start CloseProcesses: CreateRestorePoint: C:\ProgramData\JakiKyhk\lhbyavau.EXE C:\ProgramData\JakiKyhk\CisgFenash.exe GroupPolicy: Group Policy on Chrome detected <======= ATTENTION CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION HKU\S-1-5-21-3171897459-3189365053-2893909511-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-3171897459-3189365053-2893909511-1000 -> {3600F0CC-F12B-6939-2318-10ADA0CA7149} URL = SearchScopes: HKU\S-1-5-21-3171897459-3189365053-2893909511-1000 -> {8188C457-5DBA-4C41-B5F5-52A69B994939} URL = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7 FF Extension: No Name - C:\Users\razafimaharo\AppData\Roaming\Mozilla\Firefox\Profiles\e2l35ilf.default\extensions\5a6bf058-b978-4b84-a2ec-6f5462cfccb2@10120365-d3c0-4ec9-8624-5fac2592d0df.com [not found] FF Extension: No Name - C:\Users\razafimaharo\AppData\Roaming\Mozilla\Firefox\Profiles\e2l35ilf.default\extensions\CUFCV96103896@VLCZ37079202.com [not found] FF Extension: No Name - C:\Users\razafimaharo\AppData\Roaming\Mozilla\Firefox\Profiles\e2l35ilf.default\extensions\ffxtlbr@delta.com [not found] FF Extension: No Name - C:\Users\razafimaharo\AppData\Roaming\Mozilla\Firefox\Profiles\e2l35ilf.default\extensions\plugin@yontoo.com.xpi [not found] FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\firefox.cfg [2014-08-18] <==== ATTENTION CHR dev: Chrome dev build detected! <======= ATTENTION R2 pedlyjwutm; C:\ProgramData\JakiKyhk\lhbyavau.exe [0 ] () <==== ATTENTION (zero byte File/Folder) R2 pehnaoa; "C:\ProgramData\JakiKyhk\lhbywvau.exe" -cms [X] R2 TexfaUoca; "C:\ProgramData\JakiKyhk\CisgFenash.exe" -cmd [X] U3 akodjb7i; C:\Windows\System32\Drivers\akodjb7i.sys [0 ] (Advanced Micro Devices) <==== ATTENTION (zero byte File/Folder) U3 ao60sebs; C:\Windows\System32\Drivers\ao60sebs.sys [0 ] (Advanced Micro Devices) <==== ATTENTION (zero byte File/Folder) 2015-06-14 21:22 - 2014-05-10 19:20 - 00000137 _____ C:\Users\razafimaharo\AppData\Roaming\WB.CFG Task: {5337CB50-C16E-4408-B32C-475C0FF1B0A6} - System32\Tasks\{C70D5A07-7AE8-44C8-A4B5-1ED4A204F472} => pcalua.exe -a C:\ProgramData\JakiKyhk\Uninstaller.exe -c /ga=1503 /ai=120 /bi=0 Task: {FF9E040D-25E7-4FE1-88B2-CF248171B9AE} - System32\Tasks\{89F54561-FF33-46A0-9228-F8073D04C64E} => pcalua.exe -a "C:\Users\razafimaharo\Desktop\feodal\Life is Feudal - Your Own Setup.exe" -d C:\Users\razafimaharo\Desktop\feodal Task: C:\Windows\Tasks\Tempo Runner lhbydvau.job => C:\ProgramData\JakiKyhk\lhbyavau.EXE-/dgad C:\ProgramData\JakiKyhk\lhbydvau.exe AlternateDataStreams: C:\ProgramData\Temp:2CFBE2D1 AlternateDataStreams: C:\ProgramData\Temp:373C6DC2 AlternateDataStreams: C:\ProgramData\Temp:4D066AD2 AlternateDataStreams: C:\ProgramData\Temp:5216CD26 AlternateDataStreams: C:\ProgramData\Temp:5D458568 AlternateDataStreams: C:\ProgramData\Temp:661DFA1C AlternateDataStreams: C:\ProgramData\Temp:77846FFE AlternateDataStreams: C:\ProgramData\Temp:798A3728 AlternateDataStreams: C:\ProgramData\Temp:8AD1F2E0 AlternateDataStreams: C:\ProgramData\Temp:AC57032B AlternateDataStreams: C:\ProgramData\Temp:AD022376 AlternateDataStreams: C:\ProgramData\Temp:D20FFA63 AlternateDataStreams: C:\ProgramData\Temp:FEF919E6 FirewallRules: [{45B2F780-CB4F-47B0-8BB8-28D4F573CF03}] => (Allow) C:\Program Files (x86)\YourFileDownloader\YourFileDownloader.exe FirewallRules: [{0C9FA6B8-35EC-4E30-9292-A0F4CAFCDAF3}] => (Allow) C:\Program Files (x86)\YourFileDownloader\YourFileDownloader.exe FirewallRules: [{89B3F229-B731-40E9-B08F-C5D5087E663B}] => (Allow) C:\Program Files (x86)\YourFileDownloader\Downloader.exe FirewallRules: [{0C55C1BF-6DF8-47B5-9943-A7AA57E73A5B}] => (Allow) C:\Program Files (x86)\YourFileDownloader\Downloader.exe EmptyTemp: end