[code]
HitmanPro 3.7.14.265
www.hitmanpro.com

   Computer name . . . . : STEFAN-HP
   Windows . . . . . . . : 6.1.1.7601.X64/4
   User name . . . . . . : Stefan-HP\Stefan
   UAC . . . . . . . . . : Enabled
   License . . . . . . . : Free

   Scan date . . . . . . : 2016-09-08 22:25:54
   Scan mode . . . . . . : Normal
   Scan duration . . . . : 4m 6s
   Disk access mode  . . : Direct disk access (SRB)
   Cloud . . . . . . . . : Internet
   Reboot  . . . . . . . : No

   Threats . . . . . . . : 1
   Traces  . . . . . . . : 26

   Objects scanned . . . : 1 316 267
   Files scanned . . . . : 88 671
   Remnants scanned  . . : 408 173 files / 819 423 keys

Malware _____________________________________________________________________

   C:\Users\Stefan\Desktop\Arcsoft TotalMedia Theatre 6.0.1.123 Final [Multi Rus]\fcATMT5Keygen.exe
      Size . . . . . . . : 59 904 bytes
      Age  . . . . . . . : 2.2 days (2016-09-06 17:14:40)
      Entropy  . . . . . : 4.7
      SHA-256  . . . . . : F3674DF3162514F00FA67BD242D5449A359E05DF32D3A4316C7951399692836E
      Product
      Publisher  . . . . : FreeCoder
      Description  . . . : ArcSoft TotalMedia Theatre 5.3.1.146 Keygen
      Version  . . . . . : 1.0.0.0
      LanguageID . . . . : 1049
    > HitmanPro  . . . . : Malware
      Fuzzy  . . . . . . : 102.0
      Forensic Cluster
          0.0s C:\Users\Stefan\Desktop\Arcsoft TotalMedia Theatre 6.0.1.123 Final [Multi Rus]\
          0.0s C:\Users\Stefan\Desktop\Arcsoft TotalMedia Theatre 6.0.1.123 Final [Multi Rus]\fcATMT5Keygen.exe
          0.0s C:\Users\Stefan\Desktop\Arcsoft TotalMedia Theatre 6.0.1.123 Final [Multi Rus]\le4enie.txt
          0.0s C:\Users\Stefan\Desktop\Arcsoft TotalMedia Theatre 6.0.1.123 Final [Multi Rus]\totalmediatheatre6_retail_tbyb_all.exe


Suspicious files ____________________________________________________________

   C:\Users\Stefan\Desktop\Dysk D\SAMSUNG\sol\FRST64.exe
      Size . . . . . . . : 2 191 360 bytes
      Age  . . . . . . . : 354.1 days (2015-09-20 19:02:04)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : 3DFD4A9CE96E4FAC6D2BE1485E3C3AB8EFE87F0B2692616FA70B56D8F454C7A8
      Needs elevation  . : Yes
      Fuzzy  . . . . . . : 22.0
         Program has no publisher information but prompts the user for permission elevation.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.


Potential Unwanted Programs _________________________________________________

   HKLM\SOFTWARE\Classes\AppID\{d45929a2-951f-4eb4-91be-79125af755f0}\ (WanderBurst)
   HKLM\SOFTWARE\Classes\AppID\{ea2a7a62-0df5-4a16-af66-adad032f76c8}\ (WanderBurst)
   HKLM\SOFTWARE\Classes\AudioEngine\AudioProcessingObjects\{5013A5D0-34A9-489F-BF9A-3A0E34D8902B}\ (SpaceSoundPro)
   HKLM\SOFTWARE\Classes\AudioEngine\AudioProcessingObjects\{B43F10EC-BD1C-48D5-A123-3DCA3321C187}\ (SpaceSoundPro)
   HKLM\SOFTWARE\Classes\TypeLib\{DA624F8F-98BF-4B03-AD11-A12D07119E81}\ (Baidu)
   HKLM\SOFTWARE\Classes\Wow6432Node\AppID\{d45929a2-951f-4eb4-91be-79125af755f0}\ (WanderBurst)
   HKLM\SOFTWARE\Classes\Wow6432Node\AppID\{ea2a7a62-0df5-4a16-af66-adad032f76c8}\ (WanderBurst)
   HKLM\SOFTWARE\Classes\Wow6432Node\TypeLib\{DA624F8F-98BF-4B03-AD11-A12D07119E81}\ (Baidu)
   HKLM\SOFTWARE\Microsoft\Tracing\Reimage_RASAPI32\ (ReimageRepair)
   HKLM\SOFTWARE\Microsoft\Tracing\Reimage_RASMANCS\ (ReimageRepair)
   HKLM\SOFTWARE\Wow6432Node\Auslogics\Google Analytics Package\ (TweakBit)
   HKLM\SYSTEM\ControlSet001\Enum\Root\LEGACY_CHERIMOYA\ (Shopperz)
   HKLM\SYSTEM\ControlSet001\Enum\Root\LEGACY_MPCKPT\ (MPC)
   HKLM\SYSTEM\ControlSet002\Enum\Root\LEGACY_CHERIMOYA\ (Shopperz)
   HKLM\SYSTEM\ControlSet002\Enum\Root\LEGACY_MPCKPT\ (MPC)
   HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CHERIMOYA\ (Shopperz)
   HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MPCKPT\ (MPC)

Cookies _____________________________________________________________________

   C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Cookies\Low\stefan@addthis[2].txt
   C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Cookies\Low\stefan@adnxs[2].txt
   C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Cookies\Low\stefan@bluekai[1].txt
   C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Cookies\Low\stefan@doubleclick[1].txt
   C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Cookies\Low\stefan@tapad[2].txt
   C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Cookies\Low\stefan@tribalfusion[1].txt
   C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Cookies\Low\stefan@wtp101[1].txt


[/code]