# AdwCleaner 7.0.8.0 - Logfile created on Mon Apr 02 18:53:04 2018 # Updated on 2018/08/02 by Malwarebytes # Running on Windows 10 Home Pro (X64) # Mode: clean # Support: https://www.malwarebytes.com/support ***** [ Services ] ***** Deleted: HNService ***** [ Folders ] ***** Deleted: C:\Users\Kelai\AppData\Roaming\vShare Deleted: C:\Users\Kelai\Documents\vShare Deleted: C:\Users\Kelai\AppData\Local\Поиcк в Интeрнете Deleted: C:\Users\Kelai\AppData\Local\Вoйти в Интeрнет Deleted: C:\Users\Kelai\AppData\Local\Kometa Deleted: C:\Users\Kelai\AppData\Roaming\OneSystemCare Deleted: C:\Users\Kelai\AppData\Local\AdService Deleted: C:\ProgramData\Mail.Ru Deleted: C:\ProgramData\Application Data\Mail.Ru Deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Mail.Ru Deleted: C:\Program Files (x86)\Mail.Ru Deleted: C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Mail.Ru Deleted: C:\Users\All Users\Mail.Ru Deleted: C:\Users\Kelai\AppData\Local\Mail.Ru Deleted: C:\Users\Kelai\AppData\Roaming\\wget Deleted: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft\WebCompanion Deleted: C:\Program Files (x86)\nzctHtEYomUn Deleted: C:\Program Files (x86)\dmpYwNbvAIE Deleted: C:\Program Files (x86)\xgpUQycTQqVU2 Deleted: C:\Program Files (x86)\fBAefcjbU Deleted: C:\Program Files (x86)\LhRqTWvAWAkNC Deleted: C:\Program Files (x86)\HroDwsJolcQKhkTVgGR Deleted: C:\Users\Kelai\AppData\Local\Kometa Deleted: C:\ProgramData\\{0897014C-63E3-47DF-8A5F-4399CC5D61B9} Deleted: C:\ProgramData\ee07e098-1cb5-1 Deleted: C:\ProgramData\ee07e098-5091-0 ***** [ Files ] ***** Deleted: C:\END Deleted: C:\Users\Kelai\Favorites\Mail.Ru.url Deleted: C:\Users\Kelai\Favorites\Mail.Ru Агент - используй для общения!.url Deleted: C:\Users\Kelai\AppData\Roaming\Mozilla\Firefox\Profiles\3tspysz3.default-1504974185514\searchplugins\bing-lavasoft.xml ***** [ DLL ] ***** No malicious DLLs cleaned. ***** [ WMI ] ***** No malicious WMI cleaned. ***** [ Shortcuts ] ***** No malicious shortcuts cleaned. ***** [ Tasks ] ***** Deleted: wget Deleted: wgets Deleted: PpWUtqNAktYcHMPNs2 Deleted: XblfzlrMwbeaKro2 Deleted: hesymncsXSHUyo Deleted: OXEQaMeQLrItgErZxsR2 ***** [ Registry ] ***** Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\DOMStorage\auto.mail.ru Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\DOMStorage\deti.mail.ru Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\DOMStorage\health.mail.ru Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\DOMStorage\hi-tech.mail.ru Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\DOMStorage\kino.mail.ru Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\DOMStorage\lady.mail.ru Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\DOMStorage\love.mail.ru Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\DOMStorage\mail.ru Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\DOMStorage\my.mail.ru Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\DOMStorage\news.mail.ru Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\DOMStorage\news.rambler.ru Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\DOMStorage\otvet.mail.ru Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\DOMStorage\rambler.ru Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\DOMStorage\www.rambler.ru Deleted: [Data] - HKCU\Software\Microsoft\Internet Explorer\Main|Start Page [http:\\granena.ru\?utm_content=31b5cebd524a9af6c7a772dca81815e9&utm_source=startpm&utm_term=4fd981659cc4e14c18347441218f9569&utm_d=20180325] Deleted: [Key] - HKU\S-1-5-21-4166688732-445737204-4036045611-1000\Software\Microsoft\Gosearchq Deleted: [Key] - HKCU\Software\Microsoft\Gosearchq Deleted: [Key] - HKU\S-1-5-21-4166688732-445737204-4036045611-1000\Software\Microsoft\Gosearch Deleted: [Key] - HKCU\Software\Microsoft\Gosearch Deleted: [Key] - HKLM\SOFTWARE\Lavasoft\Web Companion Deleted: [Key] - HKU\S-1-5-21-4166688732-445737204-4036045611-1000\Software\Lavasoft\Web Companion Deleted: [Key] - HKCU\Software\Lavasoft\Web Companion Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{8E8F97CD-60B5-456F-A201-73065652D099} Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E8F97CD-60B5-456F-A201-73065652D099} Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68AE298D-7E8A-4F53-BE55-15D2B065F6C0} Deleted: [Key] - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com Deleted: [Key] - HKU\S-1-5-21-4166688732-445737204-4036045611-1000\Software\NetBox Deleted: [Key] - HKCU\Software\NetBox Deleted: [Key] - HKU\S-1-5-21-4166688732-445737204-4036045611-1000\Software\Microsoft\KometaInstaller Deleted: [Key] - HKCU\Software\Microsoft\KometaInstaller Deleted: [Key] - HKU\.DEFAULT\Software\ByteFence Deleted: [Key] - HKU\S-1-5-18\Software\ByteFence Deleted: [Value] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION|ByteFence.exe Deleted: [Key] - HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Reason\ReasonByteFence Deleted: [Key] - HKU\S-1-5-21-4166688732-445737204-4036045611-1000\Software\One System Care Deleted: [Key] - HKCU\Software\One System Care Deleted: [Key] - HKLM\SOFTWARE\Mail.Ru Deleted: [Key] - HKU\S-1-5-21-4166688732-445737204-4036045611-1000\Software\Mail.Ru Deleted: [Key] - HKU\S-1-5-21-4166688732-445737204-4036045611-1000\Software\AppDataLow\Software\Mail.Ru Deleted: [Key] - HKCU\Software\Mail.Ru Deleted: [Key] - HKCU\Software\AppDataLow\Software\Mail.Ru Deleted: [Key] - HKCU\Software\Google\Chrome\NativeMessagingHosts\ru.mail.go.ext_info_host Deleted: [Key] - HKCU\Software\Mozilla\NativeMessagingHosts\ru.mail.go.ext_info_host Deleted: [Key] - HKLM\SOFTWARE\Classes\Applications\DriverDocSetup.exe Deleted: [Value] - HKCU\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store|C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanionInstaller.exe Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{C0D38E5A-7CF8-4105-8FE8-31B81443A114} Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C0D38E5A-7CF8-4105-8FE8-31B81443A114} Deleted: [Key] - HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C0D38E5A-7CF8-4105-8FE8-31B81443A114} Deleted: [Key] - HKU\S-1-5-21-4166688732-445737204-4036045611-1000\Software\MICROSOFT\KometaInstaller Deleted: [Key] - HKCU\Software\MICROSOFT\KometaInstaller Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\11598763487076930564 Deleted: [Key] - HKU\S-1-5-21-4166688732-445737204-4036045611-1000\Software\csastats Deleted: [Key] - HKCU\Software\csastats Deleted: [Key] - HKU\S-1-5-21-4166688732-445737204-4036045611-1000\Software\SetupCompany Deleted: [Key] - HKCU\Software\SetupCompany ***** [ Firefox (and derivatives) ] ***** Plugin deleted: Домашняя страница Mail.Ru - Plugin deleted: Поиск Mail.Ru - Plugin deleted: __MSG_extName__ - Plugin deleted: __MSG_extName__ - ***** [ Chromium (and derivatives) ] ***** No malicious Chromium entries deleted. ************************* ::Tracing keys deleted ::Winsock settings cleared ::Additional Actions: 0 ************************* C:/AdwCleaner/AdwCleaner[S0].txt - [8670 B] - [2018/4/2 18:51:22] ########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt ##########