Publicité
Publicité
Format du document : text/plain
Prévisualisation
start
CloseProcesses:
CreateRestorePoint:
C:\ProgramData\JakiKyhk\lhbyavau.EXE
C:\ProgramData\JakiKyhk\CisgFenash.exe
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKU\S-1-5-21-3171897459-3189365053-2893909511-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3171897459-3189365053-2893909511-1000 -> {3600F0CC-F12B-6939-2318-10ADA0CA7149} URL =
SearchScopes: HKU\S-1-5-21-3171897459-3189365053-2893909511-1000 -> {8188C457-5DBA-4C41-B5F5-52A69B994939} URL = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
FF Extension: No Name - C:\Users\razafimaharo\AppData\Roaming\Mozilla\Firefox\Profiles\e2l35ilf.default\extensions\5a6bf058-b978-4b84-a2ec-6f5462cfccb2@10120365-d3c0-4ec9-8624-5fac2592d0df.com [not found]
FF Extension: No Name - C:\Users\razafimaharo\AppData\Roaming\Mozilla\Firefox\Profiles\e2l35ilf.default\extensions\CUFCV96103896@VLCZ37079202.com [not found]
FF Extension: No Name - C:\Users\razafimaharo\AppData\Roaming\Mozilla\Firefox\Profiles\e2l35ilf.default\extensions\ffxtlbr@delta.com [not found]
FF Extension: No Name - C:\Users\razafimaharo\AppData\Roaming\Mozilla\Firefox\Profiles\e2l35ilf.default\extensions\plugin@yontoo.com.xpi [not found]
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\firefox.cfg [2014-08-18] <==== ATTENTION
CHR dev: Chrome dev build detected! <======= ATTENTION
R2 pedlyjwutm; C:\ProgramData\JakiKyhk\lhbyavau.exe [0 ] () <==== ATTENTION (zero byte File/Folder)
R2 pehnaoa; "C:\ProgramData\JakiKyhk\lhbywvau.exe" -cms [X]
R2 TexfaUoca; "C:\ProgramData\JakiKyhk\CisgFenash.exe" -cmd [X]
U3 akodjb7i; C:\Windows\System32\Drivers\akodjb7i.sys [0 ] (Advanced Micro Devices) <==== ATTENTION (zero byte File/Folder)
U3 ao60sebs; C:\Windows\System32\Drivers\ao60sebs.sys [0 ] (Advanced Micro Devices) <==== ATTENTION (zero byte File/Folder)
2015-06-14 21:22 - 2014-05-10 19:20 - 00000137 _____ C:\Users\razafimaharo\AppData\Roaming\WB.CFG
Task: {5337CB50-C16E-4408-B32C-475C0FF1B0A6} - System32\Tasks\{C70D5A07-7AE8-44C8-A4B5-1ED4A204F472} => pcalua.exe -a C:\ProgramData\JakiKyhk\Uninstaller.exe -c /ga=1503 /ai=120 /bi=0
Task: {FF9E040D-25E7-4FE1-88B2-CF248171B9AE} - System32\Tasks\{89F54561-FF33-46A0-9228-F8073D04C64E} => pcalua.exe -a "C:\Users\razafimaharo\Desktop\feodal\Life is Feudal - Your Own Setup.exe" -d C:\Users\razafimaharo\Desktop\feodal
Task: C:\Windows\Tasks\Tempo Runner lhbydvau.job => C:\ProgramData\JakiKyhk\lhbyavau.EXE-/dgad C:\ProgramData\JakiKyhk\lhbydvau.exe
AlternateDataStreams: C:\ProgramData\Temp:2CFBE2D1
AlternateDataStreams: C:\ProgramData\Temp:373C6DC2
AlternateDataStreams: C:\ProgramData\Temp:4D066AD2
AlternateDataStreams: C:\ProgramData\Temp:5216CD26
AlternateDataStreams: C:\ProgramData\Temp:5D458568
AlternateDataStreams: C:\ProgramData\Temp:661DFA1C
AlternateDataStreams: C:\ProgramData\Temp:77846FFE
AlternateDataStreams: C:\ProgramData\Temp:798A3728
AlternateDataStreams: C:\ProgramData\Temp:8AD1F2E0
AlternateDataStreams: C:\ProgramData\Temp:AC57032B
AlternateDataStreams: C:\ProgramData\Temp:AD022376
AlternateDataStreams: C:\ProgramData\Temp:D20FFA63
AlternateDataStreams: C:\ProgramData\Temp:FEF919E6
FirewallRules: [{45B2F780-CB4F-47B0-8BB8-28D4F573CF03}] => (Allow) C:\Program Files (x86)\YourFileDownloader\YourFileDownloader.exe
FirewallRules: [{0C9FA6B8-35EC-4E30-9292-A0F4CAFCDAF3}] => (Allow) C:\Program Files (x86)\YourFileDownloader\YourFileDownloader.exe
FirewallRules: [{89B3F229-B731-40E9-B08F-C5D5087E663B}] => (Allow) C:\Program Files (x86)\YourFileDownloader\Downloader.exe
FirewallRules: [{0C55C1BF-6DF8-47B5-9943-A7AA57E73A5B}] => (Allow) C:\Program Files (x86)\YourFileDownloader\Downloader.exe
EmptyTemp:
end
CloseProcesses:
CreateRestorePoint:
C:\ProgramData\JakiKyhk\lhbyavau.EXE
C:\ProgramData\JakiKyhk\CisgFenash.exe
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKU\S-1-5-21-3171897459-3189365053-2893909511-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3171897459-3189365053-2893909511-1000 -> {3600F0CC-F12B-6939-2318-10ADA0CA7149} URL =
SearchScopes: HKU\S-1-5-21-3171897459-3189365053-2893909511-1000 -> {8188C457-5DBA-4C41-B5F5-52A69B994939} URL = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
FF Extension: No Name - C:\Users\razafimaharo\AppData\Roaming\Mozilla\Firefox\Profiles\e2l35ilf.default\extensions\5a6bf058-b978-4b84-a2ec-6f5462cfccb2@10120365-d3c0-4ec9-8624-5fac2592d0df.com [not found]
FF Extension: No Name - C:\Users\razafimaharo\AppData\Roaming\Mozilla\Firefox\Profiles\e2l35ilf.default\extensions\CUFCV96103896@VLCZ37079202.com [not found]
FF Extension: No Name - C:\Users\razafimaharo\AppData\Roaming\Mozilla\Firefox\Profiles\e2l35ilf.default\extensions\ffxtlbr@delta.com [not found]
FF Extension: No Name - C:\Users\razafimaharo\AppData\Roaming\Mozilla\Firefox\Profiles\e2l35ilf.default\extensions\plugin@yontoo.com.xpi [not found]
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\firefox.cfg [2014-08-18] <==== ATTENTION
CHR dev: Chrome dev build detected! <======= ATTENTION
R2 pedlyjwutm; C:\ProgramData\JakiKyhk\lhbyavau.exe [0 ] () <==== ATTENTION (zero byte File/Folder)
R2 pehnaoa; "C:\ProgramData\JakiKyhk\lhbywvau.exe" -cms [X]
R2 TexfaUoca; "C:\ProgramData\JakiKyhk\CisgFenash.exe" -cmd [X]
U3 akodjb7i; C:\Windows\System32\Drivers\akodjb7i.sys [0 ] (Advanced Micro Devices) <==== ATTENTION (zero byte File/Folder)
U3 ao60sebs; C:\Windows\System32\Drivers\ao60sebs.sys [0 ] (Advanced Micro Devices) <==== ATTENTION (zero byte File/Folder)
2015-06-14 21:22 - 2014-05-10 19:20 - 00000137 _____ C:\Users\razafimaharo\AppData\Roaming\WB.CFG
Task: {5337CB50-C16E-4408-B32C-475C0FF1B0A6} - System32\Tasks\{C70D5A07-7AE8-44C8-A4B5-1ED4A204F472} => pcalua.exe -a C:\ProgramData\JakiKyhk\Uninstaller.exe -c /ga=1503 /ai=120 /bi=0
Task: {FF9E040D-25E7-4FE1-88B2-CF248171B9AE} - System32\Tasks\{89F54561-FF33-46A0-9228-F8073D04C64E} => pcalua.exe -a "C:\Users\razafimaharo\Desktop\feodal\Life is Feudal - Your Own Setup.exe" -d C:\Users\razafimaharo\Desktop\feodal
Task: C:\Windows\Tasks\Tempo Runner lhbydvau.job => C:\ProgramData\JakiKyhk\lhbyavau.EXE-/dgad C:\ProgramData\JakiKyhk\lhbydvau.exe
AlternateDataStreams: C:\ProgramData\Temp:2CFBE2D1
AlternateDataStreams: C:\ProgramData\Temp:373C6DC2
AlternateDataStreams: C:\ProgramData\Temp:4D066AD2
AlternateDataStreams: C:\ProgramData\Temp:5216CD26
AlternateDataStreams: C:\ProgramData\Temp:5D458568
AlternateDataStreams: C:\ProgramData\Temp:661DFA1C
AlternateDataStreams: C:\ProgramData\Temp:77846FFE
AlternateDataStreams: C:\ProgramData\Temp:798A3728
AlternateDataStreams: C:\ProgramData\Temp:8AD1F2E0
AlternateDataStreams: C:\ProgramData\Temp:AC57032B
AlternateDataStreams: C:\ProgramData\Temp:AD022376
AlternateDataStreams: C:\ProgramData\Temp:D20FFA63
AlternateDataStreams: C:\ProgramData\Temp:FEF919E6
FirewallRules: [{45B2F780-CB4F-47B0-8BB8-28D4F573CF03}] => (Allow) C:\Program Files (x86)\YourFileDownloader\YourFileDownloader.exe
FirewallRules: [{0C9FA6B8-35EC-4E30-9292-A0F4CAFCDAF3}] => (Allow) C:\Program Files (x86)\YourFileDownloader\YourFileDownloader.exe
FirewallRules: [{89B3F229-B731-40E9-B08F-C5D5087E663B}] => (Allow) C:\Program Files (x86)\YourFileDownloader\Downloader.exe
FirewallRules: [{0C55C1BF-6DF8-47B5-9943-A7AA57E73A5B}] => (Allow) C:\Program Files (x86)\YourFileDownloader\Downloader.exe
EmptyTemp:
end