[code] HitmanPro 3.7.14.265 www.hitmanpro.com Computer name . . . . : SLAWEK Windows . . . . . . . : 6.3.0.9600.X64/8 User name . . . . . . : SLAWEK\SBawomir UAC . . . . . . . . . : Disabled License . . . . . . . : Free Scan date . . . . . . : 2016-06-22 21:17:24 Scan mode . . . . . . : Normal Scan duration . . . . : 2m 4s Disk access mode . . : Direct disk access (SRB) Cloud . . . . . . . . : Internet Reboot . . . . . . . : No Threats . . . . . . . : 1 Traces . . . . . . . : 42 Objects scanned . . . : 2 999 908 Files scanned . . . . : 75 923 Remnants scanned . . : 878 961 files / 2 045 024 keys Malware _____________________________________________________________________ C:\ProgramData\Downloaded Installations\1.0.30.1003\{D1916DB3-73AD-4734-B7CD-DAC7175B80D8}\InstallPrepTool.exe Size . . . . . . . : 10 752 bytes Age . . . . . . . : 308.3 days (2015-08-19 12:58:32) Entropy . . . . . : 4.9 SHA-256 . . . . . : 0E907550099B1CC5FECE478D0AB25DEB6069A730EAEBB2193D6F7F280D4673C5 Needs elevation . : Yes Product . . . . . : InstallPrepTool Publisher . . . . : Microsoft Description . . . : InstallPrepTool Version . . . . . : 1.0.0.0 LanguageID . . . . : 0 > HitmanPro . . . . : Malware Fuzzy . . . . . . : 100.0 Suspicious files ____________________________________________________________ C:\Users\SBawomir\Desktop\Adobe Illustrator CS6 16.0.0 (32-64 bit) [ChingLiu]\Crack 32 bit\Illustrator.exe Size . . . . . . . : 20 824 208 bytes Age . . . . . . . : 301.1 days (2015-08-26 19:06:08) Entropy . . . . . : 6.4 SHA-256 . . . . . : DBA48CE13A6AB425B4ED79D5043291BEAAB39FAF8FCBE5D2BB3192C773A4E8BB Product . . . . . : Adobe Illustrator CS6 Publisher . . . . : Adobe Systems Inc. Description . . . : Adobe Illustrator CS6 Version . . . . . : CS6 Copyright . . . . : © 1987-2012 Adobe Systems Incorporated. All rights reserved. RSA Key Size . . . : 1024 LanguageID . . . . : 1033 Authenticode . . . : Invalid Fuzzy . . . . . . : 23.0 Program is altered or corrupted since it was code signed by its author. This is typical for malware and pirated software. Version control is missing. This file is probably created by an individual. This is not typical for most programs. C:\Users\SBawomir\Desktop\Adobe Illustrator CS6 16.0.0 (32-64 bit) [ChingLiu]\Crack 64 bit\Illustrator.exe Size . . . . . . . : 19 666 064 bytes Age . . . . . . . : 301.1 days (2015-08-26 19:08:16) Entropy . . . . . : 6.2 SHA-256 . . . . . : 42FCA7F696320EE7094990F80BF8F26F7CF9C49B2F57E20200E3A188BC0D9602 Product . . . . . : Adobe Illustrator CS6 Publisher . . . . : Adobe Systems Inc. Description . . . : Adobe Illustrator CS6 Version . . . . . : CS6 Copyright . . . . : © 1987-2012 Adobe Systems Incorporated. All rights reserved. RSA Key Size . . . : 1024 LanguageID . . . . : 1033 Authenticode . . . : Invalid Fuzzy . . . . . . : 23.0 Program is altered or corrupted since it was code signed by its author. This is typical for malware and pirated software. Version control is missing. This file is probably created by an individual. This is not typical for most programs. C:\Users\SBawomir\Desktop\POBRANE\FRST-OlderVersion\FRST64.exe Size . . . . . . . : 2 383 360 bytes Age . . . . . . . : 25.3 days (2016-05-28 13:59:07) Entropy . . . . . : 7.6 SHA-256 . . . . . : 38C9DDA80BE9191C26855B9ABB64896E0FD32464E7566BB4428727924C8EBA0E Needs elevation . : Yes Fuzzy . . . . . . : 22.0 Program has no publisher information but prompts the user for permission elevation. Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs. Authors name is missing in version info. This is not common to most programs. Version control is missing. This file is probably created by an individual. This is not typical for most programs. Forensic Cluster 0.0s C:\$Recycle.Bin\S-1-5-21-4002679962-1221417142-4111111163-1001\$RID8IB8.exe 0.0s C:\Users\SBawomir\Desktop\POBRANE\FRST-OlderVersion\FRST64.exe Cookies _____________________________________________________________________ C:\Users\SBawomir\AppData\Local\Microsoft\Windows\INetCookies\6VU5VBLU.txt C:\Users\SBawomir\AppData\Local\Microsoft\Windows\INetCookies\EQW0LVCL.txt C:\Users\SBawomir\AppData\Local\Microsoft\Windows\INetCookies\Low\1NR6AC6J.txt C:\Users\SBawomir\AppData\Local\Microsoft\Windows\INetCookies\Low\3D0H86J8.txt C:\Users\SBawomir\AppData\Local\Microsoft\Windows\INetCookies\Low\3O0SPE8I.txt C:\Users\SBawomir\AppData\Local\Microsoft\Windows\INetCookies\Low\5N89RFMJ.txt C:\Users\SBawomir\AppData\Local\Microsoft\Windows\INetCookies\Low\6BO3RG8U.txt C:\Users\SBawomir\AppData\Local\Microsoft\Windows\INetCookies\Low\AVQHOJDT.txt C:\Users\SBawomir\AppData\Local\Microsoft\Windows\INetCookies\Low\B183ZG3H.txt C:\Users\SBawomir\AppData\Local\Microsoft\Windows\INetCookies\Low\DO8LD9OF.txt C:\Users\SBawomir\AppData\Local\Microsoft\Windows\INetCookies\Low\EJ3FTNKD.txt C:\Users\SBawomir\AppData\Local\Microsoft\Windows\INetCookies\Low\FFZRRI0R.txt C:\Users\SBawomir\AppData\Local\Microsoft\Windows\INetCookies\Low\GFCXEZN8.txt C:\Users\SBawomir\AppData\Local\Microsoft\Windows\INetCookies\Low\GIINCV14.txt C:\Users\SBawomir\AppData\Local\Microsoft\Windows\INetCookies\Low\GJFJ10R0.txt C:\Users\SBawomir\AppData\Local\Microsoft\Windows\INetCookies\Low\H2Y3BUX7.txt C:\Users\SBawomir\AppData\Local\Microsoft\Windows\INetCookies\Low\H643KHMO.txt C:\Users\SBawomir\AppData\Local\Microsoft\Windows\INetCookies\Low\HJ2JFJMY.txt C:\Users\SBawomir\AppData\Local\Microsoft\Windows\INetCookies\Low\JRIS3PW9.txt C:\Users\SBawomir\AppData\Local\Microsoft\Windows\INetCookies\Low\LGNV9CU7.txt C:\Users\SBawomir\AppData\Local\Microsoft\Windows\INetCookies\Low\LU5R3UEG.txt C:\Users\SBawomir\AppData\Local\Microsoft\Windows\INetCookies\Low\LXQF1T6O.txt C:\Users\SBawomir\AppData\Local\Microsoft\Windows\INetCookies\Low\N5CNPX1K.txt C:\Users\SBawomir\AppData\Local\Microsoft\Windows\INetCookies\Low\O7NIOA7S.txt C:\Users\SBawomir\AppData\Local\Microsoft\Windows\INetCookies\Low\PD6GU5XL.txt C:\Users\SBawomir\AppData\Local\Microsoft\Windows\INetCookies\Low\PEJ38ZSD.txt C:\Users\SBawomir\AppData\Local\Microsoft\Windows\INetCookies\Low\QMETKMHM.txt C:\Users\SBawomir\AppData\Local\Microsoft\Windows\INetCookies\Low\QWX823GJ.txt C:\Users\SBawomir\AppData\Local\Microsoft\Windows\INetCookies\Low\QZ9OKQZE.txt C:\Users\SBawomir\AppData\Local\Microsoft\Windows\INetCookies\Low\R9VIO76X.txt C:\Users\SBawomir\AppData\Local\Microsoft\Windows\INetCookies\Low\RMVUW21C.txt C:\Users\SBawomir\AppData\Local\Microsoft\Windows\INetCookies\Low\S8QHYWXT.txt C:\Users\SBawomir\AppData\Local\Microsoft\Windows\INetCookies\Low\SOWZ4IND.txt C:\Users\SBawomir\AppData\Local\Microsoft\Windows\INetCookies\Low\TL1V4CIO.txt C:\Users\SBawomir\AppData\Local\Microsoft\Windows\INetCookies\Low\UVJHO93P.txt C:\Users\SBawomir\AppData\Local\Microsoft\Windows\INetCookies\Low\WCYNB2PZ.txt C:\Users\SBawomir\AppData\Local\Microsoft\Windows\INetCookies\Low\XD9O9HFO.txt C:\Users\SBawomir\AppData\Local\Microsoft\Windows\INetCookies\Low\Y9ME4VW2.txt [/code]