Код:
Registry Keys: 4
PUP.Optional.CrossRider.A, HKLM\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\19979, , [c8220e6d2556ba7c48d0d8ee13ef629e],
PUP.Optional.PlusHD.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Plus-HD-9.4, , [23c7dc9f8deee6508d33ab1aa260cd33],
PUP.Optional.CrossRider.M, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{11111111-1111-1111-1111-110511311164}, , [30ba017a6417e25498386e21e51f19e7],
PUP.Optional.CrossRider.M, HKLM\SOFTWARE\CLASSES\CLSID\{11111111-1111-1111-1111-110511311164}, , [30ba017a6417e25498386e21e51f19e7],
Folders: 14
PUP.Optional.CinemaLoad.A, C:\Users\Sandy Bridge\AppData\Roaming\cload, , [49a17803f88353e3c8cf467361a1e818],
PUP.Optional.CrossRider.A, C:\Users\Sandy Bridge\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\55d597b4-643f-421e-b007-26a68e26903b@a62d99f0-1402-44d5-8671-7a618c9c4868.com, , [07e3413aafccb383f5afd9c18979c937],
PUP.Optional.CrossRider.A, C:\Users\Sandy Bridge\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\55d597b4-643f-421e-b007-26a68e26903b@a62d99f0-1402-44d5-8671-7a618c9c4868.com\chrome, , [07e3413aafccb383f5afd9c18979c937],
PUP.Optional.CrossRider.A, C:\Users\Sandy Bridge\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\55d597b4-643f-421e-b007-26a68e26903b@a62d99f0-1402-44d5-8671-7a618c9c4868.com\chrome\content, , [07e3413aafccb383f5afd9c18979c937],
PUP.Optional.CrossRider.A, C:\Users\Sandy Bridge\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\55d597b4-643f-421e-b007-26a68e26903b@a62d99f0-1402-44d5-8671-7a618c9c4868.com\chrome\content\api, , [07e3413aafccb383f5afd9c18979c937],
PUP.Optional.CrossRider.A, C:\Users\Sandy Bridge\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\55d597b4-643f-421e-b007-26a68e26903b@a62d99f0-1402-44d5-8671-7a618c9c4868.com\chrome\content\core, , [07e3413aafccb383f5afd9c18979c937],
PUP.Optional.CrossRider.A, C:\Users\Sandy Bridge\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\55d597b4-643f-421e-b007-26a68e26903b@a62d99f0-1402-44d5-8671-7a618c9c4868.com\defaults, , [07e3413aafccb383f5afd9c18979c937],
PUP.Optional.CrossRider.A, C:\Users\Sandy Bridge\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\55d597b4-643f-421e-b007-26a68e26903b@a62d99f0-1402-44d5-8671-7a618c9c4868.com\defaults\preferences, , [07e3413aafccb383f5afd9c18979c937],
PUP.Optional.CrossRider.A, C:\Users\Sandy Bridge\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\55d597b4-643f-421e-b007-26a68e26903b@a62d99f0-1402-44d5-8671-7a618c9c4868.com\extensionData, , [07e3413aafccb383f5afd9c18979c937],
PUP.Optional.CrossRider.A, C:\Users\Sandy Bridge\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\55d597b4-643f-421e-b007-26a68e26903b@a62d99f0-1402-44d5-8671-7a618c9c4868.com\extensionData\plugins, , [07e3413aafccb383f5afd9c18979c937],
PUP.Optional.CrossRider.A, C:\Users\Sandy Bridge\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\55d597b4-643f-421e-b007-26a68e26903b@a62d99f0-1402-44d5-8671-7a618c9c4868.com\extensionData\userCode, , [07e3413aafccb383f5afd9c18979c937],
PUP.Optional.CrossRider.A, C:\Users\Sandy Bridge\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\55d597b4-643f-421e-b007-26a68e26903b@a62d99f0-1402-44d5-8671-7a618c9c4868.com\locale, , [07e3413aafccb383f5afd9c18979c937],
PUP.Optional.CrossRider.A, C:\Users\Sandy Bridge\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\55d597b4-643f-421e-b007-26a68e26903b@a62d99f0-1402-44d5-8671-7a618c9c4868.com\locale\en-US, , [07e3413aafccb383f5afd9c18979c937],
PUP.Optional.CrossRider.A, C:\Users\Sandy Bridge\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\55d597b4-643f-421e-b007-26a68e26903b@a62d99f0-1402-44d5-8671-7a618c9c4868.com\skin, , [07e3413aafccb383f5afd9c18979c937],
Riskware.BitcoinMiner, C:\Windows\Temp\dgen.exe, , [15d5304bb1ca70c6a1bcfa4d8180dd23],
PUP.Optional.PriceMeter.A, C:\Windows\System32\Tasks\pricemetertask, , [ca20b4c709720e2849d1258a51b1fd03],
PUP.Optional.PriceMeter.A, C:\Windows\System32\Tasks\PriceMeterUpdater, , [b7337dfef3881b1b2fee1f905ca614ec],
PUP.Optional.CrossRider.A, C:\Windows\System32\Tasks\b7cfb940-8dc0-44fc-b182-1a69b2899478-3, , [b4369edd2259181e49eb694712f04eb2],
PUP.Optional.WebAlta.A, C:\Users\Sandy Bridge\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\searchplugins\webalta-search.xml, , [b733700b98e3b482ee8e5c5d37cb9769],
PUP.Optional.CinemaLoad.A, C:\Users\Sandy Bridge\AppData\Roaming\cload\chrome.dat, , [49a17803f88353e3c8cf467361a1e818],
PUP.Optional.CinemaLoad.A, C:\Users\Sandy Bridge\AppData\Roaming\cload\firefox.dat, , [49a17803f88353e3c8cf467361a1e818],
PUP.Optional.CinemaLoad.A, C:\Users\Sandy Bridge\AppData\Roaming\cload\internet.dat, , [49a17803f88353e3c8cf467361a1e818],
PUP.Optional.CinemaLoad.A, C:\Users\Sandy Bridge\AppData\Roaming\cload\opera.dat, , [49a17803f88353e3c8cf467361a1e818],
PUP.Optional.CrossRider.A, C:\Windows\Tasks\b7cfb940-8dc0-44fc-b182-1a69b2899478-3.job, , [b9312952760595a1c3db1ea6dd259a66],
4)