Hitman Pro Support and Discussion Thread

Discussion in 'other anti-malware software' started by yashau, Mar 20, 2009.

  1. Theblackstar

    Theblackstar Registered Member

    Joined:
    Mar 27, 2016
    Posts:
    36
    Location:
    Italia
    UP.

    [codice]
    HitmanPro 3.8.0.292
    www.hitmanpro.com

    Nome del computer . . . . :
    Finestre . . . . . . . : 10.0.0.16299.X64 / 4
    Nome utente . . . . . :
    UAC. . . . . . . . . : Abilitato
    Licenza . . . . . . . : Pagato (225 giorni rimanenti)

    Data di scansione. . . . . . : 2018-02-23 18:54:17
    Modalità di scansione. . . . . . : Normale
    Durata della scansione . . . : 5m 20s
    Modalità di accesso al disco. . : Accesso diretto al disco (SRB)
    Nube . . . . . . . . : Internet
    Riavvia. . . . . . . : No

    Minacce . . . . . . . : 0
    Tracce . . . . . . : 5

    Oggetti scansionati . . . : 1.626.032
    File scansionati. . . . : 17.364
    Resti scansionati. . : 236.008 file / 1.372.660 chiavi

    Miniport ____________________________________________________________________

    Primario
    DriverObject. . . : FFFFE10ABAF9E370
    DriverName. . . . : \ Driver \ iaStorA
    DriverPath. . . . : \ SystemRoot \ System32 \ drivers \ iaStorA.sys
    StartIo. . . . . : 0000000000000000 +0
    IRP_MJ_SCSI. . . : FFFFF80AAD7D8560 \ ?? \ C: \ Windows \ system32 \ drivers \ hmpalert.sys + 165216
    Soluzione
    DriverObject. . . : FFFFE10ABAF9E370
    DriverName. . . . : \ Driver \ iaStorA
    DriverPath. . . . : \ SystemRoot \ System32 \ drivers \ iaStorA.sys
    StartIo. . . . . : 0000000000000000 +0
    IRP_MJ_SCSI. . . : FFFFF80AAC247280 \ SystemRoot \ System32 \ drivers \ storport.sys + 29312

    Documenti sospetti ____________________________________________________________

    C: \ Users \ Claudio \ AppData \ Roaming \ uTorrent \ uTorrent.exe
    Dimensione . . . . . . . : 2.151.864 byte
    Età . . . . . . : 87,9 giorni (27-11-2017 21:02:31)
    Entropia. . . . . : 8.0
    SHA-256. . . . . : 6B3E21D568C9305C5AB205341C6D0F943CBEC5F8F04B67D9D7230F1F1E40F8F2
    Prodotto . . . . . : μTorrent
    Editore . . . : BitTorrent Inc.
    Descrizione . . : μTorrent
    Versione . . . . : 3.5.3.44358
    Diritto d'autore . . . . : © 2018 BitTorrent, Inc. Tutti i diritti riservati.
    Dimensione chiave RSA. . . : 2048
    LanguageID. . . . : 1033
    Authenticode. . . : Valido
    Sfocato. . . . . . : 26,0
    Il file è completamente nascosto dalla vista e dalla maggior parte dei prodotti antivirus. Potrebbe appartenere a un rootkit.
    L'entropia (o casualità) indica che il programma è crittografato, compresso o offuscato. Questo non è tipico per la maggior parte dei programmi.
    Utilizza il registro di Windows per eseguire ogni volta che l'utente accede.
    Il programma si avvia automaticamente senza l'intervento dell'utente.
    Il programma è firmato con un certificato Authenticode valido.
    Avviare
    HKU \ S-1-5-21-2929277839-300365066-2798696797-1001 \ Software \ Microsoft \ Windows \ CurrentVersion \ Run \ uTorrent
    Riferimenti
    C: \ Users \ Claudio \ AppData \ Roaming \ Microsoft \ Internet Explorer \ Avvio rapido \ Utente appuntato \ TaskBar \ μTorrent.lnk
    C: \ Users \ Claudio \ AppData \ Roaming \ Microsoft \ Internet Explorer \ Avvio rapido \ μTorrent.lnk
    C: \ Users \ Claudio \ AppData \ Roaming \ Microsoft \ Windows \ Menu Avvio \ uTorrent.lnk



    [/codice]
     
  2. hayc59

    hayc59 Updates Team

    Joined:
    Feb 9, 2002
    Posts:
    2,841
    Location:
    KEEP USA GREAT
    Does this program install or more of a portable one?
     
  3. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    14,881
    Location:
    Slovenia, EU
    You can run it only to scan (without installation) or install it. Even if installed there is nothing running in real time, it's still on demand scanner only, but this way you can use right click option to scan files and folders.
     
  4. Theblackstar

    Theblackstar Registered Member

    Joined:
    Mar 27, 2016
    Posts:
    36
    Location:
    Italia
    Question uTorrent: for information, by Victor Van Hillo (Hitmanpro)

    "It's not a problem, default action is Ignore. We can whitelist the SHA256 in the backend. I will whitelist on Monday".

    Problem solved, good weekend to all users.

     
  5. Krusty

    Krusty Registered Member

    Joined:
    Feb 3, 2012
    Posts:
    10,209
    Location:
    Among the gum trees
    What was the outcome of this? I just noticed I've got 3.7 and 3.8 installed but I was fairly sure I didn't have when I was reading the older posts about it.
     

    Attached Files:

  6. cruelsister

    cruelsister Registered Member

    Joined:
    Nov 6, 2007
    Posts:
    1,649
    Location:
    Paris
    Just an observation on the current HMP version- Although the Early Bird may catch the Worm, HMP certainly does not.
     
  7. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,590
    Please elaborate, especially for the developers. This comment says nothing.

    Thanks
     
  8. cruelsister

    cruelsister Registered Member

    Joined:
    Nov 6, 2007
    Posts:
    1,649
    Location:
    Paris
    Nothing I haven't done before (and have been ignored by the Devs), but a Secondary scanner Worm shoot out may be done in April (not that anyone cares...).
     
  9. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,590
    There are those that care. Includes me
     
  10. mattdocs12345

    mattdocs12345 Registered Member

    Joined:
    Mar 23, 2013
    Posts:
    1,892
    Location:
    US
    Okay 3 days into HMPA and I like it quite a bit. Very easy on resources.
     
  11. cyberlost24

    cyberlost24 Registered Member

    Joined:
    Mar 11, 2004
    Posts:
    145
    Are you really talking HMPA...this thread is for HMP....TWO (2) different animals!!
     
  12. mattdocs12345

    mattdocs12345 Registered Member

    Joined:
    Mar 23, 2013
    Posts:
    1,892
    Location:
    US
    HMPA has HMP scanner in it. But yeah, you are right wrong thread.
     
  13. Hijin25

    Hijin25 Registered Member

    Joined:
    Jun 15, 2017
    Posts:
    17
    Location:
    México
    When performing the scanner with hitmanpro, it tries to load the file em023_64.dll, belonging to ESET, to the cloud, but the load fails. I do not understand at first, because it tries to load this ESET file, which I think has to do with the virus signature, and second, because the load fails. This started to appear today, and only happens on my PC with 64-bit windows 7.
     
  14. Page42

    Page42 Registered Member

    Joined:
    Jun 18, 2007
    Posts:
    6,941
    Location:
    USA
    Same for me. And then there is no record of the fail. Today was first day I've encountered it. It is a new file, 10.3 MB in size. I uploaded it to Virus Total no problem.
     
    Last edited: Mar 21, 2018
  15. Dragon1952

    Dragon1952 Registered Member

    Joined:
    Sep 16, 2012
    Posts:
    2,469
    Location:
    Hollow Earth - Telos
    Hitmanpro gets hung up and stalls when classifying winnhlp32.exe during scan.
     
  16. Stupendous Man

    Stupendous Man Registered Member

    Joined:
    Aug 1, 2010
    Posts:
    2,840
    Location:
    the Netherlands
    Do you really mean winnhlp32.exe, or did you mean winhlp32.exe?
    I don't think winnhlp32.exe is on my Windows 7 x64 system.
    winhlp32.exe is classified with no issues, scanning with HMP, on my Windows 7 x64 system.
    Have you tried a second time?
     
  17. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    14,881
    Location:
    Slovenia, EU
    Is this at the end of the scan? Indicator comes right to the end, but scan is not finished yet? I've had similar experience in past. It's not file scanning that is causing a problem but as I remember HMP is waiting for answer form their server. Scan indicator would stop and show last scanned file so it would seem like it's winhlp32.exe or any other file that was last scanned.
     
  18. Dragon1952

    Dragon1952 Registered Member

    Joined:
    Sep 16, 2012
    Posts:
    2,469
    Location:
    Hollow Earth - Telos
    I thought the scan might be waiting for something from the server or cloud, but it stalled for 2 or 3 minutes so i canceled the scan. I started the scan again and the same thing happened so i canceled the scan again after a few minutes. It stalled on a known file, so i thought that maybe the cloud was busy and backed up with work.
     
  19. Dragon1952

    Dragon1952 Registered Member

    Joined:
    Sep 16, 2012
    Posts:
    2,469
    Location:
    Hollow Earth - Telos
    I just scanned again for a third time and it did not get hung up and ended in 47 seconds this time. Not sure if the file was win or winn. I did a google search on winn so that is what it looked like to me, because i doubled checked the spelling before i searched for it.
     
  20. Nicodemus75

    Nicodemus75 Registered Member

    Joined:
    Apr 29, 2018
    Posts:
    1
    Location:
    Isla de Muerte
    Attempted to run a scan with Hitman Pro, it begins the scan for a few seconds (5) and crashes.

    Win 7 Ultimate 64 bit

    I've looked a bit through the forums, and I see that others have had crashes, but I couldn't find any like this. I have tried from local HDDs and from USB. Same crash occurs.https://imgur.com/c0B1DGf
    Any help?
     
  21. ronald739

    ronald739 Registered Member

    Joined:
    Nov 9, 2011
    Posts:
    130
    Location:
    Australia
    I know it is a new Win 10 build, thought I let the Dev's know.

    After upgrading to Win 10X64 1803 / 17134.1 I'm getting a Suspicious File on "C:\WINDOWS\system32\svchost.exe".

    Code:
    HitmanPro 3.8.0.292
    www.hitmanpro.com
       Computer name . . . . : ASUS-DESKTOP
       Windows . . . . . . . : 10.0.0.17134.X64/4
       User name . . . . . . : ASUS-DESKTOP\ronal
       UAC . . . . . . . . . : Enabled
       License . . . . . . . : Free
       Scan date . . . . . . : 2018-05-01 17:38:46
       Scan mode . . . . . . : Normal
       Scan duration . . . . : 8m 13s
       Disk access mode  . . : Direct disk access (SRB)
       Cloud . . . . . . . . : Internet
       Reboot  . . . . . . . : No
       Threats . . . . . . . : 0
       Traces  . . . . . . . : 302
       Objects scanned . . . : 1,802,551
       Files scanned . . . . : 27,121
       Remnants scanned  . . : 626,475 files / 1,148,955 keys
    Suspicious files ____________________________________________________________
       C:\Users\ronal\Desktop\FRST-OlderVersion\FRST64.exe
          Size . . . . . . . : 2,404,352 bytes
          Age  . . . . . . . : 6.2 days (2018-04-25 13:23:50)
          Entropy  . . . . . : 7.6
          SHA-256  . . . . . : 1E9E66BD822F45313889F5E7E4C86E8076AEB92A578EC68C75A53A693B3E5436
          Needs elevation  . : Yes
          Fuzzy  . . . . . . : 24.0
             Program has no publisher information but prompts the user for permission elevation.
             Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
             Authors name is missing in version info. This is not common to most programs.
             Version control is missing. This file is probably created by an individual. This is not typical for most programs.
             Time indicates that the file appeared recently on this computer.
          Forensic Cluster
             -0.3s C:\Windows.old\Windows\Prefetch\PICKERHOST.EXE-B8A68B3C.pf
              0.0s C:\Users\ronal\Desktop\FRST-OlderVersion\FRST64.exe
              0.0s C:\Users\ronal\Desktop\FRST64.exe
              2.3s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Store\B188CB15620CB5A9CD7E5AB985271159
       C:\Users\ronal\Desktop\FRST64.exe
          Size . . . . . . . : 2,405,888 bytes
          Age  . . . . . . . : 6.2 days (2018-04-25 13:23:50)
          Entropy  . . . . . : 7.6
          SHA-256  . . . . . : 94625159B98EE547433B2007873C5D5280C8AC861957F6532AB3DE55C13E7362
          Needs elevation  . : Yes
          Fuzzy  . . . . . . : 24.0
             Program has no publisher information but prompts the user for permission elevation.
             Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
             Authors name is missing in version info. This is not common to most programs.
             Version control is missing. This file is probably created by an individual. This is not typical for most programs.
             Time indicates that the file appeared recently on this computer.
          Forensic Cluster
             -0.3s C:\Windows.old\Windows\Prefetch\PICKERHOST.EXE-B8A68B3C.pf
              0.0s C:\Users\ronal\Desktop\FRST-OlderVersion\FRST64.exe
              0.0s C:\Users\ronal\Desktop\FRST64.exe
              2.3s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Store\B188CB15620CB5A9CD7E5AB985271159
       C:\WINDOWS\system32\svchost.exe
          Size . . . . . . . : 51,288 bytes
          Age  . . . . . . . : 0.2 days (2018-05-01 12:11:16)
          Entropy  . . . . . : 6.1
          SHA-256  . . . . . : C9A28DC8004C3E043CBF8E3A194FDA2B756CE90740DF2175488337281B485F69
          Product  . . . . . : Microsoft® Windows® Operating System
          Publisher  . . . . : Microsoft Corporation
          Description  . . . : Host Process for Windows Services
          Version  . . . . . : 10.0.17134.1
          Copyright  . . . . : © Microsoft Corporation. All rights reserved.
          RSA Key Size . . . : 2048
          Service  . . . . . : WpnUserService_35ea5
          Process Type . . . : Critical
          LanguageID . . . . : 1033
          Authenticode . . . : Valid
          Running processes  : 340, 544, 900, 912, 928, 1124, 1164, 1336, 1356, 1472, 1480, 1524, 1536, 1544, 1560, 1576, 1652, 1752, 1804, 1824, 1832, 1896, 2084, 2188, 2196, 2204, 2224, 2252, 2300, 2332, 2344, 2548, 2620, 2632, 2664, 2752, 3112, 3240, 3256, 3272, 3336, 3356, 3404, 3476, 3504, 3524, 3680, 3936, 3968, 4024, 4028, 4080, 5628, 5952, 6032, 6156, 6184, 6808, 7196, 7744, 8336, 8848, 9372, 9556, 9644, 9984, 10080
          Fuzzy  . . . . . . : 26.0
             The file is completely hidden from view and most antivirus products. It may belong to a rootkit.
             This program is actively listening for inbound network connections.
             Program starts automatically without user intervention.
             Time indicates that the file appeared recently on this computer.
             The file is in use by one or more active processes.
             The file is located in a folder that contains core operating system files from Windows. This is not typical for most programs and is only common to system tools, drivers and hacking utilities.
             Starts automatically as a service during system bootup.
             This file's process is marked as system critical.
             The file is protected by Windows File Protection (WFP). This is typical for critical Windows system files.
             Program is code signed with a valid Authenticode certificate.
          Startup
             HKLM\SYSTEM\ControlSet001\Services\BcastDVRUserService_35ea5\
             HKLM\SYSTEM\ControlSet001\Services\BluetoothUserService_35ea5\
             HKLM\SYSTEM\ControlSet001\Services\CDPUserSvc_35ea5\
             HKLM\SYSTEM\ControlSet001\Services\DevicePickerUserSvc_35ea5\
             HKLM\SYSTEM\ControlSet001\Services\DevicesFlowUserSvc_35ea5\
             HKLM\SYSTEM\ControlSet001\Services\MessagingService_35ea5\
             HKLM\SYSTEM\ControlSet001\Services\OneSyncSvc_35ea5\
             HKLM\SYSTEM\ControlSet001\Services\PimIndexMaintenanceSvc_35ea5\
             HKLM\SYSTEM\ControlSet001\Services\PrintWorkflowUserSvc_35ea5\
             HKLM\SYSTEM\ControlSet001\Services\UnistoreSvc_35ea5\
             HKLM\SYSTEM\ControlSet001\Services\UserDataSvc_35ea5\
             HKLM\SYSTEM\ControlSet001\Services\WpnUserService_35ea5\
             HKLM\SYSTEM\CurrentControlSet\Services\AJRouter\
             HKLM\SYSTEM\CurrentControlSet\Services\AppIDSvc\
             HKLM\SYSTEM\CurrentControlSet\Services\Appinfo\
             HKLM\SYSTEM\CurrentControlSet\Services\AppReadiness\
             HKLM\SYSTEM\CurrentControlSet\Services\AppXSvc\
             HKLM\SYSTEM\CurrentControlSet\Services\AudioEndpointBuilder\
             HKLM\SYSTEM\CurrentControlSet\Services\Audiosrv\
             HKLM\SYSTEM\CurrentControlSet\Services\AxInstSV\
             HKLM\SYSTEM\CurrentControlSet\Services\BcastDVRUserService\
             HKLM\SYSTEM\CurrentControlSet\Services\BcastDVRUserService_27f62e\
             HKLM\SYSTEM\CurrentControlSet\Services\BDESVC\
             HKLM\SYSTEM\CurrentControlSet\Services\BFE\
             HKLM\SYSTEM\CurrentControlSet\Services\BITS\
             HKLM\SYSTEM\CurrentControlSet\Services\BluetoothUserService\
             HKLM\SYSTEM\CurrentControlSet\Services\BluetoothUserService_27f62e\
             HKLM\SYSTEM\CurrentControlSet\Services\BrokerInfrastructure\
             HKLM\SYSTEM\CurrentControlSet\Services\Browser\
             HKLM\SYSTEM\CurrentControlSet\Services\BTAGService\
             HKLM\SYSTEM\CurrentControlSet\Services\BthAvctpSvc\
             HKLM\SYSTEM\CurrentControlSet\Services\bthserv\
             HKLM\SYSTEM\CurrentControlSet\Services\camsvc\
             HKLM\SYSTEM\CurrentControlSet\Services\CDPSvc\
             HKLM\SYSTEM\CurrentControlSet\Services\CDPUserSvc\
             HKLM\SYSTEM\CurrentControlSet\Services\CDPUserSvc_27f62e\
             HKLM\SYSTEM\CurrentControlSet\Services\CertPropSvc\
             HKLM\SYSTEM\CurrentControlSet\Services\ClipSVC\
             HKLM\SYSTEM\CurrentControlSet\Services\CoreMessagingRegistrar\
             HKLM\SYSTEM\CurrentControlSet\Services\CryptSvc\
             HKLM\SYSTEM\CurrentControlSet\Services\DcomLaunch\
             HKLM\SYSTEM\CurrentControlSet\Services\defragsvc\
             HKLM\SYSTEM\CurrentControlSet\Services\DeviceAssociationService\
             HKLM\SYSTEM\CurrentControlSet\Services\DeviceInstall\
             HKLM\SYSTEM\CurrentControlSet\Services\DevicePickerUserSvc\
             HKLM\SYSTEM\CurrentControlSet\Services\DevicePickerUserSvc_27f62e\
             HKLM\SYSTEM\CurrentControlSet\Services\DevicesFlowUserSvc\
             HKLM\SYSTEM\CurrentControlSet\Services\DevicesFlowUserSvc_27f62e\
             HKLM\SYSTEM\CurrentControlSet\Services\DevQueryBroker\
             HKLM\SYSTEM\CurrentControlSet\Services\Dhcp\
             HKLM\SYSTEM\CurrentControlSet\Services\diagsvc\
             HKLM\SYSTEM\CurrentControlSet\Services\DiagTrack\
             HKLM\SYSTEM\CurrentControlSet\Services\DmEnrollmentSvc\
             HKLM\SYSTEM\CurrentControlSet\Services\dmwappushservice\
             HKLM\SYSTEM\CurrentControlSet\Services\Dnscache\
             HKLM\SYSTEM\CurrentControlSet\Services\DoSvc\
             HKLM\SYSTEM\CurrentControlSet\Services\dot3svc\
             HKLM\SYSTEM\CurrentControlSet\Services\DPS\
             HKLM\SYSTEM\CurrentControlSet\Services\DsmSvc\
             HKLM\SYSTEM\CurrentControlSet\Services\DsSvc\
             HKLM\SYSTEM\CurrentControlSet\Services\DusmSvc\
             HKLM\SYSTEM\CurrentControlSet\Services\Eaphost\
             HKLM\SYSTEM\CurrentControlSet\Services\embeddedmode\
             HKLM\SYSTEM\CurrentControlSet\Services\EntAppSvc\
             HKLM\SYSTEM\CurrentControlSet\Services\EventLog\
             HKLM\SYSTEM\CurrentControlSet\Services\EventSystem\
             HKLM\SYSTEM\CurrentControlSet\Services\fdPHost\
             HKLM\SYSTEM\CurrentControlSet\Services\FDResPub\
             HKLM\SYSTEM\CurrentControlSet\Services\fhsvc\
             HKLM\SYSTEM\CurrentControlSet\Services\FontCache\
             HKLM\SYSTEM\CurrentControlSet\Services\FrameServer\
             HKLM\SYSTEM\CurrentControlSet\Services\gpsvc\
             HKLM\SYSTEM\CurrentControlSet\Services\GraphicsPerfSvc\
             HKLM\SYSTEM\CurrentControlSet\Services\hidserv\
             HKLM\SYSTEM\CurrentControlSet\Services\HvHost\
             HKLM\SYSTEM\CurrentControlSet\Services\icssvc\
             HKLM\SYSTEM\CurrentControlSet\Services\IKEEXT\
             HKLM\SYSTEM\CurrentControlSet\Services\InstallService\
             HKLM\SYSTEM\CurrentControlSet\Services\iphlpsvc\
             HKLM\SYSTEM\CurrentControlSet\Services\IpxlatCfgSvc\
             HKLM\SYSTEM\CurrentControlSet\Services\irmon\
             HKLM\SYSTEM\CurrentControlSet\Services\KtmRm\
             HKLM\SYSTEM\CurrentControlSet\Services\LanmanServer\
             HKLM\SYSTEM\CurrentControlSet\Services\LanmanWorkstation\
             HKLM\SYSTEM\CurrentControlSet\Services\lfsvc\
             HKLM\SYSTEM\CurrentControlSet\Services\LicenseManager\
             HKLM\SYSTEM\CurrentControlSet\Services\lltdsvc\
             HKLM\SYSTEM\CurrentControlSet\Services\lmhosts\
             HKLM\SYSTEM\CurrentControlSet\Services\LSM\
             HKLM\SYSTEM\CurrentControlSet\Services\LxpSvc\
             HKLM\SYSTEM\CurrentControlSet\Services\MapsBroker\
             HKLM\SYSTEM\CurrentControlSet\Services\MessagingService\
             HKLM\SYSTEM\CurrentControlSet\Services\MessagingService_27f62e\
             HKLM\SYSTEM\CurrentControlSet\Services\mpssvc\
             HKLM\SYSTEM\CurrentControlSet\Services\MSiSCSI\
             HKLM\SYSTEM\CurrentControlSet\Services\NaturalAuthentication\
             HKLM\SYSTEM\CurrentControlSet\Services\NcaSvc\
             HKLM\SYSTEM\CurrentControlSet\Services\NcbService\
             HKLM\SYSTEM\CurrentControlSet\Services\NcdAutoSetup\
             HKLM\SYSTEM\CurrentControlSet\Services\Netman\
             HKLM\SYSTEM\CurrentControlSet\Services\netprofm\
             HKLM\SYSTEM\CurrentControlSet\Services\NetSetupSvc\
             HKLM\SYSTEM\CurrentControlSet\Services\NgcCtnrSvc\
             HKLM\SYSTEM\CurrentControlSet\Services\NgcSvc\
             HKLM\SYSTEM\CurrentControlSet\Services\NlaSvc\
             HKLM\SYSTEM\CurrentControlSet\Services\nsi\
             HKLM\SYSTEM\CurrentControlSet\Services\OneSyncSvc\
             HKLM\SYSTEM\CurrentControlSet\Services\OneSyncSvc_27f62e\
             HKLM\SYSTEM\CurrentControlSet\Services\p2pimsvc\
             HKLM\SYSTEM\CurrentControlSet\Services\p2psvc\
             HKLM\SYSTEM\CurrentControlSet\Services\PcaSvc\
             HKLM\SYSTEM\CurrentControlSet\Services\PhoneSvc\
             HKLM\SYSTEM\CurrentControlSet\Services\PimIndexMaintenanceSvc\
             HKLM\SYSTEM\CurrentControlSet\Services\PimIndexMaintenanceSvc_27f62e\
             HKLM\SYSTEM\CurrentControlSet\Services\pla\
             HKLM\SYSTEM\CurrentControlSet\Services\PlugPlay\
             HKLM\SYSTEM\CurrentControlSet\Services\PNRPAutoReg\
             HKLM\SYSTEM\CurrentControlSet\Services\PNRPsvc\
             HKLM\SYSTEM\CurrentControlSet\Services\PolicyAgent\
             HKLM\SYSTEM\CurrentControlSet\Services\Power\
             HKLM\SYSTEM\CurrentControlSet\Services\PrintNotify\
             HKLM\SYSTEM\CurrentControlSet\Services\PrintWorkflowUserSvc\
             HKLM\SYSTEM\CurrentControlSet\Services\PrintWorkflowUserSvc_27f62e\
             HKLM\SYSTEM\CurrentControlSet\Services\ProfSvc\
             HKLM\SYSTEM\CurrentControlSet\Services\PushToInstall\
             HKLM\SYSTEM\CurrentControlSet\Services\QWAVE\
             HKLM\SYSTEM\CurrentControlSet\Services\RasAuto\
             HKLM\SYSTEM\CurrentControlSet\Services\RasMan\
             HKLM\SYSTEM\CurrentControlSet\Services\RemoteAccess\
             HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry\
             HKLM\SYSTEM\CurrentControlSet\Services\RetailDemo\
             HKLM\SYSTEM\CurrentControlSet\Services\RmSvc\
             HKLM\SYSTEM\CurrentControlSet\Services\RpcEptMapper\
             HKLM\SYSTEM\CurrentControlSet\Services\RpcSs\
             HKLM\SYSTEM\CurrentControlSet\Services\SCardSvr\
             HKLM\SYSTEM\CurrentControlSet\Services\ScDeviceEnum\
             HKLM\SYSTEM\CurrentControlSet\Services\Schedule\
             HKLM\SYSTEM\CurrentControlSet\Services\SCPolicySvc\
             HKLM\SYSTEM\CurrentControlSet\Services\SDRSVC\
             HKLM\SYSTEM\CurrentControlSet\Services\seclogon\
             HKLM\SYSTEM\CurrentControlSet\Services\SEMgrSvc\
             HKLM\SYSTEM\CurrentControlSet\Services\SENS\
             HKLM\SYSTEM\CurrentControlSet\Services\SensorService\
             HKLM\SYSTEM\CurrentControlSet\Services\SensrSvc\
             HKLM\SYSTEM\CurrentControlSet\Services\SessionEnv\
             HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\
             HKLM\SYSTEM\CurrentControlSet\Services\SharedRealitySvc\
             HKLM\SYSTEM\CurrentControlSet\Services\ShellHWDetection\
             HKLM\SYSTEM\CurrentControlSet\Services\shpamsvc\
             HKLM\SYSTEM\CurrentControlSet\Services\smphost\
             HKLM\SYSTEM\CurrentControlSet\Services\SmsRouter\
             HKLM\SYSTEM\CurrentControlSet\Services\SSDPSRV\
             HKLM\SYSTEM\CurrentControlSet\Services\SstpSvc\
             HKLM\SYSTEM\CurrentControlSet\Services\StateRepository\
             HKLM\SYSTEM\CurrentControlSet\Services\stisvc\
             HKLM\SYSTEM\CurrentControlSet\Services\StorSvc\
             HKLM\SYSTEM\CurrentControlSet\Services\svsvc\
             HKLM\SYSTEM\CurrentControlSet\Services\swprv\
             HKLM\SYSTEM\CurrentControlSet\Services\SysMain\
             HKLM\SYSTEM\CurrentControlSet\Services\SystemEventsBroker\
             HKLM\SYSTEM\CurrentControlSet\Services\TabletInputService\
             HKLM\SYSTEM\CurrentControlSet\Services\TapiSrv\
             HKLM\SYSTEM\CurrentControlSet\Services\TermService\
             HKLM\SYSTEM\CurrentControlSet\Services\Themes\
             HKLM\SYSTEM\CurrentControlSet\Services\TimeBrokerSvc\
             HKLM\SYSTEM\CurrentControlSet\Services\TokenBroker\
             HKLM\SYSTEM\CurrentControlSet\Services\TrkWks\
             HKLM\SYSTEM\CurrentControlSet\Services\tzautoupdate\
             HKLM\SYSTEM\CurrentControlSet\Services\UmRdpService\
             HKLM\SYSTEM\CurrentControlSet\Services\UnistoreSvc\
             HKLM\SYSTEM\CurrentControlSet\Services\UnistoreSvc_27f62e\
             HKLM\SYSTEM\CurrentControlSet\Services\upnphost\
             HKLM\SYSTEM\CurrentControlSet\Services\UserDataSvc\
             HKLM\SYSTEM\CurrentControlSet\Services\UserDataSvc_27f62e\
             HKLM\SYSTEM\CurrentControlSet\Services\UserManager\
             HKLM\SYSTEM\CurrentControlSet\Services\UsoSvc\
             HKLM\SYSTEM\CurrentControlSet\Services\VacSvc\
             HKLM\SYSTEM\CurrentControlSet\Services\vmicguestinterface\
             HKLM\SYSTEM\CurrentControlSet\Services\vmicheartbeat\
             HKLM\SYSTEM\CurrentControlSet\Services\vmickvpexchange\
             HKLM\SYSTEM\CurrentControlSet\Services\vmicrdv\
             HKLM\SYSTEM\CurrentControlSet\Services\vmicshutdown\
             HKLM\SYSTEM\CurrentControlSet\Services\vmictimesync\
             HKLM\SYSTEM\CurrentControlSet\Services\vmicvmsession\
             HKLM\SYSTEM\CurrentControlSet\Services\vmicvss\
             HKLM\SYSTEM\CurrentControlSet\Services\W32Time\
             HKLM\SYSTEM\CurrentControlSet\Services\WaaSMedicSvc\
             HKLM\SYSTEM\CurrentControlSet\Services\WalletService\
             HKLM\SYSTEM\CurrentControlSet\Services\WarpJITSvc\
             HKLM\SYSTEM\CurrentControlSet\Services\WbioSrvc\
             HKLM\SYSTEM\CurrentControlSet\Services\Wcmsvc\
             HKLM\SYSTEM\CurrentControlSet\Services\wcncsvc\
             HKLM\SYSTEM\CurrentControlSet\Services\WdiServiceHost\
             HKLM\SYSTEM\CurrentControlSet\Services\WdiSystemHost\
             HKLM\SYSTEM\CurrentControlSet\Services\WebClient\
             HKLM\SYSTEM\CurrentControlSet\Services\Wecsvc\
             HKLM\SYSTEM\CurrentControlSet\Services\WEPHOSTSVC\
             HKLM\SYSTEM\CurrentControlSet\Services\wercplsupport\
             HKLM\SYSTEM\CurrentControlSet\Services\WerSvc\
             HKLM\SYSTEM\CurrentControlSet\Services\WFDSConMgrSvc\
             HKLM\SYSTEM\CurrentControlSet\Services\WiaRpc\
             HKLM\SYSTEM\CurrentControlSet\Services\WinHttpAutoProxySvc\
             HKLM\SYSTEM\CurrentControlSet\Services\Winmgmt\
             HKLM\SYSTEM\CurrentControlSet\Services\WinRM\
             HKLM\SYSTEM\CurrentControlSet\Services\wisvc\
             HKLM\SYSTEM\CurrentControlSet\Services\WlanSvc\
             HKLM\SYSTEM\CurrentControlSet\Services\wlidsvc\
             HKLM\SYSTEM\CurrentControlSet\Services\wlpasvc\
             HKLM\SYSTEM\CurrentControlSet\Services\workfolderssvc\
             HKLM\SYSTEM\CurrentControlSet\Services\WpcMonSvc\
             HKLM\SYSTEM\CurrentControlSet\Services\WPDBusEnum\
             HKLM\SYSTEM\CurrentControlSet\Services\WpnService\
             HKLM\SYSTEM\CurrentControlSet\Services\WpnUserService\
             HKLM\SYSTEM\CurrentControlSet\Services\WpnUserService_27f62e\
             HKLM\SYSTEM\CurrentControlSet\Services\wscsvc\
             HKLM\SYSTEM\CurrentControlSet\Services\wuauserv\
             HKLM\SYSTEM\CurrentControlSet\Services\WwanSvc\
             HKLM\SYSTEM\CurrentControlSet\Services\XblAuthManager\
             HKLM\SYSTEM\CurrentControlSet\Services\XblGameSave\
             HKLM\SYSTEM\CurrentControlSet\Services\XboxGipSvc\
             HKLM\SYSTEM\CurrentControlSet\Services\XboxNetApiSvc\
          Network Ports
             0.0.0.0:135
             0.0.0.0:49665
             0.0.0.0:49666
             0.0.0.0:5040
             0.0.0.0:7680
             192.168.0.2:50050 13.89.187.212:443
             192.168.0.2:50188 52.175.18.194:443
             192.168.0.2:50190 52.175.18.194:443
             192.168.0.2:50191 52.175.18.194:443
             192.168.0.2:50218 109.70.240.130:80
             192.168.0.2:50244 109.70.240.130:80
    
    
     
  22. Mac29

    Mac29 Registered Member

    Joined:
    Apr 19, 2018
    Posts:
    27
    Location:
    FL
    I just installed but can find no way to verify it's actually (also) scanning flashdrives. Haven't found that in a search of the forum and really want to know that HM Pro is scanning my flashdrives. During a scan all I see are files after C: and later just "files".

    Having recently learned of VirusTotal, I'll consider my systems clean after AV, Malwarebytes and a 3rd swipe using Hitman.

    Any feedback would be appreciated.


    Thanks,

    Mac
     
  23. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    14,881
    Location:
    Slovenia, EU
    What about context menu scan? Can you right click on flash drive letter and choose scan with HitmanPro?
     
  24. paulderdash

    paulderdash Registered Member

    Joined:
    Dec 27, 2013
    Posts:
    4,639
    Location:
    Under a bushel ...
    I think the default HMP scan only scans the system drive, and there seems to be no option / setting to scan all / other drives. But someone like @Stupendous Man will have to confirm.
    Not the drive, but folders / files therein.
     
  25. Stupendous Man

    Stupendous Man Registered Member

    Joined:
    Aug 1, 2010
    Posts:
    2,840
    Location:
    the Netherlands
    To my knowledge, HMP scan only scans the system drive, and there is no setting to scan other drives, except for the context menu scan option.
    If there would be some other option, I hope @erikloman, @markloman, or @RonnyT can tell.
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.