[code] HitmanPro 3.7.9.238 www.hitmanpro.com Computer name . . . . : SOWAKOMPUTEROWA Windows . . . . . . . : 6.3.0.9600.X64/2 User name . . . . . . : SowaKomputerowa\Alessandra UAC . . . . . . . . . : Enabled License . . . . . . . : Free Scan date . . . . . . : 2015-03-05 19:57:43 Scan mode . . . . . . : Normal Scan duration . . . . : 7m 57s Disk access mode . . : Direct disk access (SRB) Cloud . . . . . . . . : Internet Reboot . . . . . . . : No Threats . . . . . . . : 0 Traces . . . . . . . : 9 Objects scanned . . . : 1 811 187 Files scanned . . . . : 26 867 Remnants scanned . . : 704 552 files / 1 079 768 keys Suspicious files ____________________________________________________________ C:\wirusy\FRST-OlderVersion\FRST64.exe Size . . . . . . . : 2 093 056 bytes Age . . . . . . . : 2.1 days (2015-03-03 18:05:02) Entropy . . . . . : 7.5 SHA-256 . . . . . : 65067F16BCBDA834FEEA3C2F2B307BCC31D699680A184B243035A386B03E398D Needs elevation . : Yes Source URL . . . . : hxxp://download.bleepingcomputer.com/dl/452d545255dff10815adb9a5fab6d69e/54f74345/windows/security/security-utilities/f/farbar-recovery-scan-tool/64/FRST64.exe Fuzzy . . . . . . : 27.0 Program has no publisher information but prompts the user for permission elevation. Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs. The file is downloaded from the Internet to this computer. Authors name is missing in version info. This is not common to most programs. Version control is missing. This file is probably created by an individual. This is not typical for most programs. Time indicates that the file appeared recently on this computer. C:\wirusy\FRST64.exe Size . . . . . . . : 2 092 544 bytes Age . . . . . . . : 0.5 days (2015-03-05 07:42:11) Entropy . . . . . : 7.5 SHA-256 . . . . . : A2BA42B17CF0F4D148539A6BBFEE63A27957655E58C46E592EA024FD25F3BDCF Needs elevation . : Yes Source URL . . . . : hxxp://download.bleepingcomputer.com/dl/0efbf01e1511c6eca75da9d35a49bc9a/54f7fac3/windows/security/security-utilities/f/farbar-recovery-scan-tool/64/FRST64.exe Fuzzy . . . . . . : 27.0 Program has no publisher information but prompts the user for permission elevation. Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs. The file is downloaded from the Internet to this computer. Authors name is missing in version info. This is not common to most programs. Version control is missing. This file is probably created by an individual. This is not typical for most programs. Time indicates that the file appeared recently on this computer. Forensic Cluster -0.2s C:\Users\Alessandra\AppData\Local\Microsoft\Windows\INetCookies\B5E2QMTI.txt -0.2s C:\Users\Alessandra\AppData\Local\Microsoft\Windows\INetCache\IE\SF5QBY97\82[1].htm -0.0s C:\Users\Alessandra\AppData\Local\Microsoft\Windows\INetCache\IE\Q3W5MSMZ\FRST64[1].exe 0.0s C:\wirusy\FRST64.exe 11.3s C:\Users\Alessandra\AppData\Local\Microsoft\Windows\INetCookies\LN0NC2D3.txt 11.3s C:\Users\Alessandra\AppData\Local\Microsoft\Windows\INetCookies\5VSRNJAV.txt 11.3s C:\Users\Alessandra\AppData\Local\Microsoft\Windows\INetCache\IE\Q3W5MSMZ\suggestions[1].htm 13.3s C:\Users\Alessandra\AppData\Local\Microsoft\Windows\INetCache\IE\SF5QBY97\suggestions[1].htm 13.7s C:\Users\Alessandra\AppData\Local\Microsoft\Windows\INetCache\IE\A8P1YXUN\suggestions[1].htm 14.0s C:\Users\Alessandra\AppData\Local\Microsoft\Windows\INetCache\IE\Q3W5MSMZ\suggestions[2].htm 22.7s C:\Users\Alessandra\AppData\Local\Microsoft\Windows\INetCache\IE\77UX6P3R\suggestions[1].htm 23.7s C:\Users\Alessandra\AppData\Local\Microsoft\Windows\INetCache\IE\SF5QBY97\suggestions[2].htm 24.0s C:\Users\Alessandra\AppData\Local\Microsoft\Windows\INetCache\IE\A8P1YXUN\suggestions[2].htm 24.4s C:\Users\Alessandra\AppData\Local\Microsoft\Windows\INetCache\IE\Q3W5MSMZ\suggestions[3].htm Cookies _____________________________________________________________________ C:\Users\Alessandra\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.360yield.com C:\Users\Alessandra\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.stickyadstv.com C:\Users\Alessandra\AppData\Local\Google\Chrome\User Data\Default\Cookies:adtech.de C:\Users\Alessandra\AppData\Local\Google\Chrome\User Data\Default\Cookies:casalemedia.com C:\Users\Alessandra\AppData\Local\Google\Chrome\User Data\Default\Cookies:doubleclick.net C:\Users\Alessandra\AppData\Local\Google\Chrome\User Data\Default\Cookies:smartadserver.com C:\Users\Alessandra\AppData\Local\Google\Chrome\User Data\Default\Cookies:track.adform.net [/code]