[code] HitmanPro 3.7.15.281 www.hitmanpro.com Computer name . . . . : TOMEK-KOMPUTER Windows . . . . . . . : 6.1.1.7601.X64/8 User name . . . . . . : Tomek-Komputer\Tomek UAC . . . . . . . . . : Enabled License . . . . . . . : Free Scan date . . . . . . : 2017-03-12 16:26:06 Scan mode . . . . . . : Normal Scan duration . . . . : 6m 28s Disk access mode . . : Direct disk access (SRB) Cloud . . . . . . . . : Internet Reboot . . . . . . . : No Threats . . . . . . . : 0 Traces . . . . . . . : 11 Objects scanned . . . : 2 167 394 Files scanned . . . . : 61 176 Remnants scanned . . : 387 164 files / 1 719 054 keys Suspicious files ____________________________________________________________ C:\Users\Tomek\AppData\Local\PunkBuster\FC3\pb\pbcl.dll Size . . . . . . . : 953 886 bytes Age . . . . . . . : 893.8 days (2014-09-30 20:16:44) Entropy . . . . . : 7.6 SHA-256 . . . . . : 6D5E2CD4A7A43EB00B600BA783AD3BEE6B817C030A40600D40367173A6ECEB13 Fuzzy . . . . . . : 29.0 The .reloc (relocation) section in this program contains code. This is an indication of malware infection. Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs. Authors name is missing in version info. This is not common to most programs. Version control is missing. This file is probably created by an individual. This is not typical for most programs. Program contains PE structure anomalies. This is not typical for most programs. C:\Users\Tomek\AppData\Local\PunkBuster\FC3\pb\pbcls.dll Size . . . . . . . : 953 886 bytes Age . . . . . . . : 893.8 days (2014-09-30 20:16:43) Entropy . . . . . : 7.6 SHA-256 . . . . . : 6D5E2CD4A7A43EB00B600BA783AD3BEE6B817C030A40600D40367173A6ECEB13 Fuzzy . . . . . . : 29.0 The .reloc (relocation) section in this program contains code. This is an indication of malware infection. Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs. Authors name is missing in version info. This is not common to most programs. Version control is missing. This file is probably created by an individual. This is not typical for most programs. Program contains PE structure anomalies. This is not typical for most programs. C:\Users\Tomek\AppData\Local\PunkBuster\FC3\pb\PnkBstrK.sys Size . . . . . . . : 138 032 bytes Age . . . . . . . : 893.8 days (2014-09-30 20:16:56) Entropy . . . . . : 7.8 SHA-256 . . . . . : ABAF3FACF01E10E4C685F79C3B9E5D2118B3CF8629C4277EBE035B2A10474148 RSA Key Size . . . : 2048 Authenticode . . . : Valid Fuzzy . . . . . . : 22.0 The .reloc (relocation) section in this program contains code. This is an indication of malware infection. Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs. Authors name is missing in version info. This is not common to most programs. Version control is missing. This file is probably created by an individual. This is not typical for most programs. Program contains PE structure anomalies. This is not typical for most programs. The file is a device driver. Device drivers run as trusted (highly privileged) code. Program is code signed with a valid Authenticode certificate. C:\Users\Tomek\AppData\Local\PunkBuster\GRFS\pb\PnkBstrK.sys Size . . . . . . . : 139 752 bytes Age . . . . . . . : 787.1 days (2015-01-15 13:25:18) Entropy . . . . . : 7.8 SHA-256 . . . . . : 190F16E9E5087FB75ADFDE73CF658FE493193DCFE2191172F1639C9FE658CA20 RSA Key Size . . . : 2048 Authenticode . . . : Valid Fuzzy . . . . . . : 22.0 The .reloc (relocation) section in this program contains code. This is an indication of malware infection. Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs. Authors name is missing in version info. This is not common to most programs. Version control is missing. This file is probably created by an individual. This is not typical for most programs. Program contains PE structure anomalies. This is not typical for most programs. The file is a device driver. Device drivers run as trusted (highly privileged) code. Program is code signed with a valid Authenticode certificate. C:\Users\Tomek\AppData\Roaming\Ubisoft\Assassin's Creed Brotherhood\pb\pbcl.dll Size . . . . . . . : 943 913 bytes Age . . . . . . . : 187.7 days (2016-09-05 23:09:59) Entropy . . . . . : 7.6 SHA-256 . . . . . : D18D53FA00CBB39C26BA9776DF9AA11C9ABCF653AA7469A781460D31565A74A1 Fuzzy . . . . . . : 29.0 The .reloc (relocation) section in this program contains code. This is an indication of malware infection. Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs. Authors name is missing in version info. This is not common to most programs. Version control is missing. This file is probably created by an individual. This is not typical for most programs. Program contains PE structure anomalies. This is not typical for most programs. C:\Users\Tomek\AppData\Roaming\Ubisoft\Tom Clancy's Ghost Recon Future Soldier\pb\pbcl.dll Size . . . . . . . : 972 501 bytes Age . . . . . . . : 9.0 days (2017-03-03 17:13:15) Entropy . . . . . : 7.6 SHA-256 . . . . . : CCD4FD05B76D1C64855930E0B24365B4C9ABA3F3319DACEE5D06A565D5CC78F9 Fuzzy . . . . . . : 30.0 The .reloc (relocation) section in this program contains code. This is an indication of malware infection. Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs. Authors name is missing in version info. This is not common to most programs. Version control is missing. This file is probably created by an individual. This is not typical for most programs. Time indicates that the file appeared recently on this computer. Program contains PE structure anomalies. This is not typical for most programs. Forensic Cluster -2.6s C:\Users\Tomek\Documents\Ubisoft\Tom Clancy's Ghost Recon Future Soldier\profiles\tomek54321\ -2.6s C:\Users\Tomek\Documents\Ubisoft\Tom Clancy's Ghost Recon Future Soldier\profiles\ -0.2s C:\Users\Tomek\AppData\Roaming\Ubisoft\Tom Clancy's Ghost Recon Future Soldier\ -0.2s C:\Users\Tomek\AppData\Roaming\Ubisoft\Tom Clancy's Ghost Recon Future Soldier\pb\ -0.1s C:\Users\Tomek\AppData\Roaming\Ubisoft\Tom Clancy's Ghost Recon Future Soldier\pb\pbsv.dll 0.0s C:\Users\Tomek\AppData\Roaming\Ubisoft\Tom Clancy's Ghost Recon Future Soldier\pb\pbcl.dll 0.1s C:\Users\Tomek\AppData\Roaming\Ubisoft\Tom Clancy's Ghost Recon Future Soldier\pb\pbag.dll 0.2s C:\Users\Tomek\AppData\Roaming\Ubisoft\Tom Clancy's Ghost Recon Future Soldier\pb\svss\ 0.2s C:\Users\Tomek\AppData\Roaming\Ubisoft\Tom Clancy's Ghost Recon Future Soldier\pb\svlogs\ 0.2s C:\Users\Tomek\AppData\Roaming\Ubisoft\Tom Clancy's Ghost Recon Future Soldier\pb\htm\ 0.2s C:\Users\Tomek\AppData\Roaming\Ubisoft\Tom Clancy's Ghost Recon Future Soldier\pb\dll\ 0.2s C:\Users\Tomek\AppData\Roaming\Ubisoft\Tom Clancy's Ghost Recon Future Soldier\pb\pbsv.dat 0.2s C:\Users\Tomek\AppData\Roaming\Ubisoft\Tom Clancy's Ghost Recon Future Soldier\pb\pbcls.dll 0.3s C:\Users\Tomek\AppData\Roaming\Ubisoft\Tom Clancy's Ghost Recon Future Soldier\pb\pbags.dll 0.3s C:\Users\Tomek\AppData\Roaming\Ubisoft\Tom Clancy's Ghost Recon Future Soldier\pb\pbcl.db 0.3s C:\Users\Tomek\AppData\Roaming\Ubisoft\Tom Clancy's Ghost Recon Future Soldier\pb\scrnshot\ 29.2s C:\Users\Tomek\Documents\Ubisoft\Tom Clancy's Ghost Recon Future Soldier\profiles\tomek54321\temp_bindings.ini 29.2s C:\Users\Tomek\Documents\Ubisoft\Tom Clancy's Ghost Recon Future Soldier\profiles\tomek54321\1091616\ 29.2s C:\Users\Tomek\Documents\Ubisoft\Tom Clancy's Ghost Recon Future Soldier\profiles\tomek54321\1091616\Settings.ini 29.2s C:\Users\Tomek\Documents\Ubisoft\Tom Clancy's Ghost Recon Future Soldier\profiles\tomek54321\1091616\SavedGame\ 29.2s C:\Users\Tomek\Documents\Ubisoft\Tom Clancy's Ghost Recon Future Soldier\profiles\tomek54321\1091616\data0 29.2s C:\Users\Tomek\Documents\Ubisoft\Tom Clancy's Ghost Recon Future Soldier\profiles\tomek54321\1091616\data1 29.2s C:\Users\Tomek\Documents\Ubisoft\Tom Clancy's Ghost Recon Future Soldier\profiles\tomek54321\1091616\data2 29.2s C:\Users\Tomek\Documents\Ubisoft\Tom Clancy's Ghost Recon Future Soldier\profiles\tomek54321\1091616\controls.ini 29.2s C:\Users\Tomek\Documents\Ubisoft\Tom Clancy's Ghost Recon Future Soldier\profiles\tomek54321\1091616\profile.dat C:\Users\Tomek\AppData\Roaming\Ubisoft\Tom Clancy's Ghost Recon Future Soldier\pb\pbcls.dll Size . . . . . . . : 972 501 bytes Age . . . . . . . : 9.0 days (2017-03-03 17:13:15) Entropy . . . . . : 7.6 SHA-256 . . . . . : CCD4FD05B76D1C64855930E0B24365B4C9ABA3F3319DACEE5D06A565D5CC78F9 Fuzzy . . . . . . : 30.0 The .reloc (relocation) section in this program contains code. This is an indication of malware infection. Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs. Authors name is missing in version info. This is not common to most programs. Version control is missing. This file is probably created by an individual. This is not typical for most programs. Time indicates that the file appeared recently on this computer. Program contains PE structure anomalies. This is not typical for most programs. Forensic Cluster -2.8s C:\Users\Tomek\Documents\Ubisoft\Tom Clancy's Ghost Recon Future Soldier\profiles\tomek54321\ -2.8s C:\Users\Tomek\Documents\Ubisoft\Tom Clancy's Ghost Recon Future Soldier\profiles\ -0.4s C:\Users\Tomek\AppData\Roaming\Ubisoft\Tom Clancy's Ghost Recon Future Soldier\ -0.4s C:\Users\Tomek\AppData\Roaming\Ubisoft\Tom Clancy's Ghost Recon Future Soldier\pb\ -0.3s C:\Users\Tomek\AppData\Roaming\Ubisoft\Tom Clancy's Ghost Recon Future Soldier\pb\pbsv.dll -0.2s C:\Users\Tomek\AppData\Roaming\Ubisoft\Tom Clancy's Ghost Recon Future Soldier\pb\pbcl.dll -0.2s C:\Users\Tomek\AppData\Roaming\Ubisoft\Tom Clancy's Ghost Recon Future Soldier\pb\pbag.dll -0.0s C:\Users\Tomek\AppData\Roaming\Ubisoft\Tom Clancy's Ghost Recon Future Soldier\pb\svss\ -0.0s C:\Users\Tomek\AppData\Roaming\Ubisoft\Tom Clancy's Ghost Recon Future Soldier\pb\svlogs\ -0.0s C:\Users\Tomek\AppData\Roaming\Ubisoft\Tom Clancy's Ghost Recon Future Soldier\pb\htm\ -0.0s C:\Users\Tomek\AppData\Roaming\Ubisoft\Tom Clancy's Ghost Recon Future Soldier\pb\dll\ -0.0s C:\Users\Tomek\AppData\Roaming\Ubisoft\Tom Clancy's Ghost Recon Future Soldier\pb\pbsv.dat 0.0s C:\Users\Tomek\AppData\Roaming\Ubisoft\Tom Clancy's Ghost Recon Future Soldier\pb\pbcls.dll 0.0s C:\Users\Tomek\AppData\Roaming\Ubisoft\Tom Clancy's Ghost Recon Future Soldier\pb\pbags.dll 0.1s C:\Users\Tomek\AppData\Roaming\Ubisoft\Tom Clancy's Ghost Recon Future Soldier\pb\pbcl.db 0.1s C:\Users\Tomek\AppData\Roaming\Ubisoft\Tom Clancy's Ghost Recon Future Soldier\pb\scrnshot\ 28.9s C:\Users\Tomek\Documents\Ubisoft\Tom Clancy's Ghost Recon Future Soldier\profiles\tomek54321\temp_bindings.ini 28.9s C:\Users\Tomek\Documents\Ubisoft\Tom Clancy's Ghost Recon Future Soldier\profiles\tomek54321\1091616\ 28.9s C:\Users\Tomek\Documents\Ubisoft\Tom Clancy's Ghost Recon Future Soldier\profiles\tomek54321\1091616\Settings.ini 28.9s C:\Users\Tomek\Documents\Ubisoft\Tom Clancy's Ghost Recon Future Soldier\profiles\tomek54321\1091616\SavedGame\ 29.0s C:\Users\Tomek\Documents\Ubisoft\Tom Clancy's Ghost Recon Future Soldier\profiles\tomek54321\1091616\data0 29.0s C:\Users\Tomek\Documents\Ubisoft\Tom Clancy's Ghost Recon Future Soldier\profiles\tomek54321\1091616\data1 29.0s C:\Users\Tomek\Documents\Ubisoft\Tom Clancy's Ghost Recon Future Soldier\profiles\tomek54321\1091616\data2 29.0s C:\Users\Tomek\Documents\Ubisoft\Tom Clancy's Ghost Recon Future Soldier\profiles\tomek54321\1091616\controls.ini 29.0s C:\Users\Tomek\Documents\Ubisoft\Tom Clancy's Ghost Recon Future Soldier\profiles\tomek54321\1091616\profile.dat C:\Users\Tomek\Desktop\FRST-OlderVersion\FRST64.exe Size . . . . . . . : 2 423 808 bytes Age . . . . . . . : 2.4 days (2017-03-10 07:59:21) Entropy . . . . . : 7.6 SHA-256 . . . . . : 0C11A0E7E1D7950EAAB54F640609BD62DC8E7F6CCBDD4520ACD6E0A67C252262 Needs elevation . : Yes Fuzzy . . . . . . : 24.0 Program has no publisher information but prompts the user for permission elevation. Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs. Authors name is missing in version info. This is not common to most programs. Version control is missing. This file is probably created by an individual. This is not typical for most programs. Time indicates that the file appeared recently on this computer. Forensic Cluster -3.4s C:\Users\Tomek\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6AF4EE75E3A4ABA658C0087EB9A0BB5B_556BB0FF4D382D90E7703209690E089E -3.4s C:\Users\Tomek\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6AF4EE75E3A4ABA658C0087EB9A0BB5B_556BB0FF4D382D90E7703209690E089E 0.0s C:\Users\Tomek\Desktop\FRST-OlderVersion\FRST64.exe C:\Users\Tomek\Desktop\FRST64.exe Size . . . . . . . : 2 424 320 bytes Age . . . . . . . : 0.0 days (2017-03-12 16:00:01) Entropy . . . . . : 7.6 SHA-256 . . . . . : 888080A18968475A4AF792C1F4EAED87442D61A9BD32DAAD9763CB641B5C97D9 Needs elevation . : Yes Fuzzy . . . . . . : 24.0 Program has no publisher information but prompts the user for permission elevation. Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs. Authors name is missing in version info. This is not common to most programs. Version control is missing. This file is probably created by an individual. This is not typical for most programs. Time indicates that the file appeared recently on this computer. Forensic Cluster 0.0s C:\Users\Tomek\Desktop\FRST64.exe 1.5s C:\Users\Tomek\Desktop\FRST-OlderVersion\ 11.4s C:\FRST\Logs\ct 11.4s C:\Users\Tomek\Desktop\Fixlog.txt C:\Windows\SysWOW64\GameMon.des Size . . . . . . . : 3 643 520 bytes Age . . . . . . . : 389.8 days (2016-02-16 22:04:34) Entropy . . . . . : 8.0 SHA-256 . . . . . : 09F9C3D6119E1435805CF14290523BFF8B978C08059CC9E57A12AF5A602D7F23 Product . . . . . : nProtect Game Monitor Publisher . . . . : INCA Internet Co., Ltd. Description . . . : nProtect Game Monitor Rev 2361 Version . . . . . : 2016.1.8.1 RSA Key Size . . . : 2048 Service . . . . . : npggsvc LanguageID . . . . : 1042 Authenticode . . . : Valid Fuzzy . . . . . . : 25.0 The file name extension of this program is not common. Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs. The file is located in a folder that contains core operating system files from Windows. This is not typical for most programs and is only common to system tools, drivers and hacking utilities. Starts automatically as a service during system bootup. Program is code signed with a valid Authenticode certificate. Startup HKLM\SYSTEM\CurrentControlSet\Services\npggsvc\ [/code]