[code] HitmanPro 3.7.9.238 www.hitmanpro.com Computer name . . . . : KUBA-KOMPUTER Windows . . . . . . . : 6.1.1.7601.X64/4 User name . . . . . . : Kuba-Komputer\Kuba UAC . . . . . . . . . : Enabled License . . . . . . . : Trial (30 days left) Scan date . . . . . . : 2015-03-08 08:12:52 Scan mode . . . . . . : Normal Scan duration . . . . : 9m 40s Disk access mode . . : Direct disk access (SRB) Cloud . . . . . . . . : Internet Reboot . . . . . . . : Yes Threats . . . . . . . : 1 Traces . . . . . . . : 69 Objects scanned . . . : 1 946 862 Files scanned . . . . : 32 800 Remnants scanned . . : 586 070 files / 1 327 992 keys Malware _____________________________________________________________________ C:\Users\Kuba\AppData\Local\Temp\GPUpd54FB477A0.exe -> Quarantined Size . . . . . . . : 846 336 bytes Age . . . . . . . : 0.5 days (2015-03-07 19:46:18) Entropy . . . . . : 7.3 SHA-256 . . . . . : 323E53CE42779292698C9A95CAD7104BCDCA45B0411330C17362753D0D4DBDE7 Product . . . . . : WebSecurity Publisher . . . . : Jelbrus Description . . . : WebSecurity Version . . . . . : 1.1.0.0 Copyright . . . . : Copyright 2014 Jelbrus, All rights reserved. LanguageID . . . . : 1033 > Kaspersky . . . . : not-a-virus:AdWare.Win32.Agent.hhsz Fuzzy . . . . . . : 106.0 Forensic Cluster 0.0s C:\Users\Kuba\AppData\Local\Temp\GPUpd54FB477A0.exe 1.9s C:\Program Files (x86)\Jelbrus Secure Web\ 3.1s C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{46BA92DA-5C09-4B8D-A6BB-F981D20F06FC}\offreg.dll 6.5s C:\Users\Kuba\AppData\Local\Temp\GPUpd54FB47812.exe 7.4s C:\Users\Kuba\AppData\Roaming\SpeedTray\ 7.4s C:\Users\Kuba\AppData\Roaming\SpeedTray\speedtray.exe 7.4s C:\Users\Kuba\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpeedTray\ 7.7s C:\Users\Kuba\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpeedTray\SpeedTray.lnk 8.6s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{058D594E-FD7E-4889-AC57-602ECCD9C7E1} 12.0s C:\Program Files (x86)\Jelbrus Secure Web\jswtask.exe 12.0s C:\Program Files (x86)\Jelbrus Secure Web\jswchromium.exe 12.0s C:\Program Files (x86)\Jelbrus Secure Web\jsweb.dll 12.0s C:\Program Files (x86)\Jelbrus Secure Web\jswchromium64.exe 12.0s C:\Program Files (x86)\Jelbrus Secure Web\jsweb64.dll 12.0s C:\Program Files (x86)\Jelbrus Secure Web\jswff.exe 12.0s C:\Program Files (x86)\Jelbrus Secure Web\jsie.dll 12.0s C:\Program Files (x86)\Jelbrus Secure Web\privoxy.exe 12.0s C:\Program Files (x86)\Jelbrus Secure Web\default.action 12.0s C:\Program Files (x86)\Jelbrus Secure Web\config.txt 12.0s C:\Program Files (x86)\Jelbrus Secure Web\mgwz.dll 12.0s C:\Program Files (x86)\Jelbrus Secure Web\default.filter 22.0s C:\Program Files (x86)\Jelbrus Secure Web\privoxy.log 22.5s C:\Windows\System32\Tasks\Jelbrus Secure Web Task 22.6s C:\Program Files (x86)\Mozilla Firefox\distribution\bundles\ 22.6s C:\Program Files (x86)\Mozilla Firefox\distribution\bundles\46e8892acb6c0d0e86909049e28d3dd5\ 22.6s C:\Program Files (x86)\Mozilla Firefox\distribution\bundles\46e8892acb6c0d0e86909049e28d3dd5\chrome.manifest 22.6s C:\Program Files (x86)\Mozilla Firefox\distribution\bundles\46e8892acb6c0d0e86909049e28d3dd5\install.rdf 22.6s C:\Program Files (x86)\Mozilla Firefox\distribution\bundles\46e8892acb6c0d0e86909049e28d3dd5\content\ 22.6s C:\Program Files (x86)\Mozilla Firefox\distribution\bundles\46e8892acb6c0d0e86909049e28d3dd5\content\load.js 22.6s C:\Program Files (x86)\Mozilla Firefox\distribution\bundles\46e8892acb6c0d0e86909049e28d3dd5\content\overlay.xul 22.6s C:\Program Files (x86)\Mozilla Firefox\distribution\ Suspicious files ____________________________________________________________ C:\Users\Kuba\Desktop\logi\FRST-OlderVersion\FRST64.exe Size . . . . . . . : 2 129 920 bytes Age . . . . . . . : 42.5 days (2015-01-24 19:49:39) Entropy . . . . . : 7.5 SHA-256 . . . . . : 8520252BCBD09C72401072B5E83DE245ECE0119E30A52DF462C64D6F94651C65 Needs elevation . : Yes Fuzzy . . . . . . : 22.0 Program has no publisher information but prompts the user for permission elevation. Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs. Authors name is missing in version info. This is not common to most programs. Version control is missing. This file is probably created by an individual. This is not typical for most programs. C:\Users\Kuba\Desktop\logi\FRST64.exe Size . . . . . . . : 2 086 912 bytes Age . . . . . . . : 14.7 days (2015-02-21 14:43:50) Entropy . . . . . : 7.5 SHA-256 . . . . . : CF3043EEDAACEDF33C72A84670D8C24560054CEC81AB37FA58B3A4E1965A74F5 Needs elevation . : Yes Fuzzy . . . . . . : 23.0 Program has no publisher information but prompts the user for permission elevation. Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs. Authors name is missing in version info. This is not common to most programs. Version control is missing. This file is probably created by an individual. This is not typical for most programs. Time indicates that the file appeared recently on this computer. Forensic Cluster 0.0s C:\Users\Kuba\Desktop\logi\FRST64.exe 3.2s C:\Users\Kuba\Desktop\logi\FRST-OlderVersion\ C:\Users\Kuba\Desktop\logi\nowe\nowe2\3\4\FRST64.exe Size . . . . . . . : 2 087 424 bytes Age . . . . . . . : 5.6 days (2015-03-02 17:25:53) Entropy . . . . . : 7.5 SHA-256 . . . . . : B33B6F845FF6FBFB8AF06B71A7F6526084D0CBBE2E6027DAF20980A1BBBEA5F5 Needs elevation . : Yes Fuzzy . . . . . . : 24.0 Program has no publisher information but prompts the user for permission elevation. Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs. Authors name is missing in version info. This is not common to most programs. Version control is missing. This file is probably created by an individual. This is not typical for most programs. Time indicates that the file appeared recently on this computer. Forensic Cluster 0.0s C:\Users\Kuba\Desktop\logi\nowe\nowe2\3\4\FRST64.exe 0.0s C:\Users\Kuba\Desktop\logi\nowe\nowe2\3\4\FRST64.exe 0.0s C:\Users\Kuba\Desktop\logi\nowe\nowe2\3\4\FRST64.exe 0.0s C:\Users\Kuba\Desktop\logi\nowe\nowe2\3\4\FRST64.exe 0.0s C:\Users\Kuba\Desktop\logi\nowe\nowe2\3\4\FRST64.exe 0.0s C:\Users\Kuba\Desktop\logi\nowe\nowe2\3\4\FRST64.exe 0.0s C:\Users\Kuba\Desktop\logi\nowe\nowe2\3\4\FRST64.exe 0.0s C:\Users\Kuba\Desktop\logi\nowe\nowe2\3\4\FRST64.exe 0.0s C:\Users\Kuba\Desktop\logi\nowe\nowe2\3\4\FRST64.exe 0.0s C:\Users\Kuba\Desktop\logi\nowe\nowe2\3\4\FRST64.exe C:\Users\Kuba\Desktop\logi\nowe\nowe2\3\FRST64.exe Size . . . . . . . : 2 087 424 bytes Age . . . . . . . : 12.9 days (2015-02-23 11:11:09) Entropy . . . . . : 7.5 SHA-256 . . . . . : B33B6F845FF6FBFB8AF06B71A7F6526084D0CBBE2E6027DAF20980A1BBBEA5F5 Needs elevation . : Yes Fuzzy . . . . . . : 23.0 Program has no publisher information but prompts the user for permission elevation. Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs. Authors name is missing in version info. This is not common to most programs. Version control is missing. This file is probably created by an individual. This is not typical for most programs. Time indicates that the file appeared recently on this computer. Forensic Cluster 0.0s C:\Users\Kuba\Desktop\logi\nowe\nowe2\3\FRST64.exe 0.0s C:\Users\Kuba\Desktop\logi\nowe\nowe2\3\FRST64.exe Potential Unwanted Programs _________________________________________________ HKU\.DEFAULT\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}\ (PCOptimizerPro) -> Deleted HKU\.DEFAULT\Software\DealPly\ (DealPly) -> Deleted HKU\S-1-5-18\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}\ (PCOptimizerPro) -> PendingDelete HKU\S-1-5-18\Software\DealPly\ (DealPly) -> PendingDelete HKU\S-1-5-19\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}\ (PCOptimizerPro) -> Deleted HKU\S-1-5-20\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}\ (PCOptimizerPro) -> Deleted HKU\S-1-5-21-3839221274-3043303846-3843884880-1000\Software\Microsoft\Internet Explorer\Approved Extensions\{2EECD738-5844-4A99-B4B6-146BF802613B} (Claro) -> Deleted HKU\S-1-5-21-3839221274-3043303846-3843884880-1000\Software\Microsoft\Internet Explorer\Approved Extensions\{4D2D3B0F-69BE-477A-90F5-FDDB05357975} (Claro) -> Deleted HKU\S-1-5-21-3839221274-3043303846-3843884880-1000\Software\Microsoft\Internet Explorer\Approved Extensions\{98889811-442D-49DD-99D7-DC866BE87DBC} (Claro) -> Deleted HKU\S-1-5-21-3839221274-3043303846-3843884880-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\bProtectNewTabPageShow (22Find) -> Deleted HKU\S-1-5-21-3839221274-3043303846-3843884880-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\bProtectShowTabsWelcome (22Find) -> Deleted HKU\S-1-5-21-3839221274-3043303846-3843884880-1000_Classes\Wow6432Node\CLSID\{80922ee0-8a76-46ae-95d5-bd3c3fe0708d}\ (Yontoo) -> Deleted Repairs _____________________________________________________________________ Serwer proxy na tym komputerze (User) 127.0.0.1:8118 Cookies _____________________________________________________________________ C:\Users\Kuba\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.360yield.com C:\Users\Kuba\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.businessclick.com C:\Users\Kuba\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.o2.pl C:\Users\Kuba\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.p161.net C:\Users\Kuba\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.pubmatic.com C:\Users\Kuba\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.torrentco.com C:\Users\Kuba\AppData\Local\Google\Chrome\User Data\Default\Cookies:adtech.de C:\Users\Kuba\AppData\Local\Google\Chrome\User Data\Default\Cookies:advertine.com C:\Users\Kuba\AppData\Local\Google\Chrome\User Data\Default\Cookies:advertising.com C:\Users\Kuba\AppData\Local\Google\Chrome\User Data\Default\Cookies:atdmt.com C:\Users\Kuba\AppData\Local\Google\Chrome\User Data\Default\Cookies:bs.serving-sys.com C:\Users\Kuba\AppData\Local\Google\Chrome\User Data\Default\Cookies:burstnet.com C:\Users\Kuba\AppData\Local\Google\Chrome\User Data\Default\Cookies:casalemedia.com C:\Users\Kuba\AppData\Local\Google\Chrome\User Data\Default\Cookies:diff3.smartadserver.com C:\Users\Kuba\AppData\Local\Google\Chrome\User Data\Default\Cookies:doubleclick.net C:\Users\Kuba\AppData\Local\Google\Chrome\User Data\Default\Cookies:googleadservices.com C:\Users\Kuba\AppData\Local\Google\Chrome\User Data\Default\Cookies:media6degrees.com C:\Users\Kuba\AppData\Local\Google\Chrome\User Data\Default\Cookies:revsci.net C:\Users\Kuba\AppData\Local\Google\Chrome\User Data\Default\Cookies:ru4.com C:\Users\Kuba\AppData\Local\Google\Chrome\User Data\Default\Cookies:serving-sys.com C:\Users\Kuba\AppData\Local\Google\Chrome\User Data\Default\Cookies:smartadserver.com C:\Users\Kuba\AppData\Local\Google\Chrome\User Data\Default\Cookies:stat.4u.pl C:\Users\Kuba\AppData\Local\Google\Chrome\User Data\Default\Cookies:stats.asp24.pl C:\Users\Kuba\AppData\Local\Google\Chrome\User Data\Default\Cookies:track.adform.net C:\Users\Kuba\AppData\Local\Google\Chrome\User Data\Default\Cookies:track.omgpl.com C:\Users\Kuba\AppData\Local\Google\Chrome\User Data\Default\Cookies:track.popmog.com C:\Users\Kuba\AppData\Local\Google\Chrome\User Data\Default\Cookies:tradedoubler.com C:\Users\Kuba\AppData\Local\Google\Chrome\User Data\Default\Cookies:www.burstnet.com C:\Users\Kuba\AppData\Local\Google\Chrome\User Data\Default\Cookies:www.googleadservices.com C:\Users\Kuba\AppData\Local\Google\Chrome\User Data\Default\Cookies:www3.smartadserver.com C:\Users\Kuba\AppData\Local\Google\Chrome\User Data\Default\Cookies:xiti.com C:\Users\Kuba\AppData\Roaming\Microsoft\Windows\Cookies\0ZHP2VVS.txt C:\Users\Kuba\AppData\Roaming\Microsoft\Windows\Cookies\1CFJ2ZPV.txt C:\Users\Kuba\AppData\Roaming\Microsoft\Windows\Cookies\1LN9WQ7P.txt C:\Users\Kuba\AppData\Roaming\Microsoft\Windows\Cookies\5I8UYBSP.txt C:\Users\Kuba\AppData\Roaming\Microsoft\Windows\Cookies\9T2VJKZQ.txt C:\Users\Kuba\AppData\Roaming\Microsoft\Windows\Cookies\ASGQDZ0Q.txt C:\Users\Kuba\AppData\Roaming\Microsoft\Windows\Cookies\B1WQ1E47.txt C:\Users\Kuba\AppData\Roaming\Microsoft\Windows\Cookies\FNOHDQD4.txt C:\Users\Kuba\AppData\Roaming\Microsoft\Windows\Cookies\KJQF5FAR.txt C:\Users\Kuba\AppData\Roaming\Microsoft\Windows\Cookies\LXPLV7CU.txt C:\Users\Kuba\AppData\Roaming\Microsoft\Windows\Cookies\P81S173M.txt C:\Users\Kuba\AppData\Roaming\Microsoft\Windows\Cookies\URAWIUA2.txt C:\Users\Kuba\AppData\Roaming\Microsoft\Windows\Cookies\UXZDVBMR.txt C:\Users\Kuba\AppData\Roaming\Mozilla\Firefox\Profiles\ls2ue3d3.default-1424696867310\cookies.sqlite:ads.adamoads.com C:\Users\Kuba\AppData\Roaming\Mozilla\Firefox\Profiles\ls2ue3d3.default-1424696867310\cookies.sqlite:ads.o2.pl C:\Users\Kuba\AppData\Roaming\Mozilla\Firefox\Profiles\ls2ue3d3.default-1424696867310\cookies.sqlite:adserver.juicyads.com C:\Users\Kuba\AppData\Roaming\Mozilla\Firefox\Profiles\ls2ue3d3.default-1424696867310\cookies.sqlite:adserver.o2.pl C:\Users\Kuba\AppData\Roaming\Mozilla\Firefox\Profiles\ls2ue3d3.default-1424696867310\cookies.sqlite:doubleclick.net C:\Users\Kuba\AppData\Roaming\Mozilla\Firefox\Profiles\ls2ue3d3.default-1424696867310\cookies.sqlite:exoclick.com C:\Users\Kuba\AppData\Roaming\Mozilla\Firefox\Profiles\ls2ue3d3.default-1424696867310\cookies.sqlite:tradedoubler.com [/code]