Publicité
Publicité
Format du document : text/plain
Prévisualisation
Malwarebytes Anti-Malware
www.malwarebytes.org
Scan Date: 14/08/2015
Scan Time: 08:10 ?
Logfile: malwar.txt
Administrator: Yes
Version: 2.1.8.1057
Malware Database: v2015.08.14.05
Rootkit Database: v2015.08.06.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: USER
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 348115
Time Elapsed: 12 min, 16 sec
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
Processes: 1
PUP.Optional.ServiceRNDM.A, C:\Program Files (x86)\Encouraging Half\Encouraging Half.exe, 2136, Delete-on-Reboot, [5667db2d3d4ee94d0848943148b99a66]
Modules: 0
(No malicious items detected)
Registry Keys: 28
PUP.Optional.ServiceRNDM.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\Encouraging Half, Quarantined, [5667db2d3d4ee94d0848943148b99a66],
PUP.Optional.DigiAd.A, HKLM\SOFTWARE\CLASSES\CLSID\{2ED35963-FCC9-4698-B619-787FE1C75079}, Quarantined, [219c58b06922b680933cdef4be444cb4],
PUP.Optional.DigiAd.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{3FC2D59A-5C76-1E97-30DC-1EC6784419E5}, Quarantined, [219c58b06922b680933cdef4be444cb4],
PUP.Optional.DigiAd.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{63D2A451-3351-178C-7BC4-13C4D58A7652}, Quarantined, [219c58b06922b680933cdef4be444cb4],
PUP.Optional.DigiAd.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{63D2A451-3351-178C-7BC4-13C4D58A7652}, Quarantined, [219c58b06922b680933cdef4be444cb4],
PUP.Optional.DigiAd.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{63D2A451-3351-178C-7BC4-13C4D58A7652}, Quarantined, [219c58b06922b680933cdef4be444cb4],
PUP.Optional.DigiAd.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{3FC2D59A-5C76-1E97-30DC-1EC6784419E5}, Quarantined, [219c58b06922b680933cdef4be444cb4],
PUP.Optional.DigiAd.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\TYPELIB\{3FC2D59A-5C76-1E97-30DC-1EC6784419E5}, Quarantined, [219c58b06922b680933cdef4be444cb4],
PUP.Optional.DigiAd.A, HKLM\SOFTWARE\CLASSES\DigiAd.DigiAd.1, Quarantined, [219c58b06922b680933cdef4be444cb4],
PUP.Optional.DigiAd.A, HKLM\SOFTWARE\CLASSES\DigiAd.DigiAd, Quarantined, [219c58b06922b680933cdef4be444cb4],
PUP.Optional.DigiAd.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\DigiAd.DigiAd, Quarantined, [219c58b06922b680933cdef4be444cb4],
PUP.Optional.DigiAd.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\DigiAd.DigiAd, Quarantined, [219c58b06922b680933cdef4be444cb4],
PUP.Optional.DigiAd.A, HKU\S-1-5-21-2053976235-884815390-2803441983-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{2ED35963-FCC9-4698-B619-787FE1C75079}, Quarantined, [219c58b06922b680933cdef4be444cb4],
PUP.Optional.DigiAd.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\DigiAd.DigiAd.1, Quarantined, [219c58b06922b680933cdef4be444cb4],
PUP.Optional.DigiAd.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\DigiAd.DigiAd.1, Quarantined, [219c58b06922b680933cdef4be444cb4],
PUP.Optional.DigiAd.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{2ED35963-FCC9-4698-B619-787FE1C75079}, Quarantined, [219c58b06922b680933cdef4be444cb4],
PUP.Optional.DigiAd.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{2ED35963-FCC9-4698-B619-787FE1C75079}, Quarantined, [219c58b06922b680933cdef4be444cb4],
PUP.Optional.DigiAd.A, HKU\S-1-5-21-2053976235-884815390-2803441983-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{2ED35963-FCC9-4698-B619-787FE1C75079}, Quarantined, [219c58b06922b680933cdef4be444cb4],
PUP.Optional.DigiAd.A, HKU\S-1-5-21-2053976235-884815390-2803441983-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{2ED35963-FCC9-4698-B619-787FE1C75079}, Quarantined, [219c58b06922b680933cdef4be444cb4],
PUP.Optional.Mistl.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\Mistl, Delete-on-Reboot, [ead39870becdcc6a2ca53adf04ffb749],
PUP.Optional.Newsfeed.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\Newsfeed, Delete-on-Reboot, [8d3030d8246793a3e047dc3bbc475fa1],
PUM.Security.Hijack.DisableChromeUpdates, HKLM\SOFTWARE\POLICIES\GOOGLE\UPDATE, Quarantined, [902dea1e810a82b4815816908381c040],
PUP.Optional.Venteero.A, HKLM\SOFTWARE\POLICIES\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\ADEF3E17-71F9-4526-B033-B7CB738F050C, Quarantined, [24999078414acc6a60a7436126def709],
PUM.Security.Hijack.DisableChromeUpdates, HKLM\SOFTWARE\WOW6432NODE\POLICIES\GOOGLE\UPDATE, Quarantined, [ad107197c6c53afcc613a5010afa18e8],
PUP.Optional.Venteero.A, HKLM\SOFTWARE\WOW6432NODE\POLICIES\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\ADEF3E17-71F9-4526-B033-B7CB738F050C, Quarantined, [edd07c8ce4a7ba7c39ce950f61a3857b],
PUP.Optional.TweakBit.A, HKLM\SOFTWARE\WOW6432NODE\TWEAKBIT\ATPopups, Quarantined, [338a57b15734dc5ab2ddfab05fa57789],
PUP.Optional.TweakBit.A, HKLM\SOFTWARE\WOW6432NODE\TWEAKBIT\ATUpdaters, Quarantined, [d1ecf117167569cd018e7f2b40c40000],
PUP.Optional.TweakBit.A, HKLM\SOFTWARE\WOW6432NODE\TWEAKBIT\Google Analytics Package, Quarantined, [3c81f216444794a2c5ccc0ea2ada7b85],
Registry Values: 10
PUP.Optional.Alarabeyes.ShrtCln, HKLM\SOFTWARE\POLICIES\GOOGLE\CHROME\RECOMMENDED|HomepageLocation, http://www.alarabeyes.com/, Quarantined, [fcc1a068dead69cd42b7d4cf8e767987]
PUP.Optional.Alarabeyes.ShrtCln, HKLM\SOFTWARE\POLICIES\GOOGLE\CHROME\RESTOREONSTARTUPURLS|1, http://www.alarabeyes.com/, Quarantined, [4776bc4ce6a5e452ab4ffca7d133bf41]
PUM.Security.Hijack.DisableChromeUpdates, HKLM\SOFTWARE\POLICIES\GOOGLE\UPDATE|DisableAutoUpdateChecksCheckboxValue, 1, Quarantined, [902dea1e810a82b4815816908381c040]
PUP.Optional.Alarabeyes.ShrtCln, HKLM\SOFTWARE\POLICIES\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, http://www.alarabeyes.com/, Quarantined, [308d996f7615bb7bde1d70337f8536ca]
PUP.Optional.Venteero.A, HKLM\SOFTWARE\POLICIES\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\ADEF3E17-71F9-4526-B033-B7CB738F050C|DisplayName, VenteeRo, Quarantined, [24999078414acc6a60a7436126def709]
PUP.Optional.Alarabeyes.ShrtCln, HKLM\SOFTWARE\WOW6432NODE\POLICIES\GOOGLE\CHROME\RECOMMENDED|HomepageLocation, http://www.alarabeyes.com/, Quarantined, [f2cb996f117a181e00f9f0b3ca3aac54]
PUP.Optional.Alarabeyes.ShrtCln, HKLM\SOFTWARE\WOW6432NODE\POLICIES\GOOGLE\CHROME\RESTOREONSTARTUPURLS|1, http://www.alarabeyes.com/, Quarantined, [65589f6968235adc30ca5e45c73d817f]
PUM.Security.Hijack.DisableChromeUpdates, HKLM\SOFTWARE\WOW6432NODE\POLICIES\GOOGLE\UPDATE|DisableAutoUpdateChecksCheckboxValue, 1, Quarantined, [ad107197c6c53afcc613a5010afa18e8]
PUP.Optional.Alarabeyes.ShrtCln, HKLM\SOFTWARE\WOW6432NODE\POLICIES\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, http://www.alarabeyes.com/, Quarantined, [b508db2ddfac5fd76893c8db83818977]
PUP.Optional.Venteero.A, HKLM\SOFTWARE\WOW6432NODE\POLICIES\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\ADEF3E17-71F9-4526-B033-B7CB738F050C|DisplayName, VenteeRo, Quarantined, [edd07c8ce4a7ba7c39ce950f61a3857b]
Registry Data: 2
PUP.Optional.ArabyOnline.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, http://www.arabyonline.com/?src=1000, Good: (www.google.com), Bad: (http://www.arabyonline.com/?src=1000),Replaced,[f6c763a55b30fc3a13a57cd58f76f50b]
PUP.Optional.ArabyOnline.A, HKU\S-1-5-18\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, http://www.arabyonline.com/?src=1000, Good: (www.google.com), Bad: (http://www.arabyonline.com/?src=1000),Replaced,[5766f81097f493a3a8117dd4689d58a8]
Folders: 7
PUP.Optional.Kirin.A, C:\ProgramData\Kirin, Quarantined, [a5187f894942fd3970e84ccf8e75b64a],
PUP.Optional.Flasher.A, C:\Users\USER\AppData\Roaming\Flasher, Quarantined, [823bb850b3d81b1b4ab4f0b38a7ab848],
PUP.Optional.MultiPlug.Gen, C:\ProgramData\10112784726666790732, Quarantined, [2598d632ef9cb87e041a4767fc08e41c],
PUP.Optional.Avant.A, C:\Program Files (x86)\Mozilla Firefox\distribution\bundles\addonFF@AdvanT.com, Quarantined, [b706a761ed9e3501a9703fd3a55e956b],
PUP.Optional.Avant.A, C:\Program Files (x86)\Mozilla Firefox\distribution\bundles\addonFF@AdvanT.com\chrome, Quarantined, [b706a761ed9e3501a9703fd3a55e956b],
PUP.Optional.Avant.A, C:\Program Files (x86)\Mozilla Firefox\distribution\bundles\addonFF@AdvanT.com\chrome\content, Quarantined, [b706a761ed9e3501a9703fd3a55e956b],
PUP.Optional.Avant.A, C:\Program Files (x86)\Mozilla Firefox\distribution\bundles\addonFF@AdvanT.com\chrome\content\skin, Quarantined, [b706a761ed9e3501a9703fd3a55e956b],
Files: 90
PUP.Optional.ServiceRNDM.A, C:\Program Files (x86)\Encouraging Half\Encouraging Half.exe, Delete-on-Reboot, [5667db2d3d4ee94d0848943148b99a66],
RiskWare.Tool.CK, C:\ProgramData\AutoKMS\Resources\KMSKG\Keygen.exe, Quarantined, [437af117d2b90135d4dd7ce57f81d12f],
PUP.Optional.Multiplug.A, C:\Program Files (x86)\Apps Launcher\Apps Launcher.exe, Quarantined, [d1ec9375711a22142eeba1f7778a6799],
PUP.Optional.Multiplug.A, C:\Program Files (x86)\Smart Pause for YouTube\Smart Pause for YouTube.exe, Quarantined, [c3fa65a3bccf8aace7e6d6a4aa578977],
PUP.Optional.MultiPlug, C:\Program Files (x86)\LibrarySystem\LibrarySystem.dll, Quarantined, [d2ebe721b4d7c472bfabb01fe61bab55],
Worm.Viking, C:\Windows\Temp\_avast_\unp17653426.tmp, Quarantined, [fbc27a8e840779bd657d428e3aca29d7],
Trojan.Agent.qrz, C:\Windows\Temp\_avast_\unp17677070.tmp, Quarantined, [566753b54f3cc96d2a711da3a45d956b],
Worm.Viking, C:\Users\USER\AppData\Local\S-1-5-31-1286970278978-5713669491-166975984-320\Rotinom\$RECYCLE.BIN.exe, Quarantined, [764705035e2d56e0974bb51b788c926e],
Worm.Viking, C:\Users\USER\AppData\Local\S-1-5-31-1286970278978-5713669491-166975984-320\Rotinom\Tools.exe, Quarantined, [12abfa0eb2d938fef6ec913ff212639d],
Worm.Viking, C:\Users\USER\AppData\Local\S-1-5-31-1286970278978-5713669491-166975984-320\Rotinom\???? ???? ????????.exe, Quarantined, [3c8108006d1eaa8c41a17b55e81c24dc],
Worm.Viking, C:\Users\USER\AppData\Local\S-1-5-31-1286970278978-5713669491-166975984-320\Rotinom\???? ????? ??????? ????????.exe, Quarantined, [e5d838d095f65fd79c4605cb41c36f91],
Worm.Viking, C:\Users\USER\AppData\Local\S-1-5-31-1286970278978-5713669491-166975984-320\Rotinom\????.exe, Quarantined, [4b7254b4b7d4bf77826019b7996b07f9],
Worm.Viking, C:\Users\USER\AppData\Local\S-1-5-31-1286970278978-5713669491-166975984-320\Rotinom\???? ?????.exe, Quarantined, [d5e89375800bef47b32f993736ce9868],
Worm.Viking, C:\Users\USER\AppData\Local\S-1-5-31-1286970278978-5713669491-166975984-320\Rotinom\????? ???? ?????? ??????? ???????? ????????.exe, Quarantined, [b607e820e2a93afc10d28c444bb947b9],
Worm.Viking, C:\Users\USER\AppData\Local\S-1-5-31-1286970278978-5713669491-166975984-320\Rotinom\????? ?????.exe, Quarantined, [b508e91fb3d8191d3ca6686805ff60a0],
Worm.Viking, C:\Users\USER\AppData\Local\S-1-5-31-1286970278978-5713669491-166975984-320\Rotinom\Indexes.exe, Quarantined, [5d6065a3fc8f0630b32f4e82fa0a0bf5],
Worm.Viking, C:\Users\USER\AppData\Local\S-1-5-31-1286970278978-5713669491-166975984-320\Rotinom\Photos of the designs.exe, Quarantined, [74497d8b1b706dc9edf5725eaa5a9c64],
Worm.Viking, C:\Users\USER\AppData\Local\S-1-5-31-1286970278978-5713669491-166975984-320\Rotinom\ .exe, Quarantined, [526b47c188034fe7d40ed1ff6f95f010],
Worm.Viking, C:\Users\USER\AppData\Local\S-1-5-31-1286970278978-5713669491-166975984-320\Rotinom\????? ????.exe, Quarantined, [8e2f868237547fb7eff322aeae56fa06],
Worm.Viking, C:\Users\USER\AppData\Local\S-1-5-31-1286970278978-5713669491-166975984-320\Rotinom\VISITING CARD.exe, Quarantined, [cdf023e546450135736fd7f98a7a5fa1],
Worm.Viking, C:\Users\USER\AppData\Local\S-1-5-31-1286970278978-5713669491-166975984-320\Rotinom\Soft.exe, Quarantined, [9a237098d9b27abc01e1ce02b450cb35],
Worm.Viking, C:\Users\USER\AppData\Local\S-1-5-31-1286970278978-5713669491-166975984-320\Rotinom\System Volume Information.exe, Quarantined, [2b9254b494f70f27dc060fc1887c2ad6],
Worm.Viking, C:\Users\USER\AppData\Local\S-1-5-31-1286970278978-5713669491-166975984-320\Rotinom\Drivers.exe, Quarantined, [239aa7617813b77f0fd3bf11e4209a66],
Worm.Viking, C:\Users\USER\AppData\Local\S-1-5-31-1286970278978-5713669491-166975984-320\Rotinom\Office Collection.exe, Quarantined, [02bb4eba5e2deb4bdb07448c3dc70af6],
Worm.Viking, C:\Users\USER\AppData\Local\S-1-5-31-1286970278978-5713669491-166975984-320\Rotinom\Office=2003.exe, Quarantined, [0eaf38d0f4971c1a26bcf4dc10f48f71],
Worm.Viking, C:\Users\USER\AppData\Local\S-1-5-31-1286970278978-5713669491-166975984-320\Rotinom\New folder.exe, Quarantined, [605d18f05d2eb581f2f016ba877df907],
Worm.Viking, C:\Users\USER\AppData\Local\S-1-5-31-1286970278978-5713669491-166975984-320\Rotinom\al-sayda.exe, Quarantined, [437aea1e3b50c86e6c7679576e965da3],
Worm.Viking, C:\Users\USER\AppData\Local\S-1-5-31-1286970278978-5713669491-166975984-320\Rotinom\??? ????.exe, Quarantined, [cbf273955e2dd75f9d45844c47bd18e8],
Worm.Viking, C:\Users\USER\AppData\Local\S-1-5-31-1286970278978-5713669491-166975984-320\Rotinom\?????.exe, Quarantined, [bd0059afff8caa8cfae89f31c341fc04],
Worm.Viking, C:\Users\USER\AppData\Local\S-1-5-31-1286970278978-5713669491-166975984-320\Rotinom\????? ?????.exe, Quarantined, [e8d5b256d5b6c96dce14dff10afaf709],
Worm.Viking, C:\Users\USER\AppData\Local\S-1-5-31-1286970278978-5713669491-166975984-320\Rotinom\??????.exe, Quarantined, [2e8f6a9e0487a09692506c649d6715eb],
Worm.Viking, C:\Users\USER\AppData\Local\S-1-5-31-1286970278978-5713669491-166975984-320\Rotinom\????.exe, Quarantined, [3c8134d43457162041a1eee252b23cc4],
Worm.AutoRun.FLDGen, C:\Users\USER\AppData\Local\S-1-5-31-1286970278978-5713669491-166975984-320\tlsr\tlsr.exe, Quarantined, [c8f51eea13788bab8a308b34c53bb54b],
Worm.Viking, C:\Users\USER\Desktop\al-sayda\$RECYCLE.BIN.exe, Quarantined, [902d9a6e2467191d3ea4b41c5ea6936d],
Worm.Viking, C:\Users\USER\Desktop\al-sayda\New folder.exe, Quarantined, [caf358b03e4d072f0bd7b91713f1b848],
Worm.Viking, C:\Users\USER\Desktop\al-sayda\Photos of the designs.exe, Quarantined, [febfce3aaddeab8b10d29b35a95b0df3],
Worm.Viking, C:\Users\USER\Desktop\al-sayda\System Volume Information.exe, Quarantined, [417c58b04c3ff1452fb312be917334cc],
Worm.Viking, C:\Users\USER\Desktop\al-sayda\VISITING CARD.exe, Quarantined, [754809ff513aba7caa3827a9dc2835cb],
Worm.Viking, C:\Users\USER\Desktop\al-sayda\??? ????.exe, Quarantined, [e1dcf41429621e180fd313bd887c936d],
Worm.Viking, C:\Users\USER\Desktop\al-sayda\?????.exe, Quarantined, [aa13f513a0ebeb4b4f9301cfaa5a55ab],
Worm.Viking, C:\Users\USER\Desktop\al-sayda\???? ???? ????????.exe, Quarantined, [5667ff09f794df57e101e3ed60a434cc],
Worm.Viking, C:\Users\USER\Desktop\al-sayda\???? ????? ??????? ????????.exe, Quarantined, [b00d5aaebccf36009b477c541ce80ef2],
Worm.Viking, C:\Users\USER\Desktop\al-sayda\???? ?????.exe, Quarantined, [8c31b3555f2c9a9c36ac10c0b252629e],
Worm.Viking, C:\Users\USER\Desktop\al-sayda\????? ???? ?????? ??????? ???????? ????????.exe, Quarantined, [a716cf396c1f033313cf7f51ab595aa6],
Worm.Viking, C:\Users\USER\Desktop\al-sayda\????? ?????.exe, Quarantined, [ad10fa0ee2a93501e101765a5ba97b85],
Worm.Viking, C:\Users\USER\Desktop\al-sayda\????.exe, Quarantined, [dbe20cfc800bdc5a24bef3ddfb090af6],
Worm.Viking, C:\Users\USER\Desktop\al-sayda\al-sayda.exe, Quarantined, [dae3d7314744f343c220963ab64ef808],
Backdoor.Bot, C:\Users\USER\Desktop\al-sayda\al-sayda\om alsada\I am going to write six paragraphs as stated in below with discussion as per what come from Strata 5.rar, Quarantined, [417c3fc967249a9cbab11a252ad727d9],
PUP.Optional.Newsfeed.A, C:\Windows\System32\Tasks\Newsfeed, Quarantined, [14a9e325c7c4152134f1fc1b82816f91],
PUP.Optional.Kirin.A, C:\ProgramData\Kirin\Kirin.exe, Quarantined, [a5187f894942fd3970e84ccf8e75b64a],
PUP.Optional.Flasher.A, C:\Users\USER\AppData\Roaming\Flasher\c32s.exe, Quarantined, [823bb850b3d81b1b4ab4f0b38a7ab848],
PUP.Optional.Mistl.A, C:\Windows\System32\Tasks\Mistl, Quarantined, [64598088aae15bdb12f36d37a262ab55],
PUP.Optional.MultiPlug.Gen, C:\ProgramData\10112784726666790732\08ed620663508e0d92d96f76a0aa5139.ini, Quarantined, [2598d632ef9cb87e041a4767fc08e41c],
PUP.Optional.MultiPlug.Gen, C:\ProgramData\10112784726666790732\7255dd404315d42792d96f76a0aa5139.ini, Quarantined, [2598d632ef9cb87e041a4767fc08e41c],
PUP.Optional.MultiPlug.Gen, C:\ProgramData\10112784726666790732\1c0966006fc8224892d96f76a0aa5139.ini, Quarantined, [2598d632ef9cb87e041a4767fc08e41c],
PUP.Optional.MultiPlug.Gen, C:\ProgramData\10112784726666790732\2629efe376e3f51e92d96f76a0aa5139.ini, Quarantined, [2598d632ef9cb87e041a4767fc08e41c],
PUP.Optional.MultiPlug.Gen, C:\ProgramData\10112784726666790732\2c8582ccba4cc27d92d96f76a0aa5139.ini, Quarantined, [2598d632ef9cb87e041a4767fc08e41c],
PUP.Optional.MultiPlug.Gen, C:\ProgramData\10112784726666790732\2cac10f0f5b5591b92d96f76a0aa5139.ini, Quarantined, [2598d632ef9cb87e041a4767fc08e41c],
PUP.Optional.MultiPlug.Gen, C:\ProgramData\10112784726666790732\3329db3bdc2c735892d96f76a0aa5139.ini, Quarantined, [2598d632ef9cb87e041a4767fc08e41c],
PUP.Optional.MultiPlug.Gen, C:\ProgramData\10112784726666790732\37775abd6f6704a292d96f76a0aa5139.ini, Quarantined, [2598d632ef9cb87e041a4767fc08e41c],
PUP.Optional.MultiPlug.Gen, C:\ProgramData\10112784726666790732\3b666fd215f9c6e192d96f76a0aa5139.ini, Quarantined, [2598d632ef9cb87e041a4767fc08e41c],
PUP.Optional.MultiPlug.Gen, C:\ProgramData\10112784726666790732\4775d99c57b1799e92d96f76a0aa5139.ini, Quarantined, [2598d632ef9cb87e041a4767fc08e41c],
PUP.Optional.MultiPlug.Gen, C:\ProgramData\10112784726666790732\531bc903068f7d9492d96f76a0aa5139.ini, Quarantined, [2598d632ef9cb87e041a4767fc08e41c],
PUP.Optional.MultiPlug.Gen, C:\ProgramData\10112784726666790732\819693f03968562692d96f76a0aa5139.ini, Quarantined, [2598d632ef9cb87e041a4767fc08e41c],
PUP.Optional.MultiPlug.Gen, C:\ProgramData\10112784726666790732\94ed4de9ca3f824992d96f76a0aa5139.ini, Quarantined, [2598d632ef9cb87e041a4767fc08e41c],
PUP.Optional.MultiPlug.Gen, C:\ProgramData\10112784726666790732\954accd1ef18255b92d96f76a0aa5139.ini, Quarantined, [2598d632ef9cb87e041a4767fc08e41c],
PUP.Optional.MultiPlug.Gen, C:\ProgramData\10112784726666790732\9809bbaa207c3dbd92d96f76a0aa5139.ini, Quarantined, [2598d632ef9cb87e041a4767fc08e41c],
PUP.Optional.MultiPlug.Gen, C:\ProgramData\10112784726666790732\9937b805c8966bb492d96f76a0aa5139.ini, Quarantined, [2598d632ef9cb87e041a4767fc08e41c],
PUP.Optional.MultiPlug.Gen, C:\ProgramData\10112784726666790732\99905630be9437c292d96f76a0aa5139.ini, Quarantined, [2598d632ef9cb87e041a4767fc08e41c],
PUP.Optional.MultiPlug.Gen, C:\ProgramData\10112784726666790732\ad5e6328e91d5a2592d96f76a0aa5139.ini, Quarantined, [2598d632ef9cb87e041a4767fc08e41c],
PUP.Optional.MultiPlug.Gen, C:\ProgramData\10112784726666790732\c5dda8811636467792d96f76a0aa5139.ini, Quarantined, [2598d632ef9cb87e041a4767fc08e41c],
PUP.Optional.MultiPlug.Gen, C:\ProgramData\10112784726666790732\d1b823d8a4cc414992d96f76a0aa5139.ini, Quarantined, [2598d632ef9cb87e041a4767fc08e41c],
PUP.Optional.MultiPlug.Gen, C:\ProgramData\10112784726666790732\d38e8734560118a992d96f76a0aa5139.ini, Quarantined, [2598d632ef9cb87e041a4767fc08e41c],
PUP.Optional.MultiPlug.Gen, C:\ProgramData\10112784726666790732\d6ae24e4beaa0e7292d96f76a0aa5139.ini, Quarantined, [2598d632ef9cb87e041a4767fc08e41c],
PUP.Optional.MultiPlug.Gen, C:\ProgramData\10112784726666790732\d7ffeb7de77a112f92d96f76a0aa5139.ini, Quarantined, [2598d632ef9cb87e041a4767fc08e41c],
PUP.Optional.MultiPlug.Gen, C:\ProgramData\10112784726666790732\f53ea0395e83aa9092d96f76a0aa5139.ini, Quarantined, [2598d632ef9cb87e041a4767fc08e41c],
PUP.Optional.Avant.A, C:\Program Files (x86)\Mozilla Firefox\distribution\bundles\addonFF@AdvanT.com\chrome.manifest, Quarantined, [b706a761ed9e3501a9703fd3a55e956b],
PUP.Optional.Avant.A, C:\Program Files (x86)\Mozilla Firefox\distribution\bundles\addonFF@AdvanT.com\install.rdf, Quarantined, [b706a761ed9e3501a9703fd3a55e956b],
PUP.Optional.Avant.A, C:\Program Files (x86)\Mozilla Firefox\distribution\bundles\addonFF@AdvanT.com\chrome\content\filesrv.js, Quarantined, [b706a761ed9e3501a9703fd3a55e956b],
PUP.Optional.Avant.A, C:\Program Files (x86)\Mozilla Firefox\distribution\bundles\addonFF@AdvanT.com\chrome\content\globals.js, Quarantined, [b706a761ed9e3501a9703fd3a55e956b],
PUP.Optional.Avant.A, C:\Program Files (x86)\Mozilla Firefox\distribution\bundles\addonFF@AdvanT.com\chrome\content\main.js, Quarantined, [b706a761ed9e3501a9703fd3a55e956b],
PUP.Optional.Avant.A, C:\Program Files (x86)\Mozilla Firefox\distribution\bundles\addonFF@AdvanT.com\chrome\content\main.xul, Quarantined, [b706a761ed9e3501a9703fd3a55e956b],
PUP.Optional.Avant.A, C:\Program Files (x86)\Mozilla Firefox\distribution\bundles\addonFF@AdvanT.com\chrome\content\mainOriginal.js, Quarantined, [b706a761ed9e3501a9703fd3a55e956b],
PUP.Optional.Avant.A, C:\Program Files (x86)\Mozilla Firefox\distribution\bundles\addonFF@AdvanT.com\chrome\content\prefs.js, Quarantined, [b706a761ed9e3501a9703fd3a55e956b],
PUP.Optional.Avant.A, C:\Program Files (x86)\Mozilla Firefox\distribution\bundles\addonFF@AdvanT.com\chrome\content\tabs_listener.js, Quarantined, [b706a761ed9e3501a9703fd3a55e956b],
PUP.Optional.Avant.A, C:\Program Files (x86)\Mozilla Firefox\distribution\bundles\addonFF@AdvanT.com\chrome\content\skin\AdvanT.ico, Quarantined, [b706a761ed9e3501a9703fd3a55e956b],
PUP.Optional.Avant.A, C:\Program Files (x86)\Mozilla Firefox\distribution\bundles\addonFF@AdvanT.com\chrome\content\skin\Mopa128.png, Quarantined, [b706a761ed9e3501a9703fd3a55e956b],
PUP.Optional.Avant.A, C:\Program Files (x86)\Mozilla Firefox\distribution\bundles\addonFF@AdvanT.com\chrome\content\skin\Mopa16.png, Quarantined, [b706a761ed9e3501a9703fd3a55e956b],
PUP.Optional.Avant.A, C:\Program Files (x86)\Mozilla Firefox\distribution\bundles\addonFF@AdvanT.com\chrome\content\skin\Mopa48.png, Quarantined, [b706a761ed9e3501a9703fd3a55e956b],
PUP.Optional.Alarabeyes, C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences, Good: ("session":{"restore_on_startup":4,"startup_urls":["https://www.malwarebytes.org/restorebrowser/"]}}), Bad: ("session":{"restore_on_startup":4,"startup_urls":["http://www.alarabeyes.com/"]},"software_reporter":{"prompt_reason":0,"prompt_seed":"20150601","prompt_version":"3.21.0"}}), Replaced,[57667494ff8c77bf5c69365611f4f907]
Physical Sectors: 0
(No malicious items detected)
(end)
www.malwarebytes.org
Scan Date: 14/08/2015
Scan Time: 08:10 ?
Logfile: malwar.txt
Administrator: Yes
Version: 2.1.8.1057
Malware Database: v2015.08.14.05
Rootkit Database: v2015.08.06.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: USER
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 348115
Time Elapsed: 12 min, 16 sec
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
Processes: 1
PUP.Optional.ServiceRNDM.A, C:\Program Files (x86)\Encouraging Half\Encouraging Half.exe, 2136, Delete-on-Reboot, [5667db2d3d4ee94d0848943148b99a66]
Modules: 0
(No malicious items detected)
Registry Keys: 28
PUP.Optional.ServiceRNDM.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\Encouraging Half, Quarantined, [5667db2d3d4ee94d0848943148b99a66],
PUP.Optional.DigiAd.A, HKLM\SOFTWARE\CLASSES\CLSID\{2ED35963-FCC9-4698-B619-787FE1C75079}, Quarantined, [219c58b06922b680933cdef4be444cb4],
PUP.Optional.DigiAd.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{3FC2D59A-5C76-1E97-30DC-1EC6784419E5}, Quarantined, [219c58b06922b680933cdef4be444cb4],
PUP.Optional.DigiAd.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{63D2A451-3351-178C-7BC4-13C4D58A7652}, Quarantined, [219c58b06922b680933cdef4be444cb4],
PUP.Optional.DigiAd.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{63D2A451-3351-178C-7BC4-13C4D58A7652}, Quarantined, [219c58b06922b680933cdef4be444cb4],
PUP.Optional.DigiAd.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{63D2A451-3351-178C-7BC4-13C4D58A7652}, Quarantined, [219c58b06922b680933cdef4be444cb4],
PUP.Optional.DigiAd.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{3FC2D59A-5C76-1E97-30DC-1EC6784419E5}, Quarantined, [219c58b06922b680933cdef4be444cb4],
PUP.Optional.DigiAd.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\TYPELIB\{3FC2D59A-5C76-1E97-30DC-1EC6784419E5}, Quarantined, [219c58b06922b680933cdef4be444cb4],
PUP.Optional.DigiAd.A, HKLM\SOFTWARE\CLASSES\DigiAd.DigiAd.1, Quarantined, [219c58b06922b680933cdef4be444cb4],
PUP.Optional.DigiAd.A, HKLM\SOFTWARE\CLASSES\DigiAd.DigiAd, Quarantined, [219c58b06922b680933cdef4be444cb4],
PUP.Optional.DigiAd.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\DigiAd.DigiAd, Quarantined, [219c58b06922b680933cdef4be444cb4],
PUP.Optional.DigiAd.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\DigiAd.DigiAd, Quarantined, [219c58b06922b680933cdef4be444cb4],
PUP.Optional.DigiAd.A, HKU\S-1-5-21-2053976235-884815390-2803441983-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{2ED35963-FCC9-4698-B619-787FE1C75079}, Quarantined, [219c58b06922b680933cdef4be444cb4],
PUP.Optional.DigiAd.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\DigiAd.DigiAd.1, Quarantined, [219c58b06922b680933cdef4be444cb4],
PUP.Optional.DigiAd.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\DigiAd.DigiAd.1, Quarantined, [219c58b06922b680933cdef4be444cb4],
PUP.Optional.DigiAd.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{2ED35963-FCC9-4698-B619-787FE1C75079}, Quarantined, [219c58b06922b680933cdef4be444cb4],
PUP.Optional.DigiAd.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{2ED35963-FCC9-4698-B619-787FE1C75079}, Quarantined, [219c58b06922b680933cdef4be444cb4],
PUP.Optional.DigiAd.A, HKU\S-1-5-21-2053976235-884815390-2803441983-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{2ED35963-FCC9-4698-B619-787FE1C75079}, Quarantined, [219c58b06922b680933cdef4be444cb4],
PUP.Optional.DigiAd.A, HKU\S-1-5-21-2053976235-884815390-2803441983-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{2ED35963-FCC9-4698-B619-787FE1C75079}, Quarantined, [219c58b06922b680933cdef4be444cb4],
PUP.Optional.Mistl.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\Mistl, Delete-on-Reboot, [ead39870becdcc6a2ca53adf04ffb749],
PUP.Optional.Newsfeed.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\Newsfeed, Delete-on-Reboot, [8d3030d8246793a3e047dc3bbc475fa1],
PUM.Security.Hijack.DisableChromeUpdates, HKLM\SOFTWARE\POLICIES\GOOGLE\UPDATE, Quarantined, [902dea1e810a82b4815816908381c040],
PUP.Optional.Venteero.A, HKLM\SOFTWARE\POLICIES\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\ADEF3E17-71F9-4526-B033-B7CB738F050C, Quarantined, [24999078414acc6a60a7436126def709],
PUM.Security.Hijack.DisableChromeUpdates, HKLM\SOFTWARE\WOW6432NODE\POLICIES\GOOGLE\UPDATE, Quarantined, [ad107197c6c53afcc613a5010afa18e8],
PUP.Optional.Venteero.A, HKLM\SOFTWARE\WOW6432NODE\POLICIES\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\ADEF3E17-71F9-4526-B033-B7CB738F050C, Quarantined, [edd07c8ce4a7ba7c39ce950f61a3857b],
PUP.Optional.TweakBit.A, HKLM\SOFTWARE\WOW6432NODE\TWEAKBIT\ATPopups, Quarantined, [338a57b15734dc5ab2ddfab05fa57789],
PUP.Optional.TweakBit.A, HKLM\SOFTWARE\WOW6432NODE\TWEAKBIT\ATUpdaters, Quarantined, [d1ecf117167569cd018e7f2b40c40000],
PUP.Optional.TweakBit.A, HKLM\SOFTWARE\WOW6432NODE\TWEAKBIT\Google Analytics Package, Quarantined, [3c81f216444794a2c5ccc0ea2ada7b85],
Registry Values: 10
PUP.Optional.Alarabeyes.ShrtCln, HKLM\SOFTWARE\POLICIES\GOOGLE\CHROME\RECOMMENDED|HomepageLocation, http://www.alarabeyes.com/, Quarantined, [fcc1a068dead69cd42b7d4cf8e767987]
PUP.Optional.Alarabeyes.ShrtCln, HKLM\SOFTWARE\POLICIES\GOOGLE\CHROME\RESTOREONSTARTUPURLS|1, http://www.alarabeyes.com/, Quarantined, [4776bc4ce6a5e452ab4ffca7d133bf41]
PUM.Security.Hijack.DisableChromeUpdates, HKLM\SOFTWARE\POLICIES\GOOGLE\UPDATE|DisableAutoUpdateChecksCheckboxValue, 1, Quarantined, [902dea1e810a82b4815816908381c040]
PUP.Optional.Alarabeyes.ShrtCln, HKLM\SOFTWARE\POLICIES\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, http://www.alarabeyes.com/, Quarantined, [308d996f7615bb7bde1d70337f8536ca]
PUP.Optional.Venteero.A, HKLM\SOFTWARE\POLICIES\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\ADEF3E17-71F9-4526-B033-B7CB738F050C|DisplayName, VenteeRo, Quarantined, [24999078414acc6a60a7436126def709]
PUP.Optional.Alarabeyes.ShrtCln, HKLM\SOFTWARE\WOW6432NODE\POLICIES\GOOGLE\CHROME\RECOMMENDED|HomepageLocation, http://www.alarabeyes.com/, Quarantined, [f2cb996f117a181e00f9f0b3ca3aac54]
PUP.Optional.Alarabeyes.ShrtCln, HKLM\SOFTWARE\WOW6432NODE\POLICIES\GOOGLE\CHROME\RESTOREONSTARTUPURLS|1, http://www.alarabeyes.com/, Quarantined, [65589f6968235adc30ca5e45c73d817f]
PUM.Security.Hijack.DisableChromeUpdates, HKLM\SOFTWARE\WOW6432NODE\POLICIES\GOOGLE\UPDATE|DisableAutoUpdateChecksCheckboxValue, 1, Quarantined, [ad107197c6c53afcc613a5010afa18e8]
PUP.Optional.Alarabeyes.ShrtCln, HKLM\SOFTWARE\WOW6432NODE\POLICIES\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, http://www.alarabeyes.com/, Quarantined, [b508db2ddfac5fd76893c8db83818977]
PUP.Optional.Venteero.A, HKLM\SOFTWARE\WOW6432NODE\POLICIES\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\ADEF3E17-71F9-4526-B033-B7CB738F050C|DisplayName, VenteeRo, Quarantined, [edd07c8ce4a7ba7c39ce950f61a3857b]
Registry Data: 2
PUP.Optional.ArabyOnline.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, http://www.arabyonline.com/?src=1000, Good: (www.google.com), Bad: (http://www.arabyonline.com/?src=1000),Replaced,[f6c763a55b30fc3a13a57cd58f76f50b]
PUP.Optional.ArabyOnline.A, HKU\S-1-5-18\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, http://www.arabyonline.com/?src=1000, Good: (www.google.com), Bad: (http://www.arabyonline.com/?src=1000),Replaced,[5766f81097f493a3a8117dd4689d58a8]
Folders: 7
PUP.Optional.Kirin.A, C:\ProgramData\Kirin, Quarantined, [a5187f894942fd3970e84ccf8e75b64a],
PUP.Optional.Flasher.A, C:\Users\USER\AppData\Roaming\Flasher, Quarantined, [823bb850b3d81b1b4ab4f0b38a7ab848],
PUP.Optional.MultiPlug.Gen, C:\ProgramData\10112784726666790732, Quarantined, [2598d632ef9cb87e041a4767fc08e41c],
PUP.Optional.Avant.A, C:\Program Files (x86)\Mozilla Firefox\distribution\bundles\addonFF@AdvanT.com, Quarantined, [b706a761ed9e3501a9703fd3a55e956b],
PUP.Optional.Avant.A, C:\Program Files (x86)\Mozilla Firefox\distribution\bundles\addonFF@AdvanT.com\chrome, Quarantined, [b706a761ed9e3501a9703fd3a55e956b],
PUP.Optional.Avant.A, C:\Program Files (x86)\Mozilla Firefox\distribution\bundles\addonFF@AdvanT.com\chrome\content, Quarantined, [b706a761ed9e3501a9703fd3a55e956b],
PUP.Optional.Avant.A, C:\Program Files (x86)\Mozilla Firefox\distribution\bundles\addonFF@AdvanT.com\chrome\content\skin, Quarantined, [b706a761ed9e3501a9703fd3a55e956b],
Files: 90
PUP.Optional.ServiceRNDM.A, C:\Program Files (x86)\Encouraging Half\Encouraging Half.exe, Delete-on-Reboot, [5667db2d3d4ee94d0848943148b99a66],
RiskWare.Tool.CK, C:\ProgramData\AutoKMS\Resources\KMSKG\Keygen.exe, Quarantined, [437af117d2b90135d4dd7ce57f81d12f],
PUP.Optional.Multiplug.A, C:\Program Files (x86)\Apps Launcher\Apps Launcher.exe, Quarantined, [d1ec9375711a22142eeba1f7778a6799],
PUP.Optional.Multiplug.A, C:\Program Files (x86)\Smart Pause for YouTube\Smart Pause for YouTube.exe, Quarantined, [c3fa65a3bccf8aace7e6d6a4aa578977],
PUP.Optional.MultiPlug, C:\Program Files (x86)\LibrarySystem\LibrarySystem.dll, Quarantined, [d2ebe721b4d7c472bfabb01fe61bab55],
Worm.Viking, C:\Windows\Temp\_avast_\unp17653426.tmp, Quarantined, [fbc27a8e840779bd657d428e3aca29d7],
Trojan.Agent.qrz, C:\Windows\Temp\_avast_\unp17677070.tmp, Quarantined, [566753b54f3cc96d2a711da3a45d956b],
Worm.Viking, C:\Users\USER\AppData\Local\S-1-5-31-1286970278978-5713669491-166975984-320\Rotinom\$RECYCLE.BIN.exe, Quarantined, [764705035e2d56e0974bb51b788c926e],
Worm.Viking, C:\Users\USER\AppData\Local\S-1-5-31-1286970278978-5713669491-166975984-320\Rotinom\Tools.exe, Quarantined, [12abfa0eb2d938fef6ec913ff212639d],
Worm.Viking, C:\Users\USER\AppData\Local\S-1-5-31-1286970278978-5713669491-166975984-320\Rotinom\???? ???? ????????.exe, Quarantined, [3c8108006d1eaa8c41a17b55e81c24dc],
Worm.Viking, C:\Users\USER\AppData\Local\S-1-5-31-1286970278978-5713669491-166975984-320\Rotinom\???? ????? ??????? ????????.exe, Quarantined, [e5d838d095f65fd79c4605cb41c36f91],
Worm.Viking, C:\Users\USER\AppData\Local\S-1-5-31-1286970278978-5713669491-166975984-320\Rotinom\????.exe, Quarantined, [4b7254b4b7d4bf77826019b7996b07f9],
Worm.Viking, C:\Users\USER\AppData\Local\S-1-5-31-1286970278978-5713669491-166975984-320\Rotinom\???? ?????.exe, Quarantined, [d5e89375800bef47b32f993736ce9868],
Worm.Viking, C:\Users\USER\AppData\Local\S-1-5-31-1286970278978-5713669491-166975984-320\Rotinom\????? ???? ?????? ??????? ???????? ????????.exe, Quarantined, [b607e820e2a93afc10d28c444bb947b9],
Worm.Viking, C:\Users\USER\AppData\Local\S-1-5-31-1286970278978-5713669491-166975984-320\Rotinom\????? ?????.exe, Quarantined, [b508e91fb3d8191d3ca6686805ff60a0],
Worm.Viking, C:\Users\USER\AppData\Local\S-1-5-31-1286970278978-5713669491-166975984-320\Rotinom\Indexes.exe, Quarantined, [5d6065a3fc8f0630b32f4e82fa0a0bf5],
Worm.Viking, C:\Users\USER\AppData\Local\S-1-5-31-1286970278978-5713669491-166975984-320\Rotinom\Photos of the designs.exe, Quarantined, [74497d8b1b706dc9edf5725eaa5a9c64],
Worm.Viking, C:\Users\USER\AppData\Local\S-1-5-31-1286970278978-5713669491-166975984-320\Rotinom\ .exe, Quarantined, [526b47c188034fe7d40ed1ff6f95f010],
Worm.Viking, C:\Users\USER\AppData\Local\S-1-5-31-1286970278978-5713669491-166975984-320\Rotinom\????? ????.exe, Quarantined, [8e2f868237547fb7eff322aeae56fa06],
Worm.Viking, C:\Users\USER\AppData\Local\S-1-5-31-1286970278978-5713669491-166975984-320\Rotinom\VISITING CARD.exe, Quarantined, [cdf023e546450135736fd7f98a7a5fa1],
Worm.Viking, C:\Users\USER\AppData\Local\S-1-5-31-1286970278978-5713669491-166975984-320\Rotinom\Soft.exe, Quarantined, [9a237098d9b27abc01e1ce02b450cb35],
Worm.Viking, C:\Users\USER\AppData\Local\S-1-5-31-1286970278978-5713669491-166975984-320\Rotinom\System Volume Information.exe, Quarantined, [2b9254b494f70f27dc060fc1887c2ad6],
Worm.Viking, C:\Users\USER\AppData\Local\S-1-5-31-1286970278978-5713669491-166975984-320\Rotinom\Drivers.exe, Quarantined, [239aa7617813b77f0fd3bf11e4209a66],
Worm.Viking, C:\Users\USER\AppData\Local\S-1-5-31-1286970278978-5713669491-166975984-320\Rotinom\Office Collection.exe, Quarantined, [02bb4eba5e2deb4bdb07448c3dc70af6],
Worm.Viking, C:\Users\USER\AppData\Local\S-1-5-31-1286970278978-5713669491-166975984-320\Rotinom\Office=2003.exe, Quarantined, [0eaf38d0f4971c1a26bcf4dc10f48f71],
Worm.Viking, C:\Users\USER\AppData\Local\S-1-5-31-1286970278978-5713669491-166975984-320\Rotinom\New folder.exe, Quarantined, [605d18f05d2eb581f2f016ba877df907],
Worm.Viking, C:\Users\USER\AppData\Local\S-1-5-31-1286970278978-5713669491-166975984-320\Rotinom\al-sayda.exe, Quarantined, [437aea1e3b50c86e6c7679576e965da3],
Worm.Viking, C:\Users\USER\AppData\Local\S-1-5-31-1286970278978-5713669491-166975984-320\Rotinom\??? ????.exe, Quarantined, [cbf273955e2dd75f9d45844c47bd18e8],
Worm.Viking, C:\Users\USER\AppData\Local\S-1-5-31-1286970278978-5713669491-166975984-320\Rotinom\?????.exe, Quarantined, [bd0059afff8caa8cfae89f31c341fc04],
Worm.Viking, C:\Users\USER\AppData\Local\S-1-5-31-1286970278978-5713669491-166975984-320\Rotinom\????? ?????.exe, Quarantined, [e8d5b256d5b6c96dce14dff10afaf709],
Worm.Viking, C:\Users\USER\AppData\Local\S-1-5-31-1286970278978-5713669491-166975984-320\Rotinom\??????.exe, Quarantined, [2e8f6a9e0487a09692506c649d6715eb],
Worm.Viking, C:\Users\USER\AppData\Local\S-1-5-31-1286970278978-5713669491-166975984-320\Rotinom\????.exe, Quarantined, [3c8134d43457162041a1eee252b23cc4],
Worm.AutoRun.FLDGen, C:\Users\USER\AppData\Local\S-1-5-31-1286970278978-5713669491-166975984-320\tlsr\tlsr.exe, Quarantined, [c8f51eea13788bab8a308b34c53bb54b],
Worm.Viking, C:\Users\USER\Desktop\al-sayda\$RECYCLE.BIN.exe, Quarantined, [902d9a6e2467191d3ea4b41c5ea6936d],
Worm.Viking, C:\Users\USER\Desktop\al-sayda\New folder.exe, Quarantined, [caf358b03e4d072f0bd7b91713f1b848],
Worm.Viking, C:\Users\USER\Desktop\al-sayda\Photos of the designs.exe, Quarantined, [febfce3aaddeab8b10d29b35a95b0df3],
Worm.Viking, C:\Users\USER\Desktop\al-sayda\System Volume Information.exe, Quarantined, [417c58b04c3ff1452fb312be917334cc],
Worm.Viking, C:\Users\USER\Desktop\al-sayda\VISITING CARD.exe, Quarantined, [754809ff513aba7caa3827a9dc2835cb],
Worm.Viking, C:\Users\USER\Desktop\al-sayda\??? ????.exe, Quarantined, [e1dcf41429621e180fd313bd887c936d],
Worm.Viking, C:\Users\USER\Desktop\al-sayda\?????.exe, Quarantined, [aa13f513a0ebeb4b4f9301cfaa5a55ab],
Worm.Viking, C:\Users\USER\Desktop\al-sayda\???? ???? ????????.exe, Quarantined, [5667ff09f794df57e101e3ed60a434cc],
Worm.Viking, C:\Users\USER\Desktop\al-sayda\???? ????? ??????? ????????.exe, Quarantined, [b00d5aaebccf36009b477c541ce80ef2],
Worm.Viking, C:\Users\USER\Desktop\al-sayda\???? ?????.exe, Quarantined, [8c31b3555f2c9a9c36ac10c0b252629e],
Worm.Viking, C:\Users\USER\Desktop\al-sayda\????? ???? ?????? ??????? ???????? ????????.exe, Quarantined, [a716cf396c1f033313cf7f51ab595aa6],
Worm.Viking, C:\Users\USER\Desktop\al-sayda\????? ?????.exe, Quarantined, [ad10fa0ee2a93501e101765a5ba97b85],
Worm.Viking, C:\Users\USER\Desktop\al-sayda\????.exe, Quarantined, [dbe20cfc800bdc5a24bef3ddfb090af6],
Worm.Viking, C:\Users\USER\Desktop\al-sayda\al-sayda.exe, Quarantined, [dae3d7314744f343c220963ab64ef808],
Backdoor.Bot, C:\Users\USER\Desktop\al-sayda\al-sayda\om alsada\I am going to write six paragraphs as stated in below with discussion as per what come from Strata 5.rar, Quarantined, [417c3fc967249a9cbab11a252ad727d9],
PUP.Optional.Newsfeed.A, C:\Windows\System32\Tasks\Newsfeed, Quarantined, [14a9e325c7c4152134f1fc1b82816f91],
PUP.Optional.Kirin.A, C:\ProgramData\Kirin\Kirin.exe, Quarantined, [a5187f894942fd3970e84ccf8e75b64a],
PUP.Optional.Flasher.A, C:\Users\USER\AppData\Roaming\Flasher\c32s.exe, Quarantined, [823bb850b3d81b1b4ab4f0b38a7ab848],
PUP.Optional.Mistl.A, C:\Windows\System32\Tasks\Mistl, Quarantined, [64598088aae15bdb12f36d37a262ab55],
PUP.Optional.MultiPlug.Gen, C:\ProgramData\10112784726666790732\08ed620663508e0d92d96f76a0aa5139.ini, Quarantined, [2598d632ef9cb87e041a4767fc08e41c],
PUP.Optional.MultiPlug.Gen, C:\ProgramData\10112784726666790732\7255dd404315d42792d96f76a0aa5139.ini, Quarantined, [2598d632ef9cb87e041a4767fc08e41c],
PUP.Optional.MultiPlug.Gen, C:\ProgramData\10112784726666790732\1c0966006fc8224892d96f76a0aa5139.ini, Quarantined, [2598d632ef9cb87e041a4767fc08e41c],
PUP.Optional.MultiPlug.Gen, C:\ProgramData\10112784726666790732\2629efe376e3f51e92d96f76a0aa5139.ini, Quarantined, [2598d632ef9cb87e041a4767fc08e41c],
PUP.Optional.MultiPlug.Gen, C:\ProgramData\10112784726666790732\2c8582ccba4cc27d92d96f76a0aa5139.ini, Quarantined, [2598d632ef9cb87e041a4767fc08e41c],
PUP.Optional.MultiPlug.Gen, C:\ProgramData\10112784726666790732\2cac10f0f5b5591b92d96f76a0aa5139.ini, Quarantined, [2598d632ef9cb87e041a4767fc08e41c],
PUP.Optional.MultiPlug.Gen, C:\ProgramData\10112784726666790732\3329db3bdc2c735892d96f76a0aa5139.ini, Quarantined, [2598d632ef9cb87e041a4767fc08e41c],
PUP.Optional.MultiPlug.Gen, C:\ProgramData\10112784726666790732\37775abd6f6704a292d96f76a0aa5139.ini, Quarantined, [2598d632ef9cb87e041a4767fc08e41c],
PUP.Optional.MultiPlug.Gen, C:\ProgramData\10112784726666790732\3b666fd215f9c6e192d96f76a0aa5139.ini, Quarantined, [2598d632ef9cb87e041a4767fc08e41c],
PUP.Optional.MultiPlug.Gen, C:\ProgramData\10112784726666790732\4775d99c57b1799e92d96f76a0aa5139.ini, Quarantined, [2598d632ef9cb87e041a4767fc08e41c],
PUP.Optional.MultiPlug.Gen, C:\ProgramData\10112784726666790732\531bc903068f7d9492d96f76a0aa5139.ini, Quarantined, [2598d632ef9cb87e041a4767fc08e41c],
PUP.Optional.MultiPlug.Gen, C:\ProgramData\10112784726666790732\819693f03968562692d96f76a0aa5139.ini, Quarantined, [2598d632ef9cb87e041a4767fc08e41c],
PUP.Optional.MultiPlug.Gen, C:\ProgramData\10112784726666790732\94ed4de9ca3f824992d96f76a0aa5139.ini, Quarantined, [2598d632ef9cb87e041a4767fc08e41c],
PUP.Optional.MultiPlug.Gen, C:\ProgramData\10112784726666790732\954accd1ef18255b92d96f76a0aa5139.ini, Quarantined, [2598d632ef9cb87e041a4767fc08e41c],
PUP.Optional.MultiPlug.Gen, C:\ProgramData\10112784726666790732\9809bbaa207c3dbd92d96f76a0aa5139.ini, Quarantined, [2598d632ef9cb87e041a4767fc08e41c],
PUP.Optional.MultiPlug.Gen, C:\ProgramData\10112784726666790732\9937b805c8966bb492d96f76a0aa5139.ini, Quarantined, [2598d632ef9cb87e041a4767fc08e41c],
PUP.Optional.MultiPlug.Gen, C:\ProgramData\10112784726666790732\99905630be9437c292d96f76a0aa5139.ini, Quarantined, [2598d632ef9cb87e041a4767fc08e41c],
PUP.Optional.MultiPlug.Gen, C:\ProgramData\10112784726666790732\ad5e6328e91d5a2592d96f76a0aa5139.ini, Quarantined, [2598d632ef9cb87e041a4767fc08e41c],
PUP.Optional.MultiPlug.Gen, C:\ProgramData\10112784726666790732\c5dda8811636467792d96f76a0aa5139.ini, Quarantined, [2598d632ef9cb87e041a4767fc08e41c],
PUP.Optional.MultiPlug.Gen, C:\ProgramData\10112784726666790732\d1b823d8a4cc414992d96f76a0aa5139.ini, Quarantined, [2598d632ef9cb87e041a4767fc08e41c],
PUP.Optional.MultiPlug.Gen, C:\ProgramData\10112784726666790732\d38e8734560118a992d96f76a0aa5139.ini, Quarantined, [2598d632ef9cb87e041a4767fc08e41c],
PUP.Optional.MultiPlug.Gen, C:\ProgramData\10112784726666790732\d6ae24e4beaa0e7292d96f76a0aa5139.ini, Quarantined, [2598d632ef9cb87e041a4767fc08e41c],
PUP.Optional.MultiPlug.Gen, C:\ProgramData\10112784726666790732\d7ffeb7de77a112f92d96f76a0aa5139.ini, Quarantined, [2598d632ef9cb87e041a4767fc08e41c],
PUP.Optional.MultiPlug.Gen, C:\ProgramData\10112784726666790732\f53ea0395e83aa9092d96f76a0aa5139.ini, Quarantined, [2598d632ef9cb87e041a4767fc08e41c],
PUP.Optional.Avant.A, C:\Program Files (x86)\Mozilla Firefox\distribution\bundles\addonFF@AdvanT.com\chrome.manifest, Quarantined, [b706a761ed9e3501a9703fd3a55e956b],
PUP.Optional.Avant.A, C:\Program Files (x86)\Mozilla Firefox\distribution\bundles\addonFF@AdvanT.com\install.rdf, Quarantined, [b706a761ed9e3501a9703fd3a55e956b],
PUP.Optional.Avant.A, C:\Program Files (x86)\Mozilla Firefox\distribution\bundles\addonFF@AdvanT.com\chrome\content\filesrv.js, Quarantined, [b706a761ed9e3501a9703fd3a55e956b],
PUP.Optional.Avant.A, C:\Program Files (x86)\Mozilla Firefox\distribution\bundles\addonFF@AdvanT.com\chrome\content\globals.js, Quarantined, [b706a761ed9e3501a9703fd3a55e956b],
PUP.Optional.Avant.A, C:\Program Files (x86)\Mozilla Firefox\distribution\bundles\addonFF@AdvanT.com\chrome\content\main.js, Quarantined, [b706a761ed9e3501a9703fd3a55e956b],
PUP.Optional.Avant.A, C:\Program Files (x86)\Mozilla Firefox\distribution\bundles\addonFF@AdvanT.com\chrome\content\main.xul, Quarantined, [b706a761ed9e3501a9703fd3a55e956b],
PUP.Optional.Avant.A, C:\Program Files (x86)\Mozilla Firefox\distribution\bundles\addonFF@AdvanT.com\chrome\content\mainOriginal.js, Quarantined, [b706a761ed9e3501a9703fd3a55e956b],
PUP.Optional.Avant.A, C:\Program Files (x86)\Mozilla Firefox\distribution\bundles\addonFF@AdvanT.com\chrome\content\prefs.js, Quarantined, [b706a761ed9e3501a9703fd3a55e956b],
PUP.Optional.Avant.A, C:\Program Files (x86)\Mozilla Firefox\distribution\bundles\addonFF@AdvanT.com\chrome\content\tabs_listener.js, Quarantined, [b706a761ed9e3501a9703fd3a55e956b],
PUP.Optional.Avant.A, C:\Program Files (x86)\Mozilla Firefox\distribution\bundles\addonFF@AdvanT.com\chrome\content\skin\AdvanT.ico, Quarantined, [b706a761ed9e3501a9703fd3a55e956b],
PUP.Optional.Avant.A, C:\Program Files (x86)\Mozilla Firefox\distribution\bundles\addonFF@AdvanT.com\chrome\content\skin\Mopa128.png, Quarantined, [b706a761ed9e3501a9703fd3a55e956b],
PUP.Optional.Avant.A, C:\Program Files (x86)\Mozilla Firefox\distribution\bundles\addonFF@AdvanT.com\chrome\content\skin\Mopa16.png, Quarantined, [b706a761ed9e3501a9703fd3a55e956b],
PUP.Optional.Avant.A, C:\Program Files (x86)\Mozilla Firefox\distribution\bundles\addonFF@AdvanT.com\chrome\content\skin\Mopa48.png, Quarantined, [b706a761ed9e3501a9703fd3a55e956b],
PUP.Optional.Alarabeyes, C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences, Good: ("session":{"restore_on_startup":4,"startup_urls":["https://www.malwarebytes.org/restorebrowser/"]}}), Bad: ("session":{"restore_on_startup":4,"startup_urls":["http://www.alarabeyes.com/"]},"software_reporter":{"prompt_reason":0,"prompt_seed":"20150601","prompt_version":"3.21.0"}}), Replaced,[57667494ff8c77bf5c69365611f4f907]
Physical Sectors: 0
(No malicious items detected)
(end)