Publicité
Publicité
Format du document : text/plain
Prévisualisation
Malwarebytes Anti-Malware
www.malwarebytes.org
Date de l'analyse: 02/12/2016
Heure de l'analyse: 16:36
Fichier journal: MAMH.txt
Administrateur: Oui
Version: 2.2.1.1043
Base de données de programmes malveillants: v2016.12.02.06
Base de données de rootkits: v2016.11.20.01
Licence: Gratuit
Protection contre les programmes malveillants: Désactivé
Protection contre les sites Web malveillants: Désactivé
Autoprotection: Désactivé
Système d'exploitation: Windows 7 Service Pack 1
Processeur: x64
Système de fichiers: NTFS
Utilisateur: Khaled
Type d'analyse: Analyse des menaces
Résultat: Terminé
Objets analysés: 336066
Temps écoulé: 39 min, 8 s
Mémoire: Activé
Démarrage: Activé
Système de fichiers: Activé
Archives: Activé
Rootkits: Activé
Heuristique: Activé
PUP: Activé
PUM: Activé
Processus: 0
(Aucun élément malveillant détecté)
Modules: 0
(Aucun élément malveillant détecté)
Clés du Registre: 2
PUP.Optional.Ghokswa, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\BirdsarahUpdateTaskMachineCore, , [38561dc59cfe63d3f10aa3a88e7559a7],
PUP.Optional.Ghokswa, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\BirdsarahUpdateTaskMachineUA, , [414deff35347d16550ab83c8b84bb44c],
Valeurs du Registre: 10
PUP.Optional.Ghokswa, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{2C0C84CB-A014-4BD6-88CA-3BEE47EFB870}|Path, \BirdsarahUpdateTaskMachineCore, , [2e60d30f0496999daf4d4ffc758e0df3]
PUP.Optional.Ghokswa, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{FD75A03A-9486-457D-A693-0F54ED608EB9}|Path, \BirdsarahUpdateTaskMachineUA, , [e4aac121cfcbcd69a25aa6a5956e32ce]
Hijack.AutoConfigURL.PrxySvrRST, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\NLASVC\PARAMETERS\INTERNET\MANUALPROXIES, 0http://unstops.net/wpad.dat?d298c4115e4567631e1d8884e795b7a79674148, , [4f3fae345b3ffb3b4ee9914c2dd5ed13]
PUP.Optional.SimpleFiles, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SHAREDACCESS\PARAMETERS\FIREWALLPOLICY\FIREWALLRULES|{61131B6B-A041-4D66-9358-319C9F0DB5D3}, v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Program Files (x86)\SimpleFiles\SimpleFiles.exe|Name=SimpleFiles|, , [5c3213cf9ffbd1650c613698b151e917]
PUP.Optional.SimpleFiles, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SHAREDACCESS\PARAMETERS\FIREWALLPOLICY\FIREWALLRULES|{42AC0D0A-2C7E-489A-BBB2-A968E9B5365C}, v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Program Files (x86)\SimpleFiles\SimpleFiles.exe|Name=SimpleFiles|, , [494510d22e6c1c1ad19cab23956df010]
PUP.Optional.SimpleFiles, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SHAREDACCESS\PARAMETERS\FIREWALLPOLICY\FIREWALLRULES|{D1B717F0-B899-4448-A32F-9BBE574554F9}, v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Program Files (x86)\SimpleFiles\downloader.exe|Name=SimpleFiles|, , [7a1422c001998bab7df0c50906fc23dd]
PUP.Optional.SimpleFiles, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SHAREDACCESS\PARAMETERS\FIREWALLPOLICY\FIREWALLRULES|{C3626F08-FB2E-4099-8A75-7FEEED7B8EC0}, v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Program Files (x86)\SimpleFiles\downloader.exe|Name=SimpleFiles|, , [494562805d3d66d0b2bbce00b84a48b8]
PUP.Optional.LuckyBrowse, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SHAREDACCESS\PARAMETERS\FIREWALLPOLICY\FIREWALLRULES|{E98A0D39-1883-4028-AC8C-ECD5465FE11B}, v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Program Files (x86)\LuckyBrowse\app\LuckyBrowse.exe|Name=LuckyBrowse|, , [f69815cd22784bebd98504caea18e61a]
PUP.Optional.LuckyBrowse, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SHAREDACCESS\PARAMETERS\FIREWALLPOLICY\FIREWALLRULES|{66210E1D-7AAB-47B1-95EB-A471391C6C56}, v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Program Files (x86)\LuckyBrowse\app\LuckyBrowse.exe|Name=LuckyBrowse|, , [dfaf1dc5504aff37104eeae418ea946c]
PUP.Optional.Ghokswa, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SHAREDACCESS\PARAMETERS\FIREWALLPOLICY\FIREWALLRULES|{6A2B5032-717B-483B-96F4-E845C88C3C30}, v2.10|Action=Allow|Active=TRUE|Dir=In|App=C:\ProgramData\Birdsarah\Birdsarah.exe|Name=Protect service|, , [840a974b1189cc6abe3fc18a5ea5e31d]
Données du Registre: 2
PUP.Optional.Qone8, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {33BB0A4E-99AF-4226-BDF6-49120163DE86}, Bon : ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}), Mauvais : ({33BB0A4E-99AF-4226-BDF6-49120163DE86}),,[8b0332b021792e08c3b3d74dca39f40c]
PUP.Optional.Qone8, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {33BB0A4E-99AF-4226-BDF6-49120163DE86}, Bon : ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}), Mauvais : ({33BB0A4E-99AF-4226-BDF6-49120163DE86}),,[dbb35a889cfed660383ee242eb187f81]
Dossiers: 2
PUP.Optional.Yontoo, C:\Users\Khaled\AppData\Roaming\Opera Software\Opera Stable\Extensions\ldlfecfabopagelkniifbahoehihmlid\1.0.5844.30113_0, , [3c5236acd7c3e74f6d7675c79a69cb35],
PUP.Optional.Yontoo, C:\Users\Khaled\AppData\Roaming\Opera Software\Opera Stable\Extensions\ldlfecfabopagelkniifbahoehihmlid, , [3c5236acd7c3e74f6d7675c79a69cb35],
Fichiers: 224
CrackTool.KMSPico, C:\Program Files\KMSpico\KMSELDI.exe, , [048af9e97822122416b494887a87b749],
PUP.Optional.Amonetize, C:\Program Files (x86)\Microsoft Toolkit Final\Microsoft Toolkit 2.5.4__9465_il213637.exe, , [048a00e207937fb71318f60e9b667090],
Trojan.Zbot, C:\Program Files (x86)\Microsoft Toolkit Final\Windows_Activaton.exe, , [3b53d70bc6d4122416f0bd3d728e06fa],
PUP.Optional.Yontoo, C:\Users\Khaled\AppData\Local\Temp\{7515E61C-93B7-487F-AD7F-F5E931C6B239}.dll, , [9df1fbe7f7a3cb6bd7c07f9689785da3],
PUP.Optional.Yontoo, C:\Users\Khaled\AppData\Local\Temp\{757EC500-86C3-4132-B3EF-C8E5CCA4CF20}.dll, , [9af46d75029845f1a7c078a0b0513fc1],
PUP.Optional.Yontoo, C:\Users\Khaled\AppData\Local\Temp\{783865D0-4A4C-418F-9254-5E45D03AB2F1}.dll, , [c1cde8faf5a5cd69890e54c1ab562ed2],
PUP.Optional.Thunder, C:\Users\Khaled\AppData\Local\Temp\nssDA57.exe, , [92fce8facbcf70c61ca87d9319e826da],
PUP.Optional.OpenCandy, C:\Users\Khaled\AppData\Local\Temp\nstAFE0.exe, , [543a23bfe4b658de4f83d6593ec520e0],
PUP.Optional.OpenCandy, C:\Users\Khaled\AppData\Local\Temp\nsz88E0.exe, , [137bf8eac5d564d2a131111ee32022de],
PUP.Optional.Yontoo, C:\Users\Khaled\AppData\Local\Temp\{E0755EEE-CDC2-4DDB-9DBF-A86A39AEA18B}.dll, , [d2bc766cb6e4270f382ffc1c16eb9070],
PUP.Optional.Yontoo, C:\Users\Khaled\AppData\Local\Temp\{E0A740E4-4DB4-41D8-8496-BB63395FE945}.dll, , [bdd1459d75251e18085f20f8c839fd03],
PUP.Optional.Yontoo, C:\Users\Khaled\AppData\Local\Temp\{E28E6FF5-84ED-4DD8-B697-546026EA26DE}.dll, , [6b23875bd6c46dc99bcca77178896997],
PUP.Optional.Yontoo, C:\Users\Khaled\AppData\Local\Temp\{E2B408AB-08D9-4589-8230-A6EB1D083DEF}.dll, , [d7b7637fedadee4850179583e71a8a76],
PUP.Optional.Yontoo, C:\Users\Khaled\AppData\Local\Temp\{2DD1825F-BFB9-4527-A180-BA2A9D1101C0}.dll, , [c8c6fde5e9b1fc3aee79eb2d966bc33d],
PUP.Optional.Yontoo, C:\Users\Khaled\AppData\Local\Temp\{2E4F04C3-7040-4791-9B1A-0198A796FA01}.dll, , [ff8f2fb33d5d4de94225c3555ca59b65],
PUP.Optional.Yontoo, C:\Users\Khaled\AppData\Local\Temp\{A44F01E4-4E7C-4EF6-8B7F-EC954DBC1479}.dll, , [95f939a9a7f33ff7f2a5de37b74a18e8],
PUP.Optional.Yontoo, C:\Users\Khaled\AppData\Local\Temp\{A494A065-D1F2-41A9-ADC8-FA7C9ECAC2AC}.dll, , [3f4f588a3d5d58de524568ad7a8725db],
PUP.Optional.Yontoo, C:\Users\Khaled\AppData\Local\Temp\{A5078302-D5AB-47C8-BA75-B9D87C515951}.dll, , [464841a1f3a7e94d3067779ebb46837d],
PUP.Optional.Yontoo, C:\Users\Khaled\AppData\Local\Temp\{18C59884-442D-48CD-9537-C1B77BF8936C}.dll, , [711dad35d3c78da96a2d72a3a16016ea],
PUP.Optional.Yontoo, C:\Users\Khaled\AppData\Local\Temp\{1B020C2B-1B9A-4009-9F2A-586A6446DD52}.dll, , [c3cb17cb009a56e0ed7a49cfd829946c],
PUP.Optional.Yontoo, C:\Users\Khaled\AppData\Local\Temp\{1B399EF8-CCB0-4983-8EC8-277B4E82B0EA}.dll, , [87079e445e3ce84e89de67b139c8966a],
PUP.Optional.Yontoo, C:\Users\Khaled\AppData\Local\Temp\{FA398312-D5BD-4D35-8E2F-C23D67BE5341}.dll, , [5d31885aabef68ce0f5845d3956caf51],
PUP.Optional.Yontoo, C:\Users\Khaled\AppData\Local\Temp\{FA5D119C-E8F8-4C5E-AF41-292715539A6F}.dll, , [98f6a63cecaec86ef4733adebf42a35d],
PUP.Optional.Yontoo, C:\Users\Khaled\AppData\Local\Temp\{FE8E83DD-2A2B-4440-A712-3DDB32E8B934}.dll, , [eca217cbe5b5d0661057c94f827faa56],
PUP.Optional.Yontoo, C:\Users\Khaled\AppData\Local\Temp\{B8F119C9-62B9-4DD2-AF15-4CBE62D663F5}.dll, , [f995b72b831777bf5542d144b34e728e],
PUP.Optional.Yontoo, C:\Users\Khaled\AppData\Local\Temp\{BA5F113F-22B8-481F-85C9-9FE8BDA271BE}.dll, , [8d018a584c4e191de87fd34552af38c8],
PUP.Optional.Yontoo, C:\Users\Khaled\AppData\Local\Temp\{87DC00E0-A85D-447E-BC94-87C5E0F218B1}.dll, , [fc929c46b9e151e5970060b5af52f709],
PUP.Optional.Yontoo, C:\Users\Khaled\AppData\Local\Temp\{88348575-6FA0-45DD-AE3C-272A6DD56A34}.dll, , [e4aa25bd7c1e72c4db8c1dfb27da5fa1],
PUP.Optional.Yontoo, C:\Users\Khaled\AppData\Local\Temp\{054C9FD6-EB23-4F5D-B4ED-7843EC625B1D}.dll, , [4e40f0f28713fe387d1ab75ef908669a],
PUP.Optional.Yontoo, C:\Users\Khaled\AppData\Local\Temp\{0574514B-7CF7-4FA0-8D22-C52C77896CF7}.dll, , [9ef01bc76139b48285e25fb9e819a65a],
PUP.Optional.Yontoo, C:\Users\Khaled\AppData\Local\Temp\{EF7C94E0-43BF-4BA6-9FB2-481AC5FBC3F5}.dll, , [2a649052e1b9ab8b0790ee27b64b8a76],
PUP.Optional.Yontoo, C:\Users\Khaled\AppData\Local\Temp\{F0435D53-3A4E-4624-84F3-59BC6321EA8F}.dll, , [cac45f83eeac55e101668b8d0ef3b34d],
PUP.Optional.Yontoo, C:\Users\Khaled\AppData\Local\Temp\{F163DA22-B3A8-4AF5-AA60-38C46739F2CC}.dll, , [0c825a88e4b637ff26415eba61a0d62a],
PUP.Optional.Yontoo, C:\Users\Khaled\AppData\Local\Temp\{F22A3241-E580-45F3-967C-13EA9F74693F}.dll, , [5836469ce2b8f0468512779ea9582cd4],
PUP.Optional.Yontoo, C:\Users\Khaled\AppData\Local\Temp\{42F8C70C-F446-4D12-9ED8-D69A2C8718DE}.dll, , [2866736f396168ce11569a7e31d08977],
PUP.Optional.Yontoo, C:\Users\Khaled\AppData\Local\Temp\{48485AFD-9F2B-4036-B1CE-1B6071DF5879}.dll, , [b1dd02e07e1c06302f68fe1729d8ec14],
PUP.Optional.Yontoo, C:\Users\Khaled\AppData\Local\Temp\{494382F9-6EDC-4706-A44A-F61AC79FE982}.dll, , [b5d9ac36a4f69f972542ee2a649de719],
PUP.Optional.Yontoo, C:\Users\Khaled\AppData\Local\Temp\{49727FD8-ADB9-4265-BA67-08E66F8E641D}.dll, , [3955b42eb3e754e2831443d24ab754ac],
PUP.Optional.Yontoo, C:\Users\Khaled\AppData\Local\Temp\{AF9F4FC6-C68F-4900-B5C3-8E146E3B271A}.dll, , [a9e5588aeab0c571d59276a255ac08f8],
PUP.Optional.Yontoo, C:\Users\Khaled\AppData\Local\Temp\{CFA0F9E9-DC0B-46D8-A213-F2938BDF4CDF}.dll, , [028c34ae54469b9b22459c7cdc257c84],
PUP.Optional.Yontoo, C:\Users\Khaled\AppData\Local\Temp\{D0610B63-E481-4813-AB1B-487AA2083082}.dll, , [117d1ac85f3b0234501770a88a77fa06],
PUP.Optional.Yontoo, C:\Users\Khaled\AppData\Local\Temp\{D200A816-3ED0-4391-9209-FCF153D8C5EB}.dll, , [513d2db55a4094a2363167b1639e1be5],
PUP.Optional.Yontoo, C:\Users\Khaled\AppData\Local\Temp\{5916E1C0-6DB3-4261-B644-2D775769B234}.dll, , [eaa410d2b1e9c76f0661869217ea6a96],
PUP.Optional.Yontoo, C:\Users\Khaled\AppData\Local\Temp\{6308A5B5-3B8A-4467-B5CA-9EC941A4C7A7}.dll, , [ccc2dc063d5de650c99e8d8baf522dd3],
PUP.Optional.Yontoo, C:\Users\Khaled\AppData\Local\Temp\{79CA6C07-9B52-43B8-94EE-C7A77C445249}.dll, , [1e70d1115c3e979f5d3a43d29d64e41c],
PUP.Optional.Yontoo, C:\Users\Khaled\AppData\Local\Temp\{7D69809D-DCF1-4695-96B2-1294E475BDD8}.dll, , [701e647ea1f94de943543cd913ee5ca4],
PUP.Optional.Yontoo, C:\Users\Khaled\AppData\Local\Temp\{85BAAB59-14E9-44B9-ACA8-01FC6B05D393}.dll, , [038bf6ec7723df57f7a08e8736cb36ca],
PUP.Optional.Yontoo, C:\Users\Khaled\AppData\Local\Temp\{8B96DE1A-DBF1-47B9-853C-5B3479C6E4C5}.dll, , [0d8102e06436d165a4f3fb1a768bc739],
PUP.Optional.Yontoo, C:\Users\Khaled\AppData\Local\Temp\{8F65ADBE-324C-44A1-BB38-E49302272A8D}.dll, , [b8d621c12d6dac8aa2f559bcd52c3bc5],
PUP.Optional.Yontoo, C:\Users\Khaled\AppData\Local\Temp\{9CD3C4BD-3D84-487C-80D5-2F432E4BB512}.dll, , [1c72edf53268a29495d2f7219f62b54b],
PUP.Optional.Addrop, C:\Users\Khaled\AppData\Local\Temp\jEI48kRUUQ.exe, , [f29c736f6f2b4ee83b9d9a93d52c4db3],
PUP.Optional.Yontoo, C:\Users\Khaled\AppData\Local\Temp\{224FEC1F-D14B-45D3-AA30-EF49B4A96A64}.dll, , [e1adc71b4b4f2610a4f3b362e71a3dc3],
PUP.Optional.Yontoo, C:\Users\Khaled\AppData\Local\Temp\{265C9BFC-1D4A-41B6-A565-4C93F14DBE42}.dll, , [7618459d8f0b979f363123f5fb067987],
PUP.Optional.Yontoo, C:\Users\Khaled\AppData\Local\Temp\{27667AE2-8F0A-4B56-98C4-2BB25BAAD80B}.dll, , [7c12bc26f2a82412f6719a7e7b86be42],
PUP.Optional.Yontoo, C:\Users\Khaled\AppData\Local\Temp\{92EA3C49-9B50-42C9-B1C3-EC162868FE17}.dll, , [216d33af2a7040f67e19f421e12002fe],
PUP.Optional.Yontoo, C:\Users\Khaled\AppData\Local\Temp\{930AE7E3-200F-4468-9682-8FDF38C0B0DF}.dll, , [fe90ad35bcde50e6f671d147dc25e11f],
PUP.Optional.Yontoo, C:\Users\Khaled\AppData\Local\Temp\{934A134D-C658-4A78-B8BB-777D86F0114C}.dll, , [93fb33af71293df993d427f1738efb05],
PUP.Optional.Yontoo, C:\Users\Khaled\AppData\Local\Temp\{51111C64-D1D6-4CC7-9B45-CC0EE6D0A82A}.dll, , [6925f2f06c2e02344b4c001549b826da],
PUP.Optional.Yontoo, C:\Users\Khaled\AppData\Local\Temp\{5143D171-C63A-4016-ACEC-BE11ED82626D}.dll, , [9cf2b82a1b7f5dd9d5928e8ab64bba46],
PUP.Optional.Yontoo, C:\Users\Khaled\AppData\Local\Temp\{6C358EB2-27B7-424A-88F4-4BEE58327DC6}.dll, , [8c02c121900aed4924735fb6b54cfc04],
PUP.Optional.Yontoo, C:\Users\Khaled\AppData\Local\Temp\{6C75E96E-872B-46BC-A1DD-72915FA1AB5F}.dll, , [68264c960496f83ea0f7d83d4fb242be],
PUP.Optional.Yontoo, C:\Users\Khaled\AppData\Local\Temp\{6CBD8909-201E-4FEC-A247-254542FB695B}.dll, , [c8c63aa8d3c75cdafc9b3ed733ce2bd5],
PUP.Optional.Yontoo, C:\Users\Khaled\AppData\Local\Temp\{6F529C89-AAB8-4FD8-84BE-654ECF2E15A2}.dll, , [f896a042108a8fa79ff87b9aeb166898],
PUP.Optional.Yontoo, C:\Users\Khaled\AppData\Local\Temp\{70B4C085-F222-4A47-A587-E0EB47023ACD}.dll, , [a1ed3aa8564461d5cf98eb2dac5534cc],
PUP.Optional.Yontoo, C:\Users\Khaled\AppData\Local\Temp\{7E36815C-6C48-4243-ACBD-67F853E0080C}.dll, , [fb93b62c3b5f5adc9ccb5eba3ac722de],
PUP.Optional.Yontoo, C:\Users\Khaled\AppData\Local\Temp\{7E83BDB0-BE5D-4FDA-A5AE-5111694049D0}.dll, , [95f9ab377624979fa5c2c454ee1313ed],
PUP.Optional.Yontoo, C:\Users\Khaled\AppData\Local\Temp\{C612934A-A8BB-4B7E-8AE5-C68906E2118D}.dll, , [4846ebf7069452e42a3dc5532fd24eb2],
PUP.Optional.Yontoo, C:\Users\Khaled\AppData\Local\Temp\{0E399D4B-5BC3-4045-8711-6B5FE897E0A3}.dll, , [5b338161465435015a3d997c16ebfc04],
PUP.Optional.Yontoo, C:\Users\Khaled\AppData\Local\Temp\{0F3D6739-8B7A-49E4-9F91-E18C2FB668EE}.dll, , [e2ac934fbddd979ff4a3ac69758c659b],
PUP.Optional.Yontoo, C:\Users\Khaled\AppData\Local\Temp\{10A57913-103A-4021-9D1D-2CD5E5CD32C0}.dll, , [008ea33f623823130097b95c40c12bd5],
PUP.Optional.Yontoo, C:\Users\Khaled\AppData\Local\Temp\{110C7FAA-71F6-4E45-8C6C-903968A4977A}.dll, , [ccc23da50397fa3c8fd880987f82649c],
PUP.Optional.Yontoo, C:\Users\Khaled\AppData\Local\Temp\{363D2763-1DDD-46B9-A5DC-94B46D6182E6}.dll, , [26680fd3d9c193a39ccbc652f70ad52b],
PUP.Optional.Yontoo, C:\Users\Khaled\AppData\Local\Temp\{36D90F09-14C5-45EF-BB6B-ACDDBB2BB141}.dll, , [1e7059892476af87d6c113027b86fd03],
PUP.Optional.Yontoo, C:\Users\Khaled\AppData\Local\Temp\{3A7C73B5-AF92-4095-8EA9-23A91B7D960D}.dll, , [622cc61c693181b5d9be8e870ef31ce4],
PUP.Optional.Yontoo, C:\Users\Khaled\AppData\Local\Temp\{E77DCA78-B0F3-4FD2-847A-3604E20CF953}.dll, , [16780cd6554552e4bfd823f2837e16ea],
PUP.Optional.Yontoo, C:\Users\Khaled\AppData\Local\Temp\{EC8D9212-6219-4B46-875B-D19890E2C27A}.dll, , [c8c63ca6237754e2bea96dabd03129d7],
PUP.Optional.Yontoo, C:\Users\Khaled\AppData\Local\Temp\{EE17B840-8484-4943-9BF4-F84376FA37AC}.dll, , [ace24a98603ad561f57237e1a859847c],
PUP.Optional.Yontoo, C:\Users\Khaled\AppData\Local\Temp\{EF5BA5F0-3783-489B-A57F-037ED4EA65FB}.dll, , [3955f7ebb5e5ca6c7e198d88c53cc040],
PUP.Optional.Yontoo, C:\Users\Khaled\AppData\Local\Temp\{64283CCB-D0B2-4476-BE91-18F1B46087FE}.dll, , [4f3f89590b8fe84e86e1f127946d05fb],
PUP.Optional.Yontoo, C:\Users\Khaled\AppData\Local\Temp\{65082102-881C-42D9-922C-2E94D2CD6209}.dll, , [830b0cd63268a09670f75abe17ead12f],
PUP.Optional.Yontoo, C:\Users\Khaled\AppData\Local\Temp\{F52F8814-07C4-4D99-94A8-B123AFEBC507}.dll, , [1678459d504ae6508c0b2bea16eb9a66],
PUP.Optional.Yontoo, C:\Users\Khaled\AppData\Local\Temp\{F8213F4B-84FD-47A1-BB39-9277804D3CF1}.dll, , [5a340cd6aeec989e8e090411659ca957],
PUP.Optional.Yontoo, C:\Users\Khaled\AppData\Local\Temp\{F8A1E117-8436-4EF7-A9FF-6F321017E63B}.dll, , [315d00e27822fd3968ff9c7cd0318977],
PUP.Optional.Yontoo, C:\Users\Khaled\AppData\Local\Temp\{F8F8FA1E-47F7-49C2-B635-A173D41A026A}.dll, , [602e1fc37d1d14226b2ce92ca25f02fe],
PUP.Optional.Yontoo, C:\Users\Khaled\AppData\Local\Temp\{F9428B19-8557-4310-8BEC-8E95816765B8}.dll, , [f599a73bbdddd85e283fae6a9a67aa56],
PUP.Optional.Yontoo, C:\Users\Khaled\AppData\Local\Temp\{2AAC0048-7C56-4978-83B8-E32AA0727E39}.dll, , [b5d9f3ef8f0bcc6aa6f10c092bd6ca36],
PUP.Optional.Yontoo, C:\Users\Khaled\AppData\Local\Temp\{2D4777B8-74D3-4C33-9176-91945533F003}.dll, , [f39b3ea4207a93a3e780cb4dec159b65],
Trojan.Agent, C:\Users\Khaled\AppData\Local\Temp\zxj1MWObYx.exe, , [e1ad33aff0aa4de939d3db3de91806fa],
PUP.Optional.Yontoo, C:\Users\Khaled\AppData\Local\Temp\{0123163F-DCB4-4E79-8A3D-47FEDCF0BFFD}.dll, , [49457f6316841b1b6205f820b44d44bc],
PUP.Optional.Yontoo, C:\Users\Khaled\AppData\Local\Temp\{1B66607D-3E9F-435A-B2C9-3311D8F4CB1F}.dll, , [424cf4ee5b3f092defa839dcd0319967],
PUP.Optional.Yontoo, C:\Users\Khaled\AppData\Local\Temp\{21999EE5-F612-42DB-8B96-A39BCF879B90}.dll, , [7c12be243a60280e2d3a7f99af52d32d],
PUP.Optional.Yontoo, C:\Users\Khaled\AppData\Local\Temp\{3DCD3BC4-5F17-4EAC-AB70-4AD403C6AD6C}.dll, , [642ae6fc1585bd79ff9869ac3bc66b95],
PUP.Optional.Yontoo, C:\Users\Khaled\AppData\Local\Temp\{41AC16BC-0B7C-412B-BA18-E9F7B5F5AD41}.dll, , [a6e8e9f94b4f0b2b194e090f4db4cb35],
PUP.Optional.Yontoo, C:\Users\Khaled\AppData\Local\Temp\{B19D34D0-CA69-4119-A0CA-30366DC2DE23}.dll, , [e8a608daf0aaa59189de9d7b7e83f30d],
PUP.Optional.Yontoo, C:\Users\Khaled\AppData\Local\Temp\{B59DD951-0FF7-4886-A33F-6764061AF535}.dll, , [cbc3f7eb8f0bb2840c8b51c4bf42f40c],
PUP.Optional.Yontoo, C:\Users\Khaled\AppData\Local\Temp\{B5EA0AEA-C6CB-4F2F-B8BD-B43553339A32}.dll, , [4945558d9dfd2f073433aa6eb849936d],
PUP.Optional.Yontoo, C:\Users\Khaled\AppData\Local\Temp\{D7BF6917-C196-4BE6-BC87-2CA737F00B61}.dll, , [98f6d60c712986b0d2c57c99b54c857b],
PUP.Optional.Yontoo, C:\Users\Khaled\AppData\Local\Temp\{D98419AC-0514-4EDE-8440-70F077FF4B49}.dll, , [8a0421c1990182b4ecabe530639ec739],
PUP.Optional.Yontoo, C:\Users\Khaled\AppData\Local\Temp\{DEFA22DE-1B91-4FB3-9C34-046753E5A468}.dll, , [6e207072a9f1c96de48353c51de4bd43],
PUP.Optional.Yontoo, C:\Users\Khaled\AppData\Local\Temp\{A6451B0B-583D-4B21-9300-AD199E6DF30B}.dll, , [444a5a88eab08bab54438e876a977f81],
PUP.Optional.Yontoo, C:\Users\Khaled\AppData\Local\Temp\{A98EBC91-A4F3-4875-826F-3DB33B8A0365}.dll, , [018d459d6f2bed4997004dc8cb366898],
PUP.Optional.Yontoo, C:\Users\Khaled\AppData\Local\Temp\{AAB18E45-1583-41EB-993F-84359B6943CC}.dll, , [93fbd80a55459d993433cf49b34e728e],
PUP.Optional.Yontoo, C:\Users\Khaled\AppData\Local\Temp\{AB1FAED7-FF13-48BB-84FD-8DB1AFC9DB4D}.dll, , [ef9f04de0f8b2b0b1354a7712dd40bf5],
PUP.Optional.Yontoo, C:\Users\Khaled\AppData\Local\Temp\{1771AD4E-AB37-495B-97BE-7A7AB1508035}.dll, , [c5c91bc7d4c6f3435e096bad40c107f9],
PUP.Optional.Yontoo, C:\Users\Khaled\AppData\Local\Temp\{18543CA4-D9FB-476E-9765-A8266789E380}.dll, , [4945746efe9cd5611d4a01171be63ec2],
PUP.Optional.Ghokswa, C:\Users\Khaled\AppData\Local\Temp\6596.tmp, , [c5c9746e415914223ce94309f2118779],
PUP.Optional.Yontoo, C:\Users\Khaled\AppData\Local\Temp\{51EC7083-DA28-4D35-BFC7-E23B6F16BDF6}.dll, , [a0ee30b2d6c44ee84720ba5ed1306898],
PUP.Optional.Yontoo, C:\Users\Khaled\AppData\Local\Temp\{53A10FAB-CF0D-46C5-BEE3-4957FD3C56F9}.dll, , [0b8305dd5d3d54e2c3d429eceb16b14f],
PUP.Optional.Yontoo, C:\Users\Khaled\AppData\Local\Temp\{548F8455-7B30-4445-BEC4-506FBE29CBDB}.dll, , [94faa63cdfbb8ea86334e72eae537987],
PUP.Optional.Yontoo, C:\Users\Khaled\AppData\Local\Temp\{CCEC45C1-2C2D-4AFB-B08E-AB1AE0ED3985}.dll, , [0a84e7fb86141c1a70f73fd915ec35cb],
PUP.Optional.Yontoo, C:\Users\Khaled\AppData\Local\Temp\{DEFA34AD-0170-41A6-AE39-65C39259AF96}.dll, , [345a3ea4fb9fb87e0c5b1107a160f10f],
PUP.Optional.Yontoo, C:\Users\Khaled\AppData\Local\Temp\{341EB061-5675-4ABE-9BCB-2E813A5BBC4B}.dll, , [cdc1885a4456c670405724f1b24f619f],
PUP.Optional.Yontoo, C:\Users\Khaled\AppData\Local\Temp\{35475A5E-EAC7-44EA-A7C6-C2F524D1C761}.dll, , [781623bfe4b6aa8c3136df39629f25db],
PUP.Optional.Yontoo, C:\Users\Khaled\AppData\Local\Temp\{8CBBD746-E6E4-4D13-B9FA-6D1F05A25DFC}.dll, , [602ea240ff9b979f296e809504fd0000],
PUP.Optional.Yontoo, C:\Users\Khaled\AppData\Local\Temp\{8ECC2FCD-FFA3-4FD1-8FB0-BCC2DB410204}.dll, , [6a24934febaf96a0df885dbb54adb44c],
PUP.Optional.Yontoo, C:\Users\Khaled\AppData\Local\Temp\{99125DA1-8947-4221-9804-1CE1560140F7}.dll, , [464841a19604da5c2c3b55c3a9585ba5],
PUP.Optional.Yontoo, C:\Users\Khaled\AppData\Local\Temp\{9BFE8DDA-EB71-4C33-A522-4AD03ABC31FB}.dll, , [d2bc5d85e2b8a4925c3b85908f726e92],
PUP.Optional.Yontoo, C:\Users\Khaled\AppData\Local\Temp\{7A6D57C5-8487-4F4A-9351-B64072BAC076}.dll, , [f29c657d8812bf77a3f421f4ea17f907],
PUP.Optional.Yontoo, C:\Users\Khaled\AppData\Local\Temp\{7C880DF8-CF07-4329-BA1E-3EDE259F3AED}.dll, , [c0cecc167327dd59541322f69d64e11f],
PUP.Optional.Yontoo, C:\Users\Khaled\AppData\Local\Temp\{7CC52977-3D4B-4A0A-B133-C57643842D6D}.dll, , [6c22d60c7d1d979f7fe8ea2e60a1ec14],
PUP.Optional.Yontoo, C:\Users\Khaled\AppData\Local\Temp\{093A7FB5-97B6-4054-83E9-6672069E9994}.dll, , [b4dad909bfdb71c50d8af520ec15ae52],
PUP.Optional.Yontoo, C:\Users\Khaled\AppData\Local\Temp\{0A5BAC77-8F20-4739-A98F-CE05A21F1F1D}.dll, , [97f7ab377c1e4beb3e29c0583fc209f7],
PUP.Optional.Yontoo, C:\Users\Khaled\AppData\Local\Temp\{83912426-D4A3-476B-868E-EEB6FFC1770A}.dll, , [fd91598913879d992a6d868fe9183fc1],
PUP.Optional.Yontoo, C:\Users\Khaled\AppData\Local\Temp\{5DCABEB1-AFF2-41B8-8330-8F8907CF18D0}.dll, , [1a74e002eab048ee74f30018ef12af51],
PUP.Optional.Yontoo, C:\Users\Khaled\AppData\Local\Temp\{1E51E305-E4A3-480A-AA02-4A91D84B263C}.dll, , [1a74479baded3ff7ec7be8307e83946c],
PUP.Optional.Yontoo, C:\Users\Khaled\AppData\Local\Temp\{1FFA87C1-A715-4332-980C-D4F62D7381AE}.dll, , [4d41746e3c5ee74f0790e530956cd52b],
PUP.Optional.Yontoo, C:\Users\Khaled\AppData\Local\Temp\{3F40EA7E-A44F-4CEA-88D3-48BF389F6B11}.dll, , [d9b55b870c8ea3933d2aaa6eee13669a],
PUP.Optional.RafoServer.ShrtCln, C:\Users\Khaled\AppData\Local\Temp\92A4.tmp, , [226c984aff9b7abc4c0a48e2aa57857b],
PUP.Optional.QualityChecker, C:\Users\Khaled\AppData\Local\Temp\nsg2D2B.tmp, , [8fff08da5a4066d0213d50b214ed40c0],
PUP.Optional.OpenCandy, C:\Users\Khaled\AppData\Local\Temp\nsj4136.exe, , [09858b57b7e32a0c8b4788a7e51ec53b],
PUP.Optional.Yontoo, C:\Users\Khaled\AppData\Local\Temp\{BE7CB8A4-C7DC-40CB-8520-9C2BDD137B8F}.dll, , [395508dac5d5c175f1a62ce9bb469070],
PUP.Optional.Yontoo, C:\Users\Khaled\AppData\Local\Temp\{BF403009-06EC-4601-81AD-CA26A3E68FF5}.dll, , [3559637f4852e84e4a4d16ff27da8779],
PUP.Optional.Yontoo, C:\Users\Khaled\AppData\Local\Temp\{BFBAFDFB-4D43-4D35-ACC5-24896CB1356D}.dll, , [98f670724753de58eea9c2536d946a96],
PUP.Optional.Yontoo, C:\Users\Khaled\AppData\Local\Temp\{C28570BC-44D2-4614-912C-31B590431587}.dll, , [d2bc50928e0c3afc86e171a7738e7789],
PUP.Optional.OpenCandy, C:\Users\Khaled\AppData\Local\Temp\HYDE8F3.tmp.1449500207\HTA\install.1449500207.zip, , [632ba0425b3f6cca0483b9572bd8ff01],
PUP.Optional.OpenCandy, C:\Users\Khaled\AppData\Local\Temp\HYDE8F3.tmp.1449500207\HTA\3rdparty\OCComSDK.dll, , [59355290b9e188aeceb9c947838026da],
PUP.Optional.OpenCandy, C:\Users\Khaled\AppData\Local\Temp\HYDE8F3.tmp.1449500207\HTA\3rdparty\OCSetupHlp.dll, , [c1cdc71b7c1ee3533f93949b2fd426da],
Adware.Elex, C:\Users\Khaled\AppData\Local\Temp\ist11F1.tmp\dzkcmjw.exe, , [f9955a88edadb284aff6e1e9e51ee31d],
PUP.Optional.Ghokswa, C:\Users\Khaled\AppData\Local\Temp\ist11F1.tmp\tools\chr.exe, , [028c459da7f3f73fc7526ae208fb08f8],
Adware.Elex, C:\Users\Khaled\AppData\Local\Temp\ist11F1.tmp\tools\Exnvd.exe, , [f09e10d2c5d5092d228319b1758efa06],
Adware.Elex, C:\Users\Khaled\AppData\Local\Temp\ist11F1.tmp\tools\qksee\msuser.dll, , [4a447e64e7b370c6089d8d3d21e2bc44],
Adware.Elex, C:\Users\Khaled\AppData\Local\Temp\ist11F1.tmp\tools\qksee\myuser.exe, , [f5999949dfbb60d665406e5c21e2bc44],
Adware.Elex, C:\Users\Khaled\AppData\Local\Temp\ist11F1.tmp\tools\qksee\qkdl.exe, , [5836fde5f2a8181e60459238d72c3fc1],
Adware.Elex, C:\Users\Khaled\AppData\Local\Temp\ist11F1.tmp\tools\qksee\qkdup.exe, , [ff8f13cf7d1dd165881dfbcfbc47926e],
Adware.Elex, C:\Users\Khaled\AppData\Local\Temp\ist11F1.tmp\tools\qksee\qksee.exe, , [a0ee667cf7a31e181095ca00de2514ec],
Adware.Elex, C:\Users\Khaled\AppData\Local\Temp\ist11F1.tmp\tools\qksee\qkseeSvc.exe, , [4b432ab846549a9c6c3967634bb8b848],
Adware.Elex, C:\Users\Khaled\AppData\Local\Temp\ist11F1.tmp\tools\qksee\uninstall.exe, , [414d8f53a8f25cdaa3025e6c4cb76898],
PUP.Optional.Elex, C:\Users\Khaled\AppData\Local\Temp\ist224E.tmp\wmmbox.exe, , [93fbd50d6832c96d42176b281de6d62a],
PUP.Optional.Ghokswa, C:\Users\Khaled\AppData\Local\Temp\ist224E.tmp\tools\chdd.exe, , [444a20c2b0eac6702ff682ca48bbf50b],
PUP.Optional.Elex, C:\Users\Khaled\AppData\Local\Temp\ist224E.tmp\tools\dlyac.exe, , [0787f5ed455514221c3d6132fe050ff1],
Trojan.Downloader, C:\Users\Khaled\AppData\Local\Temp\ist224E.tmp\tools\saber.exe, , [048a8e545e3c3501f7aa790c2ad9e41c],
Adware.Elex, C:\Users\Khaled\AppData\Local\Temp\ist343D.tmp\qksee\msuser.dll, , [543ab42e62383006c0e569612fd46898],
Adware.Elex, C:\Users\Khaled\AppData\Local\Temp\ist343D.tmp\qksee\myuser.exe, , [d8b618ca277384b28520e1e9a162b64a],
Adware.Elex, C:\Users\Khaled\AppData\Local\Temp\ist343D.tmp\qksee\qkdl.exe, , [ace211d1c0da6fc74560bb0f9e65db25],
Adware.Elex, C:\Users\Khaled\AppData\Local\Temp\ist343D.tmp\qksee\qkdup.exe, , [d2bca53d9a0061d52481f8d221e29f61],
Adware.Elex, C:\Users\Khaled\AppData\Local\Temp\ist343D.tmp\qksee\qksee.exe, , [1678588a1a8056e04c594d7d778c3ac6],
Adware.Elex, C:\Users\Khaled\AppData\Local\Temp\ist343D.tmp\qksee\qkseeSvc.exe, , [038b489a0199280e03a2963435ce847c],
Adware.Elex, C:\Users\Khaled\AppData\Local\Temp\ist343D.tmp\qksee\uninstall.exe, , [b2dc766cb6e4f83e5e4764669f643fc1],
PUP.Optional.Elex, C:\Users\Khaled\AppData\Local\Temp\ist3973.tmp\eUpgrade\eupgrade.exe, , [1e7030b24e4cfa3ca6db2692e91a718f],
PUP.Optional.Elex, C:\Users\Khaled\AppData\Local\Temp\ist3973.tmp\OmigaZip_patch\winziper.exe, , [395524be06943303b1fcdf8440c3857b],
PUP.Optional.Elex, C:\Users\Khaled\AppData\Local\Temp\ist3973.tmp\OmigaZip_patch\winzipersvc.exe, , [2866e8fabcdec07609a42a3939cac63a],
PUP.Optional.Elex, C:\Users\Khaled\AppData\Local\Temp\ist3973.tmp\OmigaZip_patch\wzdl.exe, , [216d33af6436d66029582d8b25ded12f],
PUP.Optional.Elex, C:\Users\Khaled\AppData\Local\Temp\ist3973.tmp\OmigaZip_patch\wzShellctx.dll, , [97f7ae3454466dc9f9b4bea5867dc040],
PUP.Optional.Elex, C:\Users\Khaled\AppData\Local\Temp\ist3973.tmp\OmigaZip_patch\wzShellctx64.dll, , [79157d655941f3432a83273c0ff4e11f],
PUP.Optional.Elex, C:\Users\Khaled\AppData\Local\Temp\ist3973.tmp\OmigaZip_patch\wzUninstall.exe, , [d0bed909cdcd290dc6bb45737f84fa06],
PUP.Optional.Elex, C:\Users\Khaled\AppData\Local\Temp\ist3973.tmp\OmigaZip_patch\wzUpg.exe, , [c6c8b032d2c888aecce1bda641c27f81],
PUP.Optional.Elex, C:\Users\Khaled\AppData\Local\Temp\ist42A.tmp\eInstall\eInstall.exe, , [b9d5e5fd504a3df9675d0cb61ee5fc04],
PUP.Optional.Elex, C:\Users\Khaled\AppData\Local\Temp\ist8D06.tmp\boxgxfd.exe, , [76189c466e2c1125d2afe2d6d52e7d83],
PUP.Optional.Ghokswa, C:\Users\Khaled\AppData\Local\Temp\ist8D06.tmp\tools\chdada.exe, , [7f0f05dd5446c2743fdad27a28db55ab],
PUP.Optional.Elex, C:\Users\Khaled\AppData\Local\Temp\ist8D06.tmp\tools\ffhyhy.exe, , [b8d62ab8c1d9f640157d23a63ac9a759],
PUP.Optional.Elex, C:\Users\Khaled\AppData\Local\Temp\ist8D06.tmp\tools\sagrgr.exe, , [fc929151b0ea5ed87611a2ffb44fad53],
PUP.Optional.Elex, C:\Users\Khaled\AppData\Local\Temp\ist8D06.tmp\tools\yacdede.exe, , [d6b84e94c8d2f145d6abfabe11f27c84],
PUP.Optional.Elex, C:\Users\Khaled\AppData\Local\Temp\ist9C20.tmp\dzkcmjw.exe, , [810d7a68683251e5c7e251f9e120c43c],
PUP.Optional.Elex, C:\Users\Khaled\AppData\Local\Temp\ist9C20.tmp\tools\Exnvd.exe, , [345a19c9cad08bab6049fe4c43be0cf4],
Adware.Elex, C:\Users\Khaled\AppData\Local\Temp\ist9C20.tmp\tools\qksee\msuser.dll, , [206ee9f985151c1aeabb1cae877c10f0],
PUP.Optional.Elex, C:\Users\Khaled\AppData\Local\Temp\ist9C20.tmp\tools\qksee\myuser.exe, , [dbb3c31fe3b7cc6a0f9afe4c8f720ff1],
Adware.Elex, C:\Users\Khaled\AppData\Local\Temp\ist9C20.tmp\tools\qksee\qkdl.exe, , [543a30b21189f244792c26a440c3dd23],
Adware.Elex, C:\Users\Khaled\AppData\Local\Temp\ist9C20.tmp\tools\qksee\qkdup.exe, , [eba36f73f0aa96a0d4d19d2d45befe02],
Adware.Elex, C:\Users\Khaled\AppData\Local\Temp\ist9C20.tmp\tools\qksee\qksee.exe, , [840a35ad6b2fbc7a2b7a09c129da5aa6],
Adware.Elex, C:\Users\Khaled\AppData\Local\Temp\ist9C20.tmp\tools\qksee\qkseeSvc.exe, , [0688fbe7b0ea3600f3b224a629dabf41],
Adware.Elex, C:\Users\Khaled\AppData\Local\Temp\ist9C20.tmp\tools\qksee\uninstall.exe, , [9cf23ba7356560d6b2f33991867d7090],
PUP.Optional.Elex, C:\Users\Khaled\AppData\Local\Temp\istB30B.tmp\dzkcmjw.exe, , [d2bcb62c35652c0a1445cdc6d42f827e],
PUP.Optional.Ghokswa, C:\Users\Khaled\AppData\Local\Temp\istB30B.tmp\tools\chr.exe, , [96f8a33f6a30aa8c3ce90d3ff80b7b85],
PUP.Optional.Elex, C:\Users\Khaled\AppData\Local\Temp\istB30B.tmp\tools\Exnvd.exe, , [99f5f2f07921a195aaaf4c4742c1916f],
PUP.Optional.Elex, C:\Users\Khaled\AppData\Local\Temp\istD98C.tmp\box.exe, , [107e42a05941d66087d20c87db28de22],
Trojan.AdLoad.CN, C:\Users\Khaled\AppData\Local\Temp\istD98C.tmp\tools\ch.exe, , [fe90a939a8f288ae13722b36956eee12],
PUP.Optional.Elex, C:\Users\Khaled\AppData\Local\Temp\istD98C.tmp\tools\saber.exe, , [048ad60ceeacb680c2c5148d11f2c937],
PUP.Optional.Elex, C:\Users\Khaled\AppData\Local\Temp\istD98C.tmp\tools\yacjg.exe, , [8b0326bcf8a20d294b0eb2e18c77b54b],
PUP.Optional.Elex, C:\Users\Khaled\AppData\Local\Temp\istE66D.tmp\dzkcmjw.exe, , [f09eeff3fd9d3204d7828e05798a7090],
PUP.Optional.Ghokswa, C:\Users\Khaled\AppData\Local\Temp\istE66D.tmp\tools\chr.exe, , [305e72700595320472a466e6e71c49b7],
PUP.Optional.Elex, C:\Users\Khaled\AppData\Local\Temp\istE66D.tmp\tools\Exnvd.exe, , [a9e5677b6733b680b6a3b8dbca3958a8],
PUP.Optional.OpenCandy, C:\Users\Khaled\AppData\Local\Temp\HYD5E54.tmp.1455709906\HTA\3rdparty\OCComSDK.dll, , [d4bab72b3c5ed462c4c3e62a22e17d83],
PUP.Optional.OpenCandy, C:\Users\Khaled\AppData\Local\Temp\HYD9BF1.tmp.1448800703\HTA\install.1448800703.zip, , [b2dca63c9ffb47ef0483dd33ae5527d9],
PUP.Optional.OpenCandy, C:\Users\Khaled\AppData\Local\Temp\HYD9BF1.tmp.1448800703\HTA\3rdparty\OCComSDK.dll, , [afdf3aa8c2d887afc5c2cf41887be020],
CrackTool.Agent, C:\Users\Khaled\AppData\Local\Temp\WzE13C8.tmp\Anti-Porn 17.6.3.6 + Patch\Anti-Porn.v17.5.2.15-patch.exe, , [f7972cb6e7b3a88e730cb62611ef4fb1],
PUP.Optional.Elex, C:\Windows\Temp\istE6AD.tmp\saberbox.exe, , [f995e002a1f9f5417e09772ad23110f0],
PUP.Optional.Elex, C:\Windows\Temp\istE6AD.tmp\tools\everything.exe, , [8fff459d3a60cb6ba2aac70d897a718f],
Trojan.Obfuscator, C:\Windows\Temp\istE6AD.tmp\tools\ihpul.exe, , [206e00e2b5e5c17575da983f56adb34d],
Trojan.ChinAd, C:\Windows\Temp\istE6AD.tmp\tools\qks.exe, , [99f5845e405ab680e2d19b10e023659b],
PUP.Optional.Elex, C:\Windows\Temp\istE6AD.tmp\tools\saber.exe, , [a2ec12d019811620186faaf7758e8d73],
PUP.Optional.Elex, C:\Windows\Temp\istE6AD.tmp\tools\winzipper.exe, , [56381dc5d4c621157e03ad0b5aa909f7],
PUP.Optional.OpenCandy, C:\Users\Khaled\Downloads\CheatEngine66.exe, , [632b578b3367da5c1658d334e9180af6],
Trojan.Dropper, C:\Users\Khaled\Downloads\Google Earth Pro 4.2 [fully activated]_CaSh.rar, , [dbb3568c2d6d5bdb44f2d67224dc49b7],
PUP.Optional.InstallCore, C:\Users\Khaled\Downloads\Google_Maps_Downloader_7_625_Full_Serial.zip, , [b9d5ecf65f3b55e146a872bf54ad7b85],
CrackTool.Agent, C:\Windows\Anti-Porn.v17.5.2.15-patch.exe, , [008ed50d79210d29d2ad924a619f11ef],
Trojan.Agent, C:\Extracted\server.exe, , [afdf3da5d9c1d95de505043b5da5a65a],
PUP.Optional.KingTopDeals, C:\Users\Khaled\AppData\Roaming\Opera Software\Opera Stable\Local Storage\http_pstatic.kingtopdeals.com_0.localstorage, , [1b7314cef6a442f4a0080b9d05fde11f],
PUP.Optional.KingTopDeals, C:\Users\Khaled\AppData\Roaming\Opera Software\Opera Stable\Local Storage\http_pstatic.kingtopdeals.com_0.localstorage-journal, , [018d7f639505fe38c2e6decab34fd32d],
PUP.Optional.Yontoo, C:\Users\Khaled\AppData\Roaming\Opera Software\Opera Stable\Local Storage\https_constantfun-a.akamaihd.net_0.localstorage, , [0a84ad357e1ccc6a1dd407be1ce642be],
PUP.Optional.Yontoo, C:\Users\Khaled\AppData\Roaming\Opera Software\Opera Stable\Local Storage\https_constantfun-a.akamaihd.net_0.localstorage-journal, , [c7c7e9f9009ad75fd021b90c758dd927],
PUP.Optional.PriceMoon, C:\Users\Khaled\AppData\Roaming\Opera Software\Opera Stable\Local Storage\http_pstatic.pricemoon.co_0.localstorage, , [e6a85f837e1c270f58c3fad0a95902fe],
PUP.Optional.PriceMoon, C:\Users\Khaled\AppData\Roaming\Opera Software\Opera Stable\Local Storage\http_pstatic.pricemoon.co_0.localstorage-journal, , [b1dd03df8f0b56e0869525a5857db54b],
PUP.Optional.Elex.SHHKRST, C:\Users\Khaled\AppData\Roaming\Microsoft\Windows\Cookies\x64explassist.dll, , [6c22934faaf025117c16f261f40fcd33],
PUP.Optional.SearchInMe, C:\Users\Khaled\AppData\Roaming\Firefox\Firefox\Profiles\e1hkr58y.default\searchplugins\searchinme.xml, , [583606dc0b8f70c66ac3bbfab54e57a9],
PUP.Optional.Elex, C:\Users\Khaled\AppData\Roaming\Firefox\Firefox\Profiles\e1hkr58y.default\extensions\@DA3566E2-F709-11E5-8E87-A604BC8E7F8B.xpi, , [e3ab6b77b3e71f170e22674e13f011ef],
PUP.Optional.Elex, C:\Users\Khaled\AppData\Roaming\Firefox\Firefox\Profiles\e1hkr58y.default\extensions\@H99KV4DO-UCCF-9PFO-9ZLK-8RRP4FVOKD9O.xpi, , [a5e9ecf65941d85eab852c8941c218e8],
PUP.Optional.NueSearch, C:\Users\Khaled\AppData\Roaming\Firefox\Firefox\Profiles\e1hkr58y.default\searchplugins\nuesearch.xml, , [553918cab4e63df931040da8b2516e92],
PUP.Optional.SearchInMe, C:\Users\Khaled\AppData\Roaming\Firefox\Firefox\Profiles\e1hkr58y.default\prefs.js, Bon : (), Mauvais : (user_pref("browser.startup.homepage", "http://www.searchinme.com/?type=hp&ts=1470172925409&z=642029710f1d352b4b1ccc1g7z8m7e3c4oeb1g1o1c&from=official&uid=HitachiXHTS547575A9E384_J2540054D4A5PED4A5PEX");), ,[8fff776b6a30360002ca24b01ee5f808]
PUP.Optional.Linkury.ACMB1, C:\Users\Khaled\AppData\Roaming\InstallationConfiguration.xml, , [a1edf2f07a20a690fd88ee4ff50eac54],
PUP.Optional.Yontoo, C:\Users\Khaled\AppData\Roaming\Opera Software\Opera Stable\Extensions\ldlfecfabopagelkniifbahoehihmlid\1.0.5844.30113_0\manifest.json, , [3c5236acd7c3e74f6d7675c79a69cb35],
PUP.Optional.Yontoo, C:\Users\Khaled\AppData\Roaming\Opera Software\Opera Stable\Extensions\ldlfecfabopagelkniifbahoehihmlid\1.0.5844.30113_0\background.js, , [3c5236acd7c3e74f6d7675c79a69cb35],
PUP.Optional.Yontoo, C:\Users\Khaled\AppData\Roaming\Opera Software\Opera Stable\Extensions\ldlfecfabopagelkniifbahoehihmlid\1.0.5844.30113_0\content.js, , [3c5236acd7c3e74f6d7675c79a69cb35],
PUP.Optional.Yontoo, C:\Users\Khaled\AppData\Roaming\Opera Software\Opera Stable\Extensions\ldlfecfabopagelkniifbahoehihmlid\1.0.5844.30113_0\icon.png, , [3c5236acd7c3e74f6d7675c79a69cb35],
PUP.Optional.Yontoo, C:\Users\Khaled\AppData\Roaming\Opera Software\Opera Stable\Preferences, Bon : (http://Google.com/), Mauvais : (http://searchinterneat-a.akamaihd.net/), ,[bdd1c220cad0999d40bf9aa5a45f3ac6]
Secteurs physiques: 0
(Aucun élément malveillant détecté)
(end)
www.malwarebytes.org
Date de l'analyse: 02/12/2016
Heure de l'analyse: 16:36
Fichier journal: MAMH.txt
Administrateur: Oui
Version: 2.2.1.1043
Base de données de programmes malveillants: v2016.12.02.06
Base de données de rootkits: v2016.11.20.01
Licence: Gratuit
Protection contre les programmes malveillants: Désactivé
Protection contre les sites Web malveillants: Désactivé
Autoprotection: Désactivé
Système d'exploitation: Windows 7 Service Pack 1
Processeur: x64
Système de fichiers: NTFS
Utilisateur: Khaled
Type d'analyse: Analyse des menaces
Résultat: Terminé
Objets analysés: 336066
Temps écoulé: 39 min, 8 s
Mémoire: Activé
Démarrage: Activé
Système de fichiers: Activé
Archives: Activé
Rootkits: Activé
Heuristique: Activé
PUP: Activé
PUM: Activé
Processus: 0
(Aucun élément malveillant détecté)
Modules: 0
(Aucun élément malveillant détecté)
Clés du Registre: 2
PUP.Optional.Ghokswa, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\BirdsarahUpdateTaskMachineCore, , [38561dc59cfe63d3f10aa3a88e7559a7],
PUP.Optional.Ghokswa, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\BirdsarahUpdateTaskMachineUA, , [414deff35347d16550ab83c8b84bb44c],
Valeurs du Registre: 10
PUP.Optional.Ghokswa, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{2C0C84CB-A014-4BD6-88CA-3BEE47EFB870}|Path, \BirdsarahUpdateTaskMachineCore, , [2e60d30f0496999daf4d4ffc758e0df3]
PUP.Optional.Ghokswa, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{FD75A03A-9486-457D-A693-0F54ED608EB9}|Path, \BirdsarahUpdateTaskMachineUA, , [e4aac121cfcbcd69a25aa6a5956e32ce]
Hijack.AutoConfigURL.PrxySvrRST, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\NLASVC\PARAMETERS\INTERNET\MANUALPROXIES, 0http://unstops.net/wpad.dat?d298c4115e4567631e1d8884e795b7a79674148, , [4f3fae345b3ffb3b4ee9914c2dd5ed13]
PUP.Optional.SimpleFiles, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SHAREDACCESS\PARAMETERS\FIREWALLPOLICY\FIREWALLRULES|{61131B6B-A041-4D66-9358-319C9F0DB5D3}, v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Program Files (x86)\SimpleFiles\SimpleFiles.exe|Name=SimpleFiles|, , [5c3213cf9ffbd1650c613698b151e917]
PUP.Optional.SimpleFiles, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SHAREDACCESS\PARAMETERS\FIREWALLPOLICY\FIREWALLRULES|{42AC0D0A-2C7E-489A-BBB2-A968E9B5365C}, v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Program Files (x86)\SimpleFiles\SimpleFiles.exe|Name=SimpleFiles|, , [494510d22e6c1c1ad19cab23956df010]
PUP.Optional.SimpleFiles, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SHAREDACCESS\PARAMETERS\FIREWALLPOLICY\FIREWALLRULES|{D1B717F0-B899-4448-A32F-9BBE574554F9}, v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Program Files (x86)\SimpleFiles\downloader.exe|Name=SimpleFiles|, , [7a1422c001998bab7df0c50906fc23dd]
PUP.Optional.SimpleFiles, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SHAREDACCESS\PARAMETERS\FIREWALLPOLICY\FIREWALLRULES|{C3626F08-FB2E-4099-8A75-7FEEED7B8EC0}, v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Program Files (x86)\SimpleFiles\downloader.exe|Name=SimpleFiles|, , [494562805d3d66d0b2bbce00b84a48b8]
PUP.Optional.LuckyBrowse, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SHAREDACCESS\PARAMETERS\FIREWALLPOLICY\FIREWALLRULES|{E98A0D39-1883-4028-AC8C-ECD5465FE11B}, v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Program Files (x86)\LuckyBrowse\app\LuckyBrowse.exe|Name=LuckyBrowse|, , [f69815cd22784bebd98504caea18e61a]
PUP.Optional.LuckyBrowse, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SHAREDACCESS\PARAMETERS\FIREWALLPOLICY\FIREWALLRULES|{66210E1D-7AAB-47B1-95EB-A471391C6C56}, v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Program Files (x86)\LuckyBrowse\app\LuckyBrowse.exe|Name=LuckyBrowse|, , [dfaf1dc5504aff37104eeae418ea946c]
PUP.Optional.Ghokswa, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SHAREDACCESS\PARAMETERS\FIREWALLPOLICY\FIREWALLRULES|{6A2B5032-717B-483B-96F4-E845C88C3C30}, v2.10|Action=Allow|Active=TRUE|Dir=In|App=C:\ProgramData\Birdsarah\Birdsarah.exe|Name=Protect service|, , [840a974b1189cc6abe3fc18a5ea5e31d]
Données du Registre: 2
PUP.Optional.Qone8, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {33BB0A4E-99AF-4226-BDF6-49120163DE86}, Bon : ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}), Mauvais : ({33BB0A4E-99AF-4226-BDF6-49120163DE86}),,[8b0332b021792e08c3b3d74dca39f40c]
PUP.Optional.Qone8, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {33BB0A4E-99AF-4226-BDF6-49120163DE86}, Bon : ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}), Mauvais : ({33BB0A4E-99AF-4226-BDF6-49120163DE86}),,[dbb35a889cfed660383ee242eb187f81]
Dossiers: 2
PUP.Optional.Yontoo, C:\Users\Khaled\AppData\Roaming\Opera Software\Opera Stable\Extensions\ldlfecfabopagelkniifbahoehihmlid\1.0.5844.30113_0, , [3c5236acd7c3e74f6d7675c79a69cb35],
PUP.Optional.Yontoo, C:\Users\Khaled\AppData\Roaming\Opera Software\Opera Stable\Extensions\ldlfecfabopagelkniifbahoehihmlid, , [3c5236acd7c3e74f6d7675c79a69cb35],
Fichiers: 224
CrackTool.KMSPico, C:\Program Files\KMSpico\KMSELDI.exe, , [048af9e97822122416b494887a87b749],
PUP.Optional.Amonetize, C:\Program Files (x86)\Microsoft Toolkit Final\Microsoft Toolkit 2.5.4__9465_il213637.exe, , [048a00e207937fb71318f60e9b667090],
Trojan.Zbot, C:\Program Files (x86)\Microsoft Toolkit Final\Windows_Activaton.exe, , [3b53d70bc6d4122416f0bd3d728e06fa],
PUP.Optional.Yontoo, C:\Users\Khaled\AppData\Local\Temp\{7515E61C-93B7-487F-AD7F-F5E931C6B239}.dll, , [9df1fbe7f7a3cb6bd7c07f9689785da3],
PUP.Optional.Yontoo, C:\Users\Khaled\AppData\Local\Temp\{757EC500-86C3-4132-B3EF-C8E5CCA4CF20}.dll, , [9af46d75029845f1a7c078a0b0513fc1],
PUP.Optional.Yontoo, C:\Users\Khaled\AppData\Local\Temp\{783865D0-4A4C-418F-9254-5E45D03AB2F1}.dll, , [c1cde8faf5a5cd69890e54c1ab562ed2],
PUP.Optional.Thunder, C:\Users\Khaled\AppData\Local\Temp\nssDA57.exe, , [92fce8facbcf70c61ca87d9319e826da],
PUP.Optional.OpenCandy, C:\Users\Khaled\AppData\Local\Temp\nstAFE0.exe, , [543a23bfe4b658de4f83d6593ec520e0],
PUP.Optional.OpenCandy, C:\Users\Khaled\AppData\Local\Temp\nsz88E0.exe, , [137bf8eac5d564d2a131111ee32022de],
PUP.Optional.Yontoo, C:\Users\Khaled\AppData\Local\Temp\{E0755EEE-CDC2-4DDB-9DBF-A86A39AEA18B}.dll, , [d2bc766cb6e4270f382ffc1c16eb9070],
PUP.Optional.Yontoo, C:\Users\Khaled\AppData\Local\Temp\{E0A740E4-4DB4-41D8-8496-BB63395FE945}.dll, , [bdd1459d75251e18085f20f8c839fd03],
PUP.Optional.Yontoo, C:\Users\Khaled\AppData\Local\Temp\{E28E6FF5-84ED-4DD8-B697-546026EA26DE}.dll, , [6b23875bd6c46dc99bcca77178896997],
PUP.Optional.Yontoo, C:\Users\Khaled\AppData\Local\Temp\{E2B408AB-08D9-4589-8230-A6EB1D083DEF}.dll, , [d7b7637fedadee4850179583e71a8a76],
PUP.Optional.Yontoo, C:\Users\Khaled\AppData\Local\Temp\{2DD1825F-BFB9-4527-A180-BA2A9D1101C0}.dll, , [c8c6fde5e9b1fc3aee79eb2d966bc33d],
PUP.Optional.Yontoo, C:\Users\Khaled\AppData\Local\Temp\{2E4F04C3-7040-4791-9B1A-0198A796FA01}.dll, , [ff8f2fb33d5d4de94225c3555ca59b65],
PUP.Optional.Yontoo, C:\Users\Khaled\AppData\Local\Temp\{A44F01E4-4E7C-4EF6-8B7F-EC954DBC1479}.dll, , [95f939a9a7f33ff7f2a5de37b74a18e8],
PUP.Optional.Yontoo, C:\Users\Khaled\AppData\Local\Temp\{A494A065-D1F2-41A9-ADC8-FA7C9ECAC2AC}.dll, , [3f4f588a3d5d58de524568ad7a8725db],
PUP.Optional.Yontoo, C:\Users\Khaled\AppData\Local\Temp\{A5078302-D5AB-47C8-BA75-B9D87C515951}.dll, , [464841a1f3a7e94d3067779ebb46837d],
PUP.Optional.Yontoo, C:\Users\Khaled\AppData\Local\Temp\{18C59884-442D-48CD-9537-C1B77BF8936C}.dll, , [711dad35d3c78da96a2d72a3a16016ea],
PUP.Optional.Yontoo, C:\Users\Khaled\AppData\Local\Temp\{1B020C2B-1B9A-4009-9F2A-586A6446DD52}.dll, , [c3cb17cb009a56e0ed7a49cfd829946c],
PUP.Optional.Yontoo, C:\Users\Khaled\AppData\Local\Temp\{1B399EF8-CCB0-4983-8EC8-277B4E82B0EA}.dll, , [87079e445e3ce84e89de67b139c8966a],
PUP.Optional.Yontoo, C:\Users\Khaled\AppData\Local\Temp\{FA398312-D5BD-4D35-8E2F-C23D67BE5341}.dll, , [5d31885aabef68ce0f5845d3956caf51],
PUP.Optional.Yontoo, C:\Users\Khaled\AppData\Local\Temp\{FA5D119C-E8F8-4C5E-AF41-292715539A6F}.dll, , [98f6a63cecaec86ef4733adebf42a35d],
PUP.Optional.Yontoo, C:\Users\Khaled\AppData\Local\Temp\{FE8E83DD-2A2B-4440-A712-3DDB32E8B934}.dll, , [eca217cbe5b5d0661057c94f827faa56],
PUP.Optional.Yontoo, C:\Users\Khaled\AppData\Local\Temp\{B8F119C9-62B9-4DD2-AF15-4CBE62D663F5}.dll, , [f995b72b831777bf5542d144b34e728e],
PUP.Optional.Yontoo, C:\Users\Khaled\AppData\Local\Temp\{BA5F113F-22B8-481F-85C9-9FE8BDA271BE}.dll, , [8d018a584c4e191de87fd34552af38c8],
PUP.Optional.Yontoo, C:\Users\Khaled\AppData\Local\Temp\{87DC00E0-A85D-447E-BC94-87C5E0F218B1}.dll, , [fc929c46b9e151e5970060b5af52f709],
PUP.Optional.Yontoo, C:\Users\Khaled\AppData\Local\Temp\{88348575-6FA0-45DD-AE3C-272A6DD56A34}.dll, , [e4aa25bd7c1e72c4db8c1dfb27da5fa1],
PUP.Optional.Yontoo, C:\Users\Khaled\AppData\Local\Temp\{054C9FD6-EB23-4F5D-B4ED-7843EC625B1D}.dll, , [4e40f0f28713fe387d1ab75ef908669a],
PUP.Optional.Yontoo, C:\Users\Khaled\AppData\Local\Temp\{0574514B-7CF7-4FA0-8D22-C52C77896CF7}.dll, , [9ef01bc76139b48285e25fb9e819a65a],
PUP.Optional.Yontoo, C:\Users\Khaled\AppData\Local\Temp\{EF7C94E0-43BF-4BA6-9FB2-481AC5FBC3F5}.dll, , [2a649052e1b9ab8b0790ee27b64b8a76],
PUP.Optional.Yontoo, C:\Users\Khaled\AppData\Local\Temp\{F0435D53-3A4E-4624-84F3-59BC6321EA8F}.dll, , [cac45f83eeac55e101668b8d0ef3b34d],
PUP.Optional.Yontoo, C:\Users\Khaled\AppData\Local\Temp\{F163DA22-B3A8-4AF5-AA60-38C46739F2CC}.dll, , [0c825a88e4b637ff26415eba61a0d62a],
PUP.Optional.Yontoo, C:\Users\Khaled\AppData\Local\Temp\{F22A3241-E580-45F3-967C-13EA9F74693F}.dll, , [5836469ce2b8f0468512779ea9582cd4],
PUP.Optional.Yontoo, C:\Users\Khaled\AppData\Local\Temp\{42F8C70C-F446-4D12-9ED8-D69A2C8718DE}.dll, , [2866736f396168ce11569a7e31d08977],
PUP.Optional.Yontoo, C:\Users\Khaled\AppData\Local\Temp\{48485AFD-9F2B-4036-B1CE-1B6071DF5879}.dll, , [b1dd02e07e1c06302f68fe1729d8ec14],
PUP.Optional.Yontoo, C:\Users\Khaled\AppData\Local\Temp\{494382F9-6EDC-4706-A44A-F61AC79FE982}.dll, , [b5d9ac36a4f69f972542ee2a649de719],
PUP.Optional.Yontoo, C:\Users\Khaled\AppData\Local\Temp\{49727FD8-ADB9-4265-BA67-08E66F8E641D}.dll, , [3955b42eb3e754e2831443d24ab754ac],
PUP.Optional.Yontoo, C:\Users\Khaled\AppData\Local\Temp\{AF9F4FC6-C68F-4900-B5C3-8E146E3B271A}.dll, , [a9e5588aeab0c571d59276a255ac08f8],
PUP.Optional.Yontoo, C:\Users\Khaled\AppData\Local\Temp\{CFA0F9E9-DC0B-46D8-A213-F2938BDF4CDF}.dll, , [028c34ae54469b9b22459c7cdc257c84],
PUP.Optional.Yontoo, C:\Users\Khaled\AppData\Local\Temp\{D0610B63-E481-4813-AB1B-487AA2083082}.dll, , [117d1ac85f3b0234501770a88a77fa06],
PUP.Optional.Yontoo, C:\Users\Khaled\AppData\Local\Temp\{D200A816-3ED0-4391-9209-FCF153D8C5EB}.dll, , [513d2db55a4094a2363167b1639e1be5],
PUP.Optional.Yontoo, C:\Users\Khaled\AppData\Local\Temp\{5916E1C0-6DB3-4261-B644-2D775769B234}.dll, , [eaa410d2b1e9c76f0661869217ea6a96],
PUP.Optional.Yontoo, C:\Users\Khaled\AppData\Local\Temp\{6308A5B5-3B8A-4467-B5CA-9EC941A4C7A7}.dll, , [ccc2dc063d5de650c99e8d8baf522dd3],
PUP.Optional.Yontoo, C:\Users\Khaled\AppData\Local\Temp\{79CA6C07-9B52-43B8-94EE-C7A77C445249}.dll, , [1e70d1115c3e979f5d3a43d29d64e41c],
PUP.Optional.Yontoo, C:\Users\Khaled\AppData\Local\Temp\{7D69809D-DCF1-4695-96B2-1294E475BDD8}.dll, , [701e647ea1f94de943543cd913ee5ca4],
PUP.Optional.Yontoo, C:\Users\Khaled\AppData\Local\Temp\{85BAAB59-14E9-44B9-ACA8-01FC6B05D393}.dll, , [038bf6ec7723df57f7a08e8736cb36ca],
PUP.Optional.Yontoo, C:\Users\Khaled\AppData\Local\Temp\{8B96DE1A-DBF1-47B9-853C-5B3479C6E4C5}.dll, , [0d8102e06436d165a4f3fb1a768bc739],
PUP.Optional.Yontoo, C:\Users\Khaled\AppData\Local\Temp\{8F65ADBE-324C-44A1-BB38-E49302272A8D}.dll, , [b8d621c12d6dac8aa2f559bcd52c3bc5],
PUP.Optional.Yontoo, C:\Users\Khaled\AppData\Local\Temp\{9CD3C4BD-3D84-487C-80D5-2F432E4BB512}.dll, , [1c72edf53268a29495d2f7219f62b54b],
PUP.Optional.Addrop, C:\Users\Khaled\AppData\Local\Temp\jEI48kRUUQ.exe, , [f29c736f6f2b4ee83b9d9a93d52c4db3],
PUP.Optional.Yontoo, C:\Users\Khaled\AppData\Local\Temp\{224FEC1F-D14B-45D3-AA30-EF49B4A96A64}.dll, , [e1adc71b4b4f2610a4f3b362e71a3dc3],
PUP.Optional.Yontoo, C:\Users\Khaled\AppData\Local\Temp\{265C9BFC-1D4A-41B6-A565-4C93F14DBE42}.dll, , [7618459d8f0b979f363123f5fb067987],
PUP.Optional.Yontoo, C:\Users\Khaled\AppData\Local\Temp\{27667AE2-8F0A-4B56-98C4-2BB25BAAD80B}.dll, , [7c12bc26f2a82412f6719a7e7b86be42],
PUP.Optional.Yontoo, C:\Users\Khaled\AppData\Local\Temp\{92EA3C49-9B50-42C9-B1C3-EC162868FE17}.dll, , [216d33af2a7040f67e19f421e12002fe],
PUP.Optional.Yontoo, C:\Users\Khaled\AppData\Local\Temp\{930AE7E3-200F-4468-9682-8FDF38C0B0DF}.dll, , [fe90ad35bcde50e6f671d147dc25e11f],
PUP.Optional.Yontoo, C:\Users\Khaled\AppData\Local\Temp\{934A134D-C658-4A78-B8BB-777D86F0114C}.dll, , [93fb33af71293df993d427f1738efb05],
PUP.Optional.Yontoo, C:\Users\Khaled\AppData\Local\Temp\{51111C64-D1D6-4CC7-9B45-CC0EE6D0A82A}.dll, , [6925f2f06c2e02344b4c001549b826da],
PUP.Optional.Yontoo, C:\Users\Khaled\AppData\Local\Temp\{5143D171-C63A-4016-ACEC-BE11ED82626D}.dll, , [9cf2b82a1b7f5dd9d5928e8ab64bba46],
PUP.Optional.Yontoo, C:\Users\Khaled\AppData\Local\Temp\{6C358EB2-27B7-424A-88F4-4BEE58327DC6}.dll, , [8c02c121900aed4924735fb6b54cfc04],
PUP.Optional.Yontoo, C:\Users\Khaled\AppData\Local\Temp\{6C75E96E-872B-46BC-A1DD-72915FA1AB5F}.dll, , [68264c960496f83ea0f7d83d4fb242be],
PUP.Optional.Yontoo, C:\Users\Khaled\AppData\Local\Temp\{6CBD8909-201E-4FEC-A247-254542FB695B}.dll, , [c8c63aa8d3c75cdafc9b3ed733ce2bd5],
PUP.Optional.Yontoo, C:\Users\Khaled\AppData\Local\Temp\{6F529C89-AAB8-4FD8-84BE-654ECF2E15A2}.dll, , [f896a042108a8fa79ff87b9aeb166898],
PUP.Optional.Yontoo, C:\Users\Khaled\AppData\Local\Temp\{70B4C085-F222-4A47-A587-E0EB47023ACD}.dll, , [a1ed3aa8564461d5cf98eb2dac5534cc],
PUP.Optional.Yontoo, C:\Users\Khaled\AppData\Local\Temp\{7E36815C-6C48-4243-ACBD-67F853E0080C}.dll, , [fb93b62c3b5f5adc9ccb5eba3ac722de],
PUP.Optional.Yontoo, C:\Users\Khaled\AppData\Local\Temp\{7E83BDB0-BE5D-4FDA-A5AE-5111694049D0}.dll, , [95f9ab377624979fa5c2c454ee1313ed],
PUP.Optional.Yontoo, C:\Users\Khaled\AppData\Local\Temp\{C612934A-A8BB-4B7E-8AE5-C68906E2118D}.dll, , [4846ebf7069452e42a3dc5532fd24eb2],
PUP.Optional.Yontoo, C:\Users\Khaled\AppData\Local\Temp\{0E399D4B-5BC3-4045-8711-6B5FE897E0A3}.dll, , [5b338161465435015a3d997c16ebfc04],
PUP.Optional.Yontoo, C:\Users\Khaled\AppData\Local\Temp\{0F3D6739-8B7A-49E4-9F91-E18C2FB668EE}.dll, , [e2ac934fbddd979ff4a3ac69758c659b],
PUP.Optional.Yontoo, C:\Users\Khaled\AppData\Local\Temp\{10A57913-103A-4021-9D1D-2CD5E5CD32C0}.dll, , [008ea33f623823130097b95c40c12bd5],
PUP.Optional.Yontoo, C:\Users\Khaled\AppData\Local\Temp\{110C7FAA-71F6-4E45-8C6C-903968A4977A}.dll, , [ccc23da50397fa3c8fd880987f82649c],
PUP.Optional.Yontoo, C:\Users\Khaled\AppData\Local\Temp\{363D2763-1DDD-46B9-A5DC-94B46D6182E6}.dll, , [26680fd3d9c193a39ccbc652f70ad52b],
PUP.Optional.Yontoo, C:\Users\Khaled\AppData\Local\Temp\{36D90F09-14C5-45EF-BB6B-ACDDBB2BB141}.dll, , [1e7059892476af87d6c113027b86fd03],
PUP.Optional.Yontoo, C:\Users\Khaled\AppData\Local\Temp\{3A7C73B5-AF92-4095-8EA9-23A91B7D960D}.dll, , [622cc61c693181b5d9be8e870ef31ce4],
PUP.Optional.Yontoo, C:\Users\Khaled\AppData\Local\Temp\{E77DCA78-B0F3-4FD2-847A-3604E20CF953}.dll, , [16780cd6554552e4bfd823f2837e16ea],
PUP.Optional.Yontoo, C:\Users\Khaled\AppData\Local\Temp\{EC8D9212-6219-4B46-875B-D19890E2C27A}.dll, , [c8c63ca6237754e2bea96dabd03129d7],
PUP.Optional.Yontoo, C:\Users\Khaled\AppData\Local\Temp\{EE17B840-8484-4943-9BF4-F84376FA37AC}.dll, , [ace24a98603ad561f57237e1a859847c],
PUP.Optional.Yontoo, C:\Users\Khaled\AppData\Local\Temp\{EF5BA5F0-3783-489B-A57F-037ED4EA65FB}.dll, , [3955f7ebb5e5ca6c7e198d88c53cc040],
PUP.Optional.Yontoo, C:\Users\Khaled\AppData\Local\Temp\{64283CCB-D0B2-4476-BE91-18F1B46087FE}.dll, , [4f3f89590b8fe84e86e1f127946d05fb],
PUP.Optional.Yontoo, C:\Users\Khaled\AppData\Local\Temp\{65082102-881C-42D9-922C-2E94D2CD6209}.dll, , [830b0cd63268a09670f75abe17ead12f],
PUP.Optional.Yontoo, C:\Users\Khaled\AppData\Local\Temp\{F52F8814-07C4-4D99-94A8-B123AFEBC507}.dll, , [1678459d504ae6508c0b2bea16eb9a66],
PUP.Optional.Yontoo, C:\Users\Khaled\AppData\Local\Temp\{F8213F4B-84FD-47A1-BB39-9277804D3CF1}.dll, , [5a340cd6aeec989e8e090411659ca957],
PUP.Optional.Yontoo, C:\Users\Khaled\AppData\Local\Temp\{F8A1E117-8436-4EF7-A9FF-6F321017E63B}.dll, , [315d00e27822fd3968ff9c7cd0318977],
PUP.Optional.Yontoo, C:\Users\Khaled\AppData\Local\Temp\{F8F8FA1E-47F7-49C2-B635-A173D41A026A}.dll, , [602e1fc37d1d14226b2ce92ca25f02fe],
PUP.Optional.Yontoo, C:\Users\Khaled\AppData\Local\Temp\{F9428B19-8557-4310-8BEC-8E95816765B8}.dll, , [f599a73bbdddd85e283fae6a9a67aa56],
PUP.Optional.Yontoo, C:\Users\Khaled\AppData\Local\Temp\{2AAC0048-7C56-4978-83B8-E32AA0727E39}.dll, , [b5d9f3ef8f0bcc6aa6f10c092bd6ca36],
PUP.Optional.Yontoo, C:\Users\Khaled\AppData\Local\Temp\{2D4777B8-74D3-4C33-9176-91945533F003}.dll, , [f39b3ea4207a93a3e780cb4dec159b65],
Trojan.Agent, C:\Users\Khaled\AppData\Local\Temp\zxj1MWObYx.exe, , [e1ad33aff0aa4de939d3db3de91806fa],
PUP.Optional.Yontoo, C:\Users\Khaled\AppData\Local\Temp\{0123163F-DCB4-4E79-8A3D-47FEDCF0BFFD}.dll, , [49457f6316841b1b6205f820b44d44bc],
PUP.Optional.Yontoo, C:\Users\Khaled\AppData\Local\Temp\{1B66607D-3E9F-435A-B2C9-3311D8F4CB1F}.dll, , [424cf4ee5b3f092defa839dcd0319967],
PUP.Optional.Yontoo, C:\Users\Khaled\AppData\Local\Temp\{21999EE5-F612-42DB-8B96-A39BCF879B90}.dll, , [7c12be243a60280e2d3a7f99af52d32d],
PUP.Optional.Yontoo, C:\Users\Khaled\AppData\Local\Temp\{3DCD3BC4-5F17-4EAC-AB70-4AD403C6AD6C}.dll, , [642ae6fc1585bd79ff9869ac3bc66b95],
PUP.Optional.Yontoo, C:\Users\Khaled\AppData\Local\Temp\{41AC16BC-0B7C-412B-BA18-E9F7B5F5AD41}.dll, , [a6e8e9f94b4f0b2b194e090f4db4cb35],
PUP.Optional.Yontoo, C:\Users\Khaled\AppData\Local\Temp\{B19D34D0-CA69-4119-A0CA-30366DC2DE23}.dll, , [e8a608daf0aaa59189de9d7b7e83f30d],
PUP.Optional.Yontoo, C:\Users\Khaled\AppData\Local\Temp\{B59DD951-0FF7-4886-A33F-6764061AF535}.dll, , [cbc3f7eb8f0bb2840c8b51c4bf42f40c],
PUP.Optional.Yontoo, C:\Users\Khaled\AppData\Local\Temp\{B5EA0AEA-C6CB-4F2F-B8BD-B43553339A32}.dll, , [4945558d9dfd2f073433aa6eb849936d],
PUP.Optional.Yontoo, C:\Users\Khaled\AppData\Local\Temp\{D7BF6917-C196-4BE6-BC87-2CA737F00B61}.dll, , [98f6d60c712986b0d2c57c99b54c857b],
PUP.Optional.Yontoo, C:\Users\Khaled\AppData\Local\Temp\{D98419AC-0514-4EDE-8440-70F077FF4B49}.dll, , [8a0421c1990182b4ecabe530639ec739],
PUP.Optional.Yontoo, C:\Users\Khaled\AppData\Local\Temp\{DEFA22DE-1B91-4FB3-9C34-046753E5A468}.dll, , [6e207072a9f1c96de48353c51de4bd43],
PUP.Optional.Yontoo, C:\Users\Khaled\AppData\Local\Temp\{A6451B0B-583D-4B21-9300-AD199E6DF30B}.dll, , [444a5a88eab08bab54438e876a977f81],
PUP.Optional.Yontoo, C:\Users\Khaled\AppData\Local\Temp\{A98EBC91-A4F3-4875-826F-3DB33B8A0365}.dll, , [018d459d6f2bed4997004dc8cb366898],
PUP.Optional.Yontoo, C:\Users\Khaled\AppData\Local\Temp\{AAB18E45-1583-41EB-993F-84359B6943CC}.dll, , [93fbd80a55459d993433cf49b34e728e],
PUP.Optional.Yontoo, C:\Users\Khaled\AppData\Local\Temp\{AB1FAED7-FF13-48BB-84FD-8DB1AFC9DB4D}.dll, , [ef9f04de0f8b2b0b1354a7712dd40bf5],
PUP.Optional.Yontoo, C:\Users\Khaled\AppData\Local\Temp\{1771AD4E-AB37-495B-97BE-7A7AB1508035}.dll, , [c5c91bc7d4c6f3435e096bad40c107f9],
PUP.Optional.Yontoo, C:\Users\Khaled\AppData\Local\Temp\{18543CA4-D9FB-476E-9765-A8266789E380}.dll, , [4945746efe9cd5611d4a01171be63ec2],
PUP.Optional.Ghokswa, C:\Users\Khaled\AppData\Local\Temp\6596.tmp, , [c5c9746e415914223ce94309f2118779],
PUP.Optional.Yontoo, C:\Users\Khaled\AppData\Local\Temp\{51EC7083-DA28-4D35-BFC7-E23B6F16BDF6}.dll, , [a0ee30b2d6c44ee84720ba5ed1306898],
PUP.Optional.Yontoo, C:\Users\Khaled\AppData\Local\Temp\{53A10FAB-CF0D-46C5-BEE3-4957FD3C56F9}.dll, , [0b8305dd5d3d54e2c3d429eceb16b14f],
PUP.Optional.Yontoo, C:\Users\Khaled\AppData\Local\Temp\{548F8455-7B30-4445-BEC4-506FBE29CBDB}.dll, , [94faa63cdfbb8ea86334e72eae537987],
PUP.Optional.Yontoo, C:\Users\Khaled\AppData\Local\Temp\{CCEC45C1-2C2D-4AFB-B08E-AB1AE0ED3985}.dll, , [0a84e7fb86141c1a70f73fd915ec35cb],
PUP.Optional.Yontoo, C:\Users\Khaled\AppData\Local\Temp\{DEFA34AD-0170-41A6-AE39-65C39259AF96}.dll, , [345a3ea4fb9fb87e0c5b1107a160f10f],
PUP.Optional.Yontoo, C:\Users\Khaled\AppData\Local\Temp\{341EB061-5675-4ABE-9BCB-2E813A5BBC4B}.dll, , [cdc1885a4456c670405724f1b24f619f],
PUP.Optional.Yontoo, C:\Users\Khaled\AppData\Local\Temp\{35475A5E-EAC7-44EA-A7C6-C2F524D1C761}.dll, , [781623bfe4b6aa8c3136df39629f25db],
PUP.Optional.Yontoo, C:\Users\Khaled\AppData\Local\Temp\{8CBBD746-E6E4-4D13-B9FA-6D1F05A25DFC}.dll, , [602ea240ff9b979f296e809504fd0000],
PUP.Optional.Yontoo, C:\Users\Khaled\AppData\Local\Temp\{8ECC2FCD-FFA3-4FD1-8FB0-BCC2DB410204}.dll, , [6a24934febaf96a0df885dbb54adb44c],
PUP.Optional.Yontoo, C:\Users\Khaled\AppData\Local\Temp\{99125DA1-8947-4221-9804-1CE1560140F7}.dll, , [464841a19604da5c2c3b55c3a9585ba5],
PUP.Optional.Yontoo, C:\Users\Khaled\AppData\Local\Temp\{9BFE8DDA-EB71-4C33-A522-4AD03ABC31FB}.dll, , [d2bc5d85e2b8a4925c3b85908f726e92],
PUP.Optional.Yontoo, C:\Users\Khaled\AppData\Local\Temp\{7A6D57C5-8487-4F4A-9351-B64072BAC076}.dll, , [f29c657d8812bf77a3f421f4ea17f907],
PUP.Optional.Yontoo, C:\Users\Khaled\AppData\Local\Temp\{7C880DF8-CF07-4329-BA1E-3EDE259F3AED}.dll, , [c0cecc167327dd59541322f69d64e11f],
PUP.Optional.Yontoo, C:\Users\Khaled\AppData\Local\Temp\{7CC52977-3D4B-4A0A-B133-C57643842D6D}.dll, , [6c22d60c7d1d979f7fe8ea2e60a1ec14],
PUP.Optional.Yontoo, C:\Users\Khaled\AppData\Local\Temp\{093A7FB5-97B6-4054-83E9-6672069E9994}.dll, , [b4dad909bfdb71c50d8af520ec15ae52],
PUP.Optional.Yontoo, C:\Users\Khaled\AppData\Local\Temp\{0A5BAC77-8F20-4739-A98F-CE05A21F1F1D}.dll, , [97f7ab377c1e4beb3e29c0583fc209f7],
PUP.Optional.Yontoo, C:\Users\Khaled\AppData\Local\Temp\{83912426-D4A3-476B-868E-EEB6FFC1770A}.dll, , [fd91598913879d992a6d868fe9183fc1],
PUP.Optional.Yontoo, C:\Users\Khaled\AppData\Local\Temp\{5DCABEB1-AFF2-41B8-8330-8F8907CF18D0}.dll, , [1a74e002eab048ee74f30018ef12af51],
PUP.Optional.Yontoo, C:\Users\Khaled\AppData\Local\Temp\{1E51E305-E4A3-480A-AA02-4A91D84B263C}.dll, , [1a74479baded3ff7ec7be8307e83946c],
PUP.Optional.Yontoo, C:\Users\Khaled\AppData\Local\Temp\{1FFA87C1-A715-4332-980C-D4F62D7381AE}.dll, , [4d41746e3c5ee74f0790e530956cd52b],
PUP.Optional.Yontoo, C:\Users\Khaled\AppData\Local\Temp\{3F40EA7E-A44F-4CEA-88D3-48BF389F6B11}.dll, , [d9b55b870c8ea3933d2aaa6eee13669a],
PUP.Optional.RafoServer.ShrtCln, C:\Users\Khaled\AppData\Local\Temp\92A4.tmp, , [226c984aff9b7abc4c0a48e2aa57857b],
PUP.Optional.QualityChecker, C:\Users\Khaled\AppData\Local\Temp\nsg2D2B.tmp, , [8fff08da5a4066d0213d50b214ed40c0],
PUP.Optional.OpenCandy, C:\Users\Khaled\AppData\Local\Temp\nsj4136.exe, , [09858b57b7e32a0c8b4788a7e51ec53b],
PUP.Optional.Yontoo, C:\Users\Khaled\AppData\Local\Temp\{BE7CB8A4-C7DC-40CB-8520-9C2BDD137B8F}.dll, , [395508dac5d5c175f1a62ce9bb469070],
PUP.Optional.Yontoo, C:\Users\Khaled\AppData\Local\Temp\{BF403009-06EC-4601-81AD-CA26A3E68FF5}.dll, , [3559637f4852e84e4a4d16ff27da8779],
PUP.Optional.Yontoo, C:\Users\Khaled\AppData\Local\Temp\{BFBAFDFB-4D43-4D35-ACC5-24896CB1356D}.dll, , [98f670724753de58eea9c2536d946a96],
PUP.Optional.Yontoo, C:\Users\Khaled\AppData\Local\Temp\{C28570BC-44D2-4614-912C-31B590431587}.dll, , [d2bc50928e0c3afc86e171a7738e7789],
PUP.Optional.OpenCandy, C:\Users\Khaled\AppData\Local\Temp\HYDE8F3.tmp.1449500207\HTA\install.1449500207.zip, , [632ba0425b3f6cca0483b9572bd8ff01],
PUP.Optional.OpenCandy, C:\Users\Khaled\AppData\Local\Temp\HYDE8F3.tmp.1449500207\HTA\3rdparty\OCComSDK.dll, , [59355290b9e188aeceb9c947838026da],
PUP.Optional.OpenCandy, C:\Users\Khaled\AppData\Local\Temp\HYDE8F3.tmp.1449500207\HTA\3rdparty\OCSetupHlp.dll, , [c1cdc71b7c1ee3533f93949b2fd426da],
Adware.Elex, C:\Users\Khaled\AppData\Local\Temp\ist11F1.tmp\dzkcmjw.exe, , [f9955a88edadb284aff6e1e9e51ee31d],
PUP.Optional.Ghokswa, C:\Users\Khaled\AppData\Local\Temp\ist11F1.tmp\tools\chr.exe, , [028c459da7f3f73fc7526ae208fb08f8],
Adware.Elex, C:\Users\Khaled\AppData\Local\Temp\ist11F1.tmp\tools\Exnvd.exe, , [f09e10d2c5d5092d228319b1758efa06],
Adware.Elex, C:\Users\Khaled\AppData\Local\Temp\ist11F1.tmp\tools\qksee\msuser.dll, , [4a447e64e7b370c6089d8d3d21e2bc44],
Adware.Elex, C:\Users\Khaled\AppData\Local\Temp\ist11F1.tmp\tools\qksee\myuser.exe, , [f5999949dfbb60d665406e5c21e2bc44],
Adware.Elex, C:\Users\Khaled\AppData\Local\Temp\ist11F1.tmp\tools\qksee\qkdl.exe, , [5836fde5f2a8181e60459238d72c3fc1],
Adware.Elex, C:\Users\Khaled\AppData\Local\Temp\ist11F1.tmp\tools\qksee\qkdup.exe, , [ff8f13cf7d1dd165881dfbcfbc47926e],
Adware.Elex, C:\Users\Khaled\AppData\Local\Temp\ist11F1.tmp\tools\qksee\qksee.exe, , [a0ee667cf7a31e181095ca00de2514ec],
Adware.Elex, C:\Users\Khaled\AppData\Local\Temp\ist11F1.tmp\tools\qksee\qkseeSvc.exe, , [4b432ab846549a9c6c3967634bb8b848],
Adware.Elex, C:\Users\Khaled\AppData\Local\Temp\ist11F1.tmp\tools\qksee\uninstall.exe, , [414d8f53a8f25cdaa3025e6c4cb76898],
PUP.Optional.Elex, C:\Users\Khaled\AppData\Local\Temp\ist224E.tmp\wmmbox.exe, , [93fbd50d6832c96d42176b281de6d62a],
PUP.Optional.Ghokswa, C:\Users\Khaled\AppData\Local\Temp\ist224E.tmp\tools\chdd.exe, , [444a20c2b0eac6702ff682ca48bbf50b],
PUP.Optional.Elex, C:\Users\Khaled\AppData\Local\Temp\ist224E.tmp\tools\dlyac.exe, , [0787f5ed455514221c3d6132fe050ff1],
Trojan.Downloader, C:\Users\Khaled\AppData\Local\Temp\ist224E.tmp\tools\saber.exe, , [048a8e545e3c3501f7aa790c2ad9e41c],
Adware.Elex, C:\Users\Khaled\AppData\Local\Temp\ist343D.tmp\qksee\msuser.dll, , [543ab42e62383006c0e569612fd46898],
Adware.Elex, C:\Users\Khaled\AppData\Local\Temp\ist343D.tmp\qksee\myuser.exe, , [d8b618ca277384b28520e1e9a162b64a],
Adware.Elex, C:\Users\Khaled\AppData\Local\Temp\ist343D.tmp\qksee\qkdl.exe, , [ace211d1c0da6fc74560bb0f9e65db25],
Adware.Elex, C:\Users\Khaled\AppData\Local\Temp\ist343D.tmp\qksee\qkdup.exe, , [d2bca53d9a0061d52481f8d221e29f61],
Adware.Elex, C:\Users\Khaled\AppData\Local\Temp\ist343D.tmp\qksee\qksee.exe, , [1678588a1a8056e04c594d7d778c3ac6],
Adware.Elex, C:\Users\Khaled\AppData\Local\Temp\ist343D.tmp\qksee\qkseeSvc.exe, , [038b489a0199280e03a2963435ce847c],
Adware.Elex, C:\Users\Khaled\AppData\Local\Temp\ist343D.tmp\qksee\uninstall.exe, , [b2dc766cb6e4f83e5e4764669f643fc1],
PUP.Optional.Elex, C:\Users\Khaled\AppData\Local\Temp\ist3973.tmp\eUpgrade\eupgrade.exe, , [1e7030b24e4cfa3ca6db2692e91a718f],
PUP.Optional.Elex, C:\Users\Khaled\AppData\Local\Temp\ist3973.tmp\OmigaZip_patch\winziper.exe, , [395524be06943303b1fcdf8440c3857b],
PUP.Optional.Elex, C:\Users\Khaled\AppData\Local\Temp\ist3973.tmp\OmigaZip_patch\winzipersvc.exe, , [2866e8fabcdec07609a42a3939cac63a],
PUP.Optional.Elex, C:\Users\Khaled\AppData\Local\Temp\ist3973.tmp\OmigaZip_patch\wzdl.exe, , [216d33af6436d66029582d8b25ded12f],
PUP.Optional.Elex, C:\Users\Khaled\AppData\Local\Temp\ist3973.tmp\OmigaZip_patch\wzShellctx.dll, , [97f7ae3454466dc9f9b4bea5867dc040],
PUP.Optional.Elex, C:\Users\Khaled\AppData\Local\Temp\ist3973.tmp\OmigaZip_patch\wzShellctx64.dll, , [79157d655941f3432a83273c0ff4e11f],
PUP.Optional.Elex, C:\Users\Khaled\AppData\Local\Temp\ist3973.tmp\OmigaZip_patch\wzUninstall.exe, , [d0bed909cdcd290dc6bb45737f84fa06],
PUP.Optional.Elex, C:\Users\Khaled\AppData\Local\Temp\ist3973.tmp\OmigaZip_patch\wzUpg.exe, , [c6c8b032d2c888aecce1bda641c27f81],
PUP.Optional.Elex, C:\Users\Khaled\AppData\Local\Temp\ist42A.tmp\eInstall\eInstall.exe, , [b9d5e5fd504a3df9675d0cb61ee5fc04],
PUP.Optional.Elex, C:\Users\Khaled\AppData\Local\Temp\ist8D06.tmp\boxgxfd.exe, , [76189c466e2c1125d2afe2d6d52e7d83],
PUP.Optional.Ghokswa, C:\Users\Khaled\AppData\Local\Temp\ist8D06.tmp\tools\chdada.exe, , [7f0f05dd5446c2743fdad27a28db55ab],
PUP.Optional.Elex, C:\Users\Khaled\AppData\Local\Temp\ist8D06.tmp\tools\ffhyhy.exe, , [b8d62ab8c1d9f640157d23a63ac9a759],
PUP.Optional.Elex, C:\Users\Khaled\AppData\Local\Temp\ist8D06.tmp\tools\sagrgr.exe, , [fc929151b0ea5ed87611a2ffb44fad53],
PUP.Optional.Elex, C:\Users\Khaled\AppData\Local\Temp\ist8D06.tmp\tools\yacdede.exe, , [d6b84e94c8d2f145d6abfabe11f27c84],
PUP.Optional.Elex, C:\Users\Khaled\AppData\Local\Temp\ist9C20.tmp\dzkcmjw.exe, , [810d7a68683251e5c7e251f9e120c43c],
PUP.Optional.Elex, C:\Users\Khaled\AppData\Local\Temp\ist9C20.tmp\tools\Exnvd.exe, , [345a19c9cad08bab6049fe4c43be0cf4],
Adware.Elex, C:\Users\Khaled\AppData\Local\Temp\ist9C20.tmp\tools\qksee\msuser.dll, , [206ee9f985151c1aeabb1cae877c10f0],
PUP.Optional.Elex, C:\Users\Khaled\AppData\Local\Temp\ist9C20.tmp\tools\qksee\myuser.exe, , [dbb3c31fe3b7cc6a0f9afe4c8f720ff1],
Adware.Elex, C:\Users\Khaled\AppData\Local\Temp\ist9C20.tmp\tools\qksee\qkdl.exe, , [543a30b21189f244792c26a440c3dd23],
Adware.Elex, C:\Users\Khaled\AppData\Local\Temp\ist9C20.tmp\tools\qksee\qkdup.exe, , [eba36f73f0aa96a0d4d19d2d45befe02],
Adware.Elex, C:\Users\Khaled\AppData\Local\Temp\ist9C20.tmp\tools\qksee\qksee.exe, , [840a35ad6b2fbc7a2b7a09c129da5aa6],
Adware.Elex, C:\Users\Khaled\AppData\Local\Temp\ist9C20.tmp\tools\qksee\qkseeSvc.exe, , [0688fbe7b0ea3600f3b224a629dabf41],
Adware.Elex, C:\Users\Khaled\AppData\Local\Temp\ist9C20.tmp\tools\qksee\uninstall.exe, , [9cf23ba7356560d6b2f33991867d7090],
PUP.Optional.Elex, C:\Users\Khaled\AppData\Local\Temp\istB30B.tmp\dzkcmjw.exe, , [d2bcb62c35652c0a1445cdc6d42f827e],
PUP.Optional.Ghokswa, C:\Users\Khaled\AppData\Local\Temp\istB30B.tmp\tools\chr.exe, , [96f8a33f6a30aa8c3ce90d3ff80b7b85],
PUP.Optional.Elex, C:\Users\Khaled\AppData\Local\Temp\istB30B.tmp\tools\Exnvd.exe, , [99f5f2f07921a195aaaf4c4742c1916f],
PUP.Optional.Elex, C:\Users\Khaled\AppData\Local\Temp\istD98C.tmp\box.exe, , [107e42a05941d66087d20c87db28de22],
Trojan.AdLoad.CN, C:\Users\Khaled\AppData\Local\Temp\istD98C.tmp\tools\ch.exe, , [fe90a939a8f288ae13722b36956eee12],
PUP.Optional.Elex, C:\Users\Khaled\AppData\Local\Temp\istD98C.tmp\tools\saber.exe, , [048ad60ceeacb680c2c5148d11f2c937],
PUP.Optional.Elex, C:\Users\Khaled\AppData\Local\Temp\istD98C.tmp\tools\yacjg.exe, , [8b0326bcf8a20d294b0eb2e18c77b54b],
PUP.Optional.Elex, C:\Users\Khaled\AppData\Local\Temp\istE66D.tmp\dzkcmjw.exe, , [f09eeff3fd9d3204d7828e05798a7090],
PUP.Optional.Ghokswa, C:\Users\Khaled\AppData\Local\Temp\istE66D.tmp\tools\chr.exe, , [305e72700595320472a466e6e71c49b7],
PUP.Optional.Elex, C:\Users\Khaled\AppData\Local\Temp\istE66D.tmp\tools\Exnvd.exe, , [a9e5677b6733b680b6a3b8dbca3958a8],
PUP.Optional.OpenCandy, C:\Users\Khaled\AppData\Local\Temp\HYD5E54.tmp.1455709906\HTA\3rdparty\OCComSDK.dll, , [d4bab72b3c5ed462c4c3e62a22e17d83],
PUP.Optional.OpenCandy, C:\Users\Khaled\AppData\Local\Temp\HYD9BF1.tmp.1448800703\HTA\install.1448800703.zip, , [b2dca63c9ffb47ef0483dd33ae5527d9],
PUP.Optional.OpenCandy, C:\Users\Khaled\AppData\Local\Temp\HYD9BF1.tmp.1448800703\HTA\3rdparty\OCComSDK.dll, , [afdf3aa8c2d887afc5c2cf41887be020],
CrackTool.Agent, C:\Users\Khaled\AppData\Local\Temp\WzE13C8.tmp\Anti-Porn 17.6.3.6 + Patch\Anti-Porn.v17.5.2.15-patch.exe, , [f7972cb6e7b3a88e730cb62611ef4fb1],
PUP.Optional.Elex, C:\Windows\Temp\istE6AD.tmp\saberbox.exe, , [f995e002a1f9f5417e09772ad23110f0],
PUP.Optional.Elex, C:\Windows\Temp\istE6AD.tmp\tools\everything.exe, , [8fff459d3a60cb6ba2aac70d897a718f],
Trojan.Obfuscator, C:\Windows\Temp\istE6AD.tmp\tools\ihpul.exe, , [206e00e2b5e5c17575da983f56adb34d],
Trojan.ChinAd, C:\Windows\Temp\istE6AD.tmp\tools\qks.exe, , [99f5845e405ab680e2d19b10e023659b],
PUP.Optional.Elex, C:\Windows\Temp\istE6AD.tmp\tools\saber.exe, , [a2ec12d019811620186faaf7758e8d73],
PUP.Optional.Elex, C:\Windows\Temp\istE6AD.tmp\tools\winzipper.exe, , [56381dc5d4c621157e03ad0b5aa909f7],
PUP.Optional.OpenCandy, C:\Users\Khaled\Downloads\CheatEngine66.exe, , [632b578b3367da5c1658d334e9180af6],
Trojan.Dropper, C:\Users\Khaled\Downloads\Google Earth Pro 4.2 [fully activated]_CaSh.rar, , [dbb3568c2d6d5bdb44f2d67224dc49b7],
PUP.Optional.InstallCore, C:\Users\Khaled\Downloads\Google_Maps_Downloader_7_625_Full_Serial.zip, , [b9d5ecf65f3b55e146a872bf54ad7b85],
CrackTool.Agent, C:\Windows\Anti-Porn.v17.5.2.15-patch.exe, , [008ed50d79210d29d2ad924a619f11ef],
Trojan.Agent, C:\Extracted\server.exe, , [afdf3da5d9c1d95de505043b5da5a65a],
PUP.Optional.KingTopDeals, C:\Users\Khaled\AppData\Roaming\Opera Software\Opera Stable\Local Storage\http_pstatic.kingtopdeals.com_0.localstorage, , [1b7314cef6a442f4a0080b9d05fde11f],
PUP.Optional.KingTopDeals, C:\Users\Khaled\AppData\Roaming\Opera Software\Opera Stable\Local Storage\http_pstatic.kingtopdeals.com_0.localstorage-journal, , [018d7f639505fe38c2e6decab34fd32d],
PUP.Optional.Yontoo, C:\Users\Khaled\AppData\Roaming\Opera Software\Opera Stable\Local Storage\https_constantfun-a.akamaihd.net_0.localstorage, , [0a84ad357e1ccc6a1dd407be1ce642be],
PUP.Optional.Yontoo, C:\Users\Khaled\AppData\Roaming\Opera Software\Opera Stable\Local Storage\https_constantfun-a.akamaihd.net_0.localstorage-journal, , [c7c7e9f9009ad75fd021b90c758dd927],
PUP.Optional.PriceMoon, C:\Users\Khaled\AppData\Roaming\Opera Software\Opera Stable\Local Storage\http_pstatic.pricemoon.co_0.localstorage, , [e6a85f837e1c270f58c3fad0a95902fe],
PUP.Optional.PriceMoon, C:\Users\Khaled\AppData\Roaming\Opera Software\Opera Stable\Local Storage\http_pstatic.pricemoon.co_0.localstorage-journal, , [b1dd03df8f0b56e0869525a5857db54b],
PUP.Optional.Elex.SHHKRST, C:\Users\Khaled\AppData\Roaming\Microsoft\Windows\Cookies\x64explassist.dll, , [6c22934faaf025117c16f261f40fcd33],
PUP.Optional.SearchInMe, C:\Users\Khaled\AppData\Roaming\Firefox\Firefox\Profiles\e1hkr58y.default\searchplugins\searchinme.xml, , [583606dc0b8f70c66ac3bbfab54e57a9],
PUP.Optional.Elex, C:\Users\Khaled\AppData\Roaming\Firefox\Firefox\Profiles\e1hkr58y.default\extensions\@DA3566E2-F709-11E5-8E87-A604BC8E7F8B.xpi, , [e3ab6b77b3e71f170e22674e13f011ef],
PUP.Optional.Elex, C:\Users\Khaled\AppData\Roaming\Firefox\Firefox\Profiles\e1hkr58y.default\extensions\@H99KV4DO-UCCF-9PFO-9ZLK-8RRP4FVOKD9O.xpi, , [a5e9ecf65941d85eab852c8941c218e8],
PUP.Optional.NueSearch, C:\Users\Khaled\AppData\Roaming\Firefox\Firefox\Profiles\e1hkr58y.default\searchplugins\nuesearch.xml, , [553918cab4e63df931040da8b2516e92],
PUP.Optional.SearchInMe, C:\Users\Khaled\AppData\Roaming\Firefox\Firefox\Profiles\e1hkr58y.default\prefs.js, Bon : (), Mauvais : (user_pref("browser.startup.homepage", "http://www.searchinme.com/?type=hp&ts=1470172925409&z=642029710f1d352b4b1ccc1g7z8m7e3c4oeb1g1o1c&from=official&uid=HitachiXHTS547575A9E384_J2540054D4A5PED4A5PEX");), ,[8fff776b6a30360002ca24b01ee5f808]
PUP.Optional.Linkury.ACMB1, C:\Users\Khaled\AppData\Roaming\InstallationConfiguration.xml, , [a1edf2f07a20a690fd88ee4ff50eac54],
PUP.Optional.Yontoo, C:\Users\Khaled\AppData\Roaming\Opera Software\Opera Stable\Extensions\ldlfecfabopagelkniifbahoehihmlid\1.0.5844.30113_0\manifest.json, , [3c5236acd7c3e74f6d7675c79a69cb35],
PUP.Optional.Yontoo, C:\Users\Khaled\AppData\Roaming\Opera Software\Opera Stable\Extensions\ldlfecfabopagelkniifbahoehihmlid\1.0.5844.30113_0\background.js, , [3c5236acd7c3e74f6d7675c79a69cb35],
PUP.Optional.Yontoo, C:\Users\Khaled\AppData\Roaming\Opera Software\Opera Stable\Extensions\ldlfecfabopagelkniifbahoehihmlid\1.0.5844.30113_0\content.js, , [3c5236acd7c3e74f6d7675c79a69cb35],
PUP.Optional.Yontoo, C:\Users\Khaled\AppData\Roaming\Opera Software\Opera Stable\Extensions\ldlfecfabopagelkniifbahoehihmlid\1.0.5844.30113_0\icon.png, , [3c5236acd7c3e74f6d7675c79a69cb35],
PUP.Optional.Yontoo, C:\Users\Khaled\AppData\Roaming\Opera Software\Opera Stable\Preferences, Bon : (http://Google.com/), Mauvais : (http://searchinterneat-a.akamaihd.net/), ,[bdd1c220cad0999d40bf9aa5a45f3ac6]
Secteurs physiques: 0
(Aucun élément malveillant détecté)
(end)