HitmanPro-20160523-1557.log

Document joint : FExoaqVoIhH_HitmanPro-20160523-1557.log

Cliquez pour partager vos propres fichiers

Format du document : application/octet-stream

Prévisualisation

[code]
HitmanPro 3.7.14.265
www.hitmanpro.com

Computer name . . . . : AHMED-PC
Windows . . . . . . . : 6.1.1.7601.X86/2
User name . . . . . . : ahmed-PC\ahmed
UAC . . . . . . . . . : Enabled
License . . . . . . . : Trial (30 days left)

Scan date . . . . . . : 2016-05-23 15:27:10
Scan mode . . . . . . : Normal
Scan duration . . . . : 22m 1s
Disk access mode . . : Direct disk access (SRB)
Cloud . . . . . . . . : Internet
Reboot . . . . . . . : No

Threats . . . . . . . : 3
Traces . . . . . . . : 124

Objects scanned . . . : 1,008,466
Files scanned . . . . : 43,804
Remnants scanned . . : 245,980 files / 718,682 keys

Malware _____________________________________________________________________

C:\Users\ahmed\AppData\Local\Temp\0tq3sjGxUe.exe -> Quarantined
Size . . . . . . . : 784,880 bytes
Age . . . . . . . : 4.7 days (2016-05-18 21:48:31)
Entropy . . . . . : 6.6
SHA-256 . . . . . : 92AE33609F31001D6DFC810BA067D00F66553AB4CBA1B38D0F22C19B624B547A
Product
Publisher
Description
Version . . . . . : 201605161508
Copyright
RSA Key Size . . . : 2048
LanguageID . . . . : 1033
Authenticode . . . : Valid
> HitmanPro . . . . : App/Generic-BH
Fuzzy . . . . . . : 101.0
Forensic Cluster
0.0s C:\Users\ahmed\AppData\Local\Temp\0tq3sjGxUe.exe
5.2s C:\Users\ahmed\AppData\Local\Temp\rjpMSCXK3N.exe
13.9s C:\Users\ahmed\AppData\Local\Temp\nsx7061.tmp
14.0s C:\Users\ahmed\AppData\Local\Temp\nsx7061.tmp.exe

C:\Users\ahmed\AppData\Local\Temp\HYD7CC0.tmp.1463676103\HTA\3rdparty\OCSetupHlp.dll -> Deleted
Size . . . . . . . : 1,037,312 bytes
Age . . . . . . . : 3.9 days (2016-05-19 18:42:16)
Entropy . . . . . : 6.5
SHA-256 . . . . . : 1A8A8C6849F047E750906941CB5E50EC5266BE9FDE24261AE31B8156CC2E072F
Product
Publisher
Description
Version . . . . . : 2.1.0.89
Copyright
LanguageID . . . . : 1033
> Kaspersky . . . . : not-a-virus:AdWare.Win32.OpenCandy.bv
> HitmanPro . . . . : App/OpenCndy-O
Fuzzy . . . . . . : 105.0
Forensic Cluster
0.0s C:\Users\ahmed\AppData\Local\Temp\HYD7CC0.tmp.1463676103\HTA\3rdparty\
0.0s C:\Users\ahmed\AppData\Local\Temp\HYD7CC0.tmp.1463676103\HTA\3rdparty\OCComSDK.dll
0.0s C:\Users\ahmed\AppData\Local\Temp\HYD7CC0.tmp.1463676103\HTA\3rdparty\OCSetupHlp.dll
0.0s C:\Users\ahmed\AppData\Local\Temp\HYD7CC0.tmp.1463676103\HTA\index.hta
0.0s C:\Users\ahmed\AppData\Local\Temp\HYD7CC0.tmp.1463676103\HTA\uninstall.hta
0.0s C:\Users\ahmed\AppData\Local\Temp\HYD7CC0.tmp.1463676103\HTA\images\
0.0s C:\Users\ahmed\AppData\Local\Temp\HYD7CC0.tmp.1463676103\HTA\images\bt_icon_48px.png
0.0s C:\Users\ahmed\AppData\Local\Temp\HYD7CC0.tmp.1463676103\HTA\images\loading.gif
0.0s C:\Users\ahmed\AppData\Local\Temp\HYD7CC0.tmp.1463676103\HTA\images\logo_Yandex_RU_UA_vertical.png
0.0s C:\Users\ahmed\AppData\Local\Temp\HYD7CC0.tmp.1463676103\HTA\images\main_bittorrent.ico
0.0s C:\Users\ahmed\AppData\Local\Temp\HYD7CC0.tmp.1463676103\HTA\images\main_icon.png
0.0s C:\Users\ahmed\AppData\Local\Temp\HYD7CC0.tmp.1463676103\HTA\images\main_utorrent.ico
0.0s C:\Users\ahmed\AppData\Local\Temp\HYD7CC0.tmp.1463676103\HTA\images\search_protect.png
0.0s C:\Users\ahmed\AppData\Local\Temp\HYD7CC0.tmp.1463676103\HTA\images\yandex_browser_setup.bmp
0.0s C:\Users\ahmed\AppData\Local\Temp\HYD7CC0.tmp.1463676103\HTA\images\yandex_horz.png
0.0s C:\Users\ahmed\AppData\Local\Temp\HYD7CC0.tmp.1463676103\HTA\images\yandex_horz_ru.png
0.0s C:\Users\ahmed\AppData\Local\Temp\HYD7CC0.tmp.1463676103\HTA\images\mediacaster\
0.0s C:\Users\ahmed\AppData\Local\Temp\HYD7CC0.tmp.1463676103\HTA\images\mediacaster\chrome.png
0.0s C:\Users\ahmed\AppData\Local\Temp\HYD7CC0.tmp.1463676103\HTA\i18n\
0.0s C:\Users\ahmed\AppData\Local\Temp\HYD7CC0.tmp.1463676103\HTA\i18n\br.json
0.0s C:\Users\ahmed\AppData\Local\Temp\HYD7CC0.tmp.1463676103\HTA\i18n\de.json
0.0s C:\Users\ahmed\AppData\Local\Temp\HYD7CC0.tmp.1463676103\HTA\i18n\en.json
0.0s C:\Users\ahmed\AppData\Local\Temp\HYD7CC0.tmp.1463676103\HTA\i18n\es.json
0.0s C:\Users\ahmed\AppData\Local\Temp\HYD7CC0.tmp.1463676103\HTA\i18n\fr.json
0.0s C:\Users\ahmed\AppData\Local\Temp\HYD7CC0.tmp.1463676103\HTA\i18n\it.json
0.0s C:\Users\ahmed\AppData\Local\Temp\HYD7CC0.tmp.1463676103\HTA\i18n\pt.json
0.0s C:\Users\ahmed\AppData\Local\Temp\HYD7CC0.tmp.1463676103\HTA\i18n\ru.json
0.0s C:\Users\ahmed\AppData\Local\Temp\HYD7CC0.tmp.1463676103\HTA\styles\
0.0s C:\Users\ahmed\AppData\Local\Temp\HYD7CC0.tmp.1463676103\HTA\styles\common.css
0.0s C:\Users\ahmed\AppData\Local\Temp\HYD7CC0.tmp.1463676103\HTA\styles\installer.css
0.0s C:\Users\ahmed\AppData\Local\Temp\HYD7CC0.tmp.1463676103\HTA\images\mediacaster\firefox.png
0.0s C:\Users\ahmed\AppData\Local\Temp\HYD7CC0.tmp.1463676103\HTA\images\mediacaster\internetexplorer.png
0.0s C:\Users\ahmed\AppData\Local\Temp\HYD7CC0.tmp.1463676103\HTA\images\mediacaster\logo.png
0.0s C:\Users\ahmed\AppData\Local\Temp\HYD7CC0.tmp.1463676103\HTA\images\mediacaster\screenshot.png
0.0s C:\Users\ahmed\AppData\Local\Temp\HYD7CC0.tmp.1463676103\HTA\scripts\
0.0s C:\Users\ahmed\AppData\Local\Temp\HYD7CC0.tmp.1463676103\HTA\scripts\common.js
0.0s C:\Users\ahmed\AppData\Local\Temp\HYD7CC0.tmp.1463676103\HTA\scripts\es5-shim.js
0.0s C:\Users\ahmed\AppData\Local\Temp\HYD7CC0.tmp.1463676103\HTA\scripts\initialize.js
0.0s C:\Users\ahmed\AppData\Local\Temp\HYD7CC0.tmp.1463676103\HTA\scripts\install.js
0.0s C:\Users\ahmed\AppData\Local\Temp\HYD7CC0.tmp.1463676103\HTA\scripts\uninstall.js
0.0s C:\Users\ahmed\AppData\Local\Temp\HYD7CC0.tmp.1463676103\HTA\shell_scripts\
0.0s C:\Users\ahmed\AppData\Local\Temp\HYD7CC0.tmp.1463676103\HTA\shell_scripts\check_if_cscript_is_working.js
0.0s C:\Users\ahmed\AppData\Local\Temp\HYD7CC0.tmp.1463676103\HTA\shell_scripts\shell_install_offer.js
0.0s C:\Users\ahmed\AppData\Local\Temp\HYD7CC0.tmp.1463676103\HTA\shell_scripts\shell_ping_after_close.js
3.2s C:\Users\ahmed\AppData\Local\Temp\HYD7CC0.tmp.1463676103_permissionsCopy\
3.2s C:\Users\ahmed\AppData\Local\Temp\HYD7CC0.tmp.1463676103_permissionsCopy\dht.dat
3.2s C:\Users\ahmed\AppData\Local\Temp\HYD7CC0.tmp.1463676103_permissionsCopy\dht.dat.old
3.2s C:\Users\ahmed\AppData\Local\Temp\HYD7CC0.tmp.1463676103_permissionsCopy\dht_feed.dat
3.2s C:\Users\ahmed\AppData\Local\Temp\HYD7CC0.tmp.1463676103_permissionsCopy\dht_feed.dat.old
3.2s C:\Users\ahmed\AppData\Local\Temp\HYD7CC0.tmp.1463676103_permissionsCopy\FIFA.11 - RELOADED.torrent
3.2s C:\Users\ahmed\AppData\Local\Temp\HYD7CC0.tmp.1463676103_permissionsCopy\maindoc.ico
3.2s C:\Users\ahmed\AppData\Local\Temp\HYD7CC0.tmp.1463676103_permissionsCopy\resume.dat
3.2s C:\Users\ahmed\AppData\Local\Temp\HYD7CC0.tmp.1463676103_permissionsCopy\resume.dat.old
3.2s C:\Users\ahmed\AppData\Local\Temp\HYD7CC0.tmp.1463676103_permissionsCopy\rss.dat
3.2s C:\Users\ahmed\AppData\Local\Temp\HYD7CC0.tmp.1463676103_permissionsCopy\rss.dat.old
3.2s C:\Users\ahmed\AppData\Local\Temp\HYD7CC0.tmp.1463676103_permissionsCopy\settings.dat
3.2s C:\Users\ahmed\AppData\Local\Temp\HYD7CC0.tmp.1463676103_permissionsCopy\settings.dat.old
3.2s C:\Users\ahmed\AppData\Local\Temp\HYD7CC0.tmp.1463676103_permissionsCopy\toolbar.benc
3.2s C:\Users\ahmed\AppData\Local\Temp\HYD7CC0.tmp.1463676103_permissionsCopy\toolbar_offer.benc
3.2s C:\Users\ahmed\AppData\Local\Temp\HYD7CC0.tmp.1463676103_permissionsCopy\updates.dat
3.2s C:\Users\ahmed\AppData\Local\Temp\HYD7CC0.tmp.1463676103_permissionsCopy\uTorrent.exe
3.3s C:\Users\ahmed\AppData\Local\Temp\HYD7CC0.tmp.1463676103_permissionsCopy\utorrent.lng
3.3s C:\Users\ahmed\AppData\Local\Temp\HYD7CC0.tmp.1463676103_permissionsCopy\apps\
3.3s C:\Users\ahmed\AppData\Local\Temp\HYD7CC0.tmp.1463676103_permissionsCopy\apps\featuredContent.btapp
3.3s C:\Users\ahmed\AppData\Local\Temp\HYD7CC0.tmp.1463676103_permissionsCopy\apps\player.btapp
3.3s C:\Users\ahmed\AppData\Local\Temp\HYD7CC0.tmp.1463676103_permissionsCopy\apps\plus.btapp
3.3s C:\Users\ahmed\AppData\Local\Temp\HYD7CC0.tmp.1463676103_permissionsCopy\apps\welcome-upsell.btapp
3.3s C:\Users\ahmed\AppData\Local\Temp\HYD7CC0.tmp.1463676103_permissionsCopy\apps\72F0D3E2141065DACF6134D07A06A2DF20590748\
3.3s C:\Users\ahmed\AppData\Local\Temp\HYD7CC0.tmp.1463676103_permissionsCopy\apps\72F0D3E2141065DACF6134D07A06A2DF20590748\btapp
3.3s C:\Users\ahmed\AppData\Local\Temp\HYD7CC0.tmp.1463676103_permissionsCopy\apps\72F0D3E2141065DACF6134D07A06A2DF20590748\icon.bmp
3.3s C:\Users\ahmed\AppData\Local\Temp\HYD7CC0.tmp.1463676103_permissionsCopy\apps\72F0D3E2141065DACF6134D07A06A2DF20590748\index.html
3.3s C:\Users\ahmed\AppData\Local\Temp\HYD7CC0.tmp.1463676103_permissionsCopy\apps\72F0D3E2141065DACF6134D07A06A2DF20590748\index.js
3.4s C:\Users\ahmed\AppData\Local\Temp\HYD7CC0.tmp.1463676103_permissionsCopy\apps\72F0D3E2141065DACF6134D07A06A2DF20590748\main.css
3.4s C:\Users\ahmed\AppData\Local\Temp\HYD7CC0.tmp.1463676103_permissionsCopy\apps\D944B3378FAB35793B7951FA53E41B2AB9CC462B\
3.4s C:\Users\ahmed\AppData\Local\Temp\HYD7CC0.tmp.1463676103_permissionsCopy\apps\D944B3378FAB35793B7951FA53E41B2AB9CC462B\btapp
3.4s C:\Users\ahmed\AppData\Local\Temp\HYD7CC0.tmp.1463676103_permissionsCopy\apps\D944B3378FAB35793B7951FA53E41B2AB9CC462B\empty_movie.gif
3.4s C:\Users\ahmed\AppData\Local\Temp\HYD7CC0.tmp.1463676103_permissionsCopy\apps\D944B3378FAB35793B7951FA53E41B2AB9CC462B\index.html
3.4s C:\Users\ahmed\AppData\Local\Temp\HYD7CC0.tmp.1463676103_permissionsCopy\apps\D944B3378FAB35793B7951FA53E41B2AB9CC462B\info_icon.png
3.4s C:\Users\ahmed\AppData\Local\Temp\HYD7CC0.tmp.1463676103_permissionsCopy\apps\D944B3378FAB35793B7951FA53E41B2AB9CC462B\main.css
3.4s C:\Users\ahmed\AppData\Local\Temp\HYD7CC0.tmp.1463676103_permissionsCopy\apps\D944B3378FAB35793B7951FA53E41B2AB9CC462B\vid_thumb.jpg
3.4s C:\Users\ahmed\AppData\Local\Temp\HYD7CC0.tmp.1463676103_permissionsCopy\apps\D944B3378FAB35793B7951FA53E41B2AB9CC462B\x.png
3.4s C:\Users\ahmed\AppData\Local\Temp\HYD7CC0.tmp.1463676103_permissionsCopy\dlimagecache\
3.4s C:\Users\ahmed\AppData\Local\Temp\HYD7CC0.tmp.1463676103_permissionsCopy\dlimagecache\10E6FBE4D921B475FA5FEC6E9A535A540D6FEED1
3.4s C:\Users\ahmed\AppData\Local\Temp\HYD7CC0.tmp.1463676103_permissionsCopy\dlimagecache\165F6EF40A81DD175FFAEA69E77ABFD30B27E71C
3.4s C:\Users\ahmed\AppData\Local\Temp\HYD7CC0.tmp.1463676103_permissionsCopy\updates\
3.4s C:\Users\ahmed\AppData\Local\Temp\HYD7CC0.tmp.1463676103_permissionsCopy\updates\3.4.6_42178.exe
3.4s C:\Users\ahmed\AppData\Local\Temp\HYD7CC0.tmp.1463676103_permissionsCopy\share\
3.5s C:\Users\ahmed\AppData\Local\Temp\HYD7CC0.tmp.1463676103_permissionsCopy\updates\3.4.6_42178\
3.5s C:\Users\ahmed\AppData\Local\Temp\HYD7CC0.tmp.1463676103_permissionsCopy\updates\3.4.6_42178\utorrentie.exe

C:\Users\ahmed\AppData\Local\Temp\nsx7061.tmp.exe -> Deleted
Size . . . . . . . : 1,113,785 bytes
Age . . . . . . . : 4.7 days (2016-05-18 21:48:45)
Entropy . . . . . : 8.0
SHA-256 . . . . . : 507BCB3F44D799FF2A3AC3BFB0AA228B8CCE563313134965C5965FB544D1E88B
> Bitdefender . . . : Gen:Variant.Adware.ConvertAd.69
> Kaspersky . . . . : not-a-virus:AdWare.Win32.ConvertAd.bdhi
> HitmanPro . . . . : App/Generic-GM
Fuzzy . . . . . . : 116.0
Forensic Cluster
-14.0s C:\Users\ahmed\AppData\Local\Temp\0tq3sjGxUe.exe
-8.8s C:\Users\ahmed\AppData\Local\Temp\rjpMSCXK3N.exe
-0.1s C:\Users\ahmed\AppData\Local\Temp\nsx7061.tmp
0.0s C:\Users\ahmed\AppData\Local\Temp\nsx7061.tmp.exe

Suspicious files ____________________________________________________________

F:\(1'E,\OriginThinSetup.exe
Size . . . . . . . : 16,957,136 bytes
Age . . . . . . . : 799.3 days (2014-03-16 09:07:49)
Entropy . . . . . : 8.0
SHA-256 . . . . . : 0CC7B5168BBD0841419EF2FFD9E60F26BAB6FBDBCFB05BF6A0E99AE6B7A74AF4
Product . . . . . : Origin
Publisher . . . . : Electronic Arts, Inc.
Description . . . : Origin
Version . . . . . : 9.3.10.4710
Copyright . . . . : Electronic Arts, Inc © 2011
RSA Key Size . . . : 2048
LanguageID . . . . : 1033
Authenticode . . . : Invalid
Fuzzy . . . . . . : 40.0
Program is altered or corrupted since it was code signed by its author. This is typical for malware and pirated software.
The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
Program contains PE structure anomalies. This is not typical for most programs.
References
HKU\S-1-5-21-1492026092-2507368824-3614128289-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\F:\(1'E,\OriginThinSetup.exe

Potential Unwanted Programs _________________________________________________

C:\Windows\System32\config\systemprofile\AppData\LocalLow\Yahoo! Companion\ (YahooToolbar) -> Deleted
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Yahoo!\Companion\ (YahooToolbar) -> Deleted
HKLM\SOFTWARE\Classes\AppID\{7375D127-3955-4654-8E7D-1949A7A9C902}\ (YahooToolbar) -> Deleted
HKLM\SOFTWARE\Classes\CLSID\{3C16E079-E4C7-493C-BE9F-E0F2BB0B7430}\ (YahooToolbar) -> Deleted
HKLM\SOFTWARE\Classes\CLSID\{6EB4349D-4333-442F-ACA4-4C72AF28B6ED}\ (YahooToolbar) -> Deleted
HKLM\SOFTWARE\Classes\CLSID\{7DB8B625-DBF0-4491-B544-5A06F7B17BB4}\ (YahooToolbar) -> Deleted
HKLM\SOFTWARE\Classes\CLSID\{8E74A0AE-F0ED-47ED-A940-A8E99687646B}\ (YahooToolbar) -> Deleted
HKLM\SOFTWARE\Classes\CLSID\{9DE77B51-89F6-468E-9402-16050382E950}\ (YahooToolbar) -> Deleted
HKLM\SOFTWARE\Classes\Sample.BrowserHandler.1\ (YahooToolbar) -> Deleted
HKLM\SOFTWARE\Classes\Sample.BrowserHandler\ (YahooToolbar) -> Deleted
HKLM\SOFTWARE\Classes\Sample.YTBPartnerSample.1\ (YahooToolbar) -> Deleted
HKLM\SOFTWARE\Classes\Sample.YTBPartnerSample\ (YahooToolbar) -> Deleted
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EFC0651C-B6D7-49CD-A6E0-B1CE9AB5FE46}\ (YahooToolbar) -> Deleted

Cookies _____________________________________________________________________

C:\Users\ahmed\AppData\Local\Google\Chrome\User Data\Default\Cookies:123424744.log.optimizely.com
C:\Users\ahmed\AppData\Local\Google\Chrome\User Data\Default\Cookies:254a.com
C:\Users\ahmed\AppData\Local\Google\Chrome\User Data\Default\Cookies:262855726.log.optimizely.com
C:\Users\ahmed\AppData\Local\Google\Chrome\User Data\Default\Cookies:339552423.log.optimizely.com
C:\Users\ahmed\AppData\Local\Google\Chrome\User Data\Default\Cookies:acuityplatform.com
C:\Users\ahmed\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.360yield.com
C:\Users\ahmed\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.dotmsr.com
C:\Users\ahmed\AppData\Local\Google\Chrome\User Data\Default\Cookies:adaptv.advertising.com
C:\Users\ahmed\AppData\Local\Google\Chrome\User Data\Default\Cookies:addthis.com
C:\Users\ahmed\AppData\Local\Google\Chrome\User Data\Default\Cookies:adfarm1.adition.com
C:\Users\ahmed\AppData\Local\Google\Chrome\User Data\Default\Cookies:adform.net
C:\Users\ahmed\AppData\Local\Google\Chrome\User Data\Default\Cookies:adhigh.net
C:\Users\ahmed\AppData\Local\Google\Chrome\User Data\Default\Cookies:adnxs.com
C:\Users\ahmed\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.avocet.io
C:\Users\ahmed\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.chargeads.com
C:\Users\ahmed\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.creative-serving.com
C:\Users\ahmed\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.programattik.com
C:\Users\ahmed\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.pubmatic.com
C:\Users\ahmed\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.uptobox.com
C:\Users\ahmed\AppData\Local\Google\Chrome\User Data\Default\Cookies:adsby.bidtheatre.com
C:\Users\ahmed\AppData\Local\Google\Chrome\User Data\Default\Cookies:adscale.de
C:\Users\ahmed\AppData\Local\Google\Chrome\User Data\Default\Cookies:adserver.adreactor.com
C:\Users\ahmed\AppData\Local\Google\Chrome\User Data\Default\Cookies:adsrvr.org
C:\Users\ahmed\AppData\Local\Google\Chrome\User Data\Default\Cookies:adsymptotic.com
C:\Users\ahmed\AppData\Local\Google\Chrome\User Data\Default\Cookies:adtech.de
C:\Users\ahmed\AppData\Local\Google\Chrome\User Data\Default\Cookies:adtechus.com
C:\Users\ahmed\AppData\Local\Google\Chrome\User Data\Default\Cookies:advertising.com
C:\Users\ahmed\AppData\Local\Google\Chrome\User Data\Default\Cookies:ar.atwola.com
C:\Users\ahmed\AppData\Local\Google\Chrome\User Data\Default\Cookies:at.atwola.com
C:\Users\ahmed\AppData\Local\Google\Chrome\User Data\Default\Cookies:atdmt.com
C:\Users\ahmed\AppData\Local\Google\Chrome\User Data\Default\Cookies:audienceiq.com
C:\Users\ahmed\AppData\Local\Google\Chrome\User Data\Default\Cookies:basebanner.com
C:\Users\ahmed\AppData\Local\Google\Chrome\User Data\Default\Cookies:bidr.io
C:\Users\ahmed\AppData\Local\Google\Chrome\User Data\Default\Cookies:bidswitch.net
C:\Users\ahmed\AppData\Local\Google\Chrome\User Data\Default\Cookies:bluekai.com
C:\Users\ahmed\AppData\Local\Google\Chrome\User Data\Default\Cookies:bs.serving-sys.com
C:\Users\ahmed\AppData\Local\Google\Chrome\User Data\Default\Cookies:casalemedia.com
C:\Users\ahmed\AppData\Local\Google\Chrome\User Data\Default\Cookies:chango.com
C:\Users\ahmed\AppData\Local\Google\Chrome\User Data\Default\Cookies:contextweb.com
C:\Users\ahmed\AppData\Local\Google\Chrome\User Data\Default\Cookies:demdex.net
C:\Users\ahmed\AppData\Local\Google\Chrome\User Data\Default\Cookies:dmtry.com
C:\Users\ahmed\AppData\Local\Google\Chrome\User Data\Default\Cookies:doubleclick.net
C:\Users\ahmed\AppData\Local\Google\Chrome\User Data\Default\Cookies:dpm.demdex.net
C:\Users\ahmed\AppData\Local\Google\Chrome\User Data\Default\Cookies:effectivemeasure.net
C:\Users\ahmed\AppData\Local\Google\Chrome\User Data\Default\Cookies:everesttech.net
C:\Users\ahmed\AppData\Local\Google\Chrome\User Data\Default\Cookies:exoclick.com
C:\Users\ahmed\AppData\Local\Google\Chrome\User Data\Default\Cookies:googleadservices.com
C:\Users\ahmed\AppData\Local\Google\Chrome\User Data\Default\Cookies:gwallet.com
C:\Users\ahmed\AppData\Local\Google\Chrome\User Data\Default\Cookies:ih.adscale.de
C:\Users\ahmed\AppData\Local\Google\Chrome\User Data\Default\Cookies:imrworldwide.com
C:\Users\ahmed\AppData\Local\Google\Chrome\User Data\Default\Cookies:krxd.net
C:\Users\ahmed\AppData\Local\Google\Chrome\User Data\Default\Cookies:lijit.com
C:\Users\ahmed\AppData\Local\Google\Chrome\User Data\Default\Cookies:liverail.com
C:\Users\ahmed\AppData\Local\Google\Chrome\User Data\Default\Cookies:m6r.eu
C:\Users\ahmed\AppData\Local\Google\Chrome\User Data\Default\Cookies:match.rundsp.com
C:\Users\ahmed\AppData\Local\Google\Chrome\User Data\Default\Cookies:mathtag.com
C:\Users\ahmed\AppData\Local\Google\Chrome\User Data\Default\Cookies:metrigo.com
C:\Users\ahmed\AppData\Local\Google\Chrome\User Data\Default\Cookies:mookie1.com
C:\Users\ahmed\AppData\Local\Google\Chrome\User Data\Default\Cookies:mxptint.net
C:\Users\ahmed\AppData\Local\Google\Chrome\User Data\Default\Cookies:nexac.com
C:\Users\ahmed\AppData\Local\Google\Chrome\User Data\Default\Cookies:openx.net
C:\Users\ahmed\AppData\Local\Google\Chrome\User Data\Default\Cookies:owneriq.net
C:\Users\ahmed\AppData\Local\Google\Chrome\User Data\Default\Cookies:pagefair.com
C:\Users\ahmed\AppData\Local\Google\Chrome\User Data\Default\Cookies:pixel.rubiconproject.com
C:\Users\ahmed\AppData\Local\Google\Chrome\User Data\Default\Cookies:pixel.sitescout.com
C:\Users\ahmed\AppData\Local\Google\Chrome\User Data\Default\Cookies:po.st
C:\Users\ahmed\AppData\Local\Google\Chrome\User Data\Default\Cookies:pubmatic.com
C:\Users\ahmed\AppData\Local\Google\Chrome\User Data\Default\Cookies:revsci.net
C:\Users\ahmed\AppData\Local\Google\Chrome\User Data\Default\Cookies:rfihub.com
C:\Users\ahmed\AppData\Local\Google\Chrome\User Data\Default\Cookies:rhythmxchange.com
C:\Users\ahmed\AppData\Local\Google\Chrome\User Data\Default\Cookies:rlcdn.com
C:\Users\ahmed\AppData\Local\Google\Chrome\User Data\Default\Cookies:rubiconproject.com
C:\Users\ahmed\AppData\Local\Google\Chrome\User Data\Default\Cookies:scorecardresearch.com
C:\Users\ahmed\AppData\Local\Google\Chrome\User Data\Default\Cookies:serving-sys.com
C:\Users\ahmed\AppData\Local\Google\Chrome\User Data\Default\Cookies:simpli.fi
C:\Users\ahmed\AppData\Local\Google\Chrome\User Data\Default\Cookies:sitescout.com
C:\Users\ahmed\AppData\Local\Google\Chrome\User Data\Default\Cookies:skimresources.com
C:\Users\ahmed\AppData\Local\Google\Chrome\User Data\Default\Cookies:smartadserver.com
C:\Users\ahmed\AppData\Local\Google\Chrome\User Data\Default\Cookies:souq.sc.omtrdc.net
C:\Users\ahmed\AppData\Local\Google\Chrome\User Data\Default\Cookies:stat.komoona.com
C:\Users\ahmed\AppData\Local\Google\Chrome\User Data\Default\Cookies:taboola.com
C:\Users\ahmed\AppData\Local\Google\Chrome\User Data\Default\Cookies:tacoda.at.atwola.com
C:\Users\ahmed\AppData\Local\Google\Chrome\User Data\Default\Cookies:tap-t.rubiconproject.com
C:\Users\ahmed\AppData\Local\Google\Chrome\User Data\Default\Cookies:tap.rubiconproject.com
C:\Users\ahmed\AppData\Local\Google\Chrome\User Data\Default\Cookies:tap2-cdn.rubiconproject.com
C:\Users\ahmed\AppData\Local\Google\Chrome\User Data\Default\Cookies:tidaltv.com
C:\Users\ahmed\AppData\Local\Google\Chrome\User Data\Default\Cookies:trc.taboola.com
C:\Users\ahmed\AppData\Local\Google\Chrome\User Data\Default\Cookies:tribalfusion.com
C:\Users\ahmed\AppData\Local\Google\Chrome\User Data\Default\Cookies:tubemogul.com
C:\Users\ahmed\AppData\Local\Google\Chrome\User Data\Default\Cookies:turn.com
C:\Users\ahmed\AppData\Local\Google\Chrome\User Data\Default\Cookies:w55c.net
C:\Users\ahmed\AppData\Local\Google\Chrome\User Data\Default\Cookies:wtp101.com
C:\Users\ahmed\AppData\Local\Google\Chrome\User Data\Default\Cookies:www.googleadservices.com
C:\Users\ahmed\AppData\Local\Google\Chrome\User Data\Default\Cookies:yadro.ru
C:\Users\ahmed\AppData\Local\Google\Chrome\User Data\Default\Cookies:yieldlab.net
C:\Users\ahmed\AppData\Roaming\Microsoft\Windows\Cookies\Low\1I1D83D6.txt
C:\Users\ahmed\AppData\Roaming\Microsoft\Windows\Cookies\Low\1IDCTQZR.txt
C:\Users\ahmed\AppData\Roaming\Microsoft\Windows\Cookies\Low\297DJNWZ.txt
C:\Users\ahmed\AppData\Roaming\Microsoft\Windows\Cookies\Low\6AX1R5NT.txt
C:\Users\ahmed\AppData\Roaming\Microsoft\Windows\Cookies\Low\94OC0EKR.txt
C:\Users\ahmed\AppData\Roaming\Microsoft\Windows\Cookies\Low\AOO2MNB7.txt
C:\Users\ahmed\AppData\Roaming\Microsoft\Windows\Cookies\Low\COCXQ0XY.txt
C:\Users\ahmed\AppData\Roaming\Microsoft\Windows\Cookies\Low\COU64YJN.txt
C:\Users\ahmed\AppData\Roaming\Microsoft\Windows\Cookies\Low\G6O0F5WV.txt
C:\Users\ahmed\AppData\Roaming\Microsoft\Windows\Cookies\Low\LJG8HURA.txt
C:\Users\ahmed\AppData\Roaming\Microsoft\Windows\Cookies\Low\OB0BDF9S.txt

[/code]

Signaler le contenu de ce document