# AdwCleaner 7.0.7.0 - Logfile created on Wed Jan 24 12:14:19 2018 # Updated on 2018/18/01 by Malwarebytes # Running on Windows 8.1 Pro (X64) # Mode: clean # Support: https://www.malwarebytes.com/support ***** [ Services ] ***** Deleted: FedaryqeuleServerSrv ***** [ Folders ] ***** Deleted: C:\Users\All Users\Documents\\dmp Deleted: C:\Users\Public\Documents\\dmp Deleted: C:\Program Files (x86)\DriverToolkit Deleted: C:\Users\Chokri\AppData\Local\3810282D-6C19-47B0-8283-5C6C29A7E108 Deleted: C:\Users\Chokri\AppData\Roaming\\Mozilla\Firefox\Profiles\41A66E7E5EE1 ***** [ Files ] ***** Deleted: C:\Users\Chokri\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\searchplugins\dd1b66d4.xml Deleted: C:\Users\Chokri\AppData\Roaming\Mozilla\Firefox\Profiles\CCACCBF1-7AB4-4CF5-B32D-668C686A539F\searchplugins\dd1b66d4.xml Deleted: C:\Windows\SysNative\roboot64.exe ***** [ DLL ] ***** No malicious DLLs cleaned. ***** [ WMI ] ***** No malicious WMI cleaned. ***** [ Shortcuts ] ***** No malicious shortcuts cleaned. ***** [ Tasks ] ***** Deleted: Ninight Collector Deleted: Fedaryqeule Server ***** [ Registry ] ***** Deleted: [Data] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search|CustomizeSearch [http:\\slightsearch.ru\?ri=1&uid=b568f26afa9584ec6f4fa91d0be3e286&q=] Deleted: [Data] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search|SearchAssistant [http:\\slightsearch.ru\?ri=1&uid=b568f26afa9584ec6f4fa91d0be3e286&q=] Deleted: [Key] - HKLM\SOFTWARE\{A16B1AF7-982D-40C3-B5C1-633E1A6A6678} Deleted: [Key] - HKLM\SOFTWARE\{E6276374-DE18-4AA5-A365-9016A2F98A2D} Deleted: [Key] - HKLM\SOFTWARE\{G6276374-DEEE-4AAA-A355-9016A2F98A2D} Deleted: [Key] - HKLM\SOFTWARE\Classes\SOFTWARE\Classes\CLSID\{03AE1B7B-A9E7-4D5A-9D34-89999C31B659} Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{03AE1B7B-A9E7-4D5A-9D34-89999C31B659} Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{E7BC34A1-BA86-11CF-84B1-CBC2DA68BF6C} Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{FA7B2795-C0C8-4A58-8672-3F8D80CC0270} Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{47A1DF02-BCE4-40C3-AE47-E3EA09A65E4A} Deleted: [Key] - HKLM\SOFTWARE\Classes\TypeLib\{E7BC34A0-BA86-11CF-84B1-CBC2DA68BF6C} Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\###MegaShellExtPending Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\###MegaShellExtSynced Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\###MegaShellExtSyncing Deleted: [Key] - HKCU\SOFTWARE\Mozilla\Firefox\{EB52F1AB-3C2B-424F-9794-833C687025CF} Deleted: [Key] - HKCU\SOFTWARE\MOZILLA\FIREFOX\{EB52F1AB-3C2B-424F-9794-833C687025CF} Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{6E727987-C8EA-44DA-8749-310C0FBE3C3E} Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6E727987-C8EA-44DA-8749-310C0FBE3C3E} Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{DCFCC2EC-3F33-45A8-8ADF-A6C81F11232F} Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DCFCC2EC-3F33-45A8-8ADF-A6C81F11232F} Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DCFCC2EC-3F33-45A8-8ADF-A6C81F11232F} Deleted: [Key] - HKU\S-1-5-21-2297384249-1793355570-909823338-1001\Software\drpsu Deleted: [Key] - HKCU\Software\drpsu Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{80B3B43F-7508-4627-BE66-00FB9AE5EE72} Deleted: [Key] - HKLM\SOFTWARE\Classes\TypeLib\{5A83D7C9-4A14-4000-BC05-389268238753} Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{357D32FC-F0AE-4B37-B36F-D44AA31496F5} Deleted: [Key] - HKU\S-1-5-21-2297384249-1793355570-909823338-1001\Software\Sunisoft Deleted: [Key] - HKCU\Software\Sunisoft ***** [ Firefox (and derivatives) ] ***** No malicious Firefox entries deleted. ***** [ Chromium (and derivatives) ] ***** No malicious Chromium entries deleted. ************************* ::Tracing keys deleted ::Winsock settings cleared ::Additional Actions: 0 ************************* C:/AdwCleaner/AdwCleaner[S0].txt - [4702 B] - [2018/1/24 12:7:55] ########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt ##########