[code] HitmanPro 3.7.14.280 www.hitmanpro.com Computer name . . . . : USER-KOMPUTER Windows . . . . . . . : 6.1.1.7601.X86/2 User name . . . . . . : User-Komputer\User UAC . . . . . . . . . : Disabled License . . . . . . . : Free Scan date . . . . . . : 2016-10-01 14:28:49 Scan mode . . . . . . : Normal Scan duration . . . . : 3m 14s Disk access mode . . : Direct disk access (SRB) Cloud . . . . . . . . : Internet Reboot . . . . . . . : No Threats . . . . . . . : 0 Traces . . . . . . . : 6 Objects scanned . . . : 693 165 Files scanned . . . . : 14 937 Remnants scanned . . : 122 425 files / 555 803 keys Suspicious files ____________________________________________________________ C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NYRGTNUT\FRST[1].exe Size . . . . . . . : 1 754 624 bytes Age . . . . . . . : 0.0 days (2016-10-01 14:26:14) Entropy . . . . . : 7.6 SHA-256 . . . . . : 060548C3E74697323A9F136F82BB9C6B8F5C9DE03302BEA82EF75C2283246F8C Needs elevation . : Yes Fuzzy . . . . . . : 24.0 Program has no publisher information but prompts the user for permission elevation. Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs. Authors name is missing in version info. This is not common to most programs. Version control is missing. This file is probably created by an individual. This is not typical for most programs. Time indicates that the file appeared recently on this computer. Forensic Cluster -1.9s C:\Users\User\AppData\Roaming\Microsoft\Windows\Cookies\UEU22GQO.txt -1.3s C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NYRGTNUT\81[1].htm -1.3s C:\Users\User\AppData\Roaming\Microsoft\Windows\Cookies\BQ7Y97H9.txt -0.2s C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\L742UPFP\FRST[1].exe 0.0s C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NYRGTNUT\FRST[1].exe 0.0s C:\Users\User\Desktop\FRST.exe C:\Users\User\Desktop\FRST-OlderVersion\FRST.exe Size . . . . . . . : 1 754 624 bytes Age . . . . . . . : 0.0 days (2016-10-01 14:23:21) Entropy . . . . . : 7.6 SHA-256 . . . . . : 4A3DB78E4A6296D26268EBD2A975632B7BA5C17527E015F8096B7A91EACF9C25 Needs elevation . : Yes Fuzzy . . . . . . : 24.0 Program has no publisher information but prompts the user for permission elevation. Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs. Authors name is missing in version info. This is not common to most programs. Version control is missing. This file is probably created by an individual. This is not typical for most programs. Time indicates that the file appeared recently on this computer. C:\Users\User\Desktop\FRST.exe Size . . . . . . . : 1 754 624 bytes Age . . . . . . . : 0.0 days (2016-10-01 14:26:14) Entropy . . . . . : 7.6 SHA-256 . . . . . : 060548C3E74697323A9F136F82BB9C6B8F5C9DE03302BEA82EF75C2283246F8C Needs elevation . : Yes Fuzzy . . . . . . : 24.0 Program has no publisher information but prompts the user for permission elevation. Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs. Authors name is missing in version info. This is not common to most programs. Version control is missing. This file is probably created by an individual. This is not typical for most programs. Time indicates that the file appeared recently on this computer. Forensic Cluster -2.0s C:\Users\User\AppData\Roaming\Microsoft\Windows\Cookies\UEU22GQO.txt -1.3s C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NYRGTNUT\81[1].htm -1.3s C:\Users\User\AppData\Roaming\Microsoft\Windows\Cookies\BQ7Y97H9.txt -0.2s C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\L742UPFP\FRST[1].exe -0.0s C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NYRGTNUT\FRST[1].exe 0.0s C:\Users\User\Desktop\FRST.exe Cookies _____________________________________________________________________ C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\dat3n56j.default\cookies.sqlite:addthis.com C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\dat3n56j.default\cookies.sqlite:doubleclick.net C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\dat3n56j.default\cookies.sqlite:oracle.112.2o7.net [/code]