Répondre à : virus raletissement 2016-09-08T13:24:39+00:00
pat
Post count: 0

number 1 ;)
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.8 (11.05.2013:1)
OS: Windows 7 Home Premium x86
Ran by poe on 11/12/2013 at 13:02:16,25
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

Successfully stopped: [Service] backupstack
Successfully deleted: [Service] backupstack
Successfully stopped: [Service] pcsuservice
Successfully deleted: [Service] pcsuservice
Successfully stopped: [Service] updater service for eazelbar
Successfully deleted: [Service] updater service for eazelbar

~~~ Registry Values

Suspicious HKCU..Run entries found. Trojan:JS/Medfos.B?

Value Name Type Value Data
========================================================================================
BackgroundContainer REG_SZ “C:Windowssystem32Rundll32.exe” “C:UserspoeAppDataLocalConduit

BackgroundContainerBackgroundContainer.dll”,DllRun

Successfully deleted: [Registry Value] HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerURLSearchHooks\{00000000-

6E41-4FD3-8538-502F5495E5FC}

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOTAppIDdealplylive.exe
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOTAppIDtoolbar.dll
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOTCLSID{0D89DE71-3D99-4288-84DC-F18F1047A7D8}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOTCLSID{3C471948-F874-49F5-B338-4F214A2EE0B1}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOTInterface{75BF416E-4326-45B5-8A2D-AE32D05B930B}
Successfully deleted: [Registry Key] HKEY_CURRENT_USERSoftwareconduit
Successfully deleted: [Registry Key] HKEY_CURRENT_USERSoftwareinstalledbrowserextensions
Successfully deleted: [Registry Key] HKEY_CURRENT_USERSoftwareAppDataLowsoftwareconduit
Successfully deleted: [Registry Key] HKEY_CURRENT_USERSoftwareAppDataLowsoftwareconduitsearchscopes
Successfully deleted: [Registry Key] HKEY_CURRENT_USERSoftwareAppDataLowsoftwarecrossrider
Successfully deleted: [Registry Key] HKEY_CURRENT_USERSoftwareAppDataLowsoftwaresmartbar
Successfully deleted: [Registry Key] HKEY_CURRENT_USERSoftwareAppDataLowtoolbar
Successfully deleted: [Registry Key] HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerInternetRegistryREGISTRYUSER

S-1-5-21-1393359087-3183399950-3005852446-1001Softwarewajam
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINESoftwareconduit
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINESoftwaresearchprotect
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINESoftwareClassestoolbar.bandobject
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINESoftwareClassestoolbar.bandobject.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINESoftwareClassestoolbar.toolbarhelperobject
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINESoftwareClassestoolbar.toolbarhelperobject.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINESoftwareMicrosoftTracingbackupstack_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINESoftwareMicrosoftTracingbackupstack_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionApp Pathsmypc backup
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionUninstalldealply
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionUninstallmypc backup
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionUninstallsoftwareupdater
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOTCrossriderApp0035499.BHO
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOTCrossriderApp0041962.BHO
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOTCLSID{22222222-2222-2222-2222-220322542299}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOTCLSID{22222222-2222-2222-2222-220422192262}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOTInterface{55555555-5555-5555-5555-550455195562}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOTInterface{66666666-6666-6666-6666-660366546699}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOTInterface{66666666-6666-6666-6666-660466196662}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINESoftwareClassesCrossriderApp0035499.BHO
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINESoftwareClassesCrossriderApp0041962.BHO
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINESoftwareClassesToolbar.CT3297124
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINESoftwareClassesInterface{55555555-5555-5555-5555-550455195562}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINESoftwareClassesInterface{66666666-6666-6666-6666-660366546699}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINESoftwareClassesInterface{66666666-6666-6666-6666-660466196662}
Successfully deleted: [Registry Key] HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerSearchScopes{014DB5FA-EAFB-

4592-A95B-F44D3EE87FA9}
Successfully deleted: [Registry Key] HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerSearchScopes{4EA5619D-5B27-

4D2E-A3D5-870F3A098480}
Successfully deleted: [Registry Key] HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerSearchScopes{EBD839AE-B08C-

4fb7-859B-F54AF16C159F}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionExplorerBrowser Helper

Objects{834acc44-e0fc-4f17-8e6b-f1029b3bc0de}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOTCLSID{834acc44-e0fc-4f17-8e6b-f1029b3bc0de}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOTCLSID{00000000-6E41-4FD3-8538-502F5495E5FC}
Successfully deleted: [Registry Key] “hkey_current_usersoftwareapn”
Successfully deleted: [Registry Key] “hkey_current_usersoftwaremicrosoftinternet explorerlow rightselevationpolicy

{a5aa24ea-11b8-4113-95ae-9ed71deaf12a}”
Successfully deleted: [Registry Key] “hkey_local_machinesoftwareapn”

~~~ Files

Successfully deleted: [File] “C:Userspoeappdatalocalgooglechromeuser datadefaultlocal storage

http_app.mam.conduit.com_0.localstorage”
Successfully deleted: [File] “C:Userspoeappdatalocalgooglechromeuser datadefaultlocal storage

http_app.mam.conduit.com_0.localstorage-journal”
Successfully deleted: [File] “C:end”

~~~ Folders

Successfully deleted: [Folder] “C:ProgramDataconduit”
Successfully deleted: [Folder] “C:ProgramDatadealplylive”
Successfully deleted: [Folder] “C:UserspoeAppDataRoamingdealply”
Successfully deleted: [Folder] “C:UserspoeAppDataRoamingnosibay”
Successfully deleted: [Folder] “C:UserspoeAppDataRoamingsearchprotect”
Successfully deleted: [Folder] “C:UserspoeAppDataRoamingwebplayer”
Successfully deleted: [Folder] “C:Userspoeappdatalocalconduit”
Successfully deleted: [Folder] “C:Userspoeappdatalocalcre”
Failed to delete: [Folder] “C:Userspoeappdatalocalsearchprotect”
Successfully deleted: [Folder] “C:Userspoeappdatalocalwajam”
Successfully deleted: [Folder] “C:Userspoeappdatalocallowconduit”
Successfully deleted: [Folder] “C:UserspoeLocal SettingsApplication Datasearchprotect”
Successfully deleted: [Folder] “C:Program Filesconduit”
Successfully deleted: [Folder] “C:Program Filesmypc backup”
Successfully deleted: [Folder] “C:Program Filesnosibay”
Successfully deleted: [Folder] “C:Program Filessearchprotect”
Successfully deleted: [Folder] “C:Program Fileswebplayer”
Successfully deleted: [Folder] “C:UserspoeAppDataRoamingmicrosoftwindowsstart menuprogramsmypc backup”
Successfully deleted: [Folder] “C:UserspoeAppDataRoamingmicrosoftwindowsstart menuprogramswajam”

~~~ Chrome

Successfully deleted: [Folder] C:UserspoeappdatalocalGoogleChromeUser DataDefaultExtensions

jpmbfleldcgkldadpdinhjjopdfpjfjp
Successfully deleted: [Folder] C:UserspoeappdatalocalGoogleChromeUser DataDefaultExtensions

licjnkifamhpbaefhdpacpmihicfbomb
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINESoftwareGoogleChromeExtensionsjpmbfleldcgkldadpdinhjjopdfpjfjp

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 11/12/2013 at 13:08:55,46
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~