Publicité
Publicité
Format du document : text/plain
Prévisualisation
Fix result of Farbar Recovery Scan Tool (x64) Version:07-02-2016
Ran by André (2016-02-14 18:56:54) Run:1
Running from C:\Users\André\Desktop
Loaded Profiles: André (Available Profiles: André)
Boot Mode: Normal
==============================================
fixlist content:
*****************
start
CloseProcesses:
() C:\Program Files (x86)\CalendarTool\2.0.0.11189\CalendarServ.exe
() C:\Program Files (x86)\CalendarTool\2.0.0.11189\calendar.exe
HKLM-x32\...\Run: [LightGate] => c:\programdata\lightgate.exe [1081344 2015-12-04] ()
HKLM-x32\...\Run: [HomePageHelper] => c:\programdata\homepage.exe [1100288 2015-11-25] ()
HKU\S-1-5-21-4040206143-25492408-1982695725-1001\...\Run: [taskhost] => rundll32.exe C:\ProgramData\WindowsMsg\675D131108D4FD145B0BFBC68A3E018A.dll Start /DEFAULT
HKU\S-1-5-21-4040206143-25492408-1982695725-1001\...\Run: [Pritc] => c:\programdata\windows update\tmp\msdtc-.exe
HKU\S-1-5-21-4040206143-25492408-1982695725-1001\...\Run: [osmsg] => C:\ProgramData\WindowsMsg\osmsg.exe /RUNNING
HKU\S-1-5-21-4040206143-25492408-1982695725-1001\...\Run: [-] => C:\ProgramData\msiql.exe /RUNNING
HKU\S-1-5-21-4040206143-25492408-1982695725-1001\...\Run: [msiql] => C:\ProgramData\msiql.exe /RUNNING
HKU\S-1-5-18\...\Run: [Bus Comp] => C:\WINDOWS\system32\rundll32.exe "C:\WINDOWS\system32\config\systemprofile\AppData\Local\Bus Comp\{13C5DAFA-E7D7-55BC-2C5F-9C06ACE6B3CC}\BusComp.dll",#1 <===== ATTENTION
HKU\S-1-5-18\...\Run: [Bus Comp2] => C:\WINDOWS\system32\rundll32.exe "C:\WINDOWS\system32\config\systemprofile\AppData\Local\Bus Comp\{13C5DAFA-E7D7-55BC-2C5F-9C06ACE6B3CC}\humeobf.dll",#1
HKU\S-1-5-18\...\Run: [Pritc] => c:\programdata\windows update\tmp\msdtc-.exe
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yeabests.cc/
URLSearchHook: [S-1-5-21-4040206143-25492408-1982695725-1001] ATTENTION => Default URLSearchHook is missing
URLSearchHook: HKU\S-1-5-21-4040206143-25492408-1982695725-1001 - (No Name) - {0633EE93-D776-472f-A0FF-E1416B8B2E3D} - No File
SearchScopes: HKLM -> DefaultScope {59E9C8B1-74FD-4CB6-A815-9E96102F97BD} URL = hxxp://www.google.com/search?hl={language}&q={searchTerms}
SearchScopes: HKLM -> {59E9C8B1-74FD-4CB6-A815-9E96102F97BD} URL = hxxp://www.google.com/search?hl={language}&q={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {59E9C8B1-74FD-4CB6-A815-9E96102F97BD} URL = hxxp://www.google.com/search?hl={language}&q={searchTerms}
SearchScopes: HKLM-x32 -> {59E9C8B1-74FD-4CB6-A815-9E96102F97BD} URL = hxxp://www.google.com/search?hl={language}&q={searchTerms}
SearchScopes: HKU\S-1-5-21-4040206143-25492408-1982695725-1001 -> DefaultScope {59E9C8B1-74FD-4CB6-A815-9E96102F97BD} URL = hxxp://www.google.com/search?hl={language}&q={searchTerms}
SearchScopes: HKU\S-1-5-21-4040206143-25492408-1982695725-1001 -> {59E9C8B1-74FD-4CB6-A815-9E96102F97BD} URL = hxxp://www.google.com/search?hl={language}&q={searchTerms}
SearchScopes: HKU\S-1-5-21-4040206143-25492408-1982695725-1001 -> {FFEBBF0A-C22C-4172-89FF-45215A135AC7} URL = hxxp://go.mail.ru/distib/ep/?q={SearchTerms}&product_id=%7B178427F0-BFC1-45AF-82DE-1C3A3AEC83B9%7D&gp=801510
FF DefaultSearchEngine: ?????@Mail.Ru
FF SelectedSearchEngine: ?????@Mail.Ru
FF Homepage: hxxps://mail.ru/cnt/11956636?fr=ffhp&gp=801010
FF Keyword.URL: hxxp://go.mail.ru/distib/ep/?product_id=%7B2E6F3BE1-26AE-4E4A-BE73-6E7B0FD96012%7D&gp=801510
FF Homepage: hxxp://br.hao123.com/?tn=sdkc_inner_hp_09_hao123_br&guid=716994737e659b8cfd66d074ebe54e48
FF Extension: ???????? ???????? Mail.Ru - C:\Users\André\AppData\Roaming\Mozilla\Firefox\Profiles\yjul70qi.default\Extensions\homepage@mail.ru [2016-01-03]
FF Extension: ?????@Mail.Ru - C:\Users\André\AppData\Roaming\Mozilla\Firefox\Profiles\yjul70qi.default\Extensions\search@mail.ru [2016-01-03] [not signed]
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\40F1F475E61CA999DED8F514BFA0040040F1 [2016-01-10] <==== ATTENTION
CHR HomePage: Default -> mail.ru/cnt/11956636
CHR DefaultSearchURL: Default -> hxxp://go.mail.ru/search?q={searchTerms}&fr=xtn11
CHR DefaultSearchKeyword: Default -> mail.ru
CHR DefaultSuggestURL: Default -> hxxp://suggests.go.mail.ru/chrome?q={searchTerms}
S2 Service KMSELDI; C:\Program Files\KMSpico\Service_KMS.exe [966336 2014-12-04] (@ByELDI) [File not signed]
R2 TheCalendarService; C:\Program Files (x86)\CalendarTool\2.0.0.11189\CalendarServ.exe [141960 2015-12-25] ()
S2 Nikkafq; "C:\Users\André\AppData\Roaming\MadkOyo\Jilrosji.exe" -cms [X]
S3 X6va062; \??\C:\WINDOWS\SysWOW64\Drivers\X6va062 [X]
S1 yalyqmdu; \??\C:\WINDOWS\system32\drivers\yalyqmdu.sys [X]
2015-12-25 06:42 - 2015-12-25 06:42 - 00148104 _____ () C:\Program Files (x86)\CalendarTool\2.0.0.11189\CalendarEntry.dll
2015-12-25 06:42 - 2015-12-25 06:42 - 00141960 _____ () C:\Program Files (x86)\CalendarTool\2.0.0.11189\CalendarServ.exe
2015-12-25 06:42 - 2015-12-25 06:42 - 03934344 _____ () C:\Program Files (x86)\CalendarTool\2.0.0.11189\Calendar.exe
2015-12-25 06:42 - 2015-12-25 06:42 - 00543368 _____ () C:\Program Files (x86)\CalendarTool\2.0.0.11189\EVPTask.dll
2015-12-25 06:42 - 2015-12-25 06:42 - 00406664 _____ () C:\Program Files (x86)\CalendarTool\2.0.0.11189\EVPNet.dll
2015-12-25 06:41 - 2015-12-25 06:41 - 00428680 _____ () C:\Program Files (x86)\CalendarTool\2.0.0.11189\EVPDR.dll
2015-12-25 06:42 - 2015-12-25 06:42 - 00747144 _____ () C:\Program Files (x86)\CalendarTool\2.0.0.11189\EVPKernel.dll
2015-12-25 06:42 - 2015-12-25 06:42 - 00327304 _____ () C:\Program Files (x86)\CalendarTool\2.0.0.11189\EVPHelp.dll
2016-02-14 15:14 - 2016-02-14 15:51 - 00000000 ____D C:\Users\André\AppData\Roaming\CalendarTool
2016-02-14 15:13 - 2016-02-14 15:13 - 00000000 ____D C:\Users\Public\Documents\Guid
2016-02-14 14:48 - 2016-02-14 15:07 - 00000000 ____D C:\AdwCleaner
2016-02-14 14:44 - 2016-02-14 14:45 - 01508352 _____ C:\Users\André\Desktop\AdwCleaner.exe
2016-01-21 06:47 - 2015-11-25 15:31 - 01100288 _____ C:\ProgramData\HomePage.exe
2016-01-21 06:46 - 2015-12-10 15:43 - 00600312 _____ C:\ProgramData\YeaPlayer_br_IBD_Bundle.exe
2016-01-21 06:45 - 2016-02-14 15:34 - 00009441 _____ C:\ProgramData\webad.xml
2016-01-21 06:45 - 2015-12-04 13:14 - 01081344 _____ C:\ProgramData\LightGate.exe
2016-01-10 07:51 - 2016-02-14 15:50 - 00000000 ____D C:\ProgramData\WindowsMsg
2016-01-10 07:51 - 2016-02-14 15:50 - 00000000 ____D C:\Program Files (x86)\osTip
2016-01-10 07:39 - 2016-01-10 07:39 - 00000000 ____D C:\Users\André\AppData\Local\Tempfolder
2016-01-10 07:31 - 2016-01-28 19:22 - 00000000 ____D C:\Users\André\AppData\Roaming\LightGate
2016-01-10 07:29 - 2016-01-10 07:29 - 01746288 _____ C:\Users\André\AppData\Roaming\9f0a0d1998ec.exe
2016-01-10 07:29 - 2016-01-10 07:29 - 00000000 ____D C:\Users\André\AppData\Local\Yeaplayer
2016-01-10 07:29 - 2015-12-10 08:39 - 01015808 _____ (d) C:\Users\André\AppData\Roaming\download.exe
2016-01-10 07:29 - 2015-11-30 15:45 - 02496403 _____ ( ) C:\Users\André\AppData\Roaming\yeaplayer_51479.exe
2016-01-10 07:28 - 2016-01-21 06:45 - 00000000 ____D C:\ProgramData\Windows Update
2016-01-10 07:28 - 2016-01-10 14:42 - 01752576 _____ C:\Users\André\AppData\Roaming\upgsvr.exe
2016-01-10 07:28 - 2016-01-10 14:42 - 01752576 _____ C:\ProgramData\upgsvr.exe
2016-01-10 07:28 - 2016-01-10 07:30 - 00000000 _____ C:\Users\André\AppData\Roaming\svrupg.exe
2016-01-10 07:28 - 2016-01-10 07:28 - 00004782 _____ C:\Users\André\AppData\Roaming\webad.xml
2016-01-10 07:28 - 2016-01-08 11:10 - 02413056 _____ C:\Users\André\AppData\Roaming\msiql.exe
2016-01-10 07:27 - 2016-01-10 08:29 - 00000000 ____D C:\Users\André\AppData\Roaming\Baidu
2016-01-10 07:27 - 2016-01-10 08:29 - 00000000 ____D C:\ProgramData\baidu
2016-01-10 07:27 - 2016-01-10 07:27 - 00000015 _____ C:\WINDOWS\system32\config.conf
2016-01-10 07:27 - 2016-01-10 07:27 - 00000000 ____D C:\Users\Public\Documents\Baidu
2016-01-10 07:26 - 2016-01-10 07:59 - 00000000 ____D C:\Users\André\AppData\Roaming\UpAuroraBrowser
2016-01-10 06:53 - 2016-01-10 06:52 - 00000967 _____ C:\WINDOWS\system32\Drivers\etc\hp.bak
2016-01-10 06:21 - 2016-01-10 06:22 - 00044880 _____ C:\Users\André\Downloads\?????????? ? Silent Aim'?.rar
2016-01-03 23:38 - 2016-01-03 23:38 - 00000000 ____D C:\Users\André\AppData\Local\????????e
2016-01-03 23:33 - 2016-01-03 23:33 - 00000000 ____D C:\Users\André\AppData\Local\?o??? ? ???e????
2016-01-10 07:29 - 2016-01-10 07:29 - 1746288 _____ () C:\Users\André\AppData\Roaming\9f0a0d1998ec.exe
2016-01-10 07:29 - 2015-12-10 08:39 - 1015808 _____ (d) C:\Users\André\AppData\Roaming\download.exe
2016-01-10 07:28 - 2016-01-08 11:10 - 2413056 _____ () C:\Users\André\AppData\Roaming\msiql.exe
2016-01-10 07:28 - 2016-01-10 07:30 - 0000000 _____ () C:\Users\André\AppData\Roaming\svrupg.exe
2016-01-10 07:28 - 2016-01-10 14:42 - 1752576 _____ () C:\Users\André\AppData\Roaming\upgsvr.exe
2016-01-10 07:28 - 2016-01-10 07:28 - 0004782 _____ () C:\Users\André\AppData\Roaming\webad.xml
2016-01-10 07:29 - 2015-11-30 15:45 - 2496403 _____ () C:\Users\André\AppData\Roaming\yeaplayer_51479.exe
2016-01-21 06:47 - 2015-11-25 15:31 - 1100288 _____ () C:\ProgramData\HomePage.exe
2016-01-21 06:45 - 2015-12-04 13:14 - 1081344 _____ () C:\ProgramData\LightGate.exe
2016-01-10 07:28 - 2016-01-10 14:42 - 1752576 _____ () C:\ProgramData\upgsvr.exe
2016-01-21 06:45 - 2016-02-14 15:34 - 0009441 _____ () C:\ProgramData\webad.xml
2016-01-23 04:06 - 2016-01-23 04:06 - 0000161 _____ () C:\ProgramData\xcgui_debug.txt
2016-01-21 06:46 - 2015-12-10 15:43 - 0600312 _____ () C:\ProgramData\YeaPlayer_br_IBD_Bundle.exe
Task: {08E92328-1F5C-4421-870F-72C5765FDD95} - System32\Tasks\AutoPico Daily Restart => C:\Program Files\KMSpico\AutoPico.exe [2014-12-04] (@ByELDI)
Task: {3A5E8B69-1F4C-4BF5-B073-4B717293E160} - \nethost task -> No File <==== ATTENTION
Task: {4F95BC58-E4DF-4CEE-9552-DFFA8ED45DB8} - \crash_service -> No File <==== ATTENTION
Task: {620497ED-7965-4DBB-925D-26EF65A50A2E} - \Run_Bobby_Browser -> No File <==== ATTENTION
ShortcutWithArgument: C:\Users\André\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.yeabests.cc/
ShortcutWithArgument: C:\Users\André\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.yeabests.cc/
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://www.yeabests.cc/
ShortcutWithArgument: C:\Users\Public\Desktop\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.yeabests.cc/
ShortcutWithArgument: C:\Users\Public\Desktop\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://www.yeabests.cc/
C:\ProgramData\HomePage.exe
C:\ProgramData\LightGate.exe
C:\ProgramData\upgsvr.exe
C:\ProgramData\YeaPlayer_br_IBD_Bundle.exe
CreateRestorePoint:
RemoveProxy:
EmptyTemp:
Reboot:
Hosts:
end
*****************
Processes closed successfully.
C:\Program Files (x86)\CalendarTool\2.0.0.11189\CalendarServ.exe => No running process found
C:\Program Files (x86)\CalendarTool\2.0.0.11189\calendar.exe => No running process found
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\LightGate => value removed successfully
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\HomePageHelper => value removed successfully
HKU\S-1-5-21-4040206143-25492408-1982695725-1001\Software\Microsoft\Windows\CurrentVersion\Run\\taskhost => value removed successfully
HKU\S-1-5-21-4040206143-25492408-1982695725-1001\Software\Microsoft\Windows\CurrentVersion\Run\\Pritc => value removed successfully
HKU\S-1-5-21-4040206143-25492408-1982695725-1001\Software\Microsoft\Windows\CurrentVersion\Run\\osmsg => value removed successfully
HKU\S-1-5-21-4040206143-25492408-1982695725-1001\Software\Microsoft\Windows\CurrentVersion\Run\\- => value removed successfully
HKU\S-1-5-21-4040206143-25492408-1982695725-1001\Software\Microsoft\Windows\CurrentVersion\Run\\msiql => value removed successfully
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run\\Bus Comp => value removed successfully
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run\\Bus Comp2 => value removed successfully
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run\\Pritc => value removed successfully
"HKLM\SOFTWARE\Policies\Google" => key removed successfully
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page => value removed successfully
Could not restore Default URLSearchHook.
HKU\S-1-5-21-4040206143-25492408-1982695725-1001\Software\Microsoft\Internet Explorer\URLSearchHooks\\{0633EE93-D776-472f-A0FF-E1416B8B2E3D} => value removed successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{59E9C8B1-74FD-4CB6-A815-9E96102F97BD}" => key removed successfully
HKCR\CLSID\{59E9C8B1-74FD-4CB6-A815-9E96102F97BD} => key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{59E9C8B1-74FD-4CB6-A815-9E96102F97BD}" => key removed successfully
HKCR\Wow6432Node\CLSID\{59E9C8B1-74FD-4CB6-A815-9E96102F97BD} => key not found.
HKU\S-1-5-21-4040206143-25492408-1982695725-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
"HKU\S-1-5-21-4040206143-25492408-1982695725-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{59E9C8B1-74FD-4CB6-A815-9E96102F97BD}" => key removed successfully
HKCR\CLSID\{59E9C8B1-74FD-4CB6-A815-9E96102F97BD} => key not found.
"HKU\S-1-5-21-4040206143-25492408-1982695725-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{FFEBBF0A-C22C-4172-89FF-45215A135AC7}" => key removed successfully
HKCR\CLSID\{FFEBBF0A-C22C-4172-89FF-45215A135AC7} => key not found.
Firefox DefaultSearchEngine removed successfully
Firefox SelectedSearchEngine removed successfully
Firefox "homepage" removed successfully
Firefox "Keyword.URL" removed successfully
FF Homepage: hxxp://br.hao123.com/?tn=sdkc_inner_hp_09_hao123_br&guid=716994737e659b8cfd66d074ebe54e48 => not found
C:\Users\André\AppData\Roaming\Mozilla\Firefox\Profiles\yjul70qi.default\Extensions\homepage@mail.ru => moved successfully
C:\Users\André\AppData\Roaming\Mozilla\Firefox\Profiles\yjul70qi.default\Extensions\search@mail.ru => moved successfully
C:\Program Files (x86)\mozilla firefox\40F1F475E61CA999DED8F514BFA0040040F1 => moved successfully
Chrome HomePage => removed successfully
Chrome DefaultSearchURL => removed successfully
Chrome DefaultSearchKeyword => removed successfully
Chrome DefaultSuggestURL => removed successfully
Service KMSELDI => service removed successfully
TheCalendarService => service not found.
Nikkafq => service removed successfully
X6va062 => service removed successfully
yalyqmdu => service removed successfully
"C:\Program Files (x86)\CalendarTool\2.0.0.11189\CalendarEntry.dll" => not found.
"C:\Program Files (x86)\CalendarTool\2.0.0.11189\CalendarServ.exe" => not found.
"C:\Program Files (x86)\CalendarTool\2.0.0.11189\Calendar.exe" => not found.
"C:\Program Files (x86)\CalendarTool\2.0.0.11189\EVPTask.dll" => not found.
"C:\Program Files (x86)\CalendarTool\2.0.0.11189\EVPNet.dll" => not found.
"C:\Program Files (x86)\CalendarTool\2.0.0.11189\EVPDR.dll" => not found.
"C:\Program Files (x86)\CalendarTool\2.0.0.11189\EVPKernel.dll" => not found.
"C:\Program Files (x86)\CalendarTool\2.0.0.11189\EVPHelp.dll" => not found.
"C:\Users\André\AppData\Roaming\CalendarTool" => not found.
C:\Users\Public\Documents\Guid => moved successfully
C:\AdwCleaner => moved successfully
C:\Users\André\Desktop\AdwCleaner.exe => moved successfully
C:\ProgramData\HomePage.exe => moved successfully
C:\ProgramData\YeaPlayer_br_IBD_Bundle.exe => moved successfully
C:\ProgramData\webad.xml => moved successfully
C:\ProgramData\LightGate.exe => moved successfully
C:\ProgramData\WindowsMsg => moved successfully
C:\Program Files (x86)\osTip => moved successfully
C:\Users\André\AppData\Local\Tempfolder => moved successfully
C:\Users\André\AppData\Roaming\LightGate => moved successfully
C:\Users\André\AppData\Roaming\9f0a0d1998ec.exe => moved successfully
C:\Users\André\AppData\Local\Yeaplayer => moved successfully
C:\Users\André\AppData\Roaming\download.exe => moved successfully
C:\Users\André\AppData\Roaming\yeaplayer_51479.exe => moved successfully
C:\ProgramData\Windows Update => moved successfully
C:\Users\André\AppData\Roaming\upgsvr.exe => moved successfully
C:\ProgramData\upgsvr.exe => moved successfully
C:\Users\André\AppData\Roaming\svrupg.exe => moved successfully
C:\Users\André\AppData\Roaming\webad.xml => moved successfully
C:\Users\André\AppData\Roaming\msiql.exe => moved successfully
C:\Users\André\AppData\Roaming\Baidu => moved successfully
C:\ProgramData\baidu => moved successfully
C:\WINDOWS\system32\config.conf => moved successfully
C:\Users\Public\Documents\Baidu => moved successfully
C:\Users\André\AppData\Roaming\UpAuroraBrowser => moved successfully
C:\WINDOWS\system32\Drivers\etc\hp.bak => moved successfully
=========== "C:\Users\André\Downloads\?????????? ? Silent Aim'?.rar" ==========
C:\Users\André\Downloads\Информация о Silent Aim'е.rar => moved successfully
========= End -> "C:\Users\André\Downloads\?????????? ? Silent Aim'?.rar" ========
=========== "C:\Users\André\AppData\Local\????????e" ==========
not found
========= End -> "C:\Users\André\AppData\Local\????????e" ========
=========== "C:\Users\André\AppData\Local\?o??? ? ???e????" ==========
not found
========= End -> "C:\Users\André\AppData\Local\?o??? ? ???e????" ========
"C:\Users\André\AppData\Roaming\9f0a0d1998ec.exe" => not found.
"C:\Users\André\AppData\Roaming\download.exe" => not found.
"C:\Users\André\AppData\Roaming\msiql.exe" => not found.
"C:\Users\André\AppData\Roaming\svrupg.exe" => not found.
"C:\Users\André\AppData\Roaming\upgsvr.exe" => not found.
"C:\Users\André\AppData\Roaming\webad.xml" => not found.
"C:\Users\André\AppData\Roaming\yeaplayer_51479.exe" => not found.
"C:\ProgramData\HomePage.exe" => not found.
"C:\ProgramData\LightGate.exe" => not found.
"C:\ProgramData\upgsvr.exe" => not found.
"C:\ProgramData\webad.xml" => not found.
C:\ProgramData\xcgui_debug.txt => moved successfully
"C:\ProgramData\YeaPlayer_br_IBD_Bundle.exe" => not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{08E92328-1F5C-4421-870F-72C5765FDD95}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{08E92328-1F5C-4421-870F-72C5765FDD95}" => key removed successfully
C:\WINDOWS\System32\Tasks\AutoPico Daily Restart => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AutoPico Daily Restart" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3A5E8B69-1F4C-4BF5-B073-4B717293E160}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3A5E8B69-1F4C-4BF5-B073-4B717293E160}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\nethost task => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4F95BC58-E4DF-4CEE-9552-DFFA8ED45DB8}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4F95BC58-E4DF-4CEE-9552-DFFA8ED45DB8}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\crash_service => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{620497ED-7965-4DBB-925D-26EF65A50A2E}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{620497ED-7965-4DBB-925D-26EF65A50A2E}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Run_Bobby_Browser => key not found.
C:\Users\André\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk => Shortcut argument removed successfully.
C:\Users\André\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk => Shortcut argument removed successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk => Shortcut argument removed successfully.
C:\Users\Public\Desktop\Google Chrome.lnk => Shortcut argument removed successfully.
C:\Users\Public\Desktop\Mozilla Firefox.lnk => Shortcut argument removed successfully.
"C:\ProgramData\HomePage.exe" => not found.
"C:\ProgramData\LightGate.exe" => not found.
"C:\ProgramData\upgsvr.exe" => not found.
"C:\ProgramData\YeaPlayer_br_IBD_Bundle.exe" => not found.
Restore point was successfully created.
========= RemoveProxy: =========
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
HKU\S-1-5-21-4040206143-25492408-1982695725-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\S-1-5-21-4040206143-25492408-1982695725-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
========= End of RemoveProxy: =========
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.
EmptyTemp: => 575.4 MB temporary data Removed.
The system needed a reboot.
==== End of Fixlog 18:57:58 ====
Ran by André (2016-02-14 18:56:54) Run:1
Running from C:\Users\André\Desktop
Loaded Profiles: André (Available Profiles: André)
Boot Mode: Normal
==============================================
fixlist content:
*****************
start
CloseProcesses:
() C:\Program Files (x86)\CalendarTool\2.0.0.11189\CalendarServ.exe
() C:\Program Files (x86)\CalendarTool\2.0.0.11189\calendar.exe
HKLM-x32\...\Run: [LightGate] => c:\programdata\lightgate.exe [1081344 2015-12-04] ()
HKLM-x32\...\Run: [HomePageHelper] => c:\programdata\homepage.exe [1100288 2015-11-25] ()
HKU\S-1-5-21-4040206143-25492408-1982695725-1001\...\Run: [taskhost] => rundll32.exe C:\ProgramData\WindowsMsg\675D131108D4FD145B0BFBC68A3E018A.dll Start /DEFAULT
HKU\S-1-5-21-4040206143-25492408-1982695725-1001\...\Run: [Pritc] => c:\programdata\windows update\tmp\msdtc-.exe
HKU\S-1-5-21-4040206143-25492408-1982695725-1001\...\Run: [osmsg] => C:\ProgramData\WindowsMsg\osmsg.exe /RUNNING
HKU\S-1-5-21-4040206143-25492408-1982695725-1001\...\Run: [-] => C:\ProgramData\msiql.exe /RUNNING
HKU\S-1-5-21-4040206143-25492408-1982695725-1001\...\Run: [msiql] => C:\ProgramData\msiql.exe /RUNNING
HKU\S-1-5-18\...\Run: [Bus Comp] => C:\WINDOWS\system32\rundll32.exe "C:\WINDOWS\system32\config\systemprofile\AppData\Local\Bus Comp\{13C5DAFA-E7D7-55BC-2C5F-9C06ACE6B3CC}\BusComp.dll",#1 <===== ATTENTION
HKU\S-1-5-18\...\Run: [Bus Comp2] => C:\WINDOWS\system32\rundll32.exe "C:\WINDOWS\system32\config\systemprofile\AppData\Local\Bus Comp\{13C5DAFA-E7D7-55BC-2C5F-9C06ACE6B3CC}\humeobf.dll",#1
HKU\S-1-5-18\...\Run: [Pritc] => c:\programdata\windows update\tmp\msdtc-.exe
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yeabests.cc/
URLSearchHook: [S-1-5-21-4040206143-25492408-1982695725-1001] ATTENTION => Default URLSearchHook is missing
URLSearchHook: HKU\S-1-5-21-4040206143-25492408-1982695725-1001 - (No Name) - {0633EE93-D776-472f-A0FF-E1416B8B2E3D} - No File
SearchScopes: HKLM -> DefaultScope {59E9C8B1-74FD-4CB6-A815-9E96102F97BD} URL = hxxp://www.google.com/search?hl={language}&q={searchTerms}
SearchScopes: HKLM -> {59E9C8B1-74FD-4CB6-A815-9E96102F97BD} URL = hxxp://www.google.com/search?hl={language}&q={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {59E9C8B1-74FD-4CB6-A815-9E96102F97BD} URL = hxxp://www.google.com/search?hl={language}&q={searchTerms}
SearchScopes: HKLM-x32 -> {59E9C8B1-74FD-4CB6-A815-9E96102F97BD} URL = hxxp://www.google.com/search?hl={language}&q={searchTerms}
SearchScopes: HKU\S-1-5-21-4040206143-25492408-1982695725-1001 -> DefaultScope {59E9C8B1-74FD-4CB6-A815-9E96102F97BD} URL = hxxp://www.google.com/search?hl={language}&q={searchTerms}
SearchScopes: HKU\S-1-5-21-4040206143-25492408-1982695725-1001 -> {59E9C8B1-74FD-4CB6-A815-9E96102F97BD} URL = hxxp://www.google.com/search?hl={language}&q={searchTerms}
SearchScopes: HKU\S-1-5-21-4040206143-25492408-1982695725-1001 -> {FFEBBF0A-C22C-4172-89FF-45215A135AC7} URL = hxxp://go.mail.ru/distib/ep/?q={SearchTerms}&product_id=%7B178427F0-BFC1-45AF-82DE-1C3A3AEC83B9%7D&gp=801510
FF DefaultSearchEngine: ?????@Mail.Ru
FF SelectedSearchEngine: ?????@Mail.Ru
FF Homepage: hxxps://mail.ru/cnt/11956636?fr=ffhp&gp=801010
FF Keyword.URL: hxxp://go.mail.ru/distib/ep/?product_id=%7B2E6F3BE1-26AE-4E4A-BE73-6E7B0FD96012%7D&gp=801510
FF Homepage: hxxp://br.hao123.com/?tn=sdkc_inner_hp_09_hao123_br&guid=716994737e659b8cfd66d074ebe54e48
FF Extension: ???????? ???????? Mail.Ru - C:\Users\André\AppData\Roaming\Mozilla\Firefox\Profiles\yjul70qi.default\Extensions\homepage@mail.ru [2016-01-03]
FF Extension: ?????@Mail.Ru - C:\Users\André\AppData\Roaming\Mozilla\Firefox\Profiles\yjul70qi.default\Extensions\search@mail.ru [2016-01-03] [not signed]
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\40F1F475E61CA999DED8F514BFA0040040F1 [2016-01-10] <==== ATTENTION
CHR HomePage: Default -> mail.ru/cnt/11956636
CHR DefaultSearchURL: Default -> hxxp://go.mail.ru/search?q={searchTerms}&fr=xtn11
CHR DefaultSearchKeyword: Default -> mail.ru
CHR DefaultSuggestURL: Default -> hxxp://suggests.go.mail.ru/chrome?q={searchTerms}
S2 Service KMSELDI; C:\Program Files\KMSpico\Service_KMS.exe [966336 2014-12-04] (@ByELDI) [File not signed]
R2 TheCalendarService; C:\Program Files (x86)\CalendarTool\2.0.0.11189\CalendarServ.exe [141960 2015-12-25] ()
S2 Nikkafq; "C:\Users\André\AppData\Roaming\MadkOyo\Jilrosji.exe" -cms [X]
S3 X6va062; \??\C:\WINDOWS\SysWOW64\Drivers\X6va062 [X]
S1 yalyqmdu; \??\C:\WINDOWS\system32\drivers\yalyqmdu.sys [X]
2015-12-25 06:42 - 2015-12-25 06:42 - 00148104 _____ () C:\Program Files (x86)\CalendarTool\2.0.0.11189\CalendarEntry.dll
2015-12-25 06:42 - 2015-12-25 06:42 - 00141960 _____ () C:\Program Files (x86)\CalendarTool\2.0.0.11189\CalendarServ.exe
2015-12-25 06:42 - 2015-12-25 06:42 - 03934344 _____ () C:\Program Files (x86)\CalendarTool\2.0.0.11189\Calendar.exe
2015-12-25 06:42 - 2015-12-25 06:42 - 00543368 _____ () C:\Program Files (x86)\CalendarTool\2.0.0.11189\EVPTask.dll
2015-12-25 06:42 - 2015-12-25 06:42 - 00406664 _____ () C:\Program Files (x86)\CalendarTool\2.0.0.11189\EVPNet.dll
2015-12-25 06:41 - 2015-12-25 06:41 - 00428680 _____ () C:\Program Files (x86)\CalendarTool\2.0.0.11189\EVPDR.dll
2015-12-25 06:42 - 2015-12-25 06:42 - 00747144 _____ () C:\Program Files (x86)\CalendarTool\2.0.0.11189\EVPKernel.dll
2015-12-25 06:42 - 2015-12-25 06:42 - 00327304 _____ () C:\Program Files (x86)\CalendarTool\2.0.0.11189\EVPHelp.dll
2016-02-14 15:14 - 2016-02-14 15:51 - 00000000 ____D C:\Users\André\AppData\Roaming\CalendarTool
2016-02-14 15:13 - 2016-02-14 15:13 - 00000000 ____D C:\Users\Public\Documents\Guid
2016-02-14 14:48 - 2016-02-14 15:07 - 00000000 ____D C:\AdwCleaner
2016-02-14 14:44 - 2016-02-14 14:45 - 01508352 _____ C:\Users\André\Desktop\AdwCleaner.exe
2016-01-21 06:47 - 2015-11-25 15:31 - 01100288 _____ C:\ProgramData\HomePage.exe
2016-01-21 06:46 - 2015-12-10 15:43 - 00600312 _____ C:\ProgramData\YeaPlayer_br_IBD_Bundle.exe
2016-01-21 06:45 - 2016-02-14 15:34 - 00009441 _____ C:\ProgramData\webad.xml
2016-01-21 06:45 - 2015-12-04 13:14 - 01081344 _____ C:\ProgramData\LightGate.exe
2016-01-10 07:51 - 2016-02-14 15:50 - 00000000 ____D C:\ProgramData\WindowsMsg
2016-01-10 07:51 - 2016-02-14 15:50 - 00000000 ____D C:\Program Files (x86)\osTip
2016-01-10 07:39 - 2016-01-10 07:39 - 00000000 ____D C:\Users\André\AppData\Local\Tempfolder
2016-01-10 07:31 - 2016-01-28 19:22 - 00000000 ____D C:\Users\André\AppData\Roaming\LightGate
2016-01-10 07:29 - 2016-01-10 07:29 - 01746288 _____ C:\Users\André\AppData\Roaming\9f0a0d1998ec.exe
2016-01-10 07:29 - 2016-01-10 07:29 - 00000000 ____D C:\Users\André\AppData\Local\Yeaplayer
2016-01-10 07:29 - 2015-12-10 08:39 - 01015808 _____ (d) C:\Users\André\AppData\Roaming\download.exe
2016-01-10 07:29 - 2015-11-30 15:45 - 02496403 _____ ( ) C:\Users\André\AppData\Roaming\yeaplayer_51479.exe
2016-01-10 07:28 - 2016-01-21 06:45 - 00000000 ____D C:\ProgramData\Windows Update
2016-01-10 07:28 - 2016-01-10 14:42 - 01752576 _____ C:\Users\André\AppData\Roaming\upgsvr.exe
2016-01-10 07:28 - 2016-01-10 14:42 - 01752576 _____ C:\ProgramData\upgsvr.exe
2016-01-10 07:28 - 2016-01-10 07:30 - 00000000 _____ C:\Users\André\AppData\Roaming\svrupg.exe
2016-01-10 07:28 - 2016-01-10 07:28 - 00004782 _____ C:\Users\André\AppData\Roaming\webad.xml
2016-01-10 07:28 - 2016-01-08 11:10 - 02413056 _____ C:\Users\André\AppData\Roaming\msiql.exe
2016-01-10 07:27 - 2016-01-10 08:29 - 00000000 ____D C:\Users\André\AppData\Roaming\Baidu
2016-01-10 07:27 - 2016-01-10 08:29 - 00000000 ____D C:\ProgramData\baidu
2016-01-10 07:27 - 2016-01-10 07:27 - 00000015 _____ C:\WINDOWS\system32\config.conf
2016-01-10 07:27 - 2016-01-10 07:27 - 00000000 ____D C:\Users\Public\Documents\Baidu
2016-01-10 07:26 - 2016-01-10 07:59 - 00000000 ____D C:\Users\André\AppData\Roaming\UpAuroraBrowser
2016-01-10 06:53 - 2016-01-10 06:52 - 00000967 _____ C:\WINDOWS\system32\Drivers\etc\hp.bak
2016-01-10 06:21 - 2016-01-10 06:22 - 00044880 _____ C:\Users\André\Downloads\?????????? ? Silent Aim'?.rar
2016-01-03 23:38 - 2016-01-03 23:38 - 00000000 ____D C:\Users\André\AppData\Local\????????e
2016-01-03 23:33 - 2016-01-03 23:33 - 00000000 ____D C:\Users\André\AppData\Local\?o??? ? ???e????
2016-01-10 07:29 - 2016-01-10 07:29 - 1746288 _____ () C:\Users\André\AppData\Roaming\9f0a0d1998ec.exe
2016-01-10 07:29 - 2015-12-10 08:39 - 1015808 _____ (d) C:\Users\André\AppData\Roaming\download.exe
2016-01-10 07:28 - 2016-01-08 11:10 - 2413056 _____ () C:\Users\André\AppData\Roaming\msiql.exe
2016-01-10 07:28 - 2016-01-10 07:30 - 0000000 _____ () C:\Users\André\AppData\Roaming\svrupg.exe
2016-01-10 07:28 - 2016-01-10 14:42 - 1752576 _____ () C:\Users\André\AppData\Roaming\upgsvr.exe
2016-01-10 07:28 - 2016-01-10 07:28 - 0004782 _____ () C:\Users\André\AppData\Roaming\webad.xml
2016-01-10 07:29 - 2015-11-30 15:45 - 2496403 _____ () C:\Users\André\AppData\Roaming\yeaplayer_51479.exe
2016-01-21 06:47 - 2015-11-25 15:31 - 1100288 _____ () C:\ProgramData\HomePage.exe
2016-01-21 06:45 - 2015-12-04 13:14 - 1081344 _____ () C:\ProgramData\LightGate.exe
2016-01-10 07:28 - 2016-01-10 14:42 - 1752576 _____ () C:\ProgramData\upgsvr.exe
2016-01-21 06:45 - 2016-02-14 15:34 - 0009441 _____ () C:\ProgramData\webad.xml
2016-01-23 04:06 - 2016-01-23 04:06 - 0000161 _____ () C:\ProgramData\xcgui_debug.txt
2016-01-21 06:46 - 2015-12-10 15:43 - 0600312 _____ () C:\ProgramData\YeaPlayer_br_IBD_Bundle.exe
Task: {08E92328-1F5C-4421-870F-72C5765FDD95} - System32\Tasks\AutoPico Daily Restart => C:\Program Files\KMSpico\AutoPico.exe [2014-12-04] (@ByELDI)
Task: {3A5E8B69-1F4C-4BF5-B073-4B717293E160} - \nethost task -> No File <==== ATTENTION
Task: {4F95BC58-E4DF-4CEE-9552-DFFA8ED45DB8} - \crash_service -> No File <==== ATTENTION
Task: {620497ED-7965-4DBB-925D-26EF65A50A2E} - \Run_Bobby_Browser -> No File <==== ATTENTION
ShortcutWithArgument: C:\Users\André\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.yeabests.cc/
ShortcutWithArgument: C:\Users\André\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.yeabests.cc/
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://www.yeabests.cc/
ShortcutWithArgument: C:\Users\Public\Desktop\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.yeabests.cc/
ShortcutWithArgument: C:\Users\Public\Desktop\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://www.yeabests.cc/
C:\ProgramData\HomePage.exe
C:\ProgramData\LightGate.exe
C:\ProgramData\upgsvr.exe
C:\ProgramData\YeaPlayer_br_IBD_Bundle.exe
CreateRestorePoint:
RemoveProxy:
EmptyTemp:
Reboot:
Hosts:
end
*****************
Processes closed successfully.
C:\Program Files (x86)\CalendarTool\2.0.0.11189\CalendarServ.exe => No running process found
C:\Program Files (x86)\CalendarTool\2.0.0.11189\calendar.exe => No running process found
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\LightGate => value removed successfully
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\HomePageHelper => value removed successfully
HKU\S-1-5-21-4040206143-25492408-1982695725-1001\Software\Microsoft\Windows\CurrentVersion\Run\\taskhost => value removed successfully
HKU\S-1-5-21-4040206143-25492408-1982695725-1001\Software\Microsoft\Windows\CurrentVersion\Run\\Pritc => value removed successfully
HKU\S-1-5-21-4040206143-25492408-1982695725-1001\Software\Microsoft\Windows\CurrentVersion\Run\\osmsg => value removed successfully
HKU\S-1-5-21-4040206143-25492408-1982695725-1001\Software\Microsoft\Windows\CurrentVersion\Run\\- => value removed successfully
HKU\S-1-5-21-4040206143-25492408-1982695725-1001\Software\Microsoft\Windows\CurrentVersion\Run\\msiql => value removed successfully
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run\\Bus Comp => value removed successfully
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run\\Bus Comp2 => value removed successfully
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run\\Pritc => value removed successfully
"HKLM\SOFTWARE\Policies\Google" => key removed successfully
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page => value removed successfully
Could not restore Default URLSearchHook.
HKU\S-1-5-21-4040206143-25492408-1982695725-1001\Software\Microsoft\Internet Explorer\URLSearchHooks\\{0633EE93-D776-472f-A0FF-E1416B8B2E3D} => value removed successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{59E9C8B1-74FD-4CB6-A815-9E96102F97BD}" => key removed successfully
HKCR\CLSID\{59E9C8B1-74FD-4CB6-A815-9E96102F97BD} => key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{59E9C8B1-74FD-4CB6-A815-9E96102F97BD}" => key removed successfully
HKCR\Wow6432Node\CLSID\{59E9C8B1-74FD-4CB6-A815-9E96102F97BD} => key not found.
HKU\S-1-5-21-4040206143-25492408-1982695725-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
"HKU\S-1-5-21-4040206143-25492408-1982695725-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{59E9C8B1-74FD-4CB6-A815-9E96102F97BD}" => key removed successfully
HKCR\CLSID\{59E9C8B1-74FD-4CB6-A815-9E96102F97BD} => key not found.
"HKU\S-1-5-21-4040206143-25492408-1982695725-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{FFEBBF0A-C22C-4172-89FF-45215A135AC7}" => key removed successfully
HKCR\CLSID\{FFEBBF0A-C22C-4172-89FF-45215A135AC7} => key not found.
Firefox DefaultSearchEngine removed successfully
Firefox SelectedSearchEngine removed successfully
Firefox "homepage" removed successfully
Firefox "Keyword.URL" removed successfully
FF Homepage: hxxp://br.hao123.com/?tn=sdkc_inner_hp_09_hao123_br&guid=716994737e659b8cfd66d074ebe54e48 => not found
C:\Users\André\AppData\Roaming\Mozilla\Firefox\Profiles\yjul70qi.default\Extensions\homepage@mail.ru => moved successfully
C:\Users\André\AppData\Roaming\Mozilla\Firefox\Profiles\yjul70qi.default\Extensions\search@mail.ru => moved successfully
C:\Program Files (x86)\mozilla firefox\40F1F475E61CA999DED8F514BFA0040040F1 => moved successfully
Chrome HomePage => removed successfully
Chrome DefaultSearchURL => removed successfully
Chrome DefaultSearchKeyword => removed successfully
Chrome DefaultSuggestURL => removed successfully
Service KMSELDI => service removed successfully
TheCalendarService => service not found.
Nikkafq => service removed successfully
X6va062 => service removed successfully
yalyqmdu => service removed successfully
"C:\Program Files (x86)\CalendarTool\2.0.0.11189\CalendarEntry.dll" => not found.
"C:\Program Files (x86)\CalendarTool\2.0.0.11189\CalendarServ.exe" => not found.
"C:\Program Files (x86)\CalendarTool\2.0.0.11189\Calendar.exe" => not found.
"C:\Program Files (x86)\CalendarTool\2.0.0.11189\EVPTask.dll" => not found.
"C:\Program Files (x86)\CalendarTool\2.0.0.11189\EVPNet.dll" => not found.
"C:\Program Files (x86)\CalendarTool\2.0.0.11189\EVPDR.dll" => not found.
"C:\Program Files (x86)\CalendarTool\2.0.0.11189\EVPKernel.dll" => not found.
"C:\Program Files (x86)\CalendarTool\2.0.0.11189\EVPHelp.dll" => not found.
"C:\Users\André\AppData\Roaming\CalendarTool" => not found.
C:\Users\Public\Documents\Guid => moved successfully
C:\AdwCleaner => moved successfully
C:\Users\André\Desktop\AdwCleaner.exe => moved successfully
C:\ProgramData\HomePage.exe => moved successfully
C:\ProgramData\YeaPlayer_br_IBD_Bundle.exe => moved successfully
C:\ProgramData\webad.xml => moved successfully
C:\ProgramData\LightGate.exe => moved successfully
C:\ProgramData\WindowsMsg => moved successfully
C:\Program Files (x86)\osTip => moved successfully
C:\Users\André\AppData\Local\Tempfolder => moved successfully
C:\Users\André\AppData\Roaming\LightGate => moved successfully
C:\Users\André\AppData\Roaming\9f0a0d1998ec.exe => moved successfully
C:\Users\André\AppData\Local\Yeaplayer => moved successfully
C:\Users\André\AppData\Roaming\download.exe => moved successfully
C:\Users\André\AppData\Roaming\yeaplayer_51479.exe => moved successfully
C:\ProgramData\Windows Update => moved successfully
C:\Users\André\AppData\Roaming\upgsvr.exe => moved successfully
C:\ProgramData\upgsvr.exe => moved successfully
C:\Users\André\AppData\Roaming\svrupg.exe => moved successfully
C:\Users\André\AppData\Roaming\webad.xml => moved successfully
C:\Users\André\AppData\Roaming\msiql.exe => moved successfully
C:\Users\André\AppData\Roaming\Baidu => moved successfully
C:\ProgramData\baidu => moved successfully
C:\WINDOWS\system32\config.conf => moved successfully
C:\Users\Public\Documents\Baidu => moved successfully
C:\Users\André\AppData\Roaming\UpAuroraBrowser => moved successfully
C:\WINDOWS\system32\Drivers\etc\hp.bak => moved successfully
=========== "C:\Users\André\Downloads\?????????? ? Silent Aim'?.rar" ==========
C:\Users\André\Downloads\Информация о Silent Aim'е.rar => moved successfully
========= End -> "C:\Users\André\Downloads\?????????? ? Silent Aim'?.rar" ========
=========== "C:\Users\André\AppData\Local\????????e" ==========
not found
========= End -> "C:\Users\André\AppData\Local\????????e" ========
=========== "C:\Users\André\AppData\Local\?o??? ? ???e????" ==========
not found
========= End -> "C:\Users\André\AppData\Local\?o??? ? ???e????" ========
"C:\Users\André\AppData\Roaming\9f0a0d1998ec.exe" => not found.
"C:\Users\André\AppData\Roaming\download.exe" => not found.
"C:\Users\André\AppData\Roaming\msiql.exe" => not found.
"C:\Users\André\AppData\Roaming\svrupg.exe" => not found.
"C:\Users\André\AppData\Roaming\upgsvr.exe" => not found.
"C:\Users\André\AppData\Roaming\webad.xml" => not found.
"C:\Users\André\AppData\Roaming\yeaplayer_51479.exe" => not found.
"C:\ProgramData\HomePage.exe" => not found.
"C:\ProgramData\LightGate.exe" => not found.
"C:\ProgramData\upgsvr.exe" => not found.
"C:\ProgramData\webad.xml" => not found.
C:\ProgramData\xcgui_debug.txt => moved successfully
"C:\ProgramData\YeaPlayer_br_IBD_Bundle.exe" => not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{08E92328-1F5C-4421-870F-72C5765FDD95}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{08E92328-1F5C-4421-870F-72C5765FDD95}" => key removed successfully
C:\WINDOWS\System32\Tasks\AutoPico Daily Restart => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AutoPico Daily Restart" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3A5E8B69-1F4C-4BF5-B073-4B717293E160}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3A5E8B69-1F4C-4BF5-B073-4B717293E160}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\nethost task => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4F95BC58-E4DF-4CEE-9552-DFFA8ED45DB8}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4F95BC58-E4DF-4CEE-9552-DFFA8ED45DB8}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\crash_service => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{620497ED-7965-4DBB-925D-26EF65A50A2E}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{620497ED-7965-4DBB-925D-26EF65A50A2E}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Run_Bobby_Browser => key not found.
C:\Users\André\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk => Shortcut argument removed successfully.
C:\Users\André\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk => Shortcut argument removed successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk => Shortcut argument removed successfully.
C:\Users\Public\Desktop\Google Chrome.lnk => Shortcut argument removed successfully.
C:\Users\Public\Desktop\Mozilla Firefox.lnk => Shortcut argument removed successfully.
"C:\ProgramData\HomePage.exe" => not found.
"C:\ProgramData\LightGate.exe" => not found.
"C:\ProgramData\upgsvr.exe" => not found.
"C:\ProgramData\YeaPlayer_br_IBD_Bundle.exe" => not found.
Restore point was successfully created.
========= RemoveProxy: =========
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
HKU\S-1-5-21-4040206143-25492408-1982695725-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\S-1-5-21-4040206143-25492408-1982695725-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
========= End of RemoveProxy: =========
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.
EmptyTemp: => 575.4 MB temporary data Removed.
The system needed a reboot.
==== End of Fixlog 18:57:58 ====