[code] HitmanPro 3.7.15.281 www.hitmanpro.com Computer name . . . . : MATEUSZPC Windows . . . . . . . : 10.0.0.14393.X64/4 User name . . . . . . : MATEUSZPC\Mateusz UAC . . . . . . . . . : Enabled License . . . . . . . : Free Scan date . . . . . . : 2016-12-28 14:39:17 Scan mode . . . . . . : Normal Scan duration . . . . : 2m 26s Disk access mode . . : Direct disk access (SRB) Cloud . . . . . . . . : Internet Reboot . . . . . . . : No Threats . . . . . . . : 3 Traces . . . . . . . : 103 Objects scanned . . . : 1 709 923 Files scanned . . . . : 33 692 Remnants scanned . . : 354 218 files / 1 322 013 keys Malware _____________________________________________________________________ C:\Program Files (x86)\Common Files\Services\iThemes.dll Size . . . . . . . : 877 056 bytes Age . . . . . . . : 1.0 days (2016-12-27 13:43:38) Entropy . . . . . : 6.7 SHA-256 . . . . . : 30E463608129C34E559216582778D407ED53FC1F5BEFE626771232A13A352B9B Product Publisher Description Version . . . . . : 0.1.0.19 Copyright LanguageID . . . . : 1033 > Bitdefender . . . : Trojan.GenericKD.4064563 Fuzzy . . . . . . : 97.0 Forensic Cluster 0.0s C:\Program Files (x86)\Common Files\Services\iThemes.dll 2.1s C:\Program Files (x86)\Gubed\ 2.1s C:\Program Files (x86)\Gubed\GubedZL.dll C:\Program Files\KMSpico\AutoPico.exe Size . . . . . . . : 745 664 bytes Age . . . . . . . : 165.7 days (2016-07-15 22:02:00) Entropy . . . . . : 6.3 SHA-256 . . . . . : 4A714D98CE40F5F3577C306A66CB4A6B1FF3FD01047C7F4581F8558F0BCDF5FA Needs elevation . : Yes Product . . . . . : AutoPico Publisher . . . . : @ByELDI Description . . . : AutoPico Version . . . . . : 16.1.0.0 RSA Key Size . . . : 1024 LanguageID . . . . : 0 Authenticode . . . : Valid > Bitdefender . . . : Application.KeyGen.GA > Kaspersky . . . . : not-a-virus:RiskTool.Win32.ProcPatcher.aat > HitmanPro . . . . : App/KMSActiv-A Fuzzy . . . . . . : 93.0 Startup C:\WINDOWS\system32\Tasks\AutoPico Daily Restart References C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KMSpico\AutoPico.lnk C:\Program Files\KMSpico\Service_KMS.exe Size . . . . . . . : 745 664 bytes Age . . . . . . . : 165.7 days (2016-07-15 22:02:01) Entropy . . . . . : 6.3 SHA-256 . . . . . : 2B533757086499E224D5717F94A0F4C33E705398A7610219D82B9D3BC8763378 Needs elevation . : Yes Product . . . . . : Service_KMS Publisher . . . . : @ByELDI Description . . . : Service_KMS Version . . . . . : 17.1.0.0 RSA Key Size . . . : 1024 Service . . . . . : Service KMSELDI LanguageID . . . . : 0 Authenticode . . . : Valid Running processes : 2368 > Kaspersky . . . . : not-a-virus:RiskTool.Win32.ProcPatcher.aat Fuzzy . . . . . . : 90.0 Startup HKLM\SYSTEM\CurrentControlSet\Services\Service KMSELDI\ Suspicious files ____________________________________________________________ C:\Users\Mateusz\Desktop\Logi\frst\nowe\FRST64.exe Size . . . . . . . : 2 420 736 bytes Age . . . . . . . : 4.8 days (2016-12-23 20:08:25) Entropy . . . . . : 7.6 SHA-256 . . . . . : E58ADE7FA354A1F256B4608AFD698C379E33FF23D5F62C95BDFC33995C230745 Needs elevation . : Yes Fuzzy . . . . . . : 24.0 Program has no publisher information but prompts the user for permission elevation. Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs. Authors name is missing in version info. This is not common to most programs. Version control is missing. This file is probably created by an individual. This is not typical for most programs. Time indicates that the file appeared recently on this computer. Potential Unwanted Programs _________________________________________________ HKU\S-1-5-21-1394664871-1245148921-295335108-1001\SOFTWARE\IM\ (Sweetpacks) Cookies _____________________________________________________________________ C:\Users\Mateusz\AppData\Local\Google\Chrome\User Data\Default\Cookies:acuityplatform.com C:\Users\Mateusz\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.360yield.com C:\Users\Mateusz\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.turn.com C:\Users\Mateusz\AppData\Local\Google\Chrome\User Data\Default\Cookies:adadvisor.net C:\Users\Mateusz\AppData\Local\Google\Chrome\User Data\Default\Cookies:adaptv.advertising.com C:\Users\Mateusz\AppData\Local\Google\Chrome\User Data\Default\Cookies:addthis.com C:\Users\Mateusz\AppData\Local\Google\Chrome\User Data\Default\Cookies:adfarm1.adition.com C:\Users\Mateusz\AppData\Local\Google\Chrome\User Data\Default\Cookies:adform.net C:\Users\Mateusz\AppData\Local\Google\Chrome\User Data\Default\Cookies:adgrx.com C:\Users\Mateusz\AppData\Local\Google\Chrome\User Data\Default\Cookies:adnxs.com C:\Users\Mateusz\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.avocet.io C:\Users\Mateusz\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.stickyadstv.com C:\Users\Mateusz\AppData\Local\Google\Chrome\User Data\Default\Cookies:adscale.de C:\Users\Mateusz\AppData\Local\Google\Chrome\User Data\Default\Cookies:adsrvr.org C:\Users\Mateusz\AppData\Local\Google\Chrome\User Data\Default\Cookies:adsymptotic.com C:\Users\Mateusz\AppData\Local\Google\Chrome\User Data\Default\Cookies:adtech.de C:\Users\Mateusz\AppData\Local\Google\Chrome\User Data\Default\Cookies:advertising.com C:\Users\Mateusz\AppData\Local\Google\Chrome\User Data\Default\Cookies:adx.adform.net C:\Users\Mateusz\AppData\Local\Google\Chrome\User Data\Default\Cookies:agkn.com C:\Users\Mateusz\AppData\Local\Google\Chrome\User Data\Default\Cookies:at.atwola.com C:\Users\Mateusz\AppData\Local\Google\Chrome\User Data\Default\Cookies:atdmt.com C:\Users\Mateusz\AppData\Local\Google\Chrome\User Data\Default\Cookies:bidswitch.net C:\Users\Mateusz\AppData\Local\Google\Chrome\User Data\Default\Cookies:bluekai.com C:\Users\Mateusz\AppData\Local\Google\Chrome\User Data\Default\Cookies:casalemedia.com C:\Users\Mateusz\AppData\Local\Google\Chrome\User Data\Default\Cookies:chango.com C:\Users\Mateusz\AppData\Local\Google\Chrome\User Data\Default\Cookies:contextweb.com C:\Users\Mateusz\AppData\Local\Google\Chrome\User Data\Default\Cookies:crwdcntrl.net C:\Users\Mateusz\AppData\Local\Google\Chrome\User Data\Default\Cookies:demdex.net C:\Users\Mateusz\AppData\Local\Google\Chrome\User Data\Default\Cookies:dotomi.com C:\Users\Mateusz\AppData\Local\Google\Chrome\User Data\Default\Cookies:doubleclick.net C:\Users\Mateusz\AppData\Local\Google\Chrome\User Data\Default\Cookies:dpm.demdex.net C:\Users\Mateusz\AppData\Local\Google\Chrome\User Data\Default\Cookies:eyeviewads.com C:\Users\Mateusz\AppData\Local\Google\Chrome\User Data\Default\Cookies:gwallet.com C:\Users\Mateusz\AppData\Local\Google\Chrome\User Data\Default\Cookies:ibillboard.com C:\Users\Mateusz\AppData\Local\Google\Chrome\User Data\Default\Cookies:ih.adscale.de C:\Users\Mateusz\AppData\Local\Google\Chrome\User Data\Default\Cookies:ipredictive.com C:\Users\Mateusz\AppData\Local\Google\Chrome\User Data\Default\Cookies:krxd.net C:\Users\Mateusz\AppData\Local\Google\Chrome\User Data\Default\Cookies:lijit.com C:\Users\Mateusz\AppData\Local\Google\Chrome\User Data\Default\Cookies:liverail.com C:\Users\Mateusz\AppData\Local\Google\Chrome\User Data\Default\Cookies:mathtag.com C:\Users\Mateusz\AppData\Local\Google\Chrome\User Data\Default\Cookies:ml314.com C:\Users\Mateusz\AppData\Local\Google\Chrome\User Data\Default\Cookies:mookie1.com C:\Users\Mateusz\AppData\Local\Google\Chrome\User Data\Default\Cookies:nexac.com C:\Users\Mateusz\AppData\Local\Google\Chrome\User Data\Default\Cookies:openx.net C:\Users\Mateusz\AppData\Local\Google\Chrome\User Data\Default\Cookies:owneriq.net C:\Users\Mateusz\AppData\Local\Google\Chrome\User Data\Default\Cookies:pixel.rubiconproject.com C:\Users\Mateusz\AppData\Local\Google\Chrome\User Data\Default\Cookies:pubmatic.com C:\Users\Mateusz\AppData\Local\Google\Chrome\User Data\Default\Cookies:revsci.net C:\Users\Mateusz\AppData\Local\Google\Chrome\User Data\Default\Cookies:rfihub.com C:\Users\Mateusz\AppData\Local\Google\Chrome\User Data\Default\Cookies:rlcdn.com C:\Users\Mateusz\AppData\Local\Google\Chrome\User Data\Default\Cookies:rubiconproject.com C:\Users\Mateusz\AppData\Local\Google\Chrome\User Data\Default\Cookies:serving-sys.com C:\Users\Mateusz\AppData\Local\Google\Chrome\User Data\Default\Cookies:sitescout.com C:\Users\Mateusz\AppData\Local\Google\Chrome\User Data\Default\Cookies:smartadserver.com C:\Users\Mateusz\AppData\Local\Google\Chrome\User Data\Default\Cookies:sxp.smartclip.net C:\Users\Mateusz\AppData\Local\Google\Chrome\User Data\Default\Cookies:tap2-cdn.rubiconproject.com C:\Users\Mateusz\AppData\Local\Google\Chrome\User Data\Default\Cookies:tapad.com C:\Users\Mateusz\AppData\Local\Google\Chrome\User Data\Default\Cookies:tidaltv.com C:\Users\Mateusz\AppData\Local\Google\Chrome\User Data\Default\Cookies:tradedoubler.com C:\Users\Mateusz\AppData\Local\Google\Chrome\User Data\Default\Cookies:tremorhub.com C:\Users\Mateusz\AppData\Local\Google\Chrome\User Data\Default\Cookies:tribalfusion.com C:\Users\Mateusz\AppData\Local\Google\Chrome\User Data\Default\Cookies:tubemogul.com C:\Users\Mateusz\AppData\Local\Google\Chrome\User Data\Default\Cookies:turn.com C:\Users\Mateusz\AppData\Local\Google\Chrome\User Data\Default\Cookies:w55c.net C:\Users\Mateusz\AppData\Local\Google\Chrome\User Data\Default\Cookies:www7.smartadserver.com C:\Users\Mateusz\AppData\Local\Microsoft\Windows\INetCookies\0IC39XFG.cookie C:\Users\Mateusz\AppData\Local\Microsoft\Windows\INetCookies\0ONPXM5D.cookie C:\Users\Mateusz\AppData\Local\Microsoft\Windows\INetCookies\1B5ZJWSV.cookie C:\Users\Mateusz\AppData\Local\Microsoft\Windows\INetCookies\1RTST1YR.cookie C:\Users\Mateusz\AppData\Local\Microsoft\Windows\INetCookies\21C6P3K9.cookie C:\Users\Mateusz\AppData\Local\Microsoft\Windows\INetCookies\36BXN9SN.cookie C:\Users\Mateusz\AppData\Local\Microsoft\Windows\INetCookies\4RAAE0ES.cookie C:\Users\Mateusz\AppData\Local\Microsoft\Windows\INetCookies\8TI7VDHJ.cookie C:\Users\Mateusz\AppData\Local\Microsoft\Windows\INetCookies\940YZNF6.cookie C:\Users\Mateusz\AppData\Local\Microsoft\Windows\INetCookies\CBQI631V.cookie C:\Users\Mateusz\AppData\Local\Microsoft\Windows\INetCookies\CU0A3SN8.cookie C:\Users\Mateusz\AppData\Local\Microsoft\Windows\INetCookies\GLXNLF3Z.cookie C:\Users\Mateusz\AppData\Local\Microsoft\Windows\INetCookies\IZDCYWT8.cookie C:\Users\Mateusz\AppData\Local\Microsoft\Windows\INetCookies\JYA0IYW2.cookie C:\Users\Mateusz\AppData\Local\Microsoft\Windows\INetCookies\LQKEIWUO.cookie C:\Users\Mateusz\AppData\Local\Microsoft\Windows\INetCookies\MB7GSLNC.cookie C:\Users\Mateusz\AppData\Local\Microsoft\Windows\INetCookies\MN3FS3L0.cookie C:\Users\Mateusz\AppData\Local\Microsoft\Windows\INetCookies\NN0OEPBR.cookie C:\Users\Mateusz\AppData\Local\Microsoft\Windows\INetCookies\PMKFFNSV.cookie C:\Users\Mateusz\AppData\Local\Microsoft\Windows\INetCookies\QUV12SZW.cookie C:\Users\Mateusz\AppData\Local\Microsoft\Windows\INetCookies\RPZ0SIJC.cookie C:\Users\Mateusz\AppData\Local\Microsoft\Windows\INetCookies\TS95CGE7.cookie C:\Users\Mateusz\AppData\Local\Microsoft\Windows\INetCookies\UXEHM18K.cookie C:\Users\Mateusz\AppData\Local\Microsoft\Windows\INetCookies\VBF5FZO3.cookie C:\Users\Mateusz\AppData\Local\Microsoft\Windows\INetCookies\WW6J5DVV.cookie C:\Users\Mateusz\AppData\Local\Microsoft\Windows\INetCookies\X2P2B5H8.cookie C:\Users\Mateusz\AppData\Local\Microsoft\Windows\INetCookies\XZ3S7XC4.cookie C:\Users\Mateusz\AppData\Local\Microsoft\Windows\INetCookies\Z9WWIN12.cookie C:\Users\Mateusz\AppData\Local\Microsoft\Windows\INetCookies\ZTAL6QSL.cookie [/code]