start
CreateRestorePoint:
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-3221389058-4040619027-2354313775-1002\...\Run: [AdobeBridge] => [X]
HKLM\...\Providers\jkyb6cri: C:\Program Files (x86)\Zerbas Host\local64spl.dll [307200 2017-03-27] ()
IFEO\GoogleUpdate.exe: [Debugger] 324095823984.exe
IFEO\GoogleUpdaterService.exe: [Debugger] 8736459873644.exe
ShellExecuteHooks: No Name - {2CED3980-0D60-11E7-89DE-64006A5CFC23} - C:\Users\stvdd\AppData\Roaming\Cocussajuge\Bezdomduray.dll -> No File
GroupPolicy: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.ourluckysites.com/?type=hp&ts=1495009935&z=6a208b5d717919177bbe012gezetcw7e2edtbt2c3q&from=che0812&uid=CrucialXCT256MX100SSD1_14450DB1A59F0DB1A59F
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.ourluckysites.com/?type=hp&ts=1495009935&z=6a208b5d717919177bbe012gezetcw7e2edtbt2c3q&from=che0812&uid=CrucialXCT256MX100SSD1_14450DB1A59F0DB1A59F
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.ourluckysites.com/search/?type=ds&ts=1495009935&z=6a208b5d717919177bbe012gezetcw7e2edtbt2c3q&from=che0812&uid=CrucialXCT256MX100SSD1_14450DB1A59F0DB1A59F&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.ourluckysites.com/search/?type=ds&ts=1495009935&z=6a208b5d717919177bbe012gezetcw7e2edtbt2c3q&from=che0812&uid=CrucialXCT256MX100SSD1_14450DB1A59F0DB1A59F&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.ourluckysites.com/?type=hp&ts=1495009935&z=6a208b5d717919177bbe012gezetcw7e2edtbt2c3q&from=che0812&uid=CrucialXCT256MX100SSD1_14450DB1A59F0DB1A59F
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.ourluckysites.com/?type=hp&ts=1495009935&z=6a208b5d717919177bbe012gezetcw7e2edtbt2c3q&from=che0812&uid=CrucialXCT256MX100SSD1_14450DB1A59F0DB1A59F
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.ourluckysites.com/search/?type=ds&ts=1495009935&z=6a208b5d717919177bbe012gezetcw7e2edtbt2c3q&from=che0812&uid=CrucialXCT256MX100SSD1_14450DB1A59F0DB1A59F&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.ourluckysites.com/search/?type=ds&ts=1495009935&z=6a208b5d717919177bbe012gezetcw7e2edtbt2c3q&from=che0812&uid=CrucialXCT256MX100SSD1_14450DB1A59F0DB1A59F&q={searchTerms}
HKU\S-1-5-21-3221389058-4040619027-2354313775-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.ourluckysites.com/?type=hp&ts=1495009935&z=6a208b5d717919177bbe012gezetcw7e2edtbt2c3q&from=che0812&uid=CrucialXCT256MX100SSD1_14450DB1A59F0DB1A59F
HKU\S-1-5-21-3221389058-4040619027-2354313775-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.ourluckysites.com/?type=hp&ts=1495009935&z=6a208b5d717919177bbe012gezetcw7e2edtbt2c3q&from=che0812&uid=CrucialXCT256MX100SSD1_14450DB1A59F0DB1A59F
SearchScopes: HKU\S-1-5-21-3221389058-4040619027-2354313775-1002 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.ourluckysites.com/search/?type=ds&ts=1495009935&z=6a208b5d717919177bbe012gezetcw7e2edtbt2c3q&from=che0812&uid=CrucialXCT256MX100SSD1_14450DB1A59F0DB1A59F&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3221389058-4040619027-2354313775-1002 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.ourluckysites.com/search/?type=ds&ts=1495009935&z=6a208b5d717919177bbe012gezetcw7e2edtbt2c3q&from=che0812&uid=CrucialXCT256MX100SSD1_14450DB1A59F0DB1A59F&q={searchTerms}
CHR StartupUrls: ChromeDefaultData -> "hxxp://www.google.com/","hxxp://www.istartsurf.com/?type=hp&ts=1434726208&z=60811b67a1c36f64155b899gfz3c3zam7o8q7odg4o&from=cor&uid=CrucialXCT256MX100SSD1_14450DB1A59F0DB1A59F","hxxp://www.youndoo.com/?z=13267bafb40d7dcf9f28271g5zet8e7w1q6bbw4m0m&from=amz&uid=CrucialXCT256MX100SSD1_14450DB1A59F0DB1A59F&type=hp","hxxp://www.startpageing123.com/?type=hp&ts=1490960581&z=7df98778fb1113e0be6ca2fg7zbt1e9t1qee4w7baz&from=che0812&uid=CrucialXCT256MX100SSD1_14450DB1A59F0DB1A59F","hxxp://www.ourluckysites.com/?type=hp&ts=1495009935&z=6a208b5d717919177bbe012gezetcw7e2edtbt2c3q&from=che0812&uid=CrucialXCT256MX100SSD1_14450DB1A59F0DB1A59F"
CHR DefaultSearchURL: ChromeDefaultData -> hxxp://www.ourluckysites.com/search/?type=ds&ts=1495009935&z=6a208b5d717919177bbe012gezetcw7e2edtbt2c3q&from=che0812&uid=CrucialXCT256MX100SSD1_14450DB1A59F0DB1A59F&q={searchTerms}
CHR DefaultSearchKeyword: ChromeDefaultData -> ourluckysites
CHR Profile: C:\Users\stvdd\AppData\Local\Google\Chrome\User Data\ChromeDefaultData [2017-05-19] <==== ATTENTION
HKU\S-1-5-21-3221389058-4040619027-2354313775-1002\...\StartMenuInternet\ChromeHTML: -> C:\Program Files (x86)\Footjane\Application\chrome.exe (Google Inc.) <==== ATTENTION
R2 BIT; C:\ProgramData\BIT\BIT.dll [1857536 2017-05-17] (BIT) [File not signed] <==== ATTENTION
S2 CWASRE; C:\Users\stvdd\AppData\Local\CWASRE\Snare.dll [828416 2017-05-17] (IntertSect Alliance Pty Ltd) [File not signed] <==== ATTENTION
S2 DoeyeSU; C:\Users\stvdd\AppData\Local\Temp\9\wfjs.exe [115616 2017-04-25] (????????????) <==== ATTENTION
R2 FirefoxU; C:\Program Files (x86)\Firefox\bin\FirefoxUpdate.exe [95232 2017-05-17] () [File not signed] <==== ATTENTION
R2 gramblrclient; C:\Program Files\Gramblr\gramblr.exe [10316368 2015-12-02] () [File not signed]
R2 WinSAPSvc; C:\Users\stvdd\AppData\Roaming\WinSAPSvc\WinSAP.dll [1873920 2017-05-17] (TODO:  <???>) [File not signed] <==== ATTENTION
S2 YeshatSU; C:\Windows\TEMP\hp8263.tmp\ttff.exe [71152 2016-10-11] (Synacast)
S2 DohatSU; "C:\Users\stvdd\AppData\Local\Temp\6\amp.exe" /i [X] <==== ATTENTION
R1 iSafeKrnl; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnl.sys [262344 2016-05-23] (Elex do Brasil Participações Ltda) <==== ATTENTION
S3 iSafeKrnlBoot; C:\Windows\System32\DRIVERS\iSafeKrnlBoot.sys [55056 2016-05-23] (Elex do Brasil Participações Ltda) <==== ATTENTION
R1 iSafeKrnlKit; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlKit.sys [110112 2016-05-23] (Elex do Brasil Participações Ltda) <==== ATTENTION
R1 iSafeKrnlMon; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlMon.sys [52440 2016-05-23] (Elex do Brasil Participações Ltda) <==== ATTENTION
R1 iSafeKrnlR3; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlR3.sys [103904 2016-05-23] (Elex do Brasil Participações Ltda) <==== ATTENTION
R1 iSafeNetFilter; C:\Windows\System32\DRIVERS\iSafeNetFilter.sys [52392 2016-05-19] (Elex do Brasil Participações Ltda) <==== ATTENTION
S3 dbx; system32\DRIVERS\dbx.sys [X]
2017-05-17 11:30 - 2016-05-23 04:41 - 00055056 _____ (Elex do Brasil Participações Ltda) C:\Windows\system32\Drivers\iSafeKrnlBoot.sys
2017-05-17 11:30 - 2016-05-19 08:42 - 00052392 _____ (Elex do Brasil Participações Ltda) C:\Windows\system32\Drivers\iSafeNetFilter.sys
C:\Users\stvdd\AppData\Roaming\WinSAPSvc
C:\Reaqapytegupy
C:\Alitkojck
C:\Program Files (x86)\Footjane
C:\Program Files (x86)\Zerbas Host
HKU\S-1-5-21-3221389058-4040619027-2354313775-1002\...\ChromeHTML: -> C:\Program Files (x86)\Footjane\Application\chrome.exe (Google Inc.) <==== ATTENTION
Task: {74617B41-2319-452B-BEDE-F9B95D2B4038} - System32\Tasks\Zerbas Host => C:\Program Files (x86)\Coepageatovry\xchercers.exe [2017-03-27] (Glarysoft Ltd)
Task: {9E7F1F9F-F51A-4D10-8D34-559C35B38501} - \WPD\SqmUpload_S-1-5-21-3221389058-4040619027-2354313775-1001 -> No File <==== ATTENTION
Task: {C89EB585-F412-4E54-A7AF-DE78E63D567C} - \Optimize Start Menu Cache Files-S-1-5-21-3221389058-4040619027-2354313775-1001 -> No File <==== ATTENTION
Task: {D5695712-C6F7-4259-9A8F-6DB7E4A66905} - System32\Tasks\Milimili => C:\Program Files (x86)\MIO\MIO.exe [2017-05-17] () <==== ATTENTION
ShortcutWithArgument: C:\Users\stvdd\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.ourluckysites.com/?type=sc&ts=1495009935&z=6a208b5d717919177bbe012gezetcw7e2edtbt2c3q&from=che0812&uid=CrucialXCT256MX100SSD1_14450DB1A59F0DB1A59F
ShortcutWithArgument: C:\Users\stvdd\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.ourluckysites.com/?type=sc&ts=1495009935&z=6a208b5d717919177bbe012gezetcw7e2edtbt2c3q&from=che0812&uid=CrucialXCT256MX100SSD1_14450DB1A59F0DB1A59F
ShortcutWithArgument: C:\Users\stvdd\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.ourluckysites.com/?type=sc&ts=1495009935&z=6a208b5d717919177bbe012gezetcw7e2edtbt2c3q&from=che0812&uid=CrucialXCT256MX100SSD1_14450DB1A59F0DB1A59F
Hosts:
Reboot:
end