HitmanPro-20180605-1920.log

Document joint : HFjdDmO770h_HitmanPro-20180605-1920.log

Cliquez pour partager vos propres fichiers

Format du document : application/octet-stream

Prévisualisation

[code]
HitmanPro 3.8.0.294
www.hitmanpro.com

Computer name . . . . : DESKTOP-37KC94K
Windows . . . . . . . : 10.0.0.16299.X64/2
User name . . . . . . : DESKTOP-37KC94K\jean-
UAC . . . . . . . . . : Enabled
License . . . . . . . : Paid (54 days left)

Scan date . . . . . . : 2018-06-05 15:10:47
Scan mode . . . . . . : Normal
Scan duration . . . . : 2h 24m 17s
Disk access mode . . : Direct disk access (SRB)
Cloud . . . . . . . . : Internet
Reboot . . . . . . . : Yes

Threats . . . . . . . : 10
Traces . . . . . . . : 61

Objects scanned . . . : 2 990 122
Files scanned . . . . : 148 269
Remnants scanned . . : 1 139 101 files / 1 702 752 keys

Miniport ____________________________________________________________________

Primary
DriverObject . . . : FFFFDA8EC1EBDCC0
DriverName . . . . : \Driver\amd_sata
DriverPath . . . . : \SystemRoot\System32\drivers\amd_sata.sys
StartIo . . . . . : 0000000000000000 +0
IRP_MJ_SCSI . . . : FFFFF80038E69510 \??\C:\WINDOWS\system32\drivers\hmpalert.sys+169232
Solution
DriverObject . . . : FFFFDA8EC1EBDCC0
DriverName . . . . : \Driver\amd_sata
DriverPath . . . . : \SystemRoot\System32\drivers\amd_sata.sys
StartIo . . . . . : 0000000000000000 +0
IRP_MJ_SCSI . . . : FFFFF80DC09A7280 \SystemRoot\System32\drivers\storport.sys+29312

Malware _____________________________________________________________________

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe -> Quarantined
Size . . . . . . . : 68 677 bytes
Age . . . . . . . : 6.0 days (2018-05-30 14:15:54)
Entropy . . . . . : 5.9
SHA-256 . . . . . : 637E97D0FAED8FDB227541793EAB89002683EE0BBC476D92305804D4293157BE
Product . . . . . : sams
Description . . . : sams Installer
Version . . . . . : 4.2.1.190
Copyright
LanguageID . . . . : 1033
> Bitdefender . . . : Gen:Variant.Strictor.164104
Fuzzy . . . . . . : 95.0
Startup
HKLM\SOFTWARE\Clients\StartMenuInternet\Google Chrome\shell\open\command\
HKLM\SOFTWARE\Wow6432Node\Clients\StartMenuInternet\Google Chrome\shell\open\command\
References
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
C:\Users\jean-\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
C:\Users\jean-\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\WarThunder.lnk
C:\Users\jean-\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\WorldofWarships.lnk
C:\Users\jean-\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WarThunder\WarThunder.lnk
C:\Users\jean-\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WorldOfWarships\WorldofWarships.lnk
C:\Users\jean-\Desktop\LFS Hyper Suite 24\Google Chrome.lnk
C:\Users\jean-\Desktop\WarThunder.lnk
C:\Users\jean-\Desktop\WorldofWarships.lnk
Forensic Cluster
-4.0s C:\AdsFix\Quarantine\C\Users\jean-\AppData\Local\Briquette.exe.AdsFix
-2.0s C:\AdsFix\Quarantine\C\Users\jean-\AppData\Local\Recommended.exe.AdsFix
0.0s C:\Program Files (x86)\Mozilla Firefox\firefox.exe
0.0s C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe -> Quarantined
Size . . . . . . . : 68 687 bytes
Age . . . . . . . : 6.0 days (2018-05-30 14:15:54)
Entropy . . . . . : 6.0
SHA-256 . . . . . : 4C83CDE3668FD09E751EDF7B20474F6F706DEE7393FB0BBC2C4DA823CFACC94D
Product . . . . . : Laboratory
Description . . . : Laboratory Installer
Version . . . . . : 2.9.2.140
Copyright
LanguageID . . . . : 1033
> Bitdefender . . . : Gen:Variant.Strictor.164105
Fuzzy . . . . . . : 95.0
Startup
HKLM\SOFTWARE\Clients\StartMenuInternet\Firefox-E7CF176E110C211B\shell\open\command\
HKLM\SOFTWARE\Wow6432Node\Clients\StartMenuInternet\Firefox-E7CF176E110C211B\shell\open\command\
References
C:\Users\jean-\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
C:\Users\jean-\Desktop\Mozilla Firefox.lnk
Forensic Cluster
-4.0s C:\AdsFix\Quarantine\C\Users\jean-\AppData\Local\Briquette.exe.AdsFix
-2.0s C:\AdsFix\Quarantine\C\Users\jean-\AppData\Local\Recommended.exe.AdsFix
0.0s C:\Program Files (x86)\Mozilla Firefox\firefox.exe
0.0s C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Users\jean-\AppData\Roaming\ZHP\Quarantine\ZHPCleaner\recuva_1095700803.exe -> Deleted
Size . . . . . . . : 1 739 200 bytes
Age . . . . . . . : 7.3 days (2018-05-29 08:49:12)
Entropy . . . . . : 8.0
SHA-256 . . . . . : EE9BA66414D6B030CBC0D9A44D0C0D9C798C94BAD4785131C612C079C427B751
Product . . . . . : Installation Wizard
Publisher . . . . : SecuredDownload
Description . . . : Installation Wizard
Version . . . . . : 1.0.13.24053
RSA Key Size . . . : 2048
LanguageID . . . . : 0
Authenticode . . . : Valid
> Kaspersky . . . . : not-a-virus:AdWare.Win32.DealPly.djfmv
> HitmanPro . . . . : App/Generic-GG
Fuzzy . . . . . . : 102.0

C:\Users\jean-\Desktop\LFS Hyper Suite 24\BitTorrent_Portable_7.x.x.x_Multilingual_Online.exe -> Deleted
Size . . . . . . . : 893 027 bytes
Age . . . . . . . : 40.2 days (2018-04-26 11:11:37)
Entropy . . . . . : 8.0
SHA-256 . . . . . : DEF398E3B3AF349D1DFBC2EC80570E78A200932DB79AB42830C27EBBADF4B5BE
Product . . . . . : BitTorrent Portable
Publisher . . . . : PortableAppZ.blogspot.com
Description . . . : BitTorrent Portable
Version . . . . . : 0.0.0.0
LanguageID . . . . : 0
> Bitdefender . . . : Trojan.Generic.17085306
> HitmanPro . . . . : App/Patcher-I
Fuzzy . . . . . . : 111.0

C:\Users\jean-\Desktop\LFS Hyper Suite 24\uTorrent_Portable_3.x.x.x_Multilingual_Online.exe -> Deleted
Size . . . . . . . : 893 095 bytes
Age . . . . . . . : 40.2 days (2018-04-26 11:12:51)
Entropy . . . . . : 7.9
SHA-256 . . . . . : 6738848625F51DD7DA47FCFDC7799E1B815FA54DBB4E1EC1B76BD926F38986BB
Product . . . . . : uTorrent Portable
Publisher . . . . : PortableAppZ.blogspot.com
Description . . . : uTorrent Portable
Version . . . . . : 0.0.0.0
LanguageID . . . . : 0
> Bitdefender . . . : Trojan.Generic.16403492
> HitmanPro . . . . : App/Patcher-I
Fuzzy . . . . . . : 111.0

C:\Users\jean-\Desktop\PCOptimizerProInstaller.exe -> Deleted
Size . . . . . . . : 5 624 672 bytes
Age . . . . . . . : 6.3 days (2018-05-30 08:30:30)
Entropy . . . . . : 8.0
SHA-256 . . . . . : C23413E43ADE43BF2D0CBBFA31F88CAA9C4A7892054413D98EA8CFE36D189CD9
Product . . . . . : PC Optimizer Pro
Publisher . . . . : Xportsoft.com
Description . . . : PC Optimizer Pro
Version . . . . . : 8.1.1.3
RSA Key Size . . . : 2048
LanguageID . . . . : 0
Authenticode . . . : Valid
> Bitdefender . . . : Adware.Generic.1965460
> HitmanPro . . . . : App/Generic-PG
Fuzzy . . . . . . : 98.0

C:\Users\jean-\Downloads\CDS_trial_setup_4064415690.exe -> Deleted
Size . . . . . . . : 1 882 296 bytes
Age . . . . . . . : 1.3 days (2018-06-04 08:41:26)
Entropy . . . . . : 8.0
SHA-256 . . . . . : 664D62CBCBC0C48A99A55D45B2E3E079118B0DD020E2E03DCC6591519A5E6FB5
Product . . . . . : Tokulo
Publisher . . . . :
Description . . . : Tokulo Setup
Version
RSA Key Size . . . : 2048
LanguageID . . . . : 0
Authenticode . . . : Valid
> Kaspersky . . . . : not-a-virus:AdWare.Win32.DealPly.dhtxh
> HitmanPro . . . . : App/Generic-MF
Fuzzy . . . . . . : 106.0

C:\Users\jean-\Downloads\PCI-Z_(PortableApps)_0503694906.exe -> Quarantined
Size . . . . . . . : 2 052 960 bytes
Age . . . . . . . : 1.0 days (2018-06-04 16:08:45)
Entropy . . . . . : 7.9
SHA-256 . . . . . : A9C75E9EBFAFCF969F471194C2ADA6DF8FFCD52E754F1A75038D2C5CBF04222D
Product . . . . . : Cokuce
Publisher . . . . :
Description . . . : Cokuce Setup
Version
RSA Key Size . . . : 2048
LanguageID . . . . : 0
Authenticode . . . : Valid
> Kaspersky . . . . : not-a-virus:AdWare.Win32.DealPly.djxbe
Fuzzy . . . . . . : 106.0

C:\Users\jean-\Downloads\PCI-Z_0251335495.exe -> Quarantined
Size . . . . . . . : 2 052 960 bytes
Age . . . . . . . : 1.0 days (2018-06-04 16:02:58)
Entropy . . . . . : 7.9
SHA-256 . . . . . : A9C75E9EBFAFCF969F471194C2ADA6DF8FFCD52E754F1A75038D2C5CBF04222D
Product . . . . . : Cokuce
Publisher . . . . :
Description . . . : Cokuce Setup
Version
RSA Key Size . . . : 2048
LanguageID . . . . : 0
Authenticode . . . : Valid
> Kaspersky . . . . : not-a-virus:AdWare.Win32.DealPly.djxbe
Fuzzy . . . . . . : 106.0

C:\WINDOWS\unyielding.exe -> Quarantined
Size . . . . . . . : 100 864 bytes
Age . . . . . . . : 5.8 days (2018-05-30 19:00:17)
Entropy . . . . . : 5.0
SHA-256 . . . . . : 46E6D3815ABF773BB70E448C621840BB60126E3874C2F58169B4DC88CDF71FC0
> Bitdefender . . . : Trojan.GenericKD.30903984
Fuzzy . . . . . . : 110.0

Suspicious files ____________________________________________________________

C:\Users\jean-\Desktop\LFS Hyper & UEFM Suite 24\Portableapps suite LFS Hyper\PortableApps\FileZillaPortable\App\filezilla\fzputtygen.exe
Size . . . . . . . : 249 000 bytes
Age . . . . . . . : 5.9 days (2018-05-30 17:27:24)
Entropy . . . . . : 6.6
SHA-256 . . . . . : 08EC3F7671847230C53E90036B95370FE12872642E05969FB19E97E6E7E223AD
Product . . . . . : FileZilla
Publisher . . . . : FileZilla Project
Description . . . : SFTP module for FileZilla based on PuTTY's psftp component
Version . . . . . : Unidentified
RSA Key Size . . . : 2048
LanguageID . . . . : 2057
Authenticode . . . : Invalid
Fuzzy . . . . . . : 25.0
Program is altered or corrupted since it was code signed by its author. This is typical for malware and pirated software.
Version control is missing. This file is probably created by an individual. This is not typical for most programs.
Time indicates that the file appeared recently on this computer.

C:\Users\jean-\Desktop\LFS Hyper & UEFM Suite 24\Portableapps suite LFS Hyper\PortableApps\FileZillaPortable\App\filezilla\fzsftp.exe
Size . . . . . . . : 537 256 bytes
Age . . . . . . . : 5.9 days (2018-05-30 17:27:24)
Entropy . . . . . : 6.4
SHA-256 . . . . . : D4E13084414FF435C5AE8346B142DD6D2C337C4050B65DE08947A09F6C506B2E
Product . . . . . : FileZilla
Publisher . . . . : FileZilla Project
Description . . . : SFTP module for FileZilla based on PuTTY's psftp component
Version . . . . . : Unidentified
RSA Key Size . . . : 2048
LanguageID . . . . : 2057
Authenticode . . . : Invalid
Fuzzy . . . . . . : 25.0
Program is altered or corrupted since it was code signed by its author. This is typical for malware and pirated software.
Version control is missing. This file is probably created by an individual. This is not typical for most programs.
Time indicates that the file appeared recently on this computer.

C:\Users\jean-\Desktop\LFS Hyper Suite 24\FRST-OlderVersion\FRST64.exe
Size . . . . . . . : 2 404 864 bytes
Age . . . . . . . : 43.0 days (2018-04-23 14:37:28)
Entropy . . . . . : 7.6
SHA-256 . . . . . : 356BE7ED6506E6529A32D61114476CC59DCE7C58C3164714E847723B7D8534A0
Needs elevation . : Yes
Fuzzy . . . . . . : 22.0
Program has no publisher information but prompts the user for permission elevation.
Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
Authors name is missing in version info. This is not common to most programs.
Version control is missing. This file is probably created by an individual. This is not typical for most programs.

C:\Users\jean-\Desktop\LFS Hyper Suite 24\MKV, Liberkey LFS Hyper Edition & Bitdefender USB Immunizer\Apps\Freac\App\Freac\libiomp5md.dll
Size . . . . . . . : 768 928 bytes
Age . . . . . . . : 81.0 days (2018-03-16 15:02:52)
Entropy . . . . . : 6.7
SHA-256 . . . . . : 222B900540DF761C0DD6487811FACE5413A4FFCE77C196D7707E85AA72B4B148
Product . . . . . : Intel(R) OMP Runtime Library
Publisher . . . . : Intel Corporation
Description . . . : Intel(R) OMP Runtime Library
Version . . . . . : 20110823
Copyright . . . . : Copyright (C) 1997-2011, Intel Corporation. All rights reserved.
RSA Key Size . . . : 1024
LanguageID . . . . : 1033
Authenticode . . . : Invalid
Fuzzy . . . . . . : 23.0
Program is altered or corrupted since it was code signed by its author. This is typical for malware and pirated software.
Version control is missing. This file is probably created by an individual. This is not typical for most programs.

C:\Users\jean-\Desktop\LFS Hyper Suite 24\movavi screen capture studio portable\Movavi.Screen.Capture.Studio.9.2.1.Portable\Data\local\modified\@APPDATA@\Movavi Screen Capture Studio 9\Application.dll
Size . . . . . . . : 3 419 656 bytes
Age . . . . . . . : 81.0 days (2018-03-16 14:59:53)
Entropy . . . . . : 7.7
SHA-256 . . . . . : 19FEEBC13EFE94B2F110A0A78B3FEDB98107C2CC2F765EAD8787054009D60A35
RSA Key Size . . . : 2048
Authenticode . . . : Invalid
Fuzzy . . . . . . : 34.0
Program is altered or corrupted since it was code signed by its author. This is typical for malware and pirated software.
Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
Authors name is missing in version info. This is not common to most programs.
Version control is missing. This file is probably created by an individual. This is not typical for most programs.

C:\Users\jean-\Desktop\LFS Hyper Suite 24\Portableapps suite LFS Hyper\FileZillaPortable\App\filezilla\fzputtygen.exe
Size . . . . . . . : 249 000 bytes
Age . . . . . . . : 80.8 days (2018-03-16 18:55:12)
Entropy . . . . . : 6.6
SHA-256 . . . . . : 08EC3F7671847230C53E90036B95370FE12872642E05969FB19E97E6E7E223AD
Product . . . . . : FileZilla
Publisher . . . . : FileZilla Project
Description . . . : SFTP module for FileZilla based on PuTTY's psftp component
Version . . . . . : Unidentified
RSA Key Size . . . : 2048
LanguageID . . . . : 2057
Authenticode . . . : Invalid
Fuzzy . . . . . . : 23.0
Program is altered or corrupted since it was code signed by its author. This is typical for malware and pirated software.
Version control is missing. This file is probably created by an individual. This is not typical for most programs.

C:\Users\jean-\Desktop\LFS Hyper Suite 24\Portableapps suite LFS Hyper\FileZillaPortable\App\filezilla\fzsftp.exe
Size . . . . . . . : 537 256 bytes
Age . . . . . . . : 80.8 days (2018-03-16 18:55:12)
Entropy . . . . . : 6.4
SHA-256 . . . . . : D4E13084414FF435C5AE8346B142DD6D2C337C4050B65DE08947A09F6C506B2E
Product . . . . . : FileZilla
Publisher . . . . : FileZilla Project
Description . . . : SFTP module for FileZilla based on PuTTY's psftp component
Version . . . . . : Unidentified
RSA Key Size . . . : 2048
LanguageID . . . . : 2057
Authenticode . . . : Invalid
Fuzzy . . . . . . : 23.0
Program is altered or corrupted since it was code signed by its author. This is typical for malware and pirated software.
Version control is missing. This file is probably created by an individual. This is not typical for most programs.

C:\Users\jean-\Desktop\LFS Hyper Suite 24\Portableapps suite LFS Hyper\NeroPortable\App\Nero\AdvrCntr6\AdvrCntr6.dll
Size . . . . . . . : 9 584 504 bytes
Age . . . . . . . : 80.8 days (2018-03-16 18:53:05)
Entropy . . . . . : 7.0
SHA-256 . . . . . : AF24A183B9ACA4FFE009104451E4B8D32F19BBBFC4885DDDF9DFBC636F9EE87F
Product . . . . . : AdvrCntr Module
Publisher . . . . : Nero AG
Description . . . : AdvrCntr Module
Version . . . . . : 11.6.0.24
Copyright . . . . : Copyright 2016 Nero AG and its licensors
RSA Key Size . . . : 2048
LanguageID . . . . : 0
Authenticode . . . : Invalid
Fuzzy . . . . . . : 22.0
Program is altered or corrupted since it was code signed by its author. This is typical for malware and pirated software.
Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.

C:\Users\jean-\Desktop\LFS Hyper Suite 24\Portableapps suite LFS Hyper\PortableApps\FileZillaPortable\App\filezilla\fzputtygen.exe
Size . . . . . . . : 249 000 bytes
Age . . . . . . . : 81.0 days (2018-03-16 14:52:41)
Entropy . . . . . : 6.6
SHA-256 . . . . . : 08EC3F7671847230C53E90036B95370FE12872642E05969FB19E97E6E7E223AD
Product . . . . . : FileZilla
Publisher . . . . : FileZilla Project
Description . . . : SFTP module for FileZilla based on PuTTY's psftp component
Version . . . . . : Unidentified
RSA Key Size . . . : 2048
LanguageID . . . . : 2057
Authenticode . . . : Invalid
Fuzzy . . . . . . : 23.0
Program is altered or corrupted since it was code signed by its author. This is typical for malware and pirated software.
Version control is missing. This file is probably created by an individual. This is not typical for most programs.

C:\Users\jean-\Desktop\LFS Hyper Suite 24\Portableapps suite LFS Hyper\PortableApps\FileZillaPortable\App\filezilla\fzsftp.exe
Size . . . . . . . : 537 256 bytes
Age . . . . . . . : 81.0 days (2018-03-16 14:52:41)
Entropy . . . . . : 6.4
SHA-256 . . . . . : D4E13084414FF435C5AE8346B142DD6D2C337C4050B65DE08947A09F6C506B2E
Product . . . . . : FileZilla
Publisher . . . . : FileZilla Project
Description . . . : SFTP module for FileZilla based on PuTTY's psftp component
Version . . . . . : Unidentified
RSA Key Size . . . : 2048
LanguageID . . . . : 2057
Authenticode . . . : Invalid
Fuzzy . . . . . . : 23.0
Program is altered or corrupted since it was code signed by its author. This is typical for malware and pirated software.
Version control is missing. This file is probably created by an individual. This is not typical for most programs.

C:\Users\jean-\Desktop\LFS Hyper Suite 24\Portableapps suite LFS Hyper\PortableApps\NeroPortable\App\Nero\AdvrCntr6\AdvrCntr6.dll
Size . . . . . . . : 9 584 504 bytes
Age . . . . . . . : 81.0 days (2018-03-16 14:56:19)
Entropy . . . . . : 7.0
SHA-256 . . . . . : AF24A183B9ACA4FFE009104451E4B8D32F19BBBFC4885DDDF9DFBC636F9EE87F
Product . . . . . : AdvrCntr Module
Publisher . . . . : Nero AG
Description . . . : AdvrCntr Module
Version . . . . . : 11.6.0.24
Copyright . . . . : Copyright 2016 Nero AG and its licensors
RSA Key Size . . . : 2048
LanguageID . . . . : 0
Authenticode . . . : Invalid
Fuzzy . . . . . . : 22.0
Program is altered or corrupted since it was code signed by its author. This is typical for malware and pirated software.
Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.

C:\Users\jean-\Desktop\LFS Hyper Suite 24\Total.Uninstall.Professional.6.21.0.480.Portable\Total.Uninstall.Professional.6.21.0.480.Portable\App\TU64\Tu.exe
Size . . . . . . . : 7 697 576 bytes
Age . . . . . . . : 73.8 days (2018-03-23 20:14:33)
Entropy . . . . . : 7.9
SHA-256 . . . . . : 44BA84D6193B2B15C18146AF05DA336049E883F413DF313FC2B7570D77F3353D
Product . . . . . : Total Uninstall
Publisher . . . . : Gavrila Martau
Description . . . : Total Uninstall - Installation monitor, uninstaller and cleaner
Version . . . . . : 6.21.0.480
Copyright . . . . : Copyright Gavrila Martau 2001 - 2017
RSA Key Size . . . : 2048
LanguageID . . . . : 1033
Authenticode . . . : Invalid
Fuzzy . . . . . . : 23.0
Program is altered or corrupted since it was code signed by its author. This is typical for malware and pirated software.
Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.

C:\Users\jean-\Desktop\LFS Hyper Suite 24\Total.Uninstall.Professional.6.21.0.480.Portable\Total.Uninstall.Professional.6.21.0.480.Portable\App\TU\Tu.exe
Size . . . . . . . : 6 703 272 bytes
Age . . . . . . . : 73.8 days (2018-03-23 20:14:25)
Entropy . . . . . : 8.0
SHA-256 . . . . . : 369018F9A36132D7F35DA283FCBBDC1E642E56EF3B47B672FD1F20DBC9BBEBED
Product . . . . . : Total Uninstall
Publisher . . . . : Gavrila Martau
Description . . . : Total Uninstall - Installation monitor, uninstaller and cleaner
Version . . . . . : 6.21.0.480
Copyright . . . . : Copyright Gavrila Martau 2001 - 2017
RSA Key Size . . . : 2048
LanguageID . . . . : 1033
Authenticode . . . : Invalid
Fuzzy . . . . . . : 23.0
Program is altered or corrupted since it was code signed by its author. This is typical for malware and pirated software.
Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.

Potential Unwanted Programs _________________________________________________

C:\Users\jean-\AppData\Local\WebBar\ (WebBar) -> Deleted
C:\Users\jean-\AppData\Local\WebBar\wb.app.settings (WebBar) -> Deleted
C:\Users\jean-\AppData\Local\WebBar\wb.log (WebBar) -> Deleted
C:\Users\jean-\AppData\Local\WebBar\wb.user.history (WebBar) -> Deleted
C:\Users\jean-\AppData\Local\WebBar\wb.user.settings (WebBar) -> Deleted
C:\Users\jean-\AppData\Roaming\ZHP\Quarantine\ZHPCleaner\Setup_WinThruster_2018.exe (App/Generic-HP) -> Deleted
Size . . . . . . . : 23 086 408 bytes
Age . . . . . . . : 1.2 days (2018-06-04 10:27:32)
Entropy . . . . . : 7.9
SHA-256 . . . . . : B96178DBDB8A4A592DFEA9EFCDA06CFBAF3F0D2C9BB19B4C2DF920A0F7EBE527
Product . . . . . : WinThruster
Publisher . . . . : Solvusoft Corporation
Description . . . : WinThruster Installation Package
Version . . . . . : 1.31.0.0
RSA Key Size . . . : 2048
LanguageID . . . . : 0
Authenticode . . . : Valid
Fuzzy . . . . . . : -2.0

C:\Users\jean-\Desktop\LFS Hyper Suite 24\Portableapps suite LFS Hyper\IObitUnlockerPortable\App\IObitUnlocker\IObitUnlocker.sys (App/IObitUnlo-A) -> PendingDelete
Size . . . . . . . : 66 824 bytes
Age . . . . . . . : 80.1 days (2018-03-17 13:26:42)
Entropy . . . . . : 6.5
SHA-256 . . . . . : C79A2BB050AF6436B10B58EF04DBC7082DF1513CEC5934432004EB56FBA05E66
Product . . . . . : IObitUnlocker
Publisher . . . . : IObit
Description . . . : IObitUnlocker Driver
Version . . . . . : 1.2.0.1
Copyright . . . . : IObit Copyright © 2005-2013
RSA Key Size . . . : 2048
LanguageID . . . . : 1033
Authenticode . . . : Valid
Fuzzy . . . . . . : -7.0

C:\Users\jean-\Desktop\LFS Hyper Suite 24\Portableapps suite LFS Hyper\IObitUnlockerPortable\App\IObitUnlocker\SysModern64\IObitUnlocker.sys (App/IObitUnlo-A) -> PendingDelete
Size . . . . . . . : 66 824 bytes
Age . . . . . . . : 80.8 days (2018-03-16 18:53:16)
Entropy . . . . . : 6.5
SHA-256 . . . . . : C79A2BB050AF6436B10B58EF04DBC7082DF1513CEC5934432004EB56FBA05E66
Product . . . . . : IObitUnlocker
Publisher . . . . : IObit
Description . . . : IObitUnlocker Driver
Version . . . . . : 1.2.0.1
Copyright . . . . : IObit Copyright © 2005-2013
RSA Key Size . . . : 2048
LanguageID . . . . : 1033
Authenticode . . . : Valid
Fuzzy . . . . . . : -7.0

C:\Users\jean-\Desktop\LFS Hyper Suite 24\Portableapps suite LFS Hyper\PortableApps\IObitUnlockerPortable\App\IObitUnlocker\IObitUnlocker.sys (App/IObitUnlo-A) -> PendingDelete
Size . . . . . . . : 66 824 bytes
Age . . . . . . . : 81.0 days (2018-03-16 14:55:58)
Entropy . . . . . : 6.5
SHA-256 . . . . . : C79A2BB050AF6436B10B58EF04DBC7082DF1513CEC5934432004EB56FBA05E66
Product . . . . . : IObitUnlocker
Publisher . . . . : IObit
Description . . . : IObitUnlocker Driver
Version . . . . . : 1.2.0.1
Copyright . . . . : IObit Copyright © 2005-2013
RSA Key Size . . . : 2048
LanguageID . . . . : 1033
Authenticode . . . : Valid
Fuzzy . . . . . . : -7.0

C:\Users\jean-\Desktop\LFS Hyper Suite 24\Portableapps suite LFS Hyper\PortableApps\IObitUnlockerPortable\App\IObitUnlocker\SysModern64\IObitUnlocker.sys (App/IObitUnlo-A) -> PendingDelete
Size . . . . . . . : 66 824 bytes
Age . . . . . . . : 81.0 days (2018-03-16 14:55:58)
Entropy . . . . . : 6.5
SHA-256 . . . . . : C79A2BB050AF6436B10B58EF04DBC7082DF1513CEC5934432004EB56FBA05E66
Product . . . . . : IObitUnlocker
Publisher . . . . : IObit
Description . . . : IObitUnlocker Driver
Version . . . . . : 1.2.0.1
Copyright . . . . : IObit Copyright © 2005-2013
RSA Key Size . . . : 2048
LanguageID . . . . : 1033
Authenticode . . . : Valid
Fuzzy . . . . . . : -7.0

C:\Users\jean-\Desktop\LFS Hyper Suite 24\usbfix_10.020_3299547253.exe (App/QPDwnld-A) -> Deleted
Size . . . . . . . : 1 756 585 bytes
Age . . . . . . . : 41.1 days (2018-04-25 13:20:19)
Entropy . . . . . : 8.0
SHA-256 . . . . . : 2272ABE6F3ADFBC2C0555A247F1305591EEB53B7E4194CC202F72F434B760EBB
Product . . . . . : Nekikaha
Publisher . . . . :
Description . . . : Nekikaha Setup
Version
LanguageID . . . . : 0
Fuzzy . . . . . . : 11.0

C:\Users\jean-\Desktop\LFS Hyper Suite 24\WiNToBootic_2.2.1_0611719530.exe (App/QPDwnld-A) -> Deleted
Size . . . . . . . : 1 756 585 bytes
Age . . . . . . . : 40.3 days (2018-04-26 07:14:58)
Entropy . . . . . : 8.0
SHA-256 . . . . . : 2272ABE6F3ADFBC2C0555A247F1305591EEB53B7E4194CC202F72F434B760EBB
Product . . . . . : Nekikaha
Publisher . . . . :
Description . . . : Nekikaha Setup
Version
LanguageID . . . . : 0
Fuzzy . . . . . . : 11.0

C:\Users\jean-\Downloads\acpsetup.exe (App/Generic-KI) -> Deleted
Size . . . . . . . : 4 458 112 bytes
Age . . . . . . . : 3.7 days (2018-06-01 22:10:32)
Entropy . . . . . : 8.0
SHA-256 . . . . . : B471105C9164FF8B9C0147178A0BB91DF645A2B739179C6FC81712C34A95A9AC
Product . . . . . : Auto~Cleanup Pro~2018
Publisher . . . . :
Description . . . : Auto~Cleanup Pro~2018 Setup
Version . . . . . : 1.0.7.9
RSA Key Size . . . : 2048
LanguageID . . . . : 0
Authenticode . . . : Valid
Fuzzy . . . . . . : -2.0

C:\Windows\System32\Tasks\ByteFence (ByteFence) -> Deleted
HKLM\SOFTWARE\ByteFence\ (ByteFence) -> Deleted
HKLM\SOFTWARE\Classes\*\shell\ByteFence File Scan\ (ByteFence) -> Deleted
HKLM\SOFTWARE\Classes\Directory\shell\ByteFence Folder Scan\ (ByteFence) -> Deleted
HKLM\SOFTWARE\Microsoft\Tracing\ByteFence_RASAPI32\ (ByteFence) -> Deleted
HKLM\SOFTWARE\Microsoft\Tracing\ByteFence_RASMANCS\ (ByteFence) -> Deleted
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ByteFence\ (ByteFence) -> Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{0BCE8B0A-1E76-44E5-9909-3CF804D92E4D}_is1\ (WebBar) -> Deleted
HKLM\SOFTWARE\WOW6432Node\ByteFence\ (ByteFence) -> Deleted
HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\ByteFence\ (ByteFence) -> Deleted

[/code]

Signaler le contenu de ce document