# AdwCleaner v4.206 - Utworzono raport 02/06/2015 o 22:12:57 # Ostatnia aktualizacja 01/06/2015 przez Xplode # Baza danych : 2015-06-01.1 [Serwer] # System operacyjny : Windows 7 Home Premium Service Pack 1 (x64) # Nazwa użytkownika : Jarek - JAREK-KOMPUTER # Uruchomiony z : C:\Users\Jarek\Desktop\AdwCleaner.exe # Działanie : Skanuj ***** [ Usługi ] ***** ***** [ Pliki / Foldery ] ***** Folder znaleziono : C:\Program Files (x86)\LighterModulator Folder znaleziono : C:\Program Files (x86)\PreiceMiNeus Folder znaleziono : C:\ProgramData\{c8639b7e-2740-b0be-c863-39b7e2746df8} Folder znaleziono : C:\Users\Jarek\AppData\Roaming\OpenCandy Plik znaleziono : C:\Users\Jarek\AppData\Roaming\Mozilla\Firefox\Profiles\uwhpv49q.default\searchplugins\mystartsearch.xml ***** [ Zaplanowane zadania ] ***** Zadanie znaleziono : LaunchPreSignup ***** [ Skróty ] ***** Skrót Zainfekowany : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk Skrót Zainfekowany : C:\Users\Jarek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk Skrót Zainfekowany : C:\Users\Jarek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk Skrót Zainfekowany : C:\Users\Jarek\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk Skrót Zainfekowany : C:\Users\Jarek\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Internet Explorer.lnk Skrót Zainfekowany : C:\Users\Jarek\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Mozilla Firefox.lnk ***** [ Rejestr ] ***** Dane znaleziono : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command [(Default)] - C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.mystartsearch.com/?type=sc&ts=1433270316&z=90ace1d312c53c1e0faa49dg4zcc7cdo2m2e3c4g8w&from=wpc&uid=ST9250315AS_5VC91H7LXXXX5VC91H7L Klucz znaleziono : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\mystartsearch.com Klucz znaleziono : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.mystartsearch.com Klucz znaleziono : HKCU\Software\Mozilla\Extends Klucz znaleziono : HKLM\SOFTWARE\38ac85f7-e7c2-5052-25f8-c2bea24a2aa1 Klucz znaleziono : HKLM\SOFTWARE\Classes\TypeLib\{803C743C-7D37-4334-8BB0-B7716237AED6} Klucz znaleziono : HKLM\SOFTWARE\FFPluginHp Klucz znaleziono : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} Klucz znaleziono : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{06B99631-BFA2-3B7A-F58B-D067C2BA59B7} Klucz znaleziono : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4820778D-AB0D-6D18-C316-52A6A0E1D507} Klucz znaleziono : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AD11DADE-C597-45D9-D8C5-1D2EB0B89613} Klucz znaleziono : HKLM\SOFTWARE\mystartsearchSoftware Klucz znaleziono : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} Wartość znaleziono : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [searchffv2@gmail.com] Wartość znaleziono : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [sweetsearch@gmail.com] ***** [ Przeglądarki internetowe ] ***** -\\ Internet Explorer v11.0.9600.17801 Ustawienia znaleziono : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL] - hxxp://www.mystartsearch.com/web/?type=ds&ts=1433270316&z=90ace1d312c53c1e0faa49dg4zcc7cdo2m2e3c4g8w&from=wpc&uid=ST9250315AS_5VC91H7LXXXX5VC91H7L&q={searchTerms} Ustawienia znaleziono : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL] - hxxp://www.mystartsearch.com/?type=hp&ts=1433270316&z=90ace1d312c53c1e0faa49dg4zcc7cdo2m2e3c4g8w&from=wpc&uid=ST9250315AS_5VC91H7LXXXX5VC91H7L Ustawienia znaleziono : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page] - hxxp://www.mystartsearch.com/?type=hp&ts=1433270316&z=90ace1d312c53c1e0faa49dg4zcc7cdo2m2e3c4g8w&from=wpc&uid=ST9250315AS_5VC91H7LXXXX5VC91H7L Ustawienia znaleziono : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page] - hxxp://www.mystartsearch.com/web/?type=ds&ts=1433270316&z=90ace1d312c53c1e0faa49dg4zcc7cdo2m2e3c4g8w&from=wpc&uid=ST9250315AS_5VC91H7LXXXX5VC91H7L&q={searchTerms} Ustawienia znaleziono : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL] - hxxp://www.mystartsearch.com/web/?type=ds&ts=1433270316&z=90ace1d312c53c1e0faa49dg4zcc7cdo2m2e3c4g8w&from=wpc&uid=ST9250315AS_5VC91H7LXXXX5VC91H7L&q={searchTerms} Ustawienia znaleziono : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL] - hxxp://www.mystartsearch.com/?type=hp&ts=1433270316&z=90ace1d312c53c1e0faa49dg4zcc7cdo2m2e3c4g8w&from=wpc&uid=ST9250315AS_5VC91H7LXXXX5VC91H7L Ustawienia znaleziono : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page] - hxxp://www.mystartsearch.com/?type=hp&ts=1433270316&z=90ace1d312c53c1e0faa49dg4zcc7cdo2m2e3c4g8w&from=wpc&uid=ST9250315AS_5VC91H7LXXXX5VC91H7L Ustawienia znaleziono : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page] - hxxp://www.mystartsearch.com/web/?type=ds&ts=1433270316&z=90ace1d312c53c1e0faa49dg4zcc7cdo2m2e3c4g8w&from=wpc&uid=ST9250315AS_5VC91H7LXXXX5VC91H7L&q={searchTerms} -\\ Mozilla Firefox v38.0.5 (x86 pl) [uwhpv49q.default] - Linia znaleziono : user_pref("browser.newtab.url", "chrome://quick_start/content/index.html"); [uwhpv49q.default] - Linia znaleziono : user_pref("browser.search.defaultenginename", "mystartsearch"); [uwhpv49q.default] - Linia znaleziono : user_pref("browser.search.searchengine.alias", "mystartsearch"); [uwhpv49q.default] - Linia znaleziono : user_pref("browser.search.searchengine.name", "mystartsearch"); [uwhpv49q.default] - Linia znaleziono : user_pref("browser.search.selectedEngine", "mystartsearch"); [uwhpv49q.default] - Linia znaleziono : user_pref("extensions.FGCOzbj3FxtpjuDC.scode", "(function(){try{if(window.location.href.indexOf(\"rHCGqTw9pda6pds7pjg7rjr4qa\")>-1){return;}}catch(e){}try{var d=[[\"investkingdom.com\",\"www.viracure.[...] [uwhpv49q.default] - Linia znaleziono : user_pref("extensions.jlYDadX13G6hp2rl.scode", "(function(){try{if(window.location.href.indexOf(\"rHCGqTw9pda6pds7pjg7rjr4qa\")>-1){return;}}catch(e){}try{var d=[[\"investkingdom.com\",\"www.viracure.[...] [uwhpv49q.default] - Linia znaleziono : user_pref("extensions.quick_start.enable_search1", false); [uwhpv49q.default] - Linia znaleziono : user_pref("extensions.quick_start.sd.closeWindowWithLastTab_prev_state", false); ************************* AdwCleaner[R0].txt - [6638 bajty] - [02/06/2015 22:12:57] ########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [6697 bajty] ##########