cjoint

Publicité


Publicité

Format du document : application/octet-stream

Prévisualisation

ÿþ[code]
HitmanPro 3.7.14.265
www.hitmanpro.com

Computer name . . . . : SALAHEDDINE-PC
Windows . . . . . . . : 6.3.0.9600.X64/4
User name . . . . . . : SALAHEDDINE-PC\SALAHEDDINE
UAC . . . . . . . . . : Enabled
License . . . . . . . : Trial (30 days left)

Scan date . . . . . . : 2016-06-08 20:59:43
Scan mode . . . . . . : Normal
Scan duration . . . . : 6m 12s
Disk access mode . . : Direct disk access (SRB)
Cloud . . . . . . . . : Internet
Reboot . . . . . . . : No

Threats . . . . . . . : 22
Traces . . . . . . . : 38

Objects scanned . . . : 1 823 656
Files scanned . . . . : 50 881
Remnants scanned . . : 485 876 files / 1 286 899 keys

Suspicious files ____________________________________________________________

C:\Users\SALAHEDDINE\AppData\Local\PunkBuster\GRFS\pb\PnkBstrK.sys
Size . . . . . . . : 139 752 bytes
Age . . . . . . . : 193.1 days (2015-11-28 18:00:38)
Entropy . . . . . : 7.8
SHA-256 . . . . . : 190F16E9E5087FB75ADFDE73CF658FE493193DCFE2191172F1639C9FE658CA20
RSA Key Size . . . : 2048
Authenticode . . . : Valid
Fuzzy . . . . . . : 22.0
The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
Authors name is missing in version info. This is not common to most programs.
Version control is missing. This file is probably created by an individual. This is not typical for most programs.
Program contains PE structure anomalies. This is not typical for most programs.
The file is a device driver. Device drivers run as trusted (highly privileged) code.
Program is code signed with a valid Authenticode certificate.


Malware remnants ____________________________________________________________

HKLM\SOFTWARE\Classes\Interface\{02F878DF-E2BE-4B85-8CB4-A0D2D4E2ED7F}\ (FindWide) -> Deleted
HKLM\SOFTWARE\Classes\Interface\{2AF343DD-3102-4F9D-AC95-DCA4C95382C7}\ (FindWide) -> Deleted
HKLM\SOFTWARE\Classes\Interface\{3137BC14-D8D7-4B67-8FFA-2E0B2E9D541B}\ (FindWide) -> Deleted
HKLM\SOFTWARE\Classes\Interface\{4CA2AC92-971B-47B1-ACB6-357B552155AC}\ (FindWide) -> Deleted
HKLM\SOFTWARE\Classes\Interface\{52C5395B-1FCD-47FA-A834-FD830701C2D5}\ (FindWide) -> Deleted
HKLM\SOFTWARE\Classes\Interface\{5D3DCC39-9233-4330-94E9-DA92BE49CA1A}\ (FindWide) -> Deleted
HKLM\SOFTWARE\Classes\Interface\{615FACDF-DADB-440D-AC91-8AAB0AE9E3AD}\ (FindWide) -> Deleted
HKLM\SOFTWARE\Classes\Interface\{655847A1-FA36-46ED-923B-A5CD523696EA}\ (FindWide) -> Deleted
HKLM\SOFTWARE\Classes\Interface\{762D463B-C45A-456D-A80D-8689C297C91E}\ (FindWide) -> Deleted
HKLM\SOFTWARE\Classes\Interface\{7A6BE473-7960-44D0-BD54-D23DA76353DF}\ (FindWide) -> Deleted
HKLM\SOFTWARE\Classes\Interface\{803F550E-BAAE-42BB-8917-64BA0006AB17}\ (FindWide) -> Deleted
HKLM\SOFTWARE\Classes\Interface\{8D5BC51D-C9D3-43B9-B728-B30677B7C7E8}\ (FindWide) -> Deleted
HKLM\SOFTWARE\Classes\Interface\{991C9D8D-A789-4DB9-BDFC-5F33398B04BF}\ (FindWide) -> Deleted
HKLM\SOFTWARE\Classes\Interface\{A5ACC874-D943-483F-A2D1-14598D51F872}\ (FindWide) -> Deleted
HKLM\SOFTWARE\Classes\Interface\{B0474212-0D9D-4361-90B3-B89D1A44275D}\ (FindWide) -> Deleted
HKLM\SOFTWARE\Classes\Interface\{BFDE183A-C6FE-41D2-80F9-586C29210AC2}\ (FindWide) -> Deleted
HKLM\SOFTWARE\Classes\Interface\{D83C83BF-3EDD-4410-ADAB-5295116DD8C7}\ (FindWide) -> Deleted
HKLM\SOFTWARE\Classes\Interface\{DD260902-9420-4055-A956-9152EB4F3E6A}\ (FindWide) -> Deleted
HKLM\SOFTWARE\Classes\Interface\{EB1F9F3C-5526-4DAE-BD4B-3EAA7715DA9F}\ (FindWide) -> Deleted
HKLM\SOFTWARE\Classes\Interface\{EBBC143E-44AC-4B9C-BCCE-9A0E42921F2A}\ (FindWide) -> Deleted
HKLM\SOFTWARE\Classes\Interface\{F68DC16C-9C2B-455B-8853-7E4D34BAA3F4}\ (FindWide) -> Deleted
HKLM\SOFTWARE\Classes\Interface\{FBA8498F-B3A0-4942-A2BF-E0CB7BC7E000}\ (FindWide) -> Deleted

Potential Unwanted Programs _________________________________________________

HKLM\SOFTWARE\Classes\Interface\{F1912128-469A-4138-AA26-9699C15BB13E}\ (eShield) -> Deleted
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}\ (QVO6) -> Deleted
HKU\S-1-5-21-225983278-990865864-3999286062-1001\Software\IM\ (Sweetpacks) -> Deleted

Cookies _____________________________________________________________________

C:\Users\SALAHEDDINE\AppData\Local\Google\Chrome\User Data\Default\Cookies:adnxs.com
C:\Users\SALAHEDDINE\AppData\Local\Google\Chrome\User Data\Default\Cookies:doubleclick.net
C:\Users\SALAHEDDINE\AppData\Local\Google\Chrome\User Data\Default\Cookies:gwallet.com
C:\Users\SALAHEDDINE\AppData\Local\Google\Chrome\User Data\Default\Cookies:mathtag.com
C:\Users\SALAHEDDINE\AppData\Local\Google\Chrome\User Data\Default\Cookies:mookie1.com
C:\Users\SALAHEDDINE\AppData\Local\Google\Chrome\User Data\Default\Cookies:po.st
C:\Users\SALAHEDDINE\AppData\Local\Google\Chrome\User Data\Default\Cookies:scorecardresearch.com
C:\Users\SALAHEDDINE\AppData\Local\Google\Chrome\User Data\Default\Cookies:www.googleadservices.com
C:\Users\SALAHEDDINE\AppData\Local\Microsoft\Windows\INetCookies\1L7JU396.txt
C:\Users\SALAHEDDINE\AppData\Local\Microsoft\Windows\INetCookies\H3MCMANN.txt
C:\Users\SALAHEDDINE\AppData\Local\Microsoft\Windows\INetCookies\M0UXOOML.txt
C:\Users\SALAHEDDINE\AppData\Local\Microsoft\Windows\INetCookies\Y57GLTQ6.txt


[/code]

Publicité


Signaler le contenu de ce document

Publicité