Publicité
Publicité
Format du document : text/plain
Prévisualisation
# AdwCleaner 7.0.8.0 - Logfile created on Wed Apr 04 20:38:25 2018
# Updated on 2018/08/02 by Malwarebytes
# Running on Windows 10 Home (X64)
# Mode: clean
# Support: https://www.malwarebytes.com/support
***** [ Services ] *****
Deleted: 152438d6a1a99da4958b37478156c197
Deleted: 75df57d52ecd112448d2b7e69b3ab73a
Deleted: 93509b2d85073eea36054792237580dd
***** [ Folders ] *****
Deleted: C:\Windows\System32\\SSL
Deleted: C:\Windows\SysWOW64\\SSL
Deleted: C:\Program Files (x86)\DriverUpdaterPlus
Deleted: C:\ProgramData\Logic Cramble
Deleted: C:\ProgramData\Application Data\Logic Cramble
Deleted: C:\Users\All Users\Logic Cramble
Deleted: C:\ProgramData\Subairs
Deleted: C:\ProgramData\Application Data\Subairs
Deleted: C:\Users\All Users\Subairs
Deleted: C:\ProgramData\PrefsSecure
Deleted: C:\ProgramData\Application Data\PrefsSecure
Deleted: C:\Users\All Users\PrefsSecure
Deleted: C:\Program Files (x86)\ProxyGate
Deleted: C:\Windows\\Installer\{5266F634-7B7D-4537-BDDC-98DD6CFCBAA1}
Deleted: C:\ProgramData\Subair
Deleted: C:\ProgramData\Application Data\Subair
Deleted: C:\Users\All Users\Subair
Deleted: C:\Program Files\152438d6a1a99da4958b37478156c197
Deleted: C:\Program Files\6a2e64d8dbd7ec839006c1c20b2819b3
***** [ Files ] *****
Deleted: C:\Users\Raada\AppData\Local\Main.dat
Deleted: C:\Windows\System32\config\systemprofile\appdata\local\installationconfiguration.xml
Deleted: C:\Users\Raada\appdata\local\installationconfiguration.xml
Deleted: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Booking.com.lnk
Deleted: C:\Windows\\Installer\SOURCEHASH{5266F634-7B7D-4537-BDDC-98DD6CFCBAA1}
Deleted: C:\Windows\System32\findit.xml
Deleted: C:\Windows\SysWOW64\findit.xml
***** [ DLL ] *****
No malicious DLLs cleaned.
***** [ WMI ] *****
No malicious WMI cleaned.
***** [ Shortcuts ] *****
Cleaned: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk[%SNP%]
Cleaned: C:\Users\Public\Desktop\Google Chrome.lnk[%SNP%]
Cleaned: C:\Users\Raada\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk[%SNP%]
Cleaned: C:\Users\Raada\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk[%SNP%]
***** [ Tasks ] *****
Deleted: InstallShield® Update Service Scheduler
Deleted: Optimize Thumbnail Cache Files
Deleted: 152438d6a1a99da4958b37478156c197
Deleted: psv_Sanit
***** [ Registry ] *****
Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\DOMStorage\cmptch.com
Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\DOMStorage\static.cmptch.com
Deleted: [Value] - HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes|DefaultScope
Deleted: [Key] - HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application
Deleted: [Key] - HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application
Deleted: [Key] - HKCU\Software\Classes\Applications\interstatnogui.exe
Deleted: [Key] - HKLM\SOFTWARE\CLASSES\APPID\56BF5154-0B48-4ADB-902A-6C8B12E270D9
Deleted: [Data] - HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows|AppInit_DLLs [C:\ProgramData\Subair\U-air.dll]
Deleted: [Key] - HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application
Deleted: [Key] - HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application
Deleted: [Value] - HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{6604DA2E-424D-40E2-89DC-22A6E7CB8415}
Deleted: [Key] - HKLM\SOFTWARE\Jawego
Deleted: [Key] - HKU\S-1-5-21-503127206-489687179-509319998-1001\Software\Jawego
Deleted: [Key] - HKCU\Software\Jawego
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\11598763487076930564
Deleted: [Key] - HKLM\SOFTWARE\mtSubair
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SilentProcessExit\Subair.exe
Deleted: [Key] - HKU\.DEFAULT\Software\Caphyon\Advanced Updater\{F039D4A9-14D3-4425-A4FA-F2F9D5B0E014}
Deleted: [Key] - HKU\S-1-5-18\Software\Caphyon\Advanced Updater\{F039D4A9-14D3-4425-A4FA-F2F9D5B0E014}
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\436F6625D7B77354DBCD89DDC6CFAB1A
Deleted: [Key] - HKLM\SOFTWARE\Classes\Installer\Features\436F6625D7B77354DBCD89DDC6CFAB1A
Deleted: [Key] - HKLM\SOFTWARE\Classes\Installer\Products\436F6625D7B77354DBCD89DDC6CFAB1A
Deleted: [Value] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders|C:\Program Files (x86)\Microleaves\Online Application\
Deleted: [Value] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders|C:\Program Files (x86)\Microleaves\
Deleted: [Value] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders|C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\
***** [ Firefox (and derivatives) ] *****
No malicious Firefox entries deleted.
***** [ Chromium (and derivatives) ] *****
SearchProvider deleted: SweetIM Search - sweetim.com
SearchProvider deleted: Conduit - search.conduit.com
SearchProvider deleted: MyStart Search - mystart.incredibar.com/mb106
SearchProvider deleted: Search the web (Babylon) - babylon.com
*************************
::Tracing keys deleted
::Winsock settings cleared
::Additional Actions: 0
*************************
C:/AdwCleaner/AdwCleaner[S0].txt - [6369 B] - [2018/4/4 20:36:59]
########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt ##########
# Updated on 2018/08/02 by Malwarebytes
# Running on Windows 10 Home (X64)
# Mode: clean
# Support: https://www.malwarebytes.com/support
***** [ Services ] *****
Deleted: 152438d6a1a99da4958b37478156c197
Deleted: 75df57d52ecd112448d2b7e69b3ab73a
Deleted: 93509b2d85073eea36054792237580dd
***** [ Folders ] *****
Deleted: C:\Windows\System32\\SSL
Deleted: C:\Windows\SysWOW64\\SSL
Deleted: C:\Program Files (x86)\DriverUpdaterPlus
Deleted: C:\ProgramData\Logic Cramble
Deleted: C:\ProgramData\Application Data\Logic Cramble
Deleted: C:\Users\All Users\Logic Cramble
Deleted: C:\ProgramData\Subairs
Deleted: C:\ProgramData\Application Data\Subairs
Deleted: C:\Users\All Users\Subairs
Deleted: C:\ProgramData\PrefsSecure
Deleted: C:\ProgramData\Application Data\PrefsSecure
Deleted: C:\Users\All Users\PrefsSecure
Deleted: C:\Program Files (x86)\ProxyGate
Deleted: C:\Windows\\Installer\{5266F634-7B7D-4537-BDDC-98DD6CFCBAA1}
Deleted: C:\ProgramData\Subair
Deleted: C:\ProgramData\Application Data\Subair
Deleted: C:\Users\All Users\Subair
Deleted: C:\Program Files\152438d6a1a99da4958b37478156c197
Deleted: C:\Program Files\6a2e64d8dbd7ec839006c1c20b2819b3
***** [ Files ] *****
Deleted: C:\Users\Raada\AppData\Local\Main.dat
Deleted: C:\Windows\System32\config\systemprofile\appdata\local\installationconfiguration.xml
Deleted: C:\Users\Raada\appdata\local\installationconfiguration.xml
Deleted: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Booking.com.lnk
Deleted: C:\Windows\\Installer\SOURCEHASH{5266F634-7B7D-4537-BDDC-98DD6CFCBAA1}
Deleted: C:\Windows\System32\findit.xml
Deleted: C:\Windows\SysWOW64\findit.xml
***** [ DLL ] *****
No malicious DLLs cleaned.
***** [ WMI ] *****
No malicious WMI cleaned.
***** [ Shortcuts ] *****
Cleaned: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk[%SNP%]
Cleaned: C:\Users\Public\Desktop\Google Chrome.lnk[%SNP%]
Cleaned: C:\Users\Raada\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk[%SNP%]
Cleaned: C:\Users\Raada\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk[%SNP%]
***** [ Tasks ] *****
Deleted: InstallShield® Update Service Scheduler
Deleted: Optimize Thumbnail Cache Files
Deleted: 152438d6a1a99da4958b37478156c197
Deleted: psv_Sanit
***** [ Registry ] *****
Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\DOMStorage\cmptch.com
Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\DOMStorage\static.cmptch.com
Deleted: [Value] - HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes|DefaultScope
Deleted: [Key] - HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application
Deleted: [Key] - HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application
Deleted: [Key] - HKCU\Software\Classes\Applications\interstatnogui.exe
Deleted: [Key] - HKLM\SOFTWARE\CLASSES\APPID\56BF5154-0B48-4ADB-902A-6C8B12E270D9
Deleted: [Data] - HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows|AppInit_DLLs [C:\ProgramData\Subair\U-air.dll]
Deleted: [Key] - HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application
Deleted: [Key] - HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application
Deleted: [Value] - HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{6604DA2E-424D-40E2-89DC-22A6E7CB8415}
Deleted: [Key] - HKLM\SOFTWARE\Jawego
Deleted: [Key] - HKU\S-1-5-21-503127206-489687179-509319998-1001\Software\Jawego
Deleted: [Key] - HKCU\Software\Jawego
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\11598763487076930564
Deleted: [Key] - HKLM\SOFTWARE\mtSubair
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SilentProcessExit\Subair.exe
Deleted: [Key] - HKU\.DEFAULT\Software\Caphyon\Advanced Updater\{F039D4A9-14D3-4425-A4FA-F2F9D5B0E014}
Deleted: [Key] - HKU\S-1-5-18\Software\Caphyon\Advanced Updater\{F039D4A9-14D3-4425-A4FA-F2F9D5B0E014}
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\436F6625D7B77354DBCD89DDC6CFAB1A
Deleted: [Key] - HKLM\SOFTWARE\Classes\Installer\Features\436F6625D7B77354DBCD89DDC6CFAB1A
Deleted: [Key] - HKLM\SOFTWARE\Classes\Installer\Products\436F6625D7B77354DBCD89DDC6CFAB1A
Deleted: [Value] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders|C:\Program Files (x86)\Microleaves\Online Application\
Deleted: [Value] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders|C:\Program Files (x86)\Microleaves\
Deleted: [Value] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders|C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\
***** [ Firefox (and derivatives) ] *****
No malicious Firefox entries deleted.
***** [ Chromium (and derivatives) ] *****
SearchProvider deleted: SweetIM Search - sweetim.com
SearchProvider deleted: Conduit - search.conduit.com
SearchProvider deleted: MyStart Search - mystart.incredibar.com/mb106
SearchProvider deleted: Search the web (Babylon) - babylon.com
*************************
::Tracing keys deleted
::Winsock settings cleared
::Additional Actions: 0
*************************
C:/AdwCleaner/AdwCleaner[S0].txt - [6369 B] - [2018/4/4 20:36:59]
########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt ##########