Hitman Pro Support and Discussion Thread

[jmonge]

is getting better and better and stronger and stronger

[Sampei Nihira]

Quote:

Originally Posted by erikloman

Can you send me the hash? If you double click the item in HitmanPro you will get more details.

Send private message.

______________________________

FP solved
TH Erik.

[G1111]

No problems here with latest Beta, Window 7 Home Premium SP x86.

[Mops21]

Hi Erik

I have some other Files for you for whitelist

[Mops21]

Hi Erik

Here is the Scan Log

Code:

HitmanPro 3.7.3.194
www.hitmanpro.com

   Computer name . . . . : ALEXANDERROB-PC
   Windows . . . . . . . : 6.0.2.6002.X86/2
   User name . . . . . . : AlexanderRob-PC\Alexander Robrecht
   UAC . . . . . . . . . : Enabled
   License . . . . . . . : Free

   Scan date . . . . . . : 2013-05-17 19:36:28
   Scan mode . . . . . . : EWS
   Scan duration . . . . : 6m 32s
   Disk access mode  . . : Direct disk access (SRB)
   Cloud . . . . . . . . : Internet
   Reboot  . . . . . . . : No

   Threats . . . . . . . : 0
   Traces  . . . . . . . : 14

   Objects scanned . . . : 3.951.098
   Files scanned . . . . : 65.210
   Remnants scanned  . . : 2.329.864 files / 1.556.024 keys

Suspicious files ____________________________________________________________

   C:\Users\Alexander Robrecht\AppData\Local\Opera\Opera\cache\g_0003\opr02GTX.tmp
      Size . . . . . . . : 2.533.380 bytes
      Age  . . . . . . . : 3.1 days (2013-05-14 16:31:01)
      Entropy  . . . . . : 8.0
      SHA-256  . . . . . : 0278CA43469653C69C3145E7C8A3034FD67045A275D33C5B51208179B9A80303
      Fuzzy  . . . . . . : 22.0
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         The file name extension of this program is not common.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Time indicates that the file appeared recently on this computer.
         Program contains PE structure anomalies. This is not typical for most programs.
      Forensic Cluster
         -23.2s C:\Users\Alexander Robrecht\AppData\Local\Opera\Opera\cache\g_0003\opr02GSS.tmp
         -20.6s C:\Users\Alexander Robrecht\Desktop\Adobe Reader 11.0.3.exe
          0.0s C:\Users\Alexander Robrecht\AppData\Local\Opera\Opera\cache\g_0003\opr02GTX.tmp
         13.4s C:\Users\Alexander Robrecht\AppData\Local\Opera\Opera\cache\g_0003\opr02GV0.tmp


Early Warning Scoring _______________________________________________________

   C:\Windows\system32\ie4uinit.exe
      Size . . . . . . . : 174.080 bytes
      Age  . . . . . . . : 3.0 days (2013-05-14 19:19:44)
      Entropy  . . . . . : 7.3
      SHA-256  . . . . . : F755180707084BB7BD7615162506625F7CB7E438B780A22CCE40DB75E8EF3768
      Product  . . . . . : Windows® Internet Explorer
      Publisher  . . . . : Microsoft Corporation
      Description  . . . : IE Per-User Initialization Utility
      Version  . . . . . : 8.00.6001.19418
      Copyright  . . . . : © Microsoft Corporation. All rights reserved.
      Fuzzy  . . . . . . : 11.0
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Program starts automatically without user intervention.
         Time indicates that the file appeared recently on this computer.
         The file is located in a folder that contains core operating system files from Windows. This is not typical for most programs and is only common to system tools, drivers and hacking utilities.
         The file is protected by Windows File Protection (WFP). This is typical for critical Windows system files.
      Startup
         HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}\
         HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}\

   C:\Windows\System32\iedkcs32.dll
      Size . . . . . . . : 387.584 bytes
      Age  . . . . . . . : 3.0 days (2013-05-14 19:19:45)
      Entropy  . . . . . : 6.0
      SHA-256  . . . . . : 87D8916679C98BB0C086B5096E864AC6317B0E294E4A1FD42A833BEB6F36FBD9
      Product  . . . . . : Windows® Internet Explorer
      Publisher  . . . . : Microsoft Corporation
      Description  . . . : IEAK branding
      Version  . . . . . : 18.00.6001.19418
      Copyright  . . . . : © Microsoft Corporation. All rights reserved.
      Fuzzy  . . . . . . : 6.0
         Program starts automatically without user intervention.
         Time indicates that the file appeared recently on this computer.
         The file is located in a folder that contains core operating system files from Windows. This is not typical for most programs and is only common to system tools, drivers and hacking utilities.
         The file is protected by Windows File Protection (WFP). This is typical for critical Windows system files.
      Startup
         HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}\

   C:\Windows\System32\ieframe.dll
      Size . . . . . . . : 11.111.424 bytes
      Age  . . . . . . . : 3.0 days (2013-05-14 19:19:46)
      Entropy  . . . . . : 6.4
      SHA-256  . . . . . : 841A2DA1F516E4F3D20539A7632E09810BB9F3C7F60DEAED77A6C486B402FF1D
      Product  . . . . . : Windows® Internet Explorer
      Publisher  . . . . : Microsoft Corporation
      Description  . . . : Internet Explorer
      Version  . . . . . : 8.00.6001.19418
      Copyright  . . . . : © Microsoft Corporation. All rights reserved.
      Fuzzy  . . . . . . : 8.0
         Program starts automatically without user intervention.
         Time indicates that the file appeared recently on this computer.
         The file is in use by one or more active processes.
         The file is located in a folder that contains core operating system files from Windows. This is not typical for most programs and is only common to system tools, drivers and hacking utilities.
         The file is protected by Windows File Protection (WFP). This is typical for critical Windows system files.
      Startup
         HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\UrlSearchHooks\{CFBFAE00-17A6-11D0-99CB-00C04FD64497}
         HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\UrlSearchHooks\{CFBFAE00-17A6-11D0-99CB-00C04FD64497}
         HKU\S-1-5-21-911542882-2029379874-2294310465-1000\SOFTWARE\Microsoft\Internet Explorer\UrlSearchHooks\{CFBFAE00-17A6-11D0-99CB-00C04FD64497}
      References
         HKLM\SOFTWARE\Classes\CLSID\{CFBFAE00-17A6-11D0-99CB-00C04FD64497}\
         HKU\S-1-5-21-911542882-2029379874-2294310465-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{CFBFAE00-17A6-11D0-99CB-00C04FD64497}\

[Tarnak]

I did the scan...but?

Code:

HitmanPro 3.7.5.196
www.hitmanpro.com

   Computer name . . . . : XXXYYY
   Windows . . . . . . . : 5.1.3.2600.X86/4
   User name . . . . . . : ***Private information***
   License . . . . . . . : Paid (927 days left)

   Scan date . . . . . . : 2013-05-18 08:09:07
   Scan mode . . . . . . : Normal
   Scan duration . . . . : 11m 35s
   Disk access mode  . . : Direct disk access (SRB)
   Cloud . . . . . . . . : Internet
   Reboot  . . . . . . . : No

   Threats . . . . . . . : 0
   Traces  . . . . . . . : 10

   Objects scanned . . . : 1,984,929
   Files scanned . . . . : 45,707
   Remnants scanned  . . : 1,413,355 files / 525,867 keys

Suspicious files ____________________________________________________________

   C:\System Volume Information\_restore{EAF808E9-A451-4F6F-ACB7-2EE5AF7CB4E6}\RP278\A0336531.exe
      Size . . . . . . . : 121,104 bytes
      Age  . . . . . . . : 3.0 days (2013-05-15 09:17:27)
      Entropy  . . . . . : 6.2
      SHA-256  . . . . . : 0BAD78488EA45FBB337C7355EEE385A315CDECF63EC1A13ADA0B4DCD30C6D47C
      Product  . . . . . : CPUEater Application
      Publisher  . . . . : Bitsum
      Description  . . . : CPUEater Application
      Version  . . . . . : 6.0.3.19
      Copyright  . . . . : Copyright (C) 2010-2013 Bitsum Technologies
      RSA Key Size . . . : 2048
      Authenticode . . . : Invalid
      Fuzzy  . . . . . . : 22.0
         Program is altered or corrupted since it was code signed by its author. This is typical for malware and pirated software.
         Time indicates that the file appeared recently on this computer.
      Forensic Cluster
         -0.0s C:\System Volume Information\_restore{EAF808E9-A451-4F6F-ACB7-2EE5AF7CB4E6}\RP278\A0336530.exe
          0.0s C:\System Volume Information\_restore{EAF808E9-A451-4F6F-ACB7-2EE5AF7CB4E6}\RP278\A0336531.exe
          0.0s C:\System Volume Information\_restore{EAF808E9-A451-4F6F-ACB7-2EE5AF7CB4E6}\RP278\A0336532.exe
          0.2s C:\System Volume Information\_restore{EAF808E9-A451-4F6F-ACB7-2EE5AF7CB4E6}\RP278\A0336533.exe
          0.3s C:\System Volume Information\_restore{EAF808E9-A451-4F6F-ACB7-2EE5AF7CB4E6}\RP278\A0336534.exe
          0.3s C:\System Volume Information\_restore{EAF808E9-A451-4F6F-ACB7-2EE5AF7CB4E6}\RP278\A0336535.exe
          0.4s C:\System Volume Information\_restore{EAF808E9-A451-4F6F-ACB7-2EE5AF7CB4E6}\RP278\A0336536.exe
          0.5s C:\System Volume Information\_restore{EAF808E9-A451-4F6F-ACB7-2EE5AF7CB4E6}\RP278\A0336537.exe
          0.6s C:\System Volume Information\_restore{EAF808E9-A451-4F6F-ACB7-2EE5AF7CB4E6}\RP278\A0336538.exe
          0.7s C:\System Volume Information\_restore{EAF808E9-A451-4F6F-ACB7-2EE5AF7CB4E6}\RP278\A0336539.exe
          0.8s C:\System Volume Information\_restore{EAF808E9-A451-4F6F-ACB7-2EE5AF7CB4E6}\RP278\A0336540.exe
          0.8s C:\System Volume Information\_restore{EAF808E9-A451-4F6F-ACB7-2EE5AF7CB4E6}\RP278\A0336541.exe
          0.9s C:\System Volume Information\_restore{EAF808E9-A451-4F6F-ACB7-2EE5AF7CB4E6}\RP278\A0336542.dll
          1.0s C:\System Volume Information\_restore{EAF808E9-A451-4F6F-ACB7-2EE5AF7CB4E6}\RP278\A0336543.dll
          1.0s C:\System Volume Information\_restore{EAF808E9-A451-4F6F-ACB7-2EE5AF7CB4E6}\RP278\A0336544.dll
          1.1s C:\System Volume Information\_restore{EAF808E9-A451-4F6F-ACB7-2EE5AF7CB4E6}\RP278\A0336545.dll
          1.3s C:\System Volume Information\_restore{EAF808E9-A451-4F6F-ACB7-2EE5AF7CB4E6}\RP278\A0336546.dll
          1.3s C:\System Volume Information\_restore{EAF808E9-A451-4F6F-ACB7-2EE5AF7CB4E6}\RP278\A0336547.dll
          1.4s C:\System Volume Information\_restore{EAF808E9-A451-4F6F-ACB7-2EE5AF7CB4E6}\RP278\A0336548.dll
          1.6s C:\System Volume Information\_restore{EAF808E9-A451-4F6F-ACB7-2EE5AF7CB4E6}\RP278\A0336549.dll
          1.7s C:\System Volume Information\_restore{EAF808E9-A451-4F6F-ACB7-2EE5AF7CB4E6}\RP278\A0336550.dll
          1.8s C:\System Volume Information\_restore{EAF808E9-A451-4F6F-ACB7-2EE5AF7CB4E6}\RP278\A0336551.dll
          1.8s C:\System Volume Information\_restore{EAF808E9-A451-4F6F-ACB7-2EE5AF7CB4E6}\RP278\A0336552.dll
          1.9s C:\System Volume Information\_restore{EAF808E9-A451-4F6F-ACB7-2EE5AF7CB4E6}\RP278\A0336553.dll
          2.1s C:\System Volume Information\_restore{EAF808E9-A451-4F6F-ACB7-2EE5AF7CB4E6}\RP278\A0336554.dll
          2.1s C:\System Volume Information\_restore{EAF808E9-A451-4F6F-ACB7-2EE5AF7CB4E6}\RP278\A0336555.dll
          2.2s C:\System Volume Information\_restore{EAF808E9-A451-4F6F-ACB7-2EE5AF7CB4E6}\RP278\A0336556.dll
          2.3s C:\System Volume Information\_restore{EAF808E9-A451-4F6F-ACB7-2EE5AF7CB4E6}\RP278\A0336557.dll
          8.5s C:\System Volume Information\_restore{EAF808E9-A451-4F6F-ACB7-2EE5AF7CB4E6}\RP278\A0336558.exe

BTW, I have since deleted C:\System Volume Information\_restore{EAF808E9-A451-4F6F-ACB7-2EE5AF7CB4E6}\RP278\A0336531.exe

[BoerenkoolMetWorst]

Beta working fine here, got a strange detection today from a scheduled scan with build 193 though:
Name healthreport.sqlite-shm
Location C:\Users\Username\AppData\Roaming\Mozilla\Firefox\Profiles\1t5j3ivs.default
Size 32.0 KB
Time 0.2 days ago (2013-05-18 10:23:23)
Entropy 6.2
Product HitmanPro 3.7
Description HitmanPro 3.7 Support Driver
Version 1.3.7.6
Copyright © 2012 SurfRight B.V.
SHA-256 DFE35D9DF11BD68AD2767C01CD49B859EF5D4A220F589D45A146190DE6693D7E

Scoring (49.0)
The file is hidden from Windows API. This is typical for malware.
The file is completely hidden from view and most antivirus products. It may belong to a rootkit.
The file name extension of this program is not common.
Time indicates that the file appeared recently on this computer.
The file is in use by one or more active processes.
Authors name is missing in version info. This is not common to most programs.
The file is a device driver. Device drivers run as trusted (highly privileged) code.

[lucien_phoenix]

Quote:

Originally Posted by forwhatitsworth

Hello guys,

I have been using HitmanPro for a while without any problems. Since the last two scans I get a message that I don't understand (see screenshot).

It reads


The only option is repair. But I dont want to do that because no file is indicated and I dont want to corrupt my system.

Can anyone help me?

Thank you!

i'm still using Hitman Pro (Year Licens Renewel),a view week ago,after a standard
Hitman Scan, i got the Same Message from Hitman (was a old
3 Match casual Game).And i push the Button (Repair),and i got an sweet
BSOD(i never had some before)maybe there a old traces from the game
i dont know,people say it was the restof this game that causes this bsod.
whats right whats wrong.?
--------
Stop:

0x0000007E (0x0000005,0x00000000,0x8E98BC00,0x8E98B7E0)
--------

i never hat problems with HitmanPro on my Windows 7 Machine,i love
HitmanPro.

Greets

Lucien

PS*sorry for my broken English

[erikloman]

Quote:

Originally Posted by lucien_phoenix

i'm still using Hitman Pro (Year Licens Renewel),a view week ago,after a standard
Hitman Scan, i got the Same Message from Hitman (was a old
3 Match casual Game).And i push the Button (Repair),and i got an sweet
BSOD(i never had some before)maybe there a old traces from the game
i dont know,people say it was the restof this game that causes this bsod.
whats right whats wrong.?
Stop:

0x0000007E (0x0000005,0x00000000,0x8E98BC00,0x8E98B7E0)
--------

i never hat problems with HitmanPro on my Windows 7 Machine,i love
HitmanPro.

Greets

Lucien

PS*sorry for my broken English

Can you send the minidump from c:\windows\minidumps\ folder?

[THESAWISFAMILY2005]

love the program wish they would come out with a free version and not just a trial

[lucien_phoenix]

Quote:

Originally Posted by erikloman

Can you send the minidump from c:\windows\minidumps\ folder?

Sorry for being a fool bro,this was a old Install,and i forgot to backup this
Minidump,than view days later i made a new install on my machine.Ok i have
to wait hoping that Mess not happens again,and i swear,will this happens
again(i hope not),i will do that Backup.So i said basically i dont have any
Problems with Hitman Pro never,so there is a good Chance that this Mess
not happens again,it might be possible that this BSOD causes from a
very unlucky Situation an Configuration at this Time.Will this in some Way
happens again,i made this Backup,you can count on me.

Greets

Lucien

[mattdocs12345]

Quote:

Originally Posted by yashau

Anyone tried out this new product called Hitman Pro?

Website.
http://www.surfright.nl/en/hitmanpro

Looks promising.

Yes it is very good. Looks very promising. Lol, Im sorry but I couldn't help myself. This thread is so old. HMP should get its own forum section....

[Adric]

Erik,

Did you get a chance to look at this?

Al

[Space Ghost]

HitmenPro on x64 system does not update to a newer version. This isn't the first time!