[code] HitmanPro 3.7.9.238 www.hitmanpro.com Computer name . . . . : Z Windows . . . . . . . : 6.1.1.7601.X86/4 User name . . . . . . : z\dom UAC . . . . . . . . . : Disabled License . . . . . . . : Trial (30 days left) Scan date . . . . . . : 2015-02-24 23:32:12 Scan mode . . . . . . : Normal Scan duration . . . . : 11m 42s Disk access mode . . : Direct disk access (SRB) Cloud . . . . . . . . : Internet Reboot . . . . . . . : No Threats . . . . . . . : 1 Traces . . . . . . . : 28 Objects scanned . . . : 1 585 029 Files scanned . . . . : 72 445 Remnants scanned . . : 594 551 files / 918 033 keys Malware _____________________________________________________________________ C:\Users\dom\Desktop\przegladarki\Palemoon_download\Minecraft Force Op(1)\update.exe Size . . . . . . . : 736 389 bytes Age . . . . . . . : 2.2 days (2015-02-22 18:40:18) Entropy . . . . . : 7.9 SHA-256 . . . . . : 82E85ED5DE891642D2B0FEC5FD0ACF461649733F82D3A29218E2041A1F93D81F Product Publisher Description . . . : Updating... LanguageID . . . . : 0 > Kaspersky . . . . : not-a-virus:Downloader.NSIS.OutBrowse.bm Fuzzy . . . . . . : 116.0 Forensic Cluster -3.8s C:\TEMP\Temp1_Minecraft Force Op(1).zip\ -2.1s C:\TEMP\Temp1_Minecraft Force Op(1).zip\Minecraft Force Op 1.7.10.exe -0.2s C:\Users\dom\Desktop\przegladarki\Palemoon_download\Minecraft Force Op(1)\ 0.0s C:\Users\dom\Desktop\przegladarki\Palemoon_download\Minecraft Force Op(1)\update.exe 1.6s C:\Users\dom\Desktop\przegladarki\Palemoon_download\Minecraft Force Op(1)\Minecraft Force Op 1.7.10.exe Suspicious files ____________________________________________________________ C:\Users\dom\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7QGS4QSU\FRST[1].exe Size . . . . . . . : 1 127 424 bytes Age . . . . . . . : 0.2 days (2015-02-24 17:35:22) Entropy . . . . . : 8.0 SHA-256 . . . . . : 02A89730323B7E496C3CD2B7F5AFB949F7B7BA78C29157CC0F07D73057C5AF18 Needs elevation . : Yes Fuzzy . . . . . . : 24.0 Program has no publisher information but prompts the user for permission elevation. Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs. Authors name is missing in version info. This is not common to most programs. Version control is missing. This file is probably created by an individual. This is not typical for most programs. Time indicates that the file appeared recently on this computer. Forensic Cluster -3.4s C:\Users\dom\AppData\Roaming\Microsoft\Windows\Cookies\47ZTSPIS.txt -3.4s C:\Users\dom\AppData\Roaming\Microsoft\Windows\Cookies\EK4RXRIA.txt -3.4s C:\Users\dom\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TV1Z76N4\81[1].htm 0.0s C:\Users\dom\Desktop\przegladarki\Palemoon_download\FRST.exe 0.0s C:\Users\dom\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7QGS4QSU\FRST[1].exe 0.1s C:\Users\dom\Desktop\przegladarki\Palemoon_download\FRST-OlderVersion\ C:\Users\dom\Desktop\przegladarki\Palemoon_download\FRST-OlderVersion\FRST.exe Size . . . . . . . : 1 126 912 bytes Age . . . . . . . : 2.1 days (2015-02-22 21:56:26) Entropy . . . . . : 8.0 SHA-256 . . . . . : 2DBB26EBAFEF7247AE1758428AE566E4C3099F53D62C787F4669E680B622F0E6 Needs elevation . : Yes Fuzzy . . . . . . : 24.0 Program has no publisher information but prompts the user for permission elevation. Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs. Authors name is missing in version info. This is not common to most programs. Version control is missing. This file is probably created by an individual. This is not typical for most programs. Time indicates that the file appeared recently on this computer. Potential Unwanted Programs _________________________________________________ HKLM\SOFTWARE\Classes\AppID\secman.DLL\ (Babylon) HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager.1\ (Babylon) HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager\ (Babylon) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{5645E0E7-FC12-43BF-A6E4-F9751942B298}\ (DomalQ) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}\ (DomalQ) HKU\.DEFAULT\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}\ (FLV Player) HKU\.DEFAULT\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}\ (UniDeals) HKU\S-1-5-18\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}\ (FLV Player) HKU\S-1-5-18\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}\ (UniDeals) HKU\S-1-5-21-3916604919-2912353607-3506189148-1000\Software\AppDataLow\Software\Smartbar\ (Conduit) HKU\S-1-5-21-3916604919-2912353607-3506189148-1000\Software\Classes\Interface\{3B3F3AAD-FB97-49FF-BFEE-D22869AC4326}\ (UniDeals) HKU\S-1-5-21-3916604919-2912353607-3506189148-1000\Software\Classes\TypeLib\{157B1AA6-3E5C-404A-9118-C1D91F537040}\ (UniDeals) HKU\S-1-5-21-3916604919-2912353607-3506189148-1000_Classes\Interface\{3B3F3AAD-FB97-49FF-BFEE-D22869AC4326}\ (UniDeals) HKU\S-1-5-21-3916604919-2912353607-3506189148-1000_Classes\TypeLib\{157B1AA6-3E5C-404A-9118-C1D91F537040}\ (UniDeals) Cookies _____________________________________________________________________ C:\Users\dom\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.mediade.sk C:\Users\dom\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.p161.net C:\Users\dom\AppData\Local\Google\Chrome\User Data\Default\Cookies:advertising.com C:\Users\dom\AppData\Local\Google\Chrome\User Data\Default\Cookies:at.atwola.com C:\Users\dom\AppData\Local\Google\Chrome\User Data\Default\Cookies:doubleclick.net C:\Users\dom\AppData\Local\Google\Chrome\User Data\Default\Cookies:media6degrees.com C:\Users\dom\AppData\Local\Google\Chrome\User Data\Default\Cookies:revsci.net C:\Users\dom\AppData\Local\Google\Chrome\User Data\Default\Cookies:ru4.com C:\Users\dom\AppData\Local\Google\Chrome\User Data\Default\Cookies:statcounter.com C:\Users\dom\AppData\Roaming\Mozilla\Firefox\Profiles\mf3o1qyu.default-1424707022727\cookies.sqlite:doubleclick.net C:\Users\dom\AppData\Roaming\Mozilla\Firefox\Profiles\mf3o1qyu.default-1424707022727\cookies.sqlite:xiti.com [/code]