program Files (x86)\Skype\Phone\Skype.exe[3496] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                 00000000754e14bb 2 bytes [4E, 75]
.text   ...                                                                                                                         * 2
.text   C:\Program Files (x86)\Skype\Phone\Skype.exe[3496] C:\Windows\SysWOW64\ksuser.dll!KsCreatePin + 35                          00000000689411a8 2 bytes [94, 68]
.text   C:\Program Files (x86)\Skype\Phone\Skype.exe[3496] C:\Windows\SysWOW64\ksuser.dll!KsCreateAllocator + 21                    00000000689413a8 2 bytes [94, 68]
.text   C:\Program Files (x86)\Skype\Phone\Skype.exe[3496] C:\Windows\SysWOW64\ksuser.dll!KsCreateClock + 21                        0000000068941422 2 bytes [94, 68]
.text   C:\Program Files (x86)\Skype\Phone\Skype.exe[3496] C:\Windows\SysWOW64\ksuser.dll!KsCreateTopologyNode + 19                 0000000068941498 2 bytes [94, 68]
.text   E:\pobrane\bezpieczenstwo\OTL_[www.programosy.pl].exe[3964] C:\Windows\syswow64\PSAPI.dll!GetModuleInformation + 69         00000000754e1465 2 bytes [4E, 75]
.text   E:\pobrane\bezpieczenstwo\OTL_[www.programosy.pl].exe[3964] C:\Windows\syswow64\PSAPI.dll!GetModuleInformation + 155        00000000754e14bb 2 bytes [4E, 75]
.text   ...                                                                                                                         * 2

---- Threads - GMER 2.1 ----

Thread  System [4:808]                                                                                                              fffffa800917c360
Thread  C:\Program Files\Softland\novaPDF 8\Server\novapdfs.exe [1652:2124]                                                         000007fefab11d20
Thread  C:\Program Files\Softland\novaPDF 8\Server\novapdfs.exe [1652:2504]                                                         000007fef0cf1d20
Thread  C:\Windows\System32\svchost.exe [1444:3412]                                                                                 000007fedcf79688

---- Registry - GMER 2.1 ----

Reg     HKLM\SYSTEM\ControlSet001\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)                       
Reg     HKLM\SYSTEM\ControlSet001\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                                             0x00 0x00 0x00 0x00 ...
Reg     HKLM\SYSTEM\ControlSet001\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                             0
Reg     HKLM\SYSTEM\ControlSet001\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                                          0x65 0xF5 0x0B 0x09 ...
Reg     HKLM\SYSTEM\ControlSet001\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                             C:\Program Files (x86)\DAEMON Tools Pro\
Reg     HKLM\SYSTEM\ControlSet001\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)               
Reg     HKLM\SYSTEM\ControlSet001\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                                    0xA0 0x02 0x00 0x00 ...
Reg     HKLM\SYSTEM\ControlSet001\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                                 0x02 0x89 0xA3 0xAC ...
Reg     HKLM\SYSTEM\ControlSet001\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)         
Reg     HKLM\SYSTEM\ControlSet001\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                            0x62 0x6A 0x45 0xBD ...
Reg     HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC                                           
Reg     HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                                         0x00 0x00 0x00 0x00 ...
Reg     HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                         0
Reg     HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                                      0xC1 0xB4 0x4F 0xDC ...
Reg     HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                         C:\Program Files (x86)\DAEMON Tools Pro\
Reg     HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001                                   
Reg     HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                                0xA0 0x02 0x00 0x00 ...
Reg     HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                             0x02 0x89 0xA3 0xAC ...
Reg     HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0                             
Reg     HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                        0x26 0xB2 0x46 0x90 ...
Reg     HKLM\SYSTEM\ControlSet003\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)                       
Reg     HKLM\SYSTEM\ControlSet003\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                                             0x00 0x00 0x00 0x00 ...
Reg     HKLM\SYSTEM\ControlSet003\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                             0
Reg     HKLM\SYSTEM\ControlSet003\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                                          0xC1 0xB4 0x4F 0xDC ...
Reg     HKLM\SYSTEM\ControlSet003\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                             C:\Program Files (x86)\DAEMON Tools Pro\
Reg     HKLM\SYSTEM\ControlSet003\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)               
Reg     HKLM\SYSTEM\ControlSet003\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                                    0xA0 0x02 0x00 0x00 ...
Reg     HKLM\SYSTEM\ControlSet003\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                                 0x02 0x89 0xA3 0xAC ...
Reg     HKLM\SYSTEM\ControlSet003\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)         
Reg     HKLM\SYSTEM\ControlSet003\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                            0x26 0xB2 0x46 0x90 ...

---- EOF - GMER 2.1 ----


Dziekuje za pomoc ... pozdrawiam Tomasz

[ordynat]

dalej wyskakuja same od siebie okna w firefox

Logi tego nie potwierdzają.

Ale na wszelki wypadek:

1)Użyj Adw-Cleaner http://www.programosy.pl/program,adwcleaner.html
najpierw kliknij na SZUKAJ, a dopiero po zakończeniu skanowania, gdy uaktywni się przycisk USUŃ, to kliknij na niego.
Daj z tego raport C:\AdwCleaner\AdwCleaner[S].txt.

2) Zrób logi z FRST frst-otl-zoek-vt139692.html

-------------------------------

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - File not found
O20 - HKLM Winlogon: UserInit - (userinit.exe) - File not found

Sądząc po tym powyższym, to Twój System jest całkowicie zniszczony, i nie da się go w ogóle używać.
.

[tm72]

system dziala normalnie tylko problem z firefox j/w

Kod: Zaznacz wszystko

# AdwCleaner v3.310 - Report created 14/09/2014 at 11:02:50
# Updated 12/09/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : tomi - TOMI-PC
# Running from : E:\pobrane\AdwCleaner(1).exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****


***** [ Browsers ] *****

-\\ Internet Explorer v0.0.0.0


-\\ Mozilla Firefox v30.0 (pl)

[ File : C:\Users\tomi\AppData\Roaming\Mozilla\Firefox\Profiles\nun30cei.default\prefs.js ]


*************************

AdwCleaner[R3].txt - [364 octets] - [14/09/2014 10:45:41]
AdwCleaner[S3].txt - [707 octets] - [14/09/2014 11:02:50]

########## EOF - C:\AdwCleaner\AdwCleaner[S3].txt - [766 octets] ##########


skanowalem wczesniej AdwCleaner nic nie pokazal
FRST log

Kod: Zaznacz wszystko

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-09-2014
Ran by tomi (administrator) on TOMI-PC on 14-09-2014 11:13:36
Running from E:\pobrane
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 9
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMutilps32.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Ghost\Agent\VProSvc.exe
(Microsoft) C:\Program Files\Softland\novaPDF 8\Server\novapdfs.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(DT Soft Ltd) C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe
(AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe
(Dolby Laboratories Inc.) C:\Dolby PCEE4\pcee4.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Symantec) C:\Program Files (x86)\Norton Ghost\Shared\Drivers\SymSnapServicex64.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_152.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_152.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Power Management] => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [1796200 2011-02-23] (Acer Incorporated)
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2918656 2011-01-12] (ESET)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11788392 2011-04-07] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2207848 2011-03-21] (Realtek Semiconductor)
HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [1081424 2011-03-14] (Dritek System Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Dolby Advanced Audio v2] => C:\Dolby PCEE4\pcee4.exe [506712 2011-02-03] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [Resume copy] => copyfstq.exe /startup
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-12-06] (Advanced Micro Devices, Inc.)
HKU\.DEFAULT\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
HKU\S-1-5-19\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
HKU\S-1-5-20\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
HKU\S-1-5-21-8616609-2142783543-1502305995-1000\...\Run: [DAEMON Tools Pro Agent] => C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe [3034432 2012-02-02] (DT Soft Ltd)
HKU\S-1-5-21-8616609-2142783543-1502305995-1000\...\Run: [HydraVisionDesktopManager] => C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe [393216 2011-12-08] (AMD)
HKU\S-1-5-21-8616609-2142783543-1502305995-1000\...\MountPoints2: {d446678c-77f2-11e1-9a92-206a8a483e13} - I:\TLBootstrap_WPP.exe
HKU\S-1-5-21-8616609-2142783543-1502305995-1000\...\MountPoints2: {d4466791-77f2-11e1-9a92-206a8a483e13} - I:\TLBootstrap_WPP.exe
Startup: C:\Users\tomi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.onet.pl/?utm_source=appliki&utm_medium=12578&utm_campaign=onetsg_start_pliki
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://acer.msn.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page =
BHO: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Filter: application/octet-stream - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll No File
Filter: application/x-complus - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll No File
Filter: application/x-msdownload - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll No File
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter-x32: application/octet-stream - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll No File
Filter-x32: application/x-complus - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll No File
Filter-x32: application/x-msdownload - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll No File
Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)

Hosts: Hosts file not detected in the default directory
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\tomi\AppData\Roaming\Mozilla\Firefox\Profiles\nun30cei.default
FF Homepage: hxxp://www.onet.pl/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin: @java.com/DTPlugin,version=10.10.2 -> C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll No File
FF Extension: Website Counselor - C:\Users\tomi\AppData\Roaming\Mozilla\Firefox\Profiles\nun30cei.default\Extensions\{cc6cc772-f121-49e0-b1f0-c26583cb0c5e} [2014-09-07]
FF Extension: Adblock Plus - C:\Users\tomi\AppData\Roaming\Mozilla\Firefox\Profiles\nun30cei.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-07-23]
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
FF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2011-08-22]

Chrome:
=======

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2013-12-06] (Advanced Micro Devices, Inc.) [File not signed]
S3 EhttpSrv; C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe [42360 2011-01-12] (ESET)
R2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [810144 2011-01-12] (ESET)
S3 GenericMount Helper Service; C:\Program Files (x86)\Norton Ghost\Shared\Drivers\GenericMountHelper.exe [1571336 2009-09-21] (Symantec)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 Norton Ghost; C:\Program Files (x86)\Norton Ghost\Agent\VProSvc.exe [4584288 2009-10-01] (Symantec Corporation)
R2 NovaPdfServer; C:\Program Files\Softland\novaPDF 8\Server\novapdfs.exe [204576 2014-05-19] (Microsoft)
S3 ServiceLayer; C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe [575488 2008-09-08] (Nokia.) [File not signed]
S3 Symantec SymSnap VSS Provider; C:\Windows\system32\dllhost.exe [9728 2009-07-13] (Microsoft Corporation)
S3 Symantec SymSnap VSS Provider; C:\Windows\SysWOW64\dllhost.exe [7168 2009-07-13] (Microsoft Corporation)
R3 SymSnapService; C:\Program Files (x86)\Norton Ghost\Shared\Drivers\SymSnapServicex64.exe [2963960 2009-09-21] (Symantec)
R3 WinHttpAutoProxySvc; winhttp.dll [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AODDriver4.2.0; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59648 2013-09-19] (Advanced Micro Devices)
R0 BtHidBus; C:\Windows\System32\Drivers\BtHidBus.sys [24456 2011-07-27] (IVT Corporation.)
S3 btnetBUs; C:\Windows\System32\Drivers\btnetBus.sys [30088 2010-04-06] ()
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2012-02-23] (DT Soft Ltd)
R2 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [170640 2010-12-21] (ESET)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [141264 2010-12-21] (ESET)
R2 epfw; C:\Windows\System32\DRIVERS\epfw.sys [170640 2010-12-21] (ESET)
R3 Epfwndis; C:\Windows\System32\DRIVERS\Epfwndis.sys [34144 2010-12-21] (ESET)
R2 epfwwfp; C:\Windows\System32\DRIVERS\epfwwfp.sys [50624 2010-12-21] (ESET)
R3 GenericMount; C:\Windows\System32\DRIVERS\GenericMount.sys [54320 2009-09-21] (Symantec Corporation)
S3 IvtBtBUs; C:\Windows\System32\Drivers\IvtBtBus.sys [27016 2010-04-06] (IVT Corporation.)
S3 pwdrvio; C:\Windows\system32\pwdrvio.sys [19936 2011-09-02] ()
S3 pwdspio; C:\Windows\system32\pwdspio.sys [13280 2011-09-02] ()
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [74752 2011-07-25] (Research In Motion Limited)
S3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [44032 2011-07-20] (Research in Motion Ltd)
S3 Serial; C:\Windows\system32\drivers\serial.sys [94208 2009-07-13] (Brother Industries Ltd.)
S3 sscdserd; C:\Windows\System32\DRIVERS\sscdserd.sys [141384 2010-04-26] (MCCI Corporation)
R0 symsnap; C:\Windows\System32\DRIVERS\symsnap.sys [170032 2009-09-21] (StorageCraft)
S3 VProEventMonitor; C:\Windows\System32\DRIVERS\vproeventmonitor.sys [20528 2009-09-21] (Symantec Corporation)
S3 BT; system32\DRIVERS\btnetdrv.sys [X]
S3 BTCOM; system32\DRIVERS\btcomport.sys [X]
S3 BTCOMBUS; System32\Drivers\btcombus.sys [X]
S3 cpuz135; \??\C:\Windows\TEMP\cpuz135\cpuz135_x64.sys [X]
S4 sptd; \SystemRoot\System32\Drivers\sptd.sys [X]
U2 V2iMount; No ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-14 11:03 - 2014-09-14 11:03 - 00000310 _____ () C:\Windows\PFRO.log
2014-09-14 02:51 - 2014-09-14 02:51 - 00008686 _____ () C:\Users\tomi\Documents\gamer.log
2014-09-14 01:53 - 2014-09-14 11:03 - 00000168 _____ () C:\Windows\setupact.log
2014-09-14 01:53 - 2014-09-14 01:53 - 00000000 _____ () C:\Windows\setuperr.log
2014-09-12 20:59 - 2014-09-12 20:59 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-09-11 21:06 - 2014-09-11 21:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-09-11 21:06 - 2014-09-11 21:06 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-09-11 21:06 - 2014-09-11 21:06 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-09-11 18:51 - 2014-09-14 11:13 - 00000000 ____D () C:\FRST
2014-09-04 21:59 - 2014-09-04 21:59 - 00000000 ____D () C:\ProgramData\ATI
2014-09-04 21:59 - 2014-09-04 21:59 - 00000000 ____D () C:\Program Files (x86)\AMD AVT
2014-09-04 21:59 - 2014-09-04 21:59 - 00000000 ____D () C:\Program Files (x86)\AMD
2014-09-04 21:58 - 2014-09-04 21:58 - 00060777 _____ () C:\Windows\SysWOW64\CCCInstall_201409042158534383.log
2014-09-04 21:58 - 2014-09-04 21:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Catalyst Control Center
2014-09-04 20:50 - 2014-09-04 20:50 - 00000000 ____D () C:\Users\tomi\AppData\Roaming\sparta111
2014-09-04 20:49 - 2014-09-04 20:52 - 00000000 ____D () C:\Users\tomi\AppData\Local\Sparta
2014-09-04 20:49 - 2014-09-04 20:49 - 56324562 _____ (Realtek Semiconductor Corp.) C:\Users\tomi\Downloads\64bit_Vista_Win7_Win8_R270 [1].exe
2014-09-04 20:49 - 2014-09-04 20:49 - 00004022 _____ () C:\Windows\System32\Tasks\LaunchSignup
2014-09-04 20:31 - 2014-09-04 21:59 - 00000000 ____D () C:\Program Files\AMD
2014-09-04 20:31 - 2014-09-04 20:31 - 00000000 ____D () C:\Program Files\Common Files\ATI Technologies
2014-09-04 20:31 - 2011-08-17 16:44 - 00053376 _____ (Advanced Micro Devices) C:\Windows\system32\Drivers\usbfilter.sys
2014-09-04 20:28 - 2013-12-06 18:03 - 00126336 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiuxpag.dll
2014-09-04 20:28 - 2013-12-06 18:01 - 01100216 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\aticfx32.dll
2014-09-04 20:28 - 2013-12-06 17:59 - 08406024 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atidxx32.dll
2014-09-04 20:28 - 2011-10-12 11:57 - 00356352 _____ (ATI Technologies, Inc.) C:\Windows\SysWOW64\atipdlxx.dll
2014-09-04 20:28 - 2011-10-12 11:57 - 00059392 _____ (ATI Technologies, Inc.) C:\Windows\system32\atiedu64.dll
2014-09-04 20:28 - 2011-10-12 11:56 - 00043520 _____ (ATI Technologies, Inc.) C:\Windows\SysWOW64\ati2edxx.dll
2014-09-04 20:28 - 2011-10-12 11:43 - 01113088 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiumd6v.dll
2014-09-04 20:28 - 2011-10-12 11:42 - 01828864 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiumdmv.dll
2014-09-04 20:28 - 2011-06-16 15:08 - 00079488 _____ (Advanced Micro Devices) C:\Windows\system32\Drivers\amd_sata.sys
2014-09-04 20:28 - 2011-06-16 15:08 - 00040064 _____ (Advanced Micro Devices) C:\Windows\system32\Drivers\amd_xata.sys
2014-09-04 19:49 - 2014-09-04 19:51 - 00000000 ____D () C:\Program Files (x86)\DriverToolkit
2014-09-04 19:49 - 2014-09-04 19:49 - 00000000 ____D () C:\Users\tomi\AppData\Local\DriverToolkit
2014-09-04 19:25 - 2014-09-04 19:25 - 00000000 ____D () C:\Windows\SysWOW64\RTCOM
2014-09-04 19:23 - 2014-09-04 19:23 - 00000000 ____D () C:\Program Files\Realtek
2014-09-04 19:23 - 2011-04-12 20:08 - 02833256 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\RTKVHD64.sys
2014-09-04 19:23 - 2011-04-11 18:02 - 02392168 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtPgEx64.dll
2014-09-04 19:23 - 2011-04-11 13:49 - 00077824 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RCoInst64.dll
2014-09-04 19:23 - 2011-04-06 10:15 - 00952320 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RCoRes64.dat
2014-09-04 19:23 - 2011-03-31 16:49 - 03048552 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkAPO64.dll
2014-09-04 19:23 - 2011-03-15 15:32 - 00648808 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkApi64.dll
2014-09-04 19:23 - 2011-03-07 13:25 - 03308376 _____ (Dolby Laboratories) C:\Windows\system32\R4EEP64A.dll
2014-09-04 19:23 - 2011-03-07 13:25 - 00426328 _____ (Dolby Laboratories) C:\Windows\system32\R4EED64A.dll
2014-09-04 19:23 - 2011-03-07 13:25 - 00136024 _____ (Dolby Laboratories) C:\Windows\system32\R4EEL64A.dll
2014-09-04 19:23 - 2011-03-07 13:25 - 00118104 _____ (Dolby Laboratories) C:\Windows\system32\R4EEA64A.dll
2014-09-04 19:23 - 2011-03-07 13:25 - 00074072 _____ (Dolby Laboratories) C:\Windows\system32\R4EEG64A.dll
2014-09-04 19:23 - 2011-03-02 17:25 - 01242216 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTCOM64.dll
2014-09-04 19:23 - 2011-02-22 15:52 - 02075712 _____ (Fortemedia Corporation) C:\Windows\system32\FMAPO64.dll
2014-09-04 19:23 - 2010-11-29 18:47 - 02578576 _____ (Waves Audio Ltd.) C:\Windows\system32\WavesGUILib.dll
2014-09-04 19:23 - 2010-11-29 18:47 - 01868944 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioRealtek.dll
2014-09-04 19:23 - 2010-11-18 11:49 - 00121744 _____ (Sony Corporation) C:\Windows\system32\SFSS_APO.dll
2014-09-04 19:23 - 2010-11-08 07:31 - 00375128 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEP64A.dll
2014-09-04 19:23 - 2010-11-08 07:31 - 00310104 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DHT64.dll
2014-09-04 19:23 - 2010-11-08 07:31 - 00310104 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DAA64.dll
2014-09-04 19:23 - 2010-11-08 07:31 - 00204120 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEED64A.dll
2014-09-04 19:23 - 2010-11-08 07:31 - 00101208 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEL64A.dll
2014-09-04 19:23 - 2010-11-08 07:31 - 00078680 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEG64A.dll
2014-09-04 19:23 - 2010-11-03 18:31 - 01146984 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTSnMg64.cpl
2014-09-04 19:23 - 2010-11-03 18:31 - 00332392 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtlCPAPI64.dll
2014-09-04 19:23 - 2010-11-03 18:30 - 00149608 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCfg64.dll
2014-09-04 19:23 - 2010-11-03 18:29 - 01327208 _____ (DTS) C:\Windows\system32\DTSS2SpeakerDLL64.dll
2014-09-04 19:23 - 2010-11-03 18:29 - 01179752 _____ (DTS) C:\Windows\system32\DTSS2HeadphoneDLL64.dll
2014-09-04 19:23 - 2010-11-03 18:29 - 01111656 _____ (DTS) C:\Windows\system32\DTSBoostDLL64.dll
2014-09-04 19:23 - 2010-11-03 18:29 - 00504936 _____ (DTS) C:\Windows\system32\DTSBassEnhancementDLL64.dll
2014-09-04 19:23 - 2010-11-03 18:29 - 00491112 _____ (DTS) C:\Windows\system32\DTSSymmetryDLL64.dll
2014-09-04 19:23 - 2010-11-03 18:29 - 00475752 _____ (DTS) C:\Windows\system32\DTSVoiceClarityDLL64.dll
2014-09-04 19:23 - 2010-11-03 18:29 - 00317032 _____ (DTS) C:\Windows\system32\DTSNeoPCDLL64.dll
2014-09-04 19:23 - 2010-11-03 18:29 - 00269928 _____ (DTS) C:\Windows\system32\DTSLimiterDLL64.dll
2014-09-04 19:23 - 2010-11-03 18:29 - 00266856 _____ (DTS) C:\Windows\system32\DTSGainCompensatorDLL64.dll
2014-09-04 19:23 - 2010-11-03 18:29 - 00126056 _____ (DTS) C:\Windows\system32\DTSLFXAPO64.dll
2014-09-04 19:23 - 2010-11-03 18:29 - 00125544 _____ (DTS) C:\Windows\system32\DTSGFXAPO64.dll
2014-09-04 19:23 - 2010-11-03 18:29 - 00125032 _____ (DTS) C:\Windows\system32\DTSGFXAPONS64.dll
2014-09-04 19:23 - 2010-10-03 13:46 - 00341336 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO30.dll
2014-09-04 19:23 - 2010-09-27 09:34 - 00318808 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO20.dll
2014-09-04 19:23 - 2010-07-22 16:48 - 00220496 _____ (Virage Logic Corporation / Sonic Focus) C:\Windows\system32\SFNHK64.dll
2014-09-04 19:23 - 2010-07-22 16:48 - 00081232 _____ (Virage Logic Corporation / Sonic Focus) C:\Windows\system32\SFCOM64.dll
2014-09-04 19:23 - 2010-07-22 16:48 - 00078160 _____ (Virage Logic Corporation / Sonic Focus) C:\Windows\system32\SFAPO64.dll
2014-09-04 19:23 - 2010-07-22 16:48 - 00074064 _____ (Virage Logic Corporation / Sonic Focus) C:\Windows\SysWOW64\SFCOM.dll
2014-09-04 19:23 - 2010-07-22 16:37 - 00200800 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTAC64.dll
2014-09-04 19:23 - 2010-05-06 17:34 - 00334680 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxVolumeSDAPO.dll
2014-09-04 19:23 - 2009-11-24 09:55 - 00518896 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSTSX64.dll
2014-09-04 19:23 - 2009-11-24 09:55 - 00211184 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSTSH64.dll
2014-09-04 19:23 - 2009-11-24 09:55 - 00198896 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSHP64.dll
2014-09-04 19:23 - 2009-11-24 09:55 - 00155888 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSWOW64.dll
2014-09-04 19:23 - 2009-11-18 18:42 - 02197264 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioEQ.dll
2014-09-04 19:23 - 2009-11-17 18:12 - 00108960 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTAR64.dll
2014-09-04 19:05 - 2014-09-04 19:05 - 00000000 ____H () C:\ProgramData\DP45977C.lfl

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-14 11:13 - 2014-09-11 18:51 - 00000000 ____D () C:\FRST
2014-09-14 11:11 - 2009-07-14 00:45 - 00024656 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-14 11:11 - 2009-07-14 00:45 - 00024656 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-14 11:04 - 2013-04-19 19:39 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-09-14 11:03 - 2014-09-14 11:03 - 00000310 _____ () C:\Windows\PFRO.log
2014-09-14 11:03 - 2014-09-14 01:53 - 00000168 _____ () C:\Windows\setupact.log
2014-09-14 11:03 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-14 11:02 - 2014-04-03 19:00 - 00000000 ____D () C:\AdwCleaner
2014-09-14 11:02 - 2013-12-10 23:10 - 00856475 _____ () C:\Windows\WindowsUpdate.log
2014-09-14 10:32 - 2011-08-22 01:55 - 00000000 ____D () C:\Users\tomi\AppData\Roaming\Skype
2014-09-14 02:51 - 2014-09-14 02:51 - 00008686 _____ () C:\Users\tomi\Documents\gamer.log
2014-09-14 01:53 - 2014-09-14 01:53 - 00000000 _____ () C:\Windows\setuperr.log
2014-09-14 01:45 - 2013-03-06 11:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Machinarium
2014-09-14 01:45 - 2012-12-22 13:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Omnius for Samsung
2014-09-14 01:45 - 2012-02-21 19:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CS Paj¹czek 2000
2014-09-14 01:45 - 2012-02-08 11:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Jewel Quest Heritage
2014-09-14 01:45 - 2012-01-26 13:15 - 00000000 ____D () C:\Users\tomi\AppData\Roaming\DAEMON Tools Pro
2014-09-14 01:45 - 2012-01-23 20:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TomTom
2014-09-14 01:45 - 2011-11-23 20:45 - 00000000 ____D () C:\Users\tomi\AppData\Roaming\uTorrent
2014-09-14 01:45 - 2011-11-13 16:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VobSub
2014-09-14 01:45 - 2011-11-12 11:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Duke Nukem Forever PL
2014-09-14 01:45 - 2011-11-07 14:38 - 00000000 ____D () C:\Users\tomi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\LIMBO
2014-09-14 01:45 - 2011-09-18 17:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Android SDK Tools
2014-09-14 01:37 - 2013-10-30 19:36 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-09-12 20:59 - 2014-09-12 20:59 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-09-11 21:06 - 2014-09-11 21:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-09-11 21:06 - 2014-09-11 21:06 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-09-11 21:06 - 2014-09-11 21:06 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-09-11 20:57 - 2012-01-30 10:58 - 00000000 ____D () C:\PIT Format 2011
2014-09-11 20:54 - 2011-08-29 09:11 - 00000000 ____D () C:\ProgramData\Nero
2014-09-11 20:51 - 2012-01-23 20:30 - 00000000 ____D () C:\Users\tomi\AppData\Local\TomTom
2014-09-11 20:50 - 2011-08-26 23:31 - 00000000 ____D () C:\Program Files (x86)\Brother
2014-09-11 20:50 - 2011-05-19 15:43 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-09-11 20:45 - 2012-10-19 17:00 - 00004004 _____ () C:\Users\tomi\AppData\Roaming\Rim.Desktop.HttpServerSetup.log
2014-09-11 20:45 - 2012-10-19 17:00 - 00000000 ____D () C:\Users\tomi\AppData\Local\Research In Motion
2014-09-11 19:54 - 2011-12-30 10:27 - 00000000 ____D () C:\ProgramData\Rosetta Stone
2014-09-11 18:23 - 2011-08-31 19:41 - 00007680 _____ () C:\Users\tomi\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-09-11 18:09 - 2014-07-03 19:11 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-09 19:11 - 2009-07-14 01:13 - 00780612 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-09 19:04 - 2013-04-19 19:39 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-09-09 19:04 - 2013-04-19 19:39 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-09-09 19:04 - 2011-08-22 05:57 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-09-04 21:59 - 2014-09-04 21:59 - 00000000 ____D () C:\ProgramData\ATI
2014-09-04 21:59 - 2014-09-04 21:59 - 00000000 ____D () C:\Program Files (x86)\AMD AVT
2014-09-04 21:59 - 2014-09-04 21:59 - 00000000 ____D () C:\Program Files (x86)\AMD
2014-09-04 21:59 - 2014-09-04 20:31 - 00000000 ____D () C:\Program Files\AMD
2014-09-04 21:59 - 2011-12-18 11:30 - 00000000 ____D () C:\ProgramData\AMD
2014-09-04 21:58 - 2014-09-04 21:58 - 00060777 _____ () C:\Windows\SysWOW64\CCCInstall_201409042158534383.log
2014-09-04 21:58 - 2014-09-04 21:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Catalyst Control Center
2014-09-04 21:58 - 2011-12-18 11:28 - 00000000 ____D () C:\Program Files\ATI Technologies
2014-09-04 21:53 - 2014-06-04 17:53 - 00000000 ____D () C:\ProgramData\Package Cache
2014-09-04 21:49 - 2011-06-26 15:23 - 00764922 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-09-04 21:44 - 2011-12-18 11:23 - 00000000 ____D () C:\AMD
2014-09-04 20:58 - 2012-02-17 09:54 - 00002521 _____ () C:\Users\tomi\Desktop\cookis.txt
2014-09-04 20:52 - 2014-09-04 20:49 - 00000000 ____D () C:\Users\tomi\AppData\Local\Sparta
2014-09-04 20:50 - 2014-09-04 20:50 - 00000000 ____D () C:\Users\tomi\AppData\Roaming\sparta111
2014-09-04 20:49 - 2014-09-04 20:49 - 56324562 _____ (Realtek Semiconductor Corp.) C:\Users\tomi\Downloads\64bit_Vista_Win7_Win8_R270 [1].exe
2014-09-04 20:49 - 2014-09-04 20:49 - 00004022 _____ () C:\Windows\System32\Tasks\LaunchSignup
2014-09-04 20:31 - 2014-09-04 20:31 - 00000000 ____D () C:\Program Files\Common Files\ATI Technologies
2014-09-04 19:51 - 2014-09-04 19:49 - 00000000 ____D () C:\Program Files (x86)\DriverToolkit
2014-09-04 19:49 - 2014-09-04 19:49 - 00000000 ____D () C:\Users\tomi\AppData\Local\DriverToolkit
2014-09-04 19:25 - 2014-09-04 19:25 - 00000000 ____D () C:\Windows\SysWOW64\RTCOM
2014-09-04 19:23 - 2014-09-04 19:23 - 00000000 ____D () C:\Program Files\Realtek
2014-09-04 19:23 - 2011-06-26 15:23 - 00000000 ___HD () C:\Program Files (x86)\Temp
2014-09-04 19:05 - 2014-09-04 19:05 - 00000000 ____H () C:\ProgramData\DP45977C.lfl
2014-09-04 19:00 - 2012-05-31 21:01 - 00000000 ____D () C:\Program Files (x86)\JDownloader

Some content of TEMP:
====================
C:\Users\tomi\AppData\Local\Temp\Quarantine.exe
C:\Users\tomi\AppData\Local\Temp\SkypeSetup.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-09-06 10:04

==================== End Of Log ============================

[ordynat]

A więc także Adw-Cleaner potwierdza, że nie wyskakują u Ciebie żadne reklamy (nie licząc tych, które są przypisane do konkretnych stron.

Otwórz Notatnik i wklej w nim:

S3 BT; system32\DRIVERS\btnetdrv.sys [X]
S3 BTCOM; system32\DRIVERS\btcomport.sys [X]
S3 BTCOMBUS; System32\Drivers\btcombus.sys [X]
S3 cpuz135; \??\C:\Windows\TEMP\cpuz135\cpuz135_x64.sys [X]
Reg: reg delete "HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes" /f
Reg: reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes" /f
Reg: reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes" /f
FF Plugin HKCU: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll No File
FF Extension: Website Counselor - C:\Users\tomi\AppData\Roaming\Mozilla\Firefox\Profiles\nun30cei.default\Extensions\{cc6cc772-f121-49e0-b1f0-c26583cb0c5e}
C:\Users\tomi\AppData\Roaming\Mozilla\Firefox\Profiles\nun30cei.default\Extensions\{cc6cc772-f121-49e0-b1f0-c26583cb0c5e}
EmptyTemp:

Plik zapisz pod nazwą fixlist.txt i umieść obok FRST. Uruchom FRST i kliknij w Fix. Powstanie plik fixlog.txt. Daj ten log.


.

[tm72]

zgodnie z zaleceniem:

Kod: Zaznacz wszystko

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 12-09-2014
Ran by tomi at 2014-09-14 19:21:26 Run:1
Running from E:\pobrane
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
S3 BT; system32\DRIVERS\btnetdrv.sys [X]
S3 BTCOM; system32\DRIVERS\btcomport.sys [X]
S3 BTCOMBUS; System32\Drivers\btcombus.sys [X]
S3 cpuz135; \??\C:\Windows\TEMP\cpuz135\cpuz135_x64.sys [X]
Reg: reg delete "HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes" /f
Reg: reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes" /f
Reg: reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes" /f
FF Plugin HKCU: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll No File
FF Extension: Website Counselor - C:\Users\tomi\AppData\Roaming\Mozilla\Firefox\Profiles\nun30cei.default\Extensions\{cc6cc772-f121-49e0-b1f0-c26583cb0c5e}
C:\Users\tomi\AppData\Roaming\Mozilla\Firefox\Profiles\nun30cei.default\Extensions\{cc6cc772-f121-49e0-b1f0-c26583cb0c5e}
EmptyTemp:
*****************

BT => Service deleted successfully.
BTCOM => Service deleted successfully.
BTCOMBUS => Service deleted successfully.
cpuz135 => Service deleted successfully.

========= reg delete "HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes" /f =========

'reg' is not recognized as an internal or external command,
operable program or batch file.


========= End of Reg: =========


========= reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes" /f =========

'reg' is not recognized as an internal or external command,
operable program or batch file.


========= End of Reg: =========


========= reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes" /f =========

'reg' is not recognized as an internal or external command,
operable program or batch file.


========= End of Reg: =========

"HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc" => Key deleted successfully.
C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll not found.
FF Extension: Website Counselor - C:\Users\tomi\AppData\Roaming\Mozilla\Firefox\Profiles\nun30cei.default\Extensions\{cc6cc772-f121-49e0-b1f0-c26583cb0c5e} not found.
C:\Users\tomi\AppData\Roaming\Mozilla\Firefox\Profiles\nun30cei.default\Extensions\{cc6cc772-f121-49e0-b1f0-c26583cb0c5e} => Moved successfully.
EmptyTemp: => Removed 13 MB temporary data.


The system needed a reboot.

==== End of Fixlog ====

[ordynat]

'reg' is not recognized as an internal or external command,
operable program or batch file.

Chyba nie jestem "na bieżąco", bo nic mi nie wiadomo o zmianie dotychczas używanych komend.
Trudno, zrobimy to inaczej:
Do Notatnika wklej:

Kod: Zaznacz wszystko

Windows Registry Editor Version 5.00

[-HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes]

[-HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes]

[-HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes]

[-HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes]



Z Menu Notatnika >> Plik >> Zapisz jako >> Ustaw rozszerzenie na Wszystkie pliki >> Zapisz jako> FIX.REG >>
plik uruchom (dwuklik i OK).

Skoro nie ma żadnych przyczyn pojawiania się tych okienek, to kończymy:
W Adw-Cleaner kliknij na przycisk Odinstaluj (UNINSTALL).

Otwórz Notatnik i wklej w nim:

DeleteQuarantine:

Plik zapisz pod nazwą fixlist.txt i umieść obok FRST. Uruchom FRST i kliknij w Fix.
przez SHIFT+DEL usuń pozostały folder C:\FRST
.

Autor postu otrzymał pochwałę

[tm72]

Zrobione... dziekuje. Dodatkowo odinstalowalem firefoxa do czysta wlacznie z rejestrem ... jak narazie nic niepokojacego sie nie dzieje. Dziekuje za pomoc pozdrawiam Tomasz.