Yontoo est un programme qui s’installe généralement à votre insu via le téléchargement de logiciels gratuits

Caractèriqtiques

– Il appartient à une famille de PUP Optionnels (Potentially Unwanted Program).
– Vendeur : PUP.Optional.

Actions principales

– Il s’installe en tant que processus lancé au démarrage du système (RP),
– Il installe un programme d’extension pour le navigateur Mozilla Firefox (M2),
– Il installe un programme d’extension pour le navigateur Google Chrome (G2),
– Il s’installe en tant de Browser Helper Object de Navigateur internet (O2),
– Il s’installe dans la Base de Registres afin d’être lancé à chaque démarrage du système (O4),
– Il s’installe en tant que service pour être lancé à chaque démarrage du système (O23),(SS/SR),
– Il s’installe en tant que programme (O42),
– Il crée des dossiers supplémentaires (O43),
– Il s’installe dans le dossier Windows prefetcher (O45),
– Il créé une clé de registre ShareTools MSconfig StartupReg (O53),
– Il s’installe dans des dossiers particuliers de l’utilisateur (O84),
– Il pollue la base de Registres avec de nombreuses clés et valeurs (O88 ),

Aperçu ZHPDiag

—\\ Processus lancés

[MD5.2A6C01BAC0F8AA9143D61AE1E28E263A] – (.Yontoo LLC – Yontoo Desktop.) — C:\Users\Pc1\AppData\Roaming\Yontoo\YontooDesktop.exe [42784] [PID.1908] [MD5.24FB8DB6D1D55E2C5D0A53DFE48E6AF8] – (.Microsoft – Y2Desktop.Updater.) — C:\Program Files (x86)\Yontoo\Y2Desktop.Updater.exe [23552] [PID.2536]

—\\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)
G2 – GCE: Preference [User Data\Default] [niapdbllcanepiiimjjndipklodoedlc] Yontoo v.1.0.3 (Activé )

—\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)
M2 – MFEP: prefs.js [Coolman – 6andx3ch.default\plugin@yontoo.com] [] Yontoo v1.20.02 (..)

—\\ Browser Helper Objects de navigateur (O2)
O2 – BHO: Yontoo Layers – {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} (.Yontoo LLC.) — C:\Program Files\Yontoo Layers Runtime\YontooIEClient.dll

—\\ Applications démarrées par registre & par dossier (O4)
O4 – HKCU\..\Run: [Yontoo Desktop] C:\Documents and Settings\Coolman\Application Data\Yontoo\YontooDesktop.exe (.not file.)
O4 – HKUS\S-1-5-21-1333877253-4193380580-4002807941-1007\..\Run: [Yontoo Desktop] C:\Documents and Settings\Coolman\Application Data\Yontoo\YontooDesktop.exe (.not file.)

—\\ Logiciels installés (O42)
O42 – Logiciel: Yontoo 2.053 – (.Yontoo LLC.) [HKLM] — {889DF117-14D1-44EE-9F31-C5FB5D47F68B}

—\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 – CFD: 15/05/2013 – 14:00:59 – [0,804] —-D C:\Program Files\Yontoo
O43 – CFD: 15/05/2013 – 14:01:48 – [0,125] —-D C:\Documents and Settings\Coolman\Application Data\Yontoo

—\\ Derniers fichiers créés dans Windows Prefetcher (O45)
O45 – LFCP:[MD5.FF4E9684CE60631ACA0DE343B755359D] – 15/05/2013 – 13:00:54 —A- – C:\WINDOWS\Prefetch\YONTOO-C4.EXE-11DB6439.pf
O45 – LFCP:[MD5.F54FAF86B1083B71EC0EC939641159DC] – 15/05/2013 – 13:00:55 —A- – C:\WINDOWS\Prefetch\YONTOO-C4-10C0.EXE-3510B2BC.pf
O45 – LFCP:[MD5.674B6A2A602CF5CA0E6CDD0D3D977A40] – 15/05/2013 – 13:01:11 —A- – C:\WINDOWS\Prefetch\YONTOODESKTOP.EXE-1CAF6818.pf

—\\ ShareTools MSconfig StartupReg (O53)
O53 – SMSR:HKLM\…\startupreg\Yontoo Desktop [Key] . (…) — C:\Users\Coolman\AppData\Roaming\Yontoo\YontooDesktop.exe

—\\ Derniers fichiers modifiés ou crées (Utilisateur) (O61)
O61 – LFC: 15/05/2013 – 13:01:24 —A- C:\Documents and Settings\Coolman\Application Data\Yontoo\dat\Desktop.OS.dll [59680] O61 – LFC: 15/05/2013 – 13:01:28 —A- C:\Documents and Settings\Coolman\Application Data\Yontoo\dat\Desktop.OS.Plugin.dll [13600] O61 – LFC: 15/05/2013 – 13:01:29 —A- C:\Documents and Settings\Coolman\Application Data\Yontoo\PlugIns.cache [23] O61 – LFC: 15/05/2013 – 13:01:30 —A- C:\Documents and Settings\Coolman\Application Data\Yontoo\dat\HealthMonitor.dat [34592] O61 – LFC: 15/05/2013 – 13:01:30 —A- C:\Documents and Settings\Coolman\Application Data\Yontoo\dat\HeartBeat.dat [22816] O61 – LFC: 15/05/2013 – 18:34:00 —A- C:\Documents and Settings\Coolman\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\niapdbllcanepiiimjjndipklodoedlc\1.0.3_0\back.js [1169] O61 – LFC: 15/05/2013 – 18:34:01 —A- C:\Documents and Settings\Coolman\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\niapdbllcanepiiimjjndipklodoedlc\1.0.3_0\background.html [80] O61 – LFC: 15/05/2013 – 18:34:01 —A- C:\Documents and Settings\Coolman\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\niapdbllcanepiiimjjndipklodoedlc\1.0.3_0\manifest.json [820] O61 – LFC: 15/05/2013 – 18:34:01 —A- C:\Documents and Settings\Coolman\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\niapdbllcanepiiimjjndipklodoedlc\1.0.3_0\yl.js [672] O61 – LFC: 16/05/2013 – 11:01:22 —A- C:\Documents and Settings\Coolman\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\chrome-extension_niapdbllcanepiiimjjndipklodoedlc_0.localstorage [3072] O61 – LFC: 16/05/2013 – 11:01:22 —A- C:\Documents and Settings\Coolman\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\chrome-extension_niapdbllcanepiiimjjndipklodoedlc_0.localstorage-journal

—\\ Recherche particuliere à la racine de certains dossiers (O84)
[MD5.41133F484BA4FAEFE172268C5B8D7734] [SPRF][19/01/2012] (.Yontoo LLC – Yontoo Runtime.) — C:\Users\Coolman\AppData\Local\Temp\YontooIEClient.dll [194848] [MD5.7FE85C8E26E7E937F7113A20C8E26B6A] [SPRF][03/02/2012] (.Yontoo LLC – Installer.) — C:\Users\Coolman\AppData\Local\Temp\YontooSetup-Silent.exe [1048376] [MD5.AE7E0C99C5BC7D28325C0CD7885C851F] [SPRF][24/10/2012] (.Yontoo LLC – Installer.) — C:\Users\Coolman\AppData\Local\Temp\YontooSetup-S.exe [1062504]

—\\ Scan Additionnel (O88 )
[HKLM\SOFTWARE\Classes\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}] [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}] [HKCR\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}] [HKCR\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}] [HKCR\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}] [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}] [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}] [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}] [HKLM\Software\Classes\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}] [HKCR\YontooIEClient.Layers.1] [HKCR\YontooIEClient.Api] [HKCR\YontooIEClient.Api.1] [HKCR\YontooIEClient.Layers] [HKLM\Software\Classes\YontooIEClient.Api] [HKLM\Software\Classes\YontooIEClient.Api.1] [HKLM\Software\Classes\YontooIEClient.Layers] [HKLM\Software\Classes\YontooIEClient.Layers.1] [HKLM\Software\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}] [HKLM\Software\Wow6432Node\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}[HKLM\Software\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}] [HKLM\Software\Wow6432Node\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}] [HKLM\Software\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}] [HKLM\Software\Classes\AppID\YontooIEClient.DLL] [HKCU\Software\Microsoft\Windows\CurrentVersion\Run]:Yontoo Desktop[HKLM\Software\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}] [HKLM\Software\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}] [HKLM\Software\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}] [HKLM\Software\Classes\CLSID\{7E84186E-B5DE-4226-8A66-6E49C6B511B4}] [HKLM\Software\Classes\CLSID\{80922ee0-8a76-46ae-95d5-bd3c3fe0708d}] [HKLM\Software\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}] [HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}] [HKLM\Software\Classes\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}] [HKLM\Software\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}] [HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}] [HKLM\SYSTEM\CurrentControlSet\Services\Yontoo Desktop Updater] C:\Program Files\Yontoo Layers
C:\Program Files\Yontoo Layers Client
C:\Program Files\Yontoo Layers Runtime
C:\Program Files\yontoo
C:\Documents and Settings\Coolman\Application Data\yontoo
C:\Documents and Settings\Coolman\Application Data\Mozilla\Firefox\Profiles\6andx3ch.default\Extensions\plugin@yontoo.com

—\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped)
SR – | Auto 01/05/2013 23552 | (Yontoo Desktop Updater) . (.Microsoft.) – C:\Program Files\Yontoo\Y2Desktop.Updater.exe

 

Alias :

PUP.Optional.Yontoo [Malwarebytes]

 

Liens :

malwaretips.com
Remove Yontoo Adware (Uninstall Guide)

Supprimer (Remove) :

– Supprimer l’extension « Yontoo » de tous les navigateurs installés,
– Supprimer le plugin « Yontoo » de tous les navigateurs installés,
– Supprimer le logiciel « Yontoo » via le panneau de configuration Windows,
– Modifier les pages de recherche et de démarrage de tous les navigateurs installés,
– Vider le cache des navigateurs
– Appliquer un script de nettoyage ZHPFix pour les lignes identifiées dans les rapports ZHPDiag & NCDiag

 

(C) Copyrights 2014 – Nicolas Coolman – All rights reserved