[code] HitmanPro 3.8.0.295 www.hitmanpro.com Computer name . . . . : DESKTOP-E9AT1EB Windows . . . . . . . : 10.0.0.17134.X64/4 User name . . . . . . : DESKTOP-E9AT1EB\admin UAC . . . . . . . . . : Enabled License . . . . . . . : Trial (31 days left) Scan date . . . . . . : 2018-12-12 13:21:40 Scan mode . . . . . . : Normal Scan duration . . . . : 9m 31s Disk access mode . . : Direct disk access (SRB) Cloud . . . . . . . . : Internet Reboot . . . . . . . : No Threats . . . . . . . : 2 Traces . . . . . . . : 15 Objects scanned . . . : 2,437,008 Files scanned . . . . : 143,870 Remnants scanned . . : 679,995 files / 1,613,143 keys Malware _____________________________________________________________________ C:\Users\admin\AppData\Roaming\ZHP\Quarantine\ZHPCleaner\SECOH-QAD.dll -> Quarantined Size . . . . . . . : 3,584 bytes Age . . . . . . . : 754.5 days (2016-11-18 00:51:00) Entropy . . . . . : 3.2 SHA-256 . . . . . : 0398221231CFF97E1FDC03D357AC4610AFB8F3CDDE4C90A9EC4D7823B405699E > Kaspersky . . . . : not-a-virus:NetTool.Win64.RPCHook.a Fuzzy . . . . . . : 106.0 C:\Users\admin\Desktop\ACT. WIN 10 MARLON TUTOS\KMSAuto Net.exe -> Deleted Size . . . . . . . : 8,767,160 bytes Age . . . . . . . : 162.3 days (2018-07-03 05:06:25) Entropy . . . . . : 7.1 SHA-256 . . . . . : B8AEC57F7E9C193FCD9796CF22997605624B8B5F9BF5F0C6190E1090D426EE31 Needs elevation . : Yes Product . . . . . : KMSAuto Net Publisher . . . . : MSFree Inc. Description . . . : KMSAuto Net Version . . . . . : 1.4.9 RSA Key Size . . . : 1024 LanguageID . . . . : 0 Authenticode . . . : Self-signed > Bitdefender . . . : Application.Hacktool.ACQ > Kaspersky . . . . : not-a-virus:HEUR:RiskTool.MSIL.HackKMS.gen > HitmanPro . . . . : App/KMSActiv-A Fuzzy . . . . . . : 105.0 Suspicious files ____________________________________________________________ C:\Program Files (x86)\Conan Exiles\ConanSandbox.exe Size . . . . . . . : 419,560 bytes Age . . . . . . . : 14.8 days (2018-11-27 17:18:07) Entropy . . . . . : 6.5 SHA-256 . . . . . : 93EE37AA4A3119A45B255822BD9FCC91FFAF2E8A2158C8958EAC7E419B02EDD6 RSA Key Size . . . : 2048 Authenticode . . . : Invalid Fuzzy . . . . . . : 27.0 Program is altered or corrupted since it was code signed by its author. This is typical for malware and pirated software. Authors name is missing in version info. This is not common to most programs. Version control is missing. This file is probably created by an individual. This is not typical for most programs. Time indicates that the file appeared recently on this computer. References C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Conan Exiles\Conan Exiles.lnk C:\Users\admin\Desktop\Conan Exiles.lnk C:\Program Files (x86)\Conan Exiles\Engine\Binaries\ThirdParty\Steamworks\Steamv138a\Win64\steam_api64.dll Size . . . . . . . : 239,904 bytes Age . . . . . . . : 14.8 days (2018-11-27 17:18:07) Entropy . . . . . : 6.1 SHA-256 . . . . . : 8DD626D1AF18E093E7210CE4DC9C69040B5F84A0856EAEE43CD549296B08CCB3 Product . . . . . : Steam Client API Publisher . . . . : Valve Corporation Description . . . : Steam Client API Version . . . . . : 03.62.82.82 Copyright . . . . : Copyright (C) 2007 RSA Key Size . . . : 2048 LanguageID . . . . : 1033 Authenticode . . . : Invalid Fuzzy . . . . . . : 27.0 Program is altered or corrupted since it was code signed by its author. This is typical for malware and pirated software. File belongs to an identified security risk. Time indicates that the file appeared recently on this computer. C:\Program Files (x86)\Conan Exiles\Engine\Binaries\ThirdParty\Steamworks\Steamv138a\Win64\steamclient64.dll Size . . . . . . . : 6,329,080 bytes Age . . . . . . . : 14.8 days (2018-11-27 17:50:22) Entropy . . . . . : 7.9 SHA-256 . . . . . : 5F8493AEF401D5B21701EE74DDBDF9CA5CB1BD66E79E5AE979659F0C53669FBB Product . . . . . : Steam Client API Publisher . . . . : Valve Corporation Description . . . : Steam Client API (buildbot_winslave007@WUS) Version . . . . . : 01.0.1.17 Copyright . . . . : Copyright (C) NisCkxU544c RSA Key Size . . . : 2048 LanguageID . . . . : 1033 Authenticode . . . : Invalid Fuzzy . . . . . . : 30.0 Program is altered or corrupted since it was code signed by its author. This is typical for malware and pirated software. File belongs to an identified security risk. Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs. Time indicates that the file appeared recently on this computer. Forensic Cluster -0.2s C:\Program Files (x86)\Conan Exiles\Engine\Binaries\ThirdParty\Steamworks\Steamv138a\Win64\GameOverlayRenderer64.dll -0.1s C:\Program Files (x86)\Conan Exiles\Engine\Binaries\ThirdParty\Steamworks\Steamv138a\Win64\codex64.dll -0.1s C:\Program Files (x86)\Conan Exiles\Engine\Binaries\ThirdParty\Steamworks\Steamv138a\Win64\steam_api64.cdx -0.0s C:\Program Files (x86)\Conan Exiles\Engine\Binaries\ThirdParty\Steamworks\Steamv138a\Win64\steam_emu.ini 0.0s C:\Program Files (x86)\Conan Exiles\Engine\Binaries\ThirdParty\Steamworks\Steamv138a\Win64\steamclient64.dll C:\Users\admin\Desktop\FRST64 (1).exe Size . . . . . . . : 2,417,152 bytes Age . . . . . . . : 0.5 days (2018-12-12 01:23:37) Entropy . . . . . : 7.6 SHA-256 . . . . . : 4781CB7B650488377E589A01B487138D795E545C2427A68FDE156ACB47E55E3D Needs elevation . : Yes Fuzzy . . . . . . : 24.0 Program has no publisher information but prompts the user for permission elevation. Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs. Authors name is missing in version info. This is not common to most programs. Version control is missing. This file is probably created by an individual. This is not typical for most programs. Time indicates that the file appeared recently on this computer. C:\Users\admin\Desktop\juegos\Pokemon Titan V1.86\Pokemon Titan V1.86\gif.dll Size . . . . . . . : 32,768 bytes Age . . . . . . . : 333.8 days (2018-01-12 17:46:15) Entropy . . . . . : 5.7 SHA-256 . . . . . : C388F705424AC6EFE60F9BBA0D6F83F0D9A7F4D8E37513BB51587D3721F25221 Fuzzy . . . . . . : 25.0 The .reloc (relocation) section in this program contains code. This is an indication of malware infection. Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs. Authors name is missing in version info. This is not common to most programs. Version control is missing. This file is probably created by an individual. This is not typical for most programs. Program contains PE structure anomalies. This is not typical for most programs. C:\Users\admin\Desktop\juegos\Pokemon Titan V1.86\Pokemon Titan V1.86\rubyscreen.dll Size . . . . . . . : 28,160 bytes Age . . . . . . . : 333.8 days (2018-01-12 17:46:37) Entropy . . . . . : 5.6 SHA-256 . . . . . : 777055E7400B49941CC083F86343C8BB5C8C067021B32435809E87E4BEBE3807 Fuzzy . . . . . . : 25.0 The .reloc (relocation) section in this program contains code. This is an indication of malware infection. Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs. Authors name is missing in version info. This is not common to most programs. Version control is missing. This file is probably created by an individual. This is not typical for most programs. Program contains PE structure anomalies. This is not typical for most programs. C:\Users\admin\Downloads\FRST64 (1).exe Size . . . . . . . : 2,417,152 bytes Age . . . . . . . : 0.5 days (2018-12-12 01:23:27) Entropy . . . . . : 7.6 SHA-256 . . . . . : 4781CB7B650488377E589A01B487138D795E545C2427A68FDE156ACB47E55E3D Needs elevation . : Yes Fuzzy . . . . . . : 24.0 Program has no publisher information but prompts the user for permission elevation. Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs. Authors name is missing in version info. This is not common to most programs. Version control is missing. This file is probably created by an individual. This is not typical for most programs. Time indicates that the file appeared recently on this computer. C:\Users\admin\Downloads\FRST64.exe Size . . . . . . . : 2,417,152 bytes Age . . . . . . . : 0.7 days (2018-12-11 20:41:15) Entropy . . . . . : 7.6 SHA-256 . . . . . : 4781CB7B650488377E589A01B487138D795E545C2427A68FDE156ACB47E55E3D Needs elevation . : Yes Fuzzy . . . . . . : 24.0 Program has no publisher information but prompts the user for permission elevation. Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs. Authors name is missing in version info. This is not common to most programs. Version control is missing. This file is probably created by an individual. This is not typical for most programs. Time indicates that the file appeared recently on this computer. Potential Unwanted Programs _________________________________________________ HKLM\SOFTWARE\Classes\Software.OneClickProcessLauncherMachine.1.0\ (BoxoreOU) -> Deleted HKLM\SOFTWARE\Classes\Software.OneClickProcessLauncherMachine\ (BoxoreOU) -> Deleted HKLM\SOFTWARE\Reimage\ (ReimageRepair) -> Deleted [/code]