przez mikiziom 30 Paź 2011, 10:56
przez wojtas 30 Paź 2011, 16:47
DRV - [2009-08-13 19:54:23 | 000,271,360 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\atksgt.sys -- (atksgt)
DRV - [2009-08-13 19:54:22 | 000,018,048 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\lirsgt.sys -- (lirsgt)
:OTL
IE - HKU\S-1-5-21-746137067-1220945662-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com/?l=dis&o=15183
IE - HKU\S-1-5-21-746137067-1220945662-725345543-1003\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.defaultthis.engineName: "Softonic-Eng7 Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2405280&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.9.1.14019
FF - prefs.js..keyword.URL: "http://websearch.ask.com/redirect?client=ff&src=kw&tb=PF&o=14778&locale=en_US&apn_uid=7639AFCC-A69F-47BF-9220-04FF1B2E217F&apn_ptnrs=VX&apn_sauid=347DD39A-23A6-4829-92F4-09FDFC270F52&apn_dtid=&&q="
[2011-09-28 18:22:36 | 000,000,000 | ---D | M] (Softonic-Eng7 Community Toolbar) -- C:\Documents and Settings\Rivales\Dane aplikacji\Mozilla\Firefox\Profiles\zjthcvon.default\extensions\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}
[2011-10-01 18:27:52 | 000,000,000 | ---D | M] (XfireXO Community Toolbar) -- C:\Documents and Settings\Rivales\Dane aplikacji\Mozilla\Firefox\Profiles\zjthcvon.default\extensions\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}
[2010-09-03 19:47:08 | 000,000,000 | ---D | M] (Torbutton) -- C:\Documents and Settings\Rivales\Dane aplikacji\Mozilla\Firefox\Profiles\zjthcvon.default\extensions\{e0204bd5-9d31-402b-a99d-a6aa8ffebdca}
[2011-04-22 19:34:15 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Documents and Settings\Rivales\Dane aplikacji\Mozilla\Firefox\Profiles\zjthcvon.default\extensions\engine@conduit.com
[2011-09-19 18:01:14 | 000,000,000 | ---D | M] (Ask Toolbar) -- C:\Documents and Settings\Rivales\Dane aplikacji\Mozilla\Firefox\Profiles\zjthcvon.default\extensions\toolbar@ask.com
[2011-10-29 22:17:45 | 000,002,561 | ---- | M] () -- C:\Documents and Settings\Rivales\Dane aplikacji\Mozilla\Firefox\Profiles\zjthcvon.default\searchplugins\askcom.xml
[2010-03-16 11:33:24 | 000,000,929 | ---- | M] () -- C:\Documents and Settings\Rivales\Dane aplikacji\Mozilla\Firefox\Profiles\zjthcvon.default\searchplugins\conduit.xml
[2011-05-21 18:01:37 | 000,002,048 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fcmdSrch.xml
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
[2010-03-30 22:04:29 | 002,131,336 | ---- | C] (Ask.com ) -- C:\Program Files\Common Files\AskToolbarInstaller.exe
[2011-10-29 22:15:47 | 000,000,268 | ---- | M] () -- C:\WINDOWS\tasks\RegistryBooster.job
[2011-10-29 22:15:47 | 000,000,260 | ---- | M] () -- C:\WINDOWS\tasks\SpeedUpMyPC.job
[2011-10-29 22:01:00 | 000,000,238 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2011-05-21 21:32:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rivales\Dane aplikacji\facemoods.com
:Reg
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1039:TCP"=-
"5000:UDP"=-
:Commands
[resethosts]
[emptytemp]
[emptyflash]
przez mikiziom 30 Paź 2011, 19:21
DRV - [2009-08-13 19:54:23 | 000,271,360 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\atksgt.sys -- (atksgt)
DRV - [2009-08-13 19:54:22 | 000,018,048 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\lirsgt.sys -- (lirsgt)
======= REPORT FROM AD-REMOVER 2.0.0.2,G | ONLY XP/VISTA/7 =======
Updated by TeamXscript on 12/04/11
Contact: AdRemover[DOT]contact[AT]gmail[DOT]com
website: http://www.teamxscript.org
C:\Program Files\Ad-Remover\main.exe (SCAN [1]) -> Launched at 17:50:56 on 30/10/2011, Normal boot
Microsoft Windows XP Professional Dodatek Service Pack 3 (X86)
Rivales@FRYDERYK3 ( )
============== SEARCH ==============
Folder found: C:\Documents and Settings\Rivales\Dane aplikacji\Mozilla\FireFox\Profiles\zjthcvon.default\conduit
Folder found: C:\Documents and Settings\Rivales\Dane aplikacji\Mozilla\FireFox\Profiles\zjthcvon.default\ConduitEngine
Folder found: C:\Documents and Settings\Rivales\Ustawienia lokalne\Dane aplikacji\Conduit
Folder found: C:\Program Files\Conduit
-- File opened: C:\Documents and Settings\Rivales\Dane aplikacji\Mozilla\FireFox\Profiles\zjthcvon.default\Prefs.js --
Line found: user_pref("CT2304157.SearchEngine", "Search||hxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_TER...
Line found: user_pref("CT2304157.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT230...
Line found: user_pref("CT2405280.SavedHomepage", "hxxp://www.ask.com?o=14780&l=dis");
Line found: user_pref("CT2405280.SearchEngine", "Search||hxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_TER...
Line found: user_pref("CT2405280.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT240...
Line found: user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/909619/905414/PL", "\"0\"")...
Line found: user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\...
Line found: user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.engine.conduit-services.com/DLG.pkg?ver=3.3.3...
Line found: user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=0", "63...
Line found: user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=3/13/20...
Line found: user_pref("CommunityToolbar.EngineOwner", "ConduitEngine");
Line found: user_pref("CommunityToolbar.EngineOwnerGuid", "engine@conduit.com");
Line found: user_pref("CommunityToolbar.EngineOwnerToolbarId", "conduitengine");
Line found: user_pref("CommunityToolbar.IsEngineShown", true);
Line found: user_pref("CommunityToolbar.IsMyStuffImportedToEngine", true);
Line found: user_pref("CommunityToolbar.MiniIPageGadgetPosition.hxxp://storage.conduit.com/gadgets/snowy2.html?o...
Line found: user_pref("CommunityToolbar.MiniIPageGadgetPosition.hxxp://www.playnow.softendo.com/platform.html", ...
Line found: user_pref("CommunityToolbar.MiniIPageGadgetSize.hxxp://www.xfire.com/toolbar/activityreport", "320x-...
Line found: user_pref("CommunityToolbar.MiniIPageGadgetSize.hxxp://www.xfire.com/toolbar/gamehistory?t=127153986...
Line found: user_pref("CommunityToolbar.MiniIPageGadgetSize.hxxp://www.xfire.com/toolbar/gamehistory?t=127153990...
Line found: user_pref("CommunityToolbar.MiniIPageGadgetSize.hxxp://www.xfire.com/toolbar/gamehistory?t=127153992...
Line found: user_pref("CommunityToolbar.MiniIPageGadgetSize.hxxp://www.xfire.com/toolbar/livevideos", "320x533")...
Line found: user_pref("CommunityToolbar.MiniIPageGadgetSize.hxxp://www.xfire.com/toolbar/livevideos?t=1295966929...
Line found: user_pref("CommunityToolbar.MiniIPageGadgetSize.hxxp://www.xfire.com/toolbar/screenshots?t=128821181...
Line found: user_pref("CommunityToolbar.OriginalEngineOwner", "ConduitEngine");
Line found: user_pref("CommunityToolbar.OriginalEngineOwnerGuid", "engine@conduit.com");
Line found: user_pref("CommunityToolbar.OriginalEngineOwnerToolbarId", "conduitengine");
Line found: user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "chrome://browser-region/locale/region.pr...
Line found: user_pref("CommunityToolbar.ToolbarsList", "CT2304157,CT2405280,ConduitEngine");
Line found: user_pref("CommunityToolbar.ToolbarsList2", "CT2304157,CT2405280");
Line found: user_pref("CommunityToolbar.alert.alertDialogsGetterLastCheckTime", "Fri Apr 22 2011 19:34:47 GMT+02...
Line found: user_pref("CommunityToolbar.alert.alertInfoInterval", 1440);
Line found: user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Fri Jul 01 2011 14:54:31 GMT+0200");
Line found: user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com");
Line found: user_pref("CommunityToolbar.alert.locale", "en");
Line found: user_pref("CommunityToolbar.alert.loginIntervalMin", 1440);
Line found: user_pref("CommunityToolbar.alert.loginLastCheckTime", "Fri Jul 01 2011 19:30:39 GMT+0200");
Line found: user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1305622559");
Line found: user_pref("CommunityToolbar.alert.messageShowTimeSec", 20);
Line found: user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com");
Line found: user_pref("CommunityToolbar.alert.showTrayIcon", false);
Line found: user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300);
Line found: user_pref("CommunityToolbar.alert.userId", "f0ed14a6-14bd-498c-b7b2-ca79f020fcef");
Line found: user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Thu Jan 06 2011 12:24:20 GMT+0100");
Line found: user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Line found: user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Line found: user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT2405280");
Line found: user_pref("CommunityToolbar.twitter.user_21817319.LastCheckTime", "Wed Apr 20 2011 14:12:32 GMT+0200...
Line found: user_pref("ConduitEngine.AppTrackingLastCheckTime", "Sun Jun 19 2011 17:35:32 GMT+0200");
Line found: user_pref("ConduitEngine.CTID", "ConduitEngine");
Line found: user_pref("ConduitEngine.DialogsGetterLastCheckTime", "Sat Jul 02 2011 16:33:06 GMT+0200");
Line found: user_pref("ConduitEngine.FirstServerDate", "04/22/2011 20");
Line found: user_pref("ConduitEngine.FirstTime", true);
Line found: user_pref("ConduitEngine.FirstTimeFF3", true);
Line found: user_pref("ConduitEngine.HasUserGlobalKeys", true);
Line found: user_pref("ConduitEngine.Initialize", true);
Line found: user_pref("ConduitEngine.InitializeCommonPrefs", true);
Line found: user_pref("ConduitEngine.InstalledDate", "Fri Apr 22 2011 19:34:51 GMT+0200");
Line found: user_pref("ConduitEngine.IsMulticommunity", false);
Line found: user_pref("ConduitEngine.IsOpenThankYouPage", false);
Line found: user_pref("ConduitEngine.IsOpenUninstallPage", true);
Line found: user_pref("ConduitEngine.LanguagePackLastCheckTime", "Fri Jul 01 2011 19:30:40 GMT+0200");
Line found: user_pref("ConduitEngine.LastLogin_3.3.3.2", "Sat Jul 02 2011 16:33:06 GMT+0200");
Line found: user_pref("ConduitEngine.SearchFromAddressBarIsInit", true);
Line found: user_pref("ConduitEngine.SettingsLastCheckTime", "Sat Jul 02 2011 16:33:06 GMT+0200");
Line found: user_pref("ConduitEngine.UserID", "UN05705524888871671");
Line found: user_pref("ConduitEngine.componentAlertEnabled", false);
Line found: user_pref("ConduitEngine.engineLocale", "pl");
Line found: user_pref("ConduitEngine.enngineContextMenuLastCheckTime", "Fri Jul 01 2011 19:30:41 GMT+0200");
Line found: user_pref("ConduitEngine.globalFirstTimeInfoLastCheckTime", "Sat Jul 02 2011 16:33:06 GMT+0200");
Line found: user_pref("ConduitEngine.initDone", true);
Line found: user_pref("ConduitEngine.isAppTrackingManagerOn", true);
Line found: user_pref("ConduitEngine.usagesFlag", 2);
Line found: user_pref("extensions.enabledAddons", "ffxtlbr@Facemoods.com:1.4.0,{414b6d9d-4a95-4e8d-b5b1-149dd2d9...
-- File closed --
Key found: HKLM\Software\Classes\Interface\{981334CB-7B8B-431F-B86D-67B7426B125B}
Key found: HKLM\Software\Classes\Interface\{C8D424EF-CB21-49A0-8659-476FBAB0F8E8}
Key found: HKLM\Software\Classes\Toolbar.CT2304157
Key found: HKLM\Software\Classes\Toolbar.CT2405280
Key found: HKLM\Software\Conduit
Key found: HKCU\Software\Conduit
Key found: HKCU\Software\PopCap
Key found: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}
Key found: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}
Key found: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key found: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Value found: HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser|{D4027C7F-154A-4066-A1AD-4243D8127440}
============== ADDITIONNAL SCAN ==============
**** Mozilla Firefox Version [7.0.1 (pl)] ****
HKLM_MozillaPlugins\@idsoftware.com/QuakeLive (x)
HKLM_MozillaPlugins\@nexon.net/NxGame (x)
HKLM_MozillaPlugins\@ngm.nexoneu.com/NxGame (x)
HKLM_MozillaPlugins\@pandonetworks.com/PandoWebPlugin (x)
HKCU_MozillaPlugins\pandonetworks.com/PandoWebPlugin (x)
Searchplugins\allegro-pl.xml (hxxp://www.allegro.pl/search.php?string={searchTerms}&sourceid=Mozilla-search)
Searchplugins\fbc-pl.xml (hxxp://fbc.pionier.net.pl/owoc/results)
Searchplugins\merlin-pl.xml (hxxp://www.merlin.com.pl/frontend/search?sourceid=Mozilla-search&fraza={searchTerms}&skad=crhhxmkohb)
Searchplugins\pwn-pl.xml (hxxp://encyklopedia.pwn.pl/szukaj.php?co={searchTerms})
Searchplugins\wikipedia-pl.xml (hxxp://pl.wikipedia.org/wiki/Specjalna:Szukaj)
Searchplugins\wp-pl.xml (hxxp://szukaj.wp.pl/szukaj.html?z=T&r=T&szukaj={searchTerms})
Components\browsercomps.dll (Mozilla Foundation)
HKLM_Extensions|linkfilter@kaspersky.ru - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\linkfilter@kaspersky.ru
HKLM_Extensions|virtualKeyboard@kaspersky.ru - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\virtualKeyboard@kaspersky.ru
HKLM_Extensions|KavAntiBanner@Kaspersky.ru - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\KavAntiBanner@Kaspersky.ru
-- C:\Documents and Settings\Rivales\Dane aplikacji\Mozilla\FireFox\Profiles\zjthcvon.default --
Extensions\foxyproxy@eric.h.jung (FoxyProxy Standard)
Searchplugins\the-pirate-bay.xml (?)
Prefs.js - browser.download.dir, C:\\Documents and Settings\\Rivales\\Pulpit\\ADDONY
Prefs.js - browser.download.lastDir, C:\\Documents and Settings\\Rivales\\Pulpit
Prefs.js - browser.search.defaultenginename,
Prefs.js - browser.search.defaulturl,
Prefs.js - browser.search.selectedEngine, Google
Prefs.js - browser.startup.homepage, google.pl
Prefs.js - browser.startup.homepage_override.buildID, 20110928134238
Prefs.js - browser.startup.homepage_override.mstone, rv:7.0.1
-- C:\Documents and Settings\Lol\Dane aplikacji\Mozilla\FireFox\Profiles\u1d3r4c1.default --
Prefs.js - browser.startup.homepage_override.buildID, 20110413222027
Prefs.js - browser.startup.homepage_override.mstone, rv:2.0.1
========================================
**** Internet Explorer Version [8.0.6001.18702] ****
HKCU_Main|Search Page - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM_Main|Default_Page_URL - hxxp://go.microsoft.com/fwlink/?LinkId=69157
HKLM_Main|Default_Search_URL - hxxp://go.microsoft.com/fwlink/?LinkId=54896
HKLM_Main|Search Page - hxxp://go.microsoft.com/fwlink/?LinkId=54896
HKLM_Main|Start Page - hxxp://go.microsoft.com/fwlink/?LinkId=69157
AboutUrls|Tabs - hxxp://start.facemoods.com/?a=ddrnw&f=2
HKCU_SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A} - "Facemoods Search" (hxxp://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4)
HKCU_SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} - "Ask Search" (hxxp://websearch.ask.com/redirect?client=ie&tb=PF&o=14778&src=crm&q={searchTerms...)
HKCU_SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b} - "Softonic-Eng7 Customized Web Search" (hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT...)
HKCU_Toolbar\WebBrowser|{D4027C7F-154A-4066-A1AD-4243D8127440} (x)
HKCU_ElevationPolicy\{DD41E1A5-99E5-41BA-8703-6BE974416118} - C:\Program Files\Nero\Nero 10\Nero Burning ROM\nero.exe (Nero AG)
HKLM_ElevationPolicy\66746e3c-a5a7-4363-8abe-6ed4131bf973 - C:\Program Files\XfireXO\XfireXOToolbarHelper.exe (x)
HKLM_ElevationPolicy\db91321d-de04-49e7-9b69-71621c85f45c - C:\Program Files\Softonic-Eng7\Softonic-Eng7ToolbarHelper.exe (x)
HKLM_ElevationPolicy\{3644F00E-747A-44aa-8DC3-139CCBEF5BFB} - C:\Program Files\Pando Networks\Media Booster\PMB.exe (?)
HKLM_ElevationPolicy\{DD41E1A5-99E5-41BA-8703-6BE974416118} - C:\Program Files\Nero\Nero 10\Nero Burning ROM\nero.exe (Nero AG)
HKLM_ElevationPolicy\{FFDF9EF3-3C3A-4f05-9A6E-5D3B778EC567} - C:\Program Files\facemoods.com\facemoods\1.4.17.7\facemoodssrv.exe (x)
========================================
C:\Program Files\Ad-Remover\Quarantine: 0 File(s)
C:\Program Files\Ad-Remover\Backup: 0 File(s)
C:\Ad-Report-SCAN[1].txt - 30/10/2011 17:51:01 (13033 Byte(s))
End at: 17:51:29, 30/10/2011
============== E.O.F ==============
przez wojtas 01 Lis 2011, 16:57
Użytkownicy przeglądający to forum: Brak zarejestrowanych użytkowników oraz 4 gości