pat
Nombre d'articles : 0

number 1 ;)
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.8 (11.05.2013:1)
OS: Windows 7 Home Premium x86
Ran by poe on 11/12/2013 at 13:02:16,25
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

Successfully stopped: [Service] backupstack
Successfully deleted: [Service] backupstack
Successfully stopped: [Service] pcsuservice
Successfully deleted: [Service] pcsuservice
Successfully stopped: [Service] updater service for eazelbar
Successfully deleted: [Service] updater service for eazelbar

~~~ Registry Values

Suspicious HKCU..Run entries found. Trojan:JS/Medfos.B?

Value Name Type Value Data
========================================================================================
BackgroundContainer REG_SZ « C:Windowssystem32Rundll32.exe » « C:UserspoeAppDataLocalConduit

BackgroundContainerBackgroundContainer.dll »,DllRun

Successfully deleted: [Registry Value] HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerURLSearchHooks\{00000000-

6E41-4FD3-8538-502F5495E5FC}

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOTAppIDdealplylive.exe
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOTAppIDtoolbar.dll
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOTCLSID{0D89DE71-3D99-4288-84DC-F18F1047A7D8}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOTCLSID{3C471948-F874-49F5-B338-4F214A2EE0B1}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOTInterface{75BF416E-4326-45B5-8A2D-AE32D05B930B}
Successfully deleted: [Registry Key] HKEY_CURRENT_USERSoftwareconduit
Successfully deleted: [Registry Key] HKEY_CURRENT_USERSoftwareinstalledbrowserextensions
Successfully deleted: [Registry Key] HKEY_CURRENT_USERSoftwareAppDataLowsoftwareconduit
Successfully deleted: [Registry Key] HKEY_CURRENT_USERSoftwareAppDataLowsoftwareconduitsearchscopes
Successfully deleted: [Registry Key] HKEY_CURRENT_USERSoftwareAppDataLowsoftwarecrossrider
Successfully deleted: [Registry Key] HKEY_CURRENT_USERSoftwareAppDataLowsoftwaresmartbar
Successfully deleted: [Registry Key] HKEY_CURRENT_USERSoftwareAppDataLowtoolbar
Successfully deleted: [Registry Key] HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerInternetRegistryREGISTRYUSER

S-1-5-21-1393359087-3183399950-3005852446-1001Softwarewajam
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINESoftwareconduit
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINESoftwaresearchprotect
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINESoftwareClassestoolbar.bandobject
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINESoftwareClassestoolbar.bandobject.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINESoftwareClassestoolbar.toolbarhelperobject
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINESoftwareClassestoolbar.toolbarhelperobject.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINESoftwareMicrosoftTracingbackupstack_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINESoftwareMicrosoftTracingbackupstack_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionApp Pathsmypc backup
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionUninstalldealply
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionUninstallmypc backup
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionUninstallsoftwareupdater
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOTCrossriderApp0035499.BHO
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOTCrossriderApp0041962.BHO
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOTCLSID{22222222-2222-2222-2222-220322542299}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOTCLSID{22222222-2222-2222-2222-220422192262}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOTInterface{55555555-5555-5555-5555-550455195562}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOTInterface{66666666-6666-6666-6666-660366546699}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOTInterface{66666666-6666-6666-6666-660466196662}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINESoftwareClassesCrossriderApp0035499.BHO
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINESoftwareClassesCrossriderApp0041962.BHO
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINESoftwareClassesToolbar.CT3297124
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINESoftwareClassesInterface{55555555-5555-5555-5555-550455195562}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINESoftwareClassesInterface{66666666-6666-6666-6666-660366546699}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINESoftwareClassesInterface{66666666-6666-6666-6666-660466196662}
Successfully deleted: [Registry Key] HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerSearchScopes{014DB5FA-EAFB-

4592-A95B-F44D3EE87FA9}
Successfully deleted: [Registry Key] HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerSearchScopes{4EA5619D-5B27-

4D2E-A3D5-870F3A098480}
Successfully deleted: [Registry Key] HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerSearchScopes{EBD839AE-B08C-

4fb7-859B-F54AF16C159F}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionExplorerBrowser Helper

Objects{834acc44-e0fc-4f17-8e6b-f1029b3bc0de}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOTCLSID{834acc44-e0fc-4f17-8e6b-f1029b3bc0de}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOTCLSID{00000000-6E41-4FD3-8538-502F5495E5FC}
Successfully deleted: [Registry Key] « hkey_current_usersoftwareapn »
Successfully deleted: [Registry Key] « hkey_current_usersoftwaremicrosoftinternet explorerlow rightselevationpolicy

{a5aa24ea-11b8-4113-95ae-9ed71deaf12a} »
Successfully deleted: [Registry Key] « hkey_local_machinesoftwareapn »

~~~ Files

Successfully deleted: [File] « C:Userspoeappdatalocalgooglechromeuser datadefaultlocal storage

http_app.mam.conduit.com_0.localstorage »
Successfully deleted: [File] « C:Userspoeappdatalocalgooglechromeuser datadefaultlocal storage

http_app.mam.conduit.com_0.localstorage-journal »
Successfully deleted: [File] « C:end »

~~~ Folders

Successfully deleted: [Folder] « C:ProgramDataconduit »
Successfully deleted: [Folder] « C:ProgramDatadealplylive »
Successfully deleted: [Folder] « C:UserspoeAppDataRoamingdealply »
Successfully deleted: [Folder] « C:UserspoeAppDataRoamingnosibay »
Successfully deleted: [Folder] « C:UserspoeAppDataRoamingsearchprotect »
Successfully deleted: [Folder] « C:UserspoeAppDataRoamingwebplayer »
Successfully deleted: [Folder] « C:Userspoeappdatalocalconduit »
Successfully deleted: [Folder] « C:Userspoeappdatalocalcre »
Failed to delete: [Folder] « C:Userspoeappdatalocalsearchprotect »
Successfully deleted: [Folder] « C:Userspoeappdatalocalwajam »
Successfully deleted: [Folder] « C:Userspoeappdatalocallowconduit »
Successfully deleted: [Folder] « C:UserspoeLocal SettingsApplication Datasearchprotect »
Successfully deleted: [Folder] « C:Program Filesconduit »
Successfully deleted: [Folder] « C:Program Filesmypc backup »
Successfully deleted: [Folder] « C:Program Filesnosibay »
Successfully deleted: [Folder] « C:Program Filessearchprotect »
Successfully deleted: [Folder] « C:Program Fileswebplayer »
Successfully deleted: [Folder] « C:UserspoeAppDataRoamingmicrosoftwindowsstart menuprogramsmypc backup »
Successfully deleted: [Folder] « C:UserspoeAppDataRoamingmicrosoftwindowsstart menuprogramswajam »

~~~ Chrome

Successfully deleted: [Folder] C:UserspoeappdatalocalGoogleChromeUser DataDefaultExtensions

jpmbfleldcgkldadpdinhjjopdfpjfjp
Successfully deleted: [Folder] C:UserspoeappdatalocalGoogleChromeUser DataDefaultExtensions

licjnkifamhpbaefhdpacpmihicfbomb
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINESoftwareGoogleChromeExtensionsjpmbfleldcgkldadpdinhjjopdfpjfjp

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 11/12/2013 at 13:08:55,46
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~