HitmanPro-20161217-2204.log

Document joint : FLrvgl3WXQl_HitmanPro-20161217-2204.log

Cliquez pour partager vos propres fichiers

Format du document : application/octet-stream

Prévisualisation

[code]
HitmanPro 3.7.15.281
www.hitmanpro.com

Computer name . . . . : MINE-PC
Windows . . . . . . . : 6.1.0.7600.X86/2
User name . . . . . . : Mine-PC\Mine
UAC . . . . . . . . . : Disabled
License . . . . . . . : Free

Scan date . . . . . . : 2016-12-17 21:54:44
Scan mode . . . . . . : Normal
Scan duration . . . . : 9m 2s
Disk access mode . . : Direct disk access (SRB)
Cloud . . . . . . . . : Internet
Reboot . . . . . . . : No

Threats . . . . . . . : 1
Traces . . . . . . . : 104

Objects scanned . . . : 648 461
Files scanned . . . . : 17 103
Remnants scanned . . : 128 736 files / 502 622 keys

Malware _____________________________________________________________________

C:\Users\Mine\Downloads\Programs\adwcleaner_5.005.exe
Size . . . . . . . : 1 654 272 bytes
Age . . . . . . . : 470.1 days (2015-09-04 20:14:20)
Entropy . . . . . : 8.0
SHA-256 . . . . . : D46854594FD05E54A4E346B71148A629C425EFCEDFF3F25C074FE4A48694E593
> Kaspersky . . . . : Trojan.Win32.Bayrob.sik
Fuzzy . . . . . . : 114.0

Suspicious files ____________________________________________________________

C:\Google\AutoIt3.exe
Size . . . . . . . : 750 320 bytes
Age . . . . . . . : 234.1 days (2016-04-27 20:19:14)
Entropy . . . . . : 6.8
SHA-256 . . . . . : FB73A819B37523126C7708A1D06F3B8825FA60C926154AB2D511BA668F49DC4B
Product . . . . . : AutoIt v3 Script
Publisher . . . . : AutoIt Team
Description . . . : AutoIt v3 Script
Version . . . . . : 3.3.8.1
RSA Key Size . . . : 2048
Parent Name . . . : C:\Windows\Explorer.EXE
LanguageID . . . . : 2057
Authenticode . . . : Valid
Running processes : 1020
Fuzzy . . . . . . : 21.0
This file's reboot survivability is vigorously protected. This is typical to malware.
Uses the Windows Registry to run each time the user logs on.
Program starts automatically without user intervention.
The file is in use by one or more active processes.
Program is code signed with a valid Authenticode certificate.
Startup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\NewJavaInstall
HKU\S-1-5-21-2196601736-335602388-658010723-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\AdopeFlash

Potential Unwanted Programs _________________________________________________

HKLM\SOFTWARE\Clients\Download\iLivid\ (iLivid)
HKLM\SOFTWARE\Microsoft\Tracing\iLividMediaBar_RASAPI32\ (iLivid)
HKLM\SOFTWARE\Microsoft\Tracing\iLividMediaBar_RASMANCS\ (iLivid)
HKLM\SOFTWARE\Microsoft\Tracing\ProtectService_RASAPI32\ (WindowsMangerProtect)
HKLM\SOFTWARE\Microsoft\Tracing\ProtectService_RASMANCS\ (WindowsMangerProtect)
HKU\S-1-5-21-2196601736-335602388-658010723-1000\Software\Classes\.torrent\iLivid.torrent_backup (iLivid)
HKU\S-1-5-21-2196601736-335602388-658010723-1000_Classes\.torrent\iLivid.torrent_backup (iLivid)

Cookies _____________________________________________________________________

C:\Users\Mine\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.360yield.com
C:\Users\Mine\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.pxlad.io
C:\Users\Mine\AppData\Local\Google\Chrome\User Data\Default\Cookies:addthis.com
C:\Users\Mine\AppData\Local\Google\Chrome\User Data\Default\Cookies:adhigh.net
C:\Users\Mine\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.elbilad.net
C:\Users\Mine\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.elheddaf.com
C:\Users\Mine\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.servebom.com
C:\Users\Mine\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.stickyadstv.com
C:\Users\Mine\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.tracking.justpremium.com
C:\Users\Mine\AppData\Local\Google\Chrome\User Data\Default\Cookies:adserver.adreactor.com
C:\Users\Mine\AppData\Local\Google\Chrome\User Data\Default\Cookies:adserver.ouedkniss.com
C:\Users\Mine\AppData\Local\Google\Chrome\User Data\Default\Cookies:adserverpub.com
C:\Users\Mine\AppData\Local\Google\Chrome\User Data\Default\Cookies:adservingsolutionsinc.adk2x.com
C:\Users\Mine\AppData\Local\Google\Chrome\User Data\Default\Cookies:adtech.de
C:\Users\Mine\AppData\Local\Google\Chrome\User Data\Default\Cookies:adtechus.com
C:\Users\Mine\AppData\Local\Google\Chrome\User Data\Default\Cookies:anz.demdex.net
C:\Users\Mine\AppData\Local\Google\Chrome\User Data\Default\Cookies:atdmt.com
C:\Users\Mine\AppData\Local\Google\Chrome\User Data\Default\Cookies:bidswitch.net
C:\Users\Mine\AppData\Local\Google\Chrome\User Data\Default\Cookies:contextweb.com
C:\Users\Mine\AppData\Local\Google\Chrome\User Data\Default\Cookies:crwdcntrl.net
C:\Users\Mine\AppData\Local\Google\Chrome\User Data\Default\Cookies:ctnsnet.com
C:\Users\Mine\AppData\Local\Google\Chrome\User Data\Default\Cookies:demdex.net
C:\Users\Mine\AppData\Local\Google\Chrome\User Data\Default\Cookies:domdex.com
C:\Users\Mine\AppData\Local\Google\Chrome\User Data\Default\Cookies:doubleclick.net
C:\Users\Mine\AppData\Local\Google\Chrome\User Data\Default\Cookies:dpclk.com
C:\Users\Mine\AppData\Local\Google\Chrome\User Data\Default\Cookies:dynamicyield.com
C:\Users\Mine\AppData\Local\Google\Chrome\User Data\Default\Cookies:effectivemeasure.net
C:\Users\Mine\AppData\Local\Google\Chrome\User Data\Default\Cookies:go.flx1.com
C:\Users\Mine\AppData\Local\Google\Chrome\User Data\Default\Cookies:lijit.com
C:\Users\Mine\AppData\Local\Google\Chrome\User Data\Default\Cookies:mathtag.com
C:\Users\Mine\AppData\Local\Google\Chrome\User Data\Default\Cookies:mmstat.com
C:\Users\Mine\AppData\Local\Google\Chrome\User Data\Default\Cookies:mxptint.net
C:\Users\Mine\AppData\Local\Google\Chrome\User Data\Default\Cookies:nexac.com
C:\Users\Mine\AppData\Local\Google\Chrome\User Data\Default\Cookies:openx.net
C:\Users\Mine\AppData\Local\Google\Chrome\User Data\Default\Cookies:ox-d.ask.servedbyopenx.com
C:\Users\Mine\AppData\Local\Google\Chrome\User Data\Default\Cookies:pool.admedo.com
C:\Users\Mine\AppData\Local\Google\Chrome\User Data\Default\Cookies:postrelease.com
C:\Users\Mine\AppData\Local\Google\Chrome\User Data\Default\Cookies:pubmatic.com
C:\Users\Mine\AppData\Local\Google\Chrome\User Data\Default\Cookies:rhythmxchange.com
C:\Users\Mine\AppData\Local\Google\Chrome\User Data\Default\Cookies:simpli.fi
C:\Users\Mine\AppData\Local\Google\Chrome\User Data\Default\Cookies:smartadserver.com
C:\Users\Mine\AppData\Local\Google\Chrome\User Data\Default\Cookies:swid.switchads.com
C:\Users\Mine\AppData\Local\Google\Chrome\User Data\Default\Cookies:trc.taboola.com
C:\Users\Mine\AppData\Local\Google\Chrome\User Data\Default\Cookies:tubemogul.com
C:\Users\Mine\AppData\Local\Google\Chrome\User Data\Default\Cookies:visualdna.com
C:\Users\Mine\AppData\Local\Google\Chrome\User Data\Default\Cookies:www.googleadservices.com
C:\Users\Mine\AppData\Local\Google\Chrome\User Data\Default\Cookies:yadro.ru
C:\Users\Mine\AppData\Local\Google\Chrome\User Data\Default\Cookies:yieldlab.net
C:\Users\Mine\AppData\Roaming\Microsoft\Windows\Cookies\Low\mine@openx[2].txt
C:\Users\Mine\AppData\Roaming\Microsoft\Windows\Cookies\mine@adnxs[1].txt
C:\Users\Mine\AppData\Roaming\Microsoft\Windows\Cookies\mine@adnxs[3].txt
C:\Users\Mine\AppData\Roaming\Microsoft\Windows\Cookies\mine@adsrvr[1].txt
C:\Users\Mine\AppData\Roaming\Microsoft\Windows\Cookies\mine@adsrvr[2].txt
C:\Users\Mine\AppData\Roaming\Microsoft\Windows\Cookies\mine@adsymptotic[1].txt
C:\Users\Mine\AppData\Roaming\Microsoft\Windows\Cookies\mine@adtechus[1].txt
C:\Users\Mine\AppData\Roaming\Microsoft\Windows\Cookies\mine@agkn[2].txt
C:\Users\Mine\AppData\Roaming\Microsoft\Windows\Cookies\mine@at.atwola[2].txt
C:\Users\Mine\AppData\Roaming\Microsoft\Windows\Cookies\mine@atdmt[1].txt
C:\Users\Mine\AppData\Roaming\Microsoft\Windows\Cookies\mine@bidswitch[2].txt
C:\Users\Mine\AppData\Roaming\Microsoft\Windows\Cookies\mine@bluekai[1].txt
C:\Users\Mine\AppData\Roaming\Microsoft\Windows\Cookies\mine@burstnet[1].txt
C:\Users\Mine\AppData\Roaming\Microsoft\Windows\Cookies\mine@casalemedia[1].txt
C:\Users\Mine\AppData\Roaming\Microsoft\Windows\Cookies\mine@chango[1].txt
C:\Users\Mine\AppData\Roaming\Microsoft\Windows\Cookies\mine@chango[3].txt
C:\Users\Mine\AppData\Roaming\Microsoft\Windows\Cookies\mine@collective-media[1].txt
C:\Users\Mine\AppData\Roaming\Microsoft\Windows\Cookies\mine@contextweb[1].txt
C:\Users\Mine\AppData\Roaming\Microsoft\Windows\Cookies\mine@demdex[1].txt
C:\Users\Mine\AppData\Roaming\Microsoft\Windows\Cookies\mine@doubleclick[1].txt
C:\Users\Mine\AppData\Roaming\Microsoft\Windows\Cookies\mine@dpm.demdex[1].txt
C:\Users\Mine\AppData\Roaming\Microsoft\Windows\Cookies\mine@effectivemeasure[1].txt
C:\Users\Mine\AppData\Roaming\Microsoft\Windows\Cookies\mine@gwallet[1].txt
C:\Users\Mine\AppData\Roaming\Microsoft\Windows\Cookies\mine@gwallet[3].txt
C:\Users\Mine\AppData\Roaming\Microsoft\Windows\Cookies\mine@lijit[2].txt
C:\Users\Mine\AppData\Roaming\Microsoft\Windows\Cookies\mine@liverail[2].txt
C:\Users\Mine\AppData\Roaming\Microsoft\Windows\Cookies\mine@mathtag[2].txt
C:\Users\Mine\AppData\Roaming\Microsoft\Windows\Cookies\mine@nexac[1].txt
C:\Users\Mine\AppData\Roaming\Microsoft\Windows\Cookies\mine@openx[1].txt
C:\Users\Mine\AppData\Roaming\Microsoft\Windows\Cookies\mine@pixel.rubiconproject[1].txt
C:\Users\Mine\AppData\Roaming\Microsoft\Windows\Cookies\mine@pubmatic[2].txt
C:\Users\Mine\AppData\Roaming\Microsoft\Windows\Cookies\mine@rhythmxchange[1].txt
C:\Users\Mine\AppData\Roaming\Microsoft\Windows\Cookies\mine@rlcdn[2].txt
C:\Users\Mine\AppData\Roaming\Microsoft\Windows\Cookies\mine@rs.gwallet[1].txt
C:\Users\Mine\AppData\Roaming\Microsoft\Windows\Cookies\mine@ru4[2].txt
C:\Users\Mine\AppData\Roaming\Microsoft\Windows\Cookies\mine@rubiconproject[1].txt
C:\Users\Mine\AppData\Roaming\Microsoft\Windows\Cookies\mine@scorecardresearch[2].txt
C:\Users\Mine\AppData\Roaming\Microsoft\Windows\Cookies\mine@simpli[2].txt
C:\Users\Mine\AppData\Roaming\Microsoft\Windows\Cookies\mine@tapad[2].txt
C:\Users\Mine\AppData\Roaming\Microsoft\Windows\Cookies\mine@tubemogul[1].txt
C:\Users\Mine\AppData\Roaming\Microsoft\Windows\Cookies\mine@turn[2].txt
C:\Users\Mine\AppData\Roaming\Microsoft\Windows\Cookies\mine@w55c[1].txt
C:\Users\Mine\AppData\Roaming\Microsoft\Windows\Cookies\mine@www.googleadservices[1].txt
C:\Users\Mine\AppData\Roaming\Microsoft\Windows\Cookies\mine@yadro[2].txt

[/code]

Signaler le contenu de ce document