Publicité
Publicité
Format du document : text/plain
Prévisualisation
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.6 (04.25.2016)
Operating System: Windows 10 Pro x86
Ran by ZAKARIA (Administrator) on 25/06/2016 at 19:10:07,83
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
File System: 37
Failed to delete: C:\Program Files\deal keeper (Folder)
Failed to delete: C:\WINDOWS\System32\Drivers\{0fda9c93-3a61-4e7b-9de1-48ce3054563e}w.sys (File)
Failed to delete: C:\WINDOWS\System32\Drivers\{26b8f333-820a-48b4-aa9a-a6a76289f88a}w.sys (File)
Failed to delete: C:\WINDOWS\System32\Drivers\{55dce8ba-9dec-4013-937e-adbf9317d990}Gw.sys (File)
Failed to delete: C:\WINDOWS\System32\Drivers\{55dce8ba-9dec-4013-937e-adbf9317d990}w.sys (File)
Failed to delete: C:\WINDOWS\System32\Drivers\{7e4355b8-96cd-43eb-b59a-82af29f01b16}w.sys (File)
Failed to delete: C:\WINDOWS\System32\Drivers\{871e60bd-7aec-4938-a4b2-ffde58590efe}w.sys (File)
Failed to delete: C:\WINDOWS\System32\Drivers\{90cc1263-21fe-47ef-9b7b-ff9ce4f068f1}w.sys (File)
Failed to delete: C:\WINDOWS\System32\Drivers\{999a4cbb-05c0-4612-9e48-e2b9897a2c6f}w.sys (File)
Failed to delete: C:\WINDOWS\System32\Drivers\{a5b0d4ec-75a8-4454-a9c1-5675585828ec}w.sys (File)
Failed to delete: C:\WINDOWS\System32\Drivers\{af7618ea-6d4f-47e5-9e06-5f808487ae22}w.sys (File)
Failed to delete: C:\WINDOWS\System32\Drivers\{eb8709c5-52a2-49ef-9341-2b49aaf413b8}w.sys (File)
Successfully deleted: C:\Program Files\mozilla firefox\defaults\pref\itms.js (File)
Successfully deleted: C:\Program Files\yessearches-bnd (Folder)
Successfully deleted: C:\ProgramData\72c752d9-16d3-0 (Folder)
Successfully deleted: C:\ProgramData\72c752d9-3167-1 (Folder)
Successfully deleted: C:\Users\ZAKARIA\AppData\Local\crashrpt (Folder)
Successfully deleted: C:\Users\ZAKARIA\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkmjljdbbgogihjcapfhgkonfmccbffp (Folder)
Successfully deleted: C:\Users\ZAKARIA\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_st.chatango.com_0.localstorage-journal (File)
Successfully deleted: C:\Users\ZAKARIA\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_st.chatango.com_0.localstorage (File)
Successfully deleted: C:\Users\ZAKARIA\AppData\Local\updateadmin (Folder)
Successfully deleted: C:\Users\ZAKARIA\Appdata\LocalLow\datamngr (Folder)
Successfully deleted: C:\Users\ZAKARIA\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\extensions\{B64D9B05-48E1-4CEB-BF58-E0643994E900}.xpi (File)
Successfully deleted: C:\Users\ZAKARIA\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\extensions\veggy@veggyAddon.com (Folder)
Successfully deleted: C:\Users\ZAKARIA\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\searchplugins\search-simple.xml (File)
Successfully deleted: C:\Users\ZAKARIA\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\user.js (File)
Successfully deleted: C:\Users\ZAKARIA\AppData\Roaming\Mozilla\Firefox\Profiles\ftojwf3q.default\extensions\veggy@veggyAddon.com (Folder)
Successfully deleted: C:\Users\ZAKARIA\AppData\Roaming\Mozilla\Firefox\Profiles\ftojwf3q.default\searchplugins\search-simple.xml (File)
Successfully deleted: C:\Users\ZAKARIA\AppData\Roaming\Mozilla\Firefox\Profiles\ftojwf3q.default\user.js (File)
Successfully deleted: C:\Users\ZAKARIA\AppData\Roaming\opencandy (Folder)
Successfully deleted: C:\Users\ZAKARIA\AppData\Roaming\performersoft (Folder)
Successfully deleted: C:\WINDOWS\reimage.ini (File)
Successfully deleted: C:\WINDOWS\System32\Tasks\LaunchSignup (Task)
Successfully deleted: C:\WINDOWS\System32\Tasks\Yahoo! Search Updater (Task)
Successfully deleted: C:\Program Files\avg security toolbar (Folder)
Successfully deleted: C:\WINDOWS\prefetch\DRIVER_INSTALLER.EXE-BDF05675.pf (File)
Successfully deleted: C:\WINDOWS\System32\roboot.exe (File)
Deleted the following from C:\Users\ZAKARIA\AppData\Roaming\Mozilla\Firefox\Profiles\ftojwf3q.default\prefs.js
user_pref(browser.startup.homepage, hxxp://fr.search.yahoo.com/?fr=hp-ddc-bd&type=pr-bfr-10013__alt__ddc_dsssyc_bd_com);
user_pref(extensions.eshield.SearchEngineUrl, hxxp://search.eshield.com/serp?guid={C41A4E3C-FACC-4D15-B300-377037CE3C3B}&action=default_search&k={searchTerms});
user_pref(extensions.tnt.engine.alias, Search.us.com);
user_pref(extensions.tnt.engine.url, hxxp://search.eshield.com/serp?guid={C41A4E3C-FACC-4D15-B300-377037CE3C3B}&action=default_search&k={searchTerms});
user_pref(extensions.tnt.newtaburl, hxxp://services.eshield.com/general/newhometab.php?hometab=tab&partner=11677&guid={C41A4E3C-FACC-4D15-B300-377037CE3C3B}&i=);
user_pref(plugin.state.npconduitfirefoxplugin, 0);
Registry: 27
Successfully deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\UpdateAdmin (Registry Value)
Successfully deleted: HKLM\Software\Google\Chrome\Extensions\dkmjljdbbgogihjcapfhgkonfmccbffp (Registry Key)
Successfully deleted: HKLM\SYSTEM\CurrentControlSet\services\{0fda9c93-3a61-4e7b-9de1-48ce3054563e}w (Registry Key)
Successfully deleted: HKLM\SYSTEM\CurrentControlSet\services\{26b8f333-820a-48b4-aa9a-a6a76289f88a}w (Registry Key)
Successfully deleted: HKLM\SYSTEM\CurrentControlSet\services\{55dce8ba-9dec-4013-937e-adbf9317d990}Gw (Registry Key)
Successfully deleted: HKLM\SYSTEM\CurrentControlSet\services\{55dce8ba-9dec-4013-937e-adbf9317d990}w (Registry Key)
Successfully deleted: HKLM\SYSTEM\CurrentControlSet\services\{7e4355b8-96cd-43eb-b59a-82af29f01b16}w (Registry Key)
Successfully deleted: HKLM\SYSTEM\CurrentControlSet\services\{871e60bd-7aec-4938-a4b2-ffde58590efe}w (Registry Key)
Successfully deleted: HKLM\SYSTEM\CurrentControlSet\services\{90cc1263-21fe-47ef-9b7b-ff9ce4f068f1}w (Registry Key)
Successfully deleted: HKLM\SYSTEM\CurrentControlSet\services\{999a4cbb-05c0-4612-9e48-e2b9897a2c6f}w (Registry Key)
Successfully deleted: HKLM\SYSTEM\CurrentControlSet\services\{a5b0d4ec-75a8-4454-a9c1-5675585828ec}w (Registry Key)
Successfully deleted: HKLM\SYSTEM\CurrentControlSet\services\{af7618ea-6d4f-47e5-9e06-5f808487ae22}w (Registry Key)
Successfully deleted: HKLM\SYSTEM\CurrentControlSet\services\{eb8709c5-52a2-49ef-9341-2b49aaf413b8}w (Registry Key)
Successfully deleted: HKLM\SYSTEM\CurrentControlSet\services\MaintainerSvc2.02.5636706 (Registry Key)
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL (Registry Value)
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\Main\\Start Page (Registry Value)
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} (Registry Value)
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} (Registry Value)
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{99AD1FE4-B45F-47C8-966A-BCD80038DB56} (Registry Key)
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2514} (Registry Key)
Successfully deleted: HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2514} (Registry Key)
Successfully deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1ec8187a-6435-44e3-bbe4-6ce6d3c69254} (Registry Key)
Successfully deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233} (Registry Key)
Successfully deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} (Registry Key)
Successfully deleted: HKLM\Software\Microsoft\Internet Explorer\AboutURLs\\Tabs (Registry Value)
Successfully deleted: HKLM\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL (Registry Value)
Successfully deleted: HKLM\Software\Microsoft\Internet Explorer\Main\\Start Page (Registry Value)
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 25/06/2016 at 19:14:27,24
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.6 (04.25.2016)
Operating System: Windows 10 Pro x86
Ran by ZAKARIA (Administrator) on 25/06/2016 at 19:10:07,83
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
File System: 37
Failed to delete: C:\Program Files\deal keeper (Folder)
Failed to delete: C:\WINDOWS\System32\Drivers\{0fda9c93-3a61-4e7b-9de1-48ce3054563e}w.sys (File)
Failed to delete: C:\WINDOWS\System32\Drivers\{26b8f333-820a-48b4-aa9a-a6a76289f88a}w.sys (File)
Failed to delete: C:\WINDOWS\System32\Drivers\{55dce8ba-9dec-4013-937e-adbf9317d990}Gw.sys (File)
Failed to delete: C:\WINDOWS\System32\Drivers\{55dce8ba-9dec-4013-937e-adbf9317d990}w.sys (File)
Failed to delete: C:\WINDOWS\System32\Drivers\{7e4355b8-96cd-43eb-b59a-82af29f01b16}w.sys (File)
Failed to delete: C:\WINDOWS\System32\Drivers\{871e60bd-7aec-4938-a4b2-ffde58590efe}w.sys (File)
Failed to delete: C:\WINDOWS\System32\Drivers\{90cc1263-21fe-47ef-9b7b-ff9ce4f068f1}w.sys (File)
Failed to delete: C:\WINDOWS\System32\Drivers\{999a4cbb-05c0-4612-9e48-e2b9897a2c6f}w.sys (File)
Failed to delete: C:\WINDOWS\System32\Drivers\{a5b0d4ec-75a8-4454-a9c1-5675585828ec}w.sys (File)
Failed to delete: C:\WINDOWS\System32\Drivers\{af7618ea-6d4f-47e5-9e06-5f808487ae22}w.sys (File)
Failed to delete: C:\WINDOWS\System32\Drivers\{eb8709c5-52a2-49ef-9341-2b49aaf413b8}w.sys (File)
Successfully deleted: C:\Program Files\mozilla firefox\defaults\pref\itms.js (File)
Successfully deleted: C:\Program Files\yessearches-bnd (Folder)
Successfully deleted: C:\ProgramData\72c752d9-16d3-0 (Folder)
Successfully deleted: C:\ProgramData\72c752d9-3167-1 (Folder)
Successfully deleted: C:\Users\ZAKARIA\AppData\Local\crashrpt (Folder)
Successfully deleted: C:\Users\ZAKARIA\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkmjljdbbgogihjcapfhgkonfmccbffp (Folder)
Successfully deleted: C:\Users\ZAKARIA\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_st.chatango.com_0.localstorage-journal (File)
Successfully deleted: C:\Users\ZAKARIA\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_st.chatango.com_0.localstorage (File)
Successfully deleted: C:\Users\ZAKARIA\AppData\Local\updateadmin (Folder)
Successfully deleted: C:\Users\ZAKARIA\Appdata\LocalLow\datamngr (Folder)
Successfully deleted: C:\Users\ZAKARIA\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\extensions\{B64D9B05-48E1-4CEB-BF58-E0643994E900}.xpi (File)
Successfully deleted: C:\Users\ZAKARIA\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\extensions\veggy@veggyAddon.com (Folder)
Successfully deleted: C:\Users\ZAKARIA\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\searchplugins\search-simple.xml (File)
Successfully deleted: C:\Users\ZAKARIA\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\user.js (File)
Successfully deleted: C:\Users\ZAKARIA\AppData\Roaming\Mozilla\Firefox\Profiles\ftojwf3q.default\extensions\veggy@veggyAddon.com (Folder)
Successfully deleted: C:\Users\ZAKARIA\AppData\Roaming\Mozilla\Firefox\Profiles\ftojwf3q.default\searchplugins\search-simple.xml (File)
Successfully deleted: C:\Users\ZAKARIA\AppData\Roaming\Mozilla\Firefox\Profiles\ftojwf3q.default\user.js (File)
Successfully deleted: C:\Users\ZAKARIA\AppData\Roaming\opencandy (Folder)
Successfully deleted: C:\Users\ZAKARIA\AppData\Roaming\performersoft (Folder)
Successfully deleted: C:\WINDOWS\reimage.ini (File)
Successfully deleted: C:\WINDOWS\System32\Tasks\LaunchSignup (Task)
Successfully deleted: C:\WINDOWS\System32\Tasks\Yahoo! Search Updater (Task)
Successfully deleted: C:\Program Files\avg security toolbar (Folder)
Successfully deleted: C:\WINDOWS\prefetch\DRIVER_INSTALLER.EXE-BDF05675.pf (File)
Successfully deleted: C:\WINDOWS\System32\roboot.exe (File)
Deleted the following from C:\Users\ZAKARIA\AppData\Roaming\Mozilla\Firefox\Profiles\ftojwf3q.default\prefs.js
user_pref(browser.startup.homepage, hxxp://fr.search.yahoo.com/?fr=hp-ddc-bd&type=pr-bfr-10013__alt__ddc_dsssyc_bd_com);
user_pref(extensions.eshield.SearchEngineUrl, hxxp://search.eshield.com/serp?guid={C41A4E3C-FACC-4D15-B300-377037CE3C3B}&action=default_search&k={searchTerms});
user_pref(extensions.tnt.engine.alias, Search.us.com);
user_pref(extensions.tnt.engine.url, hxxp://search.eshield.com/serp?guid={C41A4E3C-FACC-4D15-B300-377037CE3C3B}&action=default_search&k={searchTerms});
user_pref(extensions.tnt.newtaburl, hxxp://services.eshield.com/general/newhometab.php?hometab=tab&partner=11677&guid={C41A4E3C-FACC-4D15-B300-377037CE3C3B}&i=);
user_pref(plugin.state.npconduitfirefoxplugin, 0);
Registry: 27
Successfully deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\UpdateAdmin (Registry Value)
Successfully deleted: HKLM\Software\Google\Chrome\Extensions\dkmjljdbbgogihjcapfhgkonfmccbffp (Registry Key)
Successfully deleted: HKLM\SYSTEM\CurrentControlSet\services\{0fda9c93-3a61-4e7b-9de1-48ce3054563e}w (Registry Key)
Successfully deleted: HKLM\SYSTEM\CurrentControlSet\services\{26b8f333-820a-48b4-aa9a-a6a76289f88a}w (Registry Key)
Successfully deleted: HKLM\SYSTEM\CurrentControlSet\services\{55dce8ba-9dec-4013-937e-adbf9317d990}Gw (Registry Key)
Successfully deleted: HKLM\SYSTEM\CurrentControlSet\services\{55dce8ba-9dec-4013-937e-adbf9317d990}w (Registry Key)
Successfully deleted: HKLM\SYSTEM\CurrentControlSet\services\{7e4355b8-96cd-43eb-b59a-82af29f01b16}w (Registry Key)
Successfully deleted: HKLM\SYSTEM\CurrentControlSet\services\{871e60bd-7aec-4938-a4b2-ffde58590efe}w (Registry Key)
Successfully deleted: HKLM\SYSTEM\CurrentControlSet\services\{90cc1263-21fe-47ef-9b7b-ff9ce4f068f1}w (Registry Key)
Successfully deleted: HKLM\SYSTEM\CurrentControlSet\services\{999a4cbb-05c0-4612-9e48-e2b9897a2c6f}w (Registry Key)
Successfully deleted: HKLM\SYSTEM\CurrentControlSet\services\{a5b0d4ec-75a8-4454-a9c1-5675585828ec}w (Registry Key)
Successfully deleted: HKLM\SYSTEM\CurrentControlSet\services\{af7618ea-6d4f-47e5-9e06-5f808487ae22}w (Registry Key)
Successfully deleted: HKLM\SYSTEM\CurrentControlSet\services\{eb8709c5-52a2-49ef-9341-2b49aaf413b8}w (Registry Key)
Successfully deleted: HKLM\SYSTEM\CurrentControlSet\services\MaintainerSvc2.02.5636706 (Registry Key)
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL (Registry Value)
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\Main\\Start Page (Registry Value)
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} (Registry Value)
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} (Registry Value)
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{99AD1FE4-B45F-47C8-966A-BCD80038DB56} (Registry Key)
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2514} (Registry Key)
Successfully deleted: HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2514} (Registry Key)
Successfully deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1ec8187a-6435-44e3-bbe4-6ce6d3c69254} (Registry Key)
Successfully deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233} (Registry Key)
Successfully deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} (Registry Key)
Successfully deleted: HKLM\Software\Microsoft\Internet Explorer\AboutURLs\\Tabs (Registry Value)
Successfully deleted: HKLM\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL (Registry Value)
Successfully deleted: HKLM\Software\Microsoft\Internet Explorer\Main\\Start Page (Registry Value)
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 25/06/2016 at 19:14:27,24
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~