# AdwCleaner 7.0.2.1 - Logfile created on Thu Aug 31 11:38:21 2017 # Updated on 2017/29/08 by Malwarebytes # Running on Windows 10 Home (X64) # Mode: clean # Support: https://www.malwarebytes.com/support ***** [ Services ] ***** Deleted: TMService ***** [ Folders ] ***** Deleted: C:\Program Files (x86)\WindowsTM Deleted: C:\Users\All Users\Documents\XMUpdate Deleted: C:\Users\Public\Documents\XMUpdate Deleted: C:\Users\toshiba\AppData\Roaming\isMiner Deleted: C:\Users\toshiba\AppData\Local\Mail.Ru ***** [ Files ] ***** Deleted: C:\Users\toshiba\Favorites\Mail.Ru.url Deleted: C:\Windows\SysNative\drivers\lanmamaster.sys Deleted: C:\Windows\SysNative\lanmamasterHelp.dll Deleted: C:\Users\toshiba\Favorites\Mail.Ru Агент - используй для общения!.url ***** [ DLL ] ***** No malicious DLLs cleaned. ***** [ WMI ] ***** No malicious WMI cleaned. ***** [ Shortcuts ] ***** Cleaned: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk[http:\\www.yeadesktop.com\] Cleaned: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk[http:\\www.yeadesktop.com\] ***** [ Tasks ] ***** No malicious tasks deleted. ***** [ Registry ] ***** Deleted: [Value] - HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER|ENABLESHELLEXECUTEHOOKS Deleted: [Key] - HKLM\SOFTWARE\Google\Chrome\NativeMessagingHosts\com.ascplugin.protect Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Searchy Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{24F5E422-6A70-4FAA-8CAD-E23D5DC1DAE6} Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{DD0688A5-FC8B-4E93-A485-CBF606A56D49} Deleted: [Key] - HKLM\SOFTWARE\Microsoft\DMunversion Deleted: [Value] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|gplyra Deleted: [Value] - HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN\FEATURECONTROL\FEATURE_BROWSER_EMULATION|YeaDesktop.exe Deleted: [Value] - HKLM\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BROWSER_EMULATION|YeaDesktop.exe Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\gplyra Deleted: [Key] - HKU\S-1-5-21-2074184489-2815443456-4149718103-1001\Software\isMiner Deleted: [Key] - HKCU\Software\isMiner Deleted: [Key] - HKU\S-1-5-21-2074184489-2815443456-4149718103-1001\Software\Xpom Deleted: [Key] - HKCU\Software\Xpom Deleted: [Key] - HKU\S-1-5-21-2074184489-2815443456-4149718103-1001\Software\Mail.Ru Deleted: [Key] - HKU\S-1-5-21-2074184489-2815443456-4149718103-1001\Software\AppDataLow\Software\Mail.Ru Deleted: [Key] - HKCU\Software\Mail.Ru Deleted: [Key] - HKCU\Software\AppDataLow\Software\Mail.Ru Deleted: [Key] - HKU\S-1-5-21-2074184489-2815443456-4149718103-1001\Software\MICROSOFT\wewewe Deleted: [Key] - HKCU\Software\MICROSOFT\wewewe Deleted: [Key] - HKU\S-1-5-21-2074184489-2815443456-4149718103-1001\Software\Amigo Deleted: [Key] - HKCU\Software\Amigo Deleted: [Key] - HKU\S-1-5-21-2074184489-2815443456-4149718103-1001\Software\Microsoft\BigTime Deleted: [Key] - HKCU\Software\Microsoft\BigTime Deleted: [Key] - HKU\S-1-5-21-2074184489-2815443456-4149718103-1001\Software\drpsu Deleted: [Key] - HKCU\Software\drpsu Deleted: [Key] - HKLM\SOFTWARE\Microsoft\APreSam Deleted: [Key] - HKLM\SOFTWARE\Microsoft\NSaveA Deleted: [Key] - HKLM\SOFTWARE\Microsoft\PrAmNP Deleted: [Key] - HKLM\SOFTWARE\Microsoft\MPrForShutT Deleted: [Key] - HKLM\SOFTWARE\Microsoft\PrIncub Deleted: [Key] - HKU\S-1-5-21-2074184489-2815443456-4149718103-1001\Software\Microsoft\{cc6eb6d8-85b7-435p-8b86-51e4d16ea76d} Deleted: [Key] - HKCU\Software\Microsoft\{cc6eb6d8-85b7-435p-8b86-51e4d16ea76d} ***** [ Firefox (and derivatives) ] ***** No malicious Firefox entries deleted. ***** [ Chromium (and derivatives) ] ***** No malicious Chromium entries deleted. ************************* ::Tracing keys deleted ::Winsock settings cleared ::Additional Actions: 0 ************************* C:/AdwCleaner/AdwCleaner[S0].txt - [4698 B] - [2017/8/31 11:37:42] ########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt ##########