start 
CreateRestorePoint: 
CloseProcesses: 
RemoveProxy: 


HKLM\...\Run: [dictionnary] => C:\Windows\sservice controller\service.exe [2955776 2016-11-11] () 
HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1 
ShellExecuteHooks: No Name - {F97757C6-D3F6-11E6-A8B4-64006A5CFC35} - C:\Users\win7\AppData\Roaming\Griberse\Grtotherariha.dll -> No File 
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION 
HKU\S-1-5-21-1175016655-2442003890-1713799225-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION 
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch 
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome 
HKU\S-1-5-21-1175016655-2442003890-1713799225-1000\Software\Microsoft\Internet Explorer\Main,Start Page = 
HKU\S-1-5-21-1175016655-2442003890-1713799225-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch 
SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = 
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = 
SearchScopes: HKU\S-1-5-21-1175016655-2442003890-1713799225-1000 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = 
SearchScopes: HKU\S-1-5-21-1175016655-2442003890-1713799225-1000 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = 
FF DefaultProfile: gtbfj5kl.default 
FF DefaultProfile: 99u85z92.default 
FF ProfilePath: C:\Users\win7\AppData\Roaming\Mozilla\SeaMonkey\Profiles\gtbfj5kl.default [2017-01-30] 
FF ProfilePath: C:\Users\win7\AppData\Roaming\Mozilla\Firefox\Profiles\99u85z92.default [2017-01-31] 
FF NewTab: Mozilla\Firefox\Profiles\99u85z92.default -> hxxp://www.youndoo.com/?z=dcdd6a82e63d5840e8b4bf8g9z6b8w3wbz9t3gbgdq&from=wak&uid=WDCXWD5000AADS-00S9B0_WD-WCAV9S42679326793&type=hp 
FF DefaultSearchEngine: Mozilla\Firefox\Profiles\99u85z92.default -> youndoo 
FF SelectedSearchEngine: Mozilla\Firefox\Profiles\99u85z92.default -> youndoo 
FF Homepage: Mozilla\Firefox\Profiles\99u85z92.default -> hxxp://www.youndoo.com/?z=dcdd6a82e63d5840e8b4bf8g9z6b8w3wbz9t3gbgdq&from=wak&uid=WDCXWD5000AADS-00S9B0_WD-WCAV9S42679326793&type=hp 
FF SearchPlugin: C:\Users\win7\AppData\Roaming\Mozilla\Firefox\Profiles\99u85z92.default\searchplugins\7mgicj7n.xml [2017-01-12] 
FF SearchPlugin: C:\Users\win7\AppData\Roaming\Mozilla\Firefox\Profiles\99u85z92.default\searchplugins\findit.xml [2017-01-12] 
FF SearchPlugin: C:\Users\win7\AppData\Roaming\Mozilla\Firefox\Profiles\99u85z92.default\searchplugins\h9kafbc6.xml [2017-01-27] 
FF ProfilePath: C:\Users\win7\AppData\Roaming\Firefox\Firefox\Profiles\99u85z92.default [2017-01-19] 
FF NewTab: Firefox\Firefox\Profiles\99u85z92.default -> C:\\ProgramData\\Zaamlas\\ff.NT 
FF DefaultSearchEngine: Firefox\Firefox\Profiles\99u85z92.default -> trotux 
FF SelectedSearchEngine: Firefox\Firefox\Profiles\99u85z92.default -> trotux 
FF Homepage: Firefox\Firefox\Profiles\99u85z92.default -> hxxp://www.searchinme.com/?type=hp&ts=1484828798808&z=&from=official&uid=WDCXWD5000AADS-00S9B0_WD-WCAV9S42679326793 
FF Extension: (FF Adr) - C:\Users\win7\AppData\Roaming\Firefox\Firefox\Profiles\99u85z92.default\Extensions\@H99KV4DO-UCCF-9PFO-9ZLK-8RRP4FVOKD9O.xpi [2017-01-19] [not signed] 
FF Extension: (English (US) Language Pack) - C:\Users\win7\AppData\Roaming\Firefox\Firefox\Profiles\99u85z92.default\Extensions\langpack-en-US@firefox.mozilla.org.xpi [2017-01-19] [not signed] 
FF SearchPlugin: C:\Users\win7\AppData\Roaming\Firefox\Firefox\Profiles\99u85z92.default\searchplugins\7mgicj7n.xml [2017-01-12] 
FF SearchPlugin: C:\Users\win7\AppData\Roaming\Firefox\Firefox\Profiles\99u85z92.default\searchplugins\findit.xml [2017-01-12] 
FF SearchPlugin: C:\Users\win7\AppData\Roaming\Firefox\Firefox\Profiles\99u85z92.default\searchplugins\searchinme.xml [2017-01-19] 
CHR DefaultProfile: ChromeDefaultData2 
CHR HomePage: ChromeDefaultData2 -> hxxp://www.youndoo.com/?z=dcdd6a82e63d5840e8b4bf8g9z6b8w3wbz9t3gbgdq&from=wak&uid=WDCXWD5000AADS-00S9B0_WD-WCAV9S42679326793&type=hp 
CHR StartupUrls: ChromeDefaultData2 -> "hxxp://www.youndoo.com/?z=dcdd6a82e63d5840e8b4bf8g9z6b8w3wbz9t3gbgdq&from=wak&uid=WDCXWD5000AADS-00S9B0_WD-WCAV9S42679326793&type=hp" 
CHR DefaultSearchURL: ChromeDefaultData2 -> hxxp://www.youndoo.com/search/?q={searchTerms}&z=dcdd6a82e63d5840e8b4bf8g9z6b8w3wbz9t3gbgdq&from=wak&uid=WDCXWD5000AADS-00S9B0_WD-WCAV9S42679326793&type=sp 
CHR DefaultSearchKeyword: ChromeDefaultData2 -> youndoo 
CHR Profile: C:\Users\win7\AppData\Local\Google\Chrome\User Data\ChromeDefaultData2 [2017-01-14] <==== ATTENTION 
R2 gemeloki; C:\Program Files\bb26c896-d52e-4141-8a09-5d25b9ca27df1485549062\protbb26c896-d52e-4141-8a09-5d25b9ca27df.tmpfs [X] 
S3 rpcapd; "%ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini" [X] 
R1 ucdrv; C:\Program Files\UCBrowser\Security:ucdrv-x86.sys [19812 ] (UC Web Inc.) <==== ATTENTION 
S3 catchme; \??\C:\Users\win7\AppData\Local\Temp\catchme.sys [X] 
S3 iSafeKrnlBoot; system32\DRIVERS\iSafeKrnlBoot.sys [X] 
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X] 
S3 tsusbhub; system32\drivers\tsusbhub.sys [X] 
S3 VGPU; System32\drivers\rdvgkmd.sys [X] 
U3 mbr; \??\C:\Users\win7\AppData\Local\Temp\mbr.sys [X] 
2017-01-30 22:09 - 2017-01-30 22:09 - 00001469 _____ C:\Users\Public\Desktop\UC???.lnk 
2017-01-27 22:48 - 2017-01-27 22:48 - 00000000 ____D C:\Program Files\???¹ 
2017-01-27 22:35 - 2017-01-27 22:39 - 00000000 ____D C:\ProgramData\{c8a-ba-11-d8496-88bdb-c8bd-95a6c} 
2017-01-27 22:30 - 2017-01-31 00:51 - 00000000 ____D C:\Program Files\bb26c896-d52e-4141-8a09-5d25b9ca27df1485549062 
WinSnare (HKLM\...\{55B5EDBF-8073-4421-9A93-433C91E7081B}) (Version: 4.0.8 - WinSnare) <==== ATTENTION 
YAC(Yet Another Cleaner!) (HKLM\...\iSafe) (Version: - ELEX DO BRASIL PARTICIPAÇÕES LTDA) <==== ATTENTION 
youndoo - Uninstall (HKLM\...\{3D97246B-819E-44FB-902D-C5FB903C6763}) (Version: - ) <==== ATTENTION
HKU\S-1-5-21-1175016655-2442003890-1713799225-1000\...\ChromeHTML: -> "C:\Program Files\Fishhas\Application\chrome.exe" "%1" <==== ATTENTION 
Task: {49925142-A1C3-4F51-B413-BD55070D9C6A} - System32\Tasks\UCBrowserUpdater => C:\Program Files\UCBrowser\Application\update_task.exe [2017-01-16] (UCWeb Inc) <==== ATTENTION 
Task: {4F523006-96E0-4C10-9893-81CBF7054F98} - System32\Tasks\UCBrowserSecureUpdater => C:\Program Files\UCBrowser\Security\uclauncher.exe [2017-01-12] (UC Web Inc.) <==== ATTENTION 
Task: {D1B55496-BF29-4041-89F2-B3E8E885BBF3} - System32\Tasks\UCBrowserUpdaterCore => C:\Program Files\UCBrowser\Application\update_task.exe [2017-01-16] (UCWeb Inc) <==== ATTENTION 
Task: C:\Windows\Tasks\UCBrowserUpdater.job => C:\Program Files\UCBrowser\Application\update_task.exe <==== ATTENTION 
Task: C:\Windows\Tasks\UCBrowserUpdaterCore.job => C:\Program Files\UCBrowser\Application\update_task.exe <==== ATTENTION 
WMI_ActiveScriptEventConsumer_ASEC: <===== ATTENTION 



CMD: netsh winsock reset all
CMD: ipconfig /flushdns
hosts:
EmptyTemp: 
Reboot:
end