Zoek.exe v5.0.0.0 Updated 08-April-2015 Tool run by Natalia on di 14/04/2015 at 12:06:05,22. Microsoft Windows 7 Максимальная 6.1.7601 Service Pack 1 x86 Running in: Normal Mode Internet Access Detected Launched: C:\Users\Natalia\Desktop\zoek.exe [Scan all users] [Script inserted] [Checkboxes used] ==== System Restore Info ====================== 14/04/2015 12:07:32 Zoek.exe System Restore Point Created Successfully. ==== Empty Folders Check ====================== C:\Program Files\games deleted successfully C:\Program Files\MarkAny deleted successfully C:\Program Files\MSXML 4.0 deleted successfully C:\Users\Natalia\AppData\Roaming\Opera Software deleted successfully C:\Users\Natalia\AppData\Roaming\Panda Security deleted successfully C:\Users\Natalia\AppData\Local\Opera Software deleted successfully C:\Users\Natalia\AppData\Local\QIP deleted successfully C:\Users\Natalia\AppData\Local\Samsung deleted successfully C:\Users\Natalia\AppData\Local\Unity deleted successfully ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-2145543469-1690660646-1235608541-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} deleted successfully HKEY_USERS\S-1-5-21-2145543469-1690660646-1235608541-1000\Software\Microsoft\Internet Explorer\SearchScopes\{2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} deleted successfully HKEY_USERS\S-1-5-21-2145543469-1690660646-1235608541-1000\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} deleted successfully HKEY_USERS\S-1-5-21-2145543469-1690660646-1235608541-1000\Software\Microsoft\Internet Explorer\SearchScopes\{632F07F3-19A1-4d16-A23F-E6CE9486BAB5} deleted successfully HKEY_USERS\S-1-5-21-2145543469-1690660646-1235608541-1000\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} deleted successfully HKEY_USERS\S-1-5-21-2145543469-1690660646-1235608541-1000\Software\Microsoft\Internet Explorer\SearchScopes\{E733165D-CBCF-4FDA-883E-ADEF965B476C} deleted successfully HKEY_USERS\S-1-5-21-2145543469-1690660646-1235608541-1000\Software\Microsoft\Internet Explorer\SearchScopes\{FFEBBF0A-C22C-4172-89FF-45215A135AC7} deleted successfully HKEY_USERS\S-1-5-21-2145543469-1690660646-1235608541-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{91397D20-1446-11D4-8AF4-0040CA1127B6} deleted successfully HKEY_USERS\S-1-5-21-2145543469-1690660646-1235608541-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C93F72A2-2162-4BBA-A07A-F13663C297A6} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{632F07F3-19A1-4d16-A23F-E6CE9486BAB5} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C93F72A2-2162-4BBA-A07A-F13663C297A6} deleted successfully ==== Deleting CLSID Registry Values ====================== HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{91397D20-1446-11D4-8AF4-0040CA1127B6} deleted successfully HKEY_USERS\S-1-5-21-2145543469-1690660646-1235608541-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{91397D20-1446-11D4-8AF4-0040CA1127B6} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{91397D20-1446-11D4-8AF4-0040CA1127B6} deleted successfully HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\istart_ffnt@gmail.com deleted successfully ==== Installed Programs ====================== Adobe Flash Player 17 ActiveX Adobe Flash Player 17 NPAPI Adobe Reader XI (11.0.10) - Nederlands Adobe Refresh Manager AMD DnD V1.0.19 ANT Drivers Installer x86 ATI AVIVO Codecs ATI Catalyst Install Manager Avast Free Antivirus Battlefield 1942T Belkin N300 Micro USB Wireless Adapter Bonjour Catalyst Control Center - Branding Catalyst Control Center Core Implementation Catalyst Control Center Graphics Full Existing Catalyst Control Center Graphics Full New Catalyst Control Center Graphics Light Catalyst Control Center Graphics Previews Common Catalyst Control Center Graphics Previews Vista Catalyst Control Center HydraVision Full Catalyst Control Center InstallProxy Catalyst Control Center Localization All ccc-core-static ccc-utility CCC Help Chinese Standard CCC Help Chinese Traditional CCC Help Czech CCC Help Danish CCC Help Dutch CCC Help English CCC Help Finnish CCC Help French CCC Help German CCC Help Greek CCC Help Hungarian CCC Help Italian CCC Help Japanese CCC Help Korean CCC Help Norwegian CCC Help Polish CCC Help Portuguese CCC Help Russian CCC Help Spanish CCC Help Swedish CCC Help Thai CCC Help Turkish CCleaner Conexant Polaris Unused CIR Function D3DX10 Elevated Installer FlossOrganizer 3.0 Garmin Communicator Plugin Garmin Express Garmin Express Tray Google Chrome Google Update Helper HydraVision Java 7 Update 60 Java 8 Update 31 Java Auto Updater Junk Mail filter update K-Lite Mega Codec Pack 10.6.5 Mail.Ru ЂЈҐ­в 6.3 (бЎ®аЄ  7771) Malwarebytes Anti-Malware version 2.0.4.1028 Microsoft .NET Framework 4 Client Profile RUS Language Pack Microsoft .NET Framework 4.5.1 Microsoft Application Error Reporting Microsoft Office 2007 Service Pack 3 (SP3) Microsoft Office Access MUI (Russian) 2007 Microsoft Office Enterprise 2007 Microsoft Office Excel 2007 Help Iaiiaeaiea (KB963678) Microsoft Office Excel MUI (Russian) 2007 Microsoft Office File Validation Add-In Microsoft Office Groove MUI (Russian) 2007 Microsoft Office InfoPath MUI (Russian) 2007 Microsoft Office OneNote MUI (Russian) 2007 Microsoft Office Outlook 2007 Help Iaiiaeaiea (KB963677) Microsoft Office Outlook Connector Microsoft Office Outlook MUI (Russian) 2007 Microsoft Office Powerpoint 2007 Help Iaiiaeaiea (KB963669) Microsoft Office PowerPoint MUI (Russian) 2007 Microsoft Office Proof (English) 2007 Microsoft Office Proof (German) 2007 Microsoft Office Proof (Russian) 2007 Microsoft Office Proof (Ukrainian) 2007 Microsoft Office Proofing (Russian) 2007 Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) Microsoft Office Publisher MUI (Russian) 2007 Microsoft Office Shared MUI (Russian) 2007 Microsoft Office Word 2007 Help Iaiiaeaiea (KB963665) Microsoft Office Word MUI (Russian) 2007 Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 Movie Maker Mozilla Firefox 36.0.4 (x86 ru) Mozilla Maintenance Service MSVC80_x86 MSVCRT MSVCRT110 MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) MSXML 4.0 SP2 Parser and SDK MyFreeCodec Origin Panda Internet Security 2014 Parom.TV player Pattern Maker for cross stitch - v4 (Pro+ME) PC Connectivity Solution Photo Common Photo Gallery PRODUCT_DISPLAY_NAME Realtek Ethernet Controller All-In-One Windows Driver Realtek High Definition Audio Driver RedCafe 1.3.1 Reg Organizer rollApp File Opener version 1.3.2 Samsung New PC Studio SAMSUNG USB Driver for Mobile Phones Security Update for Microsoft .NET Framework 4.5.1 (KB2894854v2) Security Update for Microsoft .NET Framework 4.5.1 (KB2898869) Security Update for Microsoft .NET Framework 4.5.1 (KB2901126) Security Update for Microsoft .NET Framework 4.5.1 (KB2931368) Security Update for Microsoft .NET Framework 4.5.1 (KB2972107) Security Update for Microsoft .NET Framework 4.5.1 (KB2972216) Security Update for Microsoft .NET Framework 4.5.1 (KB2978128) Security Update for Microsoft .NET Framework 4.5.1 (KB2979578v2) Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596825) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2597973) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2760415) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2760585) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2760591) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2817330) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2850022) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2878233) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2880507) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2880508) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2881069) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2920795) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2984939) 32-Bit Edition Security Update for Microsoft Office Compatibility Pack Service Pack 3 (KB2956106) 32-Bit Edition Security Update for Microsoft Office Compatibility Pack Service Pack 3 (KB2956107) 32-Bit Edition Security Update for Microsoft Office Excel 2007 (KB2956103) 32-Bit Edition Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition Security Update for Microsoft Office OneNote 2007 (KB2596857) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2899580) 32-Bit Edition Security Update for Microsoft Office Publisher 2007 (KB2817565) 32-Bit Edition Security Update for Microsoft Office Word 2007 (KB2956109) 32-Bit Edition SkypeT 7.3 Sony Mobile Update Engine Sony PC Companion 2.10.251 STDU Viewer version 1.6.350.0 StitchCalc 2.1 Update for 2007 Microsoft Office System (KB967642) Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2596787) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2920794) 32-Bit Edition Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition Update for Microsoft Office Outlook 2007 (KB2863811) 32-Bit Edition Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2956104) 32-Bit Edition Video Grabber VirtualStitch 2.0 Visual Studio 2012 x86 Redistributables VLC media player WinDjView 2.0.2 Windows Live Communications Platform Windows Live Essentials Windows Live Family Safety Windows Live ID Sign-in Assistant Windows Live Installer Windows Live Mail Windows Live Messenger Windows Live MIME IFilter Windows Live Photo Common Windows Live PIMT Platform Windows Live SOXE Windows Live SOXE Definitions Windows Live UX Platform Windows Live UX Platform Language Pack Windows Live Writer Windows Live Writer Resources WinRAR 5.20 (32-а §ап¤­ п) Ћб­®ў­лҐ Є®¬Ї®­Ґ­вл Windows Live Џ ЄҐв ¤а ©ўҐа®ў Windows - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) Џ ЄҐв ¤а ©ўҐа®ў Windows - Silicon Labs Software (DSI_SiUSBXp_3_1) USB (02/06/2007 3.1) Џ®зв  Windows Live ”®в® «мЎ®¬ ”®в®Ја дЁЁ (®ЎйҐ¤®бвгЇ­ п ўҐабЁп) џ§лЄ®ў®© Ї ЄҐв Є«ЁҐ­вбЄ®Ј® Їа®дЁ«п Microsoft.NET Framework 4 - RUS ==== Running Processes ====================== C:\Windows\System32\smss.exe C:\Windows\system32\csrss.exe C:\Windows\system32\wininit.exe C:\Windows\system32\csrss.exe C:\Windows\system32\services.exe C:\Windows\system32\winlogon.exe C:\Windows\system32\lsass.exe C:\Windows\system32\lsm.exe C:\Windows\system32\atiesrxx.exe C:\Windows\system32\atieclxx.exe C:\Program Files\AVAST Software\Avast\AvastSvc.exe C:\Windows\system32\Dwm.exe C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe C:\Windows\Explorer.EXE C:\Windows\System32\spoolsv.exe C:\Windows\system32\taskhost.exe C:\Program Files\Common Files\ArcSoft\esinter\Bin\eservutil.exe C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Reg Organizer\StartupCheckingService.exe C:\Windows\system32\crypserv.exe C:\Windows\system32\FsUsbExService.Exe C:\Windows\system32\taskeng.exe C:\Program Files\CinemaP-1.8cV12.04\acffff6b-d07d-4258-a814-556568d71ec5-1-6.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\AVAST Software\Avast\AvastUI.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\XTab\ProtectService.exe C:\Program Files\XTab\cmdshell.exe C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe C:\Program Files\XTab\HPNotify.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\wbem\unsecapp.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\system32\ctfmon.exe C:\Windows\system32\ctfmon.exe C:\Windows\system32\ctfmon.exe C:\Program Files\CCleaner\CCleaner.exe C:\Windows\system32\wbem\unsecapp.exe C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe C:\Users\Natalia\Desktop\zoek.exe C:\Windows\system32\conhost.exe C:\Windows\system32\conhost.exe c:\program files\windows defender\MpCmdRun.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k GPSvcGroup C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\system32\svchost.exe -k imgsvc C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Windows\System32\svchost.exe -k secsvcs C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted ==== Deleting Services ====================== HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Crypkey License deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Crypkey License deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\IHProtect Service deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\IHProtect Service deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\globalUpdate deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\globalUpdate deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\globalUpdatem deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\globalUpdatem deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WindowsMangerProtect deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WindowsMangerProtect deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\WindowsMangerProtect deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\WindowsMangerProtect deleted successfully ==== FireFox Fix ====================== ProfilePath: C:\Users\Natalia\AppData\Roaming\Mozilla\Firefox\Profiles\p33u20l9.default ---- FireFox user.js and prefs.js backups ---- user_20151404_1227_.backup prefs_20151404_1227_.backup ProfilePath: C:\Users\Natalia\AppData\Roaming\Mozilla\Firefox\Profiles\ty9f2m6v.default ---- Lines istart modified from prefs.js ---- user_pref("extensions.enabledAddons", "searchengine%40gmail.com:1.0.0.1028,searchengine%40gmail.com:1.0.0.1028,istart_ffnt%40gmail.com:5.3.7,searcheng ---- Lines searches removed from prefs.js ---- user_pref("browser.search.searchengine.alias", "luckysearches"); user_pref("browser.search.searchengine.iconURL", "http://www.luckysearches.com/web/favicon.ico"); user_pref("browser.search.searchengine.name", "luckysearches"); user_pref("browser.search.searchengine.url", "http://www.luckysearches.com/web/?type=dspp&ts=1428839237&from=2sq&uid=ST3500418AS_9VM9V2C6XXXX9VM9V2C6& user_pref("browser.startup.homepage", "http://www.luckysearches.com/?type=hppp&ts=1428839237&from=2sq&uid=ST3500418AS_9VM9V2C6XXXX9VM9V2C6"); ---- Lines searches removed from user.js ---- user_pref("browser.startup.homepage", "http://www.luckysearches.com/?type=hppp&ts=1428839237&from=2sq&uid=ST3500418AS_9VM9V2C6XXXX9VM9V2C6"); ---- Lines browser.startup.page removed from prefs.js ---- user_pref("browser.startup.page", 1); ---- Lines browser.startup.page removed from user.js ---- user_pref("browser.startup.page", 1); ---- FireFox user.js and prefs.js backups ---- user_20151404_1227_.backup prefs_20151404_1227_.backup ==== Registry Fix Code ====================== Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command] @="C:\\Program Files\\Mozilla Firefox\\firefox.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command] @="C:\\Program Files\\Internet Explorer\\iexplore.exe" ==== Deleting Files \ Folders ====================== C:\Program Files\games not found C:\Program Files\MarkAny not found C:\Program Files\91486688-d974-4637-a6dc-c765eaea58a8 deleted C:\Users\Natalia\AppData\Local\17247 deleted C:\Users\Natalia\AppData\Local\27213 deleted C:\Users\Natalia\.android deleted C:\ProgramData\Registry Helper deleted C:\ProgramData\IHProtectUpDate deleted C:\ProgramData\WindowsMangerProtect deleted C:\ProgramData\Package Cache deleted C:\Users\Natalia\AppData\Local\globalUpdate deleted C:\Users\Natalia\AppData\Local\CrashRpt deleted C:\Windows\Tasks\acffff6b-d07d-4258-a814-556568d71ec5-1-6.job deleted C:\Windows\Tasks\acffff6b-d07d-4258-a814-556568d71ec5-1-7.job deleted C:\Windows\Tasks\acffff6b-d07d-4258-a814-556568d71ec5-4.job deleted C:\Windows\system32\Tasks\acffff6b-d07d-4258-a814-556568d71ec5-1-6 deleted C:\Windows\system32\Tasks\acffff6b-d07d-4258-a814-556568d71ec5-1-7 deleted C:\Windows\system32\Tasks\acffff6b-d07d-4258-a814-556568d71ec5-4 deleted C:\Windows\Reimage.ini deleted C:\Windows\tasks\globalUpdateUpdateTaskMachineCore.job deleted C:\Windows\tasks\globalUpdateUpdateTaskMachineUA.job deleted C:\Windows\system32\tasks\globalUpdateUpdateTaskMachineCore deleted C:\Windows\system32\tasks\globalUpdateUpdateTaskMachineUA deleted C:\Windows\System32\drivers\{6010c1d4-82a3-4db6-b3f6-09826a275523}Gw.sys deleted C:\Windows\system32\config\systemprofile\Searches deleted C:\Windows\system32\GroupPolicy\Adm deleted C:\Windows\system32\GroupPolicy\Machine deleted C:\Windows\system32\GroupPolicy\User deleted C:\Windows\system32\GroupPolicy\gpt.ini deleted C:\Windows\system32\RegistryHelperLM.ocx deleted C:\Users\Natalia\AppData\Roaming\Mozilla\Firefox\Profiles\ty9f2m6v.default\searchplugins\luckysearches.xml deleted C:\Users\Natalia\AppData\Roaming\Mozilla\Firefox\Profiles\ty9f2m6v.default\.autoreg deleted C:\Users\Natalia\AppData\Roaming\Mozilla\Firefox\Profiles\ty9f2m6v.default\jetpack deleted "C:\Users\Natalia\AppData\Roaming\DGQMB" deleted "C:\Users\Natalia\AppData\Roaming\IYLG" deleted "C:\Program Files\XTab" deleted "C:\Program Files\globalUpdate" deleted ==== System Specs ====================== Windows: Windows 7 Ultimate Edition Service Pack 1 (Build 7601) Memory (RAM): 3328 MB CPU Info: Intel(R) Core(TM)2 Quad CPU Q9550 @ 2.83GHz CPU Speed: 2792,3 MHz Sound Card: Динамики (Realtek High Definiti | Realtek Digital Output (Realtek | Display Adapters: ATI Radeon HD 5800 Series | ATI Radeon HD 5800 Series | ATI Radeon HD 5800 Series | RDPDD Chained DD | RDP Encoder Mirror Driver | RDP Reflector Display Driver Monitors: 1x; SyncMaster 2333HD(Digital) | Screen Resolution: 1920 X 1080 - 32 bit Network: Network Present Network Adapters: Realtek PCIe GBE Family Controller CD / DVD Drives: 1x (D: | ) D: OPTIARC DVD-ROM DDU1681S Ports: COM1 LPT Port NOT Present. Mouse: 3 Button Wheel Mouse Present Hard Disks: C: 465,8GB Hard Disks - Free: C: 282,0GB Manufacturer *: American Megatrends Inc. BIOS Info: AT/AT COMPATIBLE | 11/06/08 | ACRSYS - 20081106 Time Zone: ????????? ????? (????) Motherboard *: MICRO-STAR INTERNATIONAL CO.,LTD MS-7353 Country: ЃҐ«мЈЁп Language: NLB ==== System Specs (Software) ====================== Anti-Virus: avast! Antivirus On-access scanning disabled (Outdated) Anti-Spyware: Windows Defender disabled (Outdated) Anti-Spyware: avast! Antivirus disabled (Outdated) Default Browser: Google Chrome 41.0.2272.118 Internet Explorer Version: 11.0.9600.17691 Mozilla Firefox version: 36.0.4 (x86 ru) Google Chrome version: 41.0.2272.118 Adobe Reader version: 11.0.10.32 Sun Java version: 1.8.0_31 (32-bit) Flash Player version: 17.0.0.134 ==== Files Recently Created / Modified ====================== ====== C:\Windows ==== 2015-04-13 16:43:53 29968EDF8EF795F91DD35A61988CC40C 43112 ----a-w- C:\Windows\avastSS.scr ====== C:\Users\Natalia\AppData\Local\Temp ==== 2015-04-14 09:26:04 7548C242D95CBFF76908360AD629C09F 408128 ------w- C:\Users\Natalia\AppData\Local\Temp\{9D41D2EF-2D33-4CFD-8A3E-C7E6FCC3303B}\ArcCon.dll ====== Java Cache ===== ====== C:\Windows\system32 ===== 2015-04-13 19:49:41 62D03E335422BB89362A379118EE0D11 1576 ----a-w- C:\Windows\System32\rrr.lnk 2015-04-13 16:44:03 95111BFB2EB0C6FECE6873ACF2EA358D 291312 ----a-w- C:\Windows\System32\aswBoot.exe 2015-04-12 12:44:02 9439E4F50247273A3B0B9F8DA68AFC05 4 ----a-w- C:\Windows\System32\029B560A371F4E00AB32838EBC01B9E7 ====== C:\Windows\system32\drivers ===== 2015-04-13 16:44:11 F7D2CE852966935E2F85C3DB4D50D3A5 106912 ----a-w- C:\Windows\System32\drivers\aswStm.sys 2015-04-13 16:44:11 0AE22EAD6B30E448160338E708BCB71D 208024 ----a-w- C:\Windows\System32\drivers\aswVmm.sys 2015-04-13 16:44:10 74E84C8CEB52042E8A1EA3104D151843 49904 ----a-w- C:\Windows\System32\drivers\aswRvrt.sys 2015-04-13 16:44:10 2AB454C9C10C427738426C06D3749361 427736 ----a-w- C:\Windows\System32\drivers\aswSP.sys 2015-04-13 16:44:09 5D70C1C6C61C5A034BD086AD219A0237 73440 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys 2015-04-13 16:44:08 FE99FCB91E93BC4A7E222928A06411DE 24144 ----a-w- C:\Windows\System32\drivers\aswHwid.sys 2015-04-13 16:44:08 456106F51D03D99A8C65BFC0E37E3D0B 81728 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys 2015-04-13 16:44:06 48FA0C8E04A37A619C894A1C02D5AB96 788272 ----a-w- C:\Windows\System32\drivers\aswSnx.sys 2015-04-12 13:44:42 2262614848962DDB38FFB7C883E6FB55 49856 ----a-w- C:\Windows\System32\drivers\fssfltr.sys ====== C:\Windows\Tasks ====== 2015-04-14 09:26:48 8E23E9FFE9E0183BECFFD543BD67B9CA 3274 ----a-w- C:\Windows\system32\Tasks\{36FFC8D0-002F-45C6-AD22-B8FAB3C12FAA} 2015-04-13 19:49:41 656C8CDF4DD1BF49619B5DFD74C410BC 3420 ----a-w- C:\Windows\system32\Tasks\RegOrganizerQuickLaunch 2015-04-05 11:49:21 -------- d-----w- C:\Windows\system32\Tasks\NCH Software 2015-03-24 14:40:15 88FEFEF795A25602259144D43D932918 2962 ----a-w- C:\Windows\system32\Tasks\{1C1CD8DF-6B33-414C-9DC3-E757A94AF444} ====== C:\Windows\Temp ====== ======= C:\Program Files ===== 2015-04-13 19:42:47 -------- d-----w- C:\Program Files\Enigma Software Group 2015-04-13 19:41:58 -------- d-----w- C:\Program Files\Common Files\Wise Installation Wizard 2015-04-12 13:44:04 -------- d-----w- C:\Program Files\Microsoft SQL Server Compact Edition 2015-04-12 11:55:36 -------- d-----w- C:\Program Files\Movavi Screen Capture Studio 5 2015-04-12 11:46:07 -------- d-----w- C:\Program Files\Opera 2015-04-12 11:44:35 -------- d-----w- C:\Program Files\CinemaP-1.8cV12.04 2015-04-05 11:49:19 -------- d-----w- C:\Program Files\NCH Software 2015-03-26 10:18:45 -------- d-----w- C:\Program Files\Mozilla Maintenance Service 2015-03-22 13:47:01 -------- d-----w- C:\Program Files\K-Lite Codec Pack ======= C: ===== ====== C:\Users\Natalia\AppData\Roaming ====== 2015-04-12 11:59:30 -------- d-----w- C:\Users\Natalia\AppData\Roaming\MOVAVI 2015-04-12 11:44:08 -------- d-----w- C:\Users\Natalia\AppData\Local\Pro_PC_Cleaner 2015-04-07 02:53:03 -------- d-----w- C:\Windows\system32\config\systemprofile\AppData\Roaming\Mozilla 2015-04-07 02:53:03 -------- d-----w- C:\Windows\system32\config\systemprofile\AppData\Local\Mozilla 2015-04-05 11:49:21 -------- d-----w- C:\Users\Natalia\AppData\Roaming\NCH Software 2015-03-26 08:09:00 -------- d-----w- C:\Users\Natalia\AppData\Roaming\RedCafe 2015-03-22 19:17:41 AEA2E47B82D41C6736E912980862FE35 706224 ----a-w- C:\Windows\serviceprofiles\Localservice\AppData\Local\FontCache3.0.0.0.dat 2015-03-22 14:56:04 -------- d-----w- C:\Users\Natalia\AppData\Local\Movavi 2015-03-22 14:14:16 6A9DC7E5B62A92B14A4F96063C843089 5120 ----a-w- C:\Users\Natalia\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2015-03-22 14:14:16 -------- d-----w- C:\Users\Natalia\AppData\Local\ezvid,_inc 2015-03-22 14:02:36 -------- d-----w- C:\Users\Natalia\AppData\Roaming\UVsoftium 2015-03-22 14:00:03 -------- d-----w- C:\Users\Natalia\AppData\Local\ExKode Co. Ltd 2015-03-22 13:57:51 -------- d-----w- C:\Users\Natalia\AppData\Local\Dxtory Software 2015-03-22 13:51:22 -------- d-----w- C:\Users\Natalia\AppData\Roaming\MPC-HC 2015-03-22 13:43:40 -------- d-----w- C:\Users\Natalia\AppData\Roaming\QipShot ====== C:\Users\Natalia ====== 2015-04-13 19:40:15 7873B8294E75160D32CB07A83AD73857 728960 ----a-w- C:\Users\Natalia\Downloads\SpyHunter-installer.exe 2015-04-12 13:44:35 -------- d-----r- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live 2015-04-12 13:38:07 -------- d-----r- C:\Users\Natalia\OneDrive 2015-04-12 11:59:30 -------- d-----w- C:\ProgramData\Movavi Video Suite 12 2015-04-07 02:53:03 -------- d-----r- C:\Windows\system32\config\systemprofile\Favorites 2015-04-07 02:53:03 -------- d-----r- C:\Windows\system32\config\systemprofile\Desktop 2015-04-06 10:25:01 075B0DA82E23780FA2DD7F2EA0464FD4 258 --sha-r- C:\Users\Natalia\ntuser.pol 2015-04-06 10:15:14 09396B2320C916F6C7B02C961044E894 626 --sha-r- C:\ProgramData\ntuser.pol 2015-04-05 11:49:21 -------- d-----w- C:\ProgramData\NCH Software 2015-03-26 08:09:04 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RedCafe 2015-03-22 15:13:37 -------- d-----w- C:\Users\Natalia\Tracing 2015-03-22 14:54:24 A3486FF469EA5D94A3A2FBB18A452526 5103 ----a-w- C:\ProgramData\vczcspay.tpu 2015-03-22 14:54:23 -------- d-----w- C:\ProgramData\Movavi 2015-03-22 13:47:05 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack 2015-03-15 14:42:11 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ArcSoft ShowBiz ====== C: exe-files == 2015-04-13 21:11:06 6B110E925294547A7D288F26DA19D199 179687 ----a-w- C:\Windows\455F074C814E4520B69B5584BD90400C.TMP\WiseCustomCalla18.exe 2015-04-13 19:41:59 7BE0F6203CDF7E986EDC66525DDA4424 180930 ----a-w- C:\Windows\455F074C814E4520B69B5584BD90400C.TMP\WiseCustomCalla22.exe 2015-04-13 19:40:15 7873B8294E75160D32CB07A83AD73857 728960 ----a-w- C:\Users\Natalia\Downloads\SpyHunter-installer.exe 2015-04-13 16:44:03 95111BFB2EB0C6FECE6873ACF2EA358D 291312 ----a-w- C:\Windows\System32\aswBoot.exe 2015-04-12 13:38:10 B18FF6F1680E0B2E2F2A63AD2F335AA7 6081224 ----a-w- C:\Program Files\Common Files\Windows Live\.cache\a38584d11d0752504\onedrivesetup.exe 2015-04-12 13:36:10 F5443547CAAC20AA334A88817579270F 525656 ----a-w- C:\Program Files\Common Files\Windows Live\.cache\a154a39c1d0752503\DXSETUP.exe 2015-04-12 13:36:06 DDCE338BB173B32024679D61FB4F2BA6 537432 ----a-w- C:\Program Files\Common Files\Windows Live\.cache\9f4c96ad1d0752502\DXSETUP.exe 2015-04-12 13:36:03 DDCE338BB173B32024679D61FB4F2BA6 537432 ----a-w- C:\Program Files\Common Files\Windows Live\.cache\9c61e4321d0752501\DXSETUP.exe 2015-04-12 11:53:41 E36A1AE16C2295C028B335E8CAD84C41 2446336 ----a-r- C:\Program Files\Movavi Screen Capture Studio 5\MovAvi 5 Setup+Crack\Movavi Screen Capture Cracked Files\AudioCapture.exe 2015-04-12 11:53:38 4B0DC5966C5595082148B1403260C295 3072000 ----a-r- C:\Program Files\Movavi Screen Capture Studio 5\MovAvi 5 Setup+Crack\Movavi Screen Capture Cracked Files\VideoEditor.exe 2015-04-12 11:53:37 C70BC1E0C7AE2D710C8CD6D476D514B6 2263040 ----a-r- C:\Program Files\Movavi Screen Capture Studio 5\MovAvi 5 Setup+Crack\Movavi Screen Capture Cracked Files\SplitMovie.exe 2015-04-12 11:53:36 BBD6E475FA8607DC43206F7BF2836665 2935296 ----a-r- C:\Program Files\Movavi Screen Capture Studio 5\MovAvi 5 Setup+Crack\Movavi Screen Capture Cracked Files\ShareOnline.exe 2015-04-12 11:53:35 2C450A46E25A928E6F034608327A7C11 2998272 ----a-r- C:\Program Files\Movavi Screen Capture Studio 5\MovAvi 5 Setup+Crack\Movavi Screen Capture Cracked Files\ScreenCapture.exe 2015-04-12 11:53:34 712C00C26B551A69D8E6134259A432D0 3023872 ----a-r- C:\Program Files\Movavi Screen Capture Studio 5\MovAvi 5 Setup+Crack\Movavi Screen Capture Cracked Files\VideoCapture.exe 2015-04-12 11:53:33 B43AC460D3D44AA06A69B345FAE427EB 3106304 ----a-r- C:\Program Files\Movavi Screen Capture Studio 5\MovAvi 5 Setup+Crack\Movavi Screen Capture Cracked Files\ChiliBurner.exe 2015-04-12 11:53:28 9D53CB8AC1DC4D897D0602FF46E9A9ED 115568880 ----a-r- C:\Program Files\Movavi Screen Capture Studio 5\MovAvi 5 Setup+Crack\MovaviScreenCaptureSetup.exe 2015-04-12 11:45:49 38A34E887C3BE236A5D3A95D0DBE34CD 1408512 ----a-w- C:\Program Files\CinemaP-1.8cV12.04\acffff6b-d07d-4258-a814-556568d71ec5-1-6.exe 2015-04-12 11:44:35 7CD308568C030442D8E336CDFDA2CF13 117248 ----a-w- C:\Program Files\CinemaP-1.8cV12.04\Uninstall.exe === C: other files == 2015-04-13 20:15:40 76CDB2BAD9582D23C1F6F4D868218D6C 22 ----a-w- C:\Users\Natalia\AppData\Local\Temp\avastBCLTMP\{6010c1d4-82a3-4db6-b3f6-09826a275523}.zip 2015-04-13 16:44:11 F7D2CE852966935E2F85C3DB4D50D3A5 106912 ----a-w- C:\Windows\System32\drivers\aswStm.sys 2015-04-13 16:44:11 0AE22EAD6B30E448160338E708BCB71D 208024 ----a-w- C:\Windows\System32\drivers\aswVmm.sys 2015-04-13 16:44:10 74E84C8CEB52042E8A1EA3104D151843 49904 ----a-w- C:\Windows\System32\drivers\aswRvrt.sys 2015-04-13 16:44:10 2AB454C9C10C427738426C06D3749361 427736 ----a-w- C:\Windows\System32\drivers\aswSP.sys 2015-04-13 16:44:09 5D70C1C6C61C5A034BD086AD219A0237 73440 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys 2015-04-13 16:44:08 FE99FCB91E93BC4A7E222928A06411DE 24144 ----a-w- C:\Windows\System32\drivers\aswHwid.sys 2015-04-13 16:44:08 456106F51D03D99A8C65BFC0E37E3D0B 81728 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys 2015-04-13 16:44:06 48FA0C8E04A37A619C894A1C02D5AB96 788272 ----a-w- C:\Windows\System32\drivers\aswSnx.sys 2015-04-12 13:44:42 2262614848962DDB38FFB7C883E6FB55 49856 -c--a-w- C:\Windows\System32\DRVSTORE\fssfltr_53B1A1E03F7FFD1D0FE056B8522FE410DEDAC734\fssfltr.sys 2015-04-12 13:44:42 2262614848962DDB38FFB7C883E6FB55 49856 ----a-w- C:\Windows\System32\drivers\fssfltr.sys 2015-04-12 11:45:33 87E1D7B07B6B993DA146B6C629FE9CDE 446674 ----a-w- C:\Program Files\CinemaP-1.8cV12.04\acffff6b-d07d-4258-a814-556568d71ec5.xpi 2015-04-12 11:44:40 874141F57C626EA24D5266E025C3755D 402865 ----a-w- C:\Program Files\CinemaP-1.8cV12.04\98a91df9-1de3-4307-8273-442d0715f711.crx ==== Startup Registry Enabled ====================== [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "GarminExpressTrayApp"="C:\Program Files\Garmin\Express Tray\ExpressTray.exe" [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-21-2145543469-1690660646-1235608541-1000\Software\Microsoft\Windows\CurrentVersion\Run] "Skype"="C:\Program Files\Skype\Phone\Skype.exe /minimized /regrun" "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe /autoRun" "GoogleChromeAutoLaunch_C5E79778299007E859DD55DA6DAA4CC2"="C:\Program Files\Google\Chrome\Application\chrome.exe --no-startup-window" [HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run] "GarminExpressTrayApp"="C:\Program Files\Garmin\Express Tray\ExpressTray.exe" [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe MSRun" "RtHDVCpl"="C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe" "Skytel"="C:\Program Files\Realtek\Audio\HDA\Skytel.exe" "GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" "AvastUI.exe"="C:\Program Files\AVAST Software\Avast\AvastUI.exe /nogui" "ArcSoft Connection Service"="C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "Skype"="C:\Program Files\Skype\Phone\Skype.exe /minimized /regrun" "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe /autoRun" "GoogleChromeAutoLaunch_C5E79778299007E859DD55DA6DAA4CC2"="C:\Program Files\Google\Chrome\Application\chrome.exe --no-startup-window" ==== Startup Registry Disabled ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\CCleaner Monitoring] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="CCleaner Monitoring" "hkey"="HKCU" "command"="\"C:\\Program Files\\CCleaner\\CCleaner.exe\" /MONITOR" ==== Task Scheduler Jobs ====================== C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [13/04/2015 21:25] C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files\Google\Update\GoogleUpdate.exe [06/06/2014 12:47] C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files\Google\Update\GoogleUpdate.exe [06/06/2014 12:47] ==== Other Scheduled Tasks ====================== "C:\Windows\system32\tasks\Adobe Flash Player Updater" [C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe] "C:\Windows\system32\tasks\CCleanerSkipUAC" ["C:\Program Files\CCleaner\CCleaner.exe"] "C:\Windows\system32\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files\Google\Update\GoogleUpdate.exe] "C:\Windows\system32\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files\Google\Update\GoogleUpdate.exe] "C:\Windows\system32\tasks\ProPCCleaner_Popup" [C:\Program Files\Pro PC Cleaner\Splash.exe] "C:\Windows\system32\tasks\ProPCCleaner_Start" [C:\Program Files\Pro PC Cleaner\ProPCCleaner.exe] "C:\Windows\system32\tasks\RegOrganizerQuickLaunch" [C:\Program Files\Reg Organizer\RegOrganizer.exe] "C:\Windows\system32\tasks\SmartShare" [C:\Program Files\LG Software\LG Smart Share\SmartShareStart.exe] "C:\Windows\system32\tasks\User_Feed_Synchronization-{29C96B9B-E08B-49C2-B257-8B72DCF5EEE6}" [C:\Windows\system32\msfeedssync.exe] "C:\Windows\system32\tasks\{0B6D852D-A515-4F2B-8846-0B37B0DF5FF7}" [C:\Users\Natalia\Desktop\Samsung_PC_Studio_7.2.24.9.exe] "C:\Windows\system32\tasks\{1C1CD8DF-6B33-414C-9DC3-E757A94AF444}" [C:\Users\Natalia\AppData\Roaming\RedCafe\redcafe.exe] "C:\Windows\system32\tasks\{31209502-A8C1-48DD-902A-34FB8564D1C2}" ["c:\program files\mozilla firefox\firefox.exe"] "C:\Windows\system32\tasks\{697DEA34-5440-41CE-84E7-6AC64D4B30DF}" [C:\Users\Natalia\Desktop\Samsung_PC_Studio_7.2.24.9.exe] ==== Firefox Start and Search pages ====================== ProfilePath: C:\Users\Natalia\AppData\Roaming\Mozilla\Firefox\Profiles\ty9f2m6v.default user_pref("browser.search.defaulturl", "https://www.google.com/search/?trackid=sp-006"); user_pref("browser.search.defaultengine", "Google (avast)"); user_pref("browser.search.defaultenginename", "Google (avast)"); ==== Firefox Extensions Registry ====================== [HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions] "wrc@avast.com"="C:\Program Files\AVAST Software\Avast\WebRep\FF" [13/04/2015 18:44] ==== Firefox Extensions ====================== ProfilePath: C:\Users\Natalia\AppData\Roaming\Mozilla\Firefox\Profiles\p33u20l9.default - site_navigation - %ProfilePath%\extensions\jid1-ACEVYbPA2OS89A@jetpack.xpi - Adblock Plus - %ProfilePath%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi ProfilePath: C:\Users\Natalia\AppData\Roaming\Mozilla\Firefox\Profiles\ty9f2m6v.default - Search Enginer - %ProfilePath%\extensions\searchengine@gmail.com - @Mail.Ru - %ProfilePath%\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7} AppDir: C:\Program Files\Mozilla Firefox - Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} ==== Firefox Plugins ====================== Profilepath: C:\Users\Natalia\AppData\Roaming\Mozilla\Firefox\Profiles\p33u20l9.default 9DF0C4F0CEF60158614EDD1B3AB441EE - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll - Adobe Acrobat 0806948270D853B709CCBBF38AF167E4 - C:\Program Files\Adobe\Reader 11.0\Reader\browser\nppdf32.dll - Adobe Acrobat Profilepath: C:\Users\Natalia\AppData\Roaming\Mozilla\Firefox\Profiles\ty9f2m6v.default 0806948270D853B709CCBBF38AF167E4 - C:\Program Files\Adobe\Reader 11.0\Reader\browser\nppdf32.dll - Adobe Acrobat 9DF0C4F0CEF60158614EDD1B3AB441EE - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll - Adobe Acrobat 0CA4180B21C6B728578F3B0433BB740E - C:\Program Files\VideoLAN\VLC\npvlc.dll - VLC Web Plugin 98137411B9C632095F919E2CE70B288A - C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll - Google Update F0E80E561C3F715DB01ACCC97B72463A - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll - Photo Gallery 225D76851EFC6144B4BAD941B3E8989D - C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll - Java(TM) Platform SE 8 U31 B66B4D28D7D0C6322FF235C782CD6B76 - C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npdeployJava1.dll - Java Deployment Toolkit 8.0.310.13 87BE0BCC7163A304283C5C740B6346B2 - C:\Program Files\Garmin GPS Plugin\npGarmin.dll - Garmin Communicator Plug-In 43583AB4DFD406F4C188342F41B1F91C - C:\Windows\system32\Macromed\Flash\NPSWF32_17_0_0_134.dll - Shockwave Flash ==== Deleted Firefox Extensions ====================== C:\Users\Natalia\AppData\Roaming\Mozilla\Firefox\Profiles\ty9f2m6v.default\extensions\searchengine@gmail.com deleted ==== Chromium Look ====================== Google Chrome Version: 41.0.2272.118 (Latest Stable version: 41.0.2272.118) [z-db] HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions bopakagnckmlgajfccecajhnimjiiedh - No path found[] gomekmidlodglbbmalcneegieacbdmki - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx[13/04/2015 18:43] Google Docs - Natalia\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake Google Drive - Natalia\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf Google Search - Natalia\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf AdBlock - Natalia\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom The Weather Channel for Chrome - Natalia\AppData\Local\Google\Chrome\User Data\Default\Extensions\iflpcokdamgefbghpdipcibmhlkdopop Last updated at time on date - Natalia\AppData\Local\Google\Chrome\User Data\Default\Extensions\knebimhcckndhiglamoabbnifdkijidd Chrome Hotword Shared Module - Natalia\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg Floor plans and interior design - Natalia\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcafejemebbngbglfoinpoaannbihjna Rain Alarm - Natalia\AppData\Local\Google\Chrome\User Data\Default\Extensions\meaikaglpfemjncbioflellmppndgmok Visual Bookmarks - Natalia\AppData\Local\Google\Chrome\User Data\Default\Extensions\nkcpopggjcjkiicpenikeogioednjeac Google Wallet - Natalia\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda Gmail - Natalia\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia Google Docs - Natalia\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake Google Drive - Natalia\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf YouTube - Natalia\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo Google Search - Natalia\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf Avast Online Security - Natalia\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gomekmidlodglbbmalcneegieacbdmki Chrome Hotword Shared Module - Natalia\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lccekmodgklaepjeofjdjpbminllajkg Google Wallet - Natalia\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda ==== Chromium Startpages ====================== C:\Users\Natalia\AppData\Local\Bromium\User Data\Default\Preferences {"homepage_is_newtabpage":false,"homepage":"http://www.yandex.ru/?win=115&clid=47355","session":{"urls_to_restore_on_startup":["http://www.yandex.ru/?win=115&clid=47355","http://mail.yandex.ru/?win=115&clid=47355"]},"browser":{"show_home_button":true},"pinned_tabs":[{"url":"http://www.yandex.ru/?win=115&clid=1790331"},{"url":"http://mail.yandex.ru/?win=115&clid=1790331"}]} C:\Users\Natalia\AppData\Local\Chromium\User Data\Default\Preferences {"ntp":{"shown_sections":64,"shown_page":1024},"sync_promo":{"user_skipped":true},"bookmark_bar":{"show_on_all_tabs":true},"homepage_is_newtabpage":false,"homepage":"http://www.yandex.ru/?win=115&clid=47355","session":{"urls_to_restore_on_startup":["http://www.yandex.ru/?win=115&clid=47355","http://mail.yandex.ru/?win=115&clid=47355"]},"browser":{"show_home_button":true},"pinned_tabs":[{"url":"http://www.yandex.ru/?win=115&clid=1790331"},{"url":"http://mail.yandex.ru/?win=115&clid=1790331"}]} C:\Users\Natalia\AppData\Local\Comodo\Dragon\User Data\Default\Preferences {"homepage_is_newtabpage":false,"homepage":"http://www.yandex.ru/?win=115&clid=47355","session":{"urls_to_restore_on_startup":["http://www.yandex.ru/?win=115&clid=47355","http://mail.yandex.ru/?win=115&clid=47355"]},"browser":{"show_home_button":true},"pinned_tabs":[{"url":"http://www.yandex.ru/?win=115&clid=1790331"},{"url":"http://mail.yandex.ru/?win=115&clid=1790331"}]} C:\Users\Natalia\AppData\Local\Google\Chrome\User Data\Default\Preferences "homepage": "http://www.luckysearches.com/?type=hppp&ts=1428839237&from=2sq&uid=ST3500418AS_9VM9V2C6XXXX9VM9V2C6", "startup_urls": [ "http://www.luckysearches.com/?type=hppp&ts=1428839237&from=2sq&uid=ST3500418AS_9VM9V2C6XXXX9VM9V2C6" ] C:\Users\Natalia\AppData\Local\Nichrome\User Data\Default\Preferences "homepage": "http://www.yandex.ru/?win=115&clid=47355", C:\Users\Natalia\AppData\Local\Xpom\User Data\Default\Preferences "homepage": "http://mail.ru/cnt/9824", "urls_to_restore_on_startup": [ "http://mail.ru/cnt/9824" ] ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.luckysearches.com/?type=hppp&ts=1428839237&from=2sq&uid=ST3500418AS_9VM9V2C6XXXX9VM9V2C6" "Search Page"="http://www.luckysearches.com/web/?type=dspp&ts=1428839237&from=2sq&uid=ST3500418AS_9VM9V2C6XXXX9VM9V2C6&q={searchTerms}" "Default_Page_URL"="http://www.luckysearches.com/?type=hppp&ts=1428839237&from=2sq&uid=ST3500418AS_9VM9V2C6XXXX9VM9V2C6" "Default_Search_URL"="http://www.luckysearches.com/web/?type=dspp&ts=1428839237&from=2sq&uid=ST3500418AS_9VM9V2C6XXXX9VM9V2C6&q={searchTerms}" "Search Bar"="https://www.google.com/?trackid=sp-006" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.luckysearches.com/?type=hppp&ts=1428839237&from=2sq&uid=ST3500418AS_9VM9V2C6XXXX9VM9V2C6" "Search Page"="http://www.luckysearches.com/web/?type=dspp&ts=1428839237&from=2sq&uid=ST3500418AS_9VM9V2C6XXXX9VM9V2C6&q={searchTerms}" "Default_Page_URL"="http://www.luckysearches.com/?type=hppp&ts=1428839237&from=2sq&uid=ST3500418AS_9VM9V2C6XXXX9VM9V2C6" "Default_Search_URL"="http://www.luckysearches.com/web/?type=dspp&ts=1428839237&from=2sq&uid=ST3500418AS_9VM9V2C6XXXX9VM9V2C6&q={searchTerms}" "Search Bar"="https://www.google.com/?trackid=sp-006" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl\y] @="http://yandex.ru/yandsearch?win=115&clid=129652&text=%s" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"="{33BB0A4E-99AF-4226-BDF6-49120163DE86}" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}] not found New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896" "Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896" "Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896" "Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157" "Start Page"="http://www.google.com" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main] "Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896" "Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896" "Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896" "Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157" "Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl] "(Default)"="http://search.msn.com/results.asp?q=%s" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes {012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}" {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC" {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} Google Url="https://www.google.com/search?trackid=sp-006&q={searchTerms}" ==== shortcuts on Users Desktops ====================== C:\Users\Natalia\Desktop\Новая папка\вышивка 1\Stitch Art Easy 4.0.lnk - C:\Users\Natalia\Desktop\Новая папка\вышивка 1\вышивка\программы для вышивки\Snelkoppeling naar Haftek 3.0.lnk - C:\Users\Natalia\Desktop\Новая папка\программы\FlossOrganizer.lnk - C:\Users\Natalia\Desktop\Новая папка\программы\STDU Viewer.lnk - C:\Users\Natalia\Desktop\Новая папка\программы\StitchCalc.lnk - C:\Users\Natalia\Desktop\Новая папка\программы\VirtualStitch.lnk - C:\Users\Natalia\Desktop\Новая папка\фото\лондон 2013\Voorbeelden van afbeeldingen.lnk - C:\Users\Natalia\Desktop\платья\Запустить RedCafe.lnk - ==== shortcuts on All Users Desktop ====================== C:\Users\Public\Desktop\ArcSoft ShowBiz.lnk - C:\Program Files\ArcSoft\TotalMedia ShowBiz\TMShowBiz.exe C:\Users\Public\Desktop\CCleaner.lnk - C:\Program Files\CCleaner\CCleaner.exe C:\Users\Public\Desktop\Parom.TV.lnk - C:\Program Files\Parom.TV\paromplayer.exe ==== shortcuts in Users Start Menu ====================== C:\Users\Natalia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe http://www.luckysearches.com/?type=sc&ts=1428839201&from=2sq&uid=ST3500418AS_9VM9V2C6XXXX9VM9V2C6 C:\Users\Natalia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk - C:\Program Files\Internet Explorer\iexplore.exe http://www.luckysearches.com/?type=sc&ts=1428839201&from=2sq&uid=ST3500418AS_9VM9V2C6XXXX9VM9V2C6 C:\Users\Natalia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome\Панель запуска приложений Chrome.lnk - ==== shortcuts in All Users Start Menu ====================== C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk - C:\Windows\Installer\{AC76BA86-7AD7-1043-7B44-AB0000000001}\SC_Reader.ico C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movie Maker.lnk - C:\Program Files\Windows Live\Photo Gallery\MovieMaker.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk - C:\Program Files\Mozilla Firefox\firefox.exe http://www.luckysearches.com/?type=sc&ts=1428839201&from=2sq&uid=ST3500418AS_9VM9V2C6XXXX9VM9V2C6 C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photo Gallery.lnk - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk - C:\Program Files\Windows Live\Mail\wlmail.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk - C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ArcSoft Connect\Запустить ArcSoft Connect.lnk - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ArcSoft Connect\Просмотреть мои данные ArcSoft.lnk - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ArcSoft ShowBiz\ArcSoft ShowBiz.lnk - C:\Program Files\ArcSoft\TotalMedia ShowBiz\TMShowBiz.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ArcSoft ShowBiz DVD 2\ShowBiz DVD 2.lnk - C:\Program Files\ArcSoft\ShowBiz DVD 2\Wizard.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software\Avast Free Antivirus.lnk - C:\Program Files\AVAST Software\Avast\AvastUI.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battlefield 1942\Battlefield 1942 End User License Agreement.lnk - C:\Program Files\Origin Games\Battlefield 1942\Support\eula\en_US_eula.rtf C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battlefield 1942\Battlefield 1942.lnk - C:\Program Files\Origin Games\Battlefield 1942\BF1942.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battlefield 1942\Technical Support.lnk - C:\Program Files\Origin Games\Battlefield 1942\Support\EA Help\Technical Support.en_US.rtf C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Battlefield 1942™.lnk - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garmin\Garmin Express.lnk - C:\Program Files\Garmin\Express\Express.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe http://www.luckysearches.com/?type=sc&ts=1428839201&from=2sq&uid=ST3500418AS_9VM9V2C6XXXX9VM9V2C6 C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\About Java.lnk - C:\Program Files\Java\jre1.8.0_31\bin\javacpl.exe -tab about C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Check For Updates.lnk - C:\Program Files\Java\jre1.8.0_31\bin\javacpl.exe -tab update C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Configure Java.lnk - C:\Program Files\Java\jre1.8.0_31\bin\javacpl.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Get Help.lnk - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Visit Java.com.lnk - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Codec Tweak Tool.lnk - C:\Program Files\K-Lite Codec Pack\Tools\CodecTweakTool.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Media Player Classic.lnk - C:\Program Files\K-Lite Codec Pack\MPC-HC\mpc-hc.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Configuration\DirectVobSub.lnk - C:\Windows\System32\rundll32.exe "C:\Program Files\K-Lite Codec Pack\Filters\vsfilter.dll",DirectVobSub C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Configuration\ffdshow audio decoder.lnk - C:\Windows\System32\rundll32.exe "C:\Program Files\K-Lite Codec Pack\Filters\ffdshow\ffdshow.ax",configureAudio C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Configuration\ffdshow VFW interface.lnk - C:\Windows\System32\rundll32.exe "C:\Windows\system32\ff_vfw.dll",configureVFW C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Configuration\ffdshow video decoder.lnk - C:\Windows\System32\rundll32.exe "C:\Program Files\K-Lite Codec Pack\Filters\ffdshow\ffdshow.ax",configure C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Configuration\LAV Audio.lnk - C:\Windows\System32\rundll32.exe "C:\Program Files\K-Lite Codec Pack\Filters\LAV\lavaudio.ax",OpenConfiguration C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Configuration\LAV Splitter.lnk - C:\Windows\System32\rundll32.exe "C:\Program Files\K-Lite Codec Pack\Filters\LAV\lavsplitter.ax",OpenConfiguration C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Configuration\LAV Video.lnk - C:\Windows\System32\rundll32.exe "C:\Program Files\K-Lite Codec Pack\Filters\LAV\lavvideo.ax",OpenConfiguration C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Configuration\madVR.lnk - C:\Program Files\K-Lite Codec Pack\Filters\madVR\madHcCtrl.exe editLocalSettingsDontWait C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Configuration\Reset to recommended settings.lnk - C:\Program Files\K-Lite Codec Pack\Tools\CodecTweakTool.exe /resetsettings C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Configuration\x264 VFW (x86).lnk - C:\Windows\System32\rundll32.exe "C:\Windows\system32\x264vfw.dll",Configure C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Configuration\Xvid VFW.lnk - C:\Windows\System32\rundll32.exe "C:\Windows\system32\xvidvfw.dll",Configure C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Help\Frequently Asked Questions.lnk - C:\Program Files\K-Lite Codec Pack\Info\faq.htm C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Tools\GraphStudioNext.lnk - C:\Program Files\K-Lite Codec Pack\Tools\GraphStudioNext.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Tools\Haali Muxer.lnk - C:\Program Files\K-Lite Codec Pack\Filters\Haali\gdsmux.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Tools\MediaInfo.lnk - C:\Program Files\K-Lite Codec Pack\Tools\mediainfo.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Tools\Win7DSFilterTweaker.lnk - C:\Program Files\K-Lite Codec Pack\Tools\CodecTweakTool.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Uninstall\Uninstall K-Lite Codec Pack.lnk - C:\Program Files\K-Lite Codec Pack\unins000.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Malwarebytes Anti-Malware.lnk - C:\Program Files\Malwarebytes Anti-Malware\mbam.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Uninstall Malwarebytes Anti-Malware.lnk - C:\Program Files\Malwarebytes Anti-Malware\unins000.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Tools\Malwarebytes Anti-Malware Chameleon.lnk - C:\Program Files\Malwarebytes Anti-Malware\Chameleon\Windows\chameleon.chm C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin\Origin Error Reporter.lnk - C:\Program Files\Origin\OriginER.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pattern Maker for cross stitch - v4\Pattern Maker for cross stitch, Pro+ME.lnk - C:\Windows\Installer\{9CE2B4FB-8127-4058-B028-C5961242A484}\NewShortcut1.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pattern Maker for cross stitch - v4\Release Info.lnk - C:\Windows\Installer\{9CE2B4FB-8127-4058-B028-C5961242A484}\NewShortcut3.WRI C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RedCafe\Деинсталлировать RedCafe.lnk - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RedCafe\Запустить RedCafe.lnk - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RedCafe\Перейти на сайт RedCafeStore.com.lnk - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony\Sony PC Companion\Sony PC Companion 2.1.lnk - C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony\Sony PC Companion\Verwijderen.lnk - C:\Program Files\InstallShield Installation Information\{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}\setup.exe -uninst -runfromtemp C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live\Windows Live Family Safety.lnk - C:\Windows\Installer\{C74DCAC0-DDB3-4135-A70C-0553BF9490BC}\fssicon.ico C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live\Windows Live Writer.lnk - C:\Program Files\Windows Live\Writer\WindowsLiveWriter.exe ==== shortcuts in Quick Launch ====================== C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk - C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk - C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk - C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk - C:\Users\Natalia\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe C:\Users\Natalia\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files\Internet Explorer\iexplore.exe http://www.luckysearches.com/?type=sc&ts=1428839201&from=2sq&uid=ST3500418AS_9VM9V2C6XXXX9VM9V2C6 C:\Users\Natalia\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Mail.Ru Агент.lnk - C:\Users\Natalia\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Samsung New PC Studio.lnk - C:\Program Files\Samsung\Samsung New PC Studio\NPSGuide.exe C:\Users\Natalia\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk - C:\Users\Natalia\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk - C:\Users\Natalia\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Запустить RedCafe.lnk - C:\Users\Natalia\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\7e4dca80246863e3\pinned.lnk - C:\Windows\system32\control.exe C:\Users\Natalia\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Calculator.lnk - C:\Windows\system32\calc.exe C:\Users\Natalia\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Mail.Ru Агент.lnk - C:\Users\Natalia\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Notepad.lnk - C:\Windows\system32\notepad.exe C:\Users\Natalia\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe C:\Users\Natalia\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk - C:\Program Files\Mozilla Firefox\firefox.exe http://www.luckysearches.com/?type=sc&ts=1428839201&from=2sq&uid=ST3500418AS_9VM9V2C6XXXX9VM9V2C6 C:\Users\Natalia\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Reg Organizer.lnk - C:\Program Files\Reg Organizer\RegOrganizer.exe ==== shortcuts After Repair ====================== C:\Users\Natalia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe C:\Users\Natalia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk - C:\Program Files\Internet Explorer\iexplore.exe -extoff C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk - C:\Program Files\Mozilla Firefox\firefox.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe C:\Users\Natalia\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files\Internet Explorer\iexplore.exe C:\Users\Natalia\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk - C:\Program Files\Mozilla Firefox\firefox.exe ==== Deleting Registry Keys ====================== HKEY_LOCAL_MACHINE\Software\Policies\Google deleted successfully ==== HijackThis Entries ====================== O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe O4 - HKLM\..\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\Skytel.exe O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [GoogleChromeAutoLaunch_C5E79778299007E859DD55DA6DAA4CC2] "C:\Program Files\Google\Chrome\Application\chrome.exe" --no-startup-window O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [GarminExpressTrayApp] "C:\Program Files\Garmin\Express Tray\ExpressTray.exe" (User 'система') O4 - HKUS\.DEFAULT\..\Run: [GarminExpressTrayApp] "C:\Program Files\Garmin\Express Tray\ExpressTray.exe" (User 'Default user') O8 - Extra context menu item: &Экспорт в Microsoft Excel - res://C:\Program Files\MICROS~1\Office12\EXCEL.EXE/3000 O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Ioi?aaeou a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\MICROS~1\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Ioi?aaeou a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\MICROS~1\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\MICROS~1\Office12\REFIEBAR.DLL O9 - Extra button: Mail.Ru Aaaio - {7558B7E5-7B26-4201-BEDB-00D5FF534523} - C:\Users\Natalia\AppData\Roaming\Mail.Ru\Agent\magent.exe (HKCU) O9 - Extra 'Tools' menuitem: Mail.Ru Aaaio - {7558B7E5-7B26-4201-BEDB-00D5FF534523} - C:\Users\Natalia\AppData\Roaming\Mail.Ru\Agent\magent.exe (HKCU) O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\SKYPE4~1.DLL O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe O23 - Service: ArcSoft Exchange Service (ADExchange) - ArcSoft, Inc. - C:\Program Files\Common Files\ArcSoft\esinter\Bin\eservutil.exe O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe O23 - Service: Avast Antivirus (avast! Antivirus) - Avast Software s.r.o. - C:\Program Files\AVAST Software\Avast\AvastSvc.exe O23 - Service: AvastVBox COM Service (AvastVBoxSvc) - Avast Software - C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Chemtable Startup Checking - Unknown owner - C:\Program Files\Reg Organizer\StartupCheckingService.exe O23 - Service: FsUsbExService - Teruten - C:\Windows\system32\FsUsbExService.Exe O23 - Service: Garmin Core Update Service - Garmin Ltd or its subsidiaries - C:\Program Files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe O23 - Service: Google Update-service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: Origin Client Service - Electronic Arts - C:\Program Files\Origin\OriginClientService.exe O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe O23 - Service: Sony PC Companion - Avanquest Software - C:\Program Files\Sony\Sony PC Companion\PCCService.exe O23 - Service: SAMSUNG Mobile Connectivity Service (ss_conn_service) - DEVGURU Co., LTD. - C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe ==== Empty IE Cache ====================== C:\Users\Natalia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Natalia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully ==== Empty FireFox Cache ====================== C:\Users\Natalia\AppData\Local\Mozilla\Firefox\Profiles\ty9f2m6v.default\cache2 emptied successfully C:\Windows\system32\config\systemprofile\AppData\Local\Mozilla\Firefox\Profiles\2l13t1ds.default\cache2 emptied successfully ==== Empty Chrome Cache ====================== C:\Users\Natalia\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully C:\Users\Natalia\AppData\Local\Google\Chrome\User Data\Profile 1\Cache emptied successfully C:\Windows\system32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== Java Cache cleared successfully ==== C:\zoek_backup content ====================== C:\zoek_backup (files= ==== Empty Temp Folders ====================== C:\Users\Default\AppData\Local\Temp emptied successfully C:\Users\Default User\AppData\Local\Temp emptied successfully C:\Users\Natalia\AppData\Local\Temp will be emptied at reboot C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully C:\Windows\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\Windows\Temp successfully emptied C:\Users\Natalia\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied C:\RECYCLER successfully emptied ==== EOF on di 14/04/2015 at 12:55:52,50 ======================