[code] HitmanPro 3.7.14.263 www.hitmanpro.com Computer name . . . . : OEM-KOMPUTER Windows . . . . . . . : 6.1.0.7600.X64/2 User name . . . . . . : OEM-Komputer\OEM UAC . . . . . . . . . : Disabled License . . . . . . . : Free Scan date . . . . . . : 2016-04-27 21:35:37 Scan mode . . . . . . : Normal Scan duration . . . . : 2m 4s Disk access mode . . : Direct disk access (SRB) Cloud . . . . . . . . : Internet Reboot . . . . . . . : No Threats . . . . . . . : 26 Traces . . . . . . . : 78 Objects scanned . . . : 1 004 728 Files scanned . . . . : 23 163 Remnants scanned . . : 171 435 files / 810 130 keys Suspicious files ____________________________________________________________ C:\Users\OEM\Downloads\FRST64.exe Size . . . . . . . : 2 375 680 bytes Age . . . . . . . : 3.0 days (2016-04-24 20:40:41) Entropy . . . . . : 7.6 SHA-256 . . . . . : 9B23A27F854566FE804500EDE2368AF601DC071DBAC28A773ABD48CEAB6CAA20 Needs elevation . : Yes Fuzzy . . . . . . : 24.0 Program has no publisher information but prompts the user for permission elevation. Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs. Authors name is missing in version info. This is not common to most programs. Version control is missing. This file is probably created by an individual. This is not typical for most programs. Time indicates that the file appeared recently on this computer. Malware remnants ____________________________________________________________ HKLM\SOFTWARE\Classes\CLSID\{0FEB2313-F89B-4AC6-8153-84025604A06A}\ (FindWide) HKLM\SOFTWARE\Classes\Interface\{02F878DF-E2BE-4B85-8CB4-A0D2D4E2ED7F}\ (FindWide) HKLM\SOFTWARE\Classes\Interface\{0FEB2313-F89B-4AC6-8153-84025604A06A}\ (FindWide) HKLM\SOFTWARE\Classes\Interface\{2AF343DD-3102-4F9D-AC95-DCA4C95382C7}\ (FindWide) HKLM\SOFTWARE\Classes\Interface\{3137BC14-D8D7-4B67-8FFA-2E0B2E9D541B}\ (FindWide) HKLM\SOFTWARE\Classes\Interface\{4CA2AC92-971B-47B1-ACB6-357B552155AC}\ (FindWide) HKLM\SOFTWARE\Classes\Interface\{52C5395B-1FCD-47FA-A834-FD830701C2D5}\ (FindWide) HKLM\SOFTWARE\Classes\Interface\{5D3DCC39-9233-4330-94E9-DA92BE49CA1A}\ (FindWide) HKLM\SOFTWARE\Classes\Interface\{615FACDF-DADB-440D-AC91-8AAB0AE9E3AD}\ (FindWide) HKLM\SOFTWARE\Classes\Interface\{655847A1-FA36-46ED-923B-A5CD523696EA}\ (FindWide) HKLM\SOFTWARE\Classes\Interface\{762D463B-C45A-456D-A80D-8689C297C91E}\ (FindWide) HKLM\SOFTWARE\Classes\Interface\{7A6BE473-7960-44D0-BD54-D23DA76353DF}\ (FindWide) HKLM\SOFTWARE\Classes\Interface\{803F550E-BAAE-42BB-8917-64BA0006AB17}\ (FindWide) HKLM\SOFTWARE\Classes\Interface\{8D5BC51D-C9D3-43B9-B728-B30677B7C7E8}\ (FindWide) HKLM\SOFTWARE\Classes\Interface\{991C9D8D-A789-4DB9-BDFC-5F33398B04BF}\ (FindWide) HKLM\SOFTWARE\Classes\Interface\{A5ACC874-D943-483F-A2D1-14598D51F872}\ (FindWide) HKLM\SOFTWARE\Classes\Interface\{B0474212-0D9D-4361-90B3-B89D1A44275D}\ (FindWide) HKLM\SOFTWARE\Classes\Interface\{BFDE183A-C6FE-41D2-80F9-586C29210AC2}\ (FindWide) HKLM\SOFTWARE\Classes\Interface\{D83C83BF-3EDD-4410-ADAB-5295116DD8C7}\ (FindWide) HKLM\SOFTWARE\Classes\Interface\{DD260902-9420-4055-A956-9152EB4F3E6A}\ (FindWide) HKLM\SOFTWARE\Classes\Interface\{EB1F9F3C-5526-4DAE-BD4B-3EAA7715DA9F}\ (FindWide) HKLM\SOFTWARE\Classes\Interface\{EBBC143E-44AC-4B9C-BCCE-9A0E42921F2A}\ (FindWide) HKLM\SOFTWARE\Classes\Interface\{F68DC16C-9C2B-455B-8853-7E4D34BAA3F4}\ (FindWide) HKLM\SOFTWARE\Classes\Interface\{FBA8498F-B3A0-4942-A2BF-E0CB7BC7E000}\ (FindWide) HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\DragDrop\{70BC1CDB-0744-4172-BDA0-B5A487D00C3A}\ (FindWide) HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{72A6AB0F-2FA8-4C73-9FCB-1E62A608F001}\ (FindWide) Potential Unwanted Programs _________________________________________________ HKLM\SOFTWARE\Classes\AppID\{305be14e-7080-4992-9e2d-f6cfa0054a3b}\ (MoneyViking) HKLM\SOFTWARE\Classes\AppID\{C41C967C-1BD4-404c-8393-A34F94156193}\ (iMesh) HKLM\SOFTWARE\Classes\AppID\{d73575f0-7efa-4328-ab3a-88ea8f4292b5}\ (MoneyViking) HKLM\SOFTWARE\Classes\Interface\{E156391B-B638-45B5-9A0A-326F29DE17EA}\ (MoneyViking) HKLM\SOFTWARE\Classes\Interface\{F1912128-469A-4138-AA26-9699C15BB13E}\ (eShield) HKLM\SOFTWARE\Classes\Wow6432Node\AppID\{305be14e-7080-4992-9e2d-f6cfa0054a3b}\ (MoneyViking) HKLM\SOFTWARE\Classes\Wow6432Node\AppID\{C41C967C-1BD4-404c-8393-A34F94156193}\ (iMesh) HKLM\SOFTWARE\Classes\Wow6432Node\AppID\{d73575f0-7efa-4328-ab3a-88ea8f4292b5}\ (MoneyViking) HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{0ABE0FED-50E7-4e42-A125-57C0A11DBCDE}\ (iMesh) HKLM\SYSTEM\ControlSet001\Enum\Root\LEGACY_ISAFENETFILTER\ (NationZoom) HKLM\SYSTEM\ControlSet001\services\eventlog\Application\winzipersvc\ (AirZip) HKLM\SYSTEM\ControlSet002\Enum\Root\LEGACY_ISAFENETFILTER\ (NationZoom) HKLM\SYSTEM\ControlSet002\services\eventlog\Application\winzipersvc\ (AirZip) HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ISAFENETFILTER\ (NationZoom) HKLM\SYSTEM\CurrentControlSet\services\eventlog\Application\winzipersvc\ (AirZip) Cookies _____________________________________________________________________ C:\Users\OEM\AppData\Roaming\Mozilla\Firefox\Profiles\q4o8ptua.default-1461695066812\cookies.sqlite:ad.360yield.com C:\Users\OEM\AppData\Roaming\Mozilla\Firefox\Profiles\q4o8ptua.default-1461695066812\cookies.sqlite:adaptv.advertising.com C:\Users\OEM\AppData\Roaming\Mozilla\Firefox\Profiles\q4o8ptua.default-1461695066812\cookies.sqlite:adform.net C:\Users\OEM\AppData\Roaming\Mozilla\Firefox\Profiles\q4o8ptua.default-1461695066812\cookies.sqlite:adgrx.com C:\Users\OEM\AppData\Roaming\Mozilla\Firefox\Profiles\q4o8ptua.default-1461695066812\cookies.sqlite:adnxs.com C:\Users\OEM\AppData\Roaming\Mozilla\Firefox\Profiles\q4o8ptua.default-1461695066812\cookies.sqlite:ads.stickyadstv.com C:\Users\OEM\AppData\Roaming\Mozilla\Firefox\Profiles\q4o8ptua.default-1461695066812\cookies.sqlite:adsby.bidtheatre.com C:\Users\OEM\AppData\Roaming\Mozilla\Firefox\Profiles\q4o8ptua.default-1461695066812\cookies.sqlite:adscale.de C:\Users\OEM\AppData\Roaming\Mozilla\Firefox\Profiles\q4o8ptua.default-1461695066812\cookies.sqlite:adsrvr.org C:\Users\OEM\AppData\Roaming\Mozilla\Firefox\Profiles\q4o8ptua.default-1461695066812\cookies.sqlite:adtech.de C:\Users\OEM\AppData\Roaming\Mozilla\Firefox\Profiles\q4o8ptua.default-1461695066812\cookies.sqlite:advertising.com C:\Users\OEM\AppData\Roaming\Mozilla\Firefox\Profiles\q4o8ptua.default-1461695066812\cookies.sqlite:atemda.com C:\Users\OEM\AppData\Roaming\Mozilla\Firefox\Profiles\q4o8ptua.default-1461695066812\cookies.sqlite:bidswitch.net C:\Users\OEM\AppData\Roaming\Mozilla\Firefox\Profiles\q4o8ptua.default-1461695066812\cookies.sqlite:bluekai.com C:\Users\OEM\AppData\Roaming\Mozilla\Firefox\Profiles\q4o8ptua.default-1461695066812\cookies.sqlite:casalemedia.com C:\Users\OEM\AppData\Roaming\Mozilla\Firefox\Profiles\q4o8ptua.default-1461695066812\cookies.sqlite:chango.com C:\Users\OEM\AppData\Roaming\Mozilla\Firefox\Profiles\q4o8ptua.default-1461695066812\cookies.sqlite:contextweb.com C:\Users\OEM\AppData\Roaming\Mozilla\Firefox\Profiles\q4o8ptua.default-1461695066812\cookies.sqlite:doubleclick.net C:\Users\OEM\AppData\Roaming\Mozilla\Firefox\Profiles\q4o8ptua.default-1461695066812\cookies.sqlite:erne.co C:\Users\OEM\AppData\Roaming\Mozilla\Firefox\Profiles\q4o8ptua.default-1461695066812\cookies.sqlite:everesttech.net C:\Users\OEM\AppData\Roaming\Mozilla\Firefox\Profiles\q4o8ptua.default-1461695066812\cookies.sqlite:gwallet.com C:\Users\OEM\AppData\Roaming\Mozilla\Firefox\Profiles\q4o8ptua.default-1461695066812\cookies.sqlite:ih.adscale.de C:\Users\OEM\AppData\Roaming\Mozilla\Firefox\Profiles\q4o8ptua.default-1461695066812\cookies.sqlite:lijit.com C:\Users\OEM\AppData\Roaming\Mozilla\Firefox\Profiles\q4o8ptua.default-1461695066812\cookies.sqlite:liverail.com C:\Users\OEM\AppData\Roaming\Mozilla\Firefox\Profiles\q4o8ptua.default-1461695066812\cookies.sqlite:mathtag.com C:\Users\OEM\AppData\Roaming\Mozilla\Firefox\Profiles\q4o8ptua.default-1461695066812\cookies.sqlite:mookie1.com C:\Users\OEM\AppData\Roaming\Mozilla\Firefox\Profiles\q4o8ptua.default-1461695066812\cookies.sqlite:nexac.com C:\Users\OEM\AppData\Roaming\Mozilla\Firefox\Profiles\q4o8ptua.default-1461695066812\cookies.sqlite:openx.net C:\Users\OEM\AppData\Roaming\Mozilla\Firefox\Profiles\q4o8ptua.default-1461695066812\cookies.sqlite:pixel.rubiconproject.com C:\Users\OEM\AppData\Roaming\Mozilla\Firefox\Profiles\q4o8ptua.default-1461695066812\cookies.sqlite:pubmatic.com C:\Users\OEM\AppData\Roaming\Mozilla\Firefox\Profiles\q4o8ptua.default-1461695066812\cookies.sqlite:rubiconproject.com C:\Users\OEM\AppData\Roaming\Mozilla\Firefox\Profiles\q4o8ptua.default-1461695066812\cookies.sqlite:sitescout.com C:\Users\OEM\AppData\Roaming\Mozilla\Firefox\Profiles\q4o8ptua.default-1461695066812\cookies.sqlite:smartadserver.com C:\Users\OEM\AppData\Roaming\Mozilla\Firefox\Profiles\q4o8ptua.default-1461695066812\cookies.sqlite:sxp.smartclip.net C:\Users\OEM\AppData\Roaming\Mozilla\Firefox\Profiles\q4o8ptua.default-1461695066812\cookies.sqlite:tradedoubler.com C:\Users\OEM\AppData\Roaming\Mozilla\Firefox\Profiles\q4o8ptua.default-1461695066812\cookies.sqlite:turn.com [/code]