HitmanPro-20180305-1136.log

Document joint : HCfkVWnpUMI_HitmanPro-20180305-1136.log

Cliquez pour partager vos propres fichiers

Format du document : application/octet-stream

Prévisualisation

[code]
HitmanPro 3.8.0.292
www.hitmanpro.com

Computer name . . . . : MGSS-PC
Windows . . . . . . . : 6.1.1.7601.X86/2
User name . . . . . . : mgss-PC\mgss
UAC . . . . . . . . . : Enabled
License . . . . . . . : Trial (30 days left)

Scan date . . . . . . : 2018-03-05 11:31:32
Scan mode . . . . . . : Normal
Scan duration . . . . : 3m 0s
Disk access mode . . : Direct disk access (SRB)
Cloud . . . . . . . . : Internet
Reboot . . . . . . . : No

Threats . . . . . . . : 0
Traces . . . . . . . : 41

Objects scanned . . . : 960 212
Files scanned . . . . : 40 938
Remnants scanned . . : 202 000 files / 717 274 keys

Suspicious files ____________________________________________________________

C:\Users\mgss\AppData\Roaming\ZHP\ZHPDiag3.exe
Size . . . . . . . : 3 612 703 bytes
Age . . . . . . . : 4.9 days (2018-02-28 15:03:30)
Entropy . . . . . : 7.8
SHA-256 . . . . . : BAAE70E1A2E05170FEF7C7FD32B0D7E397C377451E09EA51886E5BBDB8657790
RSA Key Size . . . : 2048
Authenticode . . . : Invalid
Fuzzy . . . . . . : 36.0
Program is altered or corrupted since it was code signed by its author. This is typical for malware and pirated software.
Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
Authors name is missing in version info. This is not common to most programs.
Version control is missing. This file is probably created by an individual. This is not typical for most programs.
Time indicates that the file appeared recently on this computer.
References
C:\Users\mgss\Desktop\ZHPDiag.lnk
Forensic Cluster
-0.2s C:\Users\mgss\AppData\Local\ZHP\
-0.2s C:\Users\mgss\AppData\Local\ZHP\ZHPCFileNav_GG.png
-0.2s C:\Users\mgss\AppData\Local\ZHP\ZHPCFileNav_FF.png
-0.2s C:\Users\mgss\AppData\Local\ZHP\ZHPCFileNav_OP.png
-0.2s C:\Users\mgss\AppData\Local\ZHP\ZHPCFileNav_IE.png
-0.1s C:\Users\mgss\AppData\Local\ZHP\ZHPDFileCluff_FR.txt
-0.1s C:\Users\mgss\AppData\Local\ZHP\ZHPDFileCluff_EN.txt
-0.1s C:\Users\mgss\AppData\Local\ZHP\ZHPDFileIcone.ico
-0.1s C:\Users\mgss\AppData\Local\ZHP\ZHPDFileBGSocial.png
-0.1s C:\Users\mgss\AppData\Local\ZHP\ZHPCFileBroom.png
-0.1s C:\Users\mgss\AppData\Local\ZHP\ZHPCFileForum.png
-0.1s C:\Users\mgss\AppData\Local\ZHP\ZHPCFileCheck.png
-0.1s C:\Users\mgss\AppData\Local\ZHP\ZHPCFileRapport.png
-0.1s C:\Users\mgss\AppData\Local\ZHP\ZHPDFilelogo-texte.png
-0.1s C:\Users\mgss\AppData\Local\ZHP\ZHPCFileClose.png
-0.1s C:\Users\mgss\AppData\Local\ZHP\ZHPCFileDetected.png
-0.1s C:\Users\mgss\AppData\Local\ZHP\ZHPCFileExit-40.png
-0.1s C:\Users\mgss\AppData\Local\ZHP\ZHPCFileInfo.png
-0.1s C:\Users\mgss\AppData\Local\ZHP\ZHPCFilePercent.png
-0.1s C:\Users\mgss\AppData\Local\ZHP\ZHPCFileQuestion.png
-0.0s C:\Users\mgss\AppData\Local\ZHP\ZHPCFileSearch.png
-0.0s C:\Users\mgss\AppData\Local\ZHP\ZHPCFilePayPal.png
-0.0s C:\Users\mgss\AppData\Local\ZHP\ZHPCFileGP.png
-0.0s C:\Users\mgss\AppData\Local\ZHP\ZHPCFileQuar.png
-0.0s C:\Users\mgss\AppData\Local\ZHP\ZHPCFileExit-40.bmp
-0.0s C:\Users\mgss\AppData\Local\ZHP\ZHPnews.png
-0.0s C:\Users\mgss\AppData\Local\ZHP\Personnalise.jpg
0.0s C:\Users\mgss\AppData\Roaming\ZHP\ZHPDiag3.exe
0.0s C:\Users\mgss\AppData\Roaming\ZHP\
0.1s C:\Users\mgss\Desktop\ZHPDiag.lnk
2.4s C:\Users\mgss\AppData\Roaming\ZHP\TraceZHPDiag.txt
27.0s C:\Users\mgss\AppData\Roaming\ZHP\ZHPDiag.txt
27.0s C:\Users\mgss\AppData\Roaming\ZHP\Licence.txt
38.7s C:\Users\mgss\AppData\Roaming\ZHP\HOSTS.txt

C:\Users\mgss\Desktop\Nouveau dossier (42)\Nouveau dossier\Microbox Otp v3.1\Microbox Otp v3.1\Microbox Otp v3.1.exe
Size . . . . . . . : 2 275 328 bytes
Age . . . . . . . : 4.7 days (2018-02-28 18:32:37)
Entropy . . . . . : 8.0
SHA-256 . . . . . : 98D4B9FA5A64487A78E14B0DD67A6FE6155B7DB7BCDC58A1C27BAEFFBDF30680
Fuzzy . . . . . . : 22.0
Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
The .rsrc (resources) section in this program is set to executable. This is an indication of malware infection.
Program contains PE structure anomalies. This is not typical for most programs.
Authors name is missing in version info. This is not common to most programs.
Version control is missing. This file is probably created by an individual. This is not typical for most programs.
Time indicates that the file appeared recently on this computer.
Forensic Cluster
0.0s C:\Users\mgss\Desktop\Nouveau dossier (42)\Nouveau dossier\Microbox Otp v3.1\Microbox Otp v3.1\
0.0s C:\Users\mgss\Desktop\Nouveau dossier (42)\Nouveau dossier\Microbox Otp v3.1\Microbox Otp v3.1\Microbox Otp v3.1.exe
0.0s C:\Users\mgss\Desktop\Nouveau dossier (42)\Nouveau dossier\Microbox Otp v3.1\

C:\Users\mgss\Downloads\Programs\avast_free_antivirus_setup_online.exe
Size . . . . . . . : 7 176 704 bytes
Age . . . . . . . : 102.7 days (2017-11-22 17:55:20)
Entropy . . . . . : 7.9
SHA-256 . . . . . : 9A61A29CD95EC6DEE507EB200A4B4E0D0F47C581FCC01DE5920EB4DFAF418DA7
Product . . . . . : Avast Antivirus
Publisher . . . . : AVAST Software
Description . . . : Avast Antivirus Installer
Version . . . . . : 17.8.3705.0
RSA Key Size . . . : 2048
LanguageID . . . . : 0
Authenticode . . . : Invalid
Fuzzy . . . . . . : 23.0
Program is altered or corrupted since it was code signed by its author. This is typical for malware and pirated software.
Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.

C:\Users\mgss\Downloads\Programs\avast_internet_security_setup_online.exe
Size . . . . . . . : 7 176 704 bytes
Age . . . . . . . : 102.7 days (2017-11-22 17:53:33)
Entropy . . . . . : 7.9
SHA-256 . . . . . : 3616F01A0F022211BBD3F8CF219087CC41B04208CAFB7874DC790BADABF2A7FA
Product . . . . . : Avast Antivirus
Publisher . . . . : AVAST Software
Description . . . : Avast Antivirus Installer
Version . . . . . : 17.8.3705.0
RSA Key Size . . . : 2048
LanguageID . . . . : 0
Authenticode . . . : Invalid
Fuzzy . . . . . . : 23.0
Program is altered or corrupted since it was code signed by its author. This is typical for malware and pirated software.
Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.

C:\Users\mgss\Downloads\Programs\avastclear.exe
Size . . . . . . . : 8 905 728 bytes
Age . . . . . . . : 63.7 days (2017-12-31 18:27:14)
Entropy . . . . . : 7.9
SHA-256 . . . . . : BB68689E5B1DD21BDDE3FD60009C109F0E1BF9BAC94F47B1A1FFCBA6EBCB4B0A
Product . . . . . : Avast Antivirus
Publisher . . . . : AVAST Software
Description . . . : Avast Antivirus Installer
Version . . . . . : 17.9.3761.0
RSA Key Size . . . : 2048
LanguageID . . . . : 0
Authenticode . . . : Invalid
Fuzzy . . . . . . : 23.0
Program is altered or corrupted since it was code signed by its author. This is typical for malware and pirated software.
Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.

C:\Users\mgss\Downloads\Programs\rufus-usb-2-18.exe
Size . . . . . . . : 968 192 bytes
Age . . . . . . . : 76.0 days (2017-12-19 12:14:16)
Entropy . . . . . : 7.9
SHA-256 . . . . . : 758E18691052CB240EF3FD3F3034D7F2D1C9538F75173AF8B0D5C3D70F65E182
Product . . . . . : Rufus
Publisher . . . . : Akeo Consulting (http://akeo.ie)
Description . . . : Rufus
Version . . . . . : 2.18.1213
RSA Key Size . . . : 2048
LanguageID . . . . : 0
Authenticode . . . : Invalid
Fuzzy . . . . . . : 28.0
Program is altered or corrupted since it was code signed by its author. This is typical for malware and pirated software.
Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.

C:\Users\mgss\Downloads\Programs\SHAREit-KCWEB.exe
Size . . . . . . . : 6 586 880 bytes
Age . . . . . . . : 252.7 days (2017-06-25 19:16:00)
Entropy . . . . . : 8.0
SHA-256 . . . . . : 7F898ECF190DC0F5C040915DFB1660720AE52B775EED3946ECE7C38A270A48AA
Product . . . . . : SHAREit
Publisher . . . . : SHAREit Technologies Co.Ltd
Description . . . : SHAREit Setup
Version . . . . . : 4.0.5.171
RSA Key Size . . . : 2048
LanguageID . . . . : 0
Authenticode . . . : Invalid
Fuzzy . . . . . . : 23.0
Program is altered or corrupted since it was code signed by its author. This is typical for malware and pirated software.
Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.

C:\Users\mgss\Downloads\Programs\SHAREitSoftonic.exe
Size . . . . . . . : 5 181 952 bytes
Age . . . . . . . : 252.7 days (2017-06-25 18:30:48)
Entropy . . . . . : 7.9
SHA-256 . . . . . : FDAA8DD2F435C3D79D1B3D91589326CFA9E37CF41F2A8ED71450634166137DC1
Product . . . . . : SHAREit
Publisher . . . . : Lenovo
Description . . . : SHAREit Setup
Version . . . . . : 3.5.0.1144
RSA Key Size . . . : 2048
LanguageID . . . . : 0
Authenticode . . . : Invalid
Fuzzy . . . . . . : 23.0
Program is altered or corrupted since it was code signed by its author. This is typical for malware and pirated software.
Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.

C:\Users\mgss\Downloads\Programs\smadav2017rev65.exe
Size . . . . . . . : 2 007 040 bytes
Age . . . . . . . : 139.7 days (2017-10-16 17:41:17)
Entropy . . . . . : 8.0
SHA-256 . . . . . : 00E7AAFA88F2371350DFEA828097E8ACC221AA87ADD82B684D15317F5B77FC95
Product . . . . . : SMADAV
Publisher . . . . : Smadsoft
Description . . . : SMADAV Setup
Version
RSA Key Size . . . : 2048
LanguageID . . . . : 0
Authenticode . . . : Invalid
Fuzzy . . . . . . : 31.0
Program is altered or corrupted since it was code signed by its author. This is typical for malware and pirated software.
Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
Version control is missing. This file is probably created by an individual. This is not typical for most programs.

C:\Users\mgss\Downloads\Programs\smadav2017rev72.exe
Size . . . . . . . : 1 640 960 bytes
Age . . . . . . . : 64.8 days (2017-12-30 17:19:59)
Entropy . . . . . : 7.9
SHA-256 . . . . . : 45F1F498D27791BF0D7DD323B180FCAA1E83222618D1D53504149FB293729F97
Product . . . . . : SMADAV
Publisher . . . . : Smadsoft
Description . . . : SMADAV Setup
Version
RSA Key Size . . . : 2048
LanguageID . . . . : 0
Authenticode . . . : Invalid
Fuzzy . . . . . . : 31.0
Program is altered or corrupted since it was code signed by its author. This is typical for malware and pirated software.
Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
Version control is missing. This file is probably created by an individual. This is not typical for most programs.

C:\Users\mgss\Downloads\Programs\teracopy.exe
Size . . . . . . . : 4 575 744 bytes
Age . . . . . . . : 131.8 days (2017-10-24 16:43:28)
Entropy . . . . . : 8.0
SHA-256 . . . . . : DED037EFC160CCFFAE9B6D1592AC2353654183617C4C06A5CB18AC4A38977938
Product . . . . . : TeraCopy
Publisher . . . . : Code Sector
Description . . . : TeraCopy Setup
Version . . . . . : 3.2.6.0
RSA Key Size . . . : 2048
LanguageID . . . . : 0
Authenticode . . . : Invalid
Fuzzy . . . . . . : 23.0
Program is altered or corrupted since it was code signed by its author. This is typical for malware and pirated software.
Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.

Cookies _____________________________________________________________________

C:\Users\mgss\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.360yield.com
C:\Users\mgss\AppData\Local\Google\Chrome\User Data\Default\Cookies:adform.net
C:\Users\mgss\AppData\Local\Google\Chrome\User Data\Default\Cookies:adnxs.com
C:\Users\mgss\AppData\Local\Google\Chrome\User Data\Default\Cookies:adsrvr.org
C:\Users\mgss\AppData\Local\Google\Chrome\User Data\Default\Cookies:adtechus.com
C:\Users\mgss\AppData\Local\Google\Chrome\User Data\Default\Cookies:advertising.com
C:\Users\mgss\AppData\Local\Google\Chrome\User Data\Default\Cookies:agkn.com
C:\Users\mgss\AppData\Local\Google\Chrome\User Data\Default\Cookies:atemda.com
C:\Users\mgss\AppData\Local\Google\Chrome\User Data\Default\Cookies:bidswitch.net
C:\Users\mgss\AppData\Local\Google\Chrome\User Data\Default\Cookies:bluekai.com
C:\Users\mgss\AppData\Local\Google\Chrome\User Data\Default\Cookies:casalemedia.com
C:\Users\mgss\AppData\Local\Google\Chrome\User Data\Default\Cookies:contextweb.com
C:\Users\mgss\AppData\Local\Google\Chrome\User Data\Default\Cookies:crwdcntrl.net
C:\Users\mgss\AppData\Local\Google\Chrome\User Data\Default\Cookies:doubleclick.net
C:\Users\mgss\AppData\Local\Google\Chrome\User Data\Default\Cookies:effectivemeasure.net
C:\Users\mgss\AppData\Local\Google\Chrome\User Data\Default\Cookies:everesttech.net
C:\Users\mgss\AppData\Local\Google\Chrome\User Data\Default\Cookies:go.sonobi.com
C:\Users\mgss\AppData\Local\Google\Chrome\User Data\Default\Cookies:lijit.com
C:\Users\mgss\AppData\Local\Google\Chrome\User Data\Default\Cookies:mathtag.com
C:\Users\mgss\AppData\Local\Google\Chrome\User Data\Default\Cookies:openx.net
C:\Users\mgss\AppData\Local\Google\Chrome\User Data\Default\Cookies:pixel.rubiconproject.com
C:\Users\mgss\AppData\Local\Google\Chrome\User Data\Default\Cookies:pubmatic.com
C:\Users\mgss\AppData\Local\Google\Chrome\User Data\Default\Cookies:rubiconproject.com
C:\Users\mgss\AppData\Local\Google\Chrome\User Data\Default\Cookies:scorecardresearch.com
C:\Users\mgss\AppData\Local\Google\Chrome\User Data\Default\Cookies:smartadserver.com
C:\Users\mgss\AppData\Local\Google\Chrome\User Data\Default\Cookies:swid.switchads.com
C:\Users\mgss\AppData\Local\Google\Chrome\User Data\Default\Cookies:sync.go.sonobi.com
C:\Users\mgss\AppData\Local\Google\Chrome\User Data\Default\Cookies:turn.com
C:\Users\mgss\AppData\Roaming\Microsoft\Windows\Cookies\mgss@doubleclick[2].txt

[/code]

Signaler le contenu de ce document