[code] HitmanPro 3.7.6.201 www.hitmanpro.com Computer name . . . . : ADMIN-KOMPUTER Windows . . . . . . . : 6.1.1.7601.X64/4 User name . . . . . . : Admin-Komputer\Admin UAC . . . . . . . . . : Enabled License . . . . . . . : Trial (30 days left) Scan date . . . . . . : 2013-06-26 18:27:44 Scan mode . . . . . . : Normal Scan duration . . . . : 3m 4s Disk access mode . . : Direct disk access (SRB) Cloud . . . . . . . . : Internet Reboot . . . . . . . : No Threats . . . . . . . : 0 Traces . . . . . . . : 365 Objects scanned . . . : 1 303 777 Files scanned . . . . : 25 901 Remnants scanned . . : 271 574 files / 1 006 302 keys Suspicious files ____________________________________________________________ C:\Users\Admin\AppData\Local\PunkBuster\WAW\pb\pbcl.dll Size . . . . . . . : 733 004 bytes Age . . . . . . . : 734.1 days (2011-06-23 16:34:23) Entropy . . . . . : 7.5 SHA-256 . . . . . : 8715126E77E8E6F98B4487C11B4656ADAC59145A86D56A0370F2FAE86E40FDC7 Fuzzy . . . . . . : 25.0 The .reloc (relocation) section in this program contains code. This is an indication of malware infection. Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs. Authors name is missing in version info. This is not common to most programs. Version control is missing. This file is probably created by an individual. This is not typical for most programs. Program contains PE structure anomalies. This is not typical for most programs. Potential Unwanted Programs _________________________________________________ C:\ProgramData\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\ (Yontoo) C:\ProgramData\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.dat (Yontoo) C:\Users\Admin\AppData\LocalLow\Delta\ (Delta Search) C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}\ (AskBar) C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}\1045.MST (AskBar) C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}\ARPPRODUCTICON.exe (AskBar) Size . . . . . . . : 102 400 bytes Age . . . . . . . : 759.1 days (2011-05-29 15:10:15) Entropy . . . . . : 6.1 SHA-256 . . . . . : 092D64E5DB4FA21D6719B3A6A30AD06A2CB0E1F897357CD4935BECA52E921274 Product . . . . . : InstallShield Publisher . . . . : Acresso Software Inc. Description . . . : InstallShield Version . . . . . : 16.0.328 Copyright . . . . : Copyright (C) 2009 Acresso Software Inc. and/or InstallShield Co. Inc. All Rights Reserved. Fuzzy . . . . . . : 0.0 HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1\ (AskBar) HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd\ (AskBar) HKLM\SOFTWARE\Classes\Installer\UpgradeCodes\F928123A039649549966D4C29D35B1C9\ (AskBar) HKLM\SOFTWARE\Classes\s\ (Softonic) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E\ (AskBar) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6\ (AskBar) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\261F213D1F55267499B1F87D0CC3BCF7\ (AskBar) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852\ (AskBar) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0\ (AskBar) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA\ (AskBar) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96\ (AskBar) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\741B4ADF27276464790022C965AB6DA8\ (AskBar) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7DE196B10195F5647A2B21B761F3DE01\ (AskBar) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59\ (AskBar) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9D4F5849367142E4685ED8C25E44C5ED\ (AskBar) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A5875B04372C19545BEB90D4D606C472\ (AskBar) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A876D9E80B896EC44A8620248CC79296\ (AskBar) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B66FFAB725B92594C986DE826A867888\ (AskBar) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC\ (AskBar) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA\ (AskBar) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E\ (AskBar) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF\ (AskBar) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E\ (AskBar) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF\ (AskBar) HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}\ (AskBar) HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{D4027C7F-154A-4066-A1AD-4243D8127440} (AskBar) HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}\ (AskBar) HKU\S-1-5-21-615732166-2090531956-1015574816-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}\ (AskBar) Cookies _____________________________________________________________________ C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3x8n7zky.default\cookies.sqlite:ad.360yield.com C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3x8n7zky.default\cookies.sqlite:ad.yieldmanager.com C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3x8n7zky.default\cookies.sqlite:advert.uloz.to C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3x8n7zky.default\cookies.sqlite:atdmt.com C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3x8n7zky.default\cookies.sqlite:c.atdmt.com C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3x8n7zky.default\cookies.sqlite:casalemedia.com C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3x8n7zky.default\cookies.sqlite:doubleclick.net C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3x8n7zky.default\cookies.sqlite:invitemedia.com C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3x8n7zky.default\cookies.sqlite:microsoftsto.112.2o7.net C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3x8n7zky.default\cookies.sqlite:serving-sys.com C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3x8n7zky.default\cookies.sqlite:tradedoubler.com [/code]