HitmanPro-20161213-1850.log

Document joint : FLns1hKzeXF_HitmanPro-20161213-1850.log

Cliquez pour partager vos propres fichiers

Format du document : application/octet-stream

Prévisualisation

[code]
HitmanPro 3.7.15.281
www.hitmanpro.com

Computer name . . . . : SS-PC
Windows . . . . . . . : 6.1.1.7601.X64/2
User name . . . . . . : SS-PC\SS
UAC . . . . . . . . . : Enabled
License . . . . . . . : Free

Scan date . . . . . . : 2016-12-13 18:36:16
Scan mode . . . . . . : Normal
Scan duration . . . . : 13m 40s
Disk access mode . . : Direct disk access (SRB)
Cloud . . . . . . . . : Internet
Reboot . . . . . . . : No

Threats . . . . . . . : 20
Traces . . . . . . . : 140

Objects scanned . . . : 1,204,618
Files scanned . . . . : 48,685
Remnants scanned . . : 249,784 files / 906,149 keys

Miniport ____________________________________________________________________

Primary
DriverObject . . . : FFFFFA80044062F0
DriverName . . . . : \Driver\atapi
DriverPath . . . . : \SystemRoot\system32\drivers\atapi.sys
StartIo . . . . . : 0000000000000000 +0
IRP_MJ_SCSI . . . : FFFFFA80039A32C0 +0
Solution
DriverObject . . . : FFFFFA80044062F0
DriverName . . . . : \Driver\atapi
DriverPath . . . . : \SystemRoot\system32\drivers\atapi.sys
StartIo . . . . . : 0000000000000000 +0
IRP_MJ_SCSI . . . : FFFFF88000D814D8 \SystemRoot\system32\drivers\ataport.SYS+29912

Malware _____________________________________________________________________

C:\local64spl.dll
Size . . . . . . . : 143,360 bytes
Age . . . . . . . : 54.1 days (2016-10-20 15:29:34)
Entropy . . . . . : 6.0
SHA-256 . . . . . : D2F0D5B7F0573547A01BCD0D7377F5070E2D94DD783F351CB2E94D454A4FEC51
> Bitdefender . . . : Adware.GenericKD.3661624
> Kaspersky . . . . : Backdoor.Win64.Agent.le
Fuzzy . . . . . . : 112.0

C:\ProgramData\ChelfNotify\chrome_elf.dll
Size . . . . . . . : 189,440 bytes
Age . . . . . . . : 54.7 days (2016-10-20 01:10:42)
Entropy . . . . . : 6.5
SHA-256 . . . . . : E4D4F6FBFBBBF3904CA45D296DC565138A17484C54AEBBB00BA9D57F80DFE7E5
Product . . . . . : Trend Service
Publisher . . . . : Trend Corp.
Description . . . : Service
Version . . . . . : 6.6.0.24
LanguageID . . . . : 2052
> Bitdefender . . . : Adware.GenericKD.3793931
> HitmanPro . . . . : App/Generic-CF
Fuzzy . . . . . . : 100.0

C:\ProgramData\ChelfNotify\OLD_FILE2
Size . . . . . . . : 189,440 bytes
Age . . . . . . . : 54.7 days (2016-10-20 01:10:42)
Entropy . . . . . : 6.5
SHA-256 . . . . . : E4D4F6FBFBBBF3904CA45D296DC565138A17484C54AEBBB00BA9D57F80DFE7E5
Product . . . . . : Trend Service
Publisher . . . . : Trend Corp.
Description . . . : Service
Version . . . . . : 6.6.0.24
LanguageID . . . . : 2052
> Bitdefender . . . : Adware.GenericKD.3793931
> HitmanPro . . . . : App/Generic-CF
Fuzzy . . . . . . : 104.0

C:\ProgramData\WinSAPSvc\WinSAP.dll
Size . . . . . . . : 218,624 bytes
Age . . . . . . . : 49.4 days (2016-10-25 10:02:48)
Entropy . . . . . : 6.4
SHA-256 . . . . . : AE2E1639881DBCDC28E89A730E5D797A1737F0E22753CA2FE47078E917D3999A
Service . . . . . : WinSAPSvc
> Bitdefender . . . : Trojan.GenericKD.3632147
> Kaspersky . . . . : not-a-virus:AdWare.Win32.ELEX.abn
Fuzzy . . . . . . : 113.0
Startup
HKLM\SYSTEM\CurrentControlSet\Services\WinSAPSvc\

C:\ProgramData\WinSAPSvc\winsap_update\ClearLog.dll
Size . . . . . . . : 185,344 bytes
Age . . . . . . . : 19.3 days (2016-11-24 11:22:08)
Entropy . . . . . : 5.6
SHA-256 . . . . . : 698F5DC62E0F63FBE6952799832297315957B7E8B8BA38173FA83CE69985582B
> Bitdefender . . . : Application.Generic.1686420
Fuzzy . . . . . . : 107.0

C:\ProgramData\WinSAPSvc\winsap_update\WinSAP.dll
Size . . . . . . . : 189,440 bytes
Age . . . . . . . : 18.8 days (2016-11-24 23:42:47)
Entropy . . . . . : 6.5
SHA-256 . . . . . : BD735C09DA8219F3537E174A0740A1A763F381DD7350968D663870422779C1D2
> Bitdefender . . . : Gen:Variant.Zusy.212653
> Kaspersky . . . . : not-a-virus:AdWare.Win32.ELEX.adn
> HitmanPro . . . . : App/Generic-PA
Fuzzy . . . . . . : 107.0
Forensic Cluster
-0.0s C:\ProgramData\WinSAPSvc\winsap_update\39.json
-0.0s C:\ProgramData\WinSAPSvc\winsap_update\amule.msi
-0.0s C:\ProgramData\WinSAPSvc\winsap_update\DataBase
-0.0s C:\ProgramData\WinSAPSvc\winsap_update\QQBrowser.exe
-0.0s C:\ProgramData\WinSAPSvc\winsap_update\QQBrowserFrame.dll
-0.0s C:\ProgramData\WinSAPSvc\winsap_update\uvcSetup.msi
0.0s C:\ProgramData\WinSAPSvc\winsap_update\WinSAP.dll
3.0s C:\Users\YassIne2\AppData\Local\Temp\MSI7557d.LOG
10.2s C:\Users\YassIne2\AppData\Local\Temp\MSI77185.LOG
10.5s C:\Users\YassIne2\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A5YAHDGF\z[1].php

C:\Users\SS\AppData\Local\Temp\0C4C1F39-8652-49B5-8A0C-06E2941EFA7A\Warhammer_Dawn_Of_War.exe
Size . . . . . . . : 841,216 bytes
Age . . . . . . . : 53.7 days (2016-10-21 01:00:37)
Entropy . . . . . : 5.6
SHA-256 . . . . . : 35EE47E5FA1CF013FF6F8B8736B5B65CF749D5A218E97AC7FF49B734CE05876D
> Bitdefender . . . : Adware.IStartSurf.LOK
> Kaspersky . . . . : Trojan.Win32.Yakes.rhfp
Fuzzy . . . . . . : 106.0

C:\Users\SS\AppData\Local\Temp\12E49A98-93F1-42BD-A555-979765B889F0\setup.exe
Size . . . . . . . : 841,216 bytes
Age . . . . . . . : 53.7 days (2016-10-21 01:01:39)
Entropy . . . . . : 5.6
SHA-256 . . . . . : CE2B6A4E3CFA843CB72CA998EE7444268FA9B742C99CEE00B22F18CFBAE01073
> Bitdefender . . . : Adware.IStartSurf.LOK
> Kaspersky . . . . : Trojan.Win32.Yakes.rhfp
Fuzzy . . . . . . : 106.0

C:\Users\SS\AppData\Local\Temp\46C7D6BF-776F-4DE7-BAD2-94DED30DC217\setup.exe
Size . . . . . . . : 841,216 bytes
Age . . . . . . . : 53.7 days (2016-10-21 01:02:44)
Entropy . . . . . : 5.6
SHA-256 . . . . . : 738C2B4680ACC4C64A345DACE9FC8043D3C3C00544798FB0ECE3A4BC4AACCA5E
> Bitdefender . . . : Adware.IStartSurf.LOK
> Kaspersky . . . . : Trojan.Win32.Yakes.rhfp
Fuzzy . . . . . . : 106.0

C:\Users\SS\AppData\Local\Temp\RarSFX0\LogicHandler.exe
Size . . . . . . . : 3,786,752 bytes
Age . . . . . . . : 53.7 days (2016-10-21 00:59:26)
Entropy . . . . . : 6.6
SHA-256 . . . . . : 5A98D55AA2B67853468629054B2B05E12D4661958B0419C04F2561FAB5B1396D
Product . . . . . : ExtManager
LanguageID . . . . : 0
> Bitdefender . . . : Trojan.Generic.19835010
> Kaspersky . . . . : not-a-virus:WebToolbar.MSIL.Agent.bkqa
> HitmanPro . . . . : App/Linkular-Q
Fuzzy . . . . . . : 106.0

C:\Users\SS\AppData\Roaming\Quotekix.exe
Size . . . . . . . : 710,656 bytes
Age . . . . . . . : 53.7 days (2016-10-21 00:59:04)
Entropy . . . . . : 7.9
SHA-256 . . . . . : 50BA4CB8867D03EAA6877919F84258471FFC57834C293FE299D2C535392A77D3
> Bitdefender . . . : Gen:Variant.Injector.66
> HitmanPro . . . . : Mal/Generic-S
Fuzzy . . . . . . : 114.0

C:\Users\SS\Downloads\driverupdater.exe
Size . . . . . . . : 3,072,000 bytes
Age . . . . . . . : 201.2 days (2016-05-26 14:22:27)
Entropy . . . . . : 8.0
SHA-256 . . . . . : 9001F70CC0F8AF62D317818137C388847C859240E0EE7848F1025750A226FDAB
Product . . . . . :
Publisher . . . . :
Description . . . :
Version
RSA Key Size . . . : 2048
LanguageID . . . . : 0
Authenticode . . . : Valid
> Bitdefender . . . : Trojan.GenericKD.3442611
Fuzzy . . . . . . : 104.0

C:\Users\YassIne2\AppData\Local\Temp\ICReinstall_picasa.exe
Size . . . . . . . : 1,718,568 bytes
Age . . . . . . . : 14.8 days (2016-11-29 00:05:49)
Entropy . . . . . : 8.0
SHA-256 . . . . . : E639CE01B21CD247C50EB31F1C3A27C316866F0B0C214BB765DB9E4F9FBC0242
Product . . . . . : Poti
Publisher . . . . : Baga
Description . . . : Poti Setup
Version . . . . . : 5.1.2.6
RSA Key Size . . . : 2048
LanguageID . . . . : 0
Authenticode . . . : Valid
> Kaspersky . . . . : not-a-virus:AdWare.Win32.DealPly.uojd
Fuzzy . . . . . . : 102.0
Forensic Cluster
-5.6s C:\Users\YassIne2\AppData\Roaming\Microsoft\Windows\Cookies\yassine2@downloadastro[1].txt
-5.6s C:\Users\YassIne2\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Q5BUE0YO\picasa[1].png
-3.5s C:\Users\YassIne2\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HW8FP8YO\IE_logo_new[1].png
-3.5s C:\Users\YassIne2\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HW8FP8YO\FF_logo_new[1].png
-3.3s C:\Users\YassIne2\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A5YAHDGF\CH_logo_new[1].png
-3.3s C:\Users\YassIne2\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A5YAHDGF\en-1fs[1].jpg
-3.1s C:\Users\YassIne2\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PNUQQFU0\en-1[1].jpg
-3.1s C:\Users\YassIne2\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PNUQQFU0\en-2[1].jpg
-2.9s C:\Users\YassIne2\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Q5BUE0YO\en-3[1].jpg
-2.8s C:\Users\YassIne2\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Q5BUE0YO\Lolosobeken[1].jpg
-2.6s C:\Users\YassIne2\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HW8FP8YO\Lolosobeken_fs[1].png
-2.6s C:\Users\YassIne2\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HW8FP8YO\Lolosobeken_logo[1].png
-2.4s C:\Users\YassIne2\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A5YAHDGF\lolosobeken_mod[1].png
-2.4s C:\Users\YassIne2\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A5YAHDGF\lolosobeken_mod_logo[1].png
0.0s C:\Users\YassIne2\AppData\Local\Temp\ICReinstall_picasa.exe
0.1s C:\Users\YassIne2\Desktop\Continue Picasa Installation.lnk

C:\Users\YassIne2\AppData\Roaming\opera_helper\Opera_helper.exe
Size . . . . . . . : 188,928 bytes
Age . . . . . . . : 53.3 days (2016-10-21 10:57:09)
Entropy . . . . . : 6.6
SHA-256 . . . . . : 6AC6C9BE6F9C50413C508A8A62B4B0ADFB32EA7B59A3159113BC70105B639178
> Bitdefender . . . : Trojan.GenericKD.3537847
> Kaspersky . . . . : not-a-virus:AdWare.Win32.DealPly.nfdc
Fuzzy . . . . . . : 106.0

C:\Users\YassIne2\Downloads\cssplayers\Counter Strike Source\steamclient.dll
Size . . . . . . . : 5,990,400 bytes
Age . . . . . . . : 198.2 days (2016-05-29 14:31:41)
Entropy . . . . . : 8.0
SHA-256 . . . . . : 4DD33293AD4CA6EA6FD7FE4D3513E85FBF0F9291A912D44F1F0D9E7178F83390
Product . . . . . : Steamclient.dll
LanguageID . . . . : 1049
> Bitdefender . . . : Application.Generic.1661177
Fuzzy . . . . . . : 109.0

C:\Users\YassIne2\Downloads\picasa.exe
Size . . . . . . . : 1,718,568 bytes
Age . . . . . . . : 14.8 days (2016-11-29 00:05:21)
Entropy . . . . . : 8.0
SHA-256 . . . . . : E639CE01B21CD247C50EB31F1C3A27C316866F0B0C214BB765DB9E4F9FBC0242
Product . . . . . : Poti
Publisher . . . . : Baga
Description . . . : Poti Setup
Version . . . . . : 5.1.2.6
RSA Key Size . . . : 2048
LanguageID . . . . : 0
Authenticode . . . : Valid
> Kaspersky . . . . : not-a-virus:AdWare.Win32.DealPly.uojd
Fuzzy . . . . . . : 102.0

C:\Windows\Temp\nsiB5E6.tmp\update.dll-201612121644.dll.exe
Size . . . . . . . : 5,372,140 bytes
Age . . . . . . . : 1.2 days (2016-12-12 12:43:14)
Entropy . . . . . : 8.0
SHA-256 . . . . . : 2906B6DF88D228CFF6CC4965532B8DDAF4724309C92C355D14A7D91E06B20822
> Bitdefender . . . : Gen:Variant.Application.Elex.75
> Kaspersky . . . . : not-a-virus:AdWare.Win32.Elex.agr
Fuzzy . . . . . . : 111.0
Forensic Cluster
-45.0s C:\Users\YassIne2\Desktop\126_PANA\
-45.0s C:\Users\YassIne2\Desktop\126_PANA\P1260698.JPG
-44.7s C:\Users\YassIne2\Desktop\126_PANA\P1260701.JPG
-44.5s C:\Users\YassIne2\Desktop\126_PANA\P1260702.JPG
-44.3s C:\Users\YassIne2\Desktop\126_PANA\P1260703.JPG
-44.0s C:\Users\YassIne2\Desktop\126_PANA\P1260704.JPG
-43.8s C:\Users\YassIne2\Desktop\126_PANA\P1260705.JPG
-43.7s C:\Windows\Prefetch\ReadyBoot\Trace3.fx
-43.4s C:\Users\YassIne2\Desktop\126_PANA\P1260706.JPG
-43.0s C:\Users\YassIne2\Desktop\126_PANA\P1260707.JPG
-42.8s C:\Users\YassIne2\Desktop\126_PANA\P1260709.JPG
-42.4s C:\Users\YassIne2\Desktop\126_PANA\P1260710.JPG
-42.1s C:\Users\YassIne2\Desktop\126_PANA\P1260711.JPG
-41.8s C:\Users\YassIne2\Desktop\126_PANA\P1260712.JPG
-41.5s C:\Users\YassIne2\Desktop\126_PANA\P1260713.JPG
-41.2s C:\Users\YassIne2\Desktop\126_PANA\P1260714.JPG
-41.0s C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A59LQTRG\ssl[1].php
-41.0s C:\Windows\Temp\nsiB5E6.tmp\
-41.0s C:\Windows\Temp\nsiB5E7.tmp\
-40.9s C:\Users\YassIne2\Desktop\126_PANA\P1260715.JPG
-40.5s C:\Users\YassIne2\Desktop\126_PANA\P1260716.JPG
-40.1s C:\Users\YassIne2\Desktop\126_PANA\P1260717.JPG
-39.7s C:\Users\YassIne2\Desktop\126_PANA\P1260718.JPG
-39.3s C:\Users\YassIne2\Desktop\126_PANA\P1260719.JPG
-38.8s C:\Users\YassIne2\Desktop\126_PANA\P1260720.JPG
-37.5s C:\Users\YassIne2\Desktop\126_PANA\P1260721.JPG
-37.1s C:\Users\YassIne2\Desktop\126_PANA\P1260722.JPG
-36.8s C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FRQUQGEO\update.dll-201612121644[1].encode
-34.7s C:\Users\YassIne2\Desktop\126_PANA\P1260723.JPG
-34.3s C:\Users\YassIne2\Desktop\126_PANA\P1260727.JPG
-33.8s C:\Users\YassIne2\Desktop\126_PANA\P1260728.JPG
-33.3s C:\Users\YassIne2\Desktop\126_PANA\P1260729.JPG
-32.9s C:\Users\YassIne2\Desktop\126_PANA\P1260730.JPG
-32.5s C:\Users\YassIne2\Desktop\126_PANA\P1260731.JPG
-32.1s C:\Users\YassIne2\Desktop\126_PANA\P1260732.JPG
-31.8s C:\Users\YassIne2\Desktop\126_PANA\P1260733.JPG
-31.4s C:\Users\YassIne2\Desktop\126_PANA\P1260734.JPG
-31.1s C:\Users\YassIne2\Desktop\126_PANA\P1260735.JPG
-30.7s C:\Users\YassIne2\Desktop\126_PANA\P1260736.JPG
-30.4s C:\Users\YassIne2\Desktop\126_PANA\P1260737.JPG
-30.1s C:\Users\YassIne2\Desktop\126_PANA\P1260738.JPG
-29.8s C:\Users\YassIne2\Desktop\126_PANA\P1260739.JPG
-29.4s C:\Users\YassIne2\Desktop\126_PANA\P1260740.JPG
-29.1s C:\Users\YassIne2\Desktop\126_PANA\P1260741.JPG
-28.8s C:\Users\YassIne2\Desktop\126_PANA\P1260742.JPG
-28.5s C:\Users\YassIne2\Desktop\126_PANA\P1260743.JPG
-28.2s C:\Users\YassIne2\Desktop\126_PANA\P1260744.JPG
-27.9s C:\Users\YassIne2\Desktop\126_PANA\P1260745.JPG
-27.5s C:\Users\YassIne2\Desktop\126_PANA\P1260746.JPG
-27.1s C:\Users\YassIne2\Desktop\126_PANA\P1260747.JPG
-26.8s C:\Users\YassIne2\Desktop\126_PANA\P1260748.JPG
-26.4s C:\Users\YassIne2\Desktop\126_PANA\P1260749.JPG
-26.0s C:\Users\YassIne2\Desktop\126_PANA\P1260750.JPG
-25.7s C:\Users\YassIne2\Desktop\126_PANA\P1260751.JPG
0.0s C:\Windows\Temp\nsiB5E6.tmp\update.dll-201612121644.dll.exe

D:\sleep\local64spl.dll
Size . . . . . . . : 143,360 bytes
Age . . . . . . . : 54.1 days (2016-10-20 15:29:34)
Entropy . . . . . : 6.0
SHA-256 . . . . . : D2F0D5B7F0573547A01BCD0D7377F5070E2D94DD783F351CB2E94D454A4FEC51
> Bitdefender . . . : Adware.GenericKD.3661624
> Kaspersky . . . . : Backdoor.Win64.Agent.le
Fuzzy . . . . . . : 117.0

D:\UsB YaSsiNe\local64spl.dll
Size . . . . . . . : 143,360 bytes
Age . . . . . . . : 54.1 days (2016-10-20 15:29:34)
Entropy . . . . . : 6.0
SHA-256 . . . . . : D2F0D5B7F0573547A01BCD0D7377F5070E2D94DD783F351CB2E94D454A4FEC51
> Bitdefender . . . : Adware.GenericKD.3661624
> Kaspersky . . . . : Backdoor.Win64.Agent.le
Fuzzy . . . . . . : 117.0

D:\YassIne\local64spl.dll
Size . . . . . . . : 143,360 bytes
Age . . . . . . . : 54.1 days (2016-10-20 15:29:34)
Entropy . . . . . : 6.0
SHA-256 . . . . . : D2F0D5B7F0573547A01BCD0D7377F5070E2D94DD783F351CB2E94D454A4FEC51
> Bitdefender . . . : Adware.GenericKD.3661624
> Kaspersky . . . . : Backdoor.Win64.Agent.le
Fuzzy . . . . . . : 117.0

Suspicious files ____________________________________________________________

C:\Users\YassIne2\Downloads\cssplayers\Counter Strike Source\bin\launcher.dll
Size . . . . . . . : 164,264 bytes
Age . . . . . . . : 198.2 days (2016-05-29 14:26:27)
Entropy . . . . . : 6.6
SHA-256 . . . . . : FC02A996E3953AB728BA8B9595D1F5BDAC13AF0D2F425176EB5A8C0563DE6485
RSA Key Size . . . : 2048
Authenticode . . . : Invalid
Fuzzy . . . . . . : 26.0
Program is altered or corrupted since it was code signed by its author. This is typical for malware and pirated software.
Authors name is missing in version info. This is not common to most programs.
Version control is missing. This file is probably created by an individual. This is not typical for most programs.

C:\Users\YassIne2\Downloads\cssplayers\Counter Strike Source\bin\tools\extension\bin\launcher.dll
Size . . . . . . . : 164,264 bytes
Age . . . . . . . : 198.2 days (2016-05-29 14:26:31)
Entropy . . . . . : 6.6
SHA-256 . . . . . : FC02A996E3953AB728BA8B9595D1F5BDAC13AF0D2F425176EB5A8C0563DE6485
RSA Key Size . . . : 2048
Authenticode . . . : Invalid
Fuzzy . . . . . . : 26.0
Program is altered or corrupted since it was code signed by its author. This is typical for malware and pirated software.
Authors name is missing in version info. This is not common to most programs.
Version control is missing. This file is probably created by an individual. This is not typical for most programs.

Potential Unwanted Programs _________________________________________________

C:\Program Files (x86)\WeatherChickn\ (WeatherChicken)
C:\ProgramData\ChelfNotify\ (ChelfNotify)
C:\ProgramData\ChelfNotify\9.3.6494.400.manifest (ChelfNotify)
C:\ProgramData\ChelfNotify\BrowserUpdate.exe (ChelfNotify)
Size . . . . . . . : 690,144 bytes
Age . . . . . . . : 54.7 days (2016-10-20 01:10:42)
Entropy . . . . . : 6.2
SHA-256 . . . . . : ADCF6B8AA633286CD3A2CE7C79BEFAB207802DEC0E705ED3C74C043DABFC604C
Product . . . . . : QQOmÈhV
Publisher . . . . : Tencent
Description . . . : QQOmÈhV
Version . . . . . : 9.3.6494.400
Copyright . . . . : Copyright 2015 Tencent. All rights reserved.
RSA Key Size . . . : 2048
LanguageID . . . . : 1033
Authenticode . . . : Valid
Fuzzy . . . . . . : -7.0

C:\ProgramData\ChelfNotify\OLD_FILE1 (ChelfNotify)
Size . . . . . . . : 690,144 bytes
Age . . . . . . . : 54.7 days (2016-10-20 01:10:42)
Entropy . . . . . : 6.2
SHA-256 . . . . . : ADCF6B8AA633286CD3A2CE7C79BEFAB207802DEC0E705ED3C74C043DABFC604C
Product . . . . . : QQOmÈhV
Publisher . . . . : Tencent
Description . . . : QQOmÈhV
Version . . . . . : 9.3.6494.400
Copyright . . . . : Copyright 2015 Tencent. All rights reserved.
RSA Key Size . . . : 2048
LanguageID . . . . : 1033
Authenticode . . . : Valid
Fuzzy . . . . . . : -3.0

C:\ProgramData\ChelfNotify\OLD_FILE3 (ChelfNotify)
ask.com
C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Web Data

HKLM\SOFTWARE\Wow6432Node\xvb`lj\ (Youndoo)
HKLM\SOFTWARE\Wow6432Node\youndooSoftware\ (Youndoo)
HKLM\SOFTWARE\xvb`lj\ (Youndoo)
HKU\.DEFAULT\Software\xvb`lj\ (Youndoo)
HKU\S-1-5-18\Software\xvb`lj\ (Youndoo)
HKU\S-1-5-21-174325813-3823530073-1731569878-1000\Software\IM\ (Sweetpacks)
HKU\S-1-5-21-174325813-3823530073-1731569878-1000\Software\ProductSetup\1I1T1Q1S\ (TreasureTrack)
HKU\S-1-5-21-174325813-3823530073-1731569878-1001\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}\ (QVO6)
HKU\S-1-5-21-174325813-3823530073-1731569878-1001\Software\ProductSetup\1I1T1Q1S\ (TreasureTrack)

Cookies _____________________________________________________________________

C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Cookies:abmr.net
C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Cookies:agkn.com
C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Cookies:atdmt.com
C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Cookies:doubleclick.net
C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Cookies:liverail.com
C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Cookies:mookie1.com
C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Cookies:scorecardresearch.com
C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Cookies:www.googleadservices.com
C:\Users\YassIne2\AppData\Local\Google\Chrome\User Data\Default\Cookies:222980912.log.optimizely.com
C:\Users\YassIne2\AppData\Local\Google\Chrome\User Data\Default\Cookies:2359720751.log.optimizely.com
C:\Users\YassIne2\AppData\Local\Google\Chrome\User Data\Default\Cookies:262855726.log.optimizely.com
C:\Users\YassIne2\AppData\Local\Google\Chrome\User Data\Default\Cookies:4177821143.log.optimizely.com
C:\Users\YassIne2\AppData\Local\Google\Chrome\User Data\Default\Cookies:abmr.net
C:\Users\YassIne2\AppData\Local\Google\Chrome\User Data\Default\Cookies:adbrn.com
C:\Users\YassIne2\AppData\Local\Google\Chrome\User Data\Default\Cookies:addthis.com
C:\Users\YassIne2\AppData\Local\Google\Chrome\User Data\Default\Cookies:adnxs.com
C:\Users\YassIne2\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.linkedin.com
C:\Users\YassIne2\AppData\Local\Google\Chrome\User Data\Default\Cookies:adserving.unibet.com
C:\Users\YassIne2\AppData\Local\Google\Chrome\User Data\Default\Cookies:adsymptotic.com
C:\Users\YassIne2\AppData\Local\Google\Chrome\User Data\Default\Cookies:advertisenowonline.com
C:\Users\YassIne2\AppData\Local\Google\Chrome\User Data\Default\Cookies:agkn.com
C:\Users\YassIne2\AppData\Local\Google\Chrome\User Data\Default\Cookies:atdmt.com
C:\Users\YassIne2\AppData\Local\Google\Chrome\User Data\Default\Cookies:bidr.io
C:\Users\YassIne2\AppData\Local\Google\Chrome\User Data\Default\Cookies:bidswitch.net
C:\Users\YassIne2\AppData\Local\Google\Chrome\User Data\Default\Cookies:bizrate.com
C:\Users\YassIne2\AppData\Local\Google\Chrome\User Data\Default\Cookies:bluekai.com
C:\Users\YassIne2\AppData\Local\Google\Chrome\User Data\Default\Cookies:cdn.taboola.com
C:\Users\YassIne2\AppData\Local\Google\Chrome\User Data\Default\Cookies:crwdcntrl.net
C:\Users\YassIne2\AppData\Local\Google\Chrome\User Data\Default\Cookies:ctnsnet.com
C:\Users\YassIne2\AppData\Local\Google\Chrome\User Data\Default\Cookies:cxense.com
C:\Users\YassIne2\AppData\Local\Google\Chrome\User Data\Default\Cookies:demdex.net
C:\Users\YassIne2\AppData\Local\Google\Chrome\User Data\Default\Cookies:dotomi.com
C:\Users\YassIne2\AppData\Local\Google\Chrome\User Data\Default\Cookies:doubleclick.net
C:\Users\YassIne2\AppData\Local\Google\Chrome\User Data\Default\Cookies:dpclk.com
C:\Users\YassIne2\AppData\Local\Google\Chrome\User Data\Default\Cookies:dpm.demdex.net
C:\Users\YassIne2\AppData\Local\Google\Chrome\User Data\Default\Cookies:dsp.linksynergy.com
C:\Users\YassIne2\AppData\Local\Google\Chrome\User Data\Default\Cookies:dynamicyield.com
C:\Users\YassIne2\AppData\Local\Google\Chrome\User Data\Default\Cookies:everesttech.net
C:\Users\YassIne2\AppData\Local\Google\Chrome\User Data\Default\Cookies:exoclick.com
C:\Users\YassIne2\AppData\Local\Google\Chrome\User Data\Default\Cookies:googleadservices.com
C:\Users\YassIne2\AppData\Local\Google\Chrome\User Data\Default\Cookies:gssprt.jp
C:\Users\YassIne2\AppData\Local\Google\Chrome\User Data\Default\Cookies:hijabchat.xxx
C:\Users\YassIne2\AppData\Local\Google\Chrome\User Data\Default\Cookies:imrworldwide.com
C:\Users\YassIne2\AppData\Local\Google\Chrome\User Data\Default\Cookies:in.getclicky.com
C:\Users\YassIne2\AppData\Local\Google\Chrome\User Data\Default\Cookies:krxd.net
C:\Users\YassIne2\AppData\Local\Google\Chrome\User Data\Default\Cookies:lijit.com
C:\Users\YassIne2\AppData\Local\Google\Chrome\User Data\Default\Cookies:linksynergy.com
C:\Users\YassIne2\AppData\Local\Google\Chrome\User Data\Default\Cookies:liverail.com
C:\Users\YassIne2\AppData\Local\Google\Chrome\User Data\Default\Cookies:m.webtrends.com
C:\Users\YassIne2\AppData\Local\Google\Chrome\User Data\Default\Cookies:match.adsby.bidtheatre.com
C:\Users\YassIne2\AppData\Local\Google\Chrome\User Data\Default\Cookies:match.rundsp.com
C:\Users\YassIne2\AppData\Local\Google\Chrome\User Data\Default\Cookies:mathtag.com
C:\Users\YassIne2\AppData\Local\Google\Chrome\User Data\Default\Cookies:microsoftwindows.112.2o7.net
C:\Users\YassIne2\AppData\Local\Google\Chrome\User Data\Default\Cookies:ml314.com
C:\Users\YassIne2\AppData\Local\Google\Chrome\User Data\Default\Cookies:mmstat.com
C:\Users\YassIne2\AppData\Local\Google\Chrome\User Data\Default\Cookies:mookie1.com
C:\Users\YassIne2\AppData\Local\Google\Chrome\User Data\Default\Cookies:nvda.d2.sc.omtrdc.net
C:\Users\YassIne2\AppData\Local\Google\Chrome\User Data\Default\Cookies:nvidia.tt.omtrdc.net
C:\Users\YassIne2\AppData\Local\Google\Chrome\User Data\Default\Cookies:owneriq.net
C:\Users\YassIne2\AppData\Local\Google\Chrome\User Data\Default\Cookies:po.st
C:\Users\YassIne2\AppData\Local\Google\Chrome\User Data\Default\Cookies:porn.com
C:\Users\YassIne2\AppData\Local\Google\Chrome\User Data\Default\Cookies:pornhdhdporn.com
C:\Users\YassIne2\AppData\Local\Google\Chrome\User Data\Default\Cookies:pornhub.com
C:\Users\YassIne2\AppData\Local\Google\Chrome\User Data\Default\Cookies:pornsexwank.com
C:\Users\YassIne2\AppData\Local\Google\Chrome\User Data\Default\Cookies:porntube.com
C:\Users\YassIne2\AppData\Local\Google\Chrome\User Data\Default\Cookies:pornvideoq.com
C:\Users\YassIne2\AppData\Local\Google\Chrome\User Data\Default\Cookies:pubmatic.com
C:\Users\YassIne2\AppData\Local\Google\Chrome\User Data\Default\Cookies:rfihub.com
C:\Users\YassIne2\AppData\Local\Google\Chrome\User Data\Default\Cookies:rlcdn.com
C:\Users\YassIne2\AppData\Local\Google\Chrome\User Data\Default\Cookies:ru4.com
C:\Users\YassIne2\AppData\Local\Google\Chrome\User Data\Default\Cookies:scorecardresearch.com
C:\Users\YassIne2\AppData\Local\Google\Chrome\User Data\Default\Cookies:sexody.com
C:\Users\YassIne2\AppData\Local\Google\Chrome\User Data\Default\Cookies:skimresources.com
C:\Users\YassIne2\AppData\Local\Google\Chrome\User Data\Default\Cookies:statcounter.com
C:\Users\YassIne2\AppData\Local\Google\Chrome\User Data\Default\Cookies:statse.webtrendslive.com
C:\Users\YassIne2\AppData\Local\Google\Chrome\User Data\Default\Cookies:survey.g.doubleclick.net
C:\Users\YassIne2\AppData\Local\Google\Chrome\User Data\Default\Cookies:taboola.com
C:\Users\YassIne2\AppData\Local\Google\Chrome\User Data\Default\Cookies:track.rtb-media.me
C:\Users\YassIne2\AppData\Local\Google\Chrome\User Data\Default\Cookies:trc.taboola.com
C:\Users\YassIne2\AppData\Local\Google\Chrome\User Data\Default\Cookies:veporn.net
C:\Users\YassIne2\AppData\Local\Google\Chrome\User Data\Default\Cookies:virool.com
C:\Users\YassIne2\AppData\Local\Google\Chrome\User Data\Default\Cookies:visualdna.com
C:\Users\YassIne2\AppData\Local\Google\Chrome\User Data\Default\Cookies:vporn.com
C:\Users\YassIne2\AppData\Local\Google\Chrome\User Data\Default\Cookies:w55c.net
C:\Users\YassIne2\AppData\Local\Google\Chrome\User Data\Default\Cookies:wtp101.com
C:\Users\YassIne2\AppData\Local\Google\Chrome\User Data\Default\Cookies:www.eporner.com
C:\Users\YassIne2\AppData\Local\Google\Chrome\User Data\Default\Cookies:www.googleadservices.com
C:\Users\YassIne2\AppData\Local\Google\Chrome\User Data\Default\Cookies:www.hijabchat.xxx
C:\Users\YassIne2\AppData\Local\Google\Chrome\User Data\Default\Cookies:www.porn.com
C:\Users\YassIne2\AppData\Local\Google\Chrome\User Data\Default\Cookies:www.porntube.com
C:\Users\YassIne2\AppData\Local\Google\Chrome\User Data\Default\Cookies:www.veporn.net
C:\Users\YassIne2\AppData\Local\Google\Chrome\User Data\Default\Cookies:www.vporn.com
C:\Users\YassIne2\AppData\Local\Google\Chrome\User Data\Default\Cookies:xiti.com
C:\Users\YassIne2\AppData\Local\Google\Chrome\User Data\Default\Cookies:xxxyours.com
C:\Users\YassIne2\AppData\Local\Google\Chrome\User Data\Default\Cookies:yadro.ru
C:\Users\YassIne2\AppData\Local\Google\Chrome\User Data\Default\Cookies:zedo.com

[/code]

Signaler le contenu de ce document