Format du document : text/plain
Prévisualisation
CreateRestorePoint:
CloseProcesses:
(AVAST Software) C:\Users\Fabien\AppData\Local\background_fault\aswRD.exe
HKU\S-1-5-21-2178201453-3891589226-2901520741-1001\...\Run: [background_fault] => C:\Users\Fabien\AppData\Local\background_fault\aswRD.exe [1419576 2017-05-04] (AVAST Software) <===== ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.ourluckysites.com/?type=hp&ts=1493718003&z=d316a489ef35d6b2e9ef1bag0zbt2cbm9g7bfebe6g&from=ypid&uid=WDCXWD10JPVX-22JC3T0_WD-WXA1E63ZHP67ZHP67
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.ourluckysites.com/?type=hp&ts=1493718003&z=d316a489ef35d6b2e9ef1bag0zbt2cbm9g7bfebe6g&from=ypid&uid=WDCXWD10JPVX-22JC3T0_WD-WXA1E63ZHP67ZHP67
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.ourluckysites.com/search/?type=ds&ts=1493718003&z=d316a489ef35d6b2e9ef1bag0zbt2cbm9g7bfebe6g&from=ypid&uid=WDCXWD10JPVX-22JC3T0_WD-WXA1E63ZHP67ZHP67&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.ourluckysites.com/search/?type=ds&ts=1493718003&z=d316a489ef35d6b2e9ef1bag0zbt2cbm9g7bfebe6g&from=ypid&uid=WDCXWD10JPVX-22JC3T0_WD-WXA1E63ZHP67ZHP67&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.ourluckysites.com/?type=hp&ts=1493718003&z=d316a489ef35d6b2e9ef1bag0zbt2cbm9g7bfebe6g&from=ypid&uid=WDCXWD10JPVX-22JC3T0_WD-WXA1E63ZHP67ZHP67
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.ourluckysites.com/?type=hp&ts=1493718003&z=d316a489ef35d6b2e9ef1bag0zbt2cbm9g7bfebe6g&from=ypid&uid=WDCXWD10JPVX-22JC3T0_WD-WXA1E63ZHP67ZHP67
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.ourluckysites.com/search/?type=ds&ts=1493718003&z=d316a489ef35d6b2e9ef1bag0zbt2cbm9g7bfebe6g&from=ypid&uid=WDCXWD10JPVX-22JC3T0_WD-WXA1E63ZHP67ZHP67&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.ourluckysites.com/search/?type=ds&ts=1493718003&z=d316a489ef35d6b2e9ef1bag0zbt2cbm9g7bfebe6g&from=ypid&uid=WDCXWD10JPVX-22JC3T0_WD-WXA1E63ZHP67ZHP67&q={searchTerms}
HKU\S-1-5-21-2178201453-3891589226-2901520741-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.ourluckysites.com/?type=hp&ts=1493718003&z=d316a489ef35d6b2e9ef1bag0zbt2cbm9g7bfebe6g&from=ypid&uid=WDCXWD10JPVX-22JC3T0_WD-WXA1E63ZHP67ZHP67
HKU\S-1-5-21-2178201453-3891589226-2901520741-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.ourluckysites.com/?type=hp&ts=1493718003&z=d316a489ef35d6b2e9ef1bag0zbt2cbm9g7bfebe6g&from=ypid&uid=WDCXWD10JPVX-22JC3T0_WD-WXA1E63ZHP67ZHP67
SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.ourluckysites.com/search/?type=ds&ts=1493718003&z=d316a489ef35d6b2e9ef1bag0zbt2cbm9g7bfebe6g&from=ypid&uid=WDCXWD10JPVX-22JC3T0_WD-WXA1E63ZHP67ZHP67&q={searchTerms}
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.ourluckysites.com/search/?type=ds&ts=1493718003&z=d316a489ef35d6b2e9ef1bag0zbt2cbm9g7bfebe6g&from=ypid&uid=WDCXWD10JPVX-22JC3T0_WD-WXA1E63ZHP67ZHP67&q={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.ourluckysites.com/search/?type=ds&ts=1493718003&z=d316a489ef35d6b2e9ef1bag0zbt2cbm9g7bfebe6g&from=ypid&uid=WDCXWD10JPVX-22JC3T0_WD-WXA1E63ZHP67ZHP67&q={searchTerms}
SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.ourluckysites.com/search/?type=ds&ts=1493718003&z=d316a489ef35d6b2e9ef1bag0zbt2cbm9g7bfebe6g&from=ypid&uid=WDCXWD10JPVX-22JC3T0_WD-WXA1E63ZHP67ZHP67&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2178201453-3891589226-2901520741-1001 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.ourluckysites.com/search/?type=ds&ts=1493718003&z=d316a489ef35d6b2e9ef1bag0zbt2cbm9g7bfebe6g&from=ypid&uid=WDCXWD10JPVX-22JC3T0_WD-WXA1E63ZHP67ZHP67&q={searchTerms}
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.ourluckysites.com/?type=sc&ts=1493718003&z=d316a489ef35d6b2e9ef1bag0zbt2cbm9g7bfebe6g&from=ypid&uid=WDCXWD10JPVX-22JC3T0_WD-WXA1E63ZHP67ZHP67
Edge HomeButtonPage: HKU\S-1-5-21-2178201453-3891589226-2901520741-1001 -> hxxp://www.ourluckysites.com/?type=hp&ts=1493718003&z=d316a489ef35d6b2e9ef1bag0zbt2cbm9g7bfebe6g&from=ypid&uid=WDCXWD10JPVX-22JC3T0_WD-WXA1E63ZHP67ZHP67
FF Extension: (SimilarWeb) - C:\Users\Fabien\AppData\Roaming\Firefox\Firefox\Profiles\2mkgwlxs.default-1492445865743\Extensions\@DA3566E2-F709-11E5-8E87-A604BC8E7F8B.xpi [2017-05-04] [non signé]
FF Extension: (FF Adr) - C:\Users\Fabien\AppData\Roaming\Firefox\Firefox\Profiles\2mkgwlxs.default-1492445865743\Extensions\@H99KV4DO-UCCF-9PFO-9ZLK-8RRP4FVOKD9O.xpi [2017-05-04] [non signé]
R2 FirefoxU; C:\Program Files (x86)\Firefox\bin\FirefoxUpdate.exe [107672 2017-05-04] () <==== ATTENTION
R2 Kitty; C:\Users\Fabien\AppData\Local\Kitty\Kitty.dll [124928 2017-05-04] (kitty) [Fichier non signé] <==== ATTENTION
R2 SNARE; C:\Users\Fabien\AppData\Local\SNARE\Snare.dll [826368 2017-05-02] (InterSect Alliance Pty Ltd) [Fichier non signé] <==== ATTENTION
R2 WANARE; C:\Users\Fabien\AppData\Local\WANARE\Snare.dll [826368 2017-05-05] (InterSect Alliance Pty Ltd) [Fichier non signé]
R2 WinSAPSvc; C:\Users\Fabien\AppData\Roaming\WinSAPSvc\WinSAP.dll [603648 2017-05-05] (WinSAP) [Fichier non signé] <==== ATTENTION
2017-05-05 11:44 - 2017-05-05 11:44 - 00000000 ____D C:\Users\Fabien\AppData\Local\WANARE
2017-05-04 21:34 - 2017-05-04 21:34 - 00000000 ____D C:\Users\Fabien\AppData\Local\Zoohair
2017-05-04 21:33 - 2017-05-04 21:33 - 00000000 ____D C:\Users\Fabien\AppData\Local\Kitty
2017-05-02 14:37 - 2017-05-02 14:37 - 08553032 _____ (AVAST Software) C:\Users\Fabien\Downloads\avastclear.exe
2017-05-02 11:40 - 2017-05-05 11:46 - 00003674 _____ C:\WINDOWS\System32\Tasks\Milimili
2017-05-02 11:40 - 2017-05-05 11:44 - 00000000 ____D C:\Users\Fabien\AppData\Roaming\WinSAPSvc
2017-05-02 11:40 - 2017-05-02 11:40 - 00000000 ____D C:\Users\Fabien\AppData\Local\SNARE
C:\Users\Fabien\AppData\Local\background_fault\aswRD.exe
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
HKU\S-1-5-21-2178201453-3891589226-2901520741-1001\...\ChromeHTML: -> "C:\Program Files (x86)\Zoohair\Application\chrome.exe" -- "%1" <==== ATTENTION
Task: {123BC702-66F4-4592-AF8A-D1F9FE46B0CD} - System32\Tasks\Milimili => C:\Program Files (x86)\MIO\MIO.exe [2017-02-06] () <==== ATTENTION
ShortcutWithArgument: C:\Users\Fabien\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.ourluckysites.com/?type=sc&ts=1493718003&z=d316a489ef35d6b2e9ef1bag0zbt2cbm9g7bfebe6g&from=ypid&uid=WDCXWD10JPVX-22JC3T0_WD-WXA1E63ZHP67ZHP67
ShortcutWithArgument: C:\Users\Fabien\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.ourluckysites.com/?type=sc&ts=1493718003&z=d316a489ef35d6b2e9ef1bag0zbt2cbm9g7bfebe6g&from=ypid&uid=WDCXWD10JPVX-22JC3T0_WD-WXA1E63ZHP67ZHP67
2017-05-04 21:33 - 2017-05-03 15:34 - 00323584 _____ () C:\Users\Fabien\AppData\Local\background_fault\bf.dll
FirewallRules: [{64E54A62-E65E-4D63-B5E5-22F3729015F5}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
FirewallRules: [{90BF17C4-2820-4010-9947-FA3B430B7248}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
ShortcutWithArgument: C:\Users\Fabien\Desktop\BigFarm.lnk -> C:\Program Files (x86)\Firefox\Firefox.exe (Mozilla Corporation) -> hxxp://bigfarm.goodgamestudios.com/?w=239064
ShortcutWithArgument: C:\Users\Fabien\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.ourluckysites.com/?type=sc&ts=1493718003&z=d316a489ef35d6b2e9ef1bag0zbt2cbm9g7bfebe6g&from=ypid&uid=WDCXWD10JPVX-22JC3T0_WD-WXA1E63ZHP67ZHP67
ShortcutWithArgument: C:\Users\Fabien\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.ourluckysites.com/?type=sc&ts=1493718003&z=d316a489ef35d6b2e9ef1bag0zbt2cbm9g7bfebe6g&from=ypid&uid=WDCXWD10JPVX-22JC3T0_WD-WXA1E63ZHP67ZHP67
R2 BIT; C:\ProgramData\BIT\BIT.dll [1857536 2017-05-04] (windows) [Fichier non signé]
R2 IISvr; C:\ProgramData\Package Cache\{59399776-575D-9C54-E861-0D5EAB7E707D}v10.1.14393.795\Installers\IIS\iisexp.dll [105472 2017-05-04] () [Fichier non signé]
2017-05-04 21:34 - 2017-05-04 05:41 - 00105472 _____ () c:\programdata\package cache\{59399776-575d-9c54-e861-0d5eab7e707d}v10.1.14393.795\installers\iis\iisexp.dll
Hosts:
EmptyTemp:
Reboot: