HitmanPro-20170404-2005.log

Document joint : GDethNr6bg6_HitmanPro-20170404-2005.log

Cliquez pour partager vos propres fichiers

Format du document : application/octet-stream

Prévisualisation

[code]
HitmanPro 3.7.18.284
www.hitmanpro.com

Computer name . . . . : AKRAM
Windows . . . . . . . : 6.3.0.9600.X64/4
User name . . . . . . : akram\idoard
UAC . . . . . . . . . : Enabled
License . . . . . . . : Trial (31 days left)

Scan date . . . . . . : 2017-04-04 19:31:04
Scan mode . . . . . . : Normal
Scan duration . . . . : 12m 18s
Disk access mode . . : Direct disk access (SRB)
Cloud . . . . . . . . : Internet
Reboot . . . . . . . : Yes

Threats . . . . . . . : 8
Traces . . . . . . . : 155

Objects scanned . . . : 2 054 883
Files scanned . . . . : 60 696
Remnants scanned . . : 455 522 files / 1 538 665 keys

Malware _____________________________________________________________________

C:\Users\idoard\Desktop\destr 2.6\NewDest.exe -> Quarantined
Size . . . . . . . : 212 992 bytes
Age . . . . . . . : 5.3 days (2017-03-30 11:38:47)
Entropy . . . . . : 5.1
SHA-256 . . . . . : 177EB8C24942C611D3811BA11CF81157817D3DC8F4FF96ACD9CA12E075FC116E
Product . . . . . : Project1
Version . . . . . : 1.00
LanguageID . . . . : 1033
> Bitdefender . . . : Gen:Trojan.Heur.VP2.nm0@aqgPI@oi
Fuzzy . . . . . . : 105.0
Forensic Cluster
-32.5s C:\Users\idoard\Desktop\destr 2.6\fix.bat
-31.6s C:\Users\idoard\Desktop\destr 2.6\fix2.bat
-31.6s C:\Users\idoard\Desktop\destr 2.6\mainplug.ocx
-1.7s C:\Users\idoard\Desktop\destr 2.6\MSWINSCK.OCX
0.0s C:\Users\idoard\Desktop\destr 2.6\NewDest.exe
0.0s C:\Users\idoard\Desktop\destr 2.6\playerplug.ocx
0.5s C:\Users\idoard\Desktop\destr 2.6\update.dll
2.1s C:\Users\idoard\Desktop\destr 2.6\comhlp.ocx
4.9s C:\Users\idoard\Desktop\destr 2.6\descore.dll

C:\Users\idoard\Desktop\NewDestV2.3\NewDest.exe -> Deleted
Size . . . . . . . : 217 088 bytes
Age . . . . . . . : 154.6 days (2016-11-01 04:10:18)
Entropy . . . . . : 5.2
SHA-256 . . . . . : F064889AF114FA715AC9E4F5D72517BF66261D726F082B5704003FF035B13A4F
Product . . . . . : Project1
Version . . . . . : 1.00
LanguageID . . . . : 1033
> Bitdefender . . . : Gen:Variant.Symmi.66435
> HitmanPro . . . . : Mal/Generic-S
Fuzzy . . . . . . : 103.0

C:\Users\idoard\Desktop\Nouveau dossier (2)\Au Volant 1\_ISREG32.DLL -> Deleted
Size . . . . . . . : 401 808 bytes
Age . . . . . . . : 236.8 days (2016-08-11 00:43:47)
Entropy . . . . . : 6.6
SHA-256 . . . . . : C2B32955142602A930E8F5AC998A1C55B66DE698B1D8E575DE2792B3C3A1C61A
Product . . . . . : Stirling _isreg32
Publisher . . . . : Stirling
Description . . . : _isreg32
Version . . . . . : 2.0.0.0
Copyright . . . . : Copyright © 1995
LanguageID . . . . : 1033
> Bitdefender . . . : Win32.Ramnit.N
> Kaspersky . . . . : Virus.Win32.Nimnul.a
> HitmanPro . . . . : W32/Ramnit-A
Fuzzy . . . . . . : 100.0

C:\Users\idoard\Desktop\Nouveau dossier (2)\Auvolant4\AuVolant4.exe -> Deleted
Size . . . . . . . : 1 149 952 bytes
Age . . . . . . . : 236.8 days (2016-08-11 00:48:15)
Entropy . . . . . : 6.8
SHA-256 . . . . . : B59FA6A241C1EB9447376C92E84D618C760972AFEE8A370A94AA210BB7F7DD31
> Bitdefender . . . : Trojan.Generic.7965872
> Kaspersky . . . . : HEUR:Trojan.Win32.Generic
Fuzzy . . . . . . : 106.0

C:\Users\idoard\Desktop\TeamViewer 11 By.EslamAbdullah\TV Corporate.exe -> Deleted
Size . . . . . . . : 759 296 bytes
Age . . . . . . . : 10.1 days (2017-03-25 17:48:06)
Entropy . . . . . : 8.0
SHA-256 . . . . . : 2FFB3E733A62ECD7437286E7C1F189EB60DBD487059DBB2C3C16D709548E89E0
> Bitdefender . . . : Dropped:Trojan.Generic.15957778
> HitmanPro . . . . : Troj/Agent-WFN
Fuzzy . . . . . . : 115.0
Forensic Cluster
-0.2s C:\Users\idoard\Desktop\TeamViewer 11 By.EslamAbdullah\
-0.2s C:\Users\idoard\Desktop\TeamViewer 11 By.EslamAbdullah\TeamViewer_Setup.exe
0.0s C:\Users\idoard\Desktop\TeamViewer 11 By.EslamAbdullah\TV Corporate.exe
0.0s C:\Users\idoard\Desktop\TeamViewer 11 By.EslamAbdullah\TV Enterprise.exe
0.0s C:\Users\idoard\Desktop\TeamViewer 11 By.EslamAbdullah\TV Premium.exe

C:\Users\idoard\Desktop\TeamViewer 11 By.EslamAbdullah\TV Enterprise.exe -> Deleted
Size . . . . . . . : 759 808 bytes
Age . . . . . . . : 10.1 days (2017-03-25 17:48:06)
Entropy . . . . . : 8.0
SHA-256 . . . . . : 446110177F7FC92276912534758C0506A2E6B6BF91C8F725DC80317E5C15CA4D
> Bitdefender . . . : Gen:Variant.Kazy.378723
> HitmanPro . . . . : Troj/Agent-WFN
Fuzzy . . . . . . : 115.0
Forensic Cluster
-0.2s C:\Users\idoard\Desktop\TeamViewer 11 By.EslamAbdullah\
-0.2s C:\Users\idoard\Desktop\TeamViewer 11 By.EslamAbdullah\TeamViewer_Setup.exe
-0.0s C:\Users\idoard\Desktop\TeamViewer 11 By.EslamAbdullah\TV Corporate.exe
0.0s C:\Users\idoard\Desktop\TeamViewer 11 By.EslamAbdullah\TV Enterprise.exe
0.0s C:\Users\idoard\Desktop\TeamViewer 11 By.EslamAbdullah\TV Premium.exe

C:\Users\idoard\Desktop\TeamViewer 11 By.EslamAbdullah\TV Premium.exe -> Deleted
Size . . . . . . . : 759 296 bytes
Age . . . . . . . : 10.1 days (2017-03-25 17:48:06)
Entropy . . . . . : 8.0
SHA-256 . . . . . : B064C34D974209CB3ED26C08142F9ADBF3E4D05DF902B0100E923B56FF1B39B9
> Bitdefender . . . : Dropped:Trojan.Generic.16287638
> HitmanPro . . . . : Troj/Agent-WFN
Fuzzy . . . . . . : 115.0
Forensic Cluster
-0.2s C:\Users\idoard\Desktop\TeamViewer 11 By.EslamAbdullah\
-0.2s C:\Users\idoard\Desktop\TeamViewer 11 By.EslamAbdullah\TeamViewer_Setup.exe
-0.0s C:\Users\idoard\Desktop\TeamViewer 11 By.EslamAbdullah\TV Corporate.exe
-0.0s C:\Users\idoard\Desktop\TeamViewer 11 By.EslamAbdullah\TV Enterprise.exe
0.0s C:\Users\idoard\Desktop\TeamViewer 11 By.EslamAbdullah\TV Premium.exe

C:\Users\idoard\Downloads\Programs\mHotspot_setup_latest.exe -> Quarantined
Size . . . . . . . : 1 351 208 bytes
Age . . . . . . . : 21.2 days (2017-03-14 15:03:32)
Entropy . . . . . : 7.9
SHA-256 . . . . . : 65FB5076E105EFB972123B1B9EF5F87C8F13EA28F5B422A3C05F47D80F8D00DF
Product . . . . . : mHotspot
Publisher . . . . : 1BN Software & IT Solutions Pvt. Ltd.
Description . . . : mHotspot Setup
Version . . . . . : 7.8.8.0
RSA Key Size . . . : 2048
LanguageID . . . . : 0
Authenticode . . . : Valid
> HitmanPro . . . . : App/InstCore-LL
Fuzzy . . . . . . : 101.0
Forensic Cluster
-1.8s C:\Users\idoard\AppData\Roaming\IDM\DwnlData\idoard\mHotspot_setup_latest_2242\
0.0s C:\Users\idoard\Downloads\Programs\mHotspot_setup_latest.exe

Suspicious files ____________________________________________________________

C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
Size . . . . . . . : 10 883 824 bytes
Age . . . . . . . : 2.9 days (2017-04-01 22:21:31)
Entropy . . . . . : 6.4
SHA-256 . . . . . : 81C47DE1316D83A190022C725D929B720EBA5F497676B3720CA7C01D9CD45BCF
Product . . . . . : TeamViewer
Publisher . . . . : TeamViewer GmbH
Description . . . : TeamViewer 12
Version . . . . . : 12.1.10277.0
RSA Key Size . . . : 2048
Service . . . . . : TeamViewer
LanguageID . . . . : 2057
Authenticode . . . : Invalid
Running processes : 2008
Fuzzy . . . . . . : 25.0
Program is altered or corrupted since it was code signed by its author. This is typical for malware and pirated software.
This program is actively listening for inbound network connections.
Starts automatically as a service during system bootup.
Program starts automatically without user intervention.
Time indicates that the file appeared recently on this computer.
The file is in use by one or more active processes.
The file appears to be part of an installation package or setup program. This is typical for most programs.
Startup
HKLM\SYSTEM\CurrentControlSet\Services\TeamViewer\
Network Ports
127.0.0.1:5939
Forensic Cluster
0.0s C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
0.2s C:\Program Files (x86)\TeamViewer\TeamViewer.exe
0.6s C:\Program Files (x86)\TeamViewer\TeamViewer_Desktop.exe

C:\Users\idoard\Desktop\Crack.Corp\TeamViewer_Desktop.exe
Size . . . . . . . : 8 987 888 bytes
Age . . . . . . . : 6.2 days (2017-03-29 13:31:49)
Entropy . . . . . : 6.6
SHA-256 . . . . . : 0198896E783F51CBFFC4C724D342E61253892A437BCCF6C2373196FC903FE322
Product . . . . . : TeamViewer
Publisher . . . . : TeamViewer GmbH
Description . . . : TeamViewer 12
Version . . . . . : 12.1.6829.0
RSA Key Size . . . : 2048
LanguageID . . . . : 2057
Authenticode . . . : Invalid
Fuzzy . . . . . . : 22.0
Program is altered or corrupted since it was code signed by its author. This is typical for malware and pirated software.
Time indicates that the file appeared recently on this computer.
Forensic Cluster
-0.4s C:\Users\idoard\Desktop\Crack.Corp\
-0.4s C:\Users\idoard\Desktop\Crack.Corp\TeamViewer.exe
0.0s C:\Users\idoard\Desktop\Crack.Corp\TeamViewer_Desktop.exe
0.1s C:\Users\idoard\Desktop\Crack.Corp\TeamViewer_Service.exe

C:\Users\idoard\Desktop\Crack.Corp\TeamViewer_Service.exe
Size . . . . . . . : 10 351 856 bytes
Age . . . . . . . : 6.2 days (2017-03-29 13:31:49)
Entropy . . . . . : 6.4
SHA-256 . . . . . : EB2E8CECB70798AEF6AED078B5A6DBBCABEF7D38466B093210E5B40BD7FA12C4
Product . . . . . : TeamViewer
Publisher . . . . : TeamViewer GmbH
Description . . . : TeamViewer 12
Version . . . . . : 12.1.6829.0
RSA Key Size . . . : 2048
LanguageID . . . . : 2057
Authenticode . . . : Invalid
Fuzzy . . . . . . : 22.0
Program is altered or corrupted since it was code signed by its author. This is typical for malware and pirated software.
Time indicates that the file appeared recently on this computer.
Forensic Cluster
-0.5s C:\Users\idoard\Desktop\Crack.Corp\
-0.5s C:\Users\idoard\Desktop\Crack.Corp\TeamViewer.exe
-0.1s C:\Users\idoard\Desktop\Crack.Corp\TeamViewer_Desktop.exe
0.0s C:\Users\idoard\Desktop\Crack.Corp\TeamViewer_Service.exe

Potential Unwanted Programs _________________________________________________

HKLM\SOFTWARE\Classes\AppID\IEHelper.DLL\ (IQIYI) -> Deleted
HKLM\SOFTWARE\Classes\AppID\{0d45aa19-e850-49d3-a5a7-26cc49aac62b}\ (GreatFind) -> Deleted
HKLM\SOFTWARE\Classes\AppID\{6768c435-b8a5-418e-a09d-ac391d4949dc}\ (GreatFind) -> Deleted
HKLM\SOFTWARE\Classes\AppID\{F2A21BBC-4512-4A05-9224-1F6DBDEA4153}\ (IQIYI) -> Deleted
HKLM\SOFTWARE\Classes\CLSID\{F3D0D36F-23F8-4682-A195-74C92B03D4AF}\ (IQIYI) -> Deleted
HKLM\SOFTWARE\Classes\MIME\Database\Content Type\application/pps-webplayer-plugin\ (IQIYI) -> Deleted
HKLM\SOFTWARE\Classes\MIME\Database\Content Type\application/qywebplayer\ (IQIYI) -> Deleted
HKLM\SOFTWARE\Classes\ppsrun\ (IQIYI) -> Deleted
HKLM\SOFTWARE\Classes\ppstream\ (IQIYI) -> Deleted
HKLM\SOFTWARE\Classes\qips\ (IQIYI) -> Deleted
HKLM\SOFTWARE\Classes\qisu\ (IQIYI) -> Deleted
HKLM\SOFTWARE\Classes\TypeLib\{DA624F8F-98BF-4B03-AD11-A12D07119E81}\ (Baidu) -> Deleted
HKLM\SOFTWARE\Classes\Wow6432Node\AppID\IEHelper.DLL\ (IQIYI) -> PendingDelete
HKLM\SOFTWARE\Classes\Wow6432Node\AppID\{0d45aa19-e850-49d3-a5a7-26cc49aac62b}\ (GreatFind) -> PendingDelete
HKLM\SOFTWARE\Classes\Wow6432Node\AppID\{6768c435-b8a5-418e-a09d-ac391d4949dc}\ (GreatFind) -> PendingDelete
HKLM\SOFTWARE\Classes\Wow6432Node\AppID\{F2A21BBC-4512-4A05-9224-1F6DBDEA4153}\ (IQIYI) -> PendingDelete
HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{5EC7C511-CD0F-42E6-830C-1BD9882F3458}\ (IQIYI) -> Deleted
HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{F3D0D36F-23F8-4682-A195-74C92B03D4AF}\ (IQIYI) -> Deleted
HKLM\SOFTWARE\Classes\Wow6432Node\HCDNPROXY\ (IQIYI) -> Deleted
HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{023E9EC8-B147-40EB-B0B3-DF90618FB371}\ (GlobalUpdate) -> Deleted
HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{0522D9A4-4D57-437D-978D-E5B3B6C9005D}\ (GlobalUpdate) -> Deleted
HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{07F41522-AF7D-4F26-B394-094F059FDB8A}\ (GlobalUpdate) -> Deleted
HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{0C40F472-7407-4467-8914-1DEA7C326972}\ (GlobalUpdate) -> Deleted
HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{212E6D43-6062-492A-B8CC-144669FF11ED}\ (GlobalUpdate) -> Deleted
HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{224FE662-1E6D-4BC0-AEBB-9E2FB4057BE9}\ (GlobalUpdate) -> Deleted
HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{3A807417-B46D-4D37-8C9A-19AC6DE204F9}\ (GlobalUpdate) -> Deleted
HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{3CC60715-D6C5-429D-830E-43FA3F86C61D}\ (GlobalUpdate) -> Deleted
HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{4517D94C-19BA-46FA-BE66-2A30CEAC4A85}\ (GlobalUpdate) -> Deleted
HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{555D7146-94A8-4C94-AE76-C39CDC7F7705}\ (GlobalUpdate) -> Deleted
HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{59D188FA-757A-424E-8C93-F58FFD896BD7}\ (GlobalUpdate) -> Deleted
HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{8120D9D6-785C-4413-9C0C-DF2028C56FAD}\ (GlobalUpdate) -> Deleted
HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{823AE2EB-E62C-4847-B192-C99B91B92416}\ (GlobalUpdate) -> Deleted
HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{9B4F7CFE-987D-410E-A8E4-20182E0B3C24}\ (GlobalUpdate) -> Deleted
HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{9B9A45F4-18FC-484A-BACA-076D78273D8E}\ (GlobalUpdate) -> Deleted
HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{A6D54287-7939-466A-8579-92546D946C8C}\ (GlobalUpdate) -> Deleted
HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{A78EDAFB-926F-4D93-AB13-8232D7378EB1}\ (GlobalUpdate) -> Deleted
HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{A8F7D0A5-7074-40B8-9BDC-1174BDD0A132}\ (GlobalUpdate) -> Deleted
HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{D14D64BC-A0E4-42E3-BB72-FB41EA43C198}\ (GlobalUpdate) -> Deleted
HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{DD1F043F-ABC8-4643-8B95-D2C5B22BB019}\ (GlobalUpdate) -> Deleted
HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{E3F3E8F9-F747-4DD6-BA6B-82A6CE1E0860}\ (GlobalUpdate) -> Deleted
HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{ED0B64D4-BF27-4521-AD27-190F49BF5EA7}\ (GlobalUpdate) -> Deleted
HKLM\SOFTWARE\Classes\Wow6432Node\MIME\Database\Content Type\application/pps-webplayer-plugin\ (IQIYI) -> Deleted
HKLM\SOFTWARE\Classes\Wow6432Node\MIME\Database\Content Type\application/qywebplayer\ (IQIYI) -> Deleted
HKLM\SOFTWARE\Classes\Wow6432Node\TypeLib\{DA624F8F-98BF-4B03-AD11-A12D07119E81}\ (Baidu) -> PendingDelete
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{5EC7C511-CD0F-42E6-830C-1BD9882F3458}\ (IQIYI) -> Deleted
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{F3D0D36F-23F8-4682-A195-74C92B03D4AF}\ (IQIYI) -> Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{5EC7C511-CD0F-42E6-830C-1BD9882F3458}\ (IQIYI) -> Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F3D0D36F-23F8-4682-A195-74C92B03D4AF}\ (IQIYI) -> Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{5E6A8DA1-5731-465B-B036-B9E16EF26CAC}\ (IQIYI) -> Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{5EC7C511-CD0F-42E6-830C-1BD9882F3458}\ (IQIYI) -> Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{F3D0D36F-23F8-4682-A195-74C92B03D4AF}\ (IQIYI) -> Deleted
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{F3D0D36F-23F8-4682-A195-74C92B03D4AF}\ (IQIYI) -> Deleted
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{5EC7C511-CD0F-42E6-830C-1BD9882F3458}\ (IQIYI) -> Deleted
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F3D0D36F-23F8-4682-A195-74C92B03D4AF}\ (IQIYI) -> Deleted
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\Stats\{5645E0E7-FC12-43BF-A6E4-F9751942B298}\ (DomalQ) -> Deleted
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\Stats\{5E6A8DA1-5731-465B-B036-B9E16EF26CAC}\ (IQIYI) -> Deleted
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\Stats\{5EC7C511-CD0F-42E6-830C-1BD9882F3458}\ (IQIYI) -> Deleted
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\Stats\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}\ (DomalQ) -> Deleted
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\Stats\{F3D0D36F-23F8-4682-A195-74C92B03D4AF}\ (IQIYI) -> Deleted
HKLM\SYSTEM\ControlSet001\Services\EventLog\Application\RndService\ (Amonetize) -> Deleted
HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\RndService\ (Amonetize) -> PendingDelete
HKU\.DEFAULT\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Software\_CrossriderRegNamePlaceHolder_\ (Crossrider) -> Deleted
HKU\S-1-5-18\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Software\_CrossriderRegNamePlaceHolder_\ (Crossrider) -> PendingDelete
HKU\S-1-5-21-3769297984-958712084-3430566527-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\DefaultBrowser_NOPUBLISHERID\SplashScreen\DefaultBrowser_NOPUBLISHERID!Crossbrowse\ (CrossBrowse) -> Deleted
HKU\S-1-5-21-3769297984-958712084-3430566527-1001\Software\Classes\PPS.IPlayer.1\ (IQIYI) -> Deleted
HKU\S-1-5-21-3769297984-958712084-3430566527-1001\Software\Classes\PPS.IPlayer\ (IQIYI) -> Deleted
HKU\S-1-5-21-3769297984-958712084-3430566527-1001\Software\Classes\PPS.ThirdPlayer\ (IQIYI) -> Deleted
HKU\S-1-5-21-3769297984-958712084-3430566527-1001\Software\Classes\Wow6432Node\Interface\{348DDE78-0469-4679-B9AF-95A73EDA1AC9}\ (IQIYI) -> Deleted
HKU\S-1-5-21-3769297984-958712084-3430566527-1001\Software\Classes\Wow6432Node\Interface\{8AFC18D6-8D4A-4B9B-88F3-1D9F83E992BB}\ (IQIYI) -> Deleted
HKU\S-1-5-21-3769297984-958712084-3430566527-1001\Software\Microsoft\Internet Explorer\ProtocolExecute\ppsrun\ (IQIYI) -> Deleted
HKU\S-1-5-21-3769297984-958712084-3430566527-1001\Software\Microsoft\Internet Explorer\ProtocolExecute\ppstream\ (IQIYI) -> Deleted
HKU\S-1-5-21-3769297984-958712084-3430566527-1001\Software\Microsoft\Internet Explorer\ProtocolExecute\qips\ (IQIYI) -> Deleted
HKU\S-1-5-21-3769297984-958712084-3430566527-1001\Software\Microsoft\Internet Explorer\ProtocolExecute\qisu\ (IQIYI) -> Deleted
HKU\S-1-5-21-3769297984-958712084-3430566527-1001\Software\Microsoft\Internet Explorer\ProtocolExecute\qygameclient\ (IQIYI) -> Deleted
HKU\S-1-5-21-3769297984-958712084-3430566527-1001\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{5EC7C511-CD0F-42E6-830C-1BD9882F3458}\ (IQIYI) -> Deleted
HKU\S-1-5-21-3769297984-958712084-3430566527-1001\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F3D0D36F-23F8-4682-A195-74C92B03D4AF}\ (IQIYI) -> Deleted
HKU\S-1-5-21-3769297984-958712084-3430566527-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5EC7C511-CD0F-42E6-830C-1BD9882F3458}\ (IQIYI) -> Deleted
HKU\S-1-5-21-3769297984-958712084-3430566527-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F3D0D36F-23F8-4682-A195-74C92B03D4AF}\ (IQIYI) -> Deleted
HKU\S-1-5-21-3769297984-958712084-3430566527-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\DefaultBrowser_NOPUBLISHERID\SplashScreen\DefaultBrowser_NOPUBLISHERID!Crossbrowse\ (CrossBrowse) -> PendingDelete
HKU\S-1-5-21-3769297984-958712084-3430566527-1001_Classes\PPS.IPlayer.1\ (IQIYI) -> PendingDelete
HKU\S-1-5-21-3769297984-958712084-3430566527-1001_Classes\PPS.IPlayer\ (IQIYI) -> PendingDelete
HKU\S-1-5-21-3769297984-958712084-3430566527-1001_Classes\PPS.ThirdPlayer\ (IQIYI) -> PendingDelete
HKU\S-1-5-21-3769297984-958712084-3430566527-1001_Classes\Wow6432Node\Interface\{348DDE78-0469-4679-B9AF-95A73EDA1AC9}\ (IQIYI) -> PendingDelete
HKU\S-1-5-21-3769297984-958712084-3430566527-1001_Classes\Wow6432Node\Interface\{8AFC18D6-8D4A-4B9B-88F3-1D9F83E992BB}\ (IQIYI) -> PendingDelete

Cookies _____________________________________________________________________

C:\Users\idoard\AppData\Local\Google\Chrome\User Data\Default\Cookies:8267663488.log.optimizely.com
C:\Users\idoard\AppData\Local\Google\Chrome\User Data\Default\Cookies:abmr.net
C:\Users\idoard\AppData\Local\Google\Chrome\User Data\Default\Cookies:adbrn.com
C:\Users\idoard\AppData\Local\Google\Chrome\User Data\Default\Cookies:addthis.com
C:\Users\idoard\AppData\Local\Google\Chrome\User Data\Default\Cookies:adfarm1.adition.com
C:\Users\idoard\AppData\Local\Google\Chrome\User Data\Default\Cookies:adform.net
C:\Users\idoard\AppData\Local\Google\Chrome\User Data\Default\Cookies:adgrx.com
C:\Users\idoard\AppData\Local\Google\Chrome\User Data\Default\Cookies:adingo.jp
C:\Users\idoard\AppData\Local\Google\Chrome\User Data\Default\Cookies:adnxs.com
C:\Users\idoard\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.linkedin.com
C:\Users\idoard\AppData\Local\Google\Chrome\User Data\Default\Cookies:adsrvr.org
C:\Users\idoard\AppData\Local\Google\Chrome\User Data\Default\Cookies:adsymptotic.com
C:\Users\idoard\AppData\Local\Google\Chrome\User Data\Default\Cookies:adtech.de
C:\Users\idoard\AppData\Local\Google\Chrome\User Data\Default\Cookies:adtechus.com
C:\Users\idoard\AppData\Local\Google\Chrome\User Data\Default\Cookies:advertising.com
C:\Users\idoard\AppData\Local\Google\Chrome\User Data\Default\Cookies:agkn.com
C:\Users\idoard\AppData\Local\Google\Chrome\User Data\Default\Cookies:at.atwola.com
C:\Users\idoard\AppData\Local\Google\Chrome\User Data\Default\Cookies:atdmt.com
C:\Users\idoard\AppData\Local\Google\Chrome\User Data\Default\Cookies:basebanner.com
C:\Users\idoard\AppData\Local\Google\Chrome\User Data\Default\Cookies:bidr.io
C:\Users\idoard\AppData\Local\Google\Chrome\User Data\Default\Cookies:bidswitch.net
C:\Users\idoard\AppData\Local\Google\Chrome\User Data\Default\Cookies:bluekai.com
C:\Users\idoard\AppData\Local\Google\Chrome\User Data\Default\Cookies:casalemedia.com
C:\Users\idoard\AppData\Local\Google\Chrome\User Data\Default\Cookies:cdn.at.atwola.com
C:\Users\idoard\AppData\Local\Google\Chrome\User Data\Default\Cookies:connexity.net
C:\Users\idoard\AppData\Local\Google\Chrome\User Data\Default\Cookies:contextweb.com
C:\Users\idoard\AppData\Local\Google\Chrome\User Data\Default\Cookies:crwdcntrl.net
C:\Users\idoard\AppData\Local\Google\Chrome\User Data\Default\Cookies:demdex.net
C:\Users\idoard\AppData\Local\Google\Chrome\User Data\Default\Cookies:doubleclick.net
C:\Users\idoard\AppData\Local\Google\Chrome\User Data\Default\Cookies:dpm.demdex.net
C:\Users\idoard\AppData\Local\Google\Chrome\User Data\Default\Cookies:dsp.linksynergy.com
C:\Users\idoard\AppData\Local\Google\Chrome\User Data\Default\Cookies:effectivemeasure.net
C:\Users\idoard\AppData\Local\Google\Chrome\User Data\Default\Cookies:everesttech.net
C:\Users\idoard\AppData\Local\Google\Chrome\User Data\Default\Cookies:gwallet.com
C:\Users\idoard\AppData\Local\Google\Chrome\User Data\Default\Cookies:lijit.com
C:\Users\idoard\AppData\Local\Google\Chrome\User Data\Default\Cookies:linksynergy.com
C:\Users\idoard\AppData\Local\Google\Chrome\User Data\Default\Cookies:mathtag.com
C:\Users\idoard\AppData\Local\Google\Chrome\User Data\Default\Cookies:mookie1.com
C:\Users\idoard\AppData\Local\Google\Chrome\User Data\Default\Cookies:openx.net
C:\Users\idoard\AppData\Local\Google\Chrome\User Data\Default\Cookies:outbrain.com
C:\Users\idoard\AppData\Local\Google\Chrome\User Data\Default\Cookies:owneriq.net
C:\Users\idoard\AppData\Local\Google\Chrome\User Data\Default\Cookies:pixel.rubiconproject.com
C:\Users\idoard\AppData\Local\Google\Chrome\User Data\Default\Cookies:po.st
C:\Users\idoard\AppData\Local\Google\Chrome\User Data\Default\Cookies:pubmatic.com
C:\Users\idoard\AppData\Local\Google\Chrome\User Data\Default\Cookies:rfihub.com
C:\Users\idoard\AppData\Local\Google\Chrome\User Data\Default\Cookies:rlcdn.com
C:\Users\idoard\AppData\Local\Google\Chrome\User Data\Default\Cookies:rubiconproject.com
C:\Users\idoard\AppData\Local\Google\Chrome\User Data\Default\Cookies:scorecardresearch.com
C:\Users\idoard\AppData\Local\Google\Chrome\User Data\Default\Cookies:simpli.fi
C:\Users\idoard\AppData\Local\Google\Chrome\User Data\Default\Cookies:sxp.smartclip.net
C:\Users\idoard\AppData\Local\Google\Chrome\User Data\Default\Cookies:taboola.com
C:\Users\idoard\AppData\Local\Google\Chrome\User Data\Default\Cookies:tapad.com
C:\Users\idoard\AppData\Local\Google\Chrome\User Data\Default\Cookies:trc.taboola.com
C:\Users\idoard\AppData\Local\Google\Chrome\User Data\Default\Cookies:tubemogul.com
C:\Users\idoard\AppData\Local\Google\Chrome\User Data\Default\Cookies:uk.at.atwola.com
C:\Users\idoard\AppData\Local\Google\Chrome\User Data\Default\Cookies:wtp101.com
C:\Users\idoard\AppData\Local\Microsoft\Windows\INetCookies\PLSP6Q7K.txt

[/code]

Signaler le contenu de ce document