# AdwCleaner 7.0.8.0 - Logfile created on Fri Mar 02 12:51:40 2018 # Updated on 2018/08/02 by Malwarebytes # Database: 03-01-2018.1 # Running on Windows 10 Pro (X64) # Mode: scan # Support: https://www.malwarebytes.com/support ***** [ Services ] ***** PUP.Optional.ProxyGate, pgt_svc Trojan.Agent, WinDefender PUP.Adware.Heuristic, 709872e348c453b5f2c04f1e6e761268 PUP.Adware.Heuristic, 942a8dfecbe780a751e44976707a5dfd PUP.Adware.Heuristic, b0eae94c9ca4610002a5b214af782cc3 ***** [ Folders ] ***** PUP.Optional.Legacy, C:\Users\Théo\AppData\Roaming\browsers PUP.Optional.Legacy, C:\Windows\System32\SSL PUP.Optional.Legacy, C:\Windows\SysWOW64\SSL PUP.Optional.Legacy, C:\Users\Théo\AppData\Local\AdvinstAnalytics Adware.Tuto4PC, C:\Users\Théo\AppData\Local\Temp\ShutdownTime Adware.Tuto4PC, C:\Program Files (x86)\bestDownloader Adware.Tuto4PC, C:\Users\Théo\AppData\Local\Temp\bestDownloader PUP.Optional.BitCoinMiner, C:\Users\Théo\AppData\Roaming\gplyra PUP.Optional.FastDataX, C:\Users\Théo\AppData\Roaming\FastDataX PUP.Optional.OneSystemCare, C:\Program Files (x86)\OneSystemCare PUP.Optional.OneSystemCare, C:\Users\Théo\AppData\Roaming\OneSystemCare PUP.Optional.OneSystemCare, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\One System Care PUP.Optional.OneSystemCare, C:\Users\Théo\AppData\Roaming\One System Care PUP.Optional.SystemHealer, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Healer PUP.Optional.SystemHealer, C:\Users\Théo\AppData\Roaming\System Healer PUP.Optional.SystemHealer, C:\Program Files (x86)\SystemHealer PUP.Optional.SystemHealer, C:\Users\Théo\AppData\Roaming\SystemHealer PUP.Optional.ProxyGate, C:\Program Files (x86)\ProxyGate Adware.OnlineIO, C:\ProgramData\Microleaves Adware.OnlineIO, C:\ProgramData\Application Data\Microleaves Adware.OnlineIO, C:\Program Files (x86)\Microleaves Adware.OnlineIO, C:\Users\All Users\Microleaves Adware.OnlineIO, C:\Users\Théo\AppData\Roaming\Microleaves Trojan.Agent, C:\Windows\rss Adware.NeoBar, C:\Program Files (x86)\seyizDCNnFUn Adware.NeoBar, C:\Program Files (x86)\pBsTWTvYOXtU2 Adware.NeoBar, C:\Program Files (x86)\mexiCphuiIE Adware.NeoBar, C:\Program Files (x86)\GveoMZenU Adware.NeoBar, C:\Program Files (x86)\zKUGIuVeiGvyC Adware.NeoBar, C:\Program Files (x86)\eDQUsUcxIryKmPtCCUR PUP.Optional.SoftUpgrade, C:\Program Files (x86)\SoftUpgrade PUP.Optional.InterStat, C:\Users\Théo\AppData\Roaming\Interstatnogui PUP.Optional.OnlineIO, C:\Windows\Installer\{5266F634-7B7D-4537-BDDC-98DD6CFCBAA1} PUP.Optional.1stBrowser, C:\Users\Théo\AppData\Roaming\SPI PUP.Optional.Glupteba, C:\Users\Théo\AppData\Roaming\EpicNet Inc PUP.Optional.Glupteba, C:\Users\Théo\AppData\Roaming\EpicNet Inc. PUP.Optional.MirageISO, C:\Users\Public\Documents\XMUpdate PUP.Adware.Heuristic, C:\Program Files\b0eae94c9ca4610002a5b214af782cc3 PUP.Adware.Heuristic, C:\Program Files\88eaffc855bc153f3fce99e7e80652ac PUP.Adware.Heuristic, C:\ProgramData\0bf6b030-4f77-1 PUP.Adware.Heuristic, C:\ProgramData\0bf6b030-6c07-0 PUP.Adware.Heuristic, C:\ProgramData\5a0e9510-3881-1 PUP.Adware.Heuristic, C:\ProgramData\5a0e9510-65c5-0 ***** [ Files ] ***** PUP.Optional.Legacy, C:\Users\Théo\appdata\local\installationconfiguration.xml PUP.Optional.ChinAd, C:\Windows\SysNative\drivers\wfcre.sys Adware.Linkury, C:\Users\Théo\AppData\Local\PO.DB PUP.Optional.OneSystemCare, C:\Users\Théo\Desktop\Launch One System Care.lnk PUP.Optional.SystemHealer, C:\Users\Théo\Desktop\Launch System Healer.lnk Trojan.Downloader, C:\ProgramData\service.exe Trojan.Downloader, C:\ProgramData\Application Data\service.exe Trojan.Downloader, C:\Users\All Users\service.exe Trojan.Agent, C:\Windows\windefender.exe Trojan.Agent, C:\Windows\SysNative\drivers\WinmonProcessMonitor.sys Trojan.Agent, C:\Windows\SysNative\drivers\WinmonFS.sys Trojan.Agent, C:\Windows\SysNative\drivers\Winmon.sys PUP.Optional.OnlineIO, C:\Windows\Installer\SOURCEHASH{5266F634-7B7D-4537-BDDC-98DD6CFCBAA1} ***** [ DLL ] ***** No malicious DLLs found. ***** [ WMI ] ***** No malicious WMI found. ***** [ Shortcuts ] ***** No malicious shortcuts found. ***** [ Tasks ] ***** PUP.Optional.Legacy, Online Application V2G1 PUP.Optional.Legacy, Online Application V2G3 PUP.Optional.Legacy, Online Application V2G2 PUP.Optional.Legacy, One System Care Monitor PUP.Optional.BitCoinMiner, LaCieS PUP.Optional.FastDataX, FastDataX Task PUP.Optional.OneSystemCare, OneSystemCare Task PUP.Optional.SystemHealer, SystemHealer Task PUP.Optional.SystemHealer, System Healer Monitor Adware.OnlineIO, Online Application V2G6 Adware.OnlineIO, Online Application V2G4 Adware.OnlineIO, Online Application V2G5 Adware.NeoBar, OHurYzwpfZsLsh Adware.NeoBar, wXkHuguozQzssiw2 Adware.NeoBar, oWotDXBujaUxMpNAqmS2 Adware.NeoBar, VTsFYYvpoVEusFPoU2 PUP.Optional.SoftUpgrade, SoftUpgrade PUP.Optional.Microleaves, Updater_Online_Application PUP.Adware.Heuristic, b0eae94c9ca4610002a5b214af782cc3 ***** [ Registry ] ***** PUP.Optional.Legacy, [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\cmptch.com PUP.Optional.Legacy, [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\static.cmptch.com PUP.Optional.Legacy, [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\cmptch.com PUP.Optional.Legacy, [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\static.cmptch.com PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Speedownloader0099 PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Microsoft\DMunversion PUP.Optional.Legacy, [Value] - HKU\S-1-5-21-1056971535-3608291700-1787555387-1001\Software\Microsoft\Windows\CurrentVersion\Run | Interstatnogui PUP.Optional.Legacy, [Value] - HKU\S-1-5-21-1056971535-3608291700-1787555387-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run | Interstatnogui PUP.Optional.Legacy, [Value] - HKCU\Software\Microsoft\Windows\CurrentVersion\Run | Interstatnogui PUP.Optional.Legacy, [Value] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run | gplyra PUP.Optional.Legacy, [Value] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run | gplyra PUP.Optional.Legacy, [Key] - HKCU\Software\Classes\Applications\interstatnogui.exe PUP.Optional.Wajam, [Key] - HKU\S-1-5-21-1056971535-3608291700-1787555387-1001\Software\WajIEnhance PUP.Optional.Wajam, [Key] - HKCU\Software\WajIEnhance PUP.Optional.Wajam, [Key] - HKLM\SOFTWARE\SrcAAAesom Browser Enhancer PUP.Optional.Wajam, [Key] - HKLM\SOFTWARE\CLASSES\APPID\56BF5154-0B48-4ADB-902A-6C8B12E270D9 Adware.Tuto4PC, [Value] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run | bestDownloader Adware.Tuto4PC, [Value] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32 | bestDownloader PUP.Optional.YeaDesktop, [Key] - HKU\S-1-5-21-1056971535-3608291700-1787555387-1001\Software\YeaDesktop PUP.Optional.YeaDesktop, [Key] - HKCU\Software\YeaDesktop PUP.Optional.YeaDesktop, [Value] - HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN\FEATURECONTROL\FEATURE_BROWSER_EMULATION | YeaDesktop.exe PUP.Optional.YeaDesktop, [Value] - HKLM\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BROWSER_EMULATION | YeaDesktop.exe PUP.Optional.BitCoinMiner, [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\gplyra PUP.Optional.BitCoinMiner, [Value] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run | Optimizer.exe PUP.Optional.BitCoinMiner, [Value] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32 | Optimizer.exe PUP.Optional.FastDataX, [Key] - HKU\S-1-5-21-1056971535-3608291700-1787555387-1001\Software\FastDataX PUP.Optional.FastDataX, [Key] - HKCU\Software\FastDataX PUP.Optional.OneSystemCare, [Key] - HKU\S-1-5-21-1056971535-3608291700-1787555387-1001\Software\One System Care PUP.Optional.OneSystemCare, [Key] - HKCU\Software\One System Care PUP.Optional.OneSystemCare, [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\OneSystemCare_is1 PUP.Optional.NeoBar.ChrPRST, [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\E3605470-291B-44EB-8648-745EE356599A PUP.Optional.SystemHealer, [Key] - HKU\S-1-5-21-1056971535-3608291700-1787555387-1001\Software\System Healer PUP.Optional.SystemHealer, [Key] - HKCU\Software\System Healer PUP.Optional.SystemHealer, [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SystemHealer_is1 PUP.Optional.Tuto4PC, [Key] - HKU\S-1-5-21-1056971535-3608291700-1787555387-1001\Software\MICROSOFT\wewewe PUP.Optional.Tuto4PC, [Key] - HKCU\Software\MICROSOFT\wewewe PUP.Optional.iCommerce, [Key] - HKLM\SOFTWARE\SHMADDON PUP.Optional.Epicsofts, [Key] - HKU\S-1-5-21-1056971535-3608291700-1787555387-1001\Software\Microsoft\Windows\CurrentVersion\Uninstall\CloudNet PUP.Optional.Epicsofts, [Key] - HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\CloudNet PUP.Optional.BestCleaner, [Key] - HKU\S-1-5-21-1056971535-3608291700-1787555387-1001\Software\Microsoft\BigTime PUP.Optional.BestCleaner, [Key] - HKCU\Software\Microsoft\BigTime Adware.OnlineIO, [Key] - HKLM\SOFTWARE\Microleaves Adware.NeoBar, [Key] - HKLM\SOFTWARE\Classes\CLSID\{C0D38E5A-7CF8-4105-8FE8-31B81443A114} Adware.NeoBar, [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C0D38E5A-7CF8-4105-8FE8-31B81443A114} Adware.NeoBar, [Key] - HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C0D38E5A-7CF8-4105-8FE8-31B81443A114} PUP.Optional.InterStat, [Key] - HKU\S-1-5-21-1056971535-3608291700-1787555387-1001\Software\Interstatnogui PUP.Optional.InterStat, [Key] - HKCU\Software\Interstatnogui Adware.DNSUnlocker, [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\11598763487076930564 PUP.Optional.CloudScout, [Key] - HKLM\SOFTWARE\5da059a482fd494db3f252126fbc3d5b Adware.VidSquare, [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A97606DF-0FE1-4390-B0DD-ADA8B303AE61}_is1 Adware.VidSquare, [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A97606DF-0FE1-4390-B0DD-ADA8B303AE61}_is1 PUP.Optional.WeatherAlerts, [Key] - HKLM\SOFTWARE\Microsoft\APreSam PUP.Optional.WeatherAlerts, [Key] - HKLM\SOFTWARE\Microsoft\NSaveA PUP.Optional.WeatherAlerts, [Key] - HKLM\SOFTWARE\Microsoft\PrAmNP PUP.Optional.WeatherAlerts, [Key] - HKLM\SOFTWARE\Microsoft\MPrForShutT PUP.Optional.WeatherAlerts, [Key] - HKLM\SOFTWARE\Microsoft\PrIncub PUP.Optional.WeatherAlerts, [Key] - HKU\S-1-5-21-1056971535-3608291700-1787555387-1001\Software\Microsoft\{cc6eb6d8-85b7-435p-8b86-51e4d16ea76d} PUP.Optional.WeatherAlerts, [Key] - HKCU\Software\Microsoft\{cc6eb6d8-85b7-435p-8b86-51e4d16ea76d} Trojan.Agent.Generic, [Key] - HKLM\SOFTWARE\texttotalk PUP.Optional.DNSUnlocker, [Key] - HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\ROOT\CERTIFICATES\26D9E607FFF0C58C7844B47FF8B6E079E5A2220E PUP.Optional.Glupteba, [Key] - HKU\S-1-5-21-1056971535-3608291700-1787555387-1001\Software\EpicNet Inc. PUP.Optional.Glupteba, [Key] - HKCU\Software\EpicNet Inc. PUP.Optional.Glupteba, [Value] - HKU\S-1-5-21-1056971535-3608291700-1787555387-1001\Software\Microsoft\Windows\CurrentVersion\Run | cloudnet PUP.Optional.Glupteba, [Value] - HKU\S-1-5-21-1056971535-3608291700-1787555387-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run | cloudnet PUP.Optional.Glupteba, [Value] - HKCU\Software\Microsoft\Windows\CurrentVersion\Run | cloudnet PUP.Optional.Microleaves, [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5266F634-7B7D-4537-BDDC-98DD6CFCBAA1} PUP.Optional.Microleaves, [Key] - HKU\.DEFAULT\Software\Caphyon\Advanced Updater\{F039D4A9-14D3-4425-A4FA-F2F9D5B0E014} PUP.Optional.Microleaves, [Key] - HKU\S-1-5-18\Software\Caphyon\Advanced Updater\{F039D4A9-14D3-4425-A4FA-F2F9D5B0E014} PUP.Optional.Microleaves, [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\436F6625D7B77354DBCD89DDC6CFAB1A PUP.Optional.Microleaves, [Key] - HKLM\SOFTWARE\Classes\Installer\Features\436F6625D7B77354DBCD89DDC6CFAB1A PUP.Optional.Microleaves, [Key] - HKLM\SOFTWARE\Classes\Installer\Products\436F6625D7B77354DBCD89DDC6CFAB1A PUP.Optional.Microleaves, [Value] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders | C:\Program Files (x86)\Microleaves\Online Application\ PUP.Optional.Microleaves, [Value] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders | C:\Program Files (x86)\Microleaves\ PUP.Optional.Microleaves, [Value] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders | C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\ Trojan.MaxiBuy, [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{716D2234-E822-4AB0-874A-1DD7F75047DB}_is1 ***** [ Firefox (and derivatives) ] ***** No malicious Firefox entries. ***** [ Chromium (and derivatives) ] ***** PUP.Optional.22ChromeEXT, Plugin found: Quick Searcher v16.2 - /!\ Please Reset the Chrome Synchronization before cleaning the Chrome Preferences: https://support.google.com/chrome/answer/3097271 ************************* ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt ##########