# ------------------------------- # Malwarebytes AdwCleaner 7.3.0.0 # ------------------------------- # Build: 04-04-2019 # Database: 2019-04-03.1 (Local) # Support: https://www.malwarebytes.com/support # # ------------------------------- # Mode: Clean # ------------------------------- # Start: 07-08-2019 # Duration: 00:00:08 # OS: Windows 7 Ultimate # Cleaned: 72 # Failed: 0 ***** [ Services ] ***** No malicious services cleaned. ***** [ Folders ] ***** Deleted C:\Program Files (x86)\UNINSTALL NEXUS Deleted C:\ProgramData\B0B9B602000053A8 Deleted C:\Users\Léo\AppData\Local\Temp\OpenCandy Deleted C:\Users\Léo\AppData\Local\Temp\VideoConverter Deleted C:\Users\Léo\AppData\Roaming\MailUpdate Deleted C:\Users\Léo\AppData\Roaming\Microsoft\Windows\Start Menu\Desktop Search Deleted C:\Users\Léo\AppData\Roaming\infoSiw Deleted C:\Users\Léo\Documents\PCProtect Deleted C:\Windows\rss ***** [ Files ] ***** Deleted C:\Users\Léo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Mail.Ru.lnk Deleted C:\Users\Léo\Downloads\DriverToolkitInstaller.exe Deleted C:\Users\Léo\Favorites\Mail.Ru.url Deleted C:\Users\Léo\Favorites\?????? ? ?????????.url ***** [ DLL ] ***** No malicious DLLs cleaned. ***** [ WMI ] ***** No malicious WMI cleaned. ***** [ Shortcuts ] ***** No malicious shortcuts cleaned. ***** [ Tasks ] ***** No malicious tasks cleaned. ***** [ Registry ] ***** Deleted HKCU\Software\APN Deleted HKCU\Software\APN PIP Deleted HKCU\Software\Google\Chrome\NativeMessagingHosts\ru.mail.go.ext_info_host Deleted HKCU\Software\Kromtech Deleted HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A} Deleted HKCU\Software\Microsoft\Internet Explorer\Main|Start Page Deleted HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{FFEBBF0A-C22C-4172-89FF-45215A135AC7} Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{D01A33E2-0A34-4659-82AA-8A90C51C0D21} Deleted HKCU\Software\Mozilla\NativeMessagingHosts\ru.mail.go.ext_info_host Deleted HKCU\Software\SSProtect Deleted HKCU\Software\Store Deleted HKCU\Software\WTools Deleted HKCU\Software\infoSiw Deleted HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL Deleted HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|TCP Query User{1BFAD520-1BDF-4C33-B909-AB7CD4AF07AD}C:\users\léo\appdata\roaming\cacaoweb\cacaoweb.exe Deleted HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|TCP Query User{F502591F-8B3A-4F59-ABC2-DF51D8047CFC}C:\users\léo\appdata\roaming\cacaoweb\cacaoweb.exe Deleted HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|UDP Query User{2243478A-09D8-45AF-814F-E4A88C9B5136}C:\users\léo\appdata\roaming\cacaoweb\cacaoweb.exe Deleted HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|UDP Query User{904A81A8-4F56-4702-B422-42DD83087D33}C:\users\léo\appdata\roaming\cacaoweb\cacaoweb.exe Deleted HKLM\Software\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874} Deleted HKLM\Software\Classes\IESearchPlugin.MailRuBHO Deleted HKLM\Software\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF Deleted HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF Deleted HKLM\Software\Classes\Installer\UpgradeCodes\1C875DDE39636004CA8CDAEC335B4160 Deleted HKLM\Software\Classes\Installer\UpgradeCodes\F928123A039649549966d4C29D35B1C9 Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\1C875DDE39636004CA8CDAEC335B4160 Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\F928123A039649549966d4C29D35B1C9 Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0CFE535C35F99574E8340BFA75BF92C2 Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\120DFADEB50841F408F04D2A278F9509 Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\261F213D1F55267499B1F87D0CC3BCF7 Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B0DA5D75B5B33B4B83724742699814F Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\741B4ADF27276464790022C965AB6DA8 Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7DE196B10195F5647A2B21B761F3DE01 Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9D4F5849367142E4685ED8C25E44C5ED Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A5875B04372C19545BEB90D4D606C472 Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A876D9E80B896EC44A8620248CC79296 Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AAC05EAA51DC78A41A1DCE3B31038584 Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B5BAE2ED018083A4C8DA86D6E3F4B024 Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B66FFAB725B92594C986DE826A867888 Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BA71D41F6CC0B6247B05D473850A8AEA Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C506B89D971FBA3418F37674F3BC1244 Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CA0054A5AB3EFFE4CB5660E44A1E7DCC Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FEA78903E905F6C41BA2E3CC615507CA Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\E8E877ED6825FF148AE54DA13648DD38 Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\BubbleSound Deleted HKLM\Software\WebBar Deleted HKLM\Software\Wow6432Node\APN Deleted HKLM\Software\Wow6432Node\AskToolbar Deleted HKLM\Software\Wow6432Node\SpeedBit Deleted HKLM\Software\Wow6432Node\\Classes\AppID\GenericAskToolbar.DLL Deleted HKLM\Software\Wow6432Node\\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874} Deleted HKLM\Software\Wow6432Node\\Classes\CLSID\{8E8F97CD-60B5-456F-A201-73065652D099} Deleted HKLM\Software\Wow6432Node\\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68AE298D-7E8A-4F53-BE55-15D2B065F6C0} Deleted HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E8F97CD-60B5-456F-A201-73065652D099} Deleted HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Run|ApnUpdater Deleted HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{D01A33E2-0A34-4659-82AA-8A90C51C0D21} Deleted HKU\.DEFAULT\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-18\Software\shopperz ***** [ Chromium (and derivatives) ] ***** Deleted ???????? ???????? ? ????? ?? Mail.Ru Deleted ????? ***** [ Chromium URLs ] ***** No malicious Chromium URLs cleaned. ***** [ Firefox (and derivatives) ] ***** No malicious Firefox entries cleaned. ***** [ Firefox URLs ] ***** No malicious Firefox URLs cleaned. ************************* [+] Delete Tracing Keys [+] Reset Winsock ************************* AdwCleaner[S00].txt - [9311 octets] - [08/07/2019 11:47:38] ########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########