cjoint

Publicité


Publicité

Format du document : application/octet-stream

Prévisualisation

[code]
HitmanPro 3.7.12.253
www.hitmanpro.com

Computer name . . . . : CHAWKI-PC
Windows . . . . . . . : 6.1.0.7600.X86/2
User name . . . . . . : chawki-PC\chawki
UAC . . . . . . . . . : Enabled
License . . . . . . . : Trial (30 days left)

Scan date . . . . . . : 2016-02-04 17:45:36
Scan mode . . . . . . : Normal
Scan duration . . . . : 1m 28s
Disk access mode . . : Direct disk access (SRB)
Cloud . . . . . . . . : Internet
Reboot . . . . . . . : No

Threats . . . . . . . : 3
Traces . . . . . . . : 24

Objects scanned . . . : 512 684
Files scanned . . . . : 12 441
Remnants scanned . . : 102 392 files / 397 851 keys

Malware _____________________________________________________________________

C:\Users\chawki\AppData\Roaming\ZHP\Quarantine\BitTorrent.DIR\bin\270a67c9-edd5-4b12-ac8e-206962da9568\Jackson.exe -> Quarantined
Size . . . . . . . : 3 265 606 bytes
Age . . . . . . . : 0.7 days (2016-02-04 01:16:20)
Entropy . . . . . : 8.0
SHA-256 . . . . . : 733B0B4CA4AA0DDB2563042B9FA61C0A56BDE67FEBB97F826931925198C87031
Product
Publisher
Description
Version . . . . . : 1.0.0.3
Copyright
LanguageID . . . . : 1033
> Bitdefender . . . : Adware.Linkury.BG
Fuzzy . . . . . . : 113.0
Forensic Cluster
-0.7s C:\Users\chawki\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\
-0.0s C:\Users\chawki\AppData\Roaming\ZHP\Quarantine\42bmmhb1.VIR
-0.0s C:\Users\chawki\AppData\Roaming\ZHP\ZHPFixQuarantine.txt
-0.0s C:\Users\chawki\AppData\Roaming\ZHP\Quarantine\BitTorrent.DIR\
-0.0s C:\Users\chawki\AppData\Roaming\ZHP\Quarantine\BitTorrent.DIR\BitTorrent.exe.config
-0.0s C:\Users\chawki\AppData\Roaming\ZHP\Quarantine\BitTorrent.DIR\config.conf
0.0s C:\Users\chawki\AppData\Roaming\ZHP\Quarantine\BitTorrent.DIR\bin\12441c0f-45a9-4fe3-b6a8-fc909dbe5881\
0.0s C:\Users\chawki\AppData\Roaming\ZHP\Quarantine\BitTorrent.DIR\bin\270a67c9-edd5-4b12-ac8e-206962da9568\
0.0s C:\Users\chawki\AppData\Roaming\ZHP\Quarantine\BitTorrent.DIR\bin\270a67c9-edd5-4b12-ac8e-206962da9568\Jackson.exe
0.0s C:\Users\chawki\AppData\Roaming\ZHP\Quarantine\BitTorrent.DIR\bin\
0.0s C:\Users\chawki\AppData\Roaming\ZHP\Quarantine\BitTorrent.DIR\bin\270a67c9-edd5-4b12-ac8e-206962da9568\xtc.exe
0.1s C:\Users\chawki\AppData\Roaming\ZHP\Quarantine\BitTorrent.DIR\bin\270a67c9-edd5-4b12-ac8e-206962da9568\xtc.exe.config
0.2s C:\Users\chawki\AppData\Roaming\ZHP\Quarantine\zlhwqkic.DIR\
0.2s C:\Users\chawki\AppData\Roaming\ZHP\Quarantine\zlhwqkic.DIR\a82basqtiojfm.exe
0.2s C:\Users\chawki\AppData\Roaming\ZHP\Quarantine\zlhwqkic.DIR\a82basqtiojfm.exe.config
0.3s C:\Users\chawki\AppData\Roaming\ZHP\Quarantine\drivereasy_setup.exe.VIR
3.4s C:\Windows\Prefetch\
3.4s C:\Users\chawki\AppData\Roaming\ZHP\ZHPFix[R1].txt
3.4s C:\Users\chawki\Desktop\ZHPFixReport.txt
3.5s C:\Users\chawki\AppData\Roaming\ZHP\ZHPExportRegistry-04-02-2016-01-16-24.txt
3.5s C:\Windows\Prefetch\CONHOST.EXE-1F3E9D7E.pf
9.5s C:\Windows\Prefetch\DLLHOST.EXE-5E46FA0D.pf
13.6s C:\Windows\Prefetch\SEARCHPROTOCOLHOST.EXE-0CB8CADE.pf
13.7s C:\Windows\Prefetch\SEARCHFILTERHOST.EXE-77482212.pf
33.8s C:\Users\chawki\AppData\Local\Microsoft\Windows\Caches\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000007.db
36.2s C:\Windows\Prefetch\TASKHOST.EXE-7238F31D.pf

C:\Users\chawki\AppData\Roaming\ZHP\Quarantine\BitTorrent.DIR\bin\270a67c9-edd5-4b12-ac8e-206962da9568\xtc.exe -> Quarantined
Size . . . . . . . : 52 736 bytes
Age . . . . . . . : 0.7 days (2016-02-04 01:16:20)
Entropy . . . . . : 5.9
SHA-256 . . . . . : DF037D75C310B2BAF1060C7265CE55F9B4B086948EC833C0F8E00655B717D029
Product . . . . . : xtc
LanguageID . . . . : 0
> Kaspersky . . . . : Trojan-Downloader.MSIL.Crypted.ij
Fuzzy . . . . . . : 108.0
Forensic Cluster
-0.7s C:\Users\chawki\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\
-0.1s C:\Users\chawki\AppData\Roaming\ZHP\Quarantine\42bmmhb1.VIR
-0.1s C:\Users\chawki\AppData\Roaming\ZHP\ZHPFixQuarantine.txt
-0.1s C:\Users\chawki\AppData\Roaming\ZHP\Quarantine\BitTorrent.DIR\
-0.1s C:\Users\chawki\AppData\Roaming\ZHP\Quarantine\BitTorrent.DIR\BitTorrent.exe.config
-0.1s C:\Users\chawki\AppData\Roaming\ZHP\Quarantine\BitTorrent.DIR\config.conf
-0.0s C:\Users\chawki\AppData\Roaming\ZHP\Quarantine\BitTorrent.DIR\bin\12441c0f-45a9-4fe3-b6a8-fc909dbe5881\
-0.0s C:\Users\chawki\AppData\Roaming\ZHP\Quarantine\BitTorrent.DIR\bin\270a67c9-edd5-4b12-ac8e-206962da9568\
-0.0s C:\Users\chawki\AppData\Roaming\ZHP\Quarantine\BitTorrent.DIR\bin\270a67c9-edd5-4b12-ac8e-206962da9568\Jackson.exe
-0.0s C:\Users\chawki\AppData\Roaming\ZHP\Quarantine\BitTorrent.DIR\bin\
0.0s C:\Users\chawki\AppData\Roaming\ZHP\Quarantine\BitTorrent.DIR\bin\270a67c9-edd5-4b12-ac8e-206962da9568\xtc.exe
0.0s C:\Users\chawki\AppData\Roaming\ZHP\Quarantine\BitTorrent.DIR\bin\270a67c9-edd5-4b12-ac8e-206962da9568\xtc.exe.config
0.1s C:\Users\chawki\AppData\Roaming\ZHP\Quarantine\zlhwqkic.DIR\
0.1s C:\Users\chawki\AppData\Roaming\ZHP\Quarantine\zlhwqkic.DIR\a82basqtiojfm.exe
0.1s C:\Users\chawki\AppData\Roaming\ZHP\Quarantine\zlhwqkic.DIR\a82basqtiojfm.exe.config
0.2s C:\Users\chawki\AppData\Roaming\ZHP\Quarantine\drivereasy_setup.exe.VIR
3.3s C:\Windows\Prefetch\
3.3s C:\Users\chawki\AppData\Roaming\ZHP\ZHPFix[R1].txt
3.4s C:\Users\chawki\Desktop\ZHPFixReport.txt
3.5s C:\Users\chawki\AppData\Roaming\ZHP\ZHPExportRegistry-04-02-2016-01-16-24.txt
3.5s C:\Windows\Prefetch\CONHOST.EXE-1F3E9D7E.pf
9.5s C:\Windows\Prefetch\DLLHOST.EXE-5E46FA0D.pf
13.5s C:\Windows\Prefetch\SEARCHPROTOCOLHOST.EXE-0CB8CADE.pf
13.6s C:\Windows\Prefetch\SEARCHFILTERHOST.EXE-77482212.pf
33.8s C:\Users\chawki\AppData\Local\Microsoft\Windows\Caches\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000007.db
36.1s C:\Windows\Prefetch\TASKHOST.EXE-7238F31D.pf

C:\Users\chawki\AppData\Roaming\ZHP\Quarantine\zlhwqkic.DIR\a82basqtiojfm.exe -> Deleted
Size . . . . . . . : 59 904 bytes
Age . . . . . . . : 0.7 days (2016-02-04 01:16:20)
Entropy . . . . . : 6.0
SHA-256 . . . . . : 1535B0592A21E86C827284653611A57C3E5C53AC3A0E349F01DF237918829756
> Bitdefender . . . : Gen:Variant.Adware.MSILPerseus.11675
> Kaspersky . . . . : HEUR:Trojan.Win32.Generic
Fuzzy . . . . . . : 108.0
Forensic Cluster
-0.8s C:\Users\chawki\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\
-0.2s C:\Users\chawki\AppData\Roaming\ZHP\Quarantine\42bmmhb1.VIR
-0.2s C:\Users\chawki\AppData\Roaming\ZHP\ZHPFixQuarantine.txt
-0.2s C:\Users\chawki\AppData\Roaming\ZHP\Quarantine\BitTorrent.DIR\
-0.2s C:\Users\chawki\AppData\Roaming\ZHP\Quarantine\BitTorrent.DIR\BitTorrent.exe.config
-0.2s C:\Users\chawki\AppData\Roaming\ZHP\Quarantine\BitTorrent.DIR\config.conf
-0.2s C:\Users\chawki\AppData\Roaming\ZHP\Quarantine\BitTorrent.DIR\bin\12441c0f-45a9-4fe3-b6a8-fc909dbe5881\
-0.2s C:\Users\chawki\AppData\Roaming\ZHP\Quarantine\BitTorrent.DIR\bin\270a67c9-edd5-4b12-ac8e-206962da9568\
-0.2s C:\Users\chawki\AppData\Roaming\ZHP\Quarantine\BitTorrent.DIR\bin\270a67c9-edd5-4b12-ac8e-206962da9568\Jackson.exe
-0.2s C:\Users\chawki\AppData\Roaming\ZHP\Quarantine\BitTorrent.DIR\bin\
-0.1s C:\Users\chawki\AppData\Roaming\ZHP\Quarantine\BitTorrent.DIR\bin\270a67c9-edd5-4b12-ac8e-206962da9568\xtc.exe
-0.1s C:\Users\chawki\AppData\Roaming\ZHP\Quarantine\BitTorrent.DIR\bin\270a67c9-edd5-4b12-ac8e-206962da9568\xtc.exe.config
0.0s C:\Users\chawki\AppData\Roaming\ZHP\Quarantine\zlhwqkic.DIR\
0.0s C:\Users\chawki\AppData\Roaming\ZHP\Quarantine\zlhwqkic.DIR\a82basqtiojfm.exe
0.0s C:\Users\chawki\AppData\Roaming\ZHP\Quarantine\zlhwqkic.DIR\a82basqtiojfm.exe.config
0.1s C:\Users\chawki\AppData\Roaming\ZHP\Quarantine\drivereasy_setup.exe.VIR
3.2s C:\Windows\Prefetch\
3.2s C:\Users\chawki\AppData\Roaming\ZHP\ZHPFix[R1].txt
3.2s C:\Users\chawki\Desktop\ZHPFixReport.txt
3.3s C:\Users\chawki\AppData\Roaming\ZHP\ZHPExportRegistry-04-02-2016-01-16-24.txt
3.4s C:\Windows\Prefetch\CONHOST.EXE-1F3E9D7E.pf
9.4s C:\Windows\Prefetch\DLLHOST.EXE-5E46FA0D.pf
13.4s C:\Windows\Prefetch\SEARCHPROTOCOLHOST.EXE-0CB8CADE.pf
13.5s C:\Windows\Prefetch\SEARCHFILTERHOST.EXE-77482212.pf
33.6s C:\Users\chawki\AppData\Local\Microsoft\Windows\Caches\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000007.db
36.0s C:\Windows\Prefetch\TASKHOST.EXE-7238F31D.pf


Suspicious files ____________________________________________________________

C:\Users\chawki\Downloads\IDMan.exe
Size . . . . . . . : 3 890 768 bytes
Age . . . . . . . : 4.9 days (2016-01-30 20:54:43)
Entropy . . . . . : 6.4
SHA-256 . . . . . : 8B8D9FDB232E5D86E123BF342DD0C936C8ED0CBF10B2A279091617AFB226269F
Product . . . . . : Internet Download Manager (IDM)
Publisher . . . . : Tonec Inc.
Description . . . : Internet Download Manager (IDM)
Version . . . . . : 6.23.1.2
Copyright . . . . : Tonec Inc., Copyright © 1999 - 2015
RSA Key Size . . . : 2048
LanguageID . . . . : 1033
Authenticode . . . : Invalid
Fuzzy . . . . . . : 22.0
Program is altered or corrupted since it was code signed by its author. This is typical for malware and pirated software.
Time indicates that the file appeared recently on this computer.
Forensic Cluster
-0.8s C:\Users\chawki\AppData\Roaming\Mozilla\Firefox\Profiles\vvkhsym0.default\gmp-eme-adobe\
-0.8s C:\Users\chawki\AppData\Roaming\Mozilla\Firefox\Profiles\vvkhsym0.default\gmp-eme-adobe\15\
-0.8s C:\Users\chawki\AppData\Roaming\Mozilla\Firefox\Profiles\vvkhsym0.default\gmp-eme-adobe\15\eme-adobe.voucher
-0.8s C:\Users\chawki\AppData\Roaming\Mozilla\Firefox\Profiles\vvkhsym0.default\gmp-eme-adobe\15\eme-adobe.info
-0.8s C:\Users\chawki\AppData\Roaming\Mozilla\Firefox\Profiles\vvkhsym0.default\gmp-eme-adobe\15\eme-adobe.dll
0.0s C:\Users\chawki\Downloads\IDMan.exe
2.3s C:\Users\chawki\AppData\Roaming\Mozilla\Firefox\Profiles\vvkhsym0.default\gmp-gmpopenh264\
2.3s C:\Users\chawki\AppData\Roaming\Mozilla\Firefox\Profiles\vvkhsym0.default\gmp-gmpopenh264\1.5.3\
2.3s C:\Users\chawki\AppData\Roaming\Mozilla\Firefox\Profiles\vvkhsym0.default\gmp-gmpopenh264\1.5.3\gmpopenh264.dll
2.3s C:\Users\chawki\AppData\Roaming\Mozilla\Firefox\Profiles\vvkhsym0.default\gmp-gmpopenh264\1.5.3\gmpopenh264.info

C:\Users\chawki\Downloads\Nouveau dossier\IDMGrHlp.exe
Size . . . . . . . : 513 048 bytes
Age . . . . . . . : 3.8 days (2016-01-31 21:53:30)
Entropy . . . . . : 6.6
SHA-256 . . . . . : 9F16E3B7C7355DEFFE359CA7D8BDB419726126C9EAAD426E2BCD040B06599D40
Product . . . . . : Internet Download Manager
Publisher . . . . : Tonec Inc.
Description . . . : Internet Download Manager module
Version . . . . . : 6.18.7.1
Copyright . . . . : Tonec Inc., Copyright © 1999 - 2013
RSA Key Size . . . : 2048
LanguageID . . . . : 1033
Authenticode . . . : Invalid
Fuzzy . . . . . . : 22.0
Program is altered or corrupted since it was code signed by its author. This is typical for malware and pirated software.
Time indicates that the file appeared recently on this computer.
Forensic Cluster
-5.2s C:\Users\chawki\Downloads\Nouveau dossier\
0.0s C:\Users\chawki\Downloads\Nouveau dossier\IDMGrHlp.exe
0.0s C:\Users\chawki\Downloads\Nouveau dossier\G'E.txt


Cookies _____________________________________________________________________

C:\Users\chawki\AppData\Roaming\Microsoft\Windows\Cookies\Low\chawki@adnxs[2].txt
C:\Users\chawki\AppData\Roaming\Microsoft\Windows\Cookies\Low\chawki@doubleclick[2].txt
C:\Users\chawki\AppData\Roaming\Microsoft\Windows\Cookies\Low\chawki@effectivemeasure[1].txt
C:\Users\chawki\AppData\Roaming\Microsoft\Windows\Cookies\Low\chawki@scorecardresearch[2].txt
C:\Users\chawki\AppData\Roaming\Mozilla\Firefox\Profiles\vvkhsym0.default\cookies.sqlite:adnxs.com
C:\Users\chawki\AppData\Roaming\Mozilla\Firefox\Profiles\vvkhsym0.default\cookies.sqlite:ads.linkedin.com
C:\Users\chawki\AppData\Roaming\Mozilla\Firefox\Profiles\vvkhsym0.default\cookies.sqlite:ads.servebom.com
C:\Users\chawki\AppData\Roaming\Mozilla\Firefox\Profiles\vvkhsym0.default\cookies.sqlite:adzerk.net
C:\Users\chawki\AppData\Roaming\Mozilla\Firefox\Profiles\vvkhsym0.default\cookies.sqlite:doubleclick.net
C:\Users\chawki\AppData\Roaming\Mozilla\Firefox\Profiles\vvkhsym0.default\cookies.sqlite:engine.adzerk.net
C:\Users\chawki\AppData\Roaming\Mozilla\Firefox\Profiles\vvkhsym0.default\cookies.sqlite:engine.phn.doublepimp.com
C:\Users\chawki\AppData\Roaming\Mozilla\Firefox\Profiles\vvkhsym0.default\cookies.sqlite:image.tube8.phncdn.com
C:\Users\chawki\AppData\Roaming\Mozilla\Firefox\Profiles\vvkhsym0.default\cookies.sqlite:outbrain.com
C:\Users\chawki\AppData\Roaming\Mozilla\Firefox\Profiles\vvkhsym0.default\cookies.sqlite:pornhub.com
C:\Users\chawki\AppData\Roaming\Mozilla\Firefox\Profiles\vvkhsym0.default\cookies.sqlite:scorecardresearch.com
C:\Users\chawki\AppData\Roaming\Mozilla\Firefox\Profiles\vvkhsym0.default\cookies.sqlite:skimresources.com
C:\Users\chawki\AppData\Roaming\Mozilla\Firefox\Profiles\vvkhsym0.default\cookies.sqlite:taboola.com
C:\Users\chawki\AppData\Roaming\Mozilla\Firefox\Profiles\vvkhsym0.default\cookies.sqlite:track.rtb-media.me
C:\Users\chawki\AppData\Roaming\Mozilla\Firefox\Profiles\vvkhsym0.default\cookies.sqlite:trc.taboola.com


[/code]

Publicité


Signaler le contenu de ce document

Publicité