[code] HitmanPro 3.7.15.281 www.hitmanpro.com Computer name . . . . : TOM615-PC Windows . . . . . . . : 10.0.0.14393.X64/4 User name . . . . . . : tom615-PC\tom615 UAC . . . . . . . . . : Disabled License . . . . . . . : Trial (Expired) Scan date . . . . . . : 2017-04-02 22:33:22 Scan mode . . . . . . : Normal Scan duration . . . . : 9m 27s Disk access mode . . : Direct disk access (SRB) Cloud . . . . . . . . : Internet Reboot . . . . . . . : No Threats . . . . . . . : 2 Traces . . . . . . . : 11 Objects scanned . . . : 1 996 774 Files scanned . . . . : 39 379 Remnants scanned . . : 362 059 files / 1 595 336 keys Malware _____________________________________________________________________ C:\Users\tom615\Desktop\TSO\TSO_Tools_43\Updater.exe Size . . . . . . . : 1 754 112 bytes Age . . . . . . . : 197.3 days (2016-09-17 15:40:14) Entropy . . . . . : 6.5 SHA-256 . . . . . : 5C9352998A969A6A99F204D9A764C073CA03178FE9B9324D17B744D62D00DBE8 Product Publisher Description Version . . . . . : 0.1.0.9 LanguageID . . . . : 1045 > Bitdefender . . . : Trojan.Generic.14731411 Fuzzy . . . . . . : 103.0 C:\Users\tom615\Desktop\TSO\TSO_Tools_44\Updater.exe Size . . . . . . . : 1 754 112 bytes Age . . . . . . . : 63.8 days (2017-01-29 03:49:15) Entropy . . . . . : 6.5 SHA-256 . . . . . : 5C9352998A969A6A99F204D9A764C073CA03178FE9B9324D17B744D62D00DBE8 Product Publisher Description Version . . . . . : 0.1.0.9 LanguageID . . . . : 1045 > Bitdefender . . . : Trojan.Generic.14731411 Fuzzy . . . . . . : 103.0 Suspicious files ____________________________________________________________ C:\Users\tom615\AppData\Local\PunkBuster\AC3\pb\PnkBstrK.sys Size . . . . . . . : 138 736 bytes Age . . . . . . . : 115.0 days (2016-12-08 21:44:56) Entropy . . . . . : 7.7 SHA-256 . . . . . : B02A579C524B68FFFBF83E546637DADFF39C5F18D7B7A9A9D4CF17302A1A19B5 RSA Key Size . . . : 2048 Authenticode . . . : Valid Fuzzy . . . . . . : 22.0 The .reloc (relocation) section in this program contains code. This is an indication of malware infection. Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs. Authors name is missing in version info. This is not common to most programs. Version control is missing. This file is probably created by an individual. This is not typical for most programs. Program contains PE structure anomalies. This is not typical for most programs. The file is a device driver. Device drivers run as trusted (highly privileged) code. Program is code signed with a valid Authenticode certificate. C:\Users\tom615\Desktop\Dla Ekspertów\FRST64.exe Size . . . . . . . : 2 424 832 bytes Age . . . . . . . : 0.1 days (2017-04-02 21:17:25) Entropy . . . . . : 7.6 SHA-256 . . . . . : 3A3DCD0D3C9C1FE10C45AF795DC9452DA192246BB67D896AB7F16151A53C1B5F Needs elevation . : Yes Fuzzy . . . . . . : 24.0 Program has no publisher information but prompts the user for permission elevation. Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs. Authors name is missing in version info. This is not common to most programs. Version control is missing. This file is probably created by an individual. This is not typical for most programs. Time indicates that the file appeared recently on this computer. Forensic Cluster -66.6s C:\Users\tom615\AppData\Roaming\Opera Software\Opera Stable\Jump List Icons\ -66.6s C:\Users\tom615\AppData\Roaming\Opera Software\Opera Stable\Jump List Icons\AC20.tmp -66.5s C:\Users\tom615\AppData\Roaming\Opera Software\Opera Stable\Jump List Icons\AC90.tmp -66.5s C:\Users\tom615\AppData\Roaming\Opera Software\Opera Stable\Jump List Icons\ACC1.tmp -66.4s C:\Users\tom615\AppData\Roaming\Opera Software\Opera Stable\Jump List Icons\ACF1.tmp -66.4s C:\Users\tom615\AppData\Roaming\Opera Software\Opera Stable\Jump List Icons\AD13.tmp -66.4s C:\Users\tom615\AppData\Roaming\Opera Software\Opera Stable\Jump List Icons\AD24.tmp -66.3s C:\Users\tom615\AppData\Roaming\Opera Software\Opera Stable\Jump List Icons\AD46.tmp -65.3s C:\Users\tom615\AppData\Local\Opera Software\Opera Stable\Cache\f_001408 -64.7s C:\Users\tom615\AppData\Local\Opera Software\Opera Stable\Cache\f_001409 -64.7s C:\Users\tom615\AppData\Local\Opera Software\Opera Stable\Cache\f_00140a -64.5s C:\Users\tom615\AppData\Local\Opera Software\Opera Stable\Cache\f_00140b -64.1s C:\Users\tom615\AppData\Local\Opera Software\Opera Stable\Cache\f_00140c -64.0s C:\Users\tom615\AppData\Local\Opera Software\Opera Stable\Cache\f_00140d -64.0s C:\Users\tom615\AppData\Local\Opera Software\Opera Stable\Cache\f_00140e -56.8s C:\Users\tom615\AppData\Roaming\Opera Software\Opera Stable\Local Storage\http_www.fixitpc.pl_0.localstorage -56.8s C:\Users\tom615\AppData\Roaming\Opera Software\Opera Stable\Local Storage\http_www.fixitpc.pl_0.localstorage-journal -51.9s C:\Users\tom615\AppData\Local\Opera Software\Opera Stable\Cache\f_00140f -51.9s C:\Users\tom615\AppData\Local\Opera Software\Opera Stable\Cache\f_001410 -51.8s C:\Users\tom615\AppData\Local\Opera Software\Opera Stable\Cache\f_001411 -44.3s C:\Users\tom615\AppData\Local\Opera Software\Opera Stable\Cache\f_001412 -32.7s C:\Users\tom615\AppData\Local\Opera Software\Opera Stable\Cache\f_001413 -32.6s C:\Users\tom615\AppData\Local\Opera Software\Opera Stable\Cache\f_001414 -27.7s C:\Users\tom615\AppData\Local\Opera Software\Opera Stable\Cache\f_001415 -26.5s C:\Users\tom615\AppData\Local\Opera Software\Opera Stable\Cache\f_001416 -19.1s C:\Users\tom615\AppData\Local\Opera Software\Opera Stable\Cache\f_001417 -18.9s C:\Users\tom615\AppData\Local\Opera Software\Opera Stable\Cache\f_001418 -18.4s C:\Users\tom615\AppData\Local\Opera Software\Opera Stable\Cache\f_001419 -18.4s C:\Users\tom615\AppData\Local\Opera Software\Opera Stable\Cache\f_00141a -18.3s C:\Users\tom615\AppData\Local\Opera Software\Opera Stable\Cache\f_00141b -18.3s C:\Users\tom615\AppData\Local\Opera Software\Opera Stable\Cache\f_00141c -18.3s C:\Users\tom615\AppData\Local\Opera Software\Opera Stable\Cache\f_00141d -18.2s C:\Users\tom615\AppData\Local\Opera Software\Opera Stable\Cache\f_00141e -18.1s C:\Users\tom615\AppData\Local\Opera Software\Opera Stable\Cache\f_00141f -18.0s C:\Users\tom615\AppData\Local\Opera Software\Opera Stable\Cache\f_001420 -18.0s C:\Users\tom615\AppData\Local\Opera Software\Opera Stable\Cache\f_001421 -18.0s C:\Users\tom615\AppData\Local\Opera Software\Opera Stable\Cache\f_001422 -18.0s C:\Users\tom615\AppData\Local\Opera Software\Opera Stable\Cache\f_001423 -17.9s C:\Users\tom615\AppData\Local\Opera Software\Opera Stable\Cache\f_001424 -17.9s C:\Users\tom615\AppData\Local\Opera Software\Opera Stable\Cache\f_001425 -17.8s C:\Users\tom615\AppData\Local\Opera Software\Opera Stable\Cache\f_001426 -17.7s C:\Users\tom615\AppData\Local\Opera Software\Opera Stable\Cache\f_001427 -17.7s C:\Users\tom615\AppData\Local\Opera Software\Opera Stable\Cache\f_001428 -17.6s C:\Users\tom615\AppData\Local\Opera Software\Opera Stable\Cache\f_001429 -17.6s C:\Users\tom615\AppData\Local\Opera Software\Opera Stable\Cache\f_00142a -17.6s C:\Users\tom615\AppData\Local\Opera Software\Opera Stable\Cache\f_00142b -17.6s C:\Users\tom615\AppData\Local\Opera Software\Opera Stable\Cache\f_00142c -15.5s C:\Users\tom615\AppData\Local\Opera Software\Opera Stable\Cache\f_00142d -15.4s C:\Users\tom615\AppData\Local\Opera Software\Opera Stable\Cache\f_00142e -11.5s C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\4dfcf7b5305fa8b16c5923026b3da977_7e4bfb73-2bbc-480c-9630-7d81fabac3e4 -10.2s C:\Users\tom615\AppData\Local\Opera Software\Opera Stable\Cache\f_00142f -10.1s C:\Users\tom615\AppData\Local\Opera Software\Opera Stable\Cache\f_001430 -9.8s C:\Users\tom615\AppData\Local\Opera Software\Opera Stable\Cache\f_001431 -9.7s C:\Users\tom615\AppData\Local\Opera Software\Opera Stable\Cache\f_001432 -9.5s C:\Users\tom615\AppData\Local\Opera Software\Opera Stable\Cache\f_001433 -9.5s C:\Users\tom615\AppData\Local\Opera Software\Opera Stable\Cache\f_001434 -9.5s C:\Users\tom615\AppData\Local\Opera Software\Opera Stable\Cache\f_001435 -9.4s C:\Users\tom615\AppData\Local\Opera Software\Opera Stable\Cache\f_001436 -9.3s C:\Users\tom615\AppData\Local\Opera Software\Opera Stable\Cache\f_001437 -9.3s C:\Users\tom615\AppData\Local\Opera Software\Opera Stable\Cache\f_001438 -9.2s C:\Users\tom615\AppData\Local\Opera Software\Opera Stable\Cache\f_001439 -9.2s C:\Users\tom615\AppData\Local\Opera Software\Opera Stable\Cache\f_00143a -8.6s C:\Users\tom615\AppData\Local\Opera Software\Opera Stable\Cache\f_00143b -8.5s C:\Users\tom615\AppData\Local\Opera Software\Opera Stable\Cache\f_00143c -8.4s C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\e949b4a9a1acd7ec13fbb01c23b7237c_7e4bfb73-2bbc-480c-9630-7d81fabac3e4 -8.4s C:\Users\tom615\AppData\Local\Opera Software\Opera Stable\Cache\f_00143d -7.9s C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\737cac732f8b340aa54dea7dc32000bd_7e4bfb73-2bbc-480c-9630-7d81fabac3e4 -7.9s C:\Users\tom615\AppData\Local\Opera Software\Opera Stable\Cache\f_00143e -7.8s C:\Users\tom615\AppData\Local\Opera Software\Opera Stable\Cache\f_00143f -7.5s C:\Users\tom615\AppData\Local\Opera Software\Opera Stable\Media Cache\f_000022 -7.4s C:\Users\tom615\AppData\Local\Opera Software\Opera Stable\Media Cache\f_000023 -7.2s C:\Users\tom615\AppData\Local\Opera Software\Opera Stable\Media Cache\f_000024 -7.1s C:\Users\tom615\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3388ECC3F7BC4A9271C10ED8621E5A65_DE46420CF5F634CA85431DC043EE809F -7.1s C:\Users\tom615\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3388ECC3F7BC4A9271C10ED8621E5A65_DE46420CF5F634CA85431DC043EE809F -7.1s C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\41910b5e1981707333c21aa5d21eea29_7e4bfb73-2bbc-480c-9630-7d81fabac3e4 -6.9s C:\Users\tom615\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\A9E4F776657345B52012CE8E279D314C_183A5BE0B233CC1D513955FABECF9450 -6.9s C:\Users\tom615\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\A9E4F776657345B52012CE8E279D314C_183A5BE0B233CC1D513955FABECF9450 -6.8s C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\12b3aadcc803facf282a53dd8146f2c6_7e4bfb73-2bbc-480c-9630-7d81fabac3e4 -3.3s C:\Users\tom615\AppData\Roaming\Opera Software\Opera Stable\Local Storage\https_www.bleepingcomputer.com_0.localstorage -3.3s C:\Users\tom615\AppData\Roaming\Opera Software\Opera Stable\Local Storage\https_www.bleepingcomputer.com_0.localstorage-journal 0.0s C:\Users\tom615\Desktop\Dla Ekspertów\FRST64.exe 3.2s C:\Windows\Prefetch\AUDIODG.EXE-D0D776AC.pf 10.0s C:\Users\tom615\AppData\Local\Opera Software\Opera Stable\Media Cache\f_000025 13.4s C:\Users\tom615\AppData\Local\Opera Software\Opera Stable\Cache\f_001440 15.8s C:\Users\tom615\AppData\Local\Opera Software\Opera Stable\Cache\f_001441 15.8s C:\Users\tom615\AppData\Local\Opera Software\Opera Stable\Cache\f_001442 15.9s C:\Users\tom615\AppData\Local\Opera Software\Opera Stable\Cache\f_001443 15.9s C:\Users\tom615\AppData\Local\Opera Software\Opera Stable\Cache\f_001444 15.9s C:\Users\tom615\AppData\Local\Opera Software\Opera Stable\Cache\f_001445 15.9s C:\Users\tom615\AppData\Local\Opera Software\Opera Stable\Cache\f_001446 15.9s C:\Users\tom615\AppData\Local\Opera Software\Opera Stable\Cache\f_001447 23.2s C:\Users\tom615\Desktop\Dla Ekspertów\750h7qol.exe C:\Users\tom615\Desktop\tom615\FRST-OlderVersion\FRST64.exe Size . . . . . . . : 2 420 736 bytes Age . . . . . . . : 62.0 days (2017-01-30 23:44:04) Entropy . . . . . : 7.6 SHA-256 . . . . . : 566708D6E5A537F1C4EC62431527D89046779755355E43945323E021DD13A742 Needs elevation . : Yes Fuzzy . . . . . . : 22.0 Program has no publisher information but prompts the user for permission elevation. Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs. Authors name is missing in version info. This is not common to most programs. Version control is missing. This file is probably created by an individual. This is not typical for most programs. C:\Users\tom615\Desktop\tom615\FRST64.exe Size . . . . . . . : 2 421 248 bytes Age . . . . . . . : 53.4 days (2017-02-08 12:52:16) Entropy . . . . . : 7.6 SHA-256 . . . . . : 4C0854F5782342DBD6B6E6B2023972E75CFEBC235AA40C2B01AB487543CA1BE2 Needs elevation . : Yes Fuzzy . . . . . . : 22.0 Program has no publisher information but prompts the user for permission elevation. Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs. Authors name is missing in version info. This is not common to most programs. Version control is missing. This file is probably created by an individual. This is not typical for most programs. C:\Users\tom615\Documents\Assassin's Creed III\pb\pbcl.dll Size . . . . . . . : 953 640 bytes Age . . . . . . . : 115.0 days (2016-12-08 21:44:32) Entropy . . . . . : 7.6 SHA-256 . . . . . : E7264646B28B8060B93B4374651638428243104DD427CA4970EA6AA956ADD4D5 Fuzzy . . . . . . : 29.0 The .reloc (relocation) section in this program contains code. This is an indication of malware infection. Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs. Authors name is missing in version info. This is not common to most programs. Version control is missing. This file is probably created by an individual. This is not typical for most programs. Program contains PE structure anomalies. This is not typical for most programs. C:\Users\tom615\Documents\Assassin's Creed III\pb\pbcls.dll Size . . . . . . . : 953 640 bytes Age . . . . . . . : 115.0 days (2016-12-08 21:44:44) Entropy . . . . . : 7.6 SHA-256 . . . . . : E7264646B28B8060B93B4374651638428243104DD427CA4970EA6AA956ADD4D5 Fuzzy . . . . . . : 29.0 The .reloc (relocation) section in this program contains code. This is an indication of malware infection. Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs. Authors name is missing in version info. This is not common to most programs. Version control is missing. This file is probably created by an individual. This is not typical for most programs. Program contains PE structure anomalies. This is not typical for most programs. Potential Unwanted Programs _________________________________________________ C:\WINDOWS\SysWOW64\Drivers\DrvAgent64.SYS (DriverRestore) Size . . . . . . . : 22 200 bytes Age . . . . . . . : 324.1 days (2016-05-13 20:02:43) Entropy . . . . . : 6.4 SHA-256 . . . . . : 05F052C64D192CF69A462A5EC16DDA0D43CA5D0245900C9FCB9201685A2E7748 Product . . . . . : DriverAgent Publisher . . . . : Phoenix Technologies Description . . . : DriverAgent Direct I/O for 64-bit Windows Version . . . . . : 6.0 Copyright . . . . : EnTech Taiwan, 1997-2009 RSA Key Size . . . : 2048 Service . . . . . : DrvAgent64 LanguageID . . . . : 1033 Authenticode . . . : Valid Fuzzy . . . . . . : -4.0 Startup HKLM\SYSTEM\CurrentControlSet\Services\DrvAgent64\ HKLM\SYSTEM\ControlSet001\Services\DrvAgent64\ (DriverRestore) HKLM\SYSTEM\CurrentControlSet\Services\DrvAgent64\ (DriverRestore) [/code]