[code] HitmanPro 3.7.14.280 www.hitmanpro.com Computer name . . . . : DANIEL Windows . . . . . . . : 6.1.1.7601.X64/4 User name . . . . . . : DANIEL\Daniel UAC . . . . . . . . . : Enabled License . . . . . . . : Free Scan date . . . . . . : 2016-09-29 23:28:19 Scan mode . . . . . . : Normal Scan duration . . . . : 3m 3s Disk access mode . . : Direct disk access (SRB) Cloud . . . . . . . . : Internet Reboot . . . . . . . : No Threats . . . . . . . : 2 Traces . . . . . . . : 95 Objects scanned . . . : 2 172 922 Files scanned . . . . : 36 943 Remnants scanned . . : 429 764 files / 1 706 215 keys Malware _____________________________________________________________________ C:\Users\Daniel\AppData\Roaming\Windows Loader\Windows Loader.exe Size . . . . . . . : 3 945 501 bytes Age . . . . . . . : 406.4 days (2015-08-20 14:02:56) Entropy . . . . . : 6.7 SHA-256 . . . . . : BF5070EF8CF03A11D25460B3E09A479183CC0FA03D0EA32E4499998F509B1A40 > HitmanPro . . . . : App/Keygen-RC Fuzzy . . . . . . : 106.0 C:\Users\Daniel\Desktop\M.O.10.P.P.SP1.32B\M.O.10.P.P.SP1.32B\Microsoft.Office.2010.Professional.Plus.SP1.x32\Witaminka\Office 2010 Toolkit and EZ-Activator v 2.1.6 Final.exe Size . . . . . . . : 32 495 104 bytes Age . . . . . . . : 449.5 days (2015-07-08 10:36:26) Entropy . . . . . : 7.2 SHA-256 . . . . . : BE91CB5F08DB8AE8B97199EFDEE4F33EC706BD64998C3BCC04879FA7A1CE12EC Needs elevation . : Yes Product . . . . . : Office 2010 Toolkit LanguageID . . . . : 0 > HitmanPro . . . . : App/Keygen-TC Fuzzy . . . . . . : 108.0 Suspicious files ____________________________________________________________ C:\Users\Daniel\AppData\Local\PunkBuster\BF3\pb\pbcl.dll Size . . . . . . . : 951 497 bytes Age . . . . . . . : 267.0 days (2016-01-07 00:22:21) Entropy . . . . . : 7.6 SHA-256 . . . . . : 43358BBCEC1EBE7927CA3B0A3DCA0597D5E8584F0FCBE987B8126A0C12D73A2B Fuzzy . . . . . . : 29.0 The .reloc (relocation) section in this program contains code. This is an indication of malware infection. Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs. Authors name is missing in version info. This is not common to most programs. Version control is missing. This file is probably created by an individual. This is not typical for most programs. Program contains PE structure anomalies. This is not typical for most programs. C:\Users\Daniel\AppData\Local\PunkBuster\BF3\pb\PnkBstrK.sys Size . . . . . . . : 140 072 bytes Age . . . . . . . : 267.0 days (2016-01-07 00:22:41) Entropy . . . . . : 7.7 SHA-256 . . . . . : CC3F4E453FC246B64C09E81BB73741CECC897C805C13815336647E986A60301E RSA Key Size . . . : 2048 Authenticode . . . : Valid Fuzzy . . . . . . : 22.0 The .reloc (relocation) section in this program contains code. This is an indication of malware infection. Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs. Authors name is missing in version info. This is not common to most programs. Version control is missing. This file is probably created by an individual. This is not typical for most programs. Program contains PE structure anomalies. This is not typical for most programs. The file is a device driver. Device drivers run as trusted (highly privileged) code. Program is code signed with a valid Authenticode certificate. Potential Unwanted Programs _________________________________________________ HKLM\SYSTEM\ControlSet001\Enum\Root\LEGACY_ISAFENETFILTER\ (NationZoom) HKLM\SYSTEM\ControlSet002\Enum\Root\LEGACY_ISAFENETFILTER\ (NationZoom) HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ISAFENETFILTER\ (NationZoom) HKU\S-1-5-21-1964153532-139224943-451156895-1000\Software\IM\ (Sweetpacks) Cookies _____________________________________________________________________ C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Cookies:2103950122.log.optimizely.com C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Cookies:658920926.log.optimizely.com C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Cookies:acuityplatform.com C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.360yield.com C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.turn.com C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Cookies:adadvisor.net C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Cookies:adaptv.advertising.com C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Cookies:adbrn.com C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Cookies:addthis.com C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Cookies:adfarm1.adition.com C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Cookies:adform.net C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Cookies:adgrx.com C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Cookies:adnxs.com C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.creative-serving.com C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Cookies:adscale.de C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Cookies:adsrvr.org C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Cookies:adsymptotic.com C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Cookies:adtech.de C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Cookies:advertising.com C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Cookies:agkn.com C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Cookies:at.atwola.com C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Cookies:atemda.com C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Cookies:bidr.io C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Cookies:bidswitch.net C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Cookies:bizrate.com C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Cookies:bluekai.com C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Cookies:casalemedia.com C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Cookies:chango.com C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Cookies:connexity.net C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Cookies:contextweb.com C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Cookies:crwdcntrl.net C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Cookies:ctnsnet.com C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Cookies:demdex.net C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Cookies:diff.smartadserver.com C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Cookies:dotomi.com C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Cookies:doubleclick.net C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Cookies:dpm.demdex.net C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Cookies:erne.co C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Cookies:everesttech.net C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Cookies:eyeviewads.com C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Cookies:gwallet.com C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Cookies:ibillboard.com C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Cookies:ih.adscale.de C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Cookies:ipredictive.com C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Cookies:krxd.net C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Cookies:lijit.com C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Cookies:liverail.com C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Cookies:match.adsby.bidtheatre.com C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Cookies:match.rundsp.com C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Cookies:mathtag.com C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Cookies:mookie1.com C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Cookies:nexac.com C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Cookies:openx.net C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Cookies:optimizely.com C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Cookies:pixel-a.sitescout.com C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Cookies:pixel.rubiconproject.com C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Cookies:pubmatic.com C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Cookies:revsci.net C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Cookies:rfihub.com C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Cookies:rlcdn.com C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Cookies:ru4.com C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Cookies:rubiconproject.com C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Cookies:scorecardresearch.com C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Cookies:servesharp.net C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Cookies:simpli.fi C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Cookies:sitescout.com C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Cookies:smartadserver.com C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Cookies:sxp.smartclip.net C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Cookies:tap-t.rubiconproject.com C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Cookies:tap.rubiconproject.com C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Cookies:tap2-cdn.rubiconproject.com C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Cookies:tapad.com C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Cookies:tidaltv.com C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Cookies:tribalfusion.com C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Cookies:tubemogul.com C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Cookies:turn.com C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Cookies:virool.com C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Cookies:w55c.net C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Cookies:www3.smartadserver.com C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Cookies:xiti.com C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Cookies\Low\EZH8AC3Q.txt C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Cookies\Low\ICTMUFLK.txt C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Cookies\Low\K3XO9MLB.txt C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Cookies\Low\N6FGEWPL.txt C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Cookies\Low\NMOZM4O9.txt C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Cookies\Low\R3Y0WSGO.txt C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Cookies\Low\SJ30B9C1.txt [/code]