HitmanPro 3.7.9.214
www.hitmanpro.com
Computer name . . . . : SANDRA
Windows . . . . . . . : 6.2.0.9200.X64/2
User name . . . . . . : SANDRA\Sandra
UAC . . . . . . . . . : Enabled
License . . . . . . . : Free
Scan date . . . . . . : 2014-03-27 09:34:12
Scan mode . . . . . . : EWS
Scan duration . . . . : 2m 41s
Disk access mode . . : Direct disk access (SRB)
Cloud . . . . . . . . : No connection
Reboot . . . . . . . : No
Threats . . . . . . . : 0
Traces . . . . . . . : 65
Objects scanned . . . : 1,729,307
Files scanned . . . . : 26,801
Remnants scanned . . : 554,514 files / 1,147,992 keys
Early Warning Scoring _______________________________________________________
C:\Windows\System32\ieframe.dll
Size . . . . . . . : 15,404,032 bytes
Age . . . . . . . : 14.1 days (2014-03-13 06:08:45)
Entropy . . . . . : 6.1
SHA-256 . . . . . : 68BF9BF858FC9780A8A24884906C9F41251DD5563098C149F59BF7A2A62497C5
Product . . . . . : Windows® Internet Explorer
Publisher . . . . : Microsoft Corporation
Description . . . : Internet Browser
Version . . . . . : 10.00.9200.16843
Copyright . . . . : © Microsoft Corporation. All rights reserved.
Fuzzy . . . . . . : 7.0
Program starts automatically without user intervention.
The file is in use by one or more active processes.
The file is located in a folder that contains core operating system files from Windows. This is not typical for most programs and is only common to system tools, drivers and hacking utilities.
Time indicates that the file appeared recently on this computer.
The file is protected by Windows File Protection (WFP). This is typical for critical Windows system files.
Startup
HKU\S-1-5-21-1403138046-3412616329-2675613308-1001\SOFTWARE\Microsoft\Internet Explorer\UrlSearchHooks\{CFBFAE00-17A6-11D0-99CB-00C04FD64497}
References
HKLM\SOFTWARE\Classes\CLSID\{CFBFAE00-17A6-11D0-99CB-00C04FD64497}\
C:\Windows\System32\shell32.dll
Size . . . . . . . : 19,751,936 bytes
Age . . . . . . . : 14.1 days (2014-03-13 06:08:36)
Entropy . . . . . : 6.0
SHA-256 . . . . . : F5C8E8AA5559AF4E7BA4EAF9CE2381C80A9E316808D672EF5DFAA9AB5A7FFC79
Product . . . . . : Microsoft® Windows® Operating System
Publisher . . . . : Microsoft Corporation
Description . . . : Windows Shell Common Dll
Version . . . . . : 6.2.9200.16774
Copyright . . . . : © Microsoft Corporation. All rights reserved.
Fuzzy . . . . . . : 10.0
This file contains a Thread Local Storage (TLS) data directory. This is not common for most programs.
Program starts automatically without user intervention.
The file is in use by one or more active processes.
The file is located in a folder that contains core operating system files from Windows. This is not typical for most programs and is only common to system tools, drivers and hacking utilities.
Time indicates that the file appeared recently on this computer.
The file is protected by Windows File Protection (WFP). This is typical for critical Windows system files.
Startup
HKLM\SOFTWARE\Classes\Directory\Shellex\CopyHookHandlers\FileSystem\
HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4340}\
References
HKLM\SOFTWARE\Classes\CLSID\{0DF44EAA-FF21-4412-828E-260A8728E7F1}\
HKLM\SOFTWARE\Classes\CLSID\{217FC9C0-3AEA-1069-A2DB-08002B30309D}\
HKLM\SOFTWARE\Classes\CLSID\{40419485-C444-4567-851A-2DD7BFA1684D}\
HKLM\SOFTWARE\Classes\CLSID\{62D8ED13-C9D0-4CE8-A914-47DD628FB1B0}\
HKLM\SOFTWARE\Classes\CLSID\{6C8EEC18-8D75-41B2-A177-8831D59D2D50}\
HKLM\SOFTWARE\Classes\CLSID\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF}\
HKLM\SOFTWARE\Classes\CLSID\{725BE8F7-668E-4C7B-8F90-46BDB0936430}\
HKLM\SOFTWARE\Classes\CLSID\{80F3F1D5-FECA-45F3-BC32-752C152E456E}\
HKLM\SOFTWARE\Classes\CLSID\{87D66A43-7B11-4A28-9811-C86EE395ACF7}\
HKLM\SOFTWARE\Classes\CLSID\{A0275511-0E86-4ECA-97C2-ECD8F1221D08}\
HKLM\SOFTWARE\Classes\CLSID\{A3DD4F92-658A-410F-84FD-6FBBBEF2FFFE}\
HKLM\SOFTWARE\Classes\CLSID\{D17D1D6D-CC3F-4815-8FE3-607E7D5D10B3}\
HKLM\SOFTWARE\Classes\CLSID\{E2E7934B-DCE5-43C4-9576-7FE4F75E7480}\
HKLM\SOFTWARE\Classes\CLSID\{F2DDFC82-8F12-4CDD-B7DC-D4FE1425AA4D}\
HKLM\SOFTWARE\Classes\CLSID\{F82DF8F7-8B9F-442E-A48C-818EA735FF9B}\
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ControlPanel\NameSpace\{0DF44EAA-FF21-4412-828E-260A8728E7F1}\
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ControlPanel\NameSpace\{40419485-C444-4567-851A-2DD7BFA1684D}\
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ControlPanel\NameSpace\{62D8ED13-C9D0-4CE8-A914-47DD628FB1B0}\
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ControlPanel\NameSpace\{6C8EEC18-8D75-41B2-A177-8831D59D2D50}\
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ControlPanel\NameSpace\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF}\
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ControlPanel\NameSpace\{725BE8F7-668E-4C7B-8F90-46BDB0936430}\
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ControlPanel\NameSpace\{80F3F1D5-FECA-45F3-BC32-752C152E456E}\
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ControlPanel\NameSpace\{87D66A43-7B11-4A28-9811-C86EE395ACF7}\
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ControlPanel\NameSpace\{A0275511-0E86-4ECA-97C2-ECD8F1221D08}\
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ControlPanel\NameSpace\{A3DD4F92-658A-410F-84FD-6FBBBEF2FFFE}\
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ControlPanel\NameSpace\{D17D1D6D-CC3F-4815-8FE3-607E7D5D10B3}\
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ControlPanel\NameSpace\{E2E7934B-DCE5-43C4-9576-7FE4F75E7480}\
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ControlPanel\NameSpace\{F2DDFC82-8F12-4CDD-B7DC-D4FE1425AA4D}\
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ControlPanel\NameSpace\{F82DF8F7-8B9F-442E-A48C-818EA735FF9B}\
HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{217FC9C0-3AEA-1069-A2DB-08002B30309D}\