cjoint

Publicité


Publicité

Format du document : text/plain

Prévisualisation

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows Vista (TM) Home Premium x86
Ran by yohw on 05/05/2014 at 21:14:37,86
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Suspicious HKCU\..\Run entries found. Trojan:JS/Medfos.B?

Value Name Type Value Data
========================================================================================
D86 REG_SZ rundll32.exe C:\Users\yohw\AppData\Local\Temp\Dw.dll,W
DFun REG_SZ rundll32.exe C:\Users\yohw\AppData\Local\Temp\DFun.dll,W




~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-3295206478-903246448-1930125838-1000\Software\sweetim
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110311531129}



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\apn"



~~~ FireFox

Successfully deleted: [Folder] C:\Users\yohw\AppData\Roaming\mozilla\firefox\profiles\m1avtl3o.default\extensions\8hffxtbr@allin1convert_8h.com
Successfully deleted the following from C:\Users\yohw\AppData\Roaming\mozilla\firefox\profiles\m1avtl3o.default\prefs.js

user_pref("extensions.toolbar.mindspark._8hMembers_.BUTTON_STRUCTURE", "[{\"b\":221360012,\"c\":\"mindspark.magnify\",\"p\":\"L.0\"},{\"b\":221360013,\"c\":\"mindspark.enterse
user_pref("extensions.toolbar.mindspark._8hMembers_.firstKnownVersion", "6.33.3.42841");
user_pref("extensions.toolbar.mindspark._8hMembers_.homepage", "hxxp://home.tb.ask.com/index.jhtml?ptb=676581D6-8423-4BFD-B0E2-C21092D54D0F&n=780bf8cd&p2=^AYY^xdm073^YYA^fr&si
user_pref("extensions.toolbar.mindspark._8hMembers_.initialized", true);
user_pref("extensions.toolbar.mindspark._8hMembers_.installKeysSource", "LocalStorage");
user_pref("extensions.toolbar.mindspark._8hMembers_.installType", "XPI");
user_pref("extensions.toolbar.mindspark._8hMembers_.installation.contextKey", "");
user_pref("extensions.toolbar.mindspark._8hMembers_.installation.installDate", "2014050509");
user_pref("extensions.toolbar.mindspark._8hMembers_.installation.partnerId", "^AYY^xdm073^YYA^fr");
user_pref("extensions.toolbar.mindspark._8hMembers_.installation.partnerSubId", "flvrunner");
user_pref("extensions.toolbar.mindspark._8hMembers_.installation.pixelUrl", "hxxp://allin1convert.dl.tb.ask.com/install_pixels.jhtml?partner=^AYY^xdm073^YYA^fr&coId=fd21f8672b
user_pref("extensions.toolbar.mindspark._8hMembers_.installation.success", true);
user_pref("extensions.toolbar.mindspark._8hMembers_.installation.toolbarId", "676581D6-8423-4BFD-B0E2-C21092D54D0F");
user_pref("extensions.toolbar.mindspark._8hMembers_.isCompliantUninstallImplementation", true);
user_pref("extensions.toolbar.mindspark._8hMembers_.lastActivePing", "1399316851953");
user_pref("extensions.toolbar.mindspark._8hMembers_.lastKnownVersion", "6.33.3.42841");
user_pref("extensions.toolbar.mindspark._8hMembers_.options.defaultSearch", false);
user_pref("extensions.toolbar.mindspark._8hMembers_.options.homePageEnabled", false);
user_pref("extensions.toolbar.mindspark._8hMembers_.options.keywordEnabled", false);
user_pref("extensions.toolbar.mindspark._8hMembers_.options.tabEnabled", false);
user_pref("extensions.toolbar.mindspark._8hMembers_.partnerPixelFired", true);
user_pref("extensions.toolbar.mindspark._8hMembers_.successUrl", "hxxp://flvrunner.com/thankyou.php");
user_pref("extensions.toolbar.mindspark._8hMembers_.toolbarCollapsed", false);
user_pref("extensions.toolbar.mindspark.lastInstalled", "allin1convert@mindspark.com");
Emptied folder: C:\Users\yohw\AppData\Roaming\mozilla\firefox\profiles\m1avtl3o.default\minidumps [13 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 05/05/2014 at 21:16:37,44
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Publicité


Signaler le contenu de ce document

Publicité