Publicité
Publicité
Format du document : text/plain
Prévisualisation
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 7.6.4 (09.28.2015:1)
OS: Windows 10 Home x64
Ran by Vandevelde on 31/10/2015 at 15:47:21,00
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
Successfully deleted: [Service] ppfd_vw_1_10_0_21 [Reboot required]
Successfully deleted: [Service] ppsvc_1.10.0.21 [Reboot required]
Successfully deleted: [Service] spbiupd [Reboot required]
Successfully deleted: [Service] spbiupdd [Reboot required]
~~~ Tasks
~~~ Registry Values
Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\ytdownloader
Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ytdownloader
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Eventlog\Application\Update Web Amplified
~~~ Files
Successfully deleted: [File] C:\ProgramData\SPL7E57.tmp
Successfully deleted: [File] C:\ProgramData\SPLB14D.tmp
Successfully deleted: [File] C:\ProgramData\SPLDB60.tmp
Successfully deleted: [File] C:\ProgramData\SPLEC51.tmp
Successfully deleted: [File] C:\Users\Vandevelde\AppData\Roaming\appdataFr25.bin
Successfully deleted: [File] C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat
Successfully deleted: [File] C:\Users\Vandevelde\Appdata\Local\google\chrome\user data\default\local storage\chrome-extension_ogminpmldncgcmokldnmmapddoccmhfl_0.localstorage
Successfully deleted: [File] C:\Users\Vandevelde\Appdata\Local\google\chrome\user data\default\local storage\hxxp_static.audienceinsights.net_0.localstorage
Successfully deleted: [File] C:\Users\Vandevelde\Appdata\Local\google\chrome\user data\default\local storage\hxxp_static.audienceinsights.net_0.localstorage-journal
~~~ Folders
Successfully deleted: [Folder] C:\Program Files (x86)\dealnodeal
Successfully deleted: [Folder] C:\Program Files\webbar
Successfully deleted: [Folder] C:\users\Public\Documents\guid
Successfully deleted: [Folder] C:\Users\Vandevelde\Appdata\Local\crashrpt
Successfully deleted: [Folder] C:\Users\Vandevelde\Appdata\Local\installer
Successfully deleted: [Folder] C:\Users\Vandevelde\Appdata\LocalLow\company
Successfully deleted: [Folder] C:\Users\Vandevelde\AppData\Roaming\systweak
Successfully deleted: [Folder] C:\Users\Vandevelde\AppData\Roaming\wtools
Successfully deleted: [Folder] C:\WINDOWS\SysWOW64\ai_recyclebin
Successfully deleted: [Folder] C:\Users\Vandevelde\Appdata\Local\03000200-1446156885-0500-0006-000700080009
Successfully deleted: [Folder] C:\Users\Vandevelde\Appdata\Local\75556842-7261-47D5-AFD4-FC807751614D
Successfully deleted: [Folder] C:\Users\Vandevelde\Appdata\Local\861D391B-6255-4515-9557-577A76DBA11A
Successfully deleted: [Folder] C:\Users\Vandevelde\Appdata\Local\E4CAF826-3A95-4D9F-AA6E-3F882F32E8
~~~ FireFox
Successfully deleted the following from C:\Users\Vandevelde\AppData\Roaming\mozilla\firefox\profiles\0dfuqwl8.default-1422889608557\prefs.js
user_pref(browser.search.searchengine.alias, mystartsearch);
user_pref(browser.search.searchengine.desc, this is my first firefox searchEngine);
user_pref(browser.search.searchengine.iconURL, hxxp://www.mystartsearch.com/favicon.ico);
user_pref(browser.search.searchengine.name, mystartsearch);
user_pref(browser.search.searchengine.ptid, cmi);
user_pref(browser.search.searchengine.uid, WDCXWD10EZRX-00A8LB0_WD-WCC1U038541785417);
user_pref(browser.search.searchengine.url, hxxp://www.mystartsearch.com/web/?type=ds&ts=1443024420&z=862ad497a88983d78064499gbzez3c5ebo3zao7z2g&from=cmi&uid=WDCXWD10EZRX-00
user_pref(extensions.3Kk8YemNIkzU0W6d.scode, (function(){try{if(window.location.href.indexOf(\qjYFqTg4pjg5rTg7qTa9pdg9rY\)>-1){return;}}catch(e){}try{var d=[[\cryptogmai
user_pref(extensions.HZduMPosJGNVKkuy.scode, (function(){try{if(window.location.href.indexOf(\qjg6rTsGpjrGqHC4qTr9rHUEqY\)>-1){return;}}catch(e){}try{var d=[[\www.ewoss.
user_pref(extensions.QMCQBVHzSoJJbuXU.scode, (function(){try{if(window.location.href.indexOf(\qjYFqTg4pjg5rTg7qTa9pdg9rY\)>-1){return;}}catch(e){}try{var d=[[\backin.net
user_pref(extensions.R4i41FAaSWDA7jOU.scode, (function(){try{if(window.location.href.indexOf(\qjYFqTg4pjg5rTg7qTa9pdg9rY\)>-1){return;}}catch(e){}try{var d=[[\cryptogmai
user_pref(extensions.YKjTIeVKPrJoqNvo.scode, (function(){try{if(window.self.location.href.indexOf(\qTn9rHwGrdsHqjYHrdC6rjk7pn\)>-1){return;}}catch(e){}try{var d=[[\trian
user_pref(extensions.exOWo9kuRsSMAEgq.scode, (function(){try{if(window.location.href.indexOf(\qjg6rTsGpjrGqHC4qTr9rHUEqY\)>-1){return;}}catch(e){}try{var d=[[\www.ewoss.
user_pref(extensions.fk6pDQltM0DBgngw.scode, (function(){try{if(window.location.href.indexOf(\qjg6rTsGpjrGqHC4qTr9rHUEqY\)>-1){return;}}catch(e){}try{var d=[[\www.ewoss.
user_pref(extensions.pKuyYMCNXmVkylOl.scode, (function(){try{if(window.self.location.href.indexOf(\qTn9rHwGrdsHqjYHrdC6rjk7pn\)>-1){return;}}catch(e){}try{var d=[[\trian
user_pref(extensions.quick_start.enable_search1, false);
user_pref(extensions.quick_start.sd.closeWindowWithLastTab_prev_state, false);
Emptied folder: C:\Users\Vandevelde\AppData\Roaming\mozilla\firefox\profiles\0dfuqwl8.default-1422889608557\minidumps [28 files]
~~~ Chrome
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\npdicihegicnhaangkdmcgbjceoemeoo
[C:\Users\Vandevelde\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - default search provider reset
[C:\Users\Vandevelde\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:
[C:\Users\Vandevelde\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset
[C:\Users\Vandevelde\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:
[
booedmolknjekdopkepjjeckmjkdpfgl,
flpcjncodpafbgdpnkljologafpionhb,
npdicihegicnhaangkdmcgbjceoemeoo
]
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 31/10/2015 at 15:50:57,99
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 7.6.4 (09.28.2015:1)
OS: Windows 10 Home x64
Ran by Vandevelde on 31/10/2015 at 15:47:21,00
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
Successfully deleted: [Service] ppfd_vw_1_10_0_21 [Reboot required]
Successfully deleted: [Service] ppsvc_1.10.0.21 [Reboot required]
Successfully deleted: [Service] spbiupd [Reboot required]
Successfully deleted: [Service] spbiupdd [Reboot required]
~~~ Tasks
~~~ Registry Values
Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\ytdownloader
Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ytdownloader
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Eventlog\Application\Update Web Amplified
~~~ Files
Successfully deleted: [File] C:\ProgramData\SPL7E57.tmp
Successfully deleted: [File] C:\ProgramData\SPLB14D.tmp
Successfully deleted: [File] C:\ProgramData\SPLDB60.tmp
Successfully deleted: [File] C:\ProgramData\SPLEC51.tmp
Successfully deleted: [File] C:\Users\Vandevelde\AppData\Roaming\appdataFr25.bin
Successfully deleted: [File] C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat
Successfully deleted: [File] C:\Users\Vandevelde\Appdata\Local\google\chrome\user data\default\local storage\chrome-extension_ogminpmldncgcmokldnmmapddoccmhfl_0.localstorage
Successfully deleted: [File] C:\Users\Vandevelde\Appdata\Local\google\chrome\user data\default\local storage\hxxp_static.audienceinsights.net_0.localstorage
Successfully deleted: [File] C:\Users\Vandevelde\Appdata\Local\google\chrome\user data\default\local storage\hxxp_static.audienceinsights.net_0.localstorage-journal
~~~ Folders
Successfully deleted: [Folder] C:\Program Files (x86)\dealnodeal
Successfully deleted: [Folder] C:\Program Files\webbar
Successfully deleted: [Folder] C:\users\Public\Documents\guid
Successfully deleted: [Folder] C:\Users\Vandevelde\Appdata\Local\crashrpt
Successfully deleted: [Folder] C:\Users\Vandevelde\Appdata\Local\installer
Successfully deleted: [Folder] C:\Users\Vandevelde\Appdata\LocalLow\company
Successfully deleted: [Folder] C:\Users\Vandevelde\AppData\Roaming\systweak
Successfully deleted: [Folder] C:\Users\Vandevelde\AppData\Roaming\wtools
Successfully deleted: [Folder] C:\WINDOWS\SysWOW64\ai_recyclebin
Successfully deleted: [Folder] C:\Users\Vandevelde\Appdata\Local\03000200-1446156885-0500-0006-000700080009
Successfully deleted: [Folder] C:\Users\Vandevelde\Appdata\Local\75556842-7261-47D5-AFD4-FC807751614D
Successfully deleted: [Folder] C:\Users\Vandevelde\Appdata\Local\861D391B-6255-4515-9557-577A76DBA11A
Successfully deleted: [Folder] C:\Users\Vandevelde\Appdata\Local\E4CAF826-3A95-4D9F-AA6E-3F882F32E8
~~~ FireFox
Successfully deleted the following from C:\Users\Vandevelde\AppData\Roaming\mozilla\firefox\profiles\0dfuqwl8.default-1422889608557\prefs.js
user_pref(browser.search.searchengine.alias, mystartsearch);
user_pref(browser.search.searchengine.desc, this is my first firefox searchEngine);
user_pref(browser.search.searchengine.iconURL, hxxp://www.mystartsearch.com/favicon.ico);
user_pref(browser.search.searchengine.name, mystartsearch);
user_pref(browser.search.searchengine.ptid, cmi);
user_pref(browser.search.searchengine.uid, WDCXWD10EZRX-00A8LB0_WD-WCC1U038541785417);
user_pref(browser.search.searchengine.url, hxxp://www.mystartsearch.com/web/?type=ds&ts=1443024420&z=862ad497a88983d78064499gbzez3c5ebo3zao7z2g&from=cmi&uid=WDCXWD10EZRX-00
user_pref(extensions.3Kk8YemNIkzU0W6d.scode, (function(){try{if(window.location.href.indexOf(\qjYFqTg4pjg5rTg7qTa9pdg9rY\)>-1){return;}}catch(e){}try{var d=[[\cryptogmai
user_pref(extensions.HZduMPosJGNVKkuy.scode, (function(){try{if(window.location.href.indexOf(\qjg6rTsGpjrGqHC4qTr9rHUEqY\)>-1){return;}}catch(e){}try{var d=[[\www.ewoss.
user_pref(extensions.QMCQBVHzSoJJbuXU.scode, (function(){try{if(window.location.href.indexOf(\qjYFqTg4pjg5rTg7qTa9pdg9rY\)>-1){return;}}catch(e){}try{var d=[[\backin.net
user_pref(extensions.R4i41FAaSWDA7jOU.scode, (function(){try{if(window.location.href.indexOf(\qjYFqTg4pjg5rTg7qTa9pdg9rY\)>-1){return;}}catch(e){}try{var d=[[\cryptogmai
user_pref(extensions.YKjTIeVKPrJoqNvo.scode, (function(){try{if(window.self.location.href.indexOf(\qTn9rHwGrdsHqjYHrdC6rjk7pn\)>-1){return;}}catch(e){}try{var d=[[\trian
user_pref(extensions.exOWo9kuRsSMAEgq.scode, (function(){try{if(window.location.href.indexOf(\qjg6rTsGpjrGqHC4qTr9rHUEqY\)>-1){return;}}catch(e){}try{var d=[[\www.ewoss.
user_pref(extensions.fk6pDQltM0DBgngw.scode, (function(){try{if(window.location.href.indexOf(\qjg6rTsGpjrGqHC4qTr9rHUEqY\)>-1){return;}}catch(e){}try{var d=[[\www.ewoss.
user_pref(extensions.pKuyYMCNXmVkylOl.scode, (function(){try{if(window.self.location.href.indexOf(\qTn9rHwGrdsHqjYHrdC6rjk7pn\)>-1){return;}}catch(e){}try{var d=[[\trian
user_pref(extensions.quick_start.enable_search1, false);
user_pref(extensions.quick_start.sd.closeWindowWithLastTab_prev_state, false);
Emptied folder: C:\Users\Vandevelde\AppData\Roaming\mozilla\firefox\profiles\0dfuqwl8.default-1422889608557\minidumps [28 files]
~~~ Chrome
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\npdicihegicnhaangkdmcgbjceoemeoo
[C:\Users\Vandevelde\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - default search provider reset
[C:\Users\Vandevelde\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:
[C:\Users\Vandevelde\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset
[C:\Users\Vandevelde\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:
[
booedmolknjekdopkepjjeckmjkdpfgl,
flpcjncodpafbgdpnkljologafpionhb,
npdicihegicnhaangkdmcgbjceoemeoo
]
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 31/10/2015 at 15:50:57,99
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~