Publicité
Publicité
Format du document : text/plain
Prévisualisation
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:17-04-2016
Ran by Ronan (administrator) on RONAN-PC (17-04-2016 10:56:18)
Running from C:\Users\Ronan\Downloads
Loaded Profiles: Ronan (Available Profiles: Ronan)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: Inglês (Estados Unidos)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
() C:\Program Files (x86)\03000200-1460500065-0500-0006-000700080009\knspF947.tmpfs
(AVAST Software) C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe
() C:\Users\Ronan\AppData\Roaming\Mafcaedbew\Mafcaedbew.exe
(DotC United Inc) C:\Program Files (x86)\MPC Cleaner\MPCProtectService.exe
() C:\Program Files (x86)\03000200-1460500065-0500-0006-000700080009\hnsa3630.tmp
() C:\Program Files (x86)\03000200-1460500065-0500-0006-000700080009\jnsp1555.tmp
(Microsoft Corporation) C:\Users\Ronan\AppData\Roaming\XBox\XBLive.exe
(Microsoft Corporation) C:\Windows\System32\UI0Detect.exe
() C:\ProgramData\msiql.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
() C:\Users\Ronan\AppData\Roaming\Mafcaedbew\Nongekoag.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
() C:\Users\Ronan\AppData\Roaming\cpuminer\cpm.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
() C:\ProgramData\msiql.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
() C:\ProgramData\WindowsMsg\osmsg.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(VLOME) C:\Users\Ronan\AppData\Local\Temp\is-QIEK0.tmp\print.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
() C:\Program Files\ByteFence\rtop\bin\rtop_svc.exe
() C:\Program Files\ByteFence\rtop\bin\rtop_bg.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Reason Software Company Inc.) C:\Program Files\ByteFence\rsEngineHelper.exe
(Reason Software Company Inc.) C:\Program Files\ByteFence\rsEngineHelper.exe
(Reason Software Company Inc.) C:\Program Files\ByteFence\rsEngineHelper.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [558496 2014-02-27] (Adobe Systems Incorporated)
HKLM\...\Run: [cpuminer] => C:\Users\Ronan\AppData\Roaming\cpuminer\cpm.exe [1417216 2016-03-31] ()
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-27] (Microsoft Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [mbot_en_037050293] => [X]
HKLM-x32\...\Run: [mpck_en_005030296] => [X]
HKLM-x32\...\Run: [LightGate] => C:\ProgramData\LightGate.exe [1081344 2015-12-04] ()
HKLM-x32\...\Run: [rec_en_252] => [X]
HKLM-x32\...\Run: [HomePageHelper] => C:\ProgramData\HomePage.exe [1100288 2015-11-25] ()
HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1377734129-2777699945-316570568-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7451928 2015-03-13] (Piriform Ltd)
HKU\S-1-5-21-1377734129-2777699945-316570568-1000\...\Run: [msiql] => C:\ProgramData\msiql.exe [1920000 2016-04-13] ()
HKU\S-1-5-21-1377734129-2777699945-316570568-1000\...\Run: [osmsg] => C:\ProgramData\WindowsMsg\osmsg.exe [2055168 2016-04-16] ()
HKU\S-1-5-21-1377734129-2777699945-316570568-1000\...\Run: [Pritc] => C:\Users\Ronan\AppData\Local\Temp\is-QIEK0.tmp\print.exe [2955264 2016-03-03] (VLOME) <===== ATTENTION
HKU\S-1-5-21-1377734129-2777699945-316570568-1000\...\MountPoints2: {bd516747-e1ff-11e4-8c1a-806e6f6e6963} - E:\setup.exe
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
ShellIconOverlayIdentifiers: [BaiduAntivirusIconLock] -> {0A93904A-BB1E-4a0c-9753-B57B9AE272CC} => No File
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WebBrowserMixVideoPlayer.lnk [2016-04-17]
ShortcutTarget: WebBrowserMixVideoPlayer.lnk -> C:\Program Files (x86)\MixVideoPlayer\BrowserWeb.exe (No File)
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Winsock: Catalog5 07 C:\ProgramData\System32\SafeGuard32.dll No File
Winsock: Catalog9 01 C:\Windows\system32\LavasoftTcpService.dll No File
Winsock: Catalog9 02 C:\Windows\system32\LavasoftTcpService.dll No File
Winsock: Catalog9 03 C:\Windows\system32\LavasoftTcpService.dll No File
Winsock: Catalog9 04 C:\Windows\system32\LavasoftTcpService.dll No File
Winsock: Catalog9 15 C:\Windows\system32\LavasoftTcpService.dll No File
Winsock: Catalog5-x64 07 C:\ProgramData\System32\SafeGuard64.dll [3587000 2016-04-12] ()
Winsock: Catalog9-x64 01 C:\Windows\system32\LavasoftTcpService64.dll [422400 2015-07-13] (Lavasoft Limited)
Winsock: Catalog9-x64 02 C:\Windows\system32\LavasoftTcpService64.dll [422400 2015-07-13] (Lavasoft Limited)
Winsock: Catalog9-x64 03 C:\Windows\system32\LavasoftTcpService64.dll [422400 2015-07-13] (Lavasoft Limited)
Winsock: Catalog9-x64 04 C:\Windows\system32\LavasoftTcpService64.dll [422400 2015-07-13] (Lavasoft Limited)
Winsock: Catalog9-x64 15 C:\Windows\system32\LavasoftTcpService64.dll [422400 2015-07-13] (Lavasoft Limited)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{70623A62-4780-4148-AB9C-A9805767BC66}: [NameServer] 104.197.191.4
Tcpip\..\Interfaces\{70623A62-4780-4148-AB9C-A9805767BC66}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}: [NameServer] 104.197.191.4
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yeabests.cc/
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxps://br.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_nwmeddnld_16_16¶m1=1¶m2=f%3D1%26b%3DIE%26cc%3Dbr%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzutCtDyBzz0DtB0B0CyCyBtBtD0EtByC0FtN0D0Tzu0StCyDyCzztN1L2XzutAtFtBtCtFtDtFtCtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2SyD0F0D0FtAyD0ByDtGyD0D0ByBtG0AyDyD0BtGtC0BtByBtG0A0C0EtDyCyB0E0EtBtByCtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2StB0F0E0D0D0D0DtDtGtD0ByB0FtGyE0FtD0CtGzyyCzztCtGyD0B0AyDtCtCzy0AyEzyyC0F2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCzzyBtD%26cr%3D1464319052%26a%3Dwbf_nwmeddnld_16_16%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = web/?type=dspp&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = web/?type=dspp&q={searchTerms}
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yeabests.cc/
HKU\S-1-5-21-1377734129-2777699945-316570568-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
HKU\S-1-5-21-1377734129-2777699945-316570568-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yeabests.cc/
HKU\S-1-5-21-1377734129-2777699945-316570568-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxps://www.google.com/?trackid=sp-006
SearchScopes: HKLM -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = hxxps://br.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_nwmeddnld_16_16¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dbr%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzutCtDyBzz0DtB0B0CyCyBtBtD0EtByC0FtN0D0Tzu0StCyDyCzztN1L2XzutAtFtBtCtFtDtFtCtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2SyD0F0D0FtAyD0ByDtGyD0D0ByBtG0AyDyD0BtGtC0BtByBtG0A0C0EtDyCyB0E0EtBtByCtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2StB0F0E0D0D0D0DtDtGtD0ByB0FtGyE0FtD0CtGzyyCzztCtGyD0B0AyDtCtCzy0AyEzyyC0F2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCzzyBtD%26cr%3D1464319052%26a%3Dwbf_nwmeddnld_16_16%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate&p={searchTerms}
SearchScopes: HKLM -> {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} URL = hxxps://br.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_nwmeddnld_16_16¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dbr%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzutCtDyBzz0DtB0B0CyCyBtBtD0EtByC0FtN0D0Tzu0StCyDyCzztN1L2XzutAtFtBtCtFtDtFtCtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2SyD0F0D0FtAyD0ByDtGyD0D0ByBtG0AyDyD0BtGtC0BtByBtG0A0C0EtDyCyB0E0EtBtByCtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2StB0F0E0D0D0D0DtDtGtD0ByB0FtGyE0FtD0CtGzyyCzztCtGyD0B0AyDtCtCzy0AyEzyyC0F2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCzzyBtD%26cr%3D1464319052%26a%3Dwbf_nwmeddnld_16_16%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate&p={searchTerms}
SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = web/?type=dspp&q={searchTerms}
SearchScopes: HKLM-x32 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1377734129-2777699945-316570568-1000 -> DefaultScope {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} URL = hxxps://br.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_nwmeddnld_16_16¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dbr%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzutCtDyBzz0DtB0B0CyCyBtBtD0EtByC0FtN0D0Tzu0StCyDyCzztN1L2XzutAtFtBtCtFtDtFtCtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2SyD0F0D0FtAyD0ByDtGyD0D0ByBtG0AyDyD0BtGtC0BtByBtG0A0C0EtDyCyB0E0EtBtByCtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2StB0F0E0D0D0D0DtDtGtD0ByB0FtGyE0FtD0CtGzyyCzztCtGyD0B0AyDtCtCzy0AyEzyyC0F2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCzzyBtD%26cr%3D1464319052%26a%3Dwbf_nwmeddnld_16_16%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate&p={searchTerms}
SearchScopes: HKU\S-1-5-21-1377734129-2777699945-316570568-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1377734129-2777699945-316570568-1000 -> {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL =
SearchScopes: HKU\S-1-5-21-1377734129-2777699945-316570568-1000 -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = hxxp://www.mystart.com/results.php?gen=ms&pr=vmn&id=mystarttb&v=5_5&ent=ch_5153&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1377734129-2777699945-316570568-1000 -> {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} URL = hxxps://br.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_nwmeddnld_16_16¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dbr%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzutCtDyBzz0DtB0B0CyCyBtBtD0EtByC0FtN0D0Tzu0StCyDyCzztN1L2XzutAtFtBtCtFtDtFtCtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2SyD0F0D0FtAyD0ByDtGyD0D0ByBtG0AyDyD0BtGtC0BtByBtG0A0C0EtDyCyB0E0EtBtByCtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2StB0F0E0D0D0D0DtDtGtD0ByB0FtGyE0FtD0CtGzyyCzztCtGyD0B0AyDtCtCzy0AyEzyyC0F2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCzzyBtD%26cr%3D1464319052%26a%3Dwbf_nwmeddnld_16_16%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate&p={searchTerms}
SearchScopes: HKU\S-1-5-21-1377734129-2777699945-316570568-1000 -> {BAA72105-AEBB-4AAD-A43E-533F269EF30F} URL =
SearchScopes: HKU\S-1-5-21-1377734129-2777699945-316570568-1000 -> {E733165D-CBCF-4FDA-883E-ADEF965B476C} URL =
SearchScopes: HKU\S-1-5-21-1377734129-2777699945-316570568-1000 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2015-04-21] (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2015-04-21] (Oracle Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2006-10-27] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2015-04-21] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2015-04-21] (Oracle Corporation)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
FireFox:
========
FF ProfilePath: C:\Users\Ronan\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1
FF NewTab: about:newtab
FF DefaultSearchEngine: yessearches
FF DefaultSearchEngine.US: data:text/plain,browser.search.defaultenginename.US=yessearches
FF SelectedSearchEngine: Search Provided by Yahoo
FF Homepage: hxxps://br.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_nwmeddnld_16_16¶m1=1¶m2=f%3D1%26b%3DFirefox%26cc%3Dbr%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzutCtDyBzz0DtB0B0CyCyBtBtD0EtByC0FtN0D0Tzu0StCyDyCzztN1L2XzutAtFtBtCtFtDtFtCtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2SyD0F0D0FtAyD0ByDtGyD0D0ByBtG0AyDyD0BtGtC0BtByBtG0A0C0EtDyCyB0E0EtBtByCtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2StB0F0E0D0D0D0DtDtGtD0ByB0FtGyE0FtD0CtGzyyCzztCtGyD0B0AyDtCtCzy0AyEzyyC0F2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCzzyBtD%26cr%3D1464319052%26a%3Dwbf_nwmeddnld_16_16%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate
FF Keyword.URL: hxxp://www.yessearches.com/chrome.php?uid=7C2E062ACC7A4D350E9A2CE4A703E4DE&ptid=wak&ts=AHEqA3EtCHUrA0..&v=20160412&mode=ffexttoolbar&q=
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_21_0_0_213.dll [2016-04-07] ()
FF Plugin: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2015-04-21] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2015-04-21] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll [2013-09-13] ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-16] (VideoLAN)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2014-04-28] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_213.dll [2016-04-07] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1219160.dll [2015-07-23] (Adobe Systems, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2015-04-21] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2015-04-21] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll [2013-09-13] ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-03-21] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-03-21] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-12-18] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2014-04-28] (Adobe Systems)
FF Plugin HKU\S-1-5-21-1377734129-2777699945-316570568-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Ronan\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-06-16] (Unity Technologies ApS)
FF user.js: detected! => C:\Users\Ronan\AppData\Roaming\Mozilla\Firefox\Profiles\yq5l2dbr.default-1458606847948\user.js [2016-04-12]
FF SearchPlugin: C:\Users\Ronan\AppData\Roaming\Mozilla\Firefox\Profiles\yq5l2dbr.default-1458606847948\searchplugins\Search Provided by Yahoo.xml [2016-04-17]
FF SearchPlugin: C:\Users\Ronan\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\searchplugins\DD1B66D4.xml [2016-04-12]
FF SearchPlugin: C:\Users\Ronan\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\searchplugins\Search Provided by Yahoo.xml [2016-04-17]
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\mystarttb.xml [2016-04-17]
FF Extension: Adblock Plus - C:\Users\Ronan\AppData\Roaming\Mozilla\Firefox\Profiles\yq5l2dbr.default-1458606847948\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-04-05]
FF Extension: GsearchFinder - C:\Users\Ronan\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\Extensions\@E9438230-A7DF-4D1F-8F2D-CA1D0F0F7924.xpi [2016-04-12]
FF Extension: Adblock Plus - C:\Users\Ronan\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-04-05]
StartMenuInternet: FIREFOX.EXE - firefox.exe
Chrome:
=======
CHR HomePage: Default -> search.mpc.am
CHR StartupUrls: Default -> "search.mpc.am"
CHR DefaultSearchURL: Default -> hxxp://search.mpc.am?q={searchTerms}&cx=partner-pub-3796753109442372:3837783968
CHR DefaultSearchKeyword: Default -> mpc safe search
CHR Profile: C:\Users\Ronan\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (iClic) - C:\Users\Ronan\AppData\Local\Google\Chrome\User Data\Default\Extensions\cdheemmmofkcnmjpfgjefmacenlklncp [2015-08-29]
CHR Extension: (Pagamentos da Chrome Web Store) - C:\Users\Ronan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-02]
CHR HKLM\...\Chrome\Extension: [bahkljhhdeciiaodlkppoonappfnheoi] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-1377734129-2777699945-316570568-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bahkljhhdeciiaodlkppoonappfnheoi] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [bahkljhhdeciiaodlkppoonappfnheoi] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [ijepgjdjkdbopbnaopmlmobimmhjklhd] - hxxps://clients2.google.com/service/update2/crx
==================== Services (Whitelisted) ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S2 BugreportW; C:\Program Files (x86)\yesbnd\mbat.exe [990336 2016-04-12] ()
S2 GoogleChromeUpService; C:\ProgramData\service.exe [1747456 2016-04-12] () [File not signed]
R2 Guasy; C:\Users\Ronan\AppData\Roaming\Mafcaedbew\Mafcaedbew.exe [174448 2016-04-12] ()
R2 MPCProtectService; C:\Program Files (x86)\MPC Cleaner\MPCProtectService.exe [350688 2016-04-16] (DotC United Inc)
S2 rijufoze; C:\Program Files (x86)\03000200-1460500065-0500-0006-000700080009\hnsa3630.tmp [138240 2016-04-12] () [File not signed]
S2 rocufyky; C:\Program Files (x86)\03000200-1460500065-0500-0006-000700080009\jnsp1555.tmp [389632 2016-04-12] () [File not signed]
R2 rtop; C:\Program Files\ByteFence\rtop\bin\rtop_svc.exe [254264 2016-04-17] ()
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 XBox; C:\Users\Ronan\AppData\Roaming\XBox\XBLive.exe [5906904 2016-02-27] (Microsoft Corporation)
S2 Avira.ServiceHost; "C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe" [X]
S2 begicykozbt; C:\Program Files (x86)\03000200-1460500065-0500-0006-000700080009\knspF947.tmpfs [X]
S2 FedaryqeuleServerSrv; "C:\Program Files (x86)\Fedaryqeule\FedaryqeuleServerSrv.exe" {79740E79-A383-47A7-B513-3DF6563D007F} {A16B1AF7-982D-40C3-B5C1-633E1A6A6678} [X]
===================== Drivers (Whitelisted) ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R1 cherimoya; C:\Windows\System32\drivers\cherimoya.sys [82752 2016-04-12] (Cherimoya Ltd)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R1 egg_protect; C:\Windows\EProtect_amd64.sys [19856 2016-04-16] ()
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [113880 2016-04-13] (Malwarebytes Corporation)
R1 MPCKpt; C:\Windows\System32\DRIVERS\MPCKpt.sys [60136 2016-04-16] (DotC United Inc)
R1 ssfilterdrv; C:\Windows\System32\drivers\ssfilterdrv.sys [51520 2014-12-08] (Windows (R) Win 7 DDK provider)
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Ran by Ronan (administrator) on RONAN-PC (17-04-2016 10:56:18)
Running from C:\Users\Ronan\Downloads
Loaded Profiles: Ronan (Available Profiles: Ronan)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: Inglês (Estados Unidos)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
() C:\Program Files (x86)\03000200-1460500065-0500-0006-000700080009\knspF947.tmpfs
(AVAST Software) C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe
() C:\Users\Ronan\AppData\Roaming\Mafcaedbew\Mafcaedbew.exe
(DotC United Inc) C:\Program Files (x86)\MPC Cleaner\MPCProtectService.exe
() C:\Program Files (x86)\03000200-1460500065-0500-0006-000700080009\hnsa3630.tmp
() C:\Program Files (x86)\03000200-1460500065-0500-0006-000700080009\jnsp1555.tmp
(Microsoft Corporation) C:\Users\Ronan\AppData\Roaming\XBox\XBLive.exe
(Microsoft Corporation) C:\Windows\System32\UI0Detect.exe
() C:\ProgramData\msiql.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
() C:\Users\Ronan\AppData\Roaming\Mafcaedbew\Nongekoag.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
() C:\Users\Ronan\AppData\Roaming\cpuminer\cpm.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
() C:\ProgramData\msiql.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
() C:\ProgramData\WindowsMsg\osmsg.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(VLOME) C:\Users\Ronan\AppData\Local\Temp\is-QIEK0.tmp\print.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
() C:\Program Files\ByteFence\rtop\bin\rtop_svc.exe
() C:\Program Files\ByteFence\rtop\bin\rtop_bg.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Reason Software Company Inc.) C:\Program Files\ByteFence\rsEngineHelper.exe
(Reason Software Company Inc.) C:\Program Files\ByteFence\rsEngineHelper.exe
(Reason Software Company Inc.) C:\Program Files\ByteFence\rsEngineHelper.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [558496 2014-02-27] (Adobe Systems Incorporated)
HKLM\...\Run: [cpuminer] => C:\Users\Ronan\AppData\Roaming\cpuminer\cpm.exe [1417216 2016-03-31] ()
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-27] (Microsoft Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [mbot_en_037050293] => [X]
HKLM-x32\...\Run: [mpck_en_005030296] => [X]
HKLM-x32\...\Run: [LightGate] => C:\ProgramData\LightGate.exe [1081344 2015-12-04] ()
HKLM-x32\...\Run: [rec_en_252] => [X]
HKLM-x32\...\Run: [HomePageHelper] => C:\ProgramData\HomePage.exe [1100288 2015-11-25] ()
HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1377734129-2777699945-316570568-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7451928 2015-03-13] (Piriform Ltd)
HKU\S-1-5-21-1377734129-2777699945-316570568-1000\...\Run: [msiql] => C:\ProgramData\msiql.exe [1920000 2016-04-13] ()
HKU\S-1-5-21-1377734129-2777699945-316570568-1000\...\Run: [osmsg] => C:\ProgramData\WindowsMsg\osmsg.exe [2055168 2016-04-16] ()
HKU\S-1-5-21-1377734129-2777699945-316570568-1000\...\Run: [Pritc] => C:\Users\Ronan\AppData\Local\Temp\is-QIEK0.tmp\print.exe [2955264 2016-03-03] (VLOME) <===== ATTENTION
HKU\S-1-5-21-1377734129-2777699945-316570568-1000\...\MountPoints2: {bd516747-e1ff-11e4-8c1a-806e6f6e6963} - E:\setup.exe
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
ShellIconOverlayIdentifiers: [BaiduAntivirusIconLock] -> {0A93904A-BB1E-4a0c-9753-B57B9AE272CC} => No File
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WebBrowserMixVideoPlayer.lnk [2016-04-17]
ShortcutTarget: WebBrowserMixVideoPlayer.lnk -> C:\Program Files (x86)\MixVideoPlayer\BrowserWeb.exe (No File)
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Winsock: Catalog5 07 C:\ProgramData\System32\SafeGuard32.dll No File
Winsock: Catalog9 01 C:\Windows\system32\LavasoftTcpService.dll No File
Winsock: Catalog9 02 C:\Windows\system32\LavasoftTcpService.dll No File
Winsock: Catalog9 03 C:\Windows\system32\LavasoftTcpService.dll No File
Winsock: Catalog9 04 C:\Windows\system32\LavasoftTcpService.dll No File
Winsock: Catalog9 15 C:\Windows\system32\LavasoftTcpService.dll No File
Winsock: Catalog5-x64 07 C:\ProgramData\System32\SafeGuard64.dll [3587000 2016-04-12] ()
Winsock: Catalog9-x64 01 C:\Windows\system32\LavasoftTcpService64.dll [422400 2015-07-13] (Lavasoft Limited)
Winsock: Catalog9-x64 02 C:\Windows\system32\LavasoftTcpService64.dll [422400 2015-07-13] (Lavasoft Limited)
Winsock: Catalog9-x64 03 C:\Windows\system32\LavasoftTcpService64.dll [422400 2015-07-13] (Lavasoft Limited)
Winsock: Catalog9-x64 04 C:\Windows\system32\LavasoftTcpService64.dll [422400 2015-07-13] (Lavasoft Limited)
Winsock: Catalog9-x64 15 C:\Windows\system32\LavasoftTcpService64.dll [422400 2015-07-13] (Lavasoft Limited)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{70623A62-4780-4148-AB9C-A9805767BC66}: [NameServer] 104.197.191.4
Tcpip\..\Interfaces\{70623A62-4780-4148-AB9C-A9805767BC66}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}: [NameServer] 104.197.191.4
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yeabests.cc/
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxps://br.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_nwmeddnld_16_16¶m1=1¶m2=f%3D1%26b%3DIE%26cc%3Dbr%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzutCtDyBzz0DtB0B0CyCyBtBtD0EtByC0FtN0D0Tzu0StCyDyCzztN1L2XzutAtFtBtCtFtDtFtCtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2SyD0F0D0FtAyD0ByDtGyD0D0ByBtG0AyDyD0BtGtC0BtByBtG0A0C0EtDyCyB0E0EtBtByCtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2StB0F0E0D0D0D0DtDtGtD0ByB0FtGyE0FtD0CtGzyyCzztCtGyD0B0AyDtCtCzy0AyEzyyC0F2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCzzyBtD%26cr%3D1464319052%26a%3Dwbf_nwmeddnld_16_16%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = web/?type=dspp&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = web/?type=dspp&q={searchTerms}
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yeabests.cc/
HKU\S-1-5-21-1377734129-2777699945-316570568-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
HKU\S-1-5-21-1377734129-2777699945-316570568-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yeabests.cc/
HKU\S-1-5-21-1377734129-2777699945-316570568-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxps://www.google.com/?trackid=sp-006
SearchScopes: HKLM -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = hxxps://br.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_nwmeddnld_16_16¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dbr%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzutCtDyBzz0DtB0B0CyCyBtBtD0EtByC0FtN0D0Tzu0StCyDyCzztN1L2XzutAtFtBtCtFtDtFtCtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2SyD0F0D0FtAyD0ByDtGyD0D0ByBtG0AyDyD0BtGtC0BtByBtG0A0C0EtDyCyB0E0EtBtByCtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2StB0F0E0D0D0D0DtDtGtD0ByB0FtGyE0FtD0CtGzyyCzztCtGyD0B0AyDtCtCzy0AyEzyyC0F2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCzzyBtD%26cr%3D1464319052%26a%3Dwbf_nwmeddnld_16_16%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate&p={searchTerms}
SearchScopes: HKLM -> {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} URL = hxxps://br.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_nwmeddnld_16_16¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dbr%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzutCtDyBzz0DtB0B0CyCyBtBtD0EtByC0FtN0D0Tzu0StCyDyCzztN1L2XzutAtFtBtCtFtDtFtCtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2SyD0F0D0FtAyD0ByDtGyD0D0ByBtG0AyDyD0BtGtC0BtByBtG0A0C0EtDyCyB0E0EtBtByCtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2StB0F0E0D0D0D0DtDtGtD0ByB0FtGyE0FtD0CtGzyyCzztCtGyD0B0AyDtCtCzy0AyEzyyC0F2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCzzyBtD%26cr%3D1464319052%26a%3Dwbf_nwmeddnld_16_16%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate&p={searchTerms}
SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = web/?type=dspp&q={searchTerms}
SearchScopes: HKLM-x32 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1377734129-2777699945-316570568-1000 -> DefaultScope {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} URL = hxxps://br.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_nwmeddnld_16_16¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dbr%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzutCtDyBzz0DtB0B0CyCyBtBtD0EtByC0FtN0D0Tzu0StCyDyCzztN1L2XzutAtFtBtCtFtDtFtCtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2SyD0F0D0FtAyD0ByDtGyD0D0ByBtG0AyDyD0BtGtC0BtByBtG0A0C0EtDyCyB0E0EtBtByCtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2StB0F0E0D0D0D0DtDtGtD0ByB0FtGyE0FtD0CtGzyyCzztCtGyD0B0AyDtCtCzy0AyEzyyC0F2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCzzyBtD%26cr%3D1464319052%26a%3Dwbf_nwmeddnld_16_16%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate&p={searchTerms}
SearchScopes: HKU\S-1-5-21-1377734129-2777699945-316570568-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1377734129-2777699945-316570568-1000 -> {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL =
SearchScopes: HKU\S-1-5-21-1377734129-2777699945-316570568-1000 -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = hxxp://www.mystart.com/results.php?gen=ms&pr=vmn&id=mystarttb&v=5_5&ent=ch_5153&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1377734129-2777699945-316570568-1000 -> {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} URL = hxxps://br.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_nwmeddnld_16_16¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dbr%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzutCtDyBzz0DtB0B0CyCyBtBtD0EtByC0FtN0D0Tzu0StCyDyCzztN1L2XzutAtFtBtCtFtDtFtCtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2SyD0F0D0FtAyD0ByDtGyD0D0ByBtG0AyDyD0BtGtC0BtByBtG0A0C0EtDyCyB0E0EtBtByCtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2StB0F0E0D0D0D0DtDtGtD0ByB0FtGyE0FtD0CtGzyyCzztCtGyD0B0AyDtCtCzy0AyEzyyC0F2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCzzyBtD%26cr%3D1464319052%26a%3Dwbf_nwmeddnld_16_16%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate&p={searchTerms}
SearchScopes: HKU\S-1-5-21-1377734129-2777699945-316570568-1000 -> {BAA72105-AEBB-4AAD-A43E-533F269EF30F} URL =
SearchScopes: HKU\S-1-5-21-1377734129-2777699945-316570568-1000 -> {E733165D-CBCF-4FDA-883E-ADEF965B476C} URL =
SearchScopes: HKU\S-1-5-21-1377734129-2777699945-316570568-1000 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2015-04-21] (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2015-04-21] (Oracle Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2006-10-27] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2015-04-21] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2015-04-21] (Oracle Corporation)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
FireFox:
========
FF ProfilePath: C:\Users\Ronan\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1
FF NewTab: about:newtab
FF DefaultSearchEngine: yessearches
FF DefaultSearchEngine.US: data:text/plain,browser.search.defaultenginename.US=yessearches
FF SelectedSearchEngine: Search Provided by Yahoo
FF Homepage: hxxps://br.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_nwmeddnld_16_16¶m1=1¶m2=f%3D1%26b%3DFirefox%26cc%3Dbr%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzutCtDyBzz0DtB0B0CyCyBtBtD0EtByC0FtN0D0Tzu0StCyDyCzztN1L2XzutAtFtBtCtFtDtFtCtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2SyD0F0D0FtAyD0ByDtGyD0D0ByBtG0AyDyD0BtGtC0BtByBtG0A0C0EtDyCyB0E0EtBtByCtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2StB0F0E0D0D0D0DtDtGtD0ByB0FtGyE0FtD0CtGzyyCzztCtGyD0B0AyDtCtCzy0AyEzyyC0F2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCzzyBtD%26cr%3D1464319052%26a%3Dwbf_nwmeddnld_16_16%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate
FF Keyword.URL: hxxp://www.yessearches.com/chrome.php?uid=7C2E062ACC7A4D350E9A2CE4A703E4DE&ptid=wak&ts=AHEqA3EtCHUrA0..&v=20160412&mode=ffexttoolbar&q=
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_21_0_0_213.dll [2016-04-07] ()
FF Plugin: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2015-04-21] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2015-04-21] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll [2013-09-13] ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-16] (VideoLAN)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2014-04-28] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_213.dll [2016-04-07] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1219160.dll [2015-07-23] (Adobe Systems, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2015-04-21] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2015-04-21] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll [2013-09-13] ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-03-21] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-03-21] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-12-18] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2014-04-28] (Adobe Systems)
FF Plugin HKU\S-1-5-21-1377734129-2777699945-316570568-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Ronan\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-06-16] (Unity Technologies ApS)
FF user.js: detected! => C:\Users\Ronan\AppData\Roaming\Mozilla\Firefox\Profiles\yq5l2dbr.default-1458606847948\user.js [2016-04-12]
FF SearchPlugin: C:\Users\Ronan\AppData\Roaming\Mozilla\Firefox\Profiles\yq5l2dbr.default-1458606847948\searchplugins\Search Provided by Yahoo.xml [2016-04-17]
FF SearchPlugin: C:\Users\Ronan\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\searchplugins\DD1B66D4.xml [2016-04-12]
FF SearchPlugin: C:\Users\Ronan\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\searchplugins\Search Provided by Yahoo.xml [2016-04-17]
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\mystarttb.xml [2016-04-17]
FF Extension: Adblock Plus - C:\Users\Ronan\AppData\Roaming\Mozilla\Firefox\Profiles\yq5l2dbr.default-1458606847948\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-04-05]
FF Extension: GsearchFinder - C:\Users\Ronan\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\Extensions\@E9438230-A7DF-4D1F-8F2D-CA1D0F0F7924.xpi [2016-04-12]
FF Extension: Adblock Plus - C:\Users\Ronan\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-04-05]
StartMenuInternet: FIREFOX.EXE - firefox.exe
Chrome:
=======
CHR HomePage: Default -> search.mpc.am
CHR StartupUrls: Default -> "search.mpc.am"
CHR DefaultSearchURL: Default -> hxxp://search.mpc.am?q={searchTerms}&cx=partner-pub-3796753109442372:3837783968
CHR DefaultSearchKeyword: Default -> mpc safe search
CHR Profile: C:\Users\Ronan\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (iClic) - C:\Users\Ronan\AppData\Local\Google\Chrome\User Data\Default\Extensions\cdheemmmofkcnmjpfgjefmacenlklncp [2015-08-29]
CHR Extension: (Pagamentos da Chrome Web Store) - C:\Users\Ronan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-02]
CHR HKLM\...\Chrome\Extension: [bahkljhhdeciiaodlkppoonappfnheoi] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-1377734129-2777699945-316570568-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bahkljhhdeciiaodlkppoonappfnheoi] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [bahkljhhdeciiaodlkppoonappfnheoi] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [ijepgjdjkdbopbnaopmlmobimmhjklhd] - hxxps://clients2.google.com/service/update2/crx
==================== Services (Whitelisted) ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S2 BugreportW; C:\Program Files (x86)\yesbnd\mbat.exe [990336 2016-04-12] ()
S2 GoogleChromeUpService; C:\ProgramData\service.exe [1747456 2016-04-12] () [File not signed]
R2 Guasy; C:\Users\Ronan\AppData\Roaming\Mafcaedbew\Mafcaedbew.exe [174448 2016-04-12] ()
R2 MPCProtectService; C:\Program Files (x86)\MPC Cleaner\MPCProtectService.exe [350688 2016-04-16] (DotC United Inc)
S2 rijufoze; C:\Program Files (x86)\03000200-1460500065-0500-0006-000700080009\hnsa3630.tmp [138240 2016-04-12] () [File not signed]
S2 rocufyky; C:\Program Files (x86)\03000200-1460500065-0500-0006-000700080009\jnsp1555.tmp [389632 2016-04-12] () [File not signed]
R2 rtop; C:\Program Files\ByteFence\rtop\bin\rtop_svc.exe [254264 2016-04-17] ()
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 XBox; C:\Users\Ronan\AppData\Roaming\XBox\XBLive.exe [5906904 2016-02-27] (Microsoft Corporation)
S2 Avira.ServiceHost; "C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe" [X]
S2 begicykozbt; C:\Program Files (x86)\03000200-1460500065-0500-0006-000700080009\knspF947.tmpfs [X]
S2 FedaryqeuleServerSrv; "C:\Program Files (x86)\Fedaryqeule\FedaryqeuleServerSrv.exe" {79740E79-A383-47A7-B513-3DF6563D007F} {A16B1AF7-982D-40C3-B5C1-633E1A6A6678} [X]
===================== Drivers (Whitelisted) ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R1 cherimoya; C:\Windows\System32\drivers\cherimoya.sys [82752 2016-04-12] (Cherimoya Ltd)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R1 egg_protect; C:\Windows\EProtect_amd64.sys [19856 2016-04-16] ()
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [113880 2016-04-13] (Malwarebytes Corporation)
R1 MPCKpt; C:\Windows\System32\DRIVERS\MPCKpt.sys [60136 2016-04-16] (DotC United Inc)
R1 ssfilterdrv; C:\Windows\System32\drivers\ssfilterdrv.sys [51520 2014-12-08] (Windows (R) Win 7 DDK provider)
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)