[code] HitmanPro 3.7.13.258 www.hitmanpro.com Computer name . . . . : KOMPUKALELO Windows . . . . . . . : 6.1.0.7600.X64/8 User name . . . . . . : KompukaLelo\Lelo UAC . . . . . . . . . : Enabled License . . . . . . . : Free Scan date . . . . . . : 2016-04-14 23:06:27 Scan mode . . . . . . : Normal Scan duration . . . . : 3m 28s Disk access mode . . : Direct disk access (SRB) Cloud . . . . . . . . : Internet Reboot . . . . . . . : No Threats . . . . . . . : 1 Traces . . . . . . . : 82 Objects scanned . . . : 1 099 699 Files scanned . . . . : 19 426 Remnants scanned . . : 172 579 files / 907 694 keys Malware _____________________________________________________________________ C:\Program Files (x86)\Common Files\Dingsing\uninstall.exe Size . . . . . . . : 1 075 200 bytes Age . . . . . . . : 1.4 days (2016-04-13 13:21:29) Entropy . . . . . : 8.0 SHA-256 . . . . . : 425F1DB1AF92A80EA2EB3F731A13C0FDA93591D1EAB57C6B6119FFB7D758CC9A > Bitdefender . . . : Gen:Variant.Zusy.187776 > Kaspersky . . . . : Trojan-Dropper.Win32.Addrop.ho Fuzzy . . . . . . : 108.0 Forensic Cluster -6.8s C:\Windows\System32\Macromed\ -6.8s C:\Windows\System32\Macromed\Flash\ -3.1s C:\Windows\System32\Macromed\Flash\FlashInstall.log -3.1s C:\Windows\SysWOW64\Macromed\ -3.1s C:\Windows\SysWOW64\Macromed\Flash\ -0.0s C:\Program Files (x86)\Common Files\Dingsing\ 0.0s C:\Program Files (x86)\Common Files\Dingsing\uninstall.exe 0.0s C:\Program Files (x86)\Common Files\Dingsing\uninstall.dat 0.0s C:\Program Files (x86)\Common Files\Dingsing\InstallationConfiguration.xml 1.0s C:\Program Files (x86)\Common Files\Dingsing\uninstall.ico 1.2s C:\Windows\SysWOW64\Macromed\Flash\FlashInstall.log Suspicious files ____________________________________________________________ C:\Users\Lelo\Downloads\FRST64.exe Size . . . . . . . : 2 375 168 bytes Age . . . . . . . : 1.0 days (2016-04-13 22:59:32) Entropy . . . . . : 7.6 SHA-256 . . . . . : 8C35AA2C44A635477E241F015D971FF09BAC1A17C782CDCD303C592BB6993F17 Needs elevation . : Yes Fuzzy . . . . . . : 24.0 Program has no publisher information but prompts the user for permission elevation. Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs. Authors name is missing in version info. This is not common to most programs. Version control is missing. This file is probably created by an individual. This is not typical for most programs. Time indicates that the file appeared recently on this computer. References HKU\S-1-5-21-3992996756-2334413397-797887538-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\C:\Users\Lelo\Downloads\FRST64.exe Forensic Cluster 0.0s C:\Users\Lelo\Downloads\FRST64.exe 30.5s C:\Users\Lelo\Downloads\8fvq34w5.exe Potential Unwanted Programs _________________________________________________ HKLM\SOFTWARE\Classes\AppID\{0292ec78-0678-4ae2-bfea-138097d7b70d}\ (Yontoo) HKLM\SOFTWARE\Classes\AppID\{0cf3be96-d023-4f0e-bcab-0bf8ac78f706}\ (Yontoo) HKLM\SOFTWARE\Classes\Wow6432Node\AppID\{0292ec78-0678-4ae2-bfea-138097d7b70d}\ (Yontoo) HKLM\SOFTWARE\Classes\Wow6432Node\AppID\{0cf3be96-d023-4f0e-bcab-0bf8ac78f706}\ (Yontoo) HKLM\SOFTWARE\Wow6432Node\Microsoft\{94ebd7b5-82ae-449t-b679-3d04078ed154}}\ (Tuto4PC) HKLM\SYSTEM\ControlSet001\Enum\Root\LEGACY_CHERIMOYA\ (Shopperz) HKLM\SYSTEM\ControlSet001\Enum\Root\LEGACY_MPCKPT\ (MPC) HKLM\SYSTEM\ControlSet002\Enum\Root\LEGACY_CHERIMOYA\ (Shopperz) HKLM\SYSTEM\ControlSet002\Enum\Root\LEGACY_MPCKPT\ (MPC) HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CHERIMOYA\ (Shopperz) HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MPCKPT\ (MPC) HKU\S-1-5-21-3992996756-2334413397-797887538-1000\Software\Microsoft\{94ebd7b5-82ae-449t-b679-3d04078ed154}}\ (Tuto4PC) HKU\S-1-5-21-3992996756-2334413397-797887538-1000\Software\Wow6432Node\Microsoft\{94ebd7b5-82ae-449t-b679-3d04078ed154}}\ (Tuto4PC) Cookies _____________________________________________________________________ C:\Users\Lelo\AppData\Local\Google\Chrome\User Data\Default\Cookies:1982700803.log.optimizely.com C:\Users\Lelo\AppData\Local\Google\Chrome\User Data\Default\Cookies:acuityplatform.com C:\Users\Lelo\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.360yield.com C:\Users\Lelo\AppData\Local\Google\Chrome\User Data\Default\Cookies:adaptv.advertising.com C:\Users\Lelo\AppData\Local\Google\Chrome\User Data\Default\Cookies:addthis.com C:\Users\Lelo\AppData\Local\Google\Chrome\User Data\Default\Cookies:adform.net C:\Users\Lelo\AppData\Local\Google\Chrome\User Data\Default\Cookies:adformdsp.net C:\Users\Lelo\AppData\Local\Google\Chrome\User Data\Default\Cookies:adgrx.com C:\Users\Lelo\AppData\Local\Google\Chrome\User Data\Default\Cookies:admized.com C:\Users\Lelo\AppData\Local\Google\Chrome\User Data\Default\Cookies:adnxs.com C:\Users\Lelo\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.creative-serving.com C:\Users\Lelo\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.mediade.sk C:\Users\Lelo\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.p161.net C:\Users\Lelo\AppData\Local\Google\Chrome\User Data\Default\Cookies:adsby.bidtheatre.com C:\Users\Lelo\AppData\Local\Google\Chrome\User Data\Default\Cookies:adscale.de C:\Users\Lelo\AppData\Local\Google\Chrome\User Data\Default\Cookies:adsrvr.org C:\Users\Lelo\AppData\Local\Google\Chrome\User Data\Default\Cookies:adsymptotic.com C:\Users\Lelo\AppData\Local\Google\Chrome\User Data\Default\Cookies:adtech.de C:\Users\Lelo\AppData\Local\Google\Chrome\User Data\Default\Cookies:advertising.com C:\Users\Lelo\AppData\Local\Google\Chrome\User Data\Default\Cookies:atdmt.com C:\Users\Lelo\AppData\Local\Google\Chrome\User Data\Default\Cookies:atemda.com C:\Users\Lelo\AppData\Local\Google\Chrome\User Data\Default\Cookies:bidswitch.net C:\Users\Lelo\AppData\Local\Google\Chrome\User Data\Default\Cookies:bluekai.com C:\Users\Lelo\AppData\Local\Google\Chrome\User Data\Default\Cookies:casalemedia.com C:\Users\Lelo\AppData\Local\Google\Chrome\User Data\Default\Cookies:chango.com C:\Users\Lelo\AppData\Local\Google\Chrome\User Data\Default\Cookies:contextweb.com C:\Users\Lelo\AppData\Local\Google\Chrome\User Data\Default\Cookies:ctnsnet.com C:\Users\Lelo\AppData\Local\Google\Chrome\User Data\Default\Cookies:demdex.net C:\Users\Lelo\AppData\Local\Google\Chrome\User Data\Default\Cookies:doubleclick.net C:\Users\Lelo\AppData\Local\Google\Chrome\User Data\Default\Cookies:dpclk.com C:\Users\Lelo\AppData\Local\Google\Chrome\User Data\Default\Cookies:dpm.demdex.net C:\Users\Lelo\AppData\Local\Google\Chrome\User Data\Default\Cookies:erne.co C:\Users\Lelo\AppData\Local\Google\Chrome\User Data\Default\Cookies:eyeviewads.com C:\Users\Lelo\AppData\Local\Google\Chrome\User Data\Default\Cookies:go.sonobi.com C:\Users\Lelo\AppData\Local\Google\Chrome\User Data\Default\Cookies:gwallet.com C:\Users\Lelo\AppData\Local\Google\Chrome\User Data\Default\Cookies:ibillboard.com C:\Users\Lelo\AppData\Local\Google\Chrome\User Data\Default\Cookies:ih.adscale.de C:\Users\Lelo\AppData\Local\Google\Chrome\User Data\Default\Cookies:ipredictive.com C:\Users\Lelo\AppData\Local\Google\Chrome\User Data\Default\Cookies:lijit.com C:\Users\Lelo\AppData\Local\Google\Chrome\User Data\Default\Cookies:liverail.com C:\Users\Lelo\AppData\Local\Google\Chrome\User Data\Default\Cookies:m6r.eu C:\Users\Lelo\AppData\Local\Google\Chrome\User Data\Default\Cookies:match.rundsp.com C:\Users\Lelo\AppData\Local\Google\Chrome\User Data\Default\Cookies:mathtag.com C:\Users\Lelo\AppData\Local\Google\Chrome\User Data\Default\Cookies:mookie1.com C:\Users\Lelo\AppData\Local\Google\Chrome\User Data\Default\Cookies:openx.net C:\Users\Lelo\AppData\Local\Google\Chrome\User Data\Default\Cookies:pixel.rubiconproject.com C:\Users\Lelo\AppData\Local\Google\Chrome\User Data\Default\Cookies:pubmatic.com C:\Users\Lelo\AppData\Local\Google\Chrome\User Data\Default\Cookies:revsci.net C:\Users\Lelo\AppData\Local\Google\Chrome\User Data\Default\Cookies:rfihub.com C:\Users\Lelo\AppData\Local\Google\Chrome\User Data\Default\Cookies:rubiconproject.com C:\Users\Lelo\AppData\Local\Google\Chrome\User Data\Default\Cookies:server.adformdsp.net C:\Users\Lelo\AppData\Local\Google\Chrome\User Data\Default\Cookies:smartadserver.com C:\Users\Lelo\AppData\Local\Google\Chrome\User Data\Default\Cookies:swid.switchads.com C:\Users\Lelo\AppData\Local\Google\Chrome\User Data\Default\Cookies:taboola.com C:\Users\Lelo\AppData\Local\Google\Chrome\User Data\Default\Cookies:tap-t.rubiconproject.com C:\Users\Lelo\AppData\Local\Google\Chrome\User Data\Default\Cookies:tap2-cdn.rubiconproject.com C:\Users\Lelo\AppData\Local\Google\Chrome\User Data\Default\Cookies:tidaltv.com C:\Users\Lelo\AppData\Local\Google\Chrome\User Data\Default\Cookies:track.adform.net C:\Users\Lelo\AppData\Local\Google\Chrome\User Data\Default\Cookies:tribalfusion.com C:\Users\Lelo\AppData\Local\Google\Chrome\User Data\Default\Cookies:tubemogul.com C:\Users\Lelo\AppData\Local\Google\Chrome\User Data\Default\Cookies:turn.com C:\Users\Lelo\AppData\Local\Google\Chrome\User Data\Default\Cookies:w55c.net C:\Users\Lelo\AppData\Local\Google\Chrome\User Data\Default\Cookies:yieldlab.net C:\Users\Lelo\AppData\Roaming\Microsoft\Windows\Cookies\lelo@doubleclick[1].txt C:\Users\Lelo\AppData\Roaming\Microsoft\Windows\Cookies\lelo@imrworldwide[1].txt C:\Users\Lelo\AppData\Roaming\Microsoft\Windows\Cookies\lelo@scorecardresearch[2].txt [/code]