cjoint

Publicité


Publicité

Format du document : text/plain

Prévisualisation

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Ultimate x86
Ran by ���� on 06/05/2014 at 21:10:52,30
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-2052750500-952412447-4240874956-1000\Software\Microsoft\Internet Explorer\Main\\Start Page
Suspicious HKCU\..\Run entries found. Trojan:JS/Medfos.B?

Value Name Type Value Data
========================================================================================
BackgroundContainer REG_SZ "C:\Windows\system32\Rundll32.exe" "C:\Users\����\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll",DllRun




~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\baidu
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\conduit
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\installcore
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\softonic
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\startsearch
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\yourfiledownloader
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\conduit
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\conduitsearchscopes
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\crossrider
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\pricegong
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\smartbar
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\sprotector
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2A5A2A90-3B30-4E6E-A955-2F232C6EF517}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2A5A2A90-3B30-4E6E-A955-2F232C6EF517}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\baidu
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\conduit
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\desksvc
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\qvo6software
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\systweak
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\tarma installer
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\yourfiledownloader
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\driverscanner
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\au__rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\au__rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\driverscanner_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\driverscanner_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\optimizerpro_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\optimizerpro_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\systweakasp_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\systweakasp_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\webcakedesktop_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\webcakedesktop_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\optimizer pro_is1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Toolbar.CT2458743
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Toolbar.CT3289075
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110511071178}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110511071178}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SoftonicDownloader_for_free-flash-player_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SoftonicDownloader_for_free-flash-player_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SoftonicDownloader_for_need-for-speed-underground_2_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SoftonicDownloader_for_need-for-speed-underground_2_RASMANCS
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}



~~~ Files

Successfully deleted: [File] "C:\Windows\System32\Tasks\desk 365 runasstduser"
Successfully deleted: [File] "C:\Windows\System32\Tasks\YourFile DownloaderUpdate"
Successfully deleted: [File] "C:\Windows\system32\roboot.exe"
Successfully disinfected: [Shortcut] C:\Users\����\AppData\Roaming\microsoft\windows\start menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\apn"
Successfully deleted: [Folder] "C:\ProgramData\drivergenius"
Successfully deleted: [Folder] "C:\ProgramData\esafe"
Successfully deleted: [Folder] "C:\ProgramData\tarma installer"
Successfully deleted: [Folder] "C:\ProgramData\tencent"
Successfully deleted: [Folder] "C:\Users\����\AppData\Roaming\desk 365"
Successfully deleted: [Folder] "C:\Users\����\AppData\Roaming\opencandy"
Successfully deleted: [Folder] "C:\Users\����\AppData\Roaming\systweak"
Successfully deleted: [Folder] "C:\Users\����\AppData\Roaming\tencent"
Successfully deleted: [Folder] "C:\Users\����\AppData\Roaming\yourfiledownloader"
Successfully deleted: [Folder] "C:\Users\����\appdata\locallow\conduit"
Successfully deleted: [Folder] "C:\Users\����\appdata\locallow\pricegong"
Successfully deleted: [Folder] "C:\Users\����\Local Settings\Application Data\conduit"
Successfully deleted: [Folder] "C:\Users\����\Local Settings\Application Data\cre"
Successfully deleted: [Folder] "C:\Users\����\Local Settings\Application Data\mobogenie"
Successfully deleted: [Folder] "C:\Users\����\Local Settings\Application Data\swvupdater"
Successfully deleted: [Folder] "C:\Users\����\Local Settings\Application Data\tempdir"
Successfully deleted: [Folder] "C:\Program Files\baidu"
Successfully deleted: [Folder] "C:\Program Files\conduit"
Successfully deleted: [Folder] "C:\Program Files\desk 365"
Successfully deleted: [Folder] "C:\Program Files\driver-soft"
Successfully deleted: [Folder] "C:\Program Files\tencent"



~~~ FireFox

Successfully deleted: [File] C:\Users\����\AppData\Roaming\mozilla\firefox\profiles\itpaaoqb.default\user.js
Successfully deleted: [File] C:\Users\����\AppData\Roaming\mozilla\firefox\profiles\itpaaoqb.default\invalidprefs.js
Successfully deleted: [Folder] C:\Users\����\AppData\Roaming\mozilla\firefox\profiles\itpaaoqb.default\smartbar
Successfully deleted the following from C:\Users\����\AppData\Roaming\mozilla\firefox\profiles\itpaaoqb.default\prefs.js

user_pref("CT3289075.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
user_pref("CT3289075.FirstTime", "true");
user_pref("CT3289075.FirstTimeFF3", "true");
user_pref("CT3289075.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3289075&SearchSource=2&CUI=UN30805091177079268&UM=&q=");
user_pref("CT3289075.UserID", "UN30805091177079268");
user_pref("CT3289075.addressBarTakeOverEnabledInHidden", "true");
user_pref("CT3289075.browser.search.defaultthis.engineName", true);
user_pref("CT3289075.countryCode", "DZ");
user_pref("CT3289075.firstTimeDialogOpened", "true");
user_pref("CT3289075.fixPageNotFoundErrorByUser", "TRUE");
user_pref("CT3289075.fixPageNotFoundErrorInHidden", "true");
user_pref("CT3289075.fullUserID", "UN30805091177079268.IN.20130814051136");
user_pref("CT3289075.homepageuserchanged", true);
user_pref("CT3289075.installType", "Unknown");
user_pref("CT3289075.installUsage", "2013-12-28T07:46:42.4897896+03:00");
user_pref("CT3289075.installUsageEarly", "2013-12-28T02:07:19.74166+03:00");
user_pref("CT3289075.installerVersion", "1.5.4.4");
user_pref("CT3289075.isCheckedStartAsHidden", true);
user_pref("CT3289075.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
user_pref("CT3289075.isFirstTimeToolbarLoading", "false");
user_pref("CT3289075.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
user_pref("CT3289075.isWelcomPage", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
user_pref("CT3289075.keyword", true);
user_pref("CT3289075.lastNewTabSettings", "{\"isEnabled\":true,\"newTabUrl\":\"hxxp://search.conduit.com/?ctid=CT3289075&octid=CT3289075&SearchSource=15&CUI=UN3080509117707926
user_pref("CT3289075.lastVersion", "10.20.0.513");
user_pref("CT3289075.mam_gk_installer_preapproved.enc", "ZmFsc2U=");
user_pref("CT3289075.navigationAliasesJson", "{\"EB_MAIN_FRAME_URL\":\"hxxps%3A%2F%2Fwww.facebook.com%2Ffadi.yasiine.92%2Fposts%2F1411609632411187%3Fcomment_id%3D118002%26offs
user_pref("CT3289075.originalHomepage", "hxxps://www.google.dz/");
user_pref("CT3289075.originalSearchAddressUrl", "");
user_pref("CT3289075.originalSearchEngine", "qvo6");
user_pref("CT3289075.originalSearchEngineName", "qvo6");
user_pref("CT3289075.searchFromAddressBarEnabledByUser", "true");
user_pref("CT3289075.searchInNewTabEnabledByUser", "true");
user_pref("CT3289075.searchInNewTabEnabledInHidden", "true");
user_pref("CT3289075.searchSuggestEnabledByUser", "TRUE");
user_pref("CT3289075.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
user_pref("CT3289075.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
user_pref("CT3289075.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\"}");
user_pref("CT3289075.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"data\":\"CT3289075\"}");
user_pref("CT3289075.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"string\",\"data\":\"hxxp://uTorrentControlv6.OurToolbar.com//xpi\"}");
user_pref("CT3289075.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"string\",\"data\":\"uTorrentControl_v6 \"}");
user_pref("CT3289075.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data\":\"true\"}");
user_pref("CT3289075.serviceLayer_service_usage_toolbarUsageCount", "{\"dataType\":\"number\",\"data\":\"2\"}");
user_pref("CT3289075.serviceLayer_services_Configuration_lastUpdate", "1388356554277");
user_pref("CT3289075.serviceLayer_services_installUsage_ToolbarInstallEarly_lastUpdate", "1388185639724");
user_pref("CT3289075.serviceLayer_services_installUsage_ToolbarInstall_lastUpdate", "1388206002414");
user_pref("CT3289075.serviceLayer_services_login_10.20.0.513_lastUpdate", "1388421318771");
user_pref("CT3289075.serviceLayer_services_searchAPI_lastUpdate", "1388356553645");
user_pref("CT3289075.serviceLayer_services_serviceMap_lastUpdate", "1388356553621");
user_pref("CT3289075.serviceLayer_services_toolbarSettings_lastUpdate", "1388429621515");
user_pref("CT3289075.serviceLayer_services_translation_lastUpdate", "1388348684220");
user_pref("CT3289075.settingsINI", true);
user_pref("CT3289075.showToolbarPermission", "false");
user_pref("CT3289075.smartbar.CTID", "CT3289075");
user_pref("CT3289075.smartbar.Uninstall", "0");
user_pref("CT3289075.smartbar.homepage", true);
user_pref("CT3289075.smartbar.toolbarName", "uTorrentControl_v6 ");
user_pref("CT3289075.toolbarBornServerTime", "28-12-2013");
user_pref("CT3289075.toolbarCurrentServerTime", "30-12-2013");
user_pref("CT3289075.toolbarDisabled", "true");
user_pref("CT3289075.toolbarLoginClientTime", "Sat Dec 28 2013 05:46:42 GMT+0100");
user_pref("CT3289075.versionFromInstaller", "10.16.70.7");
user_pref("CT3289075.xpeMode", "0");
user_pref("CT3289075_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1388426713390,\"isWithState\":\"\",\"timeFromStart\":0,\"timeFromPrev\":0}
user_pref("Smartbar.ConduitHomepagesList", "");
user_pref("Smartbar.ConduitSearchEngineList", "");
user_pref("Smartbar.ConduitSearchUrlList", "");
user_pref("Smartbar.keywordURLSelectedCTID", "CT3289075");
user_pref("aol_toolbar.default.homepage.check", false);
user_pref("aol_toolbar.default.search.check", false);
user_pref("extensions.BabylonToolbar.prtkDS", 0);
user_pref("extensions.BabylonToolbar.prtkHmpg", 0);
user_pref("extensions.buenosearch.tb_url", "hxxp://www.buenosearch.com/?q={searchTerms}&babsrc=TB_ss&mntrId=9C00062163D7C346&affID=128235&tsp=5206");
user_pref("extensions.buenosearch.tlbrSrchUrl", "hxxp://www.buenosearch.com/?q={searchTerms}&babsrc=TB_ss&mntrId=9C00062163D7C346&affID=128235&tsp=5206");
user_pref("extensions.crossrider.bic", "14485291acc26c4e1b0482c08d0f0730");
user_pref("extensions.ffxtlbr@buenosearch.com.install-event-fired", true);
user_pref("smartbar.addressBarOwnerCTID", "CT3289075");
user_pref("smartbar.conduitHomepageList", "hxxp://search.conduit.com/?ctid=CT3289075&SearchSource=13&CUI=UN30805091177079268");
user_pref("smartbar.conduitSearchAddressUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3289075&SearchSource=2&CUI=UN30805091177079268&UM=&q=");
user_pref("smartbar.defaultSearchOwnerCTID", "CT3289075");
user_pref("smartbar.homePageOwnerCTID", "CT3289075");
user_pref("smartbar.machineId", "FNCGFWYF2VI0ZLEFKSRC2PKVTTKJFA4JYRJAAE7FPDB56QG6BIQYQDLYNXMIPZ1LNUYSWP9JF8KLJMG2R8BAMA");
user_pref("sweetim.toolbar.previous.browser.startup.homepage", "");
user_pref("sweetim.toolbar.scripts.1.domain-blacklist", "");
user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_DS", "");
user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_HP", "");
user_pref("sweetim.toolbar.searchguard.enable", "");
Emptied folder: C:\Users\����\AppData\Roaming\mozilla\firefox\profiles\itpaaoqb.default\minidumps [104 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 06/05/2014 at 21:16:49,68
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Publicité


Signaler le contenu de ce document

Publicité