Publicité
Publicité
Format du document : text/plain
Prévisualisation
���������� | Shortcut_Module | g3n-h@ckm@n | 06.05.2014.2
����� Vista | 7 | 8 | 8.1 - 32/64 bits ����� - Start 23:22:14 - 06/05/2014
update on : 06/05/2014 | 13.30 by g3n-h@ckm@n
Contact : http://www.sosvirus.net
Boot : Normal
System : Windows 7 Ultimate (32 bits) Ultimate
RAM memory = Total (MB) : 3011 | Free (MB) : 1824
Pagefile = Total (MB) : 6019 | Free (MB) : 4663
Virtual = Total (MB) : 2097 | Free (MB) : 1920
Registry saved, to restore : C:\Shortcut_Module\Save\Clean\ERDNT.exe
���������� | Windows Updates
No windows updates detected !!!
~ Service Pack 1 not installed !!!
���������� | Browsers
IE : 8.0.7600.16385 (?� Microsoft Corporation. All rights reserved.?)
FF : 28.0.0.5186 (�Firefox and Mozilla Developers; available under the MPL 2 license.)
���������� | Security
AV : avast! Internet Security Enabled
AS : Windows Defender Enabled
FW : avast! Internet Security Enabled
WMI : OK
WU: Windows Update Service [Auto(2)] = Started
AS: Windows Defender [Auto(2)] = Started
FW: Windows FireWall Service [Auto(2)] = Started
���������� | FlashPlayer
FlashPlayer ActiveX : 12.0.0.70
FlashPlayer Plugin : 12.0.0.43
���������� | Killed processes
1604 | [Owner : SYSTEM |Parent : 532] - (.Taiwan Shui Mu Chih Ching Technology Limited. - update service.) - (1.4.8.7624) = C:\Program Files\WinZipper\winzipersvc.exe
1728 | [Owner : SYSTEM |Parent : 532] - (.Microsoft Corporation - Spooler SubSystem App.) - (6.1.7600.16385) = C:\Windows\System32\spoolsv.exe
1828 | [Owner : SYSTEM |Parent : 532] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) - (1.701.3.3014) = C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
1936 | [Owner : SYSTEM |Parent : 532] - (.WIBU-SYSTEMS AG - CodeMeter Runtime Server.) - (4.50.897.500) = C:\Program Files\CodeMeter\Runtime\bin\CodeMeter.exe
2304 | [Owner : ���� |Parent : 532] - (.Microsoft Corporation - Host Process for Windows Tasks.) - (6.1.7600.16385) = C:\Windows\System32\taskhost.exe
2508 | [Owner : ���� |Parent : 2460] - (.Microsoft Corporation - ������ Windows.) - (6.1.7600.16385) = C:\Windows\explorer.exe
3200 | [Owner : SYSTEM |Parent : 532] - (.Microsoft Corporation - Microsoft Windows Search Indexer.) - (7.0.7600.16385) = C:\Windows\System32\SearchIndexer.exe
3292 | [Owner : NETWORK SERVICE |Parent : 532] - (.Microsoft Corporation - Windows Media Player Network Sharing Service.) - (12.0.7600.16385) = C:\Program Files\Windows Media Player\wmpnetwk.exe
3932 | [Owner : ���� |Parent : 2508] - (.www.IslamicFinder.org - Automatic Athan (Azan) five times a day for every prayer time. It covers more than 6 million cities, towns, and villages all over the world. .) - (4.4.0.0) = C:\Program Files\Athan\Athan.exe
4080 | [Owner : ���� |Parent : 2508] - (.Intel Corporation - hkcmd Module.) - (8.15.10.2869) = C:\Windows\System32\hkcmd.exe
2452 | [Owner : ���� |Parent : 2508] - (.Intel Corporation - persistence Module.) - (8.15.10.2869) = C:\Windows\System32\igfxpers.exe
3688 | [Owner : ���� |Parent : 2508] - (.Islamware, www.islamware.com - .) - (2.0.0.0) = C:\Program Files\Azkary\Azkary.exe
3412 | [Owner : ���� |Parent : 2508] - (.Skype Technologies S.A. - Skype. Take a deep breath .) - (3.2.0.145) = C:\Program Files\Skype\Phone\Skype.exe
2896 | [Owner : ���� |Parent : 2508] - (.Tonec Inc. - Internet Download Manager (IDM).) - (6.18.9.2) = C:\Program Files\Internet Download Manager\IDMan.exe
2932 | [Owner : ���� |Parent : 2508] - (.BitTorrent Inc. - BitTorrent.) - (7.9.1.30889) = C:\Users\����\AppData\Roaming\BitTorrent\BitTorrent.exe
2832 | [Owner : ���� |Parent : 2508] - (.Microsoft Corporation - ��������� ������ ��� ��� ������ �� Windows.) - (6.1.7600.16385) = C:\Program Files\Windows Sidebar\sidebar.exe
3624 | [Owner : ���� |Parent : 2508] - (. - .) - (0.0.0.0) = C:\Program Files\WebcamMax\wcmmon.exe
2216 | [Owner : ���� |Parent : 2896] - (.Tonec Inc. - Internet Download Manager agent for click monitoring in IE-based browsers.) - (6.18.7.1) = C:\Program Files\Internet Download Manager\IEMonitor.exe
1972 | [Owner : ���� |Parent : 3412] - (.Skype Technologies - Skype Extras Manager.) - (1.2.0.255) = C:\Program Files\Skype\Plugin Manager\skypePM.exe
4232 | [Owner : ���� |Parent : 2508] - (.Microsoft Corporation - Internet Explorer.) - (8.0.7600.16385) = C:\Program Files\Internet Explorer\iexplore.exe
4028 | [Owner : ���� |Parent : 4232] - (.Microsoft Corporation - Internet Explorer.) - (8.0.7600.16385) = C:\Program Files\Internet Explorer\iexplore.exe
4428 | [Owner : ���� |Parent : 688] - (.Internet Download Manager, Tonec Inc. - Broker for reading of IDM settings.) - (6.18.7.1) = C:\Program Files\Internet Download Manager\idmBroker.exe
5400 | [Owner : ���� |Parent : 688] - (.Adobe Systems Incorporated - Adobe� Flash� Player Installer/Uninstaller 12.0 r0.) - (12.0.0.70) = C:\Windows\System32\Macromed\Flash\FlashUtil32_12_0_0_70_ActiveX.exe
5608 | [Owner : ���� |Parent : 2896] - (.Microsoft Corporation - Internet Low-Mic Utility Tool.) - (8.0.7600.16385) = C:\Program Files\Internet Explorer\ielowutil.exe
5116 | [Owner : ���� |Parent : 688] - (.Intel Corporation - igfxsrvc Module.) - (8.15.10.2869) = C:\Windows\System32\igfxsrvc.exe
���������� | Running processes
324 | [Owner : SYSTEM |Parent : 4] - (.Microsoft Corporation - Windows Session Manager.) - (6.1.7600.16385) = C:\Windows\System32\smss.exe
420 | [Owner : SYSTEM |Parent : 404] - (.Microsoft Corporation - Client Server Runtime Process.) - (6.1.7600.16385) = C:\Windows\System32\csrss.exe
472 | [Owner : SYSTEM |Parent : 404] - (.Microsoft Corporation - ������� ��� ����� Windows.) - (6.1.7600.16385) = C:\Windows\System32\wininit.exe
484 | [Owner : SYSTEM |Parent : 464] - (.Microsoft Corporation - Client Server Runtime Process.) - (6.1.7600.16385) = C:\Windows\System32\csrss.exe
532 | [Owner : SYSTEM |Parent : 472] - (.Microsoft Corporation - Services and Controller app.) - (6.1.7600.16385) = C:\Windows\System32\services.exe
560 | [Owner : SYSTEM |Parent : 464] - (.Microsoft Corporation - ����� ����� ���� Windows.) - (6.1.7600.16385) = C:\Windows\System32\winlogon.exe
572 | [Owner : SYSTEM |Parent : 472] - (.Microsoft Corporation - Local Security Authority Process.) - (6.1.7600.16385) = C:\Windows\System32\lsass.exe
580 | [Owner : SYSTEM |Parent : 472] - (.Microsoft Corporation - ������ ����� ����� ����� �������.) - (6.1.7600.16385) = C:\Windows\System32\lsm.exe
688 | [Owner : SYSTEM |Parent : 532] - (.Microsoft Corporation - Host Process for Windows Services.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe
788 | [Owner : NETWORK SERVICE |Parent : 532] - (.Microsoft Corporation - Host Process for Windows Services.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe
864 | [Owner : LOCAL SERVICE |Parent : 532] - (.Microsoft Corporation - Host Process for Windows Services.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe
916 | [Owner : SYSTEM |Parent : 532] - (.Microsoft Corporation - Host Process for Windows Services.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe
944 | [Owner : SYSTEM |Parent : 532] - (.Microsoft Corporation - Host Process for Windows Services.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe
1032 | [Owner : LOCAL SERVICE |Parent : 864] - (.Microsoft Corporation - Windows Audio Device Graph Isolation .) - (6.1.7600.16385) = C:\Windows\System32\audiodg.exe
1120 | [Owner : LOCAL SERVICE |Parent : 532] - (.Microsoft Corporation - Host Process for Windows Services.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe
1236 | [Owner : NETWORK SERVICE |Parent : 532] - (.Microsoft Corporation - Host Process for Windows Services.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe
1424 | [Owner : SYSTEM |Parent : 532] - (.AVAST Software - avast! Service.) - (8.0.1482.45) = C:\Program Files\AVAST Software\Avast\AvastSvc.exe
1504 | [Owner : SYSTEM |Parent : 532] - (.AVAST Software - avast! firewall service.) - (8.0.1482.45) = C:\Program Files\AVAST Software\Avast\afwServ.exe
1756 | [Owner : LOCAL SERVICE |Parent : 532] - (.Microsoft Corporation - Host Process for Windows Services.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe
1904 | [Owner : LOCAL SERVICE |Parent : 532] - (.Microsoft Corporation - Host Process for Windows Services.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe
1228 | [Owner : NETWORK SERVICE |Parent : 532] - (.Microsoft Corporation - Host Process for Windows Services.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe
2476 | [Owner : ���� |Parent : 916] - (.Microsoft Corporation - Desktop Window Manager.) - (6.1.7600.16385) = C:\Windows\System32\dwm.exe
3004 | [Owner : LOCAL SERVICE |Parent : 532] - (.Microsoft Corporation - Host Process for Windows Services.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe
3032 | [Owner : ���� |Parent : 2508] - (.AVAST Software - avast! Antivirus.) - (8.0.1482.45) = C:\Program Files\AVAST Software\Avast\AvastUI.exe
3888 | [Owner : LOCAL SERVICE |Parent : 532] - (.Microsoft Corporation - Host Process for Windows Services.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe
4972 | [Owner : SYSTEM |Parent : 532] - (.Microsoft Corporation - Host Process for Windows Services.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe
5584 | [Owner : ���� |Parent : 2896] - (. - Shortcut_Module.) - (6.5.2014.2) = C:\Users\����\Downloads\Programs\Shortcut_Module.exe
1040 | [Owner : ���� |Parent : 5584] - (. - Process Stopper.) - (1.0.0.0) = C:\Shortcut_Module\Protect_Module.exe
���������� | RUN
04 - HKLM\..\Run : [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
04 - HKLM\..\Run : [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
04 - HKLM\..\Run : [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
04 - HKLM\..\Run : [AdobeCS5ServiceManager] "C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
04 - HKLM\..\Run : [Athan] C:\Program Files\Athan\Athan.exe
04 - HKLM\..\Run : [IgfxTray] C:\Windows\system32\igfxtray.exe
04 - HKLM\..\Run : [HotKeysCmds] C:\Windows\system32\hkcmd.exe
04 - HKLM\..\Run : [Persistence] C:\Windows\system32\igfxpers.exe
04 - HKLM\..\Run : [Azkary] C:\Program Files\Azkary\Azkary
04 - HKLM\..\Run : [mobilegeni daemon] C:\Program Files\Mobogenie\DaemonProcess.exe
04 - HKU\S-1-5-21-2052750500-952412447-4240874956-1000\..\Run : [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
04 - HKU\S-1-5-21-2052750500-952412447-4240874956-1000\..\Run : [Facebook Update] "C:\Users\����\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
04 - HKU\S-1-5-21-2052750500-952412447-4240874956-1000\..\Run : [BackgroundContainer] "C:\Windows\system32\Rundll32.exe" "C:\Users\����\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll",DllRun
04 - HKU\S-1-5-21-2052750500-952412447-4240874956-1000\..\Run : [AdobeBridge]
04 - HKU\S-1-5-21-2052750500-952412447-4240874956-1000\..\Run : [xdm] C:\Users\����\AppData\Local\XDM\xdm.exe -m
04 - HKU\S-1-5-21-2052750500-952412447-4240874956-1000\..\Run : [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
04 - HKU\S-1-5-21-2052750500-952412447-4240874956-1000\..\Run : [BitTorrent] "C:\Users\����\AppData\Roaming\BitTorrent\BitTorrent.exe" /MINIMIZED
04 - HKU\S-1-5-21-2052750500-952412447-4240874956-1000\..\Run : [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
04 - HKU\S-1-5-21-2052750500-952412447-4240874956-1000\..\Run : [WebcamMaxAutoRun] "C:\Program Files\WebcamMax\wcmmon.exe" -a
04 - HKU\S-1-5-21-2052750500-952412447-4240874956-1000\..\Run : [Defrag] "C:\Program Files\baidu\Spark\BaiduDefragFiles.exe" AutoStart 1
���������� | Services
Service in functioning : WINDEFEND
Stopped service : WINDEFEND
Service in functioning : MMCSS
Service in functioning : Dhcp
Stopped service : Dhcp
Service in functioning : WMPNetworkSvc
Stopped service : WMPNetworkSvc
Service in functioning : TcpIp
Service in functioning : SSDPSRV
Service in functioning : MPSSvc
Stopped service : MPSSvc
Service in functioning : LanmanServer
Service in functioning : DNScache
Stopped service : DNScache
Deleted successfully : HKLM\..\ControlSet001\Services\winzipersvc : 16
Deleted successfully : HKLM\..\ControlSet002\Services\winzipersvc : 16
���������� | Hosts
C:\Windows\System32\Drivers\etc\hosts : Reseted successfully
���������� | Register
Deleted successfully : HKLM\Software\Classes\WinZipper.001
Deleted successfully : HKLM\Software\Classes\WinZipper.arj
Deleted successfully : HKLM\Software\Classes\WinZipper.bzip2
Deleted successfully : HKLM\Software\Classes\WinZipper.cpio
Deleted successfully : HKLM\Software\Classes\WinZipper.dmg
Deleted successfully : HKLM\Software\Classes\WinZipper.gz
Deleted successfully : HKLM\Software\Classes\WinZipper.hfs
Deleted successfully : HKLM\Software\Classes\WinZipper.lha
Deleted successfully : HKLM\Software\Classes\WinZipper.lzma
Deleted successfully : HKLM\Software\Classes\WinZipper.rpm
Deleted successfully : HKLM\Software\Classes\WinZipper.swm
Deleted successfully : HKLM\Software\Classes\WinZipper.taz
Deleted successfully : HKLM\Software\Classes\WinZipper.tbz2
Deleted successfully : HKLM\Software\Classes\WinZipper.tpz
Deleted successfully : HKLM\Software\Classes\WinZipper.vhd
Deleted successfully : HKLM\Software\Classes\WinZipper.xar
Deleted successfully : HKLM\Software\Classes\WinZipper.z
Deleted successfully : HKLM\Software\Classes\WinZipper.7z
Deleted successfully : HKLM\Software\Classes\WinZipper.cab
Deleted successfully : HKLM\Software\Classes\WinZipper.fat
Deleted successfully : HKLM\Software\Classes\WinZipper.lzh
Deleted successfully : HKLM\Software\Classes\WinZipper.squashfs
Deleted successfully : HKLM\Software\Classes\WinZipper.tbz
Deleted successfully : HKLM\Software\Classes\WinZipper.txz
Deleted successfully : HKLM\Software\Classes\WinZipper.xz
Deleted successfully : HKU\S-1-5-21-2052750500-952412447-4240874956-1000\Software\Microsoft\Internet Explorer\DOMStorage\buenosearch.com
Deleted successfully : HKU\S-1-5-21-2052750500-952412447-4240874956-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\buenosearch.com
Deleted successfully : HKLM\Software\Classes\CLSID\{1E31C3D5-7372-45E0-B061-CDC14AD97404} : MC Web Search Scope
Deleted successfully : HKLM\Software\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63} : ISearchQueryHelper
Deleted successfully : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd
Deleted successfully : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\desksvc
Deleted successfully : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\winzipersvc
Deleted successfully : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WsysSvc
Deleted successfully : HKLM\Software\Microsoft\Tracing\amt_qvo6_RASAPI32
Deleted successfully : HKLM\Software\Microsoft\Tracing\avg-secure-search-installer_RASAPI32
Deleted successfully : HKLM\Software\Microsoft\Tracing\DaemonProcess_RASAPI32
Deleted successfully : HKLM\Software\Microsoft\Tracing\deskSvc_RASAPI32
Deleted successfully : HKLM\Software\Microsoft\Tracing\FindRightSetup_RASAPI32
Deleted successfully : HKLM\Software\Microsoft\Tracing\Mobogenie_RASAPI32
Deleted successfully : HKLM\Software\Microsoft\Tracing\MyBuenoTB_RASAPI32
Deleted successfully : HKLM\Software\Microsoft\Tracing\Plus-HD-7_RASAPI32
Deleted successfully : HKLM\Software\Microsoft\Tracing\RegCleaner_RASAPI32
Deleted successfully : HKLM\Software\Microsoft\Tracing\RegCleanPro_RASAPI32
Deleted successfully : HKLM\Software\Microsoft\Tracing\ToolbarHelper_RASAPI32
Deleted successfully : HKLM\Software\Microsoft\Tracing\updateWebfuii_RASAPI32
Deleted successfully : HKLM\Software\Microsoft\Tracing\utilWebfuii_RASAPI32
Deleted successfully : HKLM\Software\Microsoft\Tracing\Webfuii_RASAPI32
Deleted successfully : HKLM\Software\Microsoft\Tracing\Webfuii_Setup_RASAPI32
Deleted successfully : HKLM\Software\Microsoft\Tracing\winzipersvc_RASAPI32
Deleted successfully : HKLM\Software\Microsoft\Tracing\WinZipperdl_RASAPI32
Deleted successfully : HKLM\Software\Microsoft\Tracing\amt_qvo6_RASMANCS
Deleted successfully : HKLM\Software\Microsoft\Tracing\avg-secure-search-installer_RASMANCS
Deleted successfully : HKLM\Software\Microsoft\Tracing\DaemonProcess_RASMANCS
Deleted successfully : HKLM\Software\Microsoft\Tracing\deskSvc_RASMANCS
Deleted successfully : HKLM\Software\Microsoft\Tracing\FindRightSetup_RASMANCS
Deleted successfully : HKLM\Software\Microsoft\Tracing\Mobogenie_RASMANCS
Deleted successfully : HKLM\Software\Microsoft\Tracing\MyBuenoTB_RASMANCS
Deleted successfully : HKLM\Software\Microsoft\Tracing\Plus-HD-7_RASMANCS
Deleted successfully : HKLM\Software\Microsoft\Tracing\RegCleaner_RASMANCS
Deleted successfully : HKLM\Software\Microsoft\Tracing\ToolbarHelper_RASMANCS
Deleted successfully : HKLM\Software\Microsoft\Tracing\updateWebfuii_RASMANCS
Deleted successfully : HKLM\Software\Microsoft\Tracing\utilWebfuii_RASMANCS
Deleted successfully : HKLM\Software\Microsoft\Tracing\Webfuii_RASMANCS
Deleted successfully : HKLM\Software\Microsoft\Tracing\winzipersvc_RASMANCS
Deleted successfully : HKLM\Software\Google\Chrome\Extensions\acfoobbgoakpihljnfedbcfaipcdlfhk
Deleted successfully : HKLM\Software\Google\Chrome\Extensions\cflheckfmhopnialghigdlggahiomebp : C:\Users\����\AppData\Local\CRE\cflheckfmhopnialghigdlggahiomebp.crx
Deleted successfully : HKU\S-1-5-21-2052750500-952412447-4240874956-1000\Software\Google\Chrome\Extensions\cflheckfmhopnialghigdlggahiomebp : C:\Users\����\AppData\Local\CRE\cflheckfmhopnialghigdlggahiomebp.crx
Deleted successfully : HKLM\SOFTWARE\Driver-Soft
Deleted successfully : HKLM\SOFTWARE\hdcode
Deleted successfully : HKLM\SOFTWARE\SP Global
Deleted successfully : HKLM\SOFTWARE\Uniblue
Deleted successfully : HKLM\SOFTWARE\winzipersvc
Deleted successfully : HKLM\SOFTWARE\SProtector
Deleted successfully : HKU\S-1-5-21-2052750500-952412447-4240874956-1000\Software\Trolltech
Deleted successfully : HKU\S-1-5-21-2052750500-952412447-4240874956-1000\Software\AppDataLow\Software\BackgroundContainer
Deleted successfully : HKU\S-1-5-18\Software\AppDataLow\Software\Plus-HD-7.6
Deleted successfully : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{22D8E815-4A5E-4DFB-845E-AAB64207F5BD} : eBayTB.dll
Deleted successfully : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{57F02779-3D88-4958-8AD3-83C12D86ADC7} : advancedsearchbar.dll
Deleted successfully : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{92085AD4-F48A-450D-BD93-B28CC7DF67CE} : eBayTB.dll
Deleted successfully : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{CDEEC43D-3572-4E95-A2A5-F519D29F00C0} : advancedsearchbar.dll
Deleted successfully : HKU\S-1-5-21-2052750500-952412447-4240874956-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{850AB670-134E-4069-B46B-61EB2BF99834} : C:\Program Files\Plus-HD-7.6
Deleted successfully : HKU\S-1-5-21-2052750500-952412447-4240874956-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DDC57FED-831B-46FA-B0A4-8CC313E464D3} : C:\Program Files\Plus-HD-7.6
Deleted successfully : HKU\S-1-5-21-2052750500-952412447-4240874956-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E277A28D-3221-4F94-B75C-8483C55F7FED} : C:\Program Files\Plus-HD-7.6
Deleted successfully : HKU\S-1-5-21-2052750500-952412447-4240874956-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CA352DCA-F1F0-45D5-8640-70F73F843A1E} : C:\Program Files\Plus-HD-7.6
Deleted successfully : HKLM\Software\Classes\Installer\Features\1040110900063D11C8EF10054038389C : AlwaysInstalled
Deleted successfully : HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\WinZipper
Deleted successfully : HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\BackgroundContainer Startup Task
Deleted successfully : HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\YourFile DownloaderUpdate
Deleted successfully : HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Desk 365 RunAsStdUser
Deleted successfully : HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{65B1D117-20D8-44F6-BF95-13493E8A6935} : \Desk 365 RunAsStdUser
Deleted successfully : HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B488A0E1-99A4-4449-B76F-ACE72B94FDD0} : \YourFile DownloaderUpdate
Deleted successfully : HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C27F2A6E-7EA5-4352-9289-D12F339B53F0} : \BackgroundContainer Startup Task
Deleted successfully : [HKLM\Software\Microsoft\Windows\CurrentVersion\Run]|[mobilegeni daemon] : C:\Program Files\Mobogenie\DaemonProcess.exe
Deleted successfully : [HKU\S-1-5-21-2052750500-952412447-4240874956-1000\Software\Microsoft\Windows\CurrentVersion\Run]|[BackgroundContainer] : "C:\Windows\system32\Rundll32.exe" "C:\Users\����\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll",DllRun
���������� | IFEO
���������� | Folders
Deleted successfully : C:\Windows\System32\Tasks\BackgroundContainer Startup Task
Deleted successfully : C:\Program Files\WinZipper
Deleted successfully : C:\Program Files\Counter-Strike 1.6\vstdlib.dll (Copyright (C) 2005 Valve Corporation.-.Steam) vstdlib_ s.dll
Deleted successfully : C:\Program Files\Counter-Strike 1.6\vstdlib_s.dll (Copyright (C) 2005 Valve Corporation.-.Steam) vstdlib_ s.dll
Deleted successfully : C:\Windows\System32\NdfEventView.xml ()
Deleted successfully : C:\Users\All Users\InstallMate
Deleted successfully : C:\Users\All Users\Uniblue
Deleted successfully : C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\WinZipper
Deleted successfully : C:\Users\����\.android
Deleted successfully : C:\Users\����\daemonprocess.txt (.-.)
Deleted successfully : C:\Users\����\AppData\Local\AVG SafeGuard toolbar
Deleted successfully : C:\Users\����\AppData\Local\Microsoft\Internet Explorer\DOMStore\VABQ23RN\www.qvo6[1].xml (.-.)
Deleted successfully : C:\Users\����\AppData\Local\Microsoft\Internet Explorer\DOMStore\XENEQIKX\www.buenosearch[1].xml (.-.)
Deleted successfully : C:\Users\����\AppData\Local\Microsoft\Windows\Temporary Internet Files\Webfuii_iels (.-.)
Deleted successfully : C:\Users\����\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1UH9XY8K\qvo6_fr_simple_ad1[1].html (.-.)
Deleted successfully : C:\Users\����\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1UH9XY8K\qvo6_fr_simple_ad1[2].html (.-.)
Deleted successfully : C:\Users\����\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1UH9XY8K\qvo6_simple_fr_newad[1].html (.-.)
Deleted successfully : C:\Users\����\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\O6HRRH2G\buenosearch_com[1].htm (.-.)
Deleted successfully : C:\Users\����\AppData\Local\Microsoft\Windows\WER\ReportQueue\AppCrash_WinZipper.exe_22f13535aafd4365e21555a6c1c1ca2d9d2f827_cab_105a82a8
Deleted successfully : C:\Users\����\AppData\Local\Microsoft\Windows\WER\ReportQueue\AppCrash_WinZipper.exe_3c5fcbdd24b1ce51b492b1193e21285fb3bb5_cab_1d42bcd4
Deleted successfully : C:\Users\����\AppData\Local\Microsoft\Windows\WER\ReportQueue\AppCrash_WinZipper.exe_42011dec0396a6f9dd59d7dcb1e27ca2d7f3b4_cab_0bfd52d6
Deleted successfully : C:\Users\����\AppData\Local\Microsoft\Windows\WER\ReportQueue\AppCrash_WinZipper.exe_501a97907727a7fe5dcad6a2c8122b71672683ac_cab_14a21c2f
Deleted successfully : C:\Users\����\AppData\Local\Microsoft\Windows\WER\ReportQueue\AppCrash_WinZipper.exe_5813b76d30427cba495a7e37b92c894f6fced333_cab_165ed1c3
Deleted successfully : C:\Users\����\AppData\Local\Microsoft\Windows\WER\ReportQueue\AppCrash_WinZipper.exe_6ee3c9f78d3a1f87db7426badc7afecf2992cf7b_cab_10625826
Deleted successfully : C:\Users\����\AppData\Local\Microsoft\Windows\WER\ReportQueue\AppCrash_WinZipper.exe_88ebbfbccacdc725b7a63f8a7f66d8bb1914ef3a_cab_013a3261
Deleted successfully : C:\Users\����\AppData\Local\Microsoft\Windows\WER\ReportQueue\AppCrash_WinZipper.exe_a040d3b429e4986c8ff33fcc792d8c3fbda260ca_cab_1036932c
Deleted successfully : C:\Users\����\AppData\Local\Microsoft\Windows\WER\ReportQueue\AppCrash_WinZipper.exe_b83a8b81ca31577d37d344c335b065f783f76ce8_cab_0e8bf562
Deleted successfully : C:\Users\����\AppData\Local\Microsoft\Windows\WER\ReportQueue\AppCrash_WinZipper.exe_bdfe4c47e28f6031c95ab4d18eeaba96935a7ba_0afe73df
Deleted successfully : C:\Users\����\AppData\Local\Microsoft\Windows\WER\ReportQueue\AppCrash_WinZipper.exe_bdfe4c47e28f6031c95ab4d18eeaba96935a7ba_cab_0f4bb426
Deleted successfully : C:\Users\����\AppData\Local\Microsoft\Windows\WER\ReportQueue\NonCritical_SpyHunter-Instal_49acf3243408ae8b2dcd87d65e010a0217334_cab_1f240d9c
Deleted successfully : C:\Users\����\AppData\Local\Opera\Opera\icons\en.softonic.com.idx (.-.)
Deleted successfully : C:\Users\����\AppData\Local\Opera\Opera\icons\need-for-speed-underground.ar.softonic.com.idx (.-.)
Deleted successfully : C:\Users\����\AppData\Local\Opera\Opera\icons\need-for-speed-underground.en.softonic.com.idx (.-.)
Deleted successfully : C:\Users\����\AppData\Local\Opera\Opera\icons\vube.com.idx (.-.)
Deleted successfully : C:\Users\����\AppData\Local\Opera\Opera\icons\www.dzango.tv.idx (.-.)
Deleted successfully : C:\Users\����\AppData\Local\Opera\Opera\icons\www.half-life.deltauk.net.idx (.-.)
Deleted successfully : C:\Users\����\AppData\Local\Spark\User Data\Default\Local Storage\http_www.azlyrics.com_0.localstorage (.-.)
Deleted successfully : C:\Users\����\AppData\Local\Spark\User Data\Default\Local Storage\http_www.azlyrics.com_0.localstorage-journal (.-.)
Deleted successfully : C:\Users\����\AppData\Local\Spark\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\MKF3BDQK\fbstatic-a.akamaihd.net
Deleted successfully : C:\Users\����\AppData\Local\Spark\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\MKF3BDQK\macromedia.com\support\flashplayer\sys\#fbstatic-a.akamaihd.net
Deleted successfully : C:\Users\����\AppData\Local\Temp\jrt\browsermngr_keys.cfg (.-.)
Deleted successfully : C:\Users\����\AppData\Local\Temp\jrt\browsermngr_values.cfg (.-.)
Deleted successfully : C:\Users\����\AppData\Local\Temp\jrt\datamngr_del.reg (.-.)
Deleted successfully : C:\Users\����\AppData\Local\Temp\jrt\FFbrowsermngr.dat (.-.)
Deleted successfully : C:\Users\����\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\SRRKP3Q4\www.buenosearch[1].xml (.-.)
Deleted successfully : C:\Users\����\AppData\Roaming\amazon
Deleted successfully : C:\Users\����\AppData\Roaming\eIntaller
Deleted successfully : C:\Users\����\AppData\Roaming\WinZipper
Deleted successfully : C:\Users\����\AppData\Roaming\IDM\DwnlData\����\driverscanner_13
Deleted successfully : C:\Users\����\AppData\Roaming\IDM\DwnlData\����\fbcdn-video-a_akamaihd_net_459
Deleted successfully : C:\Users\����\AppData\Roaming\IDM\DwnlData\����\UnityWebPlayer_514
Deleted successfully : C:\Users\����\AppData\Roaming\IDM\DwnlData\����\www_torntv-downloader-dl_info_449
Deleted successfully : C:\Users\����\AppData\Roaming\IDM\DwnlData\����\www_torntv-tvv_org_518
Deleted successfully : C:\Users\����\AppData\Roaming\IDM\DwnlData\����\trjsetup690_434\trjsetup690.exe (Copyright � 1999-2014 Simply Super Software .-.Trojan Remover )
Deleted successfully : C:\Users\����\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\XH4BMALF\fbstatic-a.akamaihd.net
Deleted successfully : C:\Users\����\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#dzango.blob.core.windows.net
Deleted successfully : C:\Users\����\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#fbstatic-a.akamaihd.net
Deleted successfully : C:\Users\����\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#keek-a.akamaihd.net
Deleted successfully : C:\Users\����\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#s3.amazonaws.com
Deleted successfully : C:\Users\����\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.movshare.net
Deleted successfully : C:\Users\����\AppData\Roaming\Microsoft\Windows\Cookies\Low\����@buenosearch[2].txt (.-.)
Deleted successfully : C:\Users\����\AppData\Roaming\Microsoft\Windows\Cookies\Low\����@ilivid[2].txt (.-.)
Deleted successfully : C:\Users\����\AppData\Roaming\Microsoft\Windows\Cookies\Low\����@lp.ilivid[1].txt (.-.)
Deleted successfully : C:\Users\����\AppData\Roaming\Microsoft\Windows\Cookies\Low\����@qvo6[2].txt (.-.)
Deleted successfully : C:\Users\����\AppData\Roaming\Microsoft\Windows\Cookies\Low\����@search.conduit[1].txt (.-.)
Deleted successfully : C:\Users\����\AppData\Roaming\Microsoft\Windows\Cookies\Low\����@www.buenosearch[2].txt (.-.)
Deleted successfully : [���� | FF] : addon@geniusinstaller.com = addon@geniusinstaller
Deleted successfully : [���� | FF] : asjiaffjh@virqlbv.net = asjiaffjh@virqlbv
Deleted successfully : [���� | FF] : eagleget_ffext@eagleget.com = eagleget_ffext@eagleget
Deleted successfully : [���� | FF] : {96f454ea-9d38-474f-b504-56193e00c1a5} = Conduit
Deleted successfully : C:\Users\����\AppData\Roaming\Mozilla\Firefox\Profiles\itpaaoqb.default\CT3289075\conduit.xml (.-.)
Deleted successfully : C:\Users\����\AppData\Roaming\Mozilla\Firefox\Profiles\itpaaoqb.default\CT3289075\CT3289075.searchProtectorData (.-.)
Deleted successfully : C:\Users\����\AppData\Roaming\Mozilla\Firefox\Profiles\itpaaoqb.default\gm_scripts\Blacked_Out_-_(Rounded_Corners)_NO_ADS!\Blacked_Out_-_(Rounded_Corners)_NO_ADS!.user.js (.-.)
Deleted successfully : C:\Users\����\AppData\Roaming\Mozilla\Firefox\Profiles\itpaaoqb.default\searchplugins\buenosearch.xml (.-.)
Deleted successfully : C:\Users\����\AppData\Roaming\Mozilla\Firefox\Profiles\itpaaoqb.default\searchplugins\utorrentcontrolv6-customized-web-search.xml (.-.)
Deleted successfully : C:\Users\����\Documents\Mobogenie
Deleted successfully : C:\Users\����\Documents\SnagIt
Deleted successfully : C:\Users\����\Downloads\com.google.android.apps.translate_quickdownload_304_2.apk (.-.)
Deleted successfully : C:\Users\����\Downloads\Programs\driverscanner.exe (Uniblue Systems Ltd .-.DriverScanner )
Deleted successfully : C:\Users\����\Downloads\Programs\Mobogenie_Setup_2.2.1_21.exe (.-.)
Deleted successfully : C:\Program Files\Mozilla Firefox\browser\searchplugins\amazondotcom.xml (.-.)
Deleted successfully : C:\Program Files\Mozilla Firefox\browser\searchplugins\eBay.xml (.-.)
Deleted successfully : C:\Program Files\Mozilla Firefox\browser\searchplugins\qvo6.xml (.-.)
���������� | Hijack.Shortcut
Disinfected : C:\Users\����\Desktop\YouTube.lnk : C:\Program Files\baidu\Spark\Spark.exe (hxxp://www.youtube.com --useraction=youtube)
���������� | Proxy
Repaired : [HKU\S-1-5-21-2052750500-952412447-4240874956-1000\Software\Microsoft\Internet Explorer\PhishingFilter]|[EnabledV8] : 0 -> 1
Repaired : [HKU\S-1-5-21-2052750500-952412447-4240874956-1000\Software\Microsoft\Windows\CurrentVersion\Internet settings]|[WarnonZoneCrossing] : 0 -> 1
���������� | Hijack.Internet Explorer
Repaired : [HKU\S-1-5-21-2052750500-952412447-4240874956-1000\Software\Microsoft\Internet Explorer\Main]|[Search Bar] : Preserve -> http://www.google.com/
Repaired : [HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main]|[Start Page] : http://www.google.com -> http://www.google.com/
Repaired : [HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main]|[Start Page] : http://www.google.com -> http://www.google.com/
Repaired : [HKU\S-1-5-21-2052750500-952412447-4240874956-1000\Software\Microsoft\Internet Explorer\Main]|[Start Page] : http://www.google.com -> http://www.google.com/
Repaired : [HKU\S-1-5-18\Software\Microsoft\Internet Explorer\Main]|[Start Page] : http://www.google.com -> http://www.google.com/
Repaired : [HKU\S-1-5-21-2052750500-952412447-4240874956-1000\Software\Microsoft\Internet Explorer\Main]|[Search Page] : http://go.microsoft.com/fwlink/?LinkId=54896 -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Repaired : [HKLM\Software\Microsoft\Internet Explorer\Main\Window Title]|[] : -> Internet Explorer
Repaired : [HKLM\Software\Microsoft\Internet Explorer\Main]|[Search Bar] : -> http://www.google.com/
Repaired : [HKLM\Software\Microsoft\Internet Explorer\Main]|[Start Page] : http://www.google.com -> http://www.google.com/
Repaired : [HKLM\Software\Microsoft\Internet Explorer\Main]|[Search Page] : http://go.microsoft.com/fwlink/?LinkId=54896 -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Repaired : [HKLM\Software\Microsoft\Internet Explorer\Main]|[BrowserMngr Start Page] : -> http://www.google.com/
Repaired : [HKLM\Software\Microsoft\Internet Explorer\Main]|[CustomizeSearch] : -> http://www.google.com/
Repaired : [HKLM\Software\Microsoft\Internet Explorer\Search]|[Search Bar] : -> http://www.google.com/
Repaired : [HKLM\Software\Microsoft\Internet Explorer\Search]|[Start Page] : -> http://www.google.com/
Repaired : [HKLM\Software\Microsoft\Internet Explorer\Search]|[Local Page] : -> C:\Windows\system32\blank.htm
Repaired : [HKLM\Software\Microsoft\Internet Explorer\Search]|[Search Page] : -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Repaired : [HKLM\Software\Microsoft\Internet Explorer\Search]|[Default_Search_URL] : -> http://go.microsoft.com/fwlink/?LinkId=54896
Repaired : [HKLM\Software\Microsoft\Internet Explorer\Search]|[Default_Page_URL] : -> http://go.microsoft.com/fwlink/?LinkId=69157
Repaired : [HKLM\Software\Microsoft\Internet Explorer\Search]|[BrowserMngr Start Page] : -> http://www.google.com/
Repaired : [HKLM\Software\Microsoft\Internet Explorer\Search]|[CustomizeSearch] : -> http://www.google.com/
���������� | Hijack.Google Chrome
[����] : fckenojfmfijmbkigoajddgondmfhefd = : Safe and secure surfing - Protect your web browser from ads and pop unders while surfing the internet - GeniusXX Safe ads
���������� | Hijack.Firefox
[����] Deleted successfully : C:\Users\����\AppData\Roaming\Mozilla\Firefox\Profiles\itpaaoqb.default\sessionstore.js
[����] Deleted successfully : user_pref("CT3289075.lastNewTabSettings", "{\"isEnabled\":true,\"newTabUrl\":\"http://search.conduit.com/?ctid=CT3289075&octid=CT3289075&SearchSource=15&CUI=UN30805091177079268&SSPV=&Lay=1&UM=\"}");
[����] Deleted successfully : user_pref("app.update.lastUpdateTime.addon-background-update-timer", 1399360343);
[����] Deleted successfully : user_pref("browser.syncPromoViewsLeftMap", "{\"passwords\":0,\"bookmarks\":0,\"addons\":0}");
[����] Deleted successfully : user_pref("extensions.Webfuii.aul", "1394946430530");
[����] Deleted successfully : user_pref("extensions.Webfuii.is", "kbmadvztdz");
[����] Deleted successfully : user_pref("extensions.Webfuii.ug", "4BBF96C9-A20D-4E97-8C81-7A305DC331F4");
[����] Deleted successfully : user_pref("extensions.YoutubeDownloader@PeterOlayev.com.addonVersion", "2.2.9");
[����] Deleted successfully : user_pref("extensions.addon@geniusinstaller.com.install-event-fired", true);
[����] Deleted successfully : user_pref("extensions.asjiaffjh@virqlbv.net.install-event-fired", true);
[����] Deleted successfully : user_pref("extensions.bootstrappedAddons", "{}");
[����] Deleted successfully : user_pref("extensions.buenosearch.admin", false);
[����] Deleted successfully : user_pref("extensions.buenosearch.aflt", "babsst");
[����] Deleted successfully : user_pref("extensions.buenosearch.appId", "{37EB75F2-7392-4DBE-B5AD-147EC6D7BF5F}");
[����] Deleted successfully : user_pref("extensions.buenosearch.autoRvrt", "false");
[����] Deleted successfully : user_pref("extensions.buenosearch.dfltLng", "en");
[����] Deleted successfully : user_pref("extensions.buenosearch.excTlbr", false);
[����] Deleted successfully : user_pref("extensions.buenosearch.ffxUnstlRst", true);
[����] Deleted successfully : user_pref("extensions.buenosearch.id", "9c00a5f5000000000000062163d7c346");
[����] Deleted successfully : user_pref("extensions.buenosearch.instlDay", "16163");
[����] Deleted successfully : user_pref("extensions.buenosearch.instlRef", "sst");
[����] Deleted successfully : user_pref("extensions.buenosearch.newTab", false);
[����] Deleted successfully : user_pref("extensions.buenosearch.prdct", "buenosearch");
[����] Deleted successfully : user_pref("extensions.buenosearch.prtnrId", "buenosearch");
[����] Deleted successfully : user_pref("extensions.buenosearch.rvrt", "false");
[����] Deleted successfully : user_pref("extensions.buenosearch.smplGrp", "none");
[����] Deleted successfully : user_pref("extensions.buenosearch.tlbrId", "base");
[����] Deleted successfully : user_pref("extensions.buenosearch.vrsn", "1.8.28.7");
[����] Deleted successfully : user_pref("extensions.buenosearch.vrsnTs", "1.8.28.712:10:52");
[����] Deleted successfully : user_pref("extensions.buenosearch.vrsni", "1.8.28.7");
[����] Deleted successfully : user_pref("extensions.eagleget_ffext@eagleget.com.install-event-fired", true);
[����] Deleted successfully : user_pref("extensions.getAddons.databaseSchema", 5);
[����] Deleted successfully : user_pref("extensions.ui.lastCategory", "addons://list/extension");
[����] Deleted successfully : user_pref("print.printer_SnagIt_9.print_bgcolor", false);
[����] Deleted successfully : user_pref("print.printer_SnagIt_9.print_colorspace", "");
[����] Deleted successfully : user_pref("print.printer_SnagIt_9.print_command", "");
[����] Deleted successfully : user_pref("print.printer_SnagIt_9.print_downloadfonts", false);
[����] Deleted successfully : user_pref("print.printer_SnagIt_9.print_duplex", 896);
[����] Deleted successfully : user_pref("print.printer_SnagIt_9.print_edge_bottom", 0);
[����] Deleted successfully : user_pref("print.printer_SnagIt_9.print_edge_left", 0);
[����] Deleted successfully : user_pref("print.printer_SnagIt_9.print_edge_right", 0);
[����] Deleted successfully : user_pref("print.printer_SnagIt_9.print_edge_top", 0);
[����] Deleted successfully : user_pref("print.printer_SnagIt_9.print_evenpages", true);
[����] Deleted successfully : user_pref("print.printer_SnagIt_9.print_footercenter", "");
[����] Deleted successfully : user_pref("print.printer_SnagIt_9.print_footerleft", "&PT");
[����] Deleted successfully : user_pref("print.printer_SnagIt_9.print_footerright", "&D");
[����] Deleted successfully : user_pref("print.printer_SnagIt_9.print_headercenter", "");
[����] Deleted successfully : user_pref("print.printer_SnagIt_9.print_headerleft", "&T");
[����] Deleted successfully : user_pref("print.printer_SnagIt_9.print_headerright", "&U");
[����] Deleted successfully : user_pref("print.printer_SnagIt_9.print_in_color", true);
[����] Deleted successfully : user_pref("print.printer_SnagIt_9.print_margin_bottom", "0.5");
[����] Deleted successfully : user_pref("print.printer_SnagIt_9.print_margin_left", "0.5");
[����] Deleted successfully : user_pref("print.printer_SnagIt_9.print_margin_right", "0.5");
[����] Deleted successfully : user_pref("print.printer_SnagIt_9.print_margin_top", "0.5");
[����] Deleted successfully : user_pref("print.printer_SnagIt_9.print_oddpages", true);
[����] Deleted successfully : user_pref("print.printer_SnagIt_9.print_orientation", 0);
[����] Deleted successfully : user_pref("print.printer_SnagIt_9.print_page_delay", 50);
[����] Deleted successfully : user_pref("print.printer_SnagIt_9.print_paper_data", 9);
[����] Deleted successfully : user_pref("print.printer_SnagIt_9.print_paper_height", " 11.00");
[����] Deleted successfully : user_pref("print.printer_SnagIt_9.print_paper_name", "");
[����] Deleted successfully : user_pref("print.printer_SnagIt_9.print_paper_size_type", 0);
[����] Deleted successfully : user_pref("print.printer_SnagIt_9.print_paper_size_unit", 1);
[����] Deleted successfully : user_pref("print.printer_SnagIt_9.print_paper_width", " 8.50");
[����] Deleted successfully : user_pref("print.printer_SnagIt_9.print_plex_name", "");
[����] Deleted successfully : user_pref("print.printer_SnagIt_9.print_resolution", 88832);
[����] Deleted successfully : user_pref("print.printer_SnagIt_9.print_resolution_name", "");
[����] Deleted successfully : user_pref("print.printer_SnagIt_9.print_reversed", false);
[����] Deleted successfully : user_pref("print.printer_SnagIt_9.print_scaling", " 1.00");
[����] Deleted successfully : user_pref("print.printer_SnagIt_9.print_shrink_to_fit", true);
[����] Deleted successfully : user_pref("print.printer_SnagIt_9.print_to_file", false);
[����] Deleted successfully : user_pref("print.printer_SnagIt_9.print_to_filename", "");
[����] Deleted successfully : user_pref("print.printer_SnagIt_9.print_unwriteable_margin_bottom", 0);
[����] Deleted successfully : user_pref("print.printer_SnagIt_9.print_unwriteable_margin_left", 0);
[����] Deleted successfully : user_pref("print.printer_SnagIt_9.print_unwriteable_margin_right", 0);
[����] Deleted successfully : user_pref("print.printer_SnagIt_9.print_unwriteable_margin_top", 0);
[����] : plugin@playgame.com.xpi : - -
[����] : YoutubeDownloader@PeterOlayev.com.xpi : - -
[����] : {81BF1D23-5F17-408D-AC6B-BD6DF7CAF670} : - -
[����] : {af95cc15-3b9b-45ae-8d9b-98d08eda3111}.xpi : - -
[����] : {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi : - -
[����] : {e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi : - -
���������� | Opera
���������� | Hijack.StartMenuInternet
Repaired : [HKLM\Software\Clients\StartMenuInternet\IExplore.exe\shell\open\command] : C:\Program Files\Internet Explorer\iexplore.exe http://www.qvo6.com/?utm_source=b&utm_medium=amt&from=amt&uid=ST9500325AS_6VEVCDARXXXX6VEVCDAR&ts=1375970578 -> "C:\Program Files\Internet Explorer\iexplore.exe"
���������� | AppInit_DLLs
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]|[LoadAppInit_DLLs] : 1
���������� | Hijack.Javascript
���������� | Firewall
Repaired : [HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]|[EnableFirewall] : 1 -> 0
���������� | Temporary files
[All Users] Temporary files deleted : 0 Ko
[Default] Temporary files deleted : 0 Ko
[Default User] Temporary files deleted : 0 Ko
[Public] Temporary files deleted : 0 Ko
[����] Temporary files deleted : 875689 Ko
[????] Temporary files deleted : 0 Ko
[C:\Windows\Temp] Temporary files deleted : 31331 Ko
[C:\Temp] Temporary files deleted : 0 Ko
Other(s) report(s)
[X] : [33123 Ko]
Analyzed elements : 148728 | Infected : 280
���������� |EOF| ���������� | 06:45:22 | [44 Ko]
����� Vista | 7 | 8 | 8.1 - 32/64 bits ����� - Start 23:22:14 - 06/05/2014
update on : 06/05/2014 | 13.30 by g3n-h@ckm@n
Contact : http://www.sosvirus.net
Boot : Normal
System : Windows 7 Ultimate (32 bits) Ultimate
RAM memory = Total (MB) : 3011 | Free (MB) : 1824
Pagefile = Total (MB) : 6019 | Free (MB) : 4663
Virtual = Total (MB) : 2097 | Free (MB) : 1920
Registry saved, to restore : C:\Shortcut_Module\Save\Clean\ERDNT.exe
���������� | Windows Updates
No windows updates detected !!!
~ Service Pack 1 not installed !!!
���������� | Browsers
IE : 8.0.7600.16385 (?� Microsoft Corporation. All rights reserved.?)
FF : 28.0.0.5186 (�Firefox and Mozilla Developers; available under the MPL 2 license.)
���������� | Security
AV : avast! Internet Security Enabled
AS : Windows Defender Enabled
FW : avast! Internet Security Enabled
WMI : OK
WU: Windows Update Service [Auto(2)] = Started
AS: Windows Defender [Auto(2)] = Started
FW: Windows FireWall Service [Auto(2)] = Started
���������� | FlashPlayer
FlashPlayer ActiveX : 12.0.0.70
FlashPlayer Plugin : 12.0.0.43
���������� | Killed processes
1604 | [Owner : SYSTEM |Parent : 532] - (.Taiwan Shui Mu Chih Ching Technology Limited. - update service.) - (1.4.8.7624) = C:\Program Files\WinZipper\winzipersvc.exe
1728 | [Owner : SYSTEM |Parent : 532] - (.Microsoft Corporation - Spooler SubSystem App.) - (6.1.7600.16385) = C:\Windows\System32\spoolsv.exe
1828 | [Owner : SYSTEM |Parent : 532] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) - (1.701.3.3014) = C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
1936 | [Owner : SYSTEM |Parent : 532] - (.WIBU-SYSTEMS AG - CodeMeter Runtime Server.) - (4.50.897.500) = C:\Program Files\CodeMeter\Runtime\bin\CodeMeter.exe
2304 | [Owner : ���� |Parent : 532] - (.Microsoft Corporation - Host Process for Windows Tasks.) - (6.1.7600.16385) = C:\Windows\System32\taskhost.exe
2508 | [Owner : ���� |Parent : 2460] - (.Microsoft Corporation - ������ Windows.) - (6.1.7600.16385) = C:\Windows\explorer.exe
3200 | [Owner : SYSTEM |Parent : 532] - (.Microsoft Corporation - Microsoft Windows Search Indexer.) - (7.0.7600.16385) = C:\Windows\System32\SearchIndexer.exe
3292 | [Owner : NETWORK SERVICE |Parent : 532] - (.Microsoft Corporation - Windows Media Player Network Sharing Service.) - (12.0.7600.16385) = C:\Program Files\Windows Media Player\wmpnetwk.exe
3932 | [Owner : ���� |Parent : 2508] - (.www.IslamicFinder.org - Automatic Athan (Azan) five times a day for every prayer time. It covers more than 6 million cities, towns, and villages all over the world. .) - (4.4.0.0) = C:\Program Files\Athan\Athan.exe
4080 | [Owner : ���� |Parent : 2508] - (.Intel Corporation - hkcmd Module.) - (8.15.10.2869) = C:\Windows\System32\hkcmd.exe
2452 | [Owner : ���� |Parent : 2508] - (.Intel Corporation - persistence Module.) - (8.15.10.2869) = C:\Windows\System32\igfxpers.exe
3688 | [Owner : ���� |Parent : 2508] - (.Islamware, www.islamware.com - .) - (2.0.0.0) = C:\Program Files\Azkary\Azkary.exe
3412 | [Owner : ���� |Parent : 2508] - (.Skype Technologies S.A. - Skype. Take a deep breath .) - (3.2.0.145) = C:\Program Files\Skype\Phone\Skype.exe
2896 | [Owner : ���� |Parent : 2508] - (.Tonec Inc. - Internet Download Manager (IDM).) - (6.18.9.2) = C:\Program Files\Internet Download Manager\IDMan.exe
2932 | [Owner : ���� |Parent : 2508] - (.BitTorrent Inc. - BitTorrent.) - (7.9.1.30889) = C:\Users\����\AppData\Roaming\BitTorrent\BitTorrent.exe
2832 | [Owner : ���� |Parent : 2508] - (.Microsoft Corporation - ��������� ������ ��� ��� ������ �� Windows.) - (6.1.7600.16385) = C:\Program Files\Windows Sidebar\sidebar.exe
3624 | [Owner : ���� |Parent : 2508] - (. - .) - (0.0.0.0) = C:\Program Files\WebcamMax\wcmmon.exe
2216 | [Owner : ���� |Parent : 2896] - (.Tonec Inc. - Internet Download Manager agent for click monitoring in IE-based browsers.) - (6.18.7.1) = C:\Program Files\Internet Download Manager\IEMonitor.exe
1972 | [Owner : ���� |Parent : 3412] - (.Skype Technologies - Skype Extras Manager.) - (1.2.0.255) = C:\Program Files\Skype\Plugin Manager\skypePM.exe
4232 | [Owner : ���� |Parent : 2508] - (.Microsoft Corporation - Internet Explorer.) - (8.0.7600.16385) = C:\Program Files\Internet Explorer\iexplore.exe
4028 | [Owner : ���� |Parent : 4232] - (.Microsoft Corporation - Internet Explorer.) - (8.0.7600.16385) = C:\Program Files\Internet Explorer\iexplore.exe
4428 | [Owner : ���� |Parent : 688] - (.Internet Download Manager, Tonec Inc. - Broker for reading of IDM settings.) - (6.18.7.1) = C:\Program Files\Internet Download Manager\idmBroker.exe
5400 | [Owner : ���� |Parent : 688] - (.Adobe Systems Incorporated - Adobe� Flash� Player Installer/Uninstaller 12.0 r0.) - (12.0.0.70) = C:\Windows\System32\Macromed\Flash\FlashUtil32_12_0_0_70_ActiveX.exe
5608 | [Owner : ���� |Parent : 2896] - (.Microsoft Corporation - Internet Low-Mic Utility Tool.) - (8.0.7600.16385) = C:\Program Files\Internet Explorer\ielowutil.exe
5116 | [Owner : ���� |Parent : 688] - (.Intel Corporation - igfxsrvc Module.) - (8.15.10.2869) = C:\Windows\System32\igfxsrvc.exe
���������� | Running processes
324 | [Owner : SYSTEM |Parent : 4] - (.Microsoft Corporation - Windows Session Manager.) - (6.1.7600.16385) = C:\Windows\System32\smss.exe
420 | [Owner : SYSTEM |Parent : 404] - (.Microsoft Corporation - Client Server Runtime Process.) - (6.1.7600.16385) = C:\Windows\System32\csrss.exe
472 | [Owner : SYSTEM |Parent : 404] - (.Microsoft Corporation - ������� ��� ����� Windows.) - (6.1.7600.16385) = C:\Windows\System32\wininit.exe
484 | [Owner : SYSTEM |Parent : 464] - (.Microsoft Corporation - Client Server Runtime Process.) - (6.1.7600.16385) = C:\Windows\System32\csrss.exe
532 | [Owner : SYSTEM |Parent : 472] - (.Microsoft Corporation - Services and Controller app.) - (6.1.7600.16385) = C:\Windows\System32\services.exe
560 | [Owner : SYSTEM |Parent : 464] - (.Microsoft Corporation - ����� ����� ���� Windows.) - (6.1.7600.16385) = C:\Windows\System32\winlogon.exe
572 | [Owner : SYSTEM |Parent : 472] - (.Microsoft Corporation - Local Security Authority Process.) - (6.1.7600.16385) = C:\Windows\System32\lsass.exe
580 | [Owner : SYSTEM |Parent : 472] - (.Microsoft Corporation - ������ ����� ����� ����� �������.) - (6.1.7600.16385) = C:\Windows\System32\lsm.exe
688 | [Owner : SYSTEM |Parent : 532] - (.Microsoft Corporation - Host Process for Windows Services.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe
788 | [Owner : NETWORK SERVICE |Parent : 532] - (.Microsoft Corporation - Host Process for Windows Services.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe
864 | [Owner : LOCAL SERVICE |Parent : 532] - (.Microsoft Corporation - Host Process for Windows Services.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe
916 | [Owner : SYSTEM |Parent : 532] - (.Microsoft Corporation - Host Process for Windows Services.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe
944 | [Owner : SYSTEM |Parent : 532] - (.Microsoft Corporation - Host Process for Windows Services.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe
1032 | [Owner : LOCAL SERVICE |Parent : 864] - (.Microsoft Corporation - Windows Audio Device Graph Isolation .) - (6.1.7600.16385) = C:\Windows\System32\audiodg.exe
1120 | [Owner : LOCAL SERVICE |Parent : 532] - (.Microsoft Corporation - Host Process for Windows Services.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe
1236 | [Owner : NETWORK SERVICE |Parent : 532] - (.Microsoft Corporation - Host Process for Windows Services.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe
1424 | [Owner : SYSTEM |Parent : 532] - (.AVAST Software - avast! Service.) - (8.0.1482.45) = C:\Program Files\AVAST Software\Avast\AvastSvc.exe
1504 | [Owner : SYSTEM |Parent : 532] - (.AVAST Software - avast! firewall service.) - (8.0.1482.45) = C:\Program Files\AVAST Software\Avast\afwServ.exe
1756 | [Owner : LOCAL SERVICE |Parent : 532] - (.Microsoft Corporation - Host Process for Windows Services.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe
1904 | [Owner : LOCAL SERVICE |Parent : 532] - (.Microsoft Corporation - Host Process for Windows Services.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe
1228 | [Owner : NETWORK SERVICE |Parent : 532] - (.Microsoft Corporation - Host Process for Windows Services.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe
2476 | [Owner : ���� |Parent : 916] - (.Microsoft Corporation - Desktop Window Manager.) - (6.1.7600.16385) = C:\Windows\System32\dwm.exe
3004 | [Owner : LOCAL SERVICE |Parent : 532] - (.Microsoft Corporation - Host Process for Windows Services.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe
3032 | [Owner : ���� |Parent : 2508] - (.AVAST Software - avast! Antivirus.) - (8.0.1482.45) = C:\Program Files\AVAST Software\Avast\AvastUI.exe
3888 | [Owner : LOCAL SERVICE |Parent : 532] - (.Microsoft Corporation - Host Process for Windows Services.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe
4972 | [Owner : SYSTEM |Parent : 532] - (.Microsoft Corporation - Host Process for Windows Services.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe
5584 | [Owner : ���� |Parent : 2896] - (. - Shortcut_Module.) - (6.5.2014.2) = C:\Users\����\Downloads\Programs\Shortcut_Module.exe
1040 | [Owner : ���� |Parent : 5584] - (. - Process Stopper.) - (1.0.0.0) = C:\Shortcut_Module\Protect_Module.exe
���������� | RUN
04 - HKLM\..\Run : [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
04 - HKLM\..\Run : [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
04 - HKLM\..\Run : [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
04 - HKLM\..\Run : [AdobeCS5ServiceManager] "C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
04 - HKLM\..\Run : [Athan] C:\Program Files\Athan\Athan.exe
04 - HKLM\..\Run : [IgfxTray] C:\Windows\system32\igfxtray.exe
04 - HKLM\..\Run : [HotKeysCmds] C:\Windows\system32\hkcmd.exe
04 - HKLM\..\Run : [Persistence] C:\Windows\system32\igfxpers.exe
04 - HKLM\..\Run : [Azkary] C:\Program Files\Azkary\Azkary
04 - HKLM\..\Run : [mobilegeni daemon] C:\Program Files\Mobogenie\DaemonProcess.exe
04 - HKU\S-1-5-21-2052750500-952412447-4240874956-1000\..\Run : [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
04 - HKU\S-1-5-21-2052750500-952412447-4240874956-1000\..\Run : [Facebook Update] "C:\Users\����\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
04 - HKU\S-1-5-21-2052750500-952412447-4240874956-1000\..\Run : [BackgroundContainer] "C:\Windows\system32\Rundll32.exe" "C:\Users\����\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll",DllRun
04 - HKU\S-1-5-21-2052750500-952412447-4240874956-1000\..\Run : [AdobeBridge]
04 - HKU\S-1-5-21-2052750500-952412447-4240874956-1000\..\Run : [xdm] C:\Users\����\AppData\Local\XDM\xdm.exe -m
04 - HKU\S-1-5-21-2052750500-952412447-4240874956-1000\..\Run : [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
04 - HKU\S-1-5-21-2052750500-952412447-4240874956-1000\..\Run : [BitTorrent] "C:\Users\����\AppData\Roaming\BitTorrent\BitTorrent.exe" /MINIMIZED
04 - HKU\S-1-5-21-2052750500-952412447-4240874956-1000\..\Run : [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
04 - HKU\S-1-5-21-2052750500-952412447-4240874956-1000\..\Run : [WebcamMaxAutoRun] "C:\Program Files\WebcamMax\wcmmon.exe" -a
04 - HKU\S-1-5-21-2052750500-952412447-4240874956-1000\..\Run : [Defrag] "C:\Program Files\baidu\Spark\BaiduDefragFiles.exe" AutoStart 1
���������� | Services
Service in functioning : WINDEFEND
Stopped service : WINDEFEND
Service in functioning : MMCSS
Service in functioning : Dhcp
Stopped service : Dhcp
Service in functioning : WMPNetworkSvc
Stopped service : WMPNetworkSvc
Service in functioning : TcpIp
Service in functioning : SSDPSRV
Service in functioning : MPSSvc
Stopped service : MPSSvc
Service in functioning : LanmanServer
Service in functioning : DNScache
Stopped service : DNScache
Deleted successfully : HKLM\..\ControlSet001\Services\winzipersvc : 16
Deleted successfully : HKLM\..\ControlSet002\Services\winzipersvc : 16
���������� | Hosts
C:\Windows\System32\Drivers\etc\hosts : Reseted successfully
���������� | Register
Deleted successfully : HKLM\Software\Classes\WinZipper.001
Deleted successfully : HKLM\Software\Classes\WinZipper.arj
Deleted successfully : HKLM\Software\Classes\WinZipper.bzip2
Deleted successfully : HKLM\Software\Classes\WinZipper.cpio
Deleted successfully : HKLM\Software\Classes\WinZipper.dmg
Deleted successfully : HKLM\Software\Classes\WinZipper.gz
Deleted successfully : HKLM\Software\Classes\WinZipper.hfs
Deleted successfully : HKLM\Software\Classes\WinZipper.lha
Deleted successfully : HKLM\Software\Classes\WinZipper.lzma
Deleted successfully : HKLM\Software\Classes\WinZipper.rpm
Deleted successfully : HKLM\Software\Classes\WinZipper.swm
Deleted successfully : HKLM\Software\Classes\WinZipper.taz
Deleted successfully : HKLM\Software\Classes\WinZipper.tbz2
Deleted successfully : HKLM\Software\Classes\WinZipper.tpz
Deleted successfully : HKLM\Software\Classes\WinZipper.vhd
Deleted successfully : HKLM\Software\Classes\WinZipper.xar
Deleted successfully : HKLM\Software\Classes\WinZipper.z
Deleted successfully : HKLM\Software\Classes\WinZipper.7z
Deleted successfully : HKLM\Software\Classes\WinZipper.cab
Deleted successfully : HKLM\Software\Classes\WinZipper.fat
Deleted successfully : HKLM\Software\Classes\WinZipper.lzh
Deleted successfully : HKLM\Software\Classes\WinZipper.squashfs
Deleted successfully : HKLM\Software\Classes\WinZipper.tbz
Deleted successfully : HKLM\Software\Classes\WinZipper.txz
Deleted successfully : HKLM\Software\Classes\WinZipper.xz
Deleted successfully : HKU\S-1-5-21-2052750500-952412447-4240874956-1000\Software\Microsoft\Internet Explorer\DOMStorage\buenosearch.com
Deleted successfully : HKU\S-1-5-21-2052750500-952412447-4240874956-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\buenosearch.com
Deleted successfully : HKLM\Software\Classes\CLSID\{1E31C3D5-7372-45E0-B061-CDC14AD97404} : MC Web Search Scope
Deleted successfully : HKLM\Software\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63} : ISearchQueryHelper
Deleted successfully : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd
Deleted successfully : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\desksvc
Deleted successfully : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\winzipersvc
Deleted successfully : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WsysSvc
Deleted successfully : HKLM\Software\Microsoft\Tracing\amt_qvo6_RASAPI32
Deleted successfully : HKLM\Software\Microsoft\Tracing\avg-secure-search-installer_RASAPI32
Deleted successfully : HKLM\Software\Microsoft\Tracing\DaemonProcess_RASAPI32
Deleted successfully : HKLM\Software\Microsoft\Tracing\deskSvc_RASAPI32
Deleted successfully : HKLM\Software\Microsoft\Tracing\FindRightSetup_RASAPI32
Deleted successfully : HKLM\Software\Microsoft\Tracing\Mobogenie_RASAPI32
Deleted successfully : HKLM\Software\Microsoft\Tracing\MyBuenoTB_RASAPI32
Deleted successfully : HKLM\Software\Microsoft\Tracing\Plus-HD-7_RASAPI32
Deleted successfully : HKLM\Software\Microsoft\Tracing\RegCleaner_RASAPI32
Deleted successfully : HKLM\Software\Microsoft\Tracing\RegCleanPro_RASAPI32
Deleted successfully : HKLM\Software\Microsoft\Tracing\ToolbarHelper_RASAPI32
Deleted successfully : HKLM\Software\Microsoft\Tracing\updateWebfuii_RASAPI32
Deleted successfully : HKLM\Software\Microsoft\Tracing\utilWebfuii_RASAPI32
Deleted successfully : HKLM\Software\Microsoft\Tracing\Webfuii_RASAPI32
Deleted successfully : HKLM\Software\Microsoft\Tracing\Webfuii_Setup_RASAPI32
Deleted successfully : HKLM\Software\Microsoft\Tracing\winzipersvc_RASAPI32
Deleted successfully : HKLM\Software\Microsoft\Tracing\WinZipperdl_RASAPI32
Deleted successfully : HKLM\Software\Microsoft\Tracing\amt_qvo6_RASMANCS
Deleted successfully : HKLM\Software\Microsoft\Tracing\avg-secure-search-installer_RASMANCS
Deleted successfully : HKLM\Software\Microsoft\Tracing\DaemonProcess_RASMANCS
Deleted successfully : HKLM\Software\Microsoft\Tracing\deskSvc_RASMANCS
Deleted successfully : HKLM\Software\Microsoft\Tracing\FindRightSetup_RASMANCS
Deleted successfully : HKLM\Software\Microsoft\Tracing\Mobogenie_RASMANCS
Deleted successfully : HKLM\Software\Microsoft\Tracing\MyBuenoTB_RASMANCS
Deleted successfully : HKLM\Software\Microsoft\Tracing\Plus-HD-7_RASMANCS
Deleted successfully : HKLM\Software\Microsoft\Tracing\RegCleaner_RASMANCS
Deleted successfully : HKLM\Software\Microsoft\Tracing\ToolbarHelper_RASMANCS
Deleted successfully : HKLM\Software\Microsoft\Tracing\updateWebfuii_RASMANCS
Deleted successfully : HKLM\Software\Microsoft\Tracing\utilWebfuii_RASMANCS
Deleted successfully : HKLM\Software\Microsoft\Tracing\Webfuii_RASMANCS
Deleted successfully : HKLM\Software\Microsoft\Tracing\winzipersvc_RASMANCS
Deleted successfully : HKLM\Software\Google\Chrome\Extensions\acfoobbgoakpihljnfedbcfaipcdlfhk
Deleted successfully : HKLM\Software\Google\Chrome\Extensions\cflheckfmhopnialghigdlggahiomebp : C:\Users\����\AppData\Local\CRE\cflheckfmhopnialghigdlggahiomebp.crx
Deleted successfully : HKU\S-1-5-21-2052750500-952412447-4240874956-1000\Software\Google\Chrome\Extensions\cflheckfmhopnialghigdlggahiomebp : C:\Users\����\AppData\Local\CRE\cflheckfmhopnialghigdlggahiomebp.crx
Deleted successfully : HKLM\SOFTWARE\Driver-Soft
Deleted successfully : HKLM\SOFTWARE\hdcode
Deleted successfully : HKLM\SOFTWARE\SP Global
Deleted successfully : HKLM\SOFTWARE\Uniblue
Deleted successfully : HKLM\SOFTWARE\winzipersvc
Deleted successfully : HKLM\SOFTWARE\SProtector
Deleted successfully : HKU\S-1-5-21-2052750500-952412447-4240874956-1000\Software\Trolltech
Deleted successfully : HKU\S-1-5-21-2052750500-952412447-4240874956-1000\Software\AppDataLow\Software\BackgroundContainer
Deleted successfully : HKU\S-1-5-18\Software\AppDataLow\Software\Plus-HD-7.6
Deleted successfully : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{22D8E815-4A5E-4DFB-845E-AAB64207F5BD} : eBayTB.dll
Deleted successfully : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{57F02779-3D88-4958-8AD3-83C12D86ADC7} : advancedsearchbar.dll
Deleted successfully : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{92085AD4-F48A-450D-BD93-B28CC7DF67CE} : eBayTB.dll
Deleted successfully : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{CDEEC43D-3572-4E95-A2A5-F519D29F00C0} : advancedsearchbar.dll
Deleted successfully : HKU\S-1-5-21-2052750500-952412447-4240874956-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{850AB670-134E-4069-B46B-61EB2BF99834} : C:\Program Files\Plus-HD-7.6
Deleted successfully : HKU\S-1-5-21-2052750500-952412447-4240874956-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DDC57FED-831B-46FA-B0A4-8CC313E464D3} : C:\Program Files\Plus-HD-7.6
Deleted successfully : HKU\S-1-5-21-2052750500-952412447-4240874956-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E277A28D-3221-4F94-B75C-8483C55F7FED} : C:\Program Files\Plus-HD-7.6
Deleted successfully : HKU\S-1-5-21-2052750500-952412447-4240874956-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CA352DCA-F1F0-45D5-8640-70F73F843A1E} : C:\Program Files\Plus-HD-7.6
Deleted successfully : HKLM\Software\Classes\Installer\Features\1040110900063D11C8EF10054038389C : AlwaysInstalled
Deleted successfully : HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\WinZipper
Deleted successfully : HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\BackgroundContainer Startup Task
Deleted successfully : HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\YourFile DownloaderUpdate
Deleted successfully : HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Desk 365 RunAsStdUser
Deleted successfully : HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{65B1D117-20D8-44F6-BF95-13493E8A6935} : \Desk 365 RunAsStdUser
Deleted successfully : HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B488A0E1-99A4-4449-B76F-ACE72B94FDD0} : \YourFile DownloaderUpdate
Deleted successfully : HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C27F2A6E-7EA5-4352-9289-D12F339B53F0} : \BackgroundContainer Startup Task
Deleted successfully : [HKLM\Software\Microsoft\Windows\CurrentVersion\Run]|[mobilegeni daemon] : C:\Program Files\Mobogenie\DaemonProcess.exe
Deleted successfully : [HKU\S-1-5-21-2052750500-952412447-4240874956-1000\Software\Microsoft\Windows\CurrentVersion\Run]|[BackgroundContainer] : "C:\Windows\system32\Rundll32.exe" "C:\Users\����\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll",DllRun
���������� | IFEO
���������� | Folders
Deleted successfully : C:\Windows\System32\Tasks\BackgroundContainer Startup Task
Deleted successfully : C:\Program Files\WinZipper
Deleted successfully : C:\Program Files\Counter-Strike 1.6\vstdlib.dll (Copyright (C) 2005 Valve Corporation.-.Steam) vstdlib_ s.dll
Deleted successfully : C:\Program Files\Counter-Strike 1.6\vstdlib_s.dll (Copyright (C) 2005 Valve Corporation.-.Steam) vstdlib_ s.dll
Deleted successfully : C:\Windows\System32\NdfEventView.xml ()
Deleted successfully : C:\Users\All Users\InstallMate
Deleted successfully : C:\Users\All Users\Uniblue
Deleted successfully : C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\WinZipper
Deleted successfully : C:\Users\����\.android
Deleted successfully : C:\Users\����\daemonprocess.txt (.-.)
Deleted successfully : C:\Users\����\AppData\Local\AVG SafeGuard toolbar
Deleted successfully : C:\Users\����\AppData\Local\Microsoft\Internet Explorer\DOMStore\VABQ23RN\www.qvo6[1].xml (.-.)
Deleted successfully : C:\Users\����\AppData\Local\Microsoft\Internet Explorer\DOMStore\XENEQIKX\www.buenosearch[1].xml (.-.)
Deleted successfully : C:\Users\����\AppData\Local\Microsoft\Windows\Temporary Internet Files\Webfuii_iels (.-.)
Deleted successfully : C:\Users\����\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1UH9XY8K\qvo6_fr_simple_ad1[1].html (.-.)
Deleted successfully : C:\Users\����\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1UH9XY8K\qvo6_fr_simple_ad1[2].html (.-.)
Deleted successfully : C:\Users\����\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1UH9XY8K\qvo6_simple_fr_newad[1].html (.-.)
Deleted successfully : C:\Users\����\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\O6HRRH2G\buenosearch_com[1].htm (.-.)
Deleted successfully : C:\Users\����\AppData\Local\Microsoft\Windows\WER\ReportQueue\AppCrash_WinZipper.exe_22f13535aafd4365e21555a6c1c1ca2d9d2f827_cab_105a82a8
Deleted successfully : C:\Users\����\AppData\Local\Microsoft\Windows\WER\ReportQueue\AppCrash_WinZipper.exe_3c5fcbdd24b1ce51b492b1193e21285fb3bb5_cab_1d42bcd4
Deleted successfully : C:\Users\����\AppData\Local\Microsoft\Windows\WER\ReportQueue\AppCrash_WinZipper.exe_42011dec0396a6f9dd59d7dcb1e27ca2d7f3b4_cab_0bfd52d6
Deleted successfully : C:\Users\����\AppData\Local\Microsoft\Windows\WER\ReportQueue\AppCrash_WinZipper.exe_501a97907727a7fe5dcad6a2c8122b71672683ac_cab_14a21c2f
Deleted successfully : C:\Users\����\AppData\Local\Microsoft\Windows\WER\ReportQueue\AppCrash_WinZipper.exe_5813b76d30427cba495a7e37b92c894f6fced333_cab_165ed1c3
Deleted successfully : C:\Users\����\AppData\Local\Microsoft\Windows\WER\ReportQueue\AppCrash_WinZipper.exe_6ee3c9f78d3a1f87db7426badc7afecf2992cf7b_cab_10625826
Deleted successfully : C:\Users\����\AppData\Local\Microsoft\Windows\WER\ReportQueue\AppCrash_WinZipper.exe_88ebbfbccacdc725b7a63f8a7f66d8bb1914ef3a_cab_013a3261
Deleted successfully : C:\Users\����\AppData\Local\Microsoft\Windows\WER\ReportQueue\AppCrash_WinZipper.exe_a040d3b429e4986c8ff33fcc792d8c3fbda260ca_cab_1036932c
Deleted successfully : C:\Users\����\AppData\Local\Microsoft\Windows\WER\ReportQueue\AppCrash_WinZipper.exe_b83a8b81ca31577d37d344c335b065f783f76ce8_cab_0e8bf562
Deleted successfully : C:\Users\����\AppData\Local\Microsoft\Windows\WER\ReportQueue\AppCrash_WinZipper.exe_bdfe4c47e28f6031c95ab4d18eeaba96935a7ba_0afe73df
Deleted successfully : C:\Users\����\AppData\Local\Microsoft\Windows\WER\ReportQueue\AppCrash_WinZipper.exe_bdfe4c47e28f6031c95ab4d18eeaba96935a7ba_cab_0f4bb426
Deleted successfully : C:\Users\����\AppData\Local\Microsoft\Windows\WER\ReportQueue\NonCritical_SpyHunter-Instal_49acf3243408ae8b2dcd87d65e010a0217334_cab_1f240d9c
Deleted successfully : C:\Users\����\AppData\Local\Opera\Opera\icons\en.softonic.com.idx (.-.)
Deleted successfully : C:\Users\����\AppData\Local\Opera\Opera\icons\need-for-speed-underground.ar.softonic.com.idx (.-.)
Deleted successfully : C:\Users\����\AppData\Local\Opera\Opera\icons\need-for-speed-underground.en.softonic.com.idx (.-.)
Deleted successfully : C:\Users\����\AppData\Local\Opera\Opera\icons\vube.com.idx (.-.)
Deleted successfully : C:\Users\����\AppData\Local\Opera\Opera\icons\www.dzango.tv.idx (.-.)
Deleted successfully : C:\Users\����\AppData\Local\Opera\Opera\icons\www.half-life.deltauk.net.idx (.-.)
Deleted successfully : C:\Users\����\AppData\Local\Spark\User Data\Default\Local Storage\http_www.azlyrics.com_0.localstorage (.-.)
Deleted successfully : C:\Users\����\AppData\Local\Spark\User Data\Default\Local Storage\http_www.azlyrics.com_0.localstorage-journal (.-.)
Deleted successfully : C:\Users\����\AppData\Local\Spark\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\MKF3BDQK\fbstatic-a.akamaihd.net
Deleted successfully : C:\Users\����\AppData\Local\Spark\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\MKF3BDQK\macromedia.com\support\flashplayer\sys\#fbstatic-a.akamaihd.net
Deleted successfully : C:\Users\����\AppData\Local\Temp\jrt\browsermngr_keys.cfg (.-.)
Deleted successfully : C:\Users\����\AppData\Local\Temp\jrt\browsermngr_values.cfg (.-.)
Deleted successfully : C:\Users\����\AppData\Local\Temp\jrt\datamngr_del.reg (.-.)
Deleted successfully : C:\Users\����\AppData\Local\Temp\jrt\FFbrowsermngr.dat (.-.)
Deleted successfully : C:\Users\����\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\SRRKP3Q4\www.buenosearch[1].xml (.-.)
Deleted successfully : C:\Users\����\AppData\Roaming\amazon
Deleted successfully : C:\Users\����\AppData\Roaming\eIntaller
Deleted successfully : C:\Users\����\AppData\Roaming\WinZipper
Deleted successfully : C:\Users\����\AppData\Roaming\IDM\DwnlData\����\driverscanner_13
Deleted successfully : C:\Users\����\AppData\Roaming\IDM\DwnlData\����\fbcdn-video-a_akamaihd_net_459
Deleted successfully : C:\Users\����\AppData\Roaming\IDM\DwnlData\����\UnityWebPlayer_514
Deleted successfully : C:\Users\����\AppData\Roaming\IDM\DwnlData\����\www_torntv-downloader-dl_info_449
Deleted successfully : C:\Users\����\AppData\Roaming\IDM\DwnlData\����\www_torntv-tvv_org_518
Deleted successfully : C:\Users\����\AppData\Roaming\IDM\DwnlData\����\trjsetup690_434\trjsetup690.exe (Copyright � 1999-2014 Simply Super Software .-.Trojan Remover )
Deleted successfully : C:\Users\����\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\XH4BMALF\fbstatic-a.akamaihd.net
Deleted successfully : C:\Users\����\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#dzango.blob.core.windows.net
Deleted successfully : C:\Users\����\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#fbstatic-a.akamaihd.net
Deleted successfully : C:\Users\����\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#keek-a.akamaihd.net
Deleted successfully : C:\Users\����\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#s3.amazonaws.com
Deleted successfully : C:\Users\����\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.movshare.net
Deleted successfully : C:\Users\����\AppData\Roaming\Microsoft\Windows\Cookies\Low\����@buenosearch[2].txt (.-.)
Deleted successfully : C:\Users\����\AppData\Roaming\Microsoft\Windows\Cookies\Low\����@ilivid[2].txt (.-.)
Deleted successfully : C:\Users\����\AppData\Roaming\Microsoft\Windows\Cookies\Low\����@lp.ilivid[1].txt (.-.)
Deleted successfully : C:\Users\����\AppData\Roaming\Microsoft\Windows\Cookies\Low\����@qvo6[2].txt (.-.)
Deleted successfully : C:\Users\����\AppData\Roaming\Microsoft\Windows\Cookies\Low\����@search.conduit[1].txt (.-.)
Deleted successfully : C:\Users\����\AppData\Roaming\Microsoft\Windows\Cookies\Low\����@www.buenosearch[2].txt (.-.)
Deleted successfully : [���� | FF] : addon@geniusinstaller.com = addon@geniusinstaller
Deleted successfully : [���� | FF] : asjiaffjh@virqlbv.net = asjiaffjh@virqlbv
Deleted successfully : [���� | FF] : eagleget_ffext@eagleget.com = eagleget_ffext@eagleget
Deleted successfully : [���� | FF] : {96f454ea-9d38-474f-b504-56193e00c1a5} = Conduit
Deleted successfully : C:\Users\����\AppData\Roaming\Mozilla\Firefox\Profiles\itpaaoqb.default\CT3289075\conduit.xml (.-.)
Deleted successfully : C:\Users\����\AppData\Roaming\Mozilla\Firefox\Profiles\itpaaoqb.default\CT3289075\CT3289075.searchProtectorData (.-.)
Deleted successfully : C:\Users\����\AppData\Roaming\Mozilla\Firefox\Profiles\itpaaoqb.default\gm_scripts\Blacked_Out_-_(Rounded_Corners)_NO_ADS!\Blacked_Out_-_(Rounded_Corners)_NO_ADS!.user.js (.-.)
Deleted successfully : C:\Users\����\AppData\Roaming\Mozilla\Firefox\Profiles\itpaaoqb.default\searchplugins\buenosearch.xml (.-.)
Deleted successfully : C:\Users\����\AppData\Roaming\Mozilla\Firefox\Profiles\itpaaoqb.default\searchplugins\utorrentcontrolv6-customized-web-search.xml (.-.)
Deleted successfully : C:\Users\����\Documents\Mobogenie
Deleted successfully : C:\Users\����\Documents\SnagIt
Deleted successfully : C:\Users\����\Downloads\com.google.android.apps.translate_quickdownload_304_2.apk (.-.)
Deleted successfully : C:\Users\����\Downloads\Programs\driverscanner.exe (Uniblue Systems Ltd .-.DriverScanner )
Deleted successfully : C:\Users\����\Downloads\Programs\Mobogenie_Setup_2.2.1_21.exe (.-.)
Deleted successfully : C:\Program Files\Mozilla Firefox\browser\searchplugins\amazondotcom.xml (.-.)
Deleted successfully : C:\Program Files\Mozilla Firefox\browser\searchplugins\eBay.xml (.-.)
Deleted successfully : C:\Program Files\Mozilla Firefox\browser\searchplugins\qvo6.xml (.-.)
���������� | Hijack.Shortcut
Disinfected : C:\Users\����\Desktop\YouTube.lnk : C:\Program Files\baidu\Spark\Spark.exe (hxxp://www.youtube.com --useraction=youtube)
���������� | Proxy
Repaired : [HKU\S-1-5-21-2052750500-952412447-4240874956-1000\Software\Microsoft\Internet Explorer\PhishingFilter]|[EnabledV8] : 0 -> 1
Repaired : [HKU\S-1-5-21-2052750500-952412447-4240874956-1000\Software\Microsoft\Windows\CurrentVersion\Internet settings]|[WarnonZoneCrossing] : 0 -> 1
���������� | Hijack.Internet Explorer
Repaired : [HKU\S-1-5-21-2052750500-952412447-4240874956-1000\Software\Microsoft\Internet Explorer\Main]|[Search Bar] : Preserve -> http://www.google.com/
Repaired : [HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main]|[Start Page] : http://www.google.com -> http://www.google.com/
Repaired : [HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main]|[Start Page] : http://www.google.com -> http://www.google.com/
Repaired : [HKU\S-1-5-21-2052750500-952412447-4240874956-1000\Software\Microsoft\Internet Explorer\Main]|[Start Page] : http://www.google.com -> http://www.google.com/
Repaired : [HKU\S-1-5-18\Software\Microsoft\Internet Explorer\Main]|[Start Page] : http://www.google.com -> http://www.google.com/
Repaired : [HKU\S-1-5-21-2052750500-952412447-4240874956-1000\Software\Microsoft\Internet Explorer\Main]|[Search Page] : http://go.microsoft.com/fwlink/?LinkId=54896 -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Repaired : [HKLM\Software\Microsoft\Internet Explorer\Main\Window Title]|[] : -> Internet Explorer
Repaired : [HKLM\Software\Microsoft\Internet Explorer\Main]|[Search Bar] : -> http://www.google.com/
Repaired : [HKLM\Software\Microsoft\Internet Explorer\Main]|[Start Page] : http://www.google.com -> http://www.google.com/
Repaired : [HKLM\Software\Microsoft\Internet Explorer\Main]|[Search Page] : http://go.microsoft.com/fwlink/?LinkId=54896 -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Repaired : [HKLM\Software\Microsoft\Internet Explorer\Main]|[BrowserMngr Start Page] : -> http://www.google.com/
Repaired : [HKLM\Software\Microsoft\Internet Explorer\Main]|[CustomizeSearch] : -> http://www.google.com/
Repaired : [HKLM\Software\Microsoft\Internet Explorer\Search]|[Search Bar] : -> http://www.google.com/
Repaired : [HKLM\Software\Microsoft\Internet Explorer\Search]|[Start Page] : -> http://www.google.com/
Repaired : [HKLM\Software\Microsoft\Internet Explorer\Search]|[Local Page] : -> C:\Windows\system32\blank.htm
Repaired : [HKLM\Software\Microsoft\Internet Explorer\Search]|[Search Page] : -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Repaired : [HKLM\Software\Microsoft\Internet Explorer\Search]|[Default_Search_URL] : -> http://go.microsoft.com/fwlink/?LinkId=54896
Repaired : [HKLM\Software\Microsoft\Internet Explorer\Search]|[Default_Page_URL] : -> http://go.microsoft.com/fwlink/?LinkId=69157
Repaired : [HKLM\Software\Microsoft\Internet Explorer\Search]|[BrowserMngr Start Page] : -> http://www.google.com/
Repaired : [HKLM\Software\Microsoft\Internet Explorer\Search]|[CustomizeSearch] : -> http://www.google.com/
���������� | Hijack.Google Chrome
[����] : fckenojfmfijmbkigoajddgondmfhefd = : Safe and secure surfing - Protect your web browser from ads and pop unders while surfing the internet - GeniusXX Safe ads
���������� | Hijack.Firefox
[����] Deleted successfully : C:\Users\����\AppData\Roaming\Mozilla\Firefox\Profiles\itpaaoqb.default\sessionstore.js
[����] Deleted successfully : user_pref("CT3289075.lastNewTabSettings", "{\"isEnabled\":true,\"newTabUrl\":\"http://search.conduit.com/?ctid=CT3289075&octid=CT3289075&SearchSource=15&CUI=UN30805091177079268&SSPV=&Lay=1&UM=\"}");
[����] Deleted successfully : user_pref("app.update.lastUpdateTime.addon-background-update-timer", 1399360343);
[����] Deleted successfully : user_pref("browser.syncPromoViewsLeftMap", "{\"passwords\":0,\"bookmarks\":0,\"addons\":0}");
[����] Deleted successfully : user_pref("extensions.Webfuii.aul", "1394946430530");
[����] Deleted successfully : user_pref("extensions.Webfuii.is", "kbmadvztdz");
[����] Deleted successfully : user_pref("extensions.Webfuii.ug", "4BBF96C9-A20D-4E97-8C81-7A305DC331F4");
[����] Deleted successfully : user_pref("extensions.YoutubeDownloader@PeterOlayev.com.addonVersion", "2.2.9");
[����] Deleted successfully : user_pref("extensions.addon@geniusinstaller.com.install-event-fired", true);
[����] Deleted successfully : user_pref("extensions.asjiaffjh@virqlbv.net.install-event-fired", true);
[����] Deleted successfully : user_pref("extensions.bootstrappedAddons", "{}");
[����] Deleted successfully : user_pref("extensions.buenosearch.admin", false);
[����] Deleted successfully : user_pref("extensions.buenosearch.aflt", "babsst");
[����] Deleted successfully : user_pref("extensions.buenosearch.appId", "{37EB75F2-7392-4DBE-B5AD-147EC6D7BF5F}");
[����] Deleted successfully : user_pref("extensions.buenosearch.autoRvrt", "false");
[����] Deleted successfully : user_pref("extensions.buenosearch.dfltLng", "en");
[����] Deleted successfully : user_pref("extensions.buenosearch.excTlbr", false);
[����] Deleted successfully : user_pref("extensions.buenosearch.ffxUnstlRst", true);
[����] Deleted successfully : user_pref("extensions.buenosearch.id", "9c00a5f5000000000000062163d7c346");
[����] Deleted successfully : user_pref("extensions.buenosearch.instlDay", "16163");
[����] Deleted successfully : user_pref("extensions.buenosearch.instlRef", "sst");
[����] Deleted successfully : user_pref("extensions.buenosearch.newTab", false);
[����] Deleted successfully : user_pref("extensions.buenosearch.prdct", "buenosearch");
[����] Deleted successfully : user_pref("extensions.buenosearch.prtnrId", "buenosearch");
[����] Deleted successfully : user_pref("extensions.buenosearch.rvrt", "false");
[����] Deleted successfully : user_pref("extensions.buenosearch.smplGrp", "none");
[����] Deleted successfully : user_pref("extensions.buenosearch.tlbrId", "base");
[����] Deleted successfully : user_pref("extensions.buenosearch.vrsn", "1.8.28.7");
[����] Deleted successfully : user_pref("extensions.buenosearch.vrsnTs", "1.8.28.712:10:52");
[����] Deleted successfully : user_pref("extensions.buenosearch.vrsni", "1.8.28.7");
[����] Deleted successfully : user_pref("extensions.eagleget_ffext@eagleget.com.install-event-fired", true);
[����] Deleted successfully : user_pref("extensions.getAddons.databaseSchema", 5);
[����] Deleted successfully : user_pref("extensions.ui.lastCategory", "addons://list/extension");
[����] Deleted successfully : user_pref("print.printer_SnagIt_9.print_bgcolor", false);
[����] Deleted successfully : user_pref("print.printer_SnagIt_9.print_colorspace", "");
[����] Deleted successfully : user_pref("print.printer_SnagIt_9.print_command", "");
[����] Deleted successfully : user_pref("print.printer_SnagIt_9.print_downloadfonts", false);
[����] Deleted successfully : user_pref("print.printer_SnagIt_9.print_duplex", 896);
[����] Deleted successfully : user_pref("print.printer_SnagIt_9.print_edge_bottom", 0);
[����] Deleted successfully : user_pref("print.printer_SnagIt_9.print_edge_left", 0);
[����] Deleted successfully : user_pref("print.printer_SnagIt_9.print_edge_right", 0);
[����] Deleted successfully : user_pref("print.printer_SnagIt_9.print_edge_top", 0);
[����] Deleted successfully : user_pref("print.printer_SnagIt_9.print_evenpages", true);
[����] Deleted successfully : user_pref("print.printer_SnagIt_9.print_footercenter", "");
[����] Deleted successfully : user_pref("print.printer_SnagIt_9.print_footerleft", "&PT");
[����] Deleted successfully : user_pref("print.printer_SnagIt_9.print_footerright", "&D");
[����] Deleted successfully : user_pref("print.printer_SnagIt_9.print_headercenter", "");
[����] Deleted successfully : user_pref("print.printer_SnagIt_9.print_headerleft", "&T");
[����] Deleted successfully : user_pref("print.printer_SnagIt_9.print_headerright", "&U");
[����] Deleted successfully : user_pref("print.printer_SnagIt_9.print_in_color", true);
[����] Deleted successfully : user_pref("print.printer_SnagIt_9.print_margin_bottom", "0.5");
[����] Deleted successfully : user_pref("print.printer_SnagIt_9.print_margin_left", "0.5");
[����] Deleted successfully : user_pref("print.printer_SnagIt_9.print_margin_right", "0.5");
[����] Deleted successfully : user_pref("print.printer_SnagIt_9.print_margin_top", "0.5");
[����] Deleted successfully : user_pref("print.printer_SnagIt_9.print_oddpages", true);
[����] Deleted successfully : user_pref("print.printer_SnagIt_9.print_orientation", 0);
[����] Deleted successfully : user_pref("print.printer_SnagIt_9.print_page_delay", 50);
[����] Deleted successfully : user_pref("print.printer_SnagIt_9.print_paper_data", 9);
[����] Deleted successfully : user_pref("print.printer_SnagIt_9.print_paper_height", " 11.00");
[����] Deleted successfully : user_pref("print.printer_SnagIt_9.print_paper_name", "");
[����] Deleted successfully : user_pref("print.printer_SnagIt_9.print_paper_size_type", 0);
[����] Deleted successfully : user_pref("print.printer_SnagIt_9.print_paper_size_unit", 1);
[����] Deleted successfully : user_pref("print.printer_SnagIt_9.print_paper_width", " 8.50");
[����] Deleted successfully : user_pref("print.printer_SnagIt_9.print_plex_name", "");
[����] Deleted successfully : user_pref("print.printer_SnagIt_9.print_resolution", 88832);
[����] Deleted successfully : user_pref("print.printer_SnagIt_9.print_resolution_name", "");
[����] Deleted successfully : user_pref("print.printer_SnagIt_9.print_reversed", false);
[����] Deleted successfully : user_pref("print.printer_SnagIt_9.print_scaling", " 1.00");
[����] Deleted successfully : user_pref("print.printer_SnagIt_9.print_shrink_to_fit", true);
[����] Deleted successfully : user_pref("print.printer_SnagIt_9.print_to_file", false);
[����] Deleted successfully : user_pref("print.printer_SnagIt_9.print_to_filename", "");
[����] Deleted successfully : user_pref("print.printer_SnagIt_9.print_unwriteable_margin_bottom", 0);
[����] Deleted successfully : user_pref("print.printer_SnagIt_9.print_unwriteable_margin_left", 0);
[����] Deleted successfully : user_pref("print.printer_SnagIt_9.print_unwriteable_margin_right", 0);
[����] Deleted successfully : user_pref("print.printer_SnagIt_9.print_unwriteable_margin_top", 0);
[����] : plugin@playgame.com.xpi : - -
[����] : YoutubeDownloader@PeterOlayev.com.xpi : - -
[����] : {81BF1D23-5F17-408D-AC6B-BD6DF7CAF670} : - -
[����] : {af95cc15-3b9b-45ae-8d9b-98d08eda3111}.xpi : - -
[����] : {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi : - -
[����] : {e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi : - -
���������� | Opera
���������� | Hijack.StartMenuInternet
Repaired : [HKLM\Software\Clients\StartMenuInternet\IExplore.exe\shell\open\command] : C:\Program Files\Internet Explorer\iexplore.exe http://www.qvo6.com/?utm_source=b&utm_medium=amt&from=amt&uid=ST9500325AS_6VEVCDARXXXX6VEVCDAR&ts=1375970578 -> "C:\Program Files\Internet Explorer\iexplore.exe"
���������� | AppInit_DLLs
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]|[LoadAppInit_DLLs] : 1
���������� | Hijack.Javascript
���������� | Firewall
Repaired : [HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]|[EnableFirewall] : 1 -> 0
���������� | Temporary files
[All Users] Temporary files deleted : 0 Ko
[Default] Temporary files deleted : 0 Ko
[Default User] Temporary files deleted : 0 Ko
[Public] Temporary files deleted : 0 Ko
[����] Temporary files deleted : 875689 Ko
[????] Temporary files deleted : 0 Ko
[C:\Windows\Temp] Temporary files deleted : 31331 Ko
[C:\Temp] Temporary files deleted : 0 Ko
Other(s) report(s)
[X] : [33123 Ko]
Analyzed elements : 148728 | Infected : 280
���������� |EOF| ���������� | 06:45:22 | [44 Ko]