start 
CloseProcesses:
Hosts:
CreateRestorePoint:
() C:\Users\Seb\AppData\Roaming\Kyubey\Kyubey.exe
() C:\Users\Seb\AppData\Local\clean\Kyubey.exe
HKLM-x32\...\Run: [] => [X]
ShellExecuteHooks: Pas de nom - {B193EFBA-DE49-11E6-817E-64006A5CFC23} -  -> Pas de fichier
ShellIconOverlayIdentifiers: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} =>  -> Pas de fichier
ShellIconOverlayIdentifiers: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} =>  -> Pas de fichier
ShellIconOverlayIdentifiers: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} =>  -> Pas de fichier
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  -> Pas de fichier
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  -> Pas de fichier
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  -> Pas de fichier
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  -> Pas de fichier
ShellIconOverlayIdentifiers: [GDriveSharedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} =>  -> Pas de fichier
ShellIconOverlayIdentifiers-x32: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} =>  -> Pas de fichier
ShellIconOverlayIdentifiers-x32: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} =>  -> Pas de fichier
ShellIconOverlayIdentifiers-x32: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} =>  -> Pas de fichier
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.ourluckysites.com/?type=hp&ts=1492537730&z=39a3d5f3e456616a8fa27bfg7z1t8oew4c9m9mac4e&from=che0812&uid=HitachiXHTS725050A9A364_100913PCK404VLKE90LJX
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.ourluckysites.com/?type=hp&ts=1492537730&z=39a3d5f3e456616a8fa27bfg7z1t8oew4c9m9mac4e&from=che0812&uid=HitachiXHTS725050A9A364_100913PCK404VLKE90LJX
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.ourluckysites.com/search/?type=ds&ts=1491408443&z=2b7e8ad4917d4ca49223eabgdzbtbgbzfebbfz5z8o&from=che0812&uid=HitachiXHTS725050A9A364_100913PCK404VLKE90LJX&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.ourluckysites.com/?type=hp&ts=1492537730&z=39a3d5f3e456616a8fa27bfg7z1t8oew4c9m9mac4e&from=che0812&uid=HitachiXHTS725050A9A364_100913PCK404VLKE90LJX
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.ourluckysites.com/?type=hp&ts=1492537730&z=39a3d5f3e456616a8fa27bfg7z1t8oew4c9m9mac4e&from=che0812&uid=HitachiXHTS725050A9A364_100913PCK404VLKE90LJX
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.ourluckysites.com/search/?type=ds&ts=1491408443&z=2b7e8ad4917d4ca49223eabgdzbtbgbzfebbfz5z8o&from=che0812&uid=HitachiXHTS725050A9A364_100913PCK404VLKE90LJX&q={searchTerms}
HKU\S-1-5-21-1633530422-2511851285-4157223326-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.ourluckysites.com/search/?type=ds&ts=1491408443&z=2b7e8ad4917d4ca49223eabgdzbtbgbzfebbfz5z8o&from=che0812&uid=HitachiXHTS725050A9A364_100913PCK404VLKE90LJX&q={searchTerms}
HKU\S-1-5-21-1633530422-2511851285-4157223326-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.ourluckysites.com/?type=hp&ts=1492537730&z=39a3d5f3e456616a8fa27bfg7z1t8oew4c9m9mac4e&from=che0812&uid=HitachiXHTS725050A9A364_100913PCK404VLKE90LJX
HKU\S-1-5-21-1633530422-2511851285-4157223326-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.ourluckysites.com/search/?type=ds&ts=1491408443&z=2b7e8ad4917d4ca49223eabgdzbtbgbzfebbfz5z8o&from=che0812&uid=HitachiXHTS725050A9A364_100913PCK404VLKE90LJX&q={searchTerms}
SearchScopes: HKLM -> {fcd9f10e-0daa-405f-bca0-0dd3f37c59d9} URL = 
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-1633530422-2511851285-4157223326-1000 -> {fcd9f10e-0daa-405f-bca0-0dd3f37c59d9} URL = 
FF Homepage: Mozilla\Firefox\Profiles\ml19w8s3.default -> hxxp://www.ourluckysites.com/?type=hp&ts=1492537730&z=39a3d5f3e456616a8fa27bfg7z1t8oew4c9m9mac4e&from=che0812&uid=HitachiXHTS725050A9A364_100913PCK404VLKE90LJX
FF Homepage: Mozilla\Firefox\Profiles\ml19w8s3.default -> hxxp://www.ourluckysites.com/?type=hp&ts=1492537730&z=39a3d5f3e456616a8fa27bfg7z1t8oew4c9m9mac4e&from=che0812&uid=HitachiXHTS725050A9A364_100913PCK404VLKE90LJX
FF Homepage: Firefox\Firefox\Profiles\ml19w8s3.default -> hxxp://www.searchinme.com//?type=hp&ts=1494164121229&z=b8765057b728837b6888011g4z3b1tbqfo0efwaz7b&from=official&uid=HitachiXHTS725050A9A364_100913PCK404VLKE90LJX
FF SearchPlugin: C:\Users\Seb\AppData\Roaming\Firefox\Firefox\Profiles\ml19w8s3.default\searchplugins\startsearch.xml [2017-03-16]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
R2 ANSARE; C:\Users\Seb\AppData\Local\ANSARE\Snare.dll [826368 2017-05-08] (InterSect Alliance Pty Ltd) [Fichier non signé]
R2 clean; C:\Users\Seb\AppData\Local\clean\Kyubey.exe [114688 2017-04-06] () [Fichier non signé]
R2 FirefoxU; C:\Program Files (x86)\Firefox\bin\FirefoxUpdate.exe [109232 2017-03-15] () <==== ATTENTION
U4 Kitty; C:\Users\Seb\AppData\Local\Kitty\Kitty.dll [754688 2017-04-17] (kitty.exe) [Fichier non signé] <==== ATTENTION
R2 Kyubey; C:\Users\Seb\AppData\Roaming\Kyubey\Kyubey.exe [114688 2017-03-01] () [Fichier non signé]
S2 MoncarSU; C:\Users\Seb\AppData\Local\Temp\3\BaofengUpdate_U.exe [115616 2017-04-05] (????????????) <==== ATTENTION
R2 SNARE; C:\Users\Seb\AppData\Local\SNARE\Snarer.dll [793600 2017-04-20] (InterSect Alliance Pty Ltd) [Fichier non signé] <==== ATTENTION
R2 SNARER; C:\Users\Seb\AppData\Roaming\SNARER\Snarer.dll [792576 2017-04-06] (InterSect Alliance Pty Ltd) [Fichier non signé]
R2 WinSAPSvc; C:\Users\Seb\AppData\Roaming\WinSAPSvc\WinSAP.dll [603136 2017-05-08] (Win) [Fichier non signé] <==== ATTENTION
R2 WINSNARE; C:\Users\Seb\AppData\Roaming\WINSNARE\WinSnare.dll [1291776 2017-04-05] (InterSect Alliance Pty Ltd) [Fichier non signé] <==== ATTENTION
S2 BangcarSU; "C:\Users\Seb\AppData\Local\Temp\1\BaofengUpdate_U.exe" /i [X] <==== ATTENTION
S3 andnetadb; System32\Drivers\lgandnetadb.sys [X]
S3 AndNetDiag; system32\DRIVERS\lgandnetdiag64.sys [X]
S3 ANDNetModem; system32\DRIVERS\lgandnetmodem64.sys [X]
S3 andnetndis; system32\DRIVERS\lgandnetndis64.sys [X]
Tcpip\..\Interfaces\{D713EB23-B3BC-4F3F-B609-1F817329942C}: [DhcpNameServer] 172.20.10.1
2017-05-08 18:05 - 2017-05-08 18:05 - 00000000 ____D C:\Users\Seb\AppData\Local\ANSARE
2017-04-18 19:49 - 2017-04-20 19:16 - 00000000 ____D C:\Users\Seb\AppData\Local\SNARE
2017-04-18 19:48 - 2017-04-18 19:48 - 00000000 ____D C:\Users\Seb\AppData\Local\Kitty
2017-05-08 18:05 - 2017-03-15 21:25 - 00003600 _____ C:\Windows\System32\Tasks\Milimili
2017-05-08 18:05 - 2017-03-09 20:43 - 00000000 ____D C:\Users\Seb\AppData\Roaming\WinSAPSvc
2017-05-08 18:04 - 2017-02-13 19:39 - 00000000 ____D C:\Program Files (x86)\Droyshocish
2017-02-04 12:26 - 2017-02-04 12:26 - 0000000 _____ () C:\Users\Seb\AppData\Local\Temp\10.tmp.exe
2017-02-04 13:02 - 2017-02-04 13:02 - 1195716 _____ (Pidul                                                       ) C:\Users\Seb\AppData\Local\Temp\ICReinstall_F2BA.tmp.exe
WINSNARE (HKLM-x32\...\{56D19032-B59F-4020-994B-15912A49CD96}) (Version: 4.4.6 - WINSNARE) <==== ATTENTION
HKU\S-1-5-21-1633530422-2511851285-4157223326-1000\...\ChromeHTML: -> C:\Program Files (x86)\Bangcar\Application\chrome.exe (Google Inc.) <==== ATTENTION
Task: {2C878B7B-6D63-40B6-B4AF-DA68B6EB139C} - System32\Tasks\BikaQ_FetchAndUpgrade_CanBeDel => C:\Program Files (x86)\BikaQRss\BikaQ.exe [2017-02-23] (IEC) <==== ATTENTION
Task: {85691875-B417-4B65-9808-86EF4A1DE0CD} - System32\Tasks\Windows-PG => powershell.exe C:\Update\psgo\psgo.ps1 <==== ATTENTION
Task: {EDCF373C-4B99-4161-A2E8-81718690BB9A} - System32\Tasks\Milimili => C:\Program Files (x86)\MIO\MIO.exe [2017-05-08] () <==== ATTENTION
2017-03-09 20:43 - 2017-03-01 20:42 - 00114688 _____ () C:\Users\Seb\AppData\Roaming\Kyubey\Kyubey.exe
2017-04-05 18:07 - 2017-04-06 05:22 - 00114688 _____ () C:\Users\Seb\AppData\Local\clean\Kyubey.exe
FirewallRules: [{D7A7E1A6-F06D-4890-B7F1-F42011F32838}] => (Allow) C:\Program Files (x86)\MIO\loader\hitachixhts725050a9a364_100913pck404vlke90ljx.dat
FirewallRules: [{066A0F9E-9FDA-49E0-BB32-234F165F1738}] => (Allow) C:\Program Files (x86)\MIO\loader\hitachixhts725050a9a364_100913pck404vlke90ljx.dat
C:\Program Files (x86)\MIO\loader\hitachixhts725050a9a364_100913pck404vlke90ljx.dat


EmptyTemp:
end