JRT

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 5.1.1 (07.15.
2013:2) OS: Windows 7 Home Premium x64 Ran by Karthi on Sun 08/11/2013 at 23:06:27.54 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services Successfully Successfully Successfully Successfully Successfully Successfully Successfully Successfully stopped: deleted: stopped: deleted: stopped: deleted: stopped: deleted: [Service] [Service] [Service] [Service] [Service] [Service] [Service] [Service] browserdefendert browserdefendert defaulttabsearch defaulttabsearch defaulttabupdate defaulttabupdate wajamupdater wajamupdater
~~~ Registry Values Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Wind ows\CurrentVersion\Run\\webcake desktop Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Wi ndows NT\CurrentVersion\Windows\\AppInit_DLLs Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Int ernet Explorer\Main\\Start Page Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\I nternet Explorer\Main\\Start Page Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\I nternet Explorer\Main\\Start Page Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\I nternet Explorer\Main\\Start Page Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\I nternet Explorer\Main\\Start Page Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-2327205927-257508957 2-1469152067-1000\Software\Microsoft\Internet Explorer\Main\\Start Page Suspicious HKCU\..\Run entries found. Trojan:JS/Medfos.B? Value Name Type Value Data
================================================================================ ======== NTRedirect REG_SZ C:\windows\SysWOW64\rundll32.exe "C:\Users\Karthi\Ap pData\Roaming\BabSolution\Shared\NTRedirect.dll",Run
~~~ Registry Keys Successfully Successfully Successfully Successfully Successfully deleted: deleted: deleted: deleted: deleted: [Registry [Registry [Registry [Registry [Registry Key] Key] Key] Key] Key] HKEY_CLASSES_ROOT\appid\defaulttabbho.dll HKEY_CLASSES_ROOT\appid\escort.dll HKEY_CLASSES_ROOT\appid\escortapp.dll HKEY_CLASSES_ROOT\appid\escorteng.dll HKEY_CLASSES_ROOT\appid\escortlbr.dll
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\appid\esrv.exe Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\appid\priam_bho.dll Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\appid\webcakeieclient.dll Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\appid\{09c554c3-109b-483c -a06b-f14172f1a947} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\appid\{4e1e9d45-8bf9-4139 -915c-9f83cc3d5921} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\appid\{7169bbb3-3289-4696 -b35d-4a88bcf6fb12} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\appid\{b12e99ed-69bd-437c -86be-c862b9e5444d} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\appid\{d7ee8177-d51e-4f89 -92b6-83ea2ec40800} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\clsid\{2a5a2a90-3b30-4e6e -a955-2f232c6ef517} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\clsid\{a0b10ebe-4e51-4cae -949b-e6b9e7d68cea} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\clsid\{af6b0594-6008-4327 -93e5-608ad710a6fa} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\clsid\{bb975e58-e769-4e5a -ba12-b765bc559ff3} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\clsid\{df84e609-c3a4-49cb -a160-61767daf8899} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\clsid\{f511afdb-726e-4458 -90e7-1ecb97406544} Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\clsid\{fb684d26-01f4-4d9d-87c b-f486beba56dc} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\escort.escortiepane Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\escort.escortiepane.1 Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\interface\{0afd55c8-adf84a33-a6e1-dedb7a36aeb4} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\interface\{df84e609-c3a449cb-a160-61767daf8899} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\typelib\{4e1e9d45-8bf9-41 39-915c-9f83cc3d5921} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\typelib\{d7ee8177-d51e-4f 89-92b6-83ea2ec40800} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\typelib\{efdf368c-8dd9-4e 05-87cd-16aa5cb03cb8} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\webcakeieclient.api Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\webcakeieclient.api.1 Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\webcakeieclient.layers Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\webcakeieclient.layers.1 Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\clsid\{fb684d 26-01f4-4d9d-87cb-f486beba56dc} Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\anchorfree Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\babsolution Failed to delete: [Registry Key] HKEY_CURRENT_USER\Software\datamngr Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\datamngr Failed to delete: [Registry Key] HKEY_CURRENT_USER\Software\datamngr_toolbar Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\default tab Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\default tab Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\defaulttab Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\defaulttab Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\mixidj Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\mixidj Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\wajam Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\wajam Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\softw are\defaulttab
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\window s\currentversion\ext\bprotectsettings Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\default tabbho.defaulttabbrowser Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\default tabbho.defaulttabbrowser.1 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\default tabbho.defaulttabbrowseractivex Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\default tabbho.defaulttabbrowseractivex.1 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\mixidj. mixidjappcore Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\mixidj. mixidjappcore.1 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\mixidj. mixidjdskbnd Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\mixidj. mixidjdskbnd.1 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\mixidj. mixidjhlpr Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\mixidj. mixidjhlpr.1 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\prod.ca p Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\wajam.w ajambho Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\wajam.w ajambho.1 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\wajam.w ajamdownloader Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\wajam.w ajamdownloader.1 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\traci ng\wajam_install_rasapi32 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\traci ng\wajam_install_rasmancs Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\traci ng\wajamupdater_rasapi32 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\traci ng\wajamupdater_rasmancs Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\traci ng\webcakedesktop_rasapi32 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\traci ng\webcakedesktop_rasmancs Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\datamng r Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Intern et Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Intern et Explorer\SearchScopes\{834F1186-4672-4F90-BA54-3FA5E47D4B39} Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windo ws\CurrentVersion\Explorer\Browser Helper Objects\{4D6A9BBF-402C-4301-B1EF-28D04 F71D761} Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windo ws\CurrentVersion\Explorer\Browser Helper Objects\{7F6AFBF1-E065-4627-A2FD-81036 6367D01} Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windo ws\CurrentVersion\Explorer\Browser Helper Objects\{A7A6995D-6EE1-4FD1-A258-49395 D5BF99C}
~~~ Files Successfully deleted: [File] "C:\windows\s.bat"
~~~ Folders Successfully deleted: [Folder] "C:\ProgramData\apn" Successfully deleted: [Folder] "C:\ProgramData\babylon" Successfully deleted: [Folder] "C:\ProgramData\browserdefender" Successfully deleted: [Folder] "C:\ProgramData\partner" Successfully deleted: [Folder] "C:\ProgramData\tarma installer" Successfully deleted: [Folder] "C:\ProgramData\ytd video downloader" Successfully deleted: [Folder] "C:\Users\Karthi\AppData\Roaming\babsolution" Successfully deleted: [Folder] "C:\Users\Karthi\AppData\Roaming\babylon" Successfully deleted: [Folder] "C:\Users\Karthi\AppData\Roaming\defaulttab" Successfully deleted: [Folder] "C:\Users\Karthi\AppData\Roaming\mixidj" Successfully deleted: [Folder] "C:\Users\Karthi\AppData\Roaming\opencandy" Successfully deleted: [Folder] "C:\Users\Karthi\AppData\Roaming\pdfforge" Successfully deleted: [Folder] "C:\Users\Karthi\appdata\local\wajam" Successfully deleted: [Folder] "C:\Program Files (x86)\defaulttab" Successfully deleted: [Folder] "C:\Program Files (x86)\mixidj" Successfully deleted: [Folder] "C:\Program Files (x86)\wajam" Successfully deleted: [Folder] "C:\ProgramData\Microsoft\Windows\Start Menu\Prog rams\ytd video downloader" Successfully deleted: [Folder] "C:\Users\Karthi\AppData\Roaming\microsoft\window s\start menu\programs\wajam" Successfully deleted: [Empty Folder] C:\Users\Karthi\appdata\local\{25EF0BCA-245 5-4574-8EC8-2350CBB60480} Successfully deleted: [Empty Folder] C:\Users\Karthi\appdata\local\{4013DC0C-3D9 5-49E3-B87C-C13767B76647} Successfully deleted: [Empty Folder] C:\Users\Karthi\appdata\local\{6D317596-371 6-43DB-8FCF-6AA67A917BC3}
~~~ FireFox Successfully deleted: [File] C:\Users\Karthi\AppData\Roaming\mozilla\firefox\pro files\gs2rtv60.default\user.js Successfully deleted: [File] C:\Users\Karthi\AppData\Roaming\mozilla\firefox\pro files\gs2rtv60.default\bprotector_extensions.sqlite Successfully deleted: [File] C:\Users\Karthi\AppData\Roaming\mozilla\firefox\pro files\gs2rtv60.default\bprotector_prefs.js Successfully deleted: [File] C:\Users\Karthi\AppData\Roaming\mozilla\firefox\pro files\gs2rtv60.default\extensions\addon@defaulttab.com.xpi Successfully deleted: [File] C:\Users\Karthi\AppData\Roaming\mozilla\firefox\pro files\gs2rtv60.default\searchplugins\babylon.xml Successfully deleted: [Folder] C:\Users\Karthi\AppData\Roaming\mozilla\firefox\p rofiles\gs2rtv60.default\extensions\LogMeInClient@logmein.com Successfully deleted: [Folder] C:\Users\Karthi\AppData\Roaming\mozilla\firefox\p rofiles\gs2rtv60.default\extensions\ffxtlbr@mixidj.com Successfully deleted the following from C:\Users\Karthi\AppData\Roaming\mozilla\ firefox\profiles\gs2rtv60.default\prefs.js user_pref("browser.newtab.url", "hxxp://mixidj.delta-search.com/?babsrc=NT_ss&mn trId=2E7400FF1020BA04&affID=121136&tsp=4971");
user_pref("browser.startup.homepage", "hxxp://mixidj.delta-search.com/?babsrc=HP _ss&mntrId=2E7400FF1020BA04&affID=121136&tsp=4971"); user_pref("extensions.addon@defaulttab.com.install-event-fired", true); Emptied folder: C:\Users\Karthi\AppData\Roaming\mozilla\firefox\profiles\gs2rtv6 0.default\minidumps [209 files]
~~~ Chrome Successfully deleted: [Folder] C:\Users\Karthi\appdata\local\Google\Chrome\User Data\Default\Extensions\fjoijdanhaiflhibkljeklcghcmmfffh Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\E xtensions\fjoijdanhaiflhibkljeklcghcmmfffh Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\E xtensions\jpmbfleldcgkldadpdinhjjopdfpjfjp Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\E xtensions\kdidombaedgpfiiedeimiebkmbilgmlc
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on Sun 08/11/2013 at 23:17:07.81 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

JRT

Încărcat de

Informații document

Drepturi de autor

Formate disponibile

Partajați acest document

Partajați sau inserați document

Opțiuni de partajare

Vi se pare util acest document?

Este necorespunzător acest conținut?

Drepturi de autor:

Formate disponibile

JRT

Încărcat de

Drepturi de autor:

Formate disponibile

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 5.1.1 (07.15.

================================================================================ ======== NTRedirect REG_SZ C:\windows\SysWOW64\rundll32.exe "C:\Users\Karthi\Ap pData\Roaming\BabSolution\Shared\NTRedirect.dll",Run

~~~ Files Successfully deleted: [File] "C:\windows\s.bat"

~~~ Event Viewer Logs were cleared

S-ar putea să vă placă și