Hola VPN tarafından ele geçirilmek

HitmanPro 3.8.0.295
www.hitmanpro.com

Computer name . . . . : DESKTOP-D08FQ6T
Windows . . . . . . . : 10.0.0.17134.X64/12
User name . . . . . . : DESKTOP-D08FQ6T\nagisa
UAC . . . . . . . . . : Enabled
License . . . . . . . : Free

Scan date . . . . . . : 2019-01-20 13:25:22
Scan mode . . . . . . : EWS
Scan duration . . . . : 1m 58s
Disk access mode . . : Direct disk access (SRB)
Cloud . . . . . . . . : Internet
Reboot . . . . . . . : No

Threats . . . . . . . : 0
Traces . . . . . . . : 32

Objects scanned . . . : 1.339.289
Files scanned . . . . : 19.936
Remnants scanned . . : 249.681 files / 1.069.672 keys

Suspicious files ____________________________________________________________

C:\Windows\SoftwareDistribution\Download\10bfd9b7a896145fd5f9cf17f3073a9b\Package_for_RollupFix~~amd64~~17134.523.1.3\amd64_microsoft-windows-m..ent-platforminterop_31bf3856ad364e35_10.0.17134.471_none_fe289ebc5f869b73\Windows.Internal.Management.SecureAssessment.dll
Size . . . . . . . : 140.800 bytes
Age . . . . . . . : 1.7 days (2019-01-18 20:06:56)
Entropy . . . . . : 6.1
SHA-256 . . . . . : 8EE652670D3D8B61124E14E20BBF418CF7B65BD8C5F97B120A642CED460A4132
Product . . . . . : Microsoft® Windows® Operating System
Publisher . . . . : Microsoft Corporation
Description . . . : Windows Internal Runtime Secure Assessment DLL
Version . . . . . : 10.0.17134.471
Copyright . . . . : © Microsoft Corporation. All rights reserved.
LanguageID . . . . : 1033
Fuzzy . . . . . . : 22.0
The file is completely hidden from view and most antivirus products. It may belong to a rootkit.
Time indicates that the file appeared recently on this computer.


Early Warning Scoring _______________________________________________________

C:\Windows\system32\dhcpcore.dll
Size . . . . . . . : 352.768 bytes
Age . . . . . . . : 1.7 days (2019-01-18 20:06:57)
Entropy . . . . . : 6.0
SHA-256 . . . . . : 2818201E54CE78114035626EB7F5CDCD594ACC4F7C3209D24724EDF639C3D40E
Product . . . . . : Microsoft® Windows® Operating System
Publisher . . . . : Microsoft Corporation
Description . . . : DHCP Client Service
Version . . . . . : 10.0.17134.523
Copyright . . . . : © Microsoft Corporation. All rights reserved.
Service . . . . . : Dhcp
LanguageID . . . . : 1033
Fuzzy . . . . . . : 11.0
Starts automatically as a service during system bootup.
Program starts automatically without user intervention.
Time indicates that the file appeared recently on this computer.
The file is in use by one or more active processes.
The file is located in a folder that contains core operating system files from Windows. This is not typical for most programs and is only common to system tools, drivers and hacking utilities.
The file is protected by Windows File Protection (WFP). This is typical for critical Windows system files.
Startup
HKLM\SYSTEM\CurrentControlSet\Services\Dhcp\

C:\Windows\system32\drivers\0962409C.sys
Size . . . . . . . : 478.392 bytes
Age . . . . . . . : 0.0 days (2019-01-20 13:17:35)
Entropy . . . . . : 6.1
SHA-256 . . . . . : 4D853D78E459F7BFE4F4217FCAD47CDACFAC19C2F6CF8261FBAA46BDB387FFDC
Product . . . . . : Kaspersky Anti-Virus
Publisher . . . . : Kaspersky Lab ZAO
Description . . . : Kaspersky Unified Driver
Version . . . . . : 6.8.0.54
Copyright . . . . : © 2015 Kaspersky Lab ZAO. All Rights Reserved.
RSA Key Size . . . : 2048
Service . . . . . : 0962409C
LanguageID . . . . : 1033
Authenticode . . . : Valid
Fuzzy . . . . . . : 20.0
The file is completely hidden from view and most antivirus products. It may belong to a rootkit.
Program starts automatically without user intervention.
Time indicates that the file appeared recently on this computer.
The file is located in a folder that contains core operating system files from Windows. This is not typical for most programs and is only common to system tools, drivers and hacking utilities.
Starts automatically as a service during system bootup.
The file is a device driver. Device drivers run as trusted (highly privileged) code.
Program is code signed with a valid Authenticode certificate.
Startup
HKLM\SYSTEM\ControlSet001\Services\0962409C\
Forensic Cluster
-10.9s C:\Users\nagisa\AppData\Local\Mozilla\Firefox\Profiles\84xw0rw2.default-1547890176005\cache2\entries\C4E099BB093C9E57EDC4BCC83C2975EA33614995
-10.8s C:\Users\nagisa\AppData\Local\Mozilla\Firefox\Profiles\84xw0rw2.default-1547890176005\cache2\entries\D344D076F207208BC3E08DC906FAD2A4E38B38FE
-9.4s C:\Users\nagisa\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8890A77645B73478F5B1DED18ACBF795_E1EDEF0C21AE75D448F7327475DF4C9E
-9.4s C:\Users\nagisa\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8890A77645B73478F5B1DED18ACBF795_E1EDEF0C21AE75D448F7327475DF4C9E
-9.3s C:\Users\nagisa\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3781B4A3713292956206932165FA4132_20F8EB8C27960A02AC34BF73F6BF78BD
-9.3s C:\Users\nagisa\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3781B4A3713292956206932165FA4132_20F8EB8C27960A02AC34BF73F6BF78BD
-6.8s C:\Users\nagisa\AppData\Local\Temp\{BC27AB2E-2516-41EF-91E8-D012B486F865}\
-6.6s C:\KVRT_Data\
-0.4s C:\KVRT_Data\Legal notices\
-0.4s C:\KVRT_Data\Legal notices\legal_notices.txt
-0.4s C:\Windows\System32\drivers\52703161.sys
0.0s C:\Windows\System32\drivers\0962409C.sys
0.2s C:\Users\nagisa\AppData\Local\Temp\{BC27AB2E-2516-41EF-91E8-D012B486F865}\{5EBECDF8-B4FB-4111-9B3C-07FB415C1E6A}.tmp
0.2s C:\Users\nagisa\AppData\Local\Temp\{BC27AB2E-2516-41EF-91E8-D012B486F865}\msvcr100.dll
3.0s C:\KVRT_Data\Reports\

C:\Windows\system32\DRIVERS\wanarp.sys
Size . . . . . . . : 81.920 bytes
Age . . . . . . . : 1.7 days (2019-01-18 20:06:57)
Entropy . . . . . : 6.1
SHA-256 . . . . . : BB7D7A2827F0803C0D340A028666E901E41287D6AA29DAF4CFEE871FD3BE9A69
Product . . . . . : Microsoft® Windows® Operating System
Publisher . . . . : Microsoft Corporation
Description . . . : MS Remote Access and Routing ARP Driver
Version . . . . . : 10.0.17134.523
Copyright . . . . : © Microsoft Corporation. All rights reserved.
Service . . . . . : wanarpv6
LanguageID . . . . : 1033
Fuzzy . . . . . . : 7.0
Starts automatically as a service during system bootup.
Time indicates that the file appeared recently on this computer.
The file is located in a folder that contains core operating system files from Windows. This is not typical for most programs and is only common to system tools, drivers and hacking utilities.
The file is a device driver. Device drivers run as trusted (highly privileged) code.
The file is protected by Windows File Protection (WFP). This is typical for critical Windows system files.
Startup
HKLM\SYSTEM\CurrentControlSet\Services\wanarp\
HKLM\SYSTEM\CurrentControlSet\Services\wanarpv6\

C:\Windows\System32\DsSvc.dll
Size . . . . . . . : 153.088 bytes
Age . . . . . . . : 1.7 days (2019-01-18 20:06:59)
Entropy . . . . . : 5.9
SHA-256 . . . . . : E56CA6D0CA95BA93C4EDD464D75C28EA142B9B5F5A5A3187285EC41480CACF1D
Product . . . . . : Microsoft® Windows® Operating System
Publisher . . . . : Microsoft Corporation
Description . . . : Data Sharing Service NT Service DLL
Version . . . . . : 10.0.17134.523
Copyright . . . . : © Microsoft Corporation. All rights reserved.
Service . . . . . : DsSvc
LanguageID . . . . : 1033
Fuzzy . . . . . . : 7.0
Starts automatically as a service during system bootup.
Time indicates that the file appeared recently on this computer.
The file is located in a folder that contains core operating system files from Windows. This is not typical for most programs and is only common to system tools, drivers and hacking utilities.
The file is protected by Windows File Protection (WFP). This is typical for critical Windows system files.
Startup
HKLM\SYSTEM\CurrentControlSet\Services\DsSvc\

C:\Windows\System32\ieframe.dll
Size . . . . . . . : 12.710.912 bytes
Age . . . . . . . : 1.7 days (2019-01-18 20:07:08)
Entropy . . . . . : 6.3
SHA-256 . . . . . : F901BFB95E9620204419E882AFF5CEAD86C11D7069933B21FA8A20F7F233A99C
Product . . . . . : Internet Explorer
Publisher . . . . : Microsoft Corporation
Description . . . : Internet Browser
Version . . . . . : 11.00.17134.523
Copyright . . . . : © Microsoft Corporation. All rights reserved.
LanguageID . . . . : 1033
Fuzzy . . . . . . : 9.0
This file contains a Thread Local Storage (TLS) data directory. This is not common for most programs.
Program starts automatically without user intervention.
Time indicates that the file appeared recently on this computer.
The file is located in a folder that contains core operating system files from Windows. This is not typical for most programs and is only common to system tools, drivers and hacking utilities.
The file is protected by Windows File Protection (WFP). This is typical for critical Windows system files.
Startup
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\UrlSearchHooks\{CFBFAE00-17A6-11D0-99CB-00C04FD64497}
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\UrlSearchHooks\{CFBFAE00-17A6-11D0-99CB-00C04FD64497}
HKU\S-1-5-21-3378276395-177750516-1904877123-1001\SOFTWARE\Microsoft\Internet Explorer\UrlSearchHooks\{CFBFAE00-17A6-11D0-99CB-00C04FD64497}
References
HKLM\SOFTWARE\Classes\CLSID\{CFBFAE00-17A6-11D0-99CB-00C04FD64497}\

C:\Windows\system32\MusNotification.exe
Size . . . . . . . : 433.152 bytes
Age . . . . . . . : 1.7 days (2019-01-18 20:06:59)
Entropy . . . . . : 6.2
SHA-256 . . . . . : 0E2190AD30315085D07069E7EE4C4BDEA99223CBD9EE848EF80A32C9C22287F0
Product . . . . . : Microsoft® Windows® Operating System
Publisher . . . . : Microsoft Corporation
Description . . . : MusNotificationBroker
Version . . . . . : 10.0.17134.523
Copyright . . . . : © Microsoft Corporation. All rights reserved.
LanguageID . . . . : 1033
Fuzzy . . . . . . : 6.0
Program starts automatically without user intervention.
Time indicates that the file appeared recently on this computer.
The file is located in a folder that contains core operating system files from Windows. This is not typical for most programs and is only common to system tools, drivers and hacking utilities.
The file is protected by Windows File Protection (WFP). This is typical for critical Windows system files.
Startup
C:\Windows\system32\Tasks\Microsoft\Windows\UpdateOrchestrator\Reboot
C:\Windows\system32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_Broker_Display

C:\Windows\system32\rpcss.dll
Size . . . . . . . : 1.159.680 bytes
Age . . . . . . . : 1.7 days (2019-01-18 20:07:09)
Entropy . . . . . : 6.4
SHA-256 . . . . . : E9BFC4BD3BA62FE9AA8D6C366AD64A507F04C1173A9018D3981F0807939D4E69
Product . . . . . : Microsoft® Windows® Operating System
Publisher . . . . : Microsoft Corporation
Description . . . : Distributed COM Services
Version . . . . . : 10.0.17134.523
Copyright . . . . : © Microsoft Corporation. All rights reserved.
Service . . . . . : RpcSs
LanguageID . . . . : 1033
Fuzzy . . . . . . : 11.0
Starts automatically as a service during system bootup.
Program starts automatically without user intervention.
Time indicates that the file appeared recently on this computer.
The file is in use by one or more active processes.
The file is located in a folder that contains core operating system files from Windows. This is not typical for most programs and is only common to system tools, drivers and hacking utilities.
The file is protected by Windows File Protection (WFP). This is typical for critical Windows system files.
Startup
HKLM\SYSTEM\CurrentControlSet\Services\DcomLaunch\
HKLM\SYSTEM\CurrentControlSet\Services\RpcSs\

C:\Windows\system32\wlidsvc.dll
Size . . . . . . . : 2.247.680 bytes
Age . . . . . . . : 1.7 days (2019-01-18 20:07:00)
Entropy . . . . . : 6.3
SHA-256 . . . . . : C2D52623F55EDD677997D857E559F32D6237A9799F1AC13EE22E0F0EE30DE76D
Product . . . . . : Microsoft® Windows® Operating System
Publisher . . . . : Microsoft Corporation
Description . . . : Microsoft® Account Service
Version . . . . . : 10.0.17134.523
Copyright . . . . : © Microsoft Corporation. All rights reserved.
Service . . . . . : wlidsvc
LanguageID . . . . : 1033
Fuzzy . . . . . . : 10.0
This file contains a Thread Local Storage (TLS) data directory. This is not common for most programs.
Starts automatically as a service during system bootup.
Time indicates that the file appeared recently on this computer.
The file is located in a folder that contains core operating system files from Windows. This is not typical for most programs and is only common to system tools, drivers and hacking utilities.
The file is protected by Windows File Protection (WFP). This is typical for critical Windows system files.
Startup
HKLM\SYSTEM\CurrentControlSet\Services\wlidsvc\

C:\Windows\SysWOW64\ieframe.dll
Size . . . . . . . : 11.902.976 bytes
Age . . . . . . . : 1.7 days (2019-01-18 20:07:09)
Entropy . . . . . : 6.5
SHA-256 . . . . . : 4BBCE00B79D9FA20153045813B28EAE5B120C08DE237CC9E1747A9A9E1859F1B
Product . . . . . : Internet Explorer
Publisher . . . . : Microsoft Corporation
Description . . . : Internet Browser
Version . . . . . : 11.00.17134.523
Copyright . . . . : © Microsoft Corporation. All rights reserved.
LanguageID . . . . : 1033
Fuzzy . . . . . . : 9.0
This file contains a Thread Local Storage (TLS) data directory. This is not common for most programs.
Program starts automatically without user intervention.
Time indicates that the file appeared recently on this computer.
The file is located in a folder that contains core operating system files from Windows. This is not typical for most programs and is only common to system tools, drivers and hacking utilities.
The file is protected by Windows File Protection (WFP). This is typical for critical Windows system files.
Startup
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\UrlSearchHooks\{CFBFAE00-17A6-11D0-99CB-00C04FD64497}
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\UrlSearchHooks\{CFBFAE00-17A6-11D0-99CB-00C04FD64497}
HKU\S-1-5-21-3378276395-177750516-1904877123-1001\SOFTWARE\Microsoft\Internet Explorer\UrlSearchHooks\{CFBFAE00-17A6-11D0-99CB-00C04FD64497}
References
HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{CFBFAE00-17A6-11D0-99CB-00C04FD64497}\


Repairs _____________________________________________________________________

Bu bilgisayardaki vekil sunucu (Kullanıcı)
127.0.0.1:1080