Вы находитесь на странице: 1из 5

# AdwCleaner 7.0.2.

1 - Logfile created on Mon Sep 18 13:28:11 2017


# Updated on 2017/29/08 by Malwarebytes
# Running on Windows 7 Ultimate (X86)
# Mode: clean
# Support: https://www.malwarebytes.com/support

***** [ Services ] *****

Deleted: WinDefender
Deleted: 58627a6a528791500b418c8a308fbe99
Deleted: b12855b2f1bbede9e24c1e08c50a9c9e

***** [ Folders ] *****

Deleted: C:\Program Files\Default Company Name


Deleted: C:\ProgramData\IObit\Advanced SystemCare
Deleted: C:\ProgramData\Application Data\IObit\Advanced SystemCare
Deleted: C:\Users\All Users\IObit\Advanced SystemCare
Deleted: C:\Windows\System32\\SSL
Deleted: C:\Windows\System32\\sstmp
Deleted: C:\Program Files\\reports
Deleted: C:\Users\Nano32\AppData\Roaming\.acestream
Deleted: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\mipony
Deleted: C:\Program Files\mipony
Deleted: C:\Users\Nano32\AppData\Roaming\mipony
Deleted: C:\Users\Nano32\Documents\mipony
Deleted: C:\Windows\System32\config\systemprofile\AppData\Local\AdvinstAnalytics
Deleted: C:\Users\Nano32\AppData\Roaming\devnull
Deleted: C:\ProgramData\Plusdaxs
Deleted: C:\ProgramData\Application Data\Plusdaxs
Deleted: C:\Users\All Users\Plusdaxs
Deleted: C:\Windows\\rss
Deleted: C:\Windows\Temp\Smartbar
Deleted: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Auslogics
Deleted: C:\ProgramData\Auslogics
Deleted: C:\ProgramData\Application Data\Auslogics
Deleted: C:\Program Files\Auslogics
Deleted: C:\Windows\System32\Tasks\Auslogics
Deleted: C:\Users\All Users\Auslogics
Deleted: C:\Program Files\2c328ea002237ab3a652554604fcda95
Deleted: C:\Program Files\a536b5ff6f5b24584730e9f4919dcb93
Deleted: C:\Program Files\bcadc9f6b822284554d09776ebbbfb1f
Deleted: C:\Program Files\dafe6ef9bcec36c6a3ce48260fc32500

***** [ Files ] *****

Deleted: C:\Windows\System32\\chtbrkg.dll
Deleted: C:\Users\Nano32\AppData\Local\Main.dat
Deleted: C:\Users\All Users\Documents\\report.dat
Deleted: C:\Users\Public\Documents\\report.dat
Deleted: C:\Users\All Users\Documents\\temp.dat
Deleted: C:\Users\Public\Documents\\temp.dat
Deleted: C:\Program Files\\settings.dat
Deleted: C:\Users\Nano32\AppData\Roaming\Microsoft\Internet Explorer\Quick
Launch\MiPony.lnk
Deleted: C:\Users\Nano32\Desktop\MiPony.lnk
Deleted: C:\TOSTACK
Deleted:
C:\Windows\System32\config\systemprofile\appdata\local\installationconfiguration.xm
l
Deleted: C:\Windows\System32\EsgScanner.sys

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

Deleted: SystemHealer Monitor


Deleted: SystemHealer Run Delay
Deleted: RDReminder
Deleted: Microsoft\Windows\Windows Error Reporting\ErrorReporting
Deleted: PC SpeedUp Service Deactivator
Deleted: SystemHealer Task

***** [ Registry ] *****

Deleted: [Key] - HKLM\SOFTWARE\Standuck


Deleted: [Key] - HKCU\Software\Microsoft\Internet
Explorer\DOMStorage\ak.staticimgfarm.com
Deleted: [Key] - HKCU\Software\Microsoft\Internet
Explorer\DOMStorage\cloudfront.net
Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\DOMStorage\cmptch.com
Deleted: [Key] - HKCU\Software\Microsoft\Internet
Explorer\DOMStorage\static.cmptch.com
Deleted: [Key] - HKCU\Software\Microsoft\Internet
Explorer\DOMStorage\staticimgfarm.com
Deleted: [Key] - HKCU\Software\Microsoft\Internet
Explorer\DOMStorage\tags.unicefusa.org
Deleted: [Key] - HKCU\Software\Microsoft\Internet
Explorer\DOMStorage\ttdetect.staticimgfarm.com
Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\DOMStorage\unicefusa.org
Deleted: [Key] - HKCU\Software\Microsoft\Internet
Explorer\DOMStorage\www.unicefusa.org
Deleted: [Value] -
HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\Firew
allRules|TCP Query User{273ACD19-3162-4325-98C5-
086ADE8698AD}C:\users\nano32\appdata\roaming\kodi\userdata\addon_data\program.plexu
s\acestream\ace_engine.exe
Deleted: [Value] -
HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\Firew
allRules|UDP Query User{49443591-2A74-4D08-A953-
7C3E6F0D6E23}C:\users\nano32\appdata\roaming\kodi\userdata\addon_data\program.plexu
s\acestream\ace_engine.exe
Deleted: [Value] - HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes|
DefaultScope
Deleted: [Key] - HKU\.DEFAULT\Software\UpgSvr
Deleted: [Key] - HKU\S-1-5-21-1580453170-891617326-3021566582-1001\Software\UpgSvr
Deleted: [Key] - HKU\S-1-5-18\Software\UpgSvr
Deleted: [Key] - HKCU\Software\UpgSvr
Deleted: [Key] - HKU\S-1-5-21-1580453170-891617326-3021566582-1001\Software\PopWnd
Deleted: [Key] - HKCU\Software\PopWnd
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MiPony
Deleted: [Key] - HKU\S-1-5-21-1580453170-891617326-3021566582-
1001\Software\MICROSOFT\OTUT
Deleted: [Key] - HKCU\Software\MICROSOFT\OTUT
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\{94ebd7b5-82ae-449t-b679-3d04078ed154}
Deleted: [Key] - HKLM\SOFTWARE\mweshield
Deleted: [Key] - HKLM\SOFTWARE\msServer
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Searchy
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\
{24F5E422-6A70-4FAA-8CAD-E23D5DC1DAE6}
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\
{DD0688A5-FC8B-4E93-A485-CBF606A56D49}
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\DMunversion
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{2BEF239C-752E-4001-8048-
F256E0D8CD93}
Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{35B8892D-C3FB-4D88-990D-31DB2EBD72BD}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-
DE7FA4768F5C}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{49C00A51-6E59-41FE-B3FA-
2D2157FAD67B}
Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{5EB0259D-AB79-4AE6-A6E6-24FFE21C3DA4}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{6DFF5DBA-AE3A-46DB-B301-
ECFFC6DB2982}
Deleted: [Key] - HKLM\SOFTWARE\Classes\TypeLib\{93E3D79C-0786-48FF-9329-
93BC9F6DC2B3}
Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{B89F5C49-51DB-4974-AB5A-E25901AA339C}
Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{CADAF6BE-BF50-4669-8BFD-C27BD4E6181B}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{DE34CD67-F1C8-4001-9A23-
B8A68F63F377}
Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{E9B5B0D2-D08A-49FC-8B5C-159B60BAA268}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-
1371C6271785}
Deleted: [Key] - HKLM\SOFTWARE\Classes\TypeLib\{81CA8FCD-1420-4A07-B47D-
B30F3DDA79E1}
Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{3CCC052E-BDEE-408A-BEA7-90914EF2964B}
Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{61F47056-E400-43D3-AF1E-AB7DFFD4C4AD}
Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{E2B98EEA-EE55-4E9B-A8C1-6E5288DF785A}
Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{8BF0126F-A5B7-4720-ABB2-2414A0AF5474}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{6C42038D-817A-472C-8C2A-
EF46F1DA576D}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{873C7DA8-195D-4D5A-B830-
C5E2831901EA}
Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{35F4BB37-03C5-41DE-85AF-7C301390C7EC}
Deleted: [Key] - HKLM\SOFTWARE\Classes\AppID\{3E0DB45B-9FCC-4064-B48C-080BD03A99A4}
Deleted: [Key] - HKLM\SOFTWARE\Classes\AppID\{C81BED3B-31BD-491F-813D-78EFC2638CE1}
Deleted: [Key] - HKLM\SOFTWARE\Classes\TypeLib\{38DD0B4A-E4E0-4A57-99EE-
DCCB185B4728}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{BF8946CD-EEBE-436B-8282-
B19A021C9EFE}
Deleted: [Key] - HKLM\SOFTWARE\Classes\TypeLib\{45965C76-4C88-4512-9358-
368483E1C3B1}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{D8CB24E3-DDA3-4B7F-8BA3-
871DB7D3D986}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{F6DF4318-A699-4E88-BE1D-
84F4A009B08A}
Deleted: [Key] - HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application
Deleted: [Key] - HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application
Deleted: [Key] - HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application
Deleted: [Key] - HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\
{9522B3FB-7A2B-4646-8AF6-36E7F593073C}
Deleted: [Key] - HKLM\SOFTWARE\Classes\DesktopBackground\Shell\Add event reminder
Deleted: [Key] - HKLM\SOFTWARE\Classes\Directory\Background\shell\Add event
reminder
Deleted: [Key] - HKLM\SOFTWARE\Classes\Directory\shell\Add event reminder
Deleted: [Key] -
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers
\###MegaShellExtPending
Deleted: [Key] -
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers
\###MegaShellExtSynced
Deleted: [Key] -
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers
\###MegaShellExtSyncing
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App
Paths\MiPony.exe
Deleted: [Key] -
HKLM\SYSTEM\CurrentControlSet\Control\Power\User\PowerSchemes\04262113-2a31-48e1-
b4bb-3b42174bea0f
Deleted: [Key] -
HKLM\SYSTEM\CurrentControlSet\Control\Power\User\PowerSchemes\e24b7131-d039-43cb-
9e6f-ad4be601ec1f
Deleted: [Key] - HKLM\SOFTWARE\Classes\*\shell\Add event reminder
Deleted: [Value] - HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost|
WinSAPSvc
Deleted: [Key] - HKLM\SOFTWARE\CLASSES\APPID\56BF5154-0B48-4ADB-902A-6C8B12E270D9
Deleted: [Data] - HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows|
AppInit_DLLs [C:\ProgramData\Plusdax\Warmis.dll,C:\Windows\system32\nvinit.dll]
Deleted: [Value] - HKCU\Environment|SNF
Deleted: [Value] - HKCU\Environment|SNP
Deleted: [Key] - HKU\S-1-5-21-1580453170-891617326-3021566582-1001\Software\win
Deleted: [Key] - HKCU\Software\win
Deleted: [Key] - HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application
Deleted: [Key] - HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application
Deleted: [Key] -
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\11598763487076930564
Deleted: [Key] - HKU\S-1-5-21-1580453170-891617326-3021566582-
1001\Software\Installer
Deleted: [Key] - HKCU\Software\Installer
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\services
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\{6711eba6-cf08-4edw-9528-86004fa424bb}
Deleted: [Key] - HKU\S-1-5-21-1580453170-891617326-3021566582-
1001\Software\MICROSOFT\wewewe
Deleted: [Key] - HKCU\Software\MICROSOFT\wewewe
Deleted: [Key] - HKLM\SOFTWARE\ScreenShot
Deleted: [Key] - HKU\S-1-5-21-1580453170-891617326-3021566582-1001\Software\dlr
Deleted: [Key] - HKCU\Software\dlr
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\services
Deleted: [Key] - HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application
Deleted: [Key] - HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application
Deleted: [Value] - HKCU\Environment|SNF
Deleted: [Value] - HKCU\Environment|SNP
Deleted: [Key] -
HKLM\SYSTEM\CurrentControlSet\Control\Power\User\PowerSchemes\e24b7131-d039-43cb-
9e6f-ad4be601ec1f
Deleted: [Key] -
HKLM\SYSTEM\CurrentControlSet\Control\Power\User\PowerSchemes\04262113-2a31-48e1-
b4bb-3b42174bea0f
Deleted: [Value] - HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost|
WINSNARE
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\APreSam
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\NSaveA
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\PrAmNP
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\MPrForShutT
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\PrIncub
Deleted: [Key] - HKU\S-1-5-21-1580453170-891617326-3021566582-
1001\Software\Microsoft\{cc6eb6d8-85b7-435p-8b86-51e4d16ea76d}
Deleted: [Key] - HKCU\Software\Microsoft\{cc6eb6d8-85b7-435p-8b86-51e4d16ea76d}
Deleted: [Key] - HKLM\SOFTWARE\Auslogics
Deleted: [Key] - HKLM\SOFTWARE\mtPlusdax
Deleted: [Key] - HKU\S-1-5-21-1580453170-891617326-3021566582-
1001\Software\mtPlusdax
Deleted: [Key] - HKCU\Software\mtPlusdax
Deleted: [Key] - HKCU\Software\Microsoft\Internet
Explorer\DOMStorage\allinonedocs.dl.myway.com
Deleted: [Key] - HKCU\Software\Microsoft\Internet
Explorer\DOMStorage\getvideoconvert.dl.myway.com
Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\DOMStorage\myway.com
Deleted: [Key] - HKCU\Software\Microsoft\Internet
Explorer\DOMStorage\testonlinespeed.dl.myway.com
Deleted: [Key] - HKCU\Software\Microsoft\Internet
Explorer\DOMStorage\translationbuddy.dl.myway.com

***** [ Firefox (and derivatives) ] *****

Plugin deleted: Tables -

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries deleted.

*************************

::Tracing keys deleted


::Winsock settings cleared
::Additional Actions: 0

*************************

C:/AdwCleaner/AdwCleaner[S0].txt - [14929 B] - [2017/9/18 13:26:58]

########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt ##########