[code]
HitmanPro 3.7.13.258
www.hitmanpro.com

   Computer name . . . . : JAKUB-KOMPUTER
   Windows . . . . . . . : 6.1.1.7601.X64/4
   User name . . . . . . : Jakub-Komputer\Jakub
   UAC . . . . . . . . . : Enabled
   License . . . . . . . : Free

   Scan date . . . . . . : 2016-04-17 15:01:30
   Scan mode . . . . . . : Normal
   Scan duration . . . . : 6m 44s
   Disk access mode  . . : Direct disk access (SRB)
   Cloud . . . . . . . . : Internet
   Reboot  . . . . . . . : No

   Threats . . . . . . . : 0
   Traces  . . . . . . . : 32

   Objects scanned . . . : 2 460 250
   Files scanned . . . . : 58 750
   Remnants scanned  . . : 440 241 files / 1 961 259 keys

Miniport ____________________________________________________________________

   Primary
      DriverObject . . . : FFFFFA80071F0900
      DriverName . . . . : \Driver\atapi
      DriverPath . . . . : \SystemRoot\system32\drivers\atapi.sys
      StartIo  . . . . . : 0000000000000000 +0
      IRP_MJ_SCSI  . . . : FFFFFA80066B22C0 +0
   Solution
      DriverObject . . . : FFFFFA80071F0900
      DriverName . . . . : \Driver\atapi
      DriverPath . . . . : \SystemRoot\system32\drivers\atapi.sys
      StartIo  . . . . . : 0000000000000000 +0
      IRP_MJ_SCSI  . . . : FFFFF88000E574D8 \SystemRoot\system32\drivers\ataport.SYS+29912

Suspicious files ____________________________________________________________

   C:\Users\Jakub\AppData\Local\PunkBuster\BF3\pb\dll\wc002292.dll
      Size . . . . . . . : 956 681 bytes
      Age  . . . . . . . : 1351.7 days (2012-08-04 22:41:15)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : 7218A15A9890CE82EB25F7AB5AC7AA60B4E3055C5574B70A6CABA4274D6DE493
      Fuzzy  . . . . . . : 29.0
         The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Program contains PE structure anomalies. This is not typical for most programs.

   C:\Users\Jakub\AppData\Local\PunkBuster\BF3\pb\dll\wc002317.dll
      Size . . . . . . . : 949 613 bytes
      Age  . . . . . . . : 1302.1 days (2012-09-23 12:35:00)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : 15059F09B1D62DEA6B5D22EF9E0D062411C167378D870AE339AAB50B0BDC7FC0
      Fuzzy  . . . . . . : 29.0
         The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Program contains PE structure anomalies. This is not typical for most programs.

   C:\Users\Jakub\AppData\Local\PunkBuster\BF3\pb\pbclold.dll
      Size . . . . . . . : 949 613 bytes
      Age  . . . . . . . : 1351.7 days (2012-08-04 22:36:57)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : 15059F09B1D62DEA6B5D22EF9E0D062411C167378D870AE339AAB50B0BDC7FC0
      Fuzzy  . . . . . . : 29.0
         The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Program contains PE structure anomalies. This is not typical for most programs.

   C:\Users\Jakub\AppData\Local\PunkBuster\BF4\pb\PnkBstrK.sys
      Size . . . . . . . : 138 648 bytes
      Age  . . . . . . . : 927.8 days (2013-10-02 20:29:09)
      Entropy  . . . . . : 7.7
      SHA-256  . . . . . : DE86A451D282866613EE18CF668C2E962ABCB09FA51F7FF0C98405418A19EA81
      RSA Key Size . . . : 2048
      Authenticode . . . : Valid
      Fuzzy  . . . . . . : 22.0
         The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Program contains PE structure anomalies. This is not typical for most programs.
         The file is a device driver. Device drivers run as trusted (highly privileged) code.
         Program is code signed with a valid Authenticode certificate.

   C:\Users\Jakub\AppData\Local\PunkBuster\BFH\pb\PnkBstrK.sys
      Size . . . . . . . : 140 128 bytes
      Age  . . . . . . . : 435.8 days (2015-02-06 19:02:17)
      Entropy  . . . . . : 7.7
      SHA-256  . . . . . : 2F2D9F995E89C133A53D941304EEE1D1B327F1438FA2B9CA31C019B03A297FF6
      RSA Key Size . . . : 2048
      Authenticode . . . : Valid
      Fuzzy  . . . . . . : 22.0
         The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Program contains PE structure anomalies. This is not typical for most programs.
         The file is a device driver. Device drivers run as trusted (highly privileged) code.
         Program is code signed with a valid Authenticode certificate.

   C:\Users\Jakub\AppData\Local\PunkBuster\COD4\pb\dll\wc002301.dll
      Size . . . . . . . : 967 213 bytes
      Age  . . . . . . . : 1323.7 days (2012-09-01 21:38:24)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : 4BD30C84D354E3B8B5236F48F62718D6E4F2A6DAA303365B6DFCE45D21DFE853
      Fuzzy  . . . . . . : 29.0
         The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Program contains PE structure anomalies. This is not typical for most programs.

   C:\Users\Jakub\AppData\Local\PunkBuster\COD4\pb\dll\wc002318.dll
      Size . . . . . . . : 967 165 bytes
      Age  . . . . . . . : 1034.1 days (2013-06-18 13:21:55)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : B1B32990F47ED2E39EB18AEA0839D9521B87E9ED18C0BCA8E2C6873FBA9D6494
      Fuzzy  . . . . . . : 29.0
         The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Program contains PE structure anomalies. This is not typical for most programs.

   C:\Users\Jakub\AppData\Local\PunkBuster\COD4\pb\pbcl.dll
      Size . . . . . . . : 967 165 bytes
      Age  . . . . . . . : 1034.1 days (2013-06-18 13:21:56)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : B1B32990F47ED2E39EB18AEA0839D9521B87E9ED18C0BCA8E2C6873FBA9D6494
      Fuzzy  . . . . . . : 29.0
         The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Program contains PE structure anomalies. This is not typical for most programs.

   C:\Users\Jakub\AppData\Local\PunkBuster\COD4\pb\pbclold.dll
      Size . . . . . . . : 967 213 bytes
      Age  . . . . . . . : 1323.8 days (2012-09-01 19:29:16)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : 4BD30C84D354E3B8B5236F48F62718D6E4F2A6DAA303365B6DFCE45D21DFE853
      Fuzzy  . . . . . . : 29.0
         The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Program contains PE structure anomalies. This is not typical for most programs.

   C:\Users\Jakub\AppData\Local\PunkBuster\COD4\pb\pbcls.dll
      Size . . . . . . . : 967 213 bytes
      Age  . . . . . . . : 1323.7 days (2012-09-01 21:44:28)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : 4BD30C84D354E3B8B5236F48F62718D6E4F2A6DAA303365B6DFCE45D21DFE853
      Fuzzy  . . . . . . : 29.0
         The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Program contains PE structure anomalies. This is not typical for most programs.

   C:\Users\Jakub\Desktop\Nowy folder\FRST64.exe
      Size . . . . . . . : 2 375 168 bytes
      Age  . . . . . . . : 0.1 days (2016-04-17 11:28:13)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : 0C20BA14741C6C4A651CC8B9AB82D52FFE00372F489803EA744EA8DD346967C1
      Needs elevation  . : Yes
      Fuzzy  . . . . . . : 24.0
         Program has no publisher information but prompts the user for permission elevation.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Time indicates that the file appeared recently on this computer.
      Forensic Cluster
          0.0s C:\Users\Jakub\Desktop\Nowy folder\FRST64.exe
         20.2s C:\Users\Jakub\Desktop\Nowy folder\

   C:\Users\Jakub\Downloads\FRST64.exe
      Size . . . . . . . : 2 375 168 bytes
      Age  . . . . . . . : 0.1 days (2016-04-17 11:27:49)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : 0C20BA14741C6C4A651CC8B9AB82D52FFE00372F489803EA744EA8DD346967C1
      Needs elevation  . : Yes
      Fuzzy  . . . . . . : 24.0
         Program has no publisher information but prompts the user for permission elevation.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Time indicates that the file appeared recently on this computer.
      Forensic Cluster
         -4.7s C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\c852fe9ee88cb2ca5e0b69a2d5cdf187_d621a462-1973-424d-a1fd-6192b444ccc6
         -0.3s C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\b9592eacf5efa4c76d5d1757a995cc82_d621a462-1973-424d-a1fd-6192b444ccc6
          0.0s C:\Users\Jakub\Downloads\FRST64.exe

   C:\Windows\SysWOW64\GameMon.des
      Size . . . . . . . : 4 702 568 bytes
      Age  . . . . . . . : 1090.9 days (2013-04-22 18:16:45)
      Entropy  . . . . . : 7.9
      SHA-256  . . . . . : 05312FF57D5FB500E5C14669A4409840F25BB524731C75F5F220744F4B687460
      Product  . . . . . : nProtect Game Monitor
      Publisher  . . . . : INCA Internet Co., Ltd.
      Description  . . . : nProtect Game Monitor Rev 1909
      Version  . . . . . : 2012.10.25.1
      Service  . . . . . : npggsvc
      LanguageID . . . . : 1042
      Fuzzy  . . . . . . : 29.0
         The file name extension of this program is not common.
         Starts automatically as a service during system bootup.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         The file is located in a folder that contains core operating system files from Windows. This is not typical for most programs and is only common to system tools, drivers and hacking utilities.
      Startup
         HKLM\SYSTEM\CurrentControlSet\Services\npggsvc\


Potential Unwanted Programs _________________________________________________

   HKLM\SOFTWARE\Classes\AppID\{d5848f09-fbb0-430a-9386-edaeafc3ea35}\ (CateredToYou)
   HKLM\SOFTWARE\Classes\AppID\{fa5b4fd5-caf8-499a-a4a0-52378a48978a}\ (CateredToYou)
   HKLM\SOFTWARE\Classes\Wow6432Node\AppID\{d5848f09-fbb0-430a-9386-edaeafc3ea35}\ (CateredToYou)
   HKLM\SOFTWARE\Classes\Wow6432Node\AppID\{fa5b4fd5-caf8-499a-a4a0-52378a48978a}\ (CateredToYou)
   HKU\S-1-5-21-2807787745-202846158-3995719364-1000\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.8\com.trolltech.Qt.QImageIOHandlerFactoryInterface:\C:\Program Files (x86)\Mobogenie\ (Rocketfuel)
   HKU\S-1-5-21-2807787745-202846158-3995719364-1000\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.8\com.trolltech.Qt.QSqlDriverFactoryInterface:\C:\Program Files (x86)\Mobogenie\ (Rocketfuel)
   HKU\S-1-5-21-2807787745-202846158-3995719364-1000\Software\Trolltech\OrganizationDefaults\Qt Plugin Cache 4.8.false\C:\Program Files (x86)\Mobogenie\ (Rocketfuel)

Cookies _____________________________________________________________________

   C:\Users\Jakub\AppData\Local\Google\Chrome\User Data\Default\Cookies:adzerk.net
   C:\Users\Jakub\AppData\Local\Google\Chrome\User Data\Default\Cookies:damn-sexy.com
   C:\Users\Jakub\AppData\Local\Google\Chrome\User Data\Default\Cookies:doubleclick.net
   C:\Users\Jakub\AppData\Local\Google\Chrome\User Data\Default\Cookies:engine.adzerk.net
   C:\Users\Jakub\AppData\Local\Google\Chrome\User Data\Default\Cookies:gotporn.com
   C:\Users\Jakub\AppData\Local\Google\Chrome\User Data\Default\Cookies:hardsextube.com
   C:\Users\Jakub\AppData\Local\Google\Chrome\User Data\Default\Cookies:sex.com
   C:\Users\Jakub\AppData\Local\Google\Chrome\User Data\Default\Cookies:www.gotporn.com
   C:\Users\Jakub\AppData\Local\Google\Chrome\User Data\Default\Cookies:www.hardsextube.com
   C:\Users\Jakub\AppData\Local\Google\Chrome\User Data\Default\Cookies:www.sex.com
   C:\Users\Jakub\AppData\Local\Google\Chrome\User Data\Default\Cookies:youporn.com


[/code]