# AdwCleaner v6.045 - Logfile created 23/04/2017 at 15:40:36 # Updated on 28/03/2017 by Malwarebytes # Database : 2017-04-22.1 [Local] # Operating System : Windows 10 Education (X64) # Username : Michał - MICHAL # Running from : C:\Users\Michał\Downloads\adwcleaner_6.045.exe # Mode: Scan # Support : https://www.malwarebytes.com/support ***** [ Services ] ***** Service Found: TSDefenseBt Service Found: TSSysKit Service Found: QMUdisk Service Found: QQSysMonX64 Service Found: TFsFlt Service Found: TAOKernelDriver Service Found: softaal Service Found: tsnethlpx64 Service Found: taokerneldriver Service Found: tfsflt Service Found: tsdefensebt Service Found: tssyskit Service Found: qmudisk ***** [ Folders ] ***** Folder Found: C:\Users\Michał\AppData\Roaming\Tencent Folder Found: C:\Users\Michał\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\腾讯软件 Folder Found: C:\Program Files\Common Files\Tencent Folder Found: C:\ProgramData\TXQMPC Folder Found: C:\ProgramData\Tencent Folder Found: C:\ProgramData\Application Data\Tencent Folder Found: C:\Program Files (x86)\Tencent Folder Found: C:\Program Files (x86)\Common Files\Tencent Folder Found: C:\Users\MICHA~1\AppData\Local\Temp\Tencent Folder Found: C:\WINDOWS\SysWOW64\config\systemprofile\AppData\Roaming\Tencent ***** [ Files ] ***** File Found: C:\WINDOWS\SysNative\drivers\TFsFltX64.sys File Found: C:\WINDOWS\SysNative\drivers\TAOKernelEx64.sys ***** [ DLL ] ***** No malicious DLLs found. ***** [ WMI ] ***** Key Found: : \root\subscription\\ActiveScriptEventConsumer [ASEC] ***** [ Shortcuts ] ***** Shortcut infected: C:\Users\Public\Desktop\Google Chrome.lnk ( --load-extension="C:\Users\MICHA~1\AppData\Local\kemgadeojglibflomicgnfeopkdfflnk" hxxp://qtipr.com/ ) Shortcut infected: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk ( --load-extension="C:\Users\MICHA~1\AppData\Local\kemgadeojglibflomicgnfeopkdfflnk" hxxp://qtipr.com/ ) Shortcut infected: C:\Users\Michał\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk ( --load-extension="C:\Users\MICHA~1\AppData\Local\kemgadeojglibflomicgnfeopkdfflnk" hxxp://qtipr.com/ ) Shortcut infected: C:\Users\Michał\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk ( hxxp://qtipr.com/ ) ***** [ Scheduled Tasks ] ***** No malicious task found. ***** [ Registry ] ***** Key Found: HKLM\SOFTWARE\Classes\metnsd Key Found: HKLM\SOFTWARE\Classes\qmgcfiles Key Found: [x64] HKLM\SOFTWARE\Classes\metnsd Key Found: [x64] HKLM\SOFTWARE\Classes\qmgcfiles Key Found: HKLM\SOFTWARE\Classes\AppID\{51BEE30D-EEC8-4BA3-930B-298B8E759EB1} Key Found: HKLM\SOFTWARE\Classes\AppID\{7A30415C-ABEE-4674-B64B-4CA145EEB0CA} Key Found: HKLM\SOFTWARE\Classes\CLSID\{70DE12EA-79F4-46BC-9812-86DB50A2FD64} Key Found: HKLM\SOFTWARE\Classes\Interface\{E7270EC6-0113-4A78-B610-E501D0A9E48E} Key Found: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{29B6CFD5-0064-411A-8C42-9890C83F9921} Value Found: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved [{63332668-8CE1-445D-A5EE-25929176714E}] Key Found: HKLM\SOFTWARE\b`nl{y Key Found: [x64] HKLM\SOFTWARE\b`nl{y Data Found: HKU\S-1-5-21-2280503538-1542354952-1058851140-1001\Software\Microsoft\Internet Explorer\Main [Start Page] - hxxp://www.6789.com/?id=107 Data Found: HKCU\Software\Microsoft\Internet Explorer\Main [Start Page] - hxxp://www.6789.com/?id=107 Data Found: HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page] - hxxp://www.6789.com/?id=107 Data Found: [x64] HKCU\Software\Microsoft\Internet Explorer\Main [Start Page] - hxxp://www.6789.com/?id=107 Key Found: HKLM\SOFTWARE\Classes\AppID\DownloadProxy.EXE Key Found: HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\QQPCRTP Key Found: HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\QQPCRTP Key Found: HKLM\SOFTWARE\Classes\AppID\QMContextScan.DLL Key Found: HKEY_CLASSES_ROOT\.qmgc ***** [ Web browsers ] ***** No malicious Firefox based browser items found. No malicious Chromium based browser items found. ************************* C:\AdwCleaner\AdwCleaner[C10].txt - [5517 Bytes] - [23/04/2017 13:44:31] C:\AdwCleaner\AdwCleaner[C11].txt - [5795 Bytes] - [23/04/2017 13:52:28] C:\AdwCleaner\AdwCleaner[C12].txt - [5853 Bytes] - [23/04/2017 15:17:20] C:\AdwCleaner\AdwCleaner[C1].txt - [4863 Bytes] - [08/05/2016 00:03:49] C:\AdwCleaner\AdwCleaner[C2].txt - [5519 Bytes] - [18/05/2016 00:50:54] C:\AdwCleaner\AdwCleaner[C3].txt - [2350 Bytes] - [25/05/2016 17:40:15] C:\AdwCleaner\AdwCleaner[C4].txt - [8519 Bytes] - [24/06/2016 16:45:16] C:\AdwCleaner\AdwCleaner[C5].txt - [1937 Bytes] - [30/06/2016 11:50:12] C:\AdwCleaner\AdwCleaner[C6].txt - [3674 Bytes] - [13/08/2016 11:12:44] C:\AdwCleaner\AdwCleaner[C7].txt - [3050 Bytes] - [13/08/2016 13:56:34] C:\AdwCleaner\AdwCleaner[C8].txt - [3775 Bytes] - [30/01/2017 14:05:39] C:\AdwCleaner\AdwCleaner[C9].txt - [15540 Bytes] - [23/04/2017 13:35:39] C:\AdwCleaner\AdwCleaner[S10].txt - [3012 Bytes] - [13/08/2016 11:20:59] C:\AdwCleaner\AdwCleaner[S11].txt - [3086 Bytes] - [13/08/2016 13:19:02] C:\AdwCleaner\AdwCleaner[S12].txt - [3160 Bytes] - [13/08/2016 13:55:58] C:\AdwCleaner\AdwCleaner[S13].txt - [4036 Bytes] - [30/01/2017 14:03:49] C:\AdwCleaner\AdwCleaner[S14].txt - [14367 Bytes] - [23/04/2017 13:33:10] C:\AdwCleaner\AdwCleaner[S15].txt - [5229 Bytes] - [23/04/2017 13:42:07] C:\AdwCleaner\AdwCleaner[S16].txt - [5138 Bytes] - [23/04/2017 13:43:30] C:\AdwCleaner\AdwCleaner[S17].txt - [5346 Bytes] - [23/04/2017 13:50:57] C:\AdwCleaner\AdwCleaner[S18].txt - [5997 Bytes] - [23/04/2017 15:05:46] C:\AdwCleaner\AdwCleaner[S19].txt - [5893 Bytes] - [23/04/2017 15:07:41] C:\AdwCleaner\AdwCleaner[S1].txt - [4915 Bytes] - [08/05/2016 00:01:24] C:\AdwCleaner\AdwCleaner[S20].txt - [5833 Bytes] - [23/04/2017 15:16:30] C:\AdwCleaner\AdwCleaner[S21].txt - [9475 Bytes] - [23/04/2017 15:37:09] C:\AdwCleaner\AdwCleaner[S22].txt - [6117 Bytes] - [23/04/2017 15:40:36] C:\AdwCleaner\AdwCleaner[S2].txt - [5261 Bytes] - [18/05/2016 00:48:59] C:\AdwCleaner\AdwCleaner[S3].txt - [2190 Bytes] - [24/05/2016 23:40:10] C:\AdwCleaner\AdwCleaner[S4].txt - [2263 Bytes] - [25/05/2016 17:36:55] C:\AdwCleaner\AdwCleaner[S5].txt - [10347 Bytes] - [24/06/2016 16:22:03] C:\AdwCleaner\AdwCleaner[S6].txt - [1759 Bytes] - [30/06/2016 11:48:14] C:\AdwCleaner\AdwCleaner[S7].txt - [3887 Bytes] - [13/08/2016 10:52:03] C:\AdwCleaner\AdwCleaner[S8].txt - [3599 Bytes] - [13/08/2016 11:11:38] C:\AdwCleaner\AdwCleaner[S9].txt - [2937 Bytes] - [13/08/2016 11:20:08] ########## EOF - C:\AdwCleaner\AdwCleaner[S22].txt - [6776 Bytes] ##########