[code] HitmanPro 3.7.15.281 www.hitmanpro.com Computer name . . . . : XANTYR-KOMPUTER Windows . . . . . . . : 10.0.0.14393.X64/4 User name . . . . . . : Xantyr-Komputer\Xantyr UAC . . . . . . . . . : Enabled License . . . . . . . : Free Scan date . . . . . . : 2017-01-14 19:50:43 Scan mode . . . . . . : Normal Scan duration . . . . : 11m 31s Disk access mode . . : Direct disk access (SRB) Cloud . . . . . . . . : Internet Reboot . . . . . . . : No Threats . . . . . . . : 1 Traces . . . . . . . : 8 Objects scanned . . . : 2 413 301 Files scanned . . . . : 33 041 Remnants scanned . . : 420 026 files / 1 960 234 keys Malware _____________________________________________________________________ C:\Users\Xantyr\Downloads\wszystko\Malwarev2.2.0.1043\Malwarebytes Anti-Malware Premium v2.2.0.1043 Setup + Activator\Activator\Malwarebytes Anti-Malware Premium Activator - [Fullstuff.net].exe Size . . . . . . . : 425 472 bytes Age . . . . . . . : 4.8 days (2017-01-10 00:33:04) Entropy . . . . . : 6.3 SHA-256 . . . . . : 8FB56FEFC5AFA0F3950CA1D32E2A3DC6C56C1D07CA7F1AADDE3CB5F77445FCF7 Needs elevation . : Yes Product . . . . . : Activator By Fullstuff.net Publisher . . . . : www.fullstuff.net Description . . . : Activator By Fullstuff.net Version . . . . . : 1.0.0.0 LanguageID . . . . : 0 > Bitdefender . . . : Gen:Variant.Application.Hacktool.13 > Kaspersky . . . . : Trojan-Dropper.MSIL.Agent.serydh Fuzzy . . . . . . : 102.0 Forensic Cluster -0.0s C:\Users\Xantyr\Downloads\wszystko\Malwarev2.2.0.1043\ -0.0s C:\Users\Xantyr\Downloads\wszystko\Malwarev2.2.0.1043\Malwarebytes Anti-Malware Premium v2.2.0.1043 Setup + Activator\Activator\ -0.0s C:\Users\Xantyr\Downloads\wszystko\Malwarev2.2.0.1043\Malwarebytes Anti-Malware Premium v2.2.0.1043 Setup + Activator\ -0.0s C:\Users\Xantyr\Downloads\wszystko\Malwarev2.2.0.1043\Malwarebytes Anti-Malware Premium v2.2.0.1043 Setup + Activator\Activator\Block.bat 0.0s C:\Users\Xantyr\Downloads\wszystko\Malwarev2.2.0.1043\Malwarebytes Anti-Malware Premium v2.2.0.1043 Setup + Activator\Activator\Malwarebytes Anti-Malware Premium Activator - [Fullstuff.net].exe 0.3s C:\Users\Xantyr\Downloads\wszystko\Malwarev2.2.0.1043\Malwarebytes Anti-Malware Premium v2.2.0.1043 Setup + Activator\Forum wielotematyczne, DARMOWE SERWERY!.URL 0.4s C:\Users\Xantyr\Downloads\wszystko\Malwarev2.2.0.1043\Malwarebytes Anti-Malware Premium v2.2.0.1043 Setup + Activator\Instructions.txt 0.4s C:\Users\Xantyr\Downloads\wszystko\Malwarev2.2.0.1043\Malwarebytes Anti-Malware Premium v2.2.0.1043 Setup + Activator\Setup\ 0.4s C:\Users\Xantyr\Downloads\wszystko\Malwarev2.2.0.1043\Malwarebytes Anti-Malware Premium v2.2.0.1043 Setup + Activator\Setup\mbam-setup-2.2.1.1043.exe Suspicious files ____________________________________________________________ C:\Users\Xantyr\AppData\Local\Microsoft\Windows\INetCache\IE\VW7U4S5O\FRST64[1].exe Size . . . . . . . : 2 419 200 bytes Age . . . . . . . : 0.0 days (2017-01-14 19:43:35) Entropy . . . . . : 7.6 SHA-256 . . . . . : 54E26DD548EF617005D204C0386E42B3E4060C26C52F21C6F6307273FBB93F5B Needs elevation . : Yes Fuzzy . . . . . . : 24.0 Program has no publisher information but prompts the user for permission elevation. Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs. Authors name is missing in version info. This is not common to most programs. Version control is missing. This file is probably created by an individual. This is not typical for most programs. Time indicates that the file appeared recently on this computer. Forensic Cluster -7.2s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{FF775770-36D3-4B92-9FA1-A1905E43C038} -2.0s C:\Users\Xantyr\AppData\Local\Microsoft\Windows\INetCookies\A5DU2FE0.cookie -1.7s C:\Users\Xantyr\AppData\Local\Microsoft\Windows\INetCache\IE\VW7U4S5O\82[1].htm -1.5s C:\Users\Xantyr\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\5080DC7A65DB6A5960ECD874088F3328_6CBA2C06D5985DD95AE59AF8FC7C6220 -1.5s C:\Users\Xantyr\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\5080DC7A65DB6A5960ECD874088F3328_6CBA2C06D5985DD95AE59AF8FC7C6220 -0.8s C:\Users\Xantyr\AppData\Local\Microsoft\Windows\INetCookies\VLZKZH3T.cookie -0.8s C:\Users\Xantyr\AppData\Local\Microsoft\Windows\INetCache\IE\MFRLTDG4\82[1].htm -0.5s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\89\75D4C218F9B06105.dat 0.0s C:\Users\Xantyr\Downloads\FRST64.exe 0.0s C:\Users\Xantyr\AppData\Local\Microsoft\Windows\INetCache\IE\VW7U4S5O\FRST64[1].exe 1.3s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\23\537F87FCA811CC93.dat 1.5s C:\Users\Xantyr\Downloads\FRST-OlderVersion\ 3.1s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\71\501A1801B9384BEF.dat 4.7s C:\Users\Xantyr\AppData\Local\Microsoft\Windows\INetCache\IE\MFRLTDG4\up64[2] 6.1s C:\FRST\Logs\ct 6.1s C:\Users\Xantyr\Downloads\Fixlog.txt 6.8s C:\Windows\System32\restore\MachineGuid.txt 8.4s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{BB6FC372-D3AC-4687-9A4D-F19B4835E51B} 11.4s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\61\0DE9027408F73031.dat C:\Users\Xantyr\Downloads\FRST-OlderVersion\FRST64.exe Size . . . . . . . : 2 419 200 bytes Age . . . . . . . : 1.0 days (2017-01-13 18:51:39) Entropy . . . . . : 7.6 SHA-256 . . . . . : FA3DF823E5B6D52B2361EF2FDE0F3343F9916D08B3C1C47DBFA436A6C932738D Needs elevation . : Yes Fuzzy . . . . . . : 24.0 Program has no publisher information but prompts the user for permission elevation. Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs. Authors name is missing in version info. This is not common to most programs. Version control is missing. This file is probably created by an individual. This is not typical for most programs. Time indicates that the file appeared recently on this computer. Forensic Cluster -87.7s C:\Windows\Prefetch\I4JDEL0.EXE-F5AF5F0B.pf -80.1s C:\Windows\Prefetch\UNINS000.EXE-2BDE95ED.pf -75.5s C:\Windows\Prefetch\_IU14D2N.TMP-1CF7F598.pf -54.6s C:\Windows\Prefetch\TASKKILL.EXE-E0105477.pf -53.7s C:\Windows\Prefetch\REGSVR32.EXE-8461DBEE.pf -51.8s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\2\69\BEB8451326389621.dat -51.0s C:\Windows\Prefetch\UNINS000.EXE-C9B0957C.pf -46.9s C:\Windows\Prefetch\UNINSTALL.EXE-4E06AEFF.pf -44.0s C:\Windows\Prefetch\AU_.EXE-58CAF573.pf -30.3s C:\Windows\Prefetch\FRST.EXE-F32325F5.pf 0.0s C:\Users\Xantyr\Downloads\FRST-OlderVersion\FRST64.exe 2.2s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\82\B10CF074F5CCBBE2.dat 7.1s C:\FRST\ 7.1s C:\FRST\Logs\ 7.1s C:\FRST\Quarantine\ 7.1s C:\FRST\Hives\ 7.8s C:\FRST\Hives\ERDNT.INF 7.8s C:\FRST\Hives\ERDNT.CON 7.8s C:\FRST\Hives\SYSTEM 8.7s C:\FRST\Hives\BCD 8.8s C:\FRST\Hives\SOFTWARE 8.9s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\40\9E4B90858055AAD4.dat 8.9s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\26\4A6D46E8F573A0F6.dat 9.1s C:\Windows\Prefetch\ERUNT.EXE-518CFD10.pf 11.7s C:\FRST\Hives\DEFAULT 11.9s C:\FRST\Hives\SECURITY 12.0s C:\FRST\Hives\SAM 12.0s C:\FRST\Hives\Users\ 12.0s C:\FRST\Hives\Users\00000001\ 12.0s C:\FRST\Hives\Users\00000001\NTUSER.DAT 12.2s C:\FRST\Hives\Users\00000002\ 12.2s C:\FRST\Hives\Users\00000002\UsrClass.dat 12.5s C:\FRST\Hives\ERDNT.EXE 12.5s C:\FRST\Hives\ERDNTWIN.LOC 12.5s C:\FRST\Hives\ERDNTDOS.LOC 12.7s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\2\82\B10CF074F5CCBBE2.dat 12.7s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\2\82\ 14.6s C:\Windows\Prefetch\FRST64.EXE-7893E487.pf C:\Users\Xantyr\Downloads\FRST64.exe Size . . . . . . . : 2 419 200 bytes Age . . . . . . . : 0.0 days (2017-01-14 19:43:35) Entropy . . . . . : 7.6 SHA-256 . . . . . : 54E26DD548EF617005D204C0386E42B3E4060C26C52F21C6F6307273FBB93F5B Needs elevation . : Yes Fuzzy . . . . . . : 24.0 Program has no publisher information but prompts the user for permission elevation. Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs. Authors name is missing in version info. This is not common to most programs. Version control is missing. This file is probably created by an individual. This is not typical for most programs. Time indicates that the file appeared recently on this computer. Forensic Cluster -7.2s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{FF775770-36D3-4B92-9FA1-A1905E43C038} -2.0s C:\Users\Xantyr\AppData\Local\Microsoft\Windows\INetCookies\A5DU2FE0.cookie -1.7s C:\Users\Xantyr\AppData\Local\Microsoft\Windows\INetCache\IE\VW7U4S5O\82[1].htm -1.5s C:\Users\Xantyr\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\5080DC7A65DB6A5960ECD874088F3328_6CBA2C06D5985DD95AE59AF8FC7C6220 -1.5s C:\Users\Xantyr\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\5080DC7A65DB6A5960ECD874088F3328_6CBA2C06D5985DD95AE59AF8FC7C6220 -0.8s C:\Users\Xantyr\AppData\Local\Microsoft\Windows\INetCookies\VLZKZH3T.cookie -0.8s C:\Users\Xantyr\AppData\Local\Microsoft\Windows\INetCache\IE\MFRLTDG4\82[1].htm -0.5s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\89\75D4C218F9B06105.dat 0.0s C:\Users\Xantyr\Downloads\FRST64.exe 0.0s C:\Users\Xantyr\AppData\Local\Microsoft\Windows\INetCache\IE\VW7U4S5O\FRST64[1].exe 1.3s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\23\537F87FCA811CC93.dat 1.5s C:\Users\Xantyr\Downloads\FRST-OlderVersion\ 3.1s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\71\501A1801B9384BEF.dat 4.7s C:\Users\Xantyr\AppData\Local\Microsoft\Windows\INetCache\IE\MFRLTDG4\up64[2] 6.1s C:\FRST\Logs\ct 6.1s C:\Users\Xantyr\Downloads\Fixlog.txt 6.8s C:\Windows\System32\restore\MachineGuid.txt 8.4s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{BB6FC372-D3AC-4687-9A4D-F19B4835E51B} 11.4s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\61\0DE9027408F73031.dat Cookies _____________________________________________________________________ C:\Users\Xantyr\AppData\Local\Microsoft\Windows\INetCookies\7YP53IE1.cookie C:\Users\Xantyr\AppData\Local\Microsoft\Windows\INetCookies\91G8KJ1X.cookie C:\Users\Xantyr\AppData\Local\Microsoft\Windows\INetCookies\NAYAV6VF.cookie C:\Users\Xantyr\AppData\Local\Microsoft\Windows\INetCookies\Q7L4TSXN.cookie [/code]