Re: Prosím o kontrolu logu
Napsal: 11 čer 2014 11:45
Kód: Vybrat vše
HitmanPro 3.7.9.216
www.hitmanpro.com
Computer name . . . . : HPPAVILLION
Windows . . . . . . . : 6.2.0.9200.X64/4
User name . . . . . . : HPPAVILLION\Aleš
UAC . . . . . . . . . : Enabled
License . . . . . . . : Free
Scan date . . . . . . : 2014-06-11 12:34:58
Scan mode . . . . . . : Normal
Scan duration . . . . : 6m 35s
Disk access mode . . : Direct disk access (SRB)
Cloud . . . . . . . . : Internet
Reboot . . . . . . . : No
Threats . . . . . . . : 1
Traces . . . . . . . : 8
Objects scanned . . . : 2 055 334
Files scanned . . . . : 47 490
Remnants scanned . . : 469 117 files / 1 538 727 keys
Malware _____________________________________________________________________
C:\Users\Aleš\Desktop\inventář\bunny hop cfg__3515_i760848949_il5916041.exe
Size . . . . . . . : 333 312 bytes
Age . . . . . . . : 11.0 days (2014-05-31 12:55:41)
Entropy . . . . . : 6.4
SHA-256 . . . . . : 7342950A1BD2B39B3EBB1F5507EEA306CB97519CF84359682B3A467197FAE07A
Product
Publisher
Description
Version . . . . . : 1.1.5.90
Copyright
> Bitdefender . . . : Trojan.Generic.11341433
> Kaspersky . . . . : not-a-virus:HEUR:Adware.Win32.Amonetize.heur
Fuzzy . . . . . . : 104.0
Forensic Cluster
-4.8s C:\Users\Aleš\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_venturedownload.com_0.localstorage
-4.8s C:\Users\Aleš\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_venturedownload.com_0.localstorage-journal
-3.3s C:\Users\Aleš\Desktop\inventář\bunny hop cfg__3515_i760848949_il5916041.exe
Suspicious files ____________________________________________________________
C:\Users\Aleš\AppData\Local\PunkBuster\BF3\pb\pbcl.dll
Size . . . . . . . : 951 497 bytes
Age . . . . . . . : 13.0 days (2014-05-29 11:33:58)
Entropy . . . . . : 7.6
SHA-256 . . . . . : 43358BBCEC1EBE7927CA3B0A3DCA0597D5E8584F0FCBE987B8126A0C12D73A2B
Fuzzy . . . . . . : 30.0
The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
Authors name is missing in version info. This is not common to most programs.
Version control is missing. This file is probably created by an individual. This is not typical for most programs.
Time indicates that the file appeared recently on this computer.
Program contains PE structure anomalies. This is not typical for most programs.
Forensic Cluster
-0.0s C:\Program Files (x86)\Origin Games\Battlefield 3\pb\pbcl.db
-0.0s C:\Users\Aleš\AppData\Local\PunkBuster\
-0.0s C:\Users\Aleš\AppData\Local\PunkBuster\BF3\
-0.0s C:\Users\Aleš\AppData\Local\PunkBuster\BF3\pb\
-0.0s C:\Users\Aleš\AppData\Local\PunkBuster\BF3\pb\pbcl.db
0.0s C:\Users\Aleš\AppData\Local\PunkBuster\BF3\pb\pbcl.dll
0.2s C:\Users\Aleš\AppData\Local\PunkBuster\BF3\pb\pbag.dll
0.2s C:\Users\Aleš\AppData\Local\PunkBuster\BF3\pb\scrnshot\
0.2s C:\Users\Aleš\AppData\Local\PunkBuster\BF3\pb\dll\
0.2s C:\Users\Aleš\AppData\Local\PunkBuster\BF3\pb\htm\
0.4s C:\Users\Aleš\AppData\Local\PunkBuster\BF3\pb\PnkBstrB.exe
C:\Users\Aleš\AppData\Local\PunkBuster\BF3\pb\PnkBstrK.sys
Size . . . . . . . : 140 072 bytes
Age . . . . . . . : 13.0 days (2014-05-29 11:34:13)
Entropy . . . . . : 7.7
SHA-256 . . . . . : CC3F4E453FC246B64C09E81BB73741CECC897C805C13815336647E986A60301E
RSA Key Size . . . : 2048
Authenticode . . . : Valid
Fuzzy . . . . . . : 23.0
The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
Authors name is missing in version info. This is not common to most programs.
Version control is missing. This file is probably created by an individual. This is not typical for most programs.
Time indicates that the file appeared recently on this computer.
Program contains PE structure anomalies. This is not typical for most programs.
The file is a device driver. Device drivers run as trusted (highly privileged) code.
Program is code signed with a valid Authenticode certificate.
C:\Users\Aleš\AppData\Local\PunkBuster\COD4\pb\pbcl.dll
Size . . . . . . . : 967 165 bytes
Age . . . . . . . : 12.7 days (2014-05-29 19:13:12)
Entropy . . . . . : 7.6
SHA-256 . . . . . : B1B32990F47ED2E39EB18AEA0839D9521B87E9ED18C0BCA8E2C6873FBA9D6494
Fuzzy . . . . . . : 30.0
The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
Authors name is missing in version info. This is not common to most programs.
Version control is missing. This file is probably created by an individual. This is not typical for most programs.
Time indicates that the file appeared recently on this computer.
Program contains PE structure anomalies. This is not typical for most programs.
Forensic Cluster
-0.0s C:\Program Files (x86)\Steam\SteamApps\common\Call of Duty 4\PB\pbcl.db
-0.0s C:\Users\Aleš\AppData\Local\PunkBuster\COD4\
-0.0s C:\Users\Aleš\AppData\Local\PunkBuster\COD4\pb\
-0.0s C:\Users\Aleš\AppData\Local\PunkBuster\COD4\pb\pbcl.db
0.0s C:\Users\Aleš\AppData\Local\PunkBuster\COD4\pb\pbcl.dll
0.0s C:\Users\Aleš\AppData\Local\PunkBuster\COD4\pb\pbag.dll
0.0s C:\Users\Aleš\AppData\Local\PunkBuster\COD4\pb\scrnshot\
0.0s C:\Users\Aleš\AppData\Local\PunkBuster\COD4\pb\dll\
0.0s C:\Users\Aleš\AppData\Local\PunkBuster\COD4\pb\htm\
0.2s C:\Users\Aleš\AppData\Local\PunkBuster\COD4\pb\PnkBstrB.exe
3.6s C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7B8944BA8AD0EFDF0E01A43EF62BECD0_300E3B4CF5BE6AE01CD6E8C7B0100089
3.6s C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7B8944BA8AD0EFDF0E01A43EF62BECD0_300E3B4CF5BE6AE01CD6E8C7B0100089
8.3s C:\Users\Aleš\AppData\Local\PunkBuster\COD4\pb\PnkBstrK.sys
8.3s C:\Users\Aleš\AppData\Local\PunkBuster\COD4\pb\PnkBstrA.exe
C:\Users\Aleš\AppData\Local\PunkBuster\COD4\pb\PnkBstrK.sys
Size . . . . . . . : 139 832 bytes
Age . . . . . . . : 12.7 days (2014-05-29 19:13:21)
Entropy . . . . . : 7.7
SHA-256 . . . . . : 3CB5C8CB071375FDE6E9269000B78E65DB29D585B2775E66C8B9F6E47E0012D1
RSA Key Size . . . : 2048
Authenticode . . . : Valid
Fuzzy . . . . . . : 23.0
The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
Authors name is missing in version info. This is not common to most programs.
Version control is missing. This file is probably created by an individual. This is not typical for most programs.
Time indicates that the file appeared recently on this computer.
Program contains PE structure anomalies. This is not typical for most programs.
The file is a device driver. Device drivers run as trusted (highly privileged) code.
Program is code signed with a valid Authenticode certificate.
Forensic Cluster
-8.3s C:\Program Files (x86)\Steam\SteamApps\common\Call of Duty 4\PB\pbcl.db
-8.3s C:\Users\Aleš\AppData\Local\PunkBuster\COD4\
-8.3s C:\Users\Aleš\AppData\Local\PunkBuster\COD4\pb\
-8.3s C:\Users\Aleš\AppData\Local\PunkBuster\COD4\pb\pbcl.db
-8.3s C:\Users\Aleš\AppData\Local\PunkBuster\COD4\pb\pbcl.dll
-8.3s C:\Users\Aleš\AppData\Local\PunkBuster\COD4\pb\pbag.dll
-8.2s C:\Users\Aleš\AppData\Local\PunkBuster\COD4\pb\scrnshot\
-8.2s C:\Users\Aleš\AppData\Local\PunkBuster\COD4\pb\dll\
-8.2s C:\Users\Aleš\AppData\Local\PunkBuster\COD4\pb\htm\
-8.1s C:\Users\Aleš\AppData\Local\PunkBuster\COD4\pb\PnkBstrB.exe
-4.7s C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7B8944BA8AD0EFDF0E01A43EF62BECD0_300E3B4CF5BE6AE01CD6E8C7B0100089
-4.7s C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7B8944BA8AD0EFDF0E01A43EF62BECD0_300E3B4CF5BE6AE01CD6E8C7B0100089
0.0s C:\Users\Aleš\AppData\Local\PunkBuster\COD4\pb\PnkBstrK.sys
0.0s C:\Users\Aleš\AppData\Local\PunkBuster\COD4\pb\PnkBstrA.exe
C:\Users\Aleš\GSplay\counter-strike\cstrike\dlls\mp.dll
Size . . . . . . . : 1 316 152 bytes
Age . . . . . . . : 13.7 days (2014-05-28 20:14:45)
Entropy . . . . . : 6.7
SHA-256 . . . . . : B995320A5053343062590F3F144C64FA1E0A73608EA6EA41888E20E4E58750B6
RSA Key Size . . . : 1024
Authenticode . . . : Invalid
Fuzzy . . . . . . : 27.0
Program is altered or corrupted since it was code signed by its author. This is typical for malware and pirated software.
Authors name is missing in version info. This is not common to most programs.
Version control is missing. This file is probably created by an individual. This is not typical for most programs.
Time indicates that the file appeared recently on this computer.
C:\Users\Aleš\GSplay\counter-strike\hw.dll
Size . . . . . . . : 1 840 440 bytes
Age . . . . . . . : 13.7 days (2014-05-28 20:15:01)
Entropy . . . . . : 6.8
SHA-256 . . . . . : 7802A1FCC2AB1749399E455FAAE907C0DF3194386160DC4FA0164C427662FDC2
RSA Key Size . . . : 1024
Authenticode . . . : Invalid
Fuzzy . . . . . . : 27.0
Program is altered or corrupted since it was code signed by its author. This is typical for malware and pirated software.
Authors name is missing in version info. This is not common to most programs.
Version control is missing. This file is probably created by an individual. This is not typical for most programs.
Time indicates that the file appeared recently on this computer.
C:\Users\Aleš\GSplay\counter-strike\swds.dll
Size . . . . . . . : 1 668 968 bytes
Age . . . . . . . : 13.7 days (2014-05-28 20:15:08)
Entropy . . . . . : 6.9
SHA-256 . . . . . : B4F7C407482FC016E7D77CB0D1AEDAA99E11154B836D6FE3EDA282212504BCEF
RSA Key Size . . . : 1024
Authenticode . . . : Invalid
Fuzzy . . . . . . : 27.0
Program is altered or corrupted since it was code signed by its author. This is typical for malware and pirated software.
Authors name is missing in version info. This is not common to most programs.
Version control is missing. This file is probably created by an individual. This is not typical for most programs.
Time indicates that the file appeared recently on this computer.