[code] HitmanPro 3.7.14.276 www.hitmanpro.com Computer name . . . . : ZELO Windows . . . . . . . : 6.3.0.9600.X64/4 User name . . . . . . : ZELO\Maru UAC . . . . . . . . . : Enabled License . . . . . . . : Trial (30 days left) Scan date . . . . . . : 2016-09-15 13:53:53 Scan mode . . . . . . : Normal Scan duration . . . . : 12m 32s Disk access mode . . : Direct disk access (SRB) Cloud . . . . . . . . : Internet Reboot . . . . . . . : Yes Threats . . . . . . . : 0 Traces . . . . . . . : 15 Objects scanned . . . : 2 150 472 Files scanned . . . . : 54 738 Remnants scanned . . : 601 556 files / 1 494 178 keys Suspicious files ____________________________________________________________ C:\Users\Maru\AppData\Local\PunkBuster\UNCO\pb\pbcl.dll Size . . . . . . . : 833 236 bytes Age . . . . . . . : 1314.6 days (2013-02-08 22:45:46) Entropy . . . . . : 7.6 SHA-256 . . . . . : 224E58B68FE38C7B9DE702D8E970158B3DB6B0CAE3429B4903DAFC68AE60C83C Fuzzy . . . . . . : 29.0 The .reloc (relocation) section in this program contains code. This is an indication of malware infection. Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs. Authors name is missing in version info. This is not common to most programs. Version control is missing. This file is probably created by an individual. This is not typical for most programs. Program contains PE structure anomalies. This is not typical for most programs. C:\Users\Maru\Downloads\INSTALKI\Action full version\CRACK\Crack\dontcrack.exe Size . . . . . . . : 18 051 072 bytes Age . . . . . . . : 47.0 days (2016-07-30 14:51:34) Entropy . . . . . : 7.0 SHA-256 . . . . . : 2C1CB1A4766B47B04C67C392EBAB99E20D3B24D172D1CB1A9BCEAD77706F50EC Product . . . . . : Action! Publisher . . . . : Mirillis Ltd. Description . . . : Action! Version . . . . . : 1.18.0.0 RSA Key Size . . . : 2048 LanguageID . . . . : 9 Authenticode . . . : Invalid Fuzzy . . . . . . : 22.0 Program is altered or corrupted since it was code signed by its author. This is typical for malware and pirated software. Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs. Potential Unwanted Programs _________________________________________________ HKLM\SOFTWARE\Classes\AppID\{3601b5c5-5255-4dc9-ad46-2951e225f22e}\ (SaleClipper) -> Deleted HKLM\SOFTWARE\Classes\AppID\{a6da7c31-adfa-4531-a681-ff2c75c340f1}\ (SaleClipper) -> Deleted HKLM\SOFTWARE\Classes\Wow6432Node\AppID\{3601b5c5-5255-4dc9-ad46-2951e225f22e}\ (SaleClipper) -> PendingDelete HKLM\SOFTWARE\Classes\Wow6432Node\AppID\{a6da7c31-adfa-4531-a681-ff2c75c340f1}\ (SaleClipper) -> PendingDelete HKLM\SOFTWARE\Wow6432Node\Microsoft\{94ebd7b5-82ae-449t-b679-3d04078ed154}}\ (Tuto4PC) -> Deleted HKU\S-1-5-21-2411900937-544243709-2355068264-1001\Software\Microsoft\Internet Explorer\AboutURLs\Tabs (CertifiedToolbar) -> Deleted HKU\S-1-5-21-2411900937-544243709-2355068264-1001\Software\Microsoft\Internet Explorer\TabbedBrowsing\bProtectNewTabPageShow (22Find) -> Deleted HKU\S-1-5-21-2411900937-544243709-2355068264-1001\Software\Microsoft\Internet Explorer\TabbedBrowsing\bProtectShowTabsWelcome (22Find) -> Deleted HKU\S-1-5-21-2411900937-544243709-2355068264-1001\Software\Microsoft\{94ebd7b5-82ae-449t-b679-3d04078ed154}}\ (Tuto4PC) -> Deleted HKU\S-1-5-21-2411900937-544243709-2355068264-1001\Software\Wow6432Node\Microsoft\{94ebd7b5-82ae-449t-b679-3d04078ed154}}\ (Tuto4PC) -> Deleted Cookies _____________________________________________________________________ C:\Users\Maru\AppData\Local\Microsoft\Windows\INetCookies\4MS220UN.txt C:\Users\Maru\AppData\Local\Microsoft\Windows\INetCookies\5MBG6CHJ.txt C:\Users\Maru\AppData\Local\Microsoft\Windows\INetCookies\8REHVRCN.txt [/code]