# AdwCleaner v6.042 - Logfile created 24/01/2017 at 00:14:36 # Updated on 06/01/2017 by Malwarebytes # Database : 2017-01-23.1 [Server] # Operating System : Windows 7 Ultimate Service Pack 1 (X64) # Username : Alek - ALEK-KOMPUTER # Running from : C:\Users\Alek\Downloads\adwcleaner_6.042.exe # Mode: Scan # Support : https://www.malwarebytes.com/support ***** [ Services ] ***** No malicious services found. ***** [ Folders ] ***** Folder Found: C:\Users\Alek\AppData\Local\Mail.Ru Folder Found: C:\Users\Alek\AppData\Roaming\Browser-Security Folder Found: C:\Users\Alek\AppData\Roaming\FLV and Media Player Folder Found: C:\ProgramData\Mail.Ru Folder Found: C:\ProgramData\Application Data\Mail.Ru Folder Found: C:\Program Files (x86)\Mail.Ru Folder Found: C:\Users\Alek\AppData\Roaming\Mozilla\Firefox\Profiles\eaz99tgg.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7} Folder Found: C:\Users\Alek\AppData\Roaming\Mozilla\Firefox\Profiles\eaz99tgg.default\extensions\search@mail.ru Folder Found: C:\Users\Alek\AppData\Roaming\Mozilla\Firefox\Profiles\eaz99tgg.default\extensions\homepage@mail.ru Folder Found: C:\Users\Alek\AppData\Roaming\Mozilla\Firefox\Profiles\eaz99tgg.default\extensions\{068e178c-61a9-4a63-b74f-87404a6f5ea1} ***** [ Files ] ***** File Found: C:\Users\Alek\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Mail.Ru.lnk File Found: C:\Users\Alek\Favorites\Mail.Ru.url File Found: C:\Users\Alek\Favorites\Mail.Ru Агент - используй для общения!.url File Found: C:\Users\Alek\AppData\Roaming\Mozilla\Firefox\Profiles\eaz99tgg.default\extensions\firefox@browser-security.de.xpi ***** [ DLL ] ***** No malicious DLLs found. ***** [ WMI ] ***** No malicious keys found. ***** [ Shortcuts ] ***** Shortcut infected: C:\Users\Alek\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Mail.Ru.lnk ( url,FileProtocolHandler "hxxp://www.mail.ru/cnt/20775012?gp=811035" ) ***** [ Scheduled Tasks ] ***** No malicious task found. ***** [ Registry ] ***** Key Found: HKLM\SOFTWARE\Classes\PCMgrRepairIEExtensions Key Found: HKLM\SOFTWARE\Classes\QMSoftExt.QMContextMenu Key Found: HKLM\SOFTWARE\Classes\QMSoftExt.QMContextMenu.1 Key Found: [x64] HKLM\SOFTWARE\Classes\PCMgrRepairIEExtensions Key Found: [x64] HKLM\SOFTWARE\Classes\QMSoftExt.QMContextMenu Key Found: [x64] HKLM\SOFTWARE\Classes\QMSoftExt.QMContextMenu.1 Key Found: HKLM\SOFTWARE\Classes\CLSID\{8E8F97CD-60B5-456F-A201-73065652D099} Key Found: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E8F97CD-60B5-456F-A201-73065652D099} Key Found: HKU\S-1-5-21-3993699934-1024614526-2195904170-1000\Software\PRODUCTSETUP Key Found: HKU\S-1-5-21-3993699934-1024614526-2195904170-1000\Software\Mail.Ru Key Found: HKU\S-1-5-21-3993699934-1024614526-2195904170-1000\Software\csastats Key Found: HKU\S-1-5-21-3993699934-1024614526-2195904170-1000\Software\AppDataLow\Software\Mail.Ru Key Found: HKCU\Software\PRODUCTSETUP Key Found: HKCU\Software\Mail.Ru Key Found: HKCU\Software\csastats Key Found: HKCU\Software\AppDataLow\Software\Mail.Ru Key Found: HKLM\SOFTWARE\Mail.Ru Key Found: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Browser-Security Key Found: [x64] HKCU\Software\PRODUCTSETUP Key Found: [x64] HKCU\Software\Mail.Ru Key Found: [x64] HKCU\Software\csastats Key Found: [x64] HKCU\Software\AppDataLow\Software\Mail.Ru Key Found: [x64] HKLM\SOFTWARE\Microsoft\{1f7ee1a8-4436-4ffc-b97b-b5b01e87d3d2} Data Found: HKU\S-1-5-21-3993699934-1024614526-2195904170-1000\Software\Microsoft\Internet Explorer\Main [Start Page] - hxxp://mail.ru/cnt/10445?gp=818411 Data Found: HKCU\Software\Microsoft\Internet Explorer\Main [Start Page] - hxxp://mail.ru/cnt/10445?gp=818411 Data Found: [x64] HKCU\Software\Microsoft\Internet Explorer\Main [Start Page] - hxxp://mail.ru/cnt/10445?gp=818411 Key Found: HKU\S-1-5-21-3993699934-1024614526-2195904170-1000\Software\Microsoft\Internet Explorer\SearchScopes\{FFEBBF0A-C22C-4172-89FF-45215A135AC7} Data Found: HKU\S-1-5-21-3993699934-1024614526-2195904170-1000\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope] - Key Found: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{FFEBBF0A-C22C-4172-89FF-45215A135AC7} Data Found: HKCU\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope] - Key Found: [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{FFEBBF0A-C22C-4172-89FF-45215A135AC7} Data Found: [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope] - Key Found: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\castplatform.com Key Found: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\cdn.castplatform.com Key Found: [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\castplatform.com Key Found: [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\cdn.castplatform.com Value Found: HKU\S-1-5-21-3993699934-1024614526-2195904170-1000\Software\Microsoft\Windows\CurrentVersion\Run [safe_urls768] Value Found: HKCU\Software\Microsoft\Windows\CurrentVersion\Run [safe_urls768] Value Found: [x64] HKCU\Software\Microsoft\Windows\CurrentVersion\Run [safe_urls768] Key Found: HKLM\SOFTWARE\Classes\.qbox Key Found: HKLM\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\QMContextScan Key Found: HKLM\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\QMContextUninstall Key Found: HKEY_CLASSES_ROOT\.qmgc Key Found: HKLM\SOFTWARE\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\QMSoftExt Key Found: HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\QMSoftExt Key Found: HKLM\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\QMSoftExt ***** [ Web browsers ] ***** Firefox pref Found: [C:\Users\Alek\AppData\Roaming\Mozilla\Firefox\Profiles\eaz99tgg.default\prefs.js] - "browser.search.defaultenginename" - "Поиск@Mail.Ru" Firefox pref Found: [C:\Users\Alek\AppData\Roaming\Mozilla\Firefox\Profiles\eaz99tgg.default\prefs.js] - "browser.search.selectedEngine" - "Поиск@Mail.Ru" Firefox pref Found: [C:\Users\Alek\AppData\Roaming\Mozilla\Firefox\Profiles\eaz99tgg.default\prefs.js] - "browser.startup.homepage" - "hxxps://mail.ru/cnt/11956636?fr=ffhp1.0.3&gp=818410" No malicious Chromium based browser items found. ************************* C:\AdwCleaner\AdwCleaner[C1].txt - [5252 Bytes] - [12/04/2016 23:01:28] C:\AdwCleaner\AdwCleaner[S1].txt - [4903 Bytes] - [12/04/2016 23:00:23] C:\AdwCleaner\AdwCleaner[S2].txt - [1157 Bytes] - [05/05/2016 14:25:47] C:\AdwCleaner\AdwCleaner[S3].txt - [6633 Bytes] - [24/01/2017 00:14:36] ########## EOF - C:\AdwCleaner\AdwCleaner[S3].txt - [6706 Bytes] ##########