CloseProcesses:
CreateRestorePoint:
EmptyTemp:
VirusTotal: C:\Users\bambol\AppData\Roaming\ylofelemou.vbe
HKLM-x32\...\RunOnce: [] => [X]
HKU\S-1-5-21-381963136-304544999-1155805383-1001\...\Run: [ylofelemou] => wscript.exe //B "C:\Users\bambol\AppData\Roaming\ylofelemou.vbe"
HKU\S-1-5-21-381963136-304544999-1155805383-1001\...\MountPoints2: {38973087-7b84-11e8-ac0f-00241d76a81f} - I:\startme.exe
HKU\S-1-5-21-381963136-304544999-1155805383-1001\...\MountPoints2: {7787bd76-7c3a-11e8-b981-00241d76a81f} - I:\HiSuiteDownLoader.exe
Startup: C:\Users\bambol\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ylofelemou.vbe [2016-03-25] ()
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
2018-07-03 23:49 - 2016-03-25 10:24 - 000612263 _____ () C:\Users\bambol\AppData\Roaming\ylofelemou.vbe
AlternateDataStreams: C:\Users\Public\AppData:CSM [476]
MSCONFIG\startupreg: Flvto Youtube Downloader => "C:\Users\bambol\AppData\Local\Flvto Youtube Downloader\FlvtoYoutubeDownloader.Redesign.exe" /minimize
C:\Users\bambol\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Flvto Youtube Downloader\Uninstall Flvto Youtube Downloader.lnk
FilesInDirectory: C:\Users\bambol\AppData\Local\*.exe;*.dll;*.ini;*.vbe
FilesInDirectory: C:\Users\bambol\AppData\Roaming\*.exe;*.dll;*.ini;*.vbe