[code] HitmanPro 3.8.0.295 www.hitmanpro.com Computer name . . . . : DESKTOP-Q2AQMDC Windows . . . . . . . : 10.0.0.17134.X64/4 User name . . . . . . : DESKTOP-Q2AQMDC\marek UAC . . . . . . . . . : Enabled License . . . . . . . : Free Scan date . . . . . . : 2018-11-19 22:30:18 Scan mode . . . . . . : Normal Scan duration . . . . : 1m 40s Disk access mode . . : Direct disk access (SRB) Cloud . . . . . . . . : Internet Reboot . . . . . . . : No Threats . . . . . . . : 0 Traces . . . . . . . : 94 Objects scanned . . . : 1 759 984 Files scanned . . . . : 41 877 Remnants scanned . . : 356 412 files / 1 361 695 keys Suspicious files ____________________________________________________________ C:\Users\marek\AppData\Local\Microsoft\Windows\INetCache\IE\T6CFGA04\FRST64[1].exe Size . . . . . . . : 2 416 128 bytes Age . . . . . . . : 0.0 days (2018-11-19 22:17:03) Entropy . . . . . : 7.6 SHA-256 . . . . . : CE71D666F5CF9788C0A6BEC762D8132F59A0F7E5D08BD9E83108F1171B22C136 Needs elevation . : Yes Fuzzy . . . . . . : 24.0 Program has no publisher information but prompts the user for permission elevation. Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs. Authors name is missing in version info. This is not common to most programs. Version control is missing. This file is probably created by an individual. This is not typical for most programs. Time indicates that the file appeared recently on this computer. Forensic Cluster -2.5s C:\ProgramData\Microsoft\Windows Defender\Scans\RtSigs\Data\c265dc574d0dcef74dd7e2bf65a7619305ff03d1 -2.1s C:\Users\marek\AppData\Local\Microsoft\Windows\INetCache\IE\QE69HLUH\ -1.8s C:\Users\marek\AppData\Local\Microsoft\Windows\INetCache\IE\LPK96XEB\ -1.8s C:\Users\marek\AppData\Local\Microsoft\Windows\INetCache\IE\LPK96XEB\82[1].htm -0.6s C:\Users\marek\AppData\Local\Microsoft\Windows\INetCache\IE\1XHHGAFX\ -0.6s C:\Users\marek\AppData\Local\Microsoft\Windows\INetCache\IE\1XHHGAFX\82[1].htm -0.0s C:\Users\marek\AppData\Local\Microsoft\Windows\INetCache\IE\T6CFGA04\ 0.0s C:\Users\marek\AppData\Local\Microsoft\Windows\INetCache\IE\T6CFGA04\FRST64[1].exe 0.0s C:\Users\marek\Downloads\FRST64.exe 6.3s C:\Users\marek\AppData\Local\Microsoft\Windows\INetCache\IE\QE69HLUH\up64[2] C:\Users\marek\Downloads\FRST-OlderVersion\FRST64.exe Size . . . . . . . : 2 416 128 bytes Age . . . . . . . : 9.0 days (2018-11-10 23:12:41) Entropy . . . . . : 7.6 SHA-256 . . . . . : A194010C7EE8ECA5198FDF6D8963F64DBBD646CA6898C2C659396AFFAAD9152A Needs elevation . : Yes Fuzzy . . . . . . : 23.0 Program has no publisher information but prompts the user for permission elevation. Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs. Authors name is missing in version info. This is not common to most programs. Version control is missing. This file is probably created by an individual. This is not typical for most programs. Time indicates that the file appeared recently on this computer. C:\Users\marek\Downloads\FRST64.exe Size . . . . . . . : 2 416 128 bytes Age . . . . . . . : 0.0 days (2018-11-19 22:17:03) Entropy . . . . . : 7.6 SHA-256 . . . . . : CE71D666F5CF9788C0A6BEC762D8132F59A0F7E5D08BD9E83108F1171B22C136 Needs elevation . : Yes Fuzzy . . . . . . : 24.0 Program has no publisher information but prompts the user for permission elevation. Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs. Authors name is missing in version info. This is not common to most programs. Version control is missing. This file is probably created by an individual. This is not typical for most programs. Time indicates that the file appeared recently on this computer. Forensic Cluster -2.5s C:\ProgramData\Microsoft\Windows Defender\Scans\RtSigs\Data\c265dc574d0dcef74dd7e2bf65a7619305ff03d1 -2.2s C:\Users\marek\AppData\Local\Microsoft\Windows\INetCache\IE\QE69HLUH\ -1.8s C:\Users\marek\AppData\Local\Microsoft\Windows\INetCache\IE\LPK96XEB\ -1.8s C:\Users\marek\AppData\Local\Microsoft\Windows\INetCache\IE\LPK96XEB\82[1].htm -0.6s C:\Users\marek\AppData\Local\Microsoft\Windows\INetCache\IE\1XHHGAFX\ -0.6s C:\Users\marek\AppData\Local\Microsoft\Windows\INetCache\IE\1XHHGAFX\82[1].htm -0.0s C:\Users\marek\AppData\Local\Microsoft\Windows\INetCache\IE\T6CFGA04\ -0.0s C:\Users\marek\AppData\Local\Microsoft\Windows\INetCache\IE\T6CFGA04\FRST64[1].exe 0.0s C:\Users\marek\Downloads\FRST64.exe 6.3s C:\Users\marek\AppData\Local\Microsoft\Windows\INetCache\IE\QE69HLUH\up64[2] Cookies _____________________________________________________________________ C:\Users\marek\AppData\Local\Google\Chrome\User Data\Default\Cookies:360yield.com C:\Users\marek\AppData\Local\Google\Chrome\User Data\Default\Cookies:abmr.net C:\Users\marek\AppData\Local\Google\Chrome\User Data\Default\Cookies:acuityplatform.com C:\Users\marek\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.turn.com C:\Users\marek\AppData\Local\Google\Chrome\User Data\Default\Cookies:addthis.com C:\Users\marek\AppData\Local\Google\Chrome\User Data\Default\Cookies:adfarm1.adition.com C:\Users\marek\AppData\Local\Google\Chrome\User Data\Default\Cookies:adform.net C:\Users\marek\AppData\Local\Google\Chrome\User Data\Default\Cookies:adhigh.net C:\Users\marek\AppData\Local\Google\Chrome\User Data\Default\Cookies:adingo.jp C:\Users\marek\AppData\Local\Google\Chrome\User Data\Default\Cookies:adnxs.com C:\Users\marek\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.businessclick.com C:\Users\marek\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.converge-digital.com C:\Users\marek\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.playground.xyz C:\Users\marek\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.pubmatic.com C:\Users\marek\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.stickyadstv.com C:\Users\marek\AppData\Local\Google\Chrome\User Data\Default\Cookies:adscale.de C:\Users\marek\AppData\Local\Google\Chrome\User Data\Default\Cookies:adserver01.de C:\Users\marek\AppData\Local\Google\Chrome\User Data\Default\Cookies:adsrvr.org C:\Users\marek\AppData\Local\Google\Chrome\User Data\Default\Cookies:adsymptotic.com C:\Users\marek\AppData\Local\Google\Chrome\User Data\Default\Cookies:advertising.com C:\Users\marek\AppData\Local\Google\Chrome\User Data\Default\Cookies:agkn.com C:\Users\marek\AppData\Local\Google\Chrome\User Data\Default\Cookies:angsrvr.com C:\Users\marek\AppData\Local\Google\Chrome\User Data\Default\Cookies:atdmt.com C:\Users\marek\AppData\Local\Google\Chrome\User Data\Default\Cookies:basebanner.com C:\Users\marek\AppData\Local\Google\Chrome\User Data\Default\Cookies:betweendigital.com C:\Users\marek\AppData\Local\Google\Chrome\User Data\Default\Cookies:bh.contextweb.com C:\Users\marek\AppData\Local\Google\Chrome\User Data\Default\Cookies:bidr.io C:\Users\marek\AppData\Local\Google\Chrome\User Data\Default\Cookies:bidswitch.net C:\Users\marek\AppData\Local\Google\Chrome\User Data\Default\Cookies:c.appier.net C:\Users\marek\AppData\Local\Google\Chrome\User Data\Default\Cookies:casalemedia.com C:\Users\marek\AppData\Local\Google\Chrome\User Data\Default\Cookies:contextweb.com C:\Users\marek\AppData\Local\Google\Chrome\User Data\Default\Cookies:creative-serving.com C:\Users\marek\AppData\Local\Google\Chrome\User Data\Default\Cookies:ctnsnet.com C:\Users\marek\AppData\Local\Google\Chrome\User Data\Default\Cookies:demdex.net C:\Users\marek\AppData\Local\Google\Chrome\User Data\Default\Cookies:doubleclick.net C:\Users\marek\AppData\Local\Google\Chrome\User Data\Default\Cookies:dpm.demdex.net C:\Users\marek\AppData\Local\Google\Chrome\User Data\Default\Cookies:erne.co C:\Users\marek\AppData\Local\Google\Chrome\User Data\Default\Cookies:eus.rubiconproject.com C:\Users\marek\AppData\Local\Google\Chrome\User Data\Default\Cookies:everesttech.net C:\Users\marek\AppData\Local\Google\Chrome\User Data\Default\Cookies:eyeviewads.com C:\Users\marek\AppData\Local\Google\Chrome\User Data\Default\Cookies:flashtalking.com C:\Users\marek\AppData\Local\Google\Chrome\User Data\Default\Cookies:go.sonobi.com C:\Users\marek\AppData\Local\Google\Chrome\User Data\Default\Cookies:googleadservices.com C:\Users\marek\AppData\Local\Google\Chrome\User Data\Default\Cookies:gwallet.com C:\Users\marek\AppData\Local\Google\Chrome\User Data\Default\Cookies:ibillboard.com C:\Users\marek\AppData\Local\Google\Chrome\User Data\Default\Cookies:ih.adscale.de C:\Users\marek\AppData\Local\Google\Chrome\User Data\Default\Cookies:imrworldwide.com C:\Users\marek\AppData\Local\Google\Chrome\User Data\Default\Cookies:ipredictive.com C:\Users\marek\AppData\Local\Google\Chrome\User Data\Default\Cookies:krxd.net C:\Users\marek\AppData\Local\Google\Chrome\User Data\Default\Cookies:m6r.eu C:\Users\marek\AppData\Local\Google\Chrome\User Data\Default\Cookies:match.rundsp.com C:\Users\marek\AppData\Local\Google\Chrome\User Data\Default\Cookies:mathtag.com C:\Users\marek\AppData\Local\Google\Chrome\User Data\Default\Cookies:ml314.com C:\Users\marek\AppData\Local\Google\Chrome\User Data\Default\Cookies:mookie1.com C:\Users\marek\AppData\Local\Google\Chrome\User Data\Default\Cookies:mxptint.net C:\Users\marek\AppData\Local\Google\Chrome\User Data\Default\Cookies:openx.net C:\Users\marek\AppData\Local\Google\Chrome\User Data\Default\Cookies:outbrain.com C:\Users\marek\AppData\Local\Google\Chrome\User Data\Default\Cookies:owneriq.net C:\Users\marek\AppData\Local\Google\Chrome\User Data\Default\Cookies:partners.tremorhub.com C:\Users\marek\AppData\Local\Google\Chrome\User Data\Default\Cookies:pixel.rubiconproject.com C:\Users\marek\AppData\Local\Google\Chrome\User Data\Default\Cookies:pool.admedo.com C:\Users\marek\AppData\Local\Google\Chrome\User Data\Default\Cookies:postrelease.com C:\Users\marek\AppData\Local\Google\Chrome\User Data\Default\Cookies:presentation-ams1.turn.com C:\Users\marek\AppData\Local\Google\Chrome\User Data\Default\Cookies:prg.smartadserver.com C:\Users\marek\AppData\Local\Google\Chrome\User Data\Default\Cookies:pubmatic.com C:\Users\marek\AppData\Local\Google\Chrome\User Data\Default\Cookies:rfihub.com C:\Users\marek\AppData\Local\Google\Chrome\User Data\Default\Cookies:rubiconproject.com C:\Users\marek\AppData\Local\Google\Chrome\User Data\Default\Cookies:scorecardresearch.com C:\Users\marek\AppData\Local\Google\Chrome\User Data\Default\Cookies:server.adform.net C:\Users\marek\AppData\Local\Google\Chrome\User Data\Default\Cookies:simpli.fi C:\Users\marek\AppData\Local\Google\Chrome\User Data\Default\Cookies:smartadserver.com C:\Users\marek\AppData\Local\Google\Chrome\User Data\Default\Cookies:switchadhub.com C:\Users\marek\AppData\Local\Google\Chrome\User Data\Default\Cookies:sxp.smartclip.net C:\Users\marek\AppData\Local\Google\Chrome\User Data\Default\Cookies:taboola.com C:\Users\marek\AppData\Local\Google\Chrome\User Data\Default\Cookies:tapad.com C:\Users\marek\AppData\Local\Google\Chrome\User Data\Default\Cookies:tidaltv.com C:\Users\marek\AppData\Local\Google\Chrome\User Data\Default\Cookies:track.adform.net C:\Users\marek\AppData\Local\Google\Chrome\User Data\Default\Cookies:tradedoubler.com C:\Users\marek\AppData\Local\Google\Chrome\User Data\Default\Cookies:tribalfusion.com C:\Users\marek\AppData\Local\Google\Chrome\User Data\Default\Cookies:turn.com C:\Users\marek\AppData\Local\Google\Chrome\User Data\Default\Cookies:u3s.mathtag.com C:\Users\marek\AppData\Local\Google\Chrome\User Data\Default\Cookies:w55c.net C:\Users\marek\AppData\Local\Google\Chrome\User Data\Default\Cookies:www.googleadservices.com C:\Users\marek\AppData\Local\Google\Chrome\User Data\Default\Cookies:www3.smartadserver.com C:\Users\marek\AppData\Local\Google\Chrome\User Data\Default\Cookies:yieldlab.net C:\Users\marek\AppData\Roaming\Mozilla\Firefox\Profiles\1or1qdeu.default\cookies.sqlite:abmr.net C:\Users\marek\AppData\Roaming\Mozilla\Firefox\Profiles\1or1qdeu.default\cookies.sqlite:adnxs.com C:\Users\marek\AppData\Roaming\Mozilla\Firefox\Profiles\1or1qdeu.default\cookies.sqlite:doubleclick.net C:\Users\marek\AppData\Roaming\Mozilla\Firefox\Profiles\1or1qdeu.default\cookies.sqlite:erne.co C:\Users\marek\AppData\Roaming\Mozilla\Firefox\Profiles\1or1qdeu.default\cookies.sqlite:krxd.net C:\Users\marek\AppData\Roaming\Mozilla\Firefox\Profiles\1or1qdeu.default\cookies.sqlite:mathtag.com [/code]