Решаване на проблем с зловреден код

stanilabg · Ноември 17, 2015

Привет!

Отдавна не бях търсил помощта на форума. То и сега става дума за лаптопа на приятел.
В началото искам да кажа, че след първото сканиране с Malwarebytes Anti-Malware, не успя да се създаде "нормален" дневник. Изтриха се заплахите (над 1000 обекта), но не поиска рестартиране.

Ето неуспешния дневник.
m.txt

След това сканирах с FRST.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:07-11-2015

Ran by daqna (administrator) on DAQNA-PC (16-11-2015 17:27:12)

Running from C:\Users\daqna\Desktop

Loaded Profiles: daqna (Available Profiles: daqna)

Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: Български (България)

Internet Explorer Version 11 (Default browser: Chrome)

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe

(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe

() C:\ProgramData\AppMgr3.16.8591351\appmgr.exe

(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe

(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe

() C:\Program Files (x86)\Cyti Web\updateCytiWeb.exe

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe

(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.28.15\GoogleCrashHandler.exe

(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.28.15\GoogleCrashHandler64.exe

(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe

() C:\Program Files (x86)\Cyti Web\bin\utilCytiWeb.exe

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe

() C:\Program Files (x86)\Cyti Web\bin\CytiWeb.PurBrowse64.exe

() C:\Program Files (x86)\Cyti Web\bin\CytiWeb.expext.exe

() C:\Program Files (x86)\Cyti Web\bin\CytiWeb.BrowserAdapter64.exe

() C:\ProgramData\AppMgr3.16.8591351\1\plugin.exe

(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe

(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe

() C:\Program Files (x86)\Cyti Web\bin\CytiWeb.BrowserAdapter.exe

(Microsoft Corporation) C:\Windows\System32\cmd.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1337000 2015-04-30] (Microsoft Corporation)

HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware (cleanup)] => C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\mbamdor.exe [54072 2015-10-05] (Malwarebytes)

HKU\S-1-5-21-3231391006-2606054901-124599880-1001\...\MountPoints2: G - G:\HTC_Sync_Manager_PC.exe

HKU\S-1-5-21-3231391006-2606054901-124599880-1001\...\MountPoints2: {0adfe8b3-2e9e-11e5-a48c-001d72e23006} - G:\HTC_Sync_Manager_PC.exe

HKU\S-1-5-21-3231391006-2606054901-124599880-1001\...\MountPoints2: {535ebd44-a569-11e4-a5e4-001d72e23006} - G:\Setup.exe

GroupPolicy: Restriction - Chrome <======= ATTENTION

CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 46.40.72.19 46.40.72.25

Tcpip\..\Interfaces\{4EA73629-45A0-4726-BDE9-FC3711D51216}: [DhcpNameServer] 46.40.72.19 46.40.72.25

Tcpip\..\Interfaces\{E27A025D-BADD-4CF9-A169-2497BCAFA0C5}: [DhcpNameServer] 46.55.222.38 46.55.222.6

Internet Explorer:

==================

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=MSSE

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=MSSE

HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = www.google.com

HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com

HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com

HKU\S-1-5-21-3231391006-2606054901-124599880-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.bg/?gfe_rd=cr&ei=udhJVp6mGrKz8wegwbbwAg&gws_rd=ssl

HKU\S-1-5-21-3231391006-2606054901-124599880-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://isearch.omiga-plus.com/?type=hp&ts=1422355034&from=obw&uid=WDCXWD3200BEVT-22ZCT0_WD-WXH90834133041330

SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE

SearchScopes: HKU\S-1-5-21-3231391006-2606054901-124599880-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE

SearchScopes: HKU\S-1-5-21-3231391006-2606054901-124599880-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE

BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-09-20] (Google Inc.)

BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-10-12] (Microsoft Corporation)

BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-09-22] (Adobe Systems Incorporated)

BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-09-20] (Google Inc.)

BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-10-12] (Microsoft Corporation)

Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-09-20] (Google Inc.)

Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-09-20] (Google Inc.)

Toolbar: HKU\S-1-5-21-3231391006-2606054901-124599880-1001 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-09-20] (Google Inc.)

Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-10-12] (Microsoft Corporation)

Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-10-12] (Microsoft Corporation)

StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:

========

FF Plugin: @microsoft.com/GENUINE -> disabled [No File]

FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)

FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]

FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-18] (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-18] (Google Inc.)

Chrome:

=======

CHR HomePage: Default -> hxxps://www.google.com/

CHR StartupUrls: Default -> "hxxps://www.malwarebytes.org/restorebrowser/"

CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.86\PepperFlash\pepflashplayer.dll ()

CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.86\ppGoogleNaClPluginChrome.dll => No File

CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.86\pdf.dll => No File

CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)

CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll => No File

CHR Plugin: (MindSpark Toolbar Platform Plugin Stub) - C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\NP4zStub.dll => No File

CHR Profile: C:\Users\daqna\AppData\Local\Google\Chrome\User Data\Default

CHR Extension: (Google Документи) - C:\Users\daqna\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-15]

CHR Extension: (Google Диск) - C:\Users\daqna\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21]

CHR Extension: (YouTube) - C:\Users\daqna\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-29]

CHR Extension: (Google Търсене) - C:\Users\daqna\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]

CHR Extension: (Google Документи офлайн) - C:\Users\daqna\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-09-05]

CHR Extension: (Плащания в уеб магазина на Chrome) - C:\Users\daqna\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-08-01]

CHR Extension: (Gmail) - C:\Users\daqna\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-28]

CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2015-10-12]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-23] (SUPERAntiSpyware.com)

R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1433216 2015-10-12] (Microsoft Corporation)

R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1773696 2015-10-12] (Microsoft Corporation)

S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)

R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2015-04-30] (Microsoft Corporation)

R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [366544 2015-04-30] (Microsoft Corporation)

S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

U0 csock; C:\Windows\System32\drivers\dvvlqq.sys [79064 2015-11-16] (Malwarebytes)

S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)

S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)

R0 MBAMSwissArmy; C:\Windows\System32\drivers\MBAMSwissArmy.sys [192216 2015-11-16] (Malwarebytes)

S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-10-05] (Malwarebytes Corporation)

R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [280376 2015-03-04] (Microsoft Corporation)

R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124568 2015-03-04] (Microsoft Corporation)

R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)

R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)

S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]

S3 tsusbhub; system32\drivers\tsusbhub.sys [X]

S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-11-16 17:27 - 2015-11-16 17:28 - 00012531 _____ C:\Users\daqna\Desktop\FRST.txt

2015-11-16 17:27 - 2015-11-16 17:27 - 00079064 _____ (Malwarebytes) C:\Windows\system32\Drivers\dvvlqq.sys

2015-11-16 17:27 - 2015-11-16 17:27 - 00000080 _____ C:\Users\Public\Desktop\чTorrent.lnk

2015-11-16 17:27 - 2015-11-16 17:27 - 00000080 _____ C:\ProgramData\Microsoft\Windows\Start Menu\чTorrent.lnk

2015-11-16 17:26 - 2015-11-16 17:27 - 00000000 ____D C:\FRST

2015-11-16 16:51 - 2015-11-16 16:53 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2015-11-16 16:50 - 2015-11-16 17:27 - 00001096 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2015-11-16 16:50 - 2015-11-16 16:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

2015-11-16 16:50 - 2015-11-16 16:50 - 00000000 ____D C:\ProgramData\Malwarebytes

2015-11-16 16:50 - 2015-11-16 16:50 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware

2015-11-16 16:50 - 2015-10-05 09:50 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys

2015-11-16 16:50 - 2015-10-05 09:50 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys

2015-11-16 16:50 - 2015-10-05 09:50 - 00025816 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys

2015-11-16 16:49 - 2015-11-16 16:46 - 02198528 _____ (Farbar) C:\Users\daqna\Desktop\FRST64.exe

2015-11-16 15:30 - 2015-11-16 15:30 - 00000000 ____D C:\SUPERDelete

2015-11-16 14:59 - 2015-11-16 14:59 - 00000000 ____D C:\Users\daqna\AppData\Roaming\SUPERAntiSpyware.com

2015-11-16 14:58 - 2015-11-16 17:27 - 00001846 _____ C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk

2015-11-16 14:58 - 2015-11-16 14:59 - 00000000 ____D C:\Program Files\SUPERAntiSpyware

2015-11-16 14:58 - 2015-11-16 14:58 - 00000000 ____D C:\ProgramData\SUPERAntiSpyware.com

2015-11-16 14:58 - 2015-11-16 14:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware

2015-11-16 14:30 - 2015-11-16 14:30 - 00000000 ____D C:\Users\daqna\AppData\Local\FreeCommanderXE

2015-11-15 18:38 - 2015-11-15 18:38 - 00000084 _____ C:\Users\daqna\Desktop\Google.url

2015-11-12 14:11 - 2015-11-03 19:55 - 03211264 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys

2015-11-11 21:19 - 2015-11-11 21:19 - 00000000 ____D C:\Users\daqna\Tracing

2015-11-11 21:18 - 2015-11-11 21:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype

2015-11-11 09:25 - 2015-10-20 20:42 - 03168768 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll

2015-11-11 09:25 - 2015-10-20 20:42 - 02608128 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll

2015-11-11 09:25 - 2015-10-20 20:42 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll

2015-11-11 09:25 - 2015-10-20 20:42 - 00192512 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll

2015-11-11 09:25 - 2015-10-20 20:42 - 00098816 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll

2015-11-11 09:25 - 2015-10-20 20:42 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll

2015-11-11 09:25 - 2015-10-20 20:42 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll

2015-11-11 09:25 - 2015-10-20 20:41 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe

2015-11-11 09:25 - 2015-10-20 20:41 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll

2015-11-11 09:25 - 2015-10-20 20:41 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe

2015-11-11 09:25 - 2015-10-20 20:41 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll

2015-11-11 09:25 - 2015-10-20 19:46 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll

2015-11-11 09:25 - 2015-10-20 19:46 - 00174080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll

2015-11-11 09:25 - 2015-10-20 19:46 - 00093696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll

2015-11-11 09:25 - 2015-10-20 19:46 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll

2015-11-11 09:25 - 2015-10-20 19:45 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe

2015-11-11 09:24 - 2015-11-04 00:10 - 00390344 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll

2015-11-11 09:24 - 2015-11-03 23:51 - 00342728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll

2015-11-11 09:24 - 2015-10-31 01:46 - 25818624 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2015-11-11 09:24 - 2015-10-31 01:40 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2015-11-11 09:24 - 2015-10-31 01:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll

2015-11-11 09:24 - 2015-10-31 01:25 - 02886656 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2015-11-11 09:24 - 2015-10-31 01:25 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec

2015-11-11 09:24 - 2015-10-31 01:25 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll

2015-11-11 09:24 - 2015-10-31 01:25 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll

2015-11-11 09:24 - 2015-10-31 01:24 - 00585728 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll

2015-11-11 09:24 - 2015-10-31 01:24 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll

2015-11-11 09:24 - 2015-10-31 01:17 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2015-11-11 09:24 - 2015-10-31 01:16 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll

2015-11-11 09:24 - 2015-10-31 01:13 - 00616960 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

2015-11-11 09:24 - 2015-10-31 01:12 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe

2015-11-11 09:24 - 2015-10-31 01:12 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe

2015-11-11 09:24 - 2015-10-31 01:11 - 05990912 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2015-11-11 09:24 - 2015-10-31 01:11 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll

2015-11-11 09:24 - 2015-10-31 01:11 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll

2015-11-11 09:24 - 2015-10-31 01:04 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe

2015-11-11 09:24 - 2015-10-31 01:01 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll

2015-11-11 09:24 - 2015-10-31 00:58 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2015-11-11 09:24 - 2015-10-31 00:53 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll

2015-11-11 09:24 - 2015-10-31 00:52 - 20331520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2015-11-11 09:24 - 2015-10-31 00:49 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll

2015-11-11 09:24 - 2015-10-31 00:49 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll

2015-11-11 09:24 - 2015-10-31 00:47 - 00504832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll

2015-11-11 09:24 - 2015-10-31 00:46 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll

2015-11-11 09:24 - 2015-10-31 00:46 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll

2015-11-11 09:24 - 2015-10-31 00:45 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec

2015-11-11 09:24 - 2015-10-31 00:45 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll

2015-11-11 09:24 - 2015-10-31 00:44 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll

2015-11-11 09:24 - 2015-10-31 00:44 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll

2015-11-11 09:24 - 2015-10-31 00:42 - 02279936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2015-11-11 09:24 - 2015-10-31 00:39 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2015-11-11 09:24 - 2015-10-31 00:39 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll

2015-11-11 09:24 - 2015-10-31 00:37 - 00480256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2015-11-11 09:24 - 2015-10-31 00:36 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll

2015-11-11 09:24 - 2015-10-31 00:36 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll

2015-11-11 09:24 - 2015-10-31 00:36 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe

2015-11-11 09:24 - 2015-10-31 00:34 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll

2015-11-11 09:24 - 2015-10-31 00:32 - 00720896 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe

2015-11-11 09:24 - 2015-10-31 00:31 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2015-11-11 09:24 - 2015-10-31 00:29 - 02126336 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl

2015-11-11 09:24 - 2015-10-31 00:29 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll

2015-11-11 09:24 - 2015-10-31 00:28 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll

2015-11-11 09:24 - 2015-10-31 00:23 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll

2015-11-11 09:24 - 2015-10-31 00:22 - 14457856 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2015-11-11 09:24 - 2015-10-31 00:21 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll

2015-11-11 09:24 - 2015-10-31 00:19 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll

2015-11-11 09:24 - 2015-10-31 00:18 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll

2015-11-11 09:24 - 2015-10-31 00:17 - 02487808 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2015-11-11 09:24 - 2015-10-31 00:17 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll

2015-11-11 09:24 - 2015-10-31 00:16 - 04527616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2015-11-11 09:24 - 2015-10-31 00:11 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll

2015-11-11 09:24 - 2015-10-31 00:10 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2015-11-11 09:24 - 2015-10-31 00:09 - 12854272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2015-11-11 09:24 - 2015-10-31 00:09 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl

2015-11-11 09:24 - 2015-10-31 00:09 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll

2015-11-11 09:24 - 2015-10-31 00:04 - 01547264 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2015-11-11 09:24 - 2015-10-30 23:53 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll

2015-11-11 09:24 - 2015-10-30 23:51 - 02011136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2015-11-11 09:24 - 2015-10-30 23:48 - 01311744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2015-11-11 09:24 - 2015-10-30 23:46 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll

2015-11-11 09:23 - 2015-10-20 03:12 - 05570496 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe

2015-11-11 09:23 - 2015-10-20 03:12 - 00154560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys

2015-11-11 09:23 - 2015-10-20 03:12 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys

2015-11-11 09:23 - 2015-10-20 03:09 - 01730496 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll

2015-11-11 09:23 - 2015-10-20 03:06 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll

2015-11-11 09:23 - 2015-10-20 03:06 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll

2015-11-11 09:23 - 2015-10-20 03:06 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll

2015-11-11 09:23 - 2015-10-20 03:06 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll

2015-11-11 09:23 - 2015-10-20 03:05 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll

2015-11-11 09:23 - 2015-10-20 03:05 - 01216512 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll

2015-11-11 09:23 - 2015-10-20 03:05 - 01164800 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll

2015-11-11 09:23 - 2015-10-20 03:05 - 00729600 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll

2015-11-11 09:23 - 2015-10-20 03:05 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll

2015-11-11 09:23 - 2015-10-20 03:05 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll

2015-11-11 09:23 - 2015-10-20 03:05 - 00344064 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll

2015-11-11 09:23 - 2015-10-20 03:05 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll

2015-11-11 09:23 - 2015-10-20 03:05 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll

2015-11-11 09:23 - 2015-10-20 03:05 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe

2015-11-11 09:23 - 2015-10-20 03:05 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll

2015-11-11 09:23 - 2015-10-20 03:05 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll

2015-11-11 09:23 - 2015-10-20 03:05 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe

2015-11-11 09:23 - 2015-10-20 03:05 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll

2015-11-11 09:23 - 2015-10-20 03:05 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll

2015-11-11 09:23 - 2015-10-20 03:05 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll

2015-11-11 09:23 - 2015-10-20 03:05 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll

2015-11-11 09:23 - 2015-10-20 03:05 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll

2015-11-11 09:23 - 2015-10-20 03:05 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll

2015-11-11 09:23 - 2015-10-20 03:05 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll

2015-11-11 09:23 - 2015-10-20 03:05 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll

2015-11-11 09:23 - 2015-10-20 03:04 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe

2015-11-11 09:23 - 2015-10-20 03:04 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe

2015-11-11 09:23 - 2015-10-20 03:04 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe

2015-11-11 09:23 - 2015-10-20 03:00 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll

2015-11-11 09:23 - 2015-10-20 02:59 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll

2015-11-11 09:23 - 2015-10-20 02:53 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll

2015-11-11 09:23 - 2015-10-20 02:53 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll

2015-11-11 09:23 - 2015-10-20 02:53 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll

2015-11-11 09:23 - 2015-10-20 02:53 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll

2015-11-11 09:23 - 2015-10-20 02:53 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll

2015-11-11 09:23 - 2015-10-20 02:53 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll

2015-11-11 09:23 - 2015-10-20 02:53 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll

2015-11-11 09:23 - 2015-10-20 02:53 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll

2015-11-11 09:23 - 2015-10-20 02:53 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll

2015-11-11 09:23 - 2015-10-20 02:53 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll

2015-11-11 09:23 - 2015-10-20 02:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll

2015-11-11 09:23 - 2015-10-20 02:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll

2015-11-11 09:23 - 2015-10-20 02:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll

2015-11-11 09:23 - 2015-10-20 02:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll

2015-11-11 09:23 - 2015-10-20 02:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll

2015-11-11 09:23 - 2015-10-20 02:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll

2015-11-11 09:23 - 2015-10-20 02:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll

2015-11-11 09:23 - 2015-10-20 02:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll

2015-11-11 09:23 - 2015-10-20 02:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll

2015-11-11 09:23 - 2015-10-20 02:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll

2015-11-11 09:23 - 2015-10-20 02:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll

2015-11-11 09:23 - 2015-10-20 02:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll

2015-11-11 09:23 - 2015-10-20 02:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll

2015-11-11 09:23 - 2015-10-20 02:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll

2015-11-11 09:23 - 2015-10-20 02:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll

2015-11-11 09:23 - 2015-10-20 02:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll

2015-11-11 09:23 - 2015-10-20 02:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll

2015-11-11 09:23 - 2015-10-20 02:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll

2015-11-11 09:23 - 2015-10-20 02:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll

2015-11-11 09:23 - 2015-10-20 02:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll

2015-11-11 09:23 - 2015-10-20 02:52 - 03991488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe

2015-11-11 09:23 - 2015-10-20 02:52 - 03935680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe

2015-11-11 09:23 - 2015-10-20 02:48 - 01311768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll

2015-11-11 09:23 - 2015-10-20 02:45 - 00552960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll

2015-11-11 09:23 - 2015-10-20 02:45 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll

2015-11-11 09:23 - 2015-10-20 02:45 - 00251392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll

2015-11-11 09:23 - 2015-10-20 02:45 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll

2015-11-11 09:23 - 2015-10-20 02:45 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll

2015-11-11 09:23 - 2015-10-20 02:45 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll

2015-11-11 09:23 - 2015-10-20 02:45 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll

2015-11-11 09:23 - 2015-10-20 02:45 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll

2015-11-11 09:23 - 2015-10-20 02:45 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe

2015-11-11 09:23 - 2015-10-20 02:45 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll

2015-11-11 09:23 - 2015-10-20 02:45 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll

2015-11-11 09:23 - 2015-10-20 02:45 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll

2015-11-11 09:23 - 2015-10-20 02:44 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll

2015-11-11 09:23 - 2015-10-20 02:44 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll

2015-11-11 09:23 - 2015-10-20 02:44 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll

2015-11-11 09:23 - 2015-10-20 02:44 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll

2015-11-11 09:23 - 2015-10-20 02:44 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe

2015-11-11 09:23 - 2015-10-20 02:44 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll

2015-11-11 09:23 - 2015-10-20 02:39 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll

2015-11-11 09:23 - 2015-10-20 02:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll

2015-11-11 09:23 - 2015-10-20 02:35 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll

2015-11-11 09:23 - 2015-10-20 02:35 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll

2015-11-11 09:23 - 2015-10-20 02:35 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll

2015-11-11 09:23 - 2015-10-20 02:35 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll

2015-11-11 09:23 - 2015-10-20 02:35 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll

2015-11-11 09:23 - 2015-10-20 02:35 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll

2015-11-11 09:23 - 2015-10-20 02:35 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll

2015-11-11 09:23 - 2015-10-20 02:35 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll

2015-11-11 09:23 - 2015-10-20 02:35 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll

2015-11-11 09:23 - 2015-10-20 02:35 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll

2015-11-11 09:23 - 2015-10-20 02:35 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll

2015-11-11 09:23 - 2015-10-20 02:35 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll

2015-11-11 09:23 - 2015-10-20 02:35 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll

2015-11-11 09:23 - 2015-10-20 02:35 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll

2015-11-11 09:23 - 2015-10-20 02:35 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll

2015-11-11 09:23 - 2015-10-20 02:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll

2015-11-11 09:23 - 2015-10-20 02:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll

2015-11-11 09:23 - 2015-10-20 02:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll

2015-11-11 09:23 - 2015-10-20 02:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll

2015-11-11 09:23 - 2015-10-20 02:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll

2015-11-11 09:23 - 2015-10-20 02:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll

2015-11-11 09:23 - 2015-10-20 02:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll

2015-11-11 09:23 - 2015-10-20 02:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll

2015-11-11 09:23 - 2015-10-20 02:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll

2015-11-11 09:23 - 2015-10-20 02:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll

2015-11-11 09:23 - 2015-10-20 02:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll

2015-11-11 09:23 - 2015-10-20 01:41 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys

2015-11-11 09:23 - 2015-10-20 01:40 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys

2015-11-11 09:23 - 2015-10-20 01:40 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys

2015-11-11 09:23 - 2015-10-20 01:29 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe

2015-11-11 09:23 - 2015-10-20 01:29 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe

2015-11-11 09:23 - 2015-10-20 01:27 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll

2015-11-11 09:23 - 2015-10-20 01:27 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll

2015-11-11 09:23 - 2015-10-20 01:27 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll

2015-11-11 09:23 - 2015-10-20 01:27 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll

2015-11-11 09:23 - 2015-09-23 15:15 - 00460776 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys

2015-11-11 09:23 - 2015-09-23 15:15 - 00299632 _____ (Microsoft Corporation) C:\Windows\system32\bcryptprimitives.dll

2015-11-11 09:23 - 2015-09-23 15:09 - 00251000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcryptprimitives.dll

2015-11-11 09:22 - 2015-10-29 19:50 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\apphelp.dll

2015-11-11 09:22 - 2015-10-29 19:50 - 00072192 _____ (Microsoft Corporation) C:\Windows\system32\aelupsvc.dll

2015-11-11 09:22 - 2015-10-29 19:50 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\sdbinst.exe

2015-11-11 09:22 - 2015-10-29 19:50 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\shimeng.dll

2015-11-11 09:22 - 2015-10-29 19:50 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shimeng.dll

2015-11-11 09:22 - 2015-10-29 19:49 - 00295936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apphelp.dll

2015-11-11 09:22 - 2015-10-29 19:49 - 00020992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sdbinst.exe

2015-11-11 09:22 - 2015-10-13 18:41 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys

2015-11-11 09:22 - 2015-10-13 18:40 - 00118272 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys

2015-11-11 09:21 - 2015-10-13 06:57 - 00950720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys

2015-11-11 09:21 - 2015-10-01 20:00 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll

2015-11-11 09:21 - 2015-10-01 20:00 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll

2015-11-11 09:21 - 2015-10-01 19:50 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-11-16 17:27 - 2015-01-27 10:52 - 00002198 _____ C:\Users\daqna\Desktop\Barbie - Салон красоты.lnk

2015-11-16 17:27 - 2014-12-06 21:16 - 00002206 _____ C:\Users\Public\Desktop\Google Earth.lnk

2015-11-16 17:27 - 2012-03-22 18:53 - 00002105 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk

2015-11-16 17:27 - 2012-03-22 18:47 - 00002058 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 9.lnk

2015-11-16 17:27 - 2012-03-22 18:11 - 00001333 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk

2015-11-16 17:27 - 2012-03-22 18:11 - 00001314 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk

2015-11-16 17:27 - 2009-07-14 07:01 - 00001218 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Default Programs.lnk

2015-11-16 17:27 - 2009-07-14 06:57 - 00001511 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk

2015-11-16 17:27 - 2009-07-14 06:57 - 00001292 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk

2015-11-16 17:27 - 2009-07-14 06:57 - 00001234 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk

2015-11-16 17:27 - 2009-07-14 06:54 - 00001198 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk

2015-11-16 17:27 - 2009-07-14 06:49 - 00001246 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Windows Update.lnk

2015-11-16 17:26 - 2015-03-03 04:59 - 00000000 ____D C:\ProgramData\AppMgr3.16.8591351

2015-11-16 17:26 - 2015-01-27 13:01 - 00000000 ____D C:\Program Files (x86)\globalUpdate

2015-11-16 17:26 - 2015-01-27 12:33 - 00000000 ____D C:\Program Files (x86)\Cyti Web

2015-11-16 17:26 - 2009-07-14 04:34 - 00000505 _____ C:\Windows\win.ini

2015-11-16 16:41 - 2013-12-29 18:07 - 00000998 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2015-11-16 16:41 - 2009-07-14 07:13 - 00006222 _____ C:\Windows\system32\PerfStringBackup.INI

2015-11-16 16:35 - 2013-12-29 18:07 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job

2015-11-16 15:44 - 2009-07-14 06:45 - 00020704 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2015-11-16 15:44 - 2009-07-14 06:45 - 00020704 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2015-11-16 15:41 - 2012-03-22 18:11 - 02088567 _____ C:\Windows\WindowsUpdate.log

2015-11-16 15:36 - 2013-12-29 18:07 - 00000994 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2015-11-16 15:36 - 2012-03-27 07:12 - 00120376 _____ C:\Windows\PFRO.log

2015-11-16 15:36 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT

2015-11-16 15:36 - 2009-07-14 06:51 - 00065141 _____ C:\Windows\setupact.log

2015-11-16 15:20 - 2012-05-05 17:35 - 00000000 ____D C:\Users\daqna\AppData\Local\Google

2015-11-16 14:52 - 2009-07-14 07:08 - 00032618 _____ C:\Windows\Tasks\SCHEDLGU.TXT

2015-11-13 17:35 - 2012-03-22 18:32 - 00000000 ____D C:\Users\daqna\AppData\Roaming\Skype

2015-11-12 20:05 - 2009-07-14 06:45 - 00267672 _____ C:\Windows\system32\FNTCACHE.DAT

2015-11-12 14:47 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache

2015-11-11 21:19 - 2012-03-22 18:32 - 00000000 ____D C:\ProgramData\Skype

2015-11-11 21:19 - 2012-03-22 18:17 - 00000000 ____D C:\Users\daqna

2015-11-11 21:18 - 2013-04-03 21:36 - 00000000 ___RD C:\Program Files (x86)\Skype

2015-11-11 19:18 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\SysWOW64\bg-BG

2015-11-11 19:18 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\bg-BG

2015-11-11 17:03 - 2013-08-14 18:54 - 00000000 ____D C:\Windows\system32\MRT

2015-11-11 16:56 - 2012-03-22 19:41 - 145617392 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

2015-11-11 16:36 - 2013-12-29 18:07 - 00780488 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2015-11-11 16:36 - 2013-12-29 18:07 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater

2015-11-11 16:36 - 2012-03-22 18:39 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2015-11-11 16:31 - 2009-07-14 09:46 - 00000000 ____D C:\Program Files\Windows Journal

2015-10-18 13:57 - 2012-05-05 17:35 - 00000000 ____D C:\Users\daqna\AppData\Local\Conduit

2015-10-18 13:57 - 2012-05-05 17:35 - 00000000 ____D C:\Program Files (x86)\Conduit

Some files in TEMP:

====================

C:\Users\daqna\AppData\Local\Temp\3g8afip_.dll

C:\Users\daqna\AppData\Local\Temp\E187.exe

C:\Users\daqna\AppData\Local\Temp\euka9e01.dll

C:\Users\daqna\AppData\Local\Temp\igrv8wqs.dll

C:\Users\daqna\AppData\Local\Temp\SkypeSetup.exe

C:\Users\daqna\AppData\Local\Temp\TB_3EA8.exe

C:\Users\daqna\AppData\Local\Temp\utt9B2B.tmp.exe

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed

C:\Windows\system32\wininit.exe => File is digitally signed

C:\Windows\SysWOW64\wininit.exe => File is digitally signed

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\SysWOW64\explorer.exe => File is digitally signed

C:\Windows\system32\svchost.exe => File is digitally signed

C:\Windows\SysWOW64\svchost.exe => File is digitally signed

C:\Windows\system32\services.exe => File is digitally signed

C:\Windows\system32\User32.dll => File is digitally signed

C:\Windows\SysWOW64\User32.dll => File is digitally signed

C:\Windows\system32\userinit.exe => File is digitally signed

C:\Windows\SysWOW64\userinit.exe => File is digitally signed

C:\Windows\system32\rpcss.dll => File is digitally signed

C:\Windows\system32\dnsapi.dll => File is digitally signed

C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed

C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-11-11 12:35

==================== End of FRST.txt ============================

Addition.txt

След което рестартирах и отново сканирах с Malwarebytes Anti-Malware, но вече не бяха открити заплахи.

Malwarebytes Anti-Malware

www.malwarebytes.org

Дата на сканиране: 16.11.2015 г.

Час на сканиране: 17:49 ч.

Дневник: aaa.txt

Администратор: Да

Версия: 2.2.0.1024

База от данни за злонамерен софтуер: v2015.11.16.04

База от данни за рууткити: v2015.11.14.01

Лиценз: Безплатен

Защита от злонамерен софтуер: Забранено

Защита от злонамерени страници: Забранено

Самозащита: Забранено

ОС: Windows 7 Service Pack 1

Процесор: x64

Файлова система: NTFS

Потребител: daqna

Тип сканиране: Сканиране за заплахи

Резултат: Завършено

Сканиране обекти: 336698

Изминало време: 31 мин. 5 сек.

Памет: Разрешено

Начално стартиране: Разрешено

Файлова система: Разрешено

Архиви: Разрешено

Рууткити: Разрешено

Евристика: Разрешено

ПНП: Разрешено

ПНИ: Разрешено

Процеси: 0

(Не бяха открити злонамерени обекти)

Модули: 0

(Не бяха открити злонамерени обекти)

Ключове в системния регистър: 0

(Не бяха открити злонамерени обекти)

Стойности в системния регистър: 0

(Не бяха открити злонамерени обекти)

Данни в системния регистър: 0

(Не бяха открити злонамерени обекти)

Папки: 0

(Не бяха открити злонамерени обекти)

Файлове: 0

(Не бяха открити злонамерени обекти)

Физически сектори: 0

(Не бяха открити злонамерени обекти)

(end)

B-boy/StyLe/ · Ноември 18, 2015

Привет,

Ще пиша след 21.30, че трябва да заминавам на работа.

Поздрави!

stanilabg · Ноември 18, 2015

Няма проблем.

B-boy/StyLe/ · Ноември 19, 2015

Здравейте,

СТЪПКА 1

Моля деинсталирайте следните програми от Control Panel-a по следния начин:

CinemaP-1.8cV27.01
omiga-plus uninstall
SavePass 1.1
VideoDownloadConverter Firefox Toolbar
VideoDownloadConverter Internet Explorer Toolbar

Изтеглете програмата GeekUninstaller и я запазете на десктопа.
Разархивирайте я и стартирайте файла geek.exe http://i.imgur.com/4sQNPq3.jpg
От списъка намерете CinemaP-1.8cV27.01 (примера е за Mozilla Firefox, но това е просто за показно).
Кликнете с десен бутон върху програмата и изберете Uninstall

http://i.imgur.com/QrQAQ9t.png

След края на инсталацията ще се отвори прозорец подканващ ви да премахнете всички остатъци от програмата (ако има такива, ако няма този прозорец няма да се появи):

Пример за Mozilla браузъра:

http://i.imgur.com/ohEFUgi.png

Натиснете бутона Finish за да изтриете останките от програмата.
Повторете стъпките за програмите:

omiga-plus uninstall
SavePass 1.1
VideoDownloadConverter Firefox Toolbar
VideoDownloadConverter Internet Explorer Toolbar

СТЪПКА 2

Изтеглете http://i.imgur.com/1wPOhWu.giffixlist.txt и го запазете на десктопа.
Стартирайте FRST.exe и натиснете бутона Fix веднъж!
След като приключи, ако ви поиска рестарт - съгласете се. След рестарта публикувайте лог файла - fixlog.txt, който ще се създаде след работата на програмата.

Внимание: Скрипта е създаден за текущата система. Да не се ползва за други системи с подобни проблеми!

След това пишете дали има подобрение.

Поздрави! http://i.imgur.com/HMq9Vuw.png

stanilabg · Ноември 19, 2015

Не протече както беше описано.

И второ, забравих да премахна една от посочените програми първия път, та се наложи да пускам FRST два пъти. Затова два дневника.

Fix result of Farbar Recovery Scan Tool (x64) Version:18-11-2015

Ran by daqna (2015-11-19 12:25:47) Run:1

Running from C:\Users\daqna\Desktop

Loaded Profiles: daqna (Available Profiles: daqna)

Boot Mode: Normal

==============================================

fixlist content:

*****************

start

CreateRestorePoint:

CloseProcesses:

() C:\Program Files (x86)\Cyti Web\updateCytiWeb.exe

() C:\Program Files (x86)\Cyti Web\bin\utilCytiWeb.exe

() C:\Program Files (x86)\Cyti Web\bin\CytiWeb.PurBrowse64.exe

() C:\Program Files (x86)\Cyti Web\bin\CytiWeb.expext.exe

() C:\Program Files (x86)\Cyti Web\bin\CytiWeb.BrowserAdapter64.exe

() C:\ProgramData\AppMgr3.16.8591351\appmgr.exe

() C:\ProgramData\AppMgr3.16.8591351\1\plugin.exe

GroupPolicy: Restriction - Chrome <======= ATTENTION

CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

HKU\S-1-5-21-3231391006-2606054901-124599880-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://isearch.omiga-plus.com/?type=hp&ts=1422355034&from=obw&uid=WDCXWD3200BEVT-22ZCT0_WD-WXH90834133041330

CHR Plugin: (MindSpark Toolbar Platform Plugin Stub) - C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\NP4zStub.dll => No File

2015-11-16 17:26 - 2015-03-03 04:59 - 00000000 ____D C:\ProgramData\AppMgr3.16.8591351

2015-11-16 17:26 - 2015-01-27 13:01 - 00000000 ____D C:\Program Files (x86)\globalUpdate

2015-11-16 17:26 - 2015-01-27 12:33 - 00000000 ____D C:\Program Files (x86)\Cyti Web

cmd: type C:\Windows\win.ini

2015-10-18 13:57 - 2012-05-05 17:35 - 00000000 ____D C:\Users\daqna\AppData\Local\Conduit

2015-10-18 13:57 - 2012-05-05 17:35 - 00000000 ____D C:\Program Files (x86)\Conduit

C:\Users\daqna\AppData\Local\Temp\3g8afip_.dll

C:\Users\daqna\AppData\Local\Temp\E187.exe

C:\Users\daqna\AppData\Local\Temp\euka9e01.dll

C:\Users\daqna\AppData\Local\Temp\igrv8wqs.dll

C:\Users\daqna\AppData\Local\Temp\SkypeSetup.exe

C:\Users\daqna\AppData\Local\Temp\TB_3EA8.exe

C:\Users\daqna\AppData\Local\Temp\utt9B2B.tmp.exe

Task: {0E2D22B2-3BC3-4FDD-856F-DF886F41B58F} - System32\Tasks\{6476AB9D-E2DD-4834-9CFF-7DF23735D38D} => pcalua.exe -a C:\Users\daqna\Downloads\RocketDock-v1.3.5.exe -d C:\Users\daqna\Downloads

Task: {858905F2-AAB0-46F8-81CC-3C1E3B005BAE} - \Yahoo! Search Updater -> No File <==== ATTENTION

cmd: winmgmt /resyncperf

cmd: lodctr /R

reg: reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\VideoDownloadConverter Home Page Guard 64 bit" /f

reg: reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\VideoDownloadConverter Search Scope Monitor" /f

reg: reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\VideoDownloadConverter_4z Browser Plugin Loader" /f

reg: reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Yahoo! Search" /f

C:\Program Files (x86)\VideoDownloadConverter_4z

C:\Users\daqna\AppData\Local\Pay-By-Ads

cmd: bitsadmin /reset /allusers

cmd: netsh winsock reset catalog

cmd: ipconfig /flushdns

RemoveProxy:

Hosts:

EmptyTemp:

End

*****************

Restore point was successfully created.

Processes closed successfully.

C:\Program Files (x86)\Cyti Web\updateCytiWeb.exe => No running process found

C:\Program Files (x86)\Cyti Web\bin\utilCytiWeb.exe => No running process found

C:\Program Files (x86)\Cyti Web\bin\CytiWeb.PurBrowse64.exe => No running process found

C:\Program Files (x86)\Cyti Web\bin\CytiWeb.expext.exe => No running process found

C:\Program Files (x86)\Cyti Web\bin\CytiWeb.BrowserAdapter64.exe => No running process found

C:\ProgramData\AppMgr3.16.8591351\appmgr.exe => No running process found

C:\ProgramData\AppMgr3.16.8591351\1\plugin.exe => No running process found

C:\Windows\system32\GroupPolicy\Machine => moved successfully

C:\Windows\system32\GroupPolicy\GPT.ini => moved successfully

"HKLM\SOFTWARE\Policies\Google" => key removed successfully

HKU\S-1-5-21-3231391006-2606054901-124599880-1001\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully

C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\NP4zStub.dll => not found.

"C:\ProgramData\AppMgr3.16.8591351" => not found.

C:\Program Files (x86)\globalUpdate => moved successfully

"C:\Program Files (x86)\Cyti Web" => not found.

========= type C:\Windows\win.ini =========

; for 16-bit app support

[fonts]

[extensions]

[mci extensions]

[files]

[Mail]

MAPI=1

[MCI Extensions.BAK]

3g2=MPEGVideo

3gp=MPEGVideo

3gp2=MPEGVideo

3gpp=MPEGVideo

aac=MPEGVideo

adt=MPEGVideo

adts=MPEGVideo

m2t=MPEGVideo

m2ts=MPEGVideo

m2v=MPEGVideo

m4a=MPEGVideo

m4v=MPEGVideo

mod=MPEGVideo

mov=MPEGVideo

mp4=MPEGVideo

mp4v=MPEGVideo

mts=MPEGVideo

ts=MPEGVideo

tts=MPEGVideo

[XVRNT_B]

cnfgprm=prdct=XVRNT_B&vrsn=4.0.0.3&hrdId=16abada600000000000006234e024db4&instlDate=16755

========= End of CMD: =========

C:\Users\daqna\AppData\Local\Conduit => moved successfully

C:\Program Files (x86)\Conduit => moved successfully

C:\Users\daqna\AppData\Local\Temp\3g8afip_.dll => moved successfully

C:\Users\daqna\AppData\Local\Temp\E187.exe => moved successfully

C:\Users\daqna\AppData\Local\Temp\euka9e01.dll => moved successfully

C:\Users\daqna\AppData\Local\Temp\igrv8wqs.dll => moved successfully

C:\Users\daqna\AppData\Local\Temp\SkypeSetup.exe => moved successfully

C:\Users\daqna\AppData\Local\Temp\TB_3EA8.exe => moved successfully

C:\Users\daqna\AppData\Local\Temp\utt9B2B.tmp.exe => moved successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0E2D22B2-3BC3-4FDD-856F-DF886F41B58F}" => key removed successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0E2D22B2-3BC3-4FDD-856F-DF886F41B58F}" => key removed successfully

C:\Windows\System32\Tasks\{6476AB9D-E2DD-4834-9CFF-7DF23735D38D} => moved successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{6476AB9D-E2DD-4834-9CFF-7DF23735D38D}" => key removed successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{858905F2-AAB0-46F8-81CC-3C1E3B005BAE}" => key removed successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{858905F2-AAB0-46F8-81CC-3C1E3B005BAE}" => key removed successfully

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Yahoo! Search Updater => key not found.

========= winmgmt /resyncperf =========

========= End of CMD: =========

========= lodctr /R =========

Info: Successfully rebuilt performance counter setting from system backup store

========= End of CMD: =========

========= reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\VideoDownloadConverter Home Page Guard 64 bit" /f =========

ЋЇҐа жЁпв § ўкаиЁ гбЇҐи®.

========= End of Reg: =========

========= reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\VideoDownloadConverter Search Scope Monitor" /f =========

ЋЇҐа жЁпв § ўкаиЁ гбЇҐи®.

========= End of Reg: =========

========= reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\VideoDownloadConverter_4z Browser Plugin Loader" /f =========

ЋЇҐа жЁпв § ўкаиЁ гбЇҐи®.

========= End of Reg: =========

========= reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Yahoo! Search" /f =========

ЋЇҐа жЁпв § ўкаиЁ гбЇҐи®.

========= End of Reg: =========

"C:\Program Files (x86)\VideoDownloadConverter_4z" => not found.

"C:\Users\daqna\AppData\Local\Pay-By-Ads" => not found.

========= bitsadmin /reset /allusers =========

BITSADMIN version 3.0 [ 7.5.7601 ]

BITS administration utility.

BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.

Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

Unable to cancel {616FF08C-52C8-4BAE-9286-DB7A1E828561}.

0 out of 1 jobs canceled.

========= End of CMD: =========

========= netsh winsock reset catalog =========

Sucessfully reset the Winsock Catalog.

You must restart the computer in order to complete the reset.

========= End of CMD: =========

========= ipconfig /flushdns =========

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========

========= RemoveProxy: =========

HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully

HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully

HKU\S-1-5-21-3231391006-2606054901-124599880-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully

HKU\S-1-5-21-3231391006-2606054901-124599880-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully

========= End of RemoveProxy: =========

C:\Windows\System32\Drivers\etc\hosts => moved successfully

Hosts restored successfully.

EmptyTemp: => 3.7 GB temporary data Removed.

The system needed a reboot.

==== End of Fixlog 12:30:39 ====

Fix result of Farbar Recovery Scan Tool (x64) Version:18-11-2015

Ran by daqna (2015-11-19 12:36:36) Run:2

Running from C:\Users\daqna\Desktop

Loaded Profiles: daqna (Available Profiles: daqna)

Boot Mode: Normal

==============================================

fixlist content:

*****************

start

CreateRestorePoint:

CloseProcesses:

() C:\Program Files (x86)\Cyti Web\updateCytiWeb.exe

() C:\Program Files (x86)\Cyti Web\bin\utilCytiWeb.exe

() C:\Program Files (x86)\Cyti Web\bin\CytiWeb.PurBrowse64.exe

() C:\Program Files (x86)\Cyti Web\bin\CytiWeb.expext.exe

() C:\Program Files (x86)\Cyti Web\bin\CytiWeb.BrowserAdapter64.exe

() C:\ProgramData\AppMgr3.16.8591351\appmgr.exe

() C:\ProgramData\AppMgr3.16.8591351\1\plugin.exe

GroupPolicy: Restriction - Chrome <======= ATTENTION

CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

HKU\S-1-5-21-3231391006-2606054901-124599880-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://isearch.omiga-plus.com/?type=hp&ts=1422355034&from=obw&uid=WDCXWD3200BEVT-22ZCT0_WD-WXH90834133041330

CHR Plugin: (MindSpark Toolbar Platform Plugin Stub) - C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\NP4zStub.dll => No File

2015-11-16 17:26 - 2015-03-03 04:59 - 00000000 ____D C:\ProgramData\AppMgr3.16.8591351

2015-11-16 17:26 - 2015-01-27 13:01 - 00000000 ____D C:\Program Files (x86)\globalUpdate

2015-11-16 17:26 - 2015-01-27 12:33 - 00000000 ____D C:\Program Files (x86)\Cyti Web

cmd: type C:\Windows\win.ini

2015-10-18 13:57 - 2012-05-05 17:35 - 00000000 ____D C:\Users\daqna\AppData\Local\Conduit

2015-10-18 13:57 - 2012-05-05 17:35 - 00000000 ____D C:\Program Files (x86)\Conduit

C:\Users\daqna\AppData\Local\Temp\3g8afip_.dll

C:\Users\daqna\AppData\Local\Temp\E187.exe

C:\Users\daqna\AppData\Local\Temp\euka9e01.dll

C:\Users\daqna\AppData\Local\Temp\igrv8wqs.dll

C:\Users\daqna\AppData\Local\Temp\SkypeSetup.exe

C:\Users\daqna\AppData\Local\Temp\TB_3EA8.exe

C:\Users\daqna\AppData\Local\Temp\utt9B2B.tmp.exe

Task: {0E2D22B2-3BC3-4FDD-856F-DF886F41B58F} - System32\Tasks\{6476AB9D-E2DD-4834-9CFF-7DF23735D38D} => pcalua.exe -a C:\Users\daqna\Downloads\RocketDock-v1.3.5.exe -d C:\Users\daqna\Downloads

Task: {858905F2-AAB0-46F8-81CC-3C1E3B005BAE} - \Yahoo! Search Updater -> No File <==== ATTENTION

cmd: winmgmt /resyncperf

cmd: lodctr /R

reg: reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\VideoDownloadConverter Home Page Guard 64 bit" /f

reg: reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\VideoDownloadConverter Search Scope Monitor" /f

reg: reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\VideoDownloadConverter_4z Browser Plugin Loader" /f

reg: reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Yahoo! Search" /f

C:\Program Files (x86)\VideoDownloadConverter_4z

C:\Users\daqna\AppData\Local\Pay-By-Ads

cmd: bitsadmin /reset /allusers

cmd: netsh winsock reset catalog

cmd: ipconfig /flushdns

RemoveProxy:

Hosts:

EmptyTemp:

End

*****************

Restore point was successfully created.

Processes closed successfully.

C:\Program Files (x86)\Cyti Web\updateCytiWeb.exe => No running process found

C:\Program Files (x86)\Cyti Web\bin\utilCytiWeb.exe => No running process found

C:\Program Files (x86)\Cyti Web\bin\CytiWeb.PurBrowse64.exe => No running process found

C:\Program Files (x86)\Cyti Web\bin\CytiWeb.expext.exe => No running process found

C:\Program Files (x86)\Cyti Web\bin\CytiWeb.BrowserAdapter64.exe => No running process found

C:\ProgramData\AppMgr3.16.8591351\appmgr.exe => No running process found

C:\ProgramData\AppMgr3.16.8591351\1\plugin.exe => No running process found

"C:\Windows\system32\GroupPolicy\Machine" => not found.

HKLM\SOFTWARE\Policies\Google => key not found.

HKU\S-1-5-21-3231391006-2606054901-124599880-1001\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully

C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\NP4zStub.dll => not found.

"C:\ProgramData\AppMgr3.16.8591351" => not found.

"C:\Program Files (x86)\globalUpdate" => not found.

"C:\Program Files (x86)\Cyti Web" => not found.

========= type C:\Windows\win.ini =========

; for 16-bit app support

[fonts]

[extensions]

[mci extensions]

[files]

[Mail]

MAPI=1

[MCI Extensions.BAK]

3g2=MPEGVideo

3gp=MPEGVideo

3gp2=MPEGVideo

3gpp=MPEGVideo

aac=MPEGVideo

adt=MPEGVideo

adts=MPEGVideo

m2t=MPEGVideo

m2ts=MPEGVideo

m2v=MPEGVideo

m4a=MPEGVideo

m4v=MPEGVideo

mod=MPEGVideo

mov=MPEGVideo

mp4=MPEGVideo

mp4v=MPEGVideo

mts=MPEGVideo

ts=MPEGVideo

tts=MPEGVideo

[XVRNT_B]

cnfgprm=prdct=XVRNT_B&vrsn=4.0.0.3&hrdId=16abada600000000000006234e024db4&instlDate=16755

========= End of CMD: =========

"C:\Users\daqna\AppData\Local\Conduit" => not found.

"C:\Program Files (x86)\Conduit" => not found.

"C:\Users\daqna\AppData\Local\Temp\3g8afip_.dll" => not found.

"C:\Users\daqna\AppData\Local\Temp\E187.exe" => not found.

"C:\Users\daqna\AppData\Local\Temp\euka9e01.dll" => not found.

"C:\Users\daqna\AppData\Local\Temp\igrv8wqs.dll" => not found.

"C:\Users\daqna\AppData\Local\Temp\SkypeSetup.exe" => not found.

"C:\Users\daqna\AppData\Local\Temp\TB_3EA8.exe" => not found.

"C:\Users\daqna\AppData\Local\Temp\utt9B2B.tmp.exe" => not found.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0E2D22B2-3BC3-4FDD-856F-DF886F41B58F} => key not found.

C:\Windows\System32\Tasks\{6476AB9D-E2DD-4834-9CFF-7DF23735D38D} => not found.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{6476AB9D-E2DD-4834-9CFF-7DF23735D38D} => key not found.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{858905F2-AAB0-46F8-81CC-3C1E3B005BAE} => key not found.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Yahoo! Search Updater => key not found.

========= winmgmt /resyncperf =========

========= End of CMD: =========

========= lodctr /R =========

Info: Successfully rebuilt performance counter setting from system backup store

========= End of CMD: =========

========= reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\VideoDownloadConverter Home Page Guard 64 bit" /f =========

ERROR: The system was unable to find the specified registry key or value.

========= End of Reg: =========

========= reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\VideoDownloadConverter Search Scope Monitor" /f =========

ERROR: The system was unable to find the specified registry key or value.

========= End of Reg: =========

========= reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\VideoDownloadConverter_4z Browser Plugin Loader" /f =========

ERROR: The system was unable to find the specified registry key or value.

========= End of Reg: =========

========= reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Yahoo! Search" /f =========

ERROR: The system was unable to find the specified registry key or value.

========= End of Reg: =========

"C:\Program Files (x86)\VideoDownloadConverter_4z" => not found.

"C:\Users\daqna\AppData\Local\Pay-By-Ads" => not found.

========= bitsadmin /reset /allusers =========

BITSADMIN version 3.0 [ 7.5.7601 ]

BITS administration utility.

BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.

Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

0 out of 0 jobs canceled.

========= End of CMD: =========

========= netsh winsock reset catalog =========

Sucessfully reset the Winsock Catalog.

You must restart the computer in order to complete the reset.

========= End of CMD: =========

========= ipconfig /flushdns =========

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========

========= RemoveProxy: =========

HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully

HKU\S-1-5-21-3231391006-2606054901-124599880-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully

HKU\S-1-5-21-3231391006-2606054901-124599880-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully

========= End of RemoveProxy: =========

C:\Windows\System32\Drivers\etc\hosts => moved successfully

Hosts restored successfully.

EmptyTemp: => 2 MB temporary data Removed.

The system needed a reboot.

==== End of Fixlog 12:37:58 ====

B-boy/StyLe/ · Ноември 19, 2015

Изглежда ми наред. Как е сега положението?

Направете нова проверка с FRST като сложите отметка пред Addition.txt преди да натиснете бутона SCAN и прикачете новите 2 лог файла - FRST.txt и Addition.txt

Поздрави!

stanilabg · Ноември 19, 2015

Ами човека каза, че още след "чистенето" с Malwarebytes Anti-Malware, нещата са потръгнали добре - нямало изкачащи прозорци, забавяне, замръзване и т.н. Всичко летяло.
Утре ще направя сканирането.

Благодаря от негово име.

stanilabg · Ноември 20, 2015

FRST.txt Addition.txt

B-boy/StyLe/ · Ноември 24, 2015

Извинявам се забавянето, но бях служебно ангажиран. Как е сега положението? Не се виждат активни зарази вече в логовете.

Отворете C:\Windows\win.ini и изтрийте следните редове от файла:

[XVRNT_B]
cnfgprm=prdct=XVRNT_B&vrsn=4.0.0.3&hrdId=16abada600000000000006234e024db4&instlDate=16755

и запазете промените.

И нека да направим финални проверки:

СТЪПКА 1

Изтеглете и стартирайтe http://i.imgur.com/6sv1DN9.jpgAdwCleaner.exe.
Натиснете бутона Scan.
AdwCleaner ще започне да проверява компютъра.
След като проверката приключи натиснете бутона Clean.
Програмата ще затвори всички излишни процеси и след почистването ще иска да рестартира машината. Съгласете се.
Ще се появи автоматично лог файл с името (AdwCleaner[C1].txt) в C:\Adwcleaner
Публикувайте съдържанието му в следващия си коментар.

СТЪПКА 2

Моля изтеглете http://www.bleepstatic.com/download/product-logos/2012/10/25/icon1351185104.pngJunkware Removal Tool на вашия десктоп.

Спрете временно работата на защитните програми.
Стартирайте инструмента JRT.exe
Ще се отвори ДОС прозорец. Натиснете което и да е копче от клавиатурата.
Затворете излишните приложения и всички браузъри и изчакайте проверката да завърши.
Ще се появи лог файл (който можете да намерите и ръчно на десктопа с името JRT.txt).
Моля копирайте съдържанието на лог файла в следващия си пост.

СТЪПКА 3

http://i1214.photobucket.com/albums/cc497/olgun52/icon_zps423a0d9f.jpgМоля изтеглете ZHPcleaner и я запазете на вашия десктоп.

Стартирайте ZHPCleaner с десен клик върху файла и изберете от контекстното меню "Run as administrator"
Кликнете върху http://i1214.photobucket.com/albums/cc497/olgun52/Ashampoo_Snap_20140819_13h09m50s_001__zps96d58678.png за да се съгласите с лицензионното споразумение.
Изберете бутона http://i.imgur.com/y3pI4LR.png.
Браузърите ще бъдат затворени автоматично.
Ще се отвори лог файл след приключването на проверката (ако не се появи такъв, натиснете бутона Report).
Публикувайте лог файла в следващия си коментар.

Поздрави!

stanilabg · Ноември 26, 2015

Казва, че за сега нямало повече проблем.

Едно уточнение. ZHPcleaner откри някакви обекти, но не ги изтрих - няма го в инструкциите. Ако има нужда, ще направя ново сканиране, но виж най напред дневника.

Ето и дневниците.

# AdwCleaner v5.022 - Лог файлът е създаден 26/11/2015 при 16:56:02

# Обновен 22/11/2015 от Xplode

# База данни : 2015-11-22.2 [Сървър]

# Операционна система : Windows 7 Ultimate Service Pack 1 (x64)

# Потребителско име : daqna - DAQNA-PC

# Изпълнява се от : C:\Users\daqna\Desktop\adwcleaner_5.022.exe

# Опция : Изчистване

# Поддръжка : http://toolslib.net/forum

***** [ Сервизи ] *****

***** [ Папки ] *****

[-] Папка Изтрито : C:\Program Files (x86)\video download converter

[-] Папка Изтрито : C:\ProgramData\MailUpdate

[-] Папка Изтрито : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\video download converter

[-] Папка Изтрито : C:\Users\daqna\AppData\Local\globalUpdate

[-] Папка Изтрито : C:\Users\daqna\AppData\LocalLow\Conduit

[-] Папка Изтрито : C:\Users\daqna\AppData\Roaming\MailUpdate

***** [ Файлове ] *****

***** [ DLLs ] *****

***** [ Преки пътища ] *****

***** [ Планирани задачи ] *****

***** [ Регистър ] *****

[-] Ключ Изтрито : HKCU\Software\MICROSOFT\INTERNET EXPLORER\DOMSTORAGE\superfish.com

[-] Ключ Изтрито : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\www.superfish.com

[-] Ключ Изтрито : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\superfish.com

[-] Ключ Изтрито : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.superfish.com

[-] Ключ Изтрито : HKLM\SOFTWARE\Classes\protector_dll.protectorbho

[-] Ключ Изтрито : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1

[-] Ключ Изтрито : HKLM\System\CurrentControlSet\Services\Eventlog\Application\Update Cyti Web

[-] Ключ Изтрито : HKLM\System\CurrentControlSet\Services\Eventlog\Application\Util Cyti Web

[-] Стойност Изтрито : HKLM\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BROWSER_EMULATION [savePass 1.1-bg.exe]

[-] Стойност Изтрито : HKLM\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BROWSER_EMULATION [CinemaP-1.8cV27.01-bg.exe]

[-] Ключ Изтрито : HKLM\SOFTWARE\12ebee0a-aff5-486f-9d5f-c0df7fa967ce

[-] Ключ Изтрито : HKLM\SOFTWARE\6785ecde-6ef1-4d65-ab7f-d4f3ae4a178d

[-] Ключ Изтрито : HKLM\SOFTWARE\9310b58a-ced1-43c7-bb2b-986f59e1c4f1

[-] Ключ Изтрито : HKLM\SOFTWARE\f287889c-c7ea-4ee1-8e42-cc74a684a880

[-] Ключ Изтрито : HKLM\SOFTWARE\Classes\CLSID\{02A96331-0CA6-40E2-A87D-C224601985EB}

[-] Ключ Изтрито : HKLM\SOFTWARE\Classes\CLSID\{13119113-0854-469D-807A-171568457991}

[-] Ключ Изтрито : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}

[-] Ключ Изтрито : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}

[-] Ключ Изтрито : HKLM\SOFTWARE\Classes\CLSID\{4128C64D-F0DD-4811-9405-D22294E8151F}

[-] Ключ Изтрито : HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}

[-] Ключ Изтрито : HKLM\SOFTWARE\Classes\CLSID\{5354D921-3F52-47C5-938D-77A2FB6DEFE7}

[-] Ключ Изтрито : HKLM\SOFTWARE\Classes\CLSID\{66292684-B2C2-4C7C-B3D2-BF446E30744C}

[-] Ключ Изтрито : HKLM\SOFTWARE\Classes\CLSID\{A86782D8-7B41-452F-A217-1854F72DBA54}

[-] Ключ Изтрито : HKLM\SOFTWARE\Classes\CLSID\{DD385519-22E7-4BE2-8A8D-35C66DF4858E}

[-] Ключ Изтрито : HKLM\SOFTWARE\Classes\CLSID\{3D429207-4689-492D-A0E5-CDC5DFBB5005}

[-] Ключ Изтрито : HKLM\SOFTWARE\Classes\Interface\{1AD2049E-E483-4425-8555-8E0775ACB631}

[-] Ключ Изтрито : HKLM\SOFTWARE\Classes\Interface\{2D73F2D0-2FAB-458E-977D-2F9050E0ED60}

[-] Ключ Изтрито : HKLM\SOFTWARE\Classes\Interface\{66D59105-FE06-43A4-B292-EB0097E9EB74}

[-] Ключ Изтрито : HKLM\SOFTWARE\Classes\Interface\{9103C314-C4E2-4463-8934-B19BCB46236D}

[-] Ключ Изтрито : HKLM\SOFTWARE\Classes\Interface\{A8F7D0A5-7074-40B8-9BDC-1174BDD0A132}

[-] Ключ Изтрито : HKLM\SOFTWARE\Classes\Interface\{D14D64BC-A0E4-42E3-BB72-FB41EA43C198}

[-] Ключ Изтрито : HKLM\SOFTWARE\Classes\Interface\{DD1F043F-ABC8-4643-8B95-D2C5B22BB019}

[-] Ключ Изтрито : HKLM\SOFTWARE\Classes\Interface\{E3F3E8F9-F747-4DD6-BA6B-82A6CE1E0860}

[-] Ключ Изтрито : HKLM\SOFTWARE\Classes\Interface\{ED0B64D4-BF27-4521-AD27-190F49BF5EA7}

[-] Ключ Изтрито : HKLM\SOFTWARE\Classes\Interface\{023E9EC8-B147-40EB-B0B3-DF90618FB371}

[-] Ключ Изтрито : HKLM\SOFTWARE\Classes\Interface\{0522D9A4-4D57-437D-978D-E5B3B6C9005D}

[-] Ключ Изтрито : HKLM\SOFTWARE\Classes\Interface\{07F41522-AF7D-4F26-B394-094F059FDB8A}

[-] Ключ Изтрито : HKLM\SOFTWARE\Classes\Interface\{0C40F472-7407-4467-8914-1DEA7C326972}

[-] Ключ Изтрито : HKLM\SOFTWARE\Classes\Interface\{212E6D43-6062-492A-B8CC-144669FF11ED}

[-] Ключ Изтрито : HKLM\SOFTWARE\Classes\Interface\{224FE662-1E6D-4BC0-AEBB-9E2FB4057BE9}

[-] Ключ Изтрито : HKLM\SOFTWARE\Classes\Interface\{3A807417-B46D-4D37-8C9A-19AC6DE204F9}

[-] Ключ Изтрито : HKLM\SOFTWARE\Classes\Interface\{3CC60715-D6C5-429D-830E-43FA3F86C61D}

[-] Ключ Изтрито : HKLM\SOFTWARE\Classes\Interface\{4517D94C-19BA-46FA-BE66-2A30CEAC4A85}

[-] Ключ Изтрито : HKLM\SOFTWARE\Classes\Interface\{555D7146-94A8-4C94-AE76-C39CDC7F7705}

[-] Ключ Изтрито : HKLM\SOFTWARE\Classes\Interface\{59D188FA-757A-424E-8C93-F58FFD896BD7}

[-] Ключ Изтрито : HKLM\SOFTWARE\Classes\Interface\{8120D9D6-785C-4413-9C0C-DF2028C56FAD}

[-] Ключ Изтрито : HKLM\SOFTWARE\Classes\Interface\{823AE2EB-E62C-4847-B192-C99B91B92416}

[-] Ключ Изтрито : HKLM\SOFTWARE\Classes\Interface\{9B4F7CFE-987D-410E-A8E4-20182E0B3C24}

[-] Ключ Изтрито : HKLM\SOFTWARE\Classes\Interface\{9B9A45F4-18FC-484A-BACA-076D78273D8E}

[-] Ключ Изтрито : HKLM\SOFTWARE\Classes\Interface\{A6D54287-7939-466A-8579-92546D946C8C}

[-] Ключ Изтрито : HKLM\SOFTWARE\Classes\Interface\{A78EDAFB-926F-4D93-AB13-8232D7378EB1}

[-] Ключ Изтрито : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550655985529}

[-] Ключ Изтрито : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660666986629}

[-] Ключ Изтрито : HKLM\SOFTWARE\Classes\Interface\{17B10E59-09E1-4C39-A738-6774D7AB7778}

[!] Ключ Не е Изтрито : HKLM\SOFTWARE\Classes\Interface\{1AD2049E-E483-4425-8555-8E0775ACB631}

[!] Ключ Не е Изтрито : HKLM\SOFTWARE\Classes\Interface\{2D73F2D0-2FAB-458E-977D-2F9050E0ED60}

[-] Ключ Изтрито : HKLM\SOFTWARE\Classes\Interface\{2D9083CE-8758-4704-BA57-3C891D7452BD}

[-] Ключ Изтрито : HKLM\SOFTWARE\Classes\Interface\{34AD1EA7-8B9E-4D8B-B3ED-365D12C8EE73}

[-] Ключ Изтрито : HKLM\SOFTWARE\Classes\Interface\{35144E32-8E4C-4152-9B8C-3E2D4B46228E}

[-] Ключ Изтрито : HKLM\SOFTWARE\Classes\Interface\{35BBB95B-2CE4-4A9E-BDED-50EFD632AC00}

[-] Ключ Изтрито : HKLM\SOFTWARE\Classes\Interface\{3BA6794F-1E38-4460-949A-0DE97D8EF5C2}

[-] Ключ Изтрито : HKLM\SOFTWARE\Classes\Interface\{3CBA93EA-AEC3-4EC3-9EFD-D96A661B639D}

[-] Ключ Изтрито : HKLM\SOFTWARE\Classes\Interface\{3E9469AF-E866-4476-B767-810630F1F6E7}

[-] Ключ Изтрито : HKLM\SOFTWARE\Classes\Interface\{46CE5380-6055-4C3A-A7E5-3A02A2335C61}

[-] Ключ Изтрито : HKLM\SOFTWARE\Classes\Interface\{47700C35-9E3E-4DAD-934C-0CE28A87237C}

[-] Ключ Изтрито : HKLM\SOFTWARE\Classes\Interface\{4F6ECF71-C575-4BD2-8EF7-548D0EF1AB1D}

[-] Ключ Изтрито : HKLM\SOFTWARE\Classes\Interface\{54D99BE4-2FD7-449E-9DB4-76532CEE0B16}

[-] Ключ Изтрито : HKLM\SOFTWARE\Classes\Interface\{5684EAE9-72EB-4CA6-83B8-82434B7E955C}

[-] Ключ Изтрито : HKLM\SOFTWARE\Classes\Interface\{5A96E574-F8A6-4F6A-B58D-79C14B698017}

[-] Ключ Изтрито : HKLM\SOFTWARE\Classes\Interface\{6605E3BD-7BC3-479C-BF0A-E5D5E954EA52}

[!] Ключ Не е Изтрито : HKLM\SOFTWARE\Classes\Interface\{66D59105-FE06-43A4-B292-EB0097E9EB74}

[-] Ключ Изтрито : HKLM\SOFTWARE\Classes\Interface\{716E443D-7CAA-44F1-866B-F45D00E712CC}

[-] Ключ Изтрито : HKLM\SOFTWARE\Classes\Interface\{72063D77-7590-4DA9-A7F8-F5ECAF3632C4}

[-] Ключ Изтрито : HKLM\SOFTWARE\Classes\Interface\{7FC87AC5-FA93-476E-A32C-A941229DED0B}

[-] Ключ Изтрито : HKLM\SOFTWARE\Classes\Interface\{7FCD22A8-B70A-4AC7-AAF1-EBCCD2F6612D}

[-] Ключ Изтрито : HKLM\SOFTWARE\Classes\Interface\{8B8BB3A7-2ADE-4995-931D-60B430A9B44E}

[-] Ключ Изтрито : HKLM\SOFTWARE\Classes\Interface\{8FDA7A57-D1A8-4A62-A643-B85FDC116212}

[!] Ключ Не е Изтрито : HKLM\SOFTWARE\Classes\Interface\{9103C314-C4E2-4463-8934-B19BCB46236D}

[-] Ключ Изтрито : HKLM\SOFTWARE\Classes\Interface\{93F0AC70-20D8-4AE8-A02F-6812EFFB6B58}

[-] Ключ Изтрито : HKLM\SOFTWARE\Classes\Interface\{94E98D20-156E-4C53-BD7F-972C96E680B2}

[-] Ключ Изтрито : HKLM\SOFTWARE\Classes\Interface\{A266567F-8E5D-480C-BCE2-C360FA669FD5}

[-] Ключ Изтрито : HKLM\SOFTWARE\Classes\Interface\{CE4F67F6-4FD4-49DB-9D71-713CCD3D00CD}

[-] Ключ Изтрито : HKLM\SOFTWARE\Classes\Interface\{E14CDC24-4BE1-4B65-8452-4BFA0DCEF274}

[-] Ключ Изтрито : HKLM\SOFTWARE\Classes\Interface\{ECC69F9E-5456-4EDF-AF66-1A9DED11F9EE}

[-] Ключ Изтрито : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550655905565}

[!] Ключ Не е Изтрито : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550655985529}

[-] Ключ Изтрито : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660666906665}

[!] Ключ Не е Изтрито : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660666986629}

[-] Ключ Изтрито : HKLM\SOFTWARE\Classes\TypeLib\{192F487E-E812-40C0-B0DE-CB4BFA20F37B}

[-] Ключ Изтрито : HKLM\SOFTWARE\Classes\TypeLib\{2D3826A1-F3E8-45D6-94B5-C26D8EC0073B}

[-] Ключ Изтрито : HKLM\SOFTWARE\Classes\TypeLib\{F1F328EB-F5A5-432B-A54C-05F3EF5B0BD8}

[-] Ключ Изтрито : HKLM\SOFTWARE\Classes\TypeLib\{FB0E8A09-F08C-44CF-9E15-97ADAC016248}

[-] Ключ Изтрито : HKLM\SOFTWARE\Classes\TypeLib\{FE8DBB09-C3D3-4477-80CB-D38914B94BB8}

[-] Ключ Изтрито : HKLM\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440644984429}

[!] Ключ Не е Изтрито : HKLM\SOFTWARE\Classes\TypeLib\{192F487E-E812-40C0-B0DE-CB4BFA20F37B}

[!] Ключ Не е Изтрито : HKLM\SOFTWARE\Classes\TypeLib\{2D3826A1-F3E8-45D6-94B5-C26D8EC0073B}

[-] Ключ Изтрито : HKLM\SOFTWARE\Classes\TypeLib\{37923200-6887-4B44-95D4-CAE8F83ECFEE}

[-] Ключ Изтрито : HKLM\SOFTWARE\Classes\TypeLib\{3EE17DD1-E28B-4AED-A3B2-9C29CB2C19D6}

[-] Ключ Изтрито : HKLM\SOFTWARE\Classes\TypeLib\{79332472-47F3-4E32-B07F-CF8DF4C58499}

[-] Ключ Изтрито : HKLM\SOFTWARE\Classes\TypeLib\{886F93AD-3CBB-4424-8442-A7340243540F}

[-] Ключ Изтрито : HKLM\SOFTWARE\Classes\TypeLib\{AA289DBC-59B6-40A5-AC7D-C90DF850289C}

[-] Ключ Изтрито : HKLM\SOFTWARE\Classes\TypeLib\{BC153A3C-0BB7-4EED-83AE-28E6E398F56E}

[-] Ключ Изтрито : HKLM\SOFTWARE\Classes\TypeLib\{CA723163-6FAD-43D4-8B93-0D8C52BD9974}

[!] Ключ Не е Изтрито : HKLM\SOFTWARE\Classes\TypeLib\{F1F328EB-F5A5-432B-A54C-05F3EF5B0BD8}

[!] Ключ Не е Изтрито : HKLM\SOFTWARE\Classes\TypeLib\{FB0E8A09-F08C-44CF-9E15-97ADAC016248}

[!] Ключ Не е Изтрито : HKLM\SOFTWARE\Classes\TypeLib\{FE8DBB09-C3D3-4477-80CB-D38914B94BB8}

[-] Ключ Изтрито : HKLM\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440644904465}

[!] Ключ Не е Изтрито : HKLM\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440644984429}

[-] Ключ Изтрито : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A86782D8-7B41-452F-A217-1854F72DBA54}

[-] Ключ Изтрито : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{38122A36-83B2-46B8-B39A-EC72A4614A07}

[-] Ключ Изтрито : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{5645E0E7-FC12-43BF-A6E4-F9751942B298}

[-] Ключ Изтрито : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}

[-] Ключ Изтрито : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{5354D921-3F52-47C5-938D-77A2FB6DEFE7}

[-] Ключ Изтрито : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A86782D8-7B41-452F-A217-1854F72DBA54}

[-] Ключ Изтрито : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{38122A36-83B2-46B8-B39A-EC72A4614A07}

[-] Ключ Изтрито : [x64] HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}

[-] Ключ Изтрито : [x64] HKLM\SOFTWARE\Classes\Interface\{1AD2049E-E483-4425-8555-8E0775ACB631}

[-] Ключ Изтрито : [x64] HKLM\SOFTWARE\Classes\Interface\{2D73F2D0-2FAB-458E-977D-2F9050E0ED60}

[-] Ключ Изтрито : [x64] HKLM\SOFTWARE\Classes\Interface\{66D59105-FE06-43A4-B292-EB0097E9EB74}

[-] Ключ Изтрито : [x64] HKLM\SOFTWARE\Classes\Interface\{9103C314-C4E2-4463-8934-B19BCB46236D}

[-] Ключ Изтрито : [x64] HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550655985529}

[-] Ключ Изтрито : [x64] HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660666986629}

[-] Ключ Изтрито : [x64] HKLM\SOFTWARE\Classes\Interface\{17B10E59-09E1-4C39-A738-6774D7AB7778}

[!] Ключ Не е Изтрито : [x64] HKLM\SOFTWARE\Classes\Interface\{1AD2049E-E483-4425-8555-8E0775ACB631}

[!] Ключ Не е Изтрито : [x64] HKLM\SOFTWARE\Classes\Interface\{2D73F2D0-2FAB-458E-977D-2F9050E0ED60}

[-] Ключ Изтрито : [x64] HKLM\SOFTWARE\Classes\Interface\{2D9083CE-8758-4704-BA57-3C891D7452BD}

[-] Ключ Изтрито : [x64] HKLM\SOFTWARE\Classes\Interface\{34AD1EA7-8B9E-4D8B-B3ED-365D12C8EE73}

[-] Ключ Изтрито : [x64] HKLM\SOFTWARE\Classes\Interface\{35144E32-8E4C-4152-9B8C-3E2D4B46228E}

[-] Ключ Изтрито : [x64] HKLM\SOFTWARE\Classes\Interface\{35BBB95B-2CE4-4A9E-BDED-50EFD632AC00}

[-] Ключ Изтрито : [x64] HKLM\SOFTWARE\Classes\Interface\{3BA6794F-1E38-4460-949A-0DE97D8EF5C2}

[-] Ключ Изтрито : [x64] HKLM\SOFTWARE\Classes\Interface\{3CBA93EA-AEC3-4EC3-9EFD-D96A661B639D}

[-] Ключ Изтрито : [x64] HKLM\SOFTWARE\Classes\Interface\{3E9469AF-E866-4476-B767-810630F1F6E7}

[-] Ключ Изтрито : [x64] HKLM\SOFTWARE\Classes\Interface\{46CE5380-6055-4C3A-A7E5-3A02A2335C61}

[-] Ключ Изтрито : [x64] HKLM\SOFTWARE\Classes\Interface\{47700C35-9E3E-4DAD-934C-0CE28A87237C}

[-] Ключ Изтрито : [x64] HKLM\SOFTWARE\Classes\Interface\{4F6ECF71-C575-4BD2-8EF7-548D0EF1AB1D}

[-] Ключ Изтрито : [x64] HKLM\SOFTWARE\Classes\Interface\{54D99BE4-2FD7-449E-9DB4-76532CEE0B16}

[-] Ключ Изтрито : [x64] HKLM\SOFTWARE\Classes\Interface\{5684EAE9-72EB-4CA6-83B8-82434B7E955C}

[-] Ключ Изтрито : [x64] HKLM\SOFTWARE\Classes\Interface\{5A96E574-F8A6-4F6A-B58D-79C14B698017}

[-] Ключ Изтрито : [x64] HKLM\SOFTWARE\Classes\Interface\{6605E3BD-7BC3-479C-BF0A-E5D5E954EA52}

[!] Ключ Не е Изтрито : [x64] HKLM\SOFTWARE\Classes\Interface\{66D59105-FE06-43A4-B292-EB0097E9EB74}

[-] Ключ Изтрито : [x64] HKLM\SOFTWARE\Classes\Interface\{716E443D-7CAA-44F1-866B-F45D00E712CC}

[-] Ключ Изтрито : [x64] HKLM\SOFTWARE\Classes\Interface\{72063D77-7590-4DA9-A7F8-F5ECAF3632C4}

[-] Ключ Изтрито : [x64] HKLM\SOFTWARE\Classes\Interface\{7FC87AC5-FA93-476E-A32C-A941229DED0B}

[-] Ключ Изтрито : [x64] HKLM\SOFTWARE\Classes\Interface\{7FCD22A8-B70A-4AC7-AAF1-EBCCD2F6612D}

[-] Ключ Изтрито : [x64] HKLM\SOFTWARE\Classes\Interface\{8B8BB3A7-2ADE-4995-931D-60B430A9B44E}

[-] Ключ Изтрито : [x64] HKLM\SOFTWARE\Classes\Interface\{8FDA7A57-D1A8-4A62-A643-B85FDC116212}

[!] Ключ Не е Изтрито : [x64] HKLM\SOFTWARE\Classes\Interface\{9103C314-C4E2-4463-8934-B19BCB46236D}

[-] Ключ Изтрито : [x64] HKLM\SOFTWARE\Classes\Interface\{93F0AC70-20D8-4AE8-A02F-6812EFFB6B58}

[-] Ключ Изтрито : [x64] HKLM\SOFTWARE\Classes\Interface\{94E98D20-156E-4C53-BD7F-972C96E680B2}

[-] Ключ Изтрито : [x64] HKLM\SOFTWARE\Classes\Interface\{A266567F-8E5D-480C-BCE2-C360FA669FD5}

[-] Ключ Изтрито : [x64] HKLM\SOFTWARE\Classes\Interface\{CE4F67F6-4FD4-49DB-9D71-713CCD3D00CD}

[-] Ключ Изтрито : [x64] HKLM\SOFTWARE\Classes\Interface\{E14CDC24-4BE1-4B65-8452-4BFA0DCEF274}

[-] Ключ Изтрито : [x64] HKLM\SOFTWARE\Classes\Interface\{ECC69F9E-5456-4EDF-AF66-1A9DED11F9EE}

[-] Ключ Изтрито : [x64] HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550655905565}

[!] Ключ Не е Изтрито : [x64] HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550655985529}

[-] Ключ Изтрито : [x64] HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660666906665}

[!] Ключ Не е Изтрито : [x64] HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660666986629}

[-] Ключ Изтрито : HKCU\Software\GlobalUpdate

[-] Ключ Изтрито : HKCU\Software\InstalledBrowserExtensions

[-] Ключ Изтрито : HKCU\Software\AppDataLow\Toolbar

[-] Ключ Изтрито : HKLM\SOFTWARE\Conduit

[-] Ключ Изтрито : HKLM\SOFTWARE\GlobalUpdate

[-] Ключ Изтрито : HKLM\SOFTWARE\InstalledBrowserExtensions

[-] Ключ Изтрито : [x64] HKLM\SOFTWARE\InstalledBrowserExtensions

[-] Ключ Изтрито : HKU\.DEFAULT\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Software\SavePass 1.1

[-] Ключ Изтрито : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\

[!] Ключ Не е Изтрито : DoNotAskAgain

[-] Ключ Изтрито : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\ask.com

[-] Ключ Изтрито : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\en.softonic.com

[-] Ключ Изтрито : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\home.tb.ask.com

[-] Ключ Изтрито : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\inspsearch.com

[-] Ключ Изтрито : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\inst.shoppingate.info

[-] Ключ Изтрито : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\isearch.omiga-plus.com

[-] Ключ Изтрито : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\omiga-plus.com

[-] Ключ Изтрито : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\omigaplus2.inspsearch.com

[-] Ключ Изтрито : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\plarium.com

[-] Ключ Изтрито : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\search.tb.ask.com

[-] Ключ Изтрито : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\searches.omiga-plus.com

[-] Ключ Изтрито : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\shoppingate.info

[-] Ключ Изтрито : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\softonic.com

[-] Ключ Изтрито : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\webcrawler.com

***** [ Уеб браузъри ] *****

[-] [C:\Users\daqna\AppData\Local\Google\Chrome\User Data\Default\Web Data] [search Provider] Изтрито : ask.com

[-] [C:\Users\daqna\AppData\Local\Google\Chrome\User Data\Default\Web Data] [search Provider] Изтрито : isearch.omiga-plus.com

[-] [C:\Users\daqna\AppData\Local\Google\Chrome\User Data\Default\Web Data] [search Provider] Изтрито : omiga-plus

[-] [C:\Users\daqna\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Изтрито : pacgpkgadgmibnhpdidcnfafllnmeomc

*************************

:: "Tracing" ключове отстраняват

:: Настройките на Winsock са нулирани

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [20648 байта] ##########

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Malwarebytes

Version: 8.0.1 (11.24.2015)

Operating System: Windows 7 Ultimate x64

Ran by daqna (Administrator) on зҐвў 26.11.2015 Ј. at 17:10:25,93

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

File System: 3

Successfully deleted: C:\Windows\prefetch\GOOGLETOOLBARMANAGER_32479C6A-70E3F988.pf (File)

Successfully deleted: C:\Windows\prefetch\GOOGLETOOLBARNOTIFIER.EXE-7AE0A20E.pf (File)

Successfully deleted: C:\Windows\prefetch\GOOGLETOOLBARUSER_32.EXE-34B1B1C5.pf (File)

Registry: 0

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on зҐвў 26.11.2015 Ј. at 17:13:43,86

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~ ZHPCleaner v2015.11.23.384 by Nicolas Coolman (2015/11/23)

~ Run by daqna (Administrator) (26/11/2015 17:15:47)

~ Site : http://www.nicolascoolman.fr

~ Facebook : https://www.facebook.com/nicolascoolman1

~ State version : No network file

~ Type : Scan

~ Report : C:\Users\daqna\Desktop\ZHPCleaner.txt

~ Quarantine : C:\Users\daqna\AppData\Roaming\ZHP\ZHPCleaner_Quarantine.txt

~ UAC : Activate

~ Boot Mode : Normal (Normal boot)

Windows 7 Ultimate, 64-bit Service Pack 1 (Build 7601)

---\\ Services (0)

~ No malicious or unnecessary items found.

---\\ Browser internet (0)

~ No malicious or unnecessary items found.

---\\ Hosts file (1)

~ The hosts file is legitimate (1)

---\\ Scheduled automatic tasks. (0)

~ No malicious or unnecessary items found.

---\\ Explorer ( File, Folder) (2)

FOUND folder: C:\Program Files (x86)\601f14f1-f5d9-450a-a139-563fec61295c =>PUP.Optional.CrossRider

FOUND folder: C:\Program Files (x86)\eb40820c-8350-4360-8bd6-3c2c1b0b845f =>PUP.Optional.CrossRider

---\\ Registry ( Key, Value, Data) (66)

FOUND key: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110611901165} [] =>PUP.Optional.CrossRider

FOUND key: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110611981129} [] =>PUP.Optional.CrossRider

FOUND key: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110611901165} [] =>PUP.Optional.CrossRider

FOUND key: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110611981129} [] =>PUP.Optional.CrossRider

FOUND key: [X64] HKLM\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110611901165} [CinemaP-1.8cV27.01] =>PUP.Optional.CrossRider

FOUND key: [X64] HKLM\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110611981129} [savePass 1.1] =>PUP.Optional.CrossRider

FOUND key: [X64] HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220622902265} [02e230a56e2c45da91ef041e8a17e63d0069065.Sandbox] =>PUP.Optional.CrossRider

FOUND key: [X64] HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220622982229} [32389a8c39e14e44abd3b43289a864310069829.Sandbox] =>PUP.Optional.CrossRider

FOUND key: [X64] HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{11111111-1111-1111-1111-110611901165} [CinemaP-1.8cV27.01] =>PUP.Optional.CrossRider

FOUND key: [X64] HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{11111111-1111-1111-1111-110611981129} [savePass 1.1] =>PUP.Optional.CrossRider

FOUND key: [X64] HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{22222222-2222-2222-2222-220622902265} [02e230a56e2c45da91ef041e8a17e63d0069065.Sandbox] =>PUP.Optional.CrossRider

FOUND key: [X64] HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{22222222-2222-2222-2222-220622982229} [32389a8c39e14e44abd3b43289a864310069829.Sandbox] =>PUP.Optional.CrossRider

FOUND key: HKEY_USERS\S-1-5-21-3231391006-2606054901-124599880-1001\Software\sun king [] =>PUP.Optional.CrossRider

FOUND key: HKCU\Software\sun king [] =>PUP.Optional.CrossRider

FOUND key: HKCU\Software\AppDataLow\Software\Smartbar [] =>PUP.Optional.QuickShare

FOUND key: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\hdapp1008-a.akamaihd.net [169] =>PUP.Optional.Browser

FOUND key: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\api.cytiweb.net [198741] =>Adware.Sambreel

FOUND key: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\apicytiwebnet-a.akamaihd.net [22] =>PUP.Optional.Browser

FOUND key: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\cdncache-a.akamaihd.net [795] =>PUP.Optional.Browser

FOUND key: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\cytiweb.net [] =>Adware.Sambreel

FOUND key: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\hdapp1008-a.akamaihd.net [692] =>PUP.Optional.Browser

FOUND key: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\hdsrc-a.akamaihd.net [] =>PUP.Optional.Browser

FOUND key: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\kingtopdeals.com [] =>PUP.Optional.Multiplug

FOUND key: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\lollipopcosmetics.com [1893] =>PUP.Optional.Lollipop

FOUND key: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\mypcspeedmaximizer.com [] =>.Superfluous.PCSpeedMaximizer

FOUND key: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\pstatic.kingtopdeals.com [10] =>PUP.Optional.Multiplug

FOUND key: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\serviceama-a.akamaihd.net [5881] =>PUP.Optional.Browser

FOUND key: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\soundcloud.com [103] =>PUP.Optional.Multiplug

FOUND key: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\static.boostsaves.com [] =>PUP.Optional.BoostSaves

FOUND key: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.mypcspeedmaximizer.com [9] =>.Superfluous.PCSpeedMaximizer

FOUND key: [X64] HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.DynamicBarButton [bar Button Class] =>.Superfluous.MindSpark

FOUND key: [X64] HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.DynamicBarButton.1 [bar Button Class] =>.Superfluous.MindSpark

FOUND key: [X64] HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.FeedManager [] =>.Superfluous.MindSpark

FOUND key: [X64] HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.FeedManager.1 [] =>.Superfluous.MindSpark

FOUND key: [X64] HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.HTMLMenu [VideoDownloadConverter_4z HTML Menu] =>.Superfluous.MindSpark

FOUND key: [X64] HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.HTMLMenu.1 [VideoDownloadConverter_4z HTML Menu] =>.Superfluous.MindSpark

FOUND key: [X64] HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.HTMLPanel [VideoDownloadConverter_4z HTML Panel] =>.Superfluous.MindSpark

FOUND key: [X64] HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.HTMLPanel.1 [VideoDownloadConverter_4z HTML Panel] =>.Superfluous.MindSpark

FOUND key: [X64] HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.MultipleButton [] =>.Superfluous.MindSpark

FOUND key: [X64] HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.MultipleButton.1 [] =>.Superfluous.MindSpark

FOUND key: [X64] HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.PseudoTransparentPlugin [Pseudo Transparent Plugin] =>.Superfluous.MindSpark

FOUND key: [X64] HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.PseudoTransparentPlugin.1 [Pseudo Transparent Plugin] =>.Superfluous.MindSpark

FOUND key: [X64] HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.Radio [] =>.Superfluous.MindSpark

FOUND key: [X64] HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.Radio.1 [] =>.Superfluous.MindSpark

FOUND key: [X64] HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.RadioSettings [] =>.Superfluous.MindSpark

FOUND key: [X64] HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.RadioSettings.1 [] =>.Superfluous.MindSpark

FOUND key: [X64] HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.ScriptButton [] =>.Superfluous.MindSpark

FOUND key: [X64] HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.ScriptButton.1 [] =>.Superfluous.MindSpark

FOUND key: [X64] HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.SettingsPlugin [] =>.Superfluous.MindSpark

FOUND key: [X64] HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.SettingsPlugin.1 [] =>.Superfluous.MindSpark

FOUND key: [X64] HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.SkinLauncher [] =>.Superfluous.MindSpark

FOUND key: [X64] HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.SkinLauncher.1 [] =>.Superfluous.MindSpark

FOUND key: [X64] HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.ThirdPartyInstaller [VideoDownloadConverter Third Party Installer] =>.Superfluous.MindSpark

FOUND key: [X64] HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.ThirdPartyInstaller.1 [VideoDownloadConverter Third Party Installer] =>.Superfluous.MindSpark

FOUND key: [X64] HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.ToolbarProtector [ProtectorControl Class] =>.Superfluous.MindSpark

FOUND key: [X64] HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.ToolbarProtector.1 [ProtectorControl Class] =>.Superfluous.MindSpark

FOUND key: [X64] HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.UrlAlertButton [] =>.Superfluous.MindSpark

FOUND key: [X64] HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.UrlAlertButton.1 [] =>.Superfluous.MindSpark

FOUND key: [X64] HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.XMLSessionPlugin [] =>.Superfluous.MindSpark

FOUND key: [X64] HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.XMLSessionPlugin.1 [] =>.Superfluous.MindSpark

FOUND key: [X64] HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\mailUpdate [] =>PUP.Optional.MailUpdate

FOUND key: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1FFEB9E2-DDAC-4B00-8E10-14D2088C2629} [C:\Program Files (x86)\uTorrentControl2 (Not File)] =>PUP.Optional.uTorrentControl

FOUND key: [X64] HKLM\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110611901165}\InprocServer32 [] =>PUP.Optional.CrossRider

FOUND key: [X64] HKLM\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110611981129}\InprocServer32 [] =>PUP.Optional.CrossRider

FOUND key: [X64] HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220622902265}\InprocServer32 [C:\Program Files (x86)\CinemaP-1.8cV27.01\CinemaP-1.8cV27.01-bho64.dll (Not File)] =>PUP.Optional.CrossRider

FOUND key: [X64] HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220622982229}\InprocServer32 [C:\Program Files (x86)\SavePass 1.1\SavePass 1.1-bho64.dll (Not File)] =>PUP.Optional.CrossRider

---\\ Summary of the elements found (11)

http://www.nicolascoolman.fr/?p=180 =>PUP.Optional.CrossRider

http://www.nicolascoolman.fr/?p=433 =>PUP.Optional.QuickShare

http://www.nicolascoolman.fr/?p=546 =>PUP.Optional.Browser

http://www.nicolascoolman.fr/?p=4664 =>Adware.Sambreel

http://www.nicolascoolman.fr/?p=1402 =>PUP.Optional.Multiplug

http://www.nicolascoolman.fr/?p=302 =>PUP.Optional.Lollipop

http://www.nicolascoolman.fr/?p=378 =>.Superfluous.PCSpeedMaximizer

http://www.nicolascoolman.fr/?p=4664 =>PUP.Optional.BoostSaves

http://www.nicolascoolman.fr/?p=142 =>.Superfluous.MindSpark

http://www.nicolascoolman.fr/?p=4664 =>PUP.Optional.MailUpdate

http://www.nicolascoolman.fr/?p=4664 =>PUP.Optional.uTorrentControl

---\\ Result of repair

~ Any repair made

~ Browser not found (Mozilla Firefox)

~ Browser not found (Opera Software)

---\\ Statistics

~ Items scanned : 54553

~ Items found : 74

~ Items cancelled : 0

~ Items repaired : 0

~ End of search in 5 minutes

===================

ZHPCleaner--26112015-17_20_50.txt

B-boy/StyLe/ · Ноември 27, 2015

Да, знам. Аз нарочно не съм споменал да се трият неща със ZHPCleaner докато не прегледам лог файла, защото понякога е малко параноичен инструмента. Всичко намерено от него обаче е за триене и затова повторете проверката с него и изберете бутона Repair. След като се отвори списъка с намерените неща пак натиснете Repair. След това публикувайте новия лог файл. Ако такъв не се появи натиснете бутона Report.

Поздрави!

stanilabg · Ноември 27, 2015

Заповядай!

~ ZHPCleaner v2015.11.25.385 by Nicolas Coolman (2015/11/25)

~ Run by daqna (Administrator) (27/11/2015 18:09:43)

~ Site : http://www.nicolascoolman.fr

~ Facebook : https://www.facebook.com/nicolascoolman1

~ State version : Version OK

~ Type : Repair

~ Report : C:\Users\daqna\Desktop\ZHPCleaner.txt

~ Quarantine : C:\Users\daqna\AppData\Roaming\ZHP\ZHPCleaner_Quarantine.txt

~ UAC : Activate

~ Boot Mode : Normal (Normal boot)

Windows 7 Ultimate, 64-bit Service Pack 1 (Build 7601)

---\\ Services (0)

~ No malicious or unnecessary items found.

---\\ Browser internet (0)

~ No malicious or unnecessary items found.

---\\ Hosts file (1)

~ The hosts file is legitimate (1)

---\\ Scheduled automatic tasks. (0)

~ No malicious or unnecessary items found.

---\\ Explorer ( File, Folder) (2)

MOVED folder: C:\Program Files (x86)\601f14f1-f5d9-450a-a139-563fec61295c =>PUP.Optional.CrossRider

MOVED folder: C:\Program Files (x86)\eb40820c-8350-4360-8bd6-3c2c1b0b845f =>PUP.Optional.CrossRider

---\\ Registry ( Key, Value, Data) (66)

DELETED key*: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110611901165} [] =>PUP.Optional.CrossRider

DELETED key*: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110611981129} [] =>PUP.Optional.CrossRider

DELETED key*: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110611901165} [] =>PUP.Optional.CrossRider

DELETED key*: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110611981129} [] =>PUP.Optional.CrossRider

DELETED key*: [X64] HKLM\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110611901165} [CinemaP-1.8cV27.01] =>PUP.Optional.CrossRider

DELETED key*: [X64] HKLM\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110611981129} [savePass 1.1] =>PUP.Optional.CrossRider

DELETED key*: [X64] HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220622902265} [02e230a56e2c45da91ef041e8a17e63d0069065.Sandbox] =>PUP.Optional.CrossRider

DELETED key*: [X64] HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220622982229} [32389a8c39e14e44abd3b43289a864310069829.Sandbox] =>PUP.Optional.CrossRider

DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{11111111-1111-1111-1111-110611901165} [CinemaP-1.8cV27.01] =>PUP.Optional.CrossRider

DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{11111111-1111-1111-1111-110611981129} [savePass 1.1] =>PUP.Optional.CrossRider

DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{22222222-2222-2222-2222-220622902265} [02e230a56e2c45da91ef041e8a17e63d0069065.Sandbox] =>PUP.Optional.CrossRider

DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{22222222-2222-2222-2222-220622982229} [32389a8c39e14e44abd3b43289a864310069829.Sandbox] =>PUP.Optional.CrossRider

DELETED key*: HKEY_USERS\S-1-5-21-3231391006-2606054901-124599880-1001\Software\sun king [] =>PUP.Optional.CrossRider

DELETED key: HKCU\Software\sun king [] =>PUP.Optional.CrossRider

DELETED key*: HKCU\Software\AppDataLow\Software\Smartbar [] =>PUP.Optional.QuickShare

DELETED key*: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\hdapp1008-a.akamaihd.net [169] =>PUP.Optional.Browser

DELETED key*: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\api.cytiweb.net [198741] =>Adware.Sambreel

DELETED key*: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\apicytiwebnet-a.akamaihd.net [22] =>PUP.Optional.Browser

DELETED key*: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\cdncache-a.akamaihd.net [795] =>PUP.Optional.Browser

DELETED key*: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\cytiweb.net [] =>Adware.Sambreel

DELETED key*: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\hdapp1008-a.akamaihd.net [692] =>PUP.Optional.Browser

DELETED key*: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\hdsrc-a.akamaihd.net [] =>PUP.Optional.Browser

DELETED key*: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\kingtopdeals.com [] =>PUP.Optional.Multiplug

DELETED key*: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\lollipopcosmetics.com [1893] =>PUP.Optional.Lollipop

DELETED key*: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\mypcspeedmaximizer.com [] =>.Superfluous.PCSpeedMaximizer

DELETED key*: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\pstatic.kingtopdeals.com [10] =>PUP.Optional.Multiplug

DELETED key*: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\serviceama-a.akamaihd.net [5881] =>PUP.Optional.Browser

DELETED key*: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\soundcloud.com [103] =>PUP.Optional.Multiplug

DELETED key*: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\static.boostsaves.com [] =>PUP.Optional.BoostSaves

DELETED key*: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.mypcspeedmaximizer.com [9] =>.Superfluous.PCSpeedMaximizer

DELETED key*: [X64] HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.DynamicBarButton [bar Button Class] =>.Superfluous.MindSpark

DELETED key*: [X64] HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.DynamicBarButton.1 [bar Button Class] =>.Superfluous.MindSpark

DELETED key*: [X64] HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.FeedManager [] =>.Superfluous.MindSpark

DELETED key*: [X64] HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.FeedManager.1 [] =>.Superfluous.MindSpark

DELETED key*: [X64] HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.HTMLMenu [VideoDownloadConverter_4z HTML Menu] =>.Superfluous.MindSpark

DELETED key*: [X64] HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.HTMLMenu.1 [VideoDownloadConverter_4z HTML Menu] =>.Superfluous.MindSpark

DELETED key*: [X64] HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.HTMLPanel [VideoDownloadConverter_4z HTML Panel] =>.Superfluous.MindSpark

DELETED key*: [X64] HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.HTMLPanel.1 [VideoDownloadConverter_4z HTML Panel] =>.Superfluous.MindSpark

DELETED key*: [X64] HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.MultipleButton [] =>.Superfluous.MindSpark

DELETED key*: [X64] HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.MultipleButton.1 [] =>.Superfluous.MindSpark

DELETED key*: [X64] HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.PseudoTransparentPlugin [Pseudo Transparent Plugin] =>.Superfluous.MindSpark

DELETED key*: [X64] HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.PseudoTransparentPlugin.1 [Pseudo Transparent Plugin] =>.Superfluous.MindSpark

DELETED key*: [X64] HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.Radio [] =>.Superfluous.MindSpark

DELETED key*: [X64] HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.Radio.1 [] =>.Superfluous.MindSpark

DELETED key*: [X64] HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.RadioSettings [] =>.Superfluous.MindSpark

DELETED key*: [X64] HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.RadioSettings.1 [] =>.Superfluous.MindSpark

DELETED key*: [X64] HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.ScriptButton [] =>.Superfluous.MindSpark

DELETED key*: [X64] HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.ScriptButton.1 [] =>.Superfluous.MindSpark

DELETED key*: [X64] HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.SettingsPlugin [] =>.Superfluous.MindSpark

DELETED key*: [X64] HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.SettingsPlugin.1 [] =>.Superfluous.MindSpark

DELETED key*: [X64] HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.SkinLauncher [] =>.Superfluous.MindSpark

DELETED key*: [X64] HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.SkinLauncher.1 [] =>.Superfluous.MindSpark

DELETED key*: [X64] HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.ThirdPartyInstaller [VideoDownloadConverter Third Party Installer] =>.Superfluous.MindSpark

DELETED key*: [X64] HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.ThirdPartyInstaller.1 [VideoDownloadConverter Third Party Installer] =>.Superfluous.MindSpark

DELETED key*: [X64] HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.ToolbarProtector [ProtectorControl Class] =>.Superfluous.MindSpark

DELETED key*: [X64] HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.ToolbarProtector.1 [ProtectorControl Class] =>.Superfluous.MindSpark

DELETED key*: [X64] HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.UrlAlertButton [] =>.Superfluous.MindSpark

DELETED key*: [X64] HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.UrlAlertButton.1 [] =>.Superfluous.MindSpark

DELETED key*: [X64] HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.XMLSessionPlugin [] =>.Superfluous.MindSpark

DELETED key*: [X64] HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.XMLSessionPlugin.1 [] =>.Superfluous.MindSpark

DELETED key*: [X64] HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\mailUpdate [] =>PUP.Optional.MailUpdate

DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1FFEB9E2-DDAC-4B00-8E10-14D2088C2629} [C:\Program Files (x86)\uTorrentControl2 (Not File)] =>PUP.Optional.uTorrentControl

DELETED key: [X64] HKLM\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110611901165}\InprocServer32 [] =>PUP.Optional.CrossRider

DELETED key: [X64] HKLM\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110611981129}\InprocServer32 [] =>PUP.Optional.CrossRider

DELETED key: [X64] HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220622902265}\InprocServer32 [C:\Program Files (x86)\CinemaP-1.8cV27.01\CinemaP-1.8cV27.01-bho64.dll (Not File)] =>PUP.Optional.CrossRider

DELETED key: [X64] HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220622982229}\InprocServer32 [C:\Program Files (x86)\SavePass 1.1\SavePass 1.1-bho64.dll (Not File)] =>PUP.Optional.CrossRider

---\\ Summary of the elements found (11)

http://www.nicolascoolman.fr/?p=180 =>PUP.Optional.CrossRider

http://www.nicolascoolman.fr/?p=433 =>PUP.Optional.QuickShare

http://www.nicolascoolman.fr/?p=546 =>PUP.Optional.Browser

http://www.nicolascoolman.fr/?p=4664 =>Adware.Sambreel

http://www.nicolascoolman.fr/?p=1402 =>PUP.Optional.Multiplug

http://www.nicolascoolman.fr/?p=302 =>PUP.Optional.Lollipop

http://www.nicolascoolman.fr/?p=378 =>.Superfluous.PCSpeedMaximizer

http://www.nicolascoolman.fr/?p=4664 =>PUP.Optional.BoostSaves

http://www.nicolascoolman.fr/?p=142 =>.Superfluous.MindSpark

http://www.nicolascoolman.fr/?p=4664 =>PUP.Optional.MailUpdate

http://www.nicolascoolman.fr/?p=4664 =>PUP.Optional.uTorrentControl