# AdwCleaner v6.047 - Logfile created 07/06/2017 at 19:36:27 # Updated on 19/05/2017 by Malwarebytes # Database : 2017-06-06.1 [Server] # Operating System : Windows 10 Home (X64) # Username : MI - MI-MI-KOMPUTER # Running from : C:\Users\MI\Downloads\adwcleaner_6.047.exe # Mode: Scan # Support : https://www.malwarebytes.com/support ***** [ Services ] ***** No malicious services found. ***** [ Folders ] ***** Folder Found: C:\Users\MI\AppData\Local\WANARE Folder Found: C:\Users\MI\AppData\Local\Zoohair Folder Found: C:\WINDOWS\SysWOW64\_TSpm Folder Found: C:\WINDOWS\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\amuleC Folder Found: C:\Program Files (x86)\reports Folder Found: C:\Users\MI\AppData\Local\Firefox ***** [ Files ] ***** File Found: C:\WINDOWS\SysNative\log\iSafeKrnlCall.log File Found: C:\WINDOWS\SysNative\drivers\iSafeKrnlBoot.sys File Found: C:\WINDOWS\SysNative\drivers\iSafeNetFilter.sys File Found: C:\Program Files (x86)\Common Files\SERVICES\ITHEMES.DLL File Found: C:\Users\Public\Documents\cfg.ini File Found: C:\Users\Public\Documents\cc.ini ***** [ DLL ] ***** No malicious DLLs found. ***** [ WMI ] ***** No malicious keys found. ***** [ Shortcuts ] ***** No infected shortcut found. ***** [ Scheduled Tasks ] ***** No malicious task found. ***** [ Registry ] ***** Key Found: HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\SNARE Key Found: [x64] HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\SNARE Key Found: HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\WANARE Key Found: [x64] HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\WANARE Key Found: HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\VNASRE Key Found: [x64] HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\VNASRE Key Found: HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\NPASRE Key Found: [x64] HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\NPASRE Key Found: HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\CWASRE Key Found: [x64] HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\CWASRE Key Found: HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\CSHMDR Key Found: [x64] HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\CSHMDR Key Found: HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\terana Key Found: [x64] HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\terana Key Found: HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\snare Key Found: [x64] HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\snare Key Found: HKU\S-1-5-21-570807183-2887973835-1248124564-1000\Software\Zoohair Key Found: HKCU\Software\Zoohair Key Found: HKLM\SOFTWARE\ScreenShot Key Found: HKLM\SOFTWARE\ourluckysitesSoftware Key Found: HKLM\SOFTWARE\Zoohair Key Found: [x64] HKCU\Software\Zoohair Key Found: [x64] HKLM\SOFTWARE\InterSect Alliance Key Found: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-570807183-2887973835-1248124564-1000\Products\29993591C160B8E40935701B5703A34F Key Found: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\29993591C160B8E40935701B5703A34F Key Found: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29993591C160B8E40935701B5703A34F Key Found: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FFA0118CE95AE0D70F14E7E8A72452C8 Key Found: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\29993591C160B8E40935701B5703A34F Key Found: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\bestpriceninja.co Key Found: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\eshopcomp.com Key Found: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\foxi69.tlscdn.com Key Found: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\ourluckysites.com Key Found: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\pstatic.bestprice Key Found: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\pstatic.eshopcomp Key Found: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\tlscdn.com Key Found: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\www.ourluckysites Key Found: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\bestpriceninja.com Key Found: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\eshopcomp.com Key Found: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\foxi69.tlscdn.com Key Found: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\ourluckysites.com Key Found: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\pstatic.bestpricenin Key Found: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\pstatic.eshopcomp.co Key Found: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\tlscdn.com Key Found: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\www.ourluckysites.co Key Found: [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\bestpriceninja. Key Found: [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\eshopcomp.com Key Found: [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\foxi69.tlscdn.c Key Found: [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\ourluckysites.c Key Found: [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\pstatic.bestpri Key Found: [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\pstatic.eshopco Key Found: [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\tlscdn.com Key Found: [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\www.ourluckysit Key Found: [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\bestpriceninja.com Key Found: [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\eshopcomp.com Key Found: [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\foxi69.tlscdn.com Key Found: [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\ourluckysites.com Key Found: [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\pstatic.bestpricen Key Found: [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\pstatic.eshopcomp. Key Found: [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\tlscdn.com Key Found: [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\www.ourluckysites. Value Found: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost [WinSAPSvc] Value Found: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost [Kitty] Value Found: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost [BIT] ***** [ Web browsers ] ***** No malicious Firefox based browser items found. No malicious Chromium based browser items found. ************************* C:\AdwCleaner\AdwCleaner[C1].txt - [2865 Bytes] - [30/03/2016 23:00:10] C:\AdwCleaner\AdwCleaner[C2].txt - [1966 Bytes] - [30/03/2016 23:21:21] C:\AdwCleaner\AdwCleaner[C3].txt - [22290 Bytes] - [25/01/2017 15:27:56] C:\AdwCleaner\AdwCleaner[S1].txt - [2952 Bytes] - [30/03/2016 22:55:52] C:\AdwCleaner\AdwCleaner[S2].txt - [1758 Bytes] - [30/03/2016 23:15:07] C:\AdwCleaner\AdwCleaner[S3].txt - [23501 Bytes] - [25/01/2017 15:11:06] C:\AdwCleaner\AdwCleaner[S4].txt - [11390 Bytes] - [07/06/2017 19:36:27] ########## EOF - C:\AdwCleaner\AdwCleaner[S4].txt - [11464 Bytes] ##########