# ------------------------------- # Malwarebytes AdwCleaner 7.2.3.1 # ------------------------------- # Build: 09-03-2018 # Database: (Cloud) # Support: https://www.malwarebytes.com/support # # ------------------------------- # Mode: Clean # ------------------------------- # Start: 09-20-2018 # Duration: 00:00:09 # OS: Windows 7 Professional # Cleaned: 71 # Failed: 0 ***** [ Services ] ***** Deleted Windefender Deleted Nettrans Deleted backlh ***** [ Folders ] ***** Deleted C:\ProgramData\Kolnixos Deleted C:\ProgramData\Logic Cramble Deleted C:\ProgramData\7E2DA2E0-6BE5-1 Deleted C:\ProgramData\7E2DA2E0-5E03-0 Deleted C:\Users\ZITOUNI\AppData\Roaming\DRPSu Deleted C:\Users\ZITOUNI\AppData\Roaming\EpicNet Inc Deleted C:\ProgramData\PrefsSecure Deleted C:\Windows\Temp\Smartbar Deleted C:\Users\ZITOUNI\AppData\Local\WhiteClick ***** [ Files ] ***** Deleted C:\Windows\System32\mcicda32.dll Deleted C:\Windows\System32\config\systemprofile\appdata\local\installationconfiguration.xml Deleted C:\Users\ZITOUNI\appdata\local\installationconfiguration.xml Deleted C:\Users\ZITOUNI\AppData\Local\Main.dat Deleted C:\Users\ZITOUNI\AppData\Local\Temp\WhiteClick.exe Deleted C:\Windows\System32\findit.xml Deleted C:\Windows\System32\drivers\WinmonProcessMonitor.sys ***** [ DLL ] ***** No malicious DLLs cleaned. ***** [ WMI ] ***** No malicious WMI cleaned. ***** [ Shortcuts ] ***** Deleted C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk Deleted C:\Users\Public\Desktop\Google Chrome.lnk Deleted C:\Users\ZITOUNI\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk Deleted C:\Users\ZITOUNI\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk Deleted C:\Users\ZITOUNI\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk Deleted C:\Users\ZITOUNI\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk Deleted C:\Users\ZITOUNI\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk ***** [ Tasks ] ***** Deleted C:\Windows\System32\Tasks\ScheduledUpdate Deleted C:\Windows\System32\Tasks\eVSrriCnrZQlODxsGDB2 Deleted C:\Windows\System32\Tasks\xdbGJPONaKkXIL Deleted C:\Windows\System32\Tasks\gkNqfjNoNlLfJVmHB2 Deleted C:\Windows\System32\Tasks\yKMtMHoPoUUExsP2 ***** [ Registry ] ***** Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0D7DA3B5-ABB5-4597-9C06-FA347FBC81B9} Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ScheduledUpdate Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\11598763487076930564 Deleted HKLM\Software\MICROSOFT\TechnologyDesktopnew Deleted HKLM\SOFTWARE\MICROSOFT\Speedycar Deleted HKCU\Software\mtKolnixo Deleted HKLM\Software\mtKolnixo Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\1655C0CA-7AE7-4012-8502-970C8675E5F8 Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{DF1F1901-098E-4B7E-BDAB-BBAD7AEC2086} Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF1F1901-098E-4B7E-BDAB-BBAD7AEC2086} Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DF1F1901-098E-4B7E-BDAB-BBAD7AEC2086} Deleted HKLM\Software\Classes\CLSID\{DF1F1901-098E-4B7E-BDAB-BBAD7AEC2086} Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5988FF38-599B-4727-9E6D-32F4D716E7E6} Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\eVSrriCnrZQlODxsGDB2 Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B8941868-4A8A-4792-AD6D-3F3B20AA0FC8} Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B8941868-4A8A-4792-AD6D-3F3B20AA0FC8} Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\xdbGJPONaKkXIL Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{47E9B9C9-52FD-4727-9F60-4BB59BF07842} Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\gkNqfjNoNlLfJVmHB2 Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3EF2DC6C-EBD8-4877-B941-1153AC07A6E8} Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\yKMtMHoPoUUExsP2 Deleted HKCU\Software\drpsu Deleted HKLM\Software\drpsu Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\drp.su Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\CloudNet Deleted HKCU\Software\FastDataX Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Run|cloudnet Deleted HKCU\Software\EpicNet Inc. Deleted HKCU\Software\csastats Deleted HKLM\System\CurrentControlSet\Services\EventLog\Application\Application Hosting Deleted HKLM\Software\Microsoft\Internet Explorer\SearchScopes|DefaultScope Deleted HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{ielnksrch} Deleted HKLM\Software\Microsoft\Internet Explorer\SearchScopes\ielnksrch Deleted HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\tvplusnewtab.com Deleted HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\fr.tvplusnewtab.com Deleted HKU\.DEFAULT\Environment|SNP Deleted HKU\S-1-5-18\Environment|SNP Deleted HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\medianewpage.com Deleted HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\fr.medianewpage.com ***** [ Chromium (and derivatives) ] ***** Deleted Quick Searcher ***** [ Chromium URLs ] ***** No malicious Chromium URLs cleaned. ***** [ Firefox (and derivatives) ] ***** No malicious Firefox entries cleaned. ***** [ Firefox URLs ] ***** No malicious Firefox URLs cleaned. ************************* [+] Delete Tracing Keys [+] Reset Winsock ************************* AdwCleaner[S00].txt - [7735 octets] - [20/09/2018 12:43:43] AdwCleaner[S01].txt - [7796 octets] - [20/09/2018 12:45:29] AdwCleaner[S02].txt - [7857 octets] - [20/09/2018 12:47:01] AdwCleaner[S03].txt - [7918 octets] - [20/09/2018 12:51:49] AdwCleaner[S04].txt - [7979 octets] - [20/09/2018 12:53:23] ########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C04].txt ##########