[code] HitmanPro 3.7.20.286 www.hitmanpro.com Computer name . . . . : HARING-PC Windows . . . . . . . : 6.1.1.7601.X64/2 User name . . . . . . : Haring-PC\Haring UAC . . . . . . . . . : Enabled License . . . . . . . : Trial (19 days left) Scan date . . . . . . : 2017-08-04 15:29:25 Scan mode . . . . . . : Normal Scan duration . . . . : 49s Disk access mode . . : Direct disk access (SRB) Cloud . . . . . . . . : Internet Reboot . . . . . . . : No Threats . . . . . . . : 0 Traces . . . . . . . : 103 Objects scanned . . . : 1.337.168 Files scanned . . . . : 28.283 Remnants scanned . . : 231.027 files / 1.077.858 keys Miniport ____________________________________________________________________ Primary DriverObject . . . : FFFFFA800707D060 DriverName . . . . : \Driver\iaStorA DriverPath . . . . : \SystemRoot\system32\DRIVERS\iaStorA.sys StartIo . . . . . : 0000000000000000 +0 IRP_MJ_SCSI . . . : FFFFF880046892F0 \??\C:\Windows\system32\drivers\hmpalert.sys+135920 Solution DriverObject . . . : FFFFFA800707D060 DriverName . . . . : \Driver\iaStorA DriverPath . . . . : \SystemRoot\system32\DRIVERS\iaStorA.sys StartIo . . . . . : 0000000000000000 +0 IRP_MJ_SCSI . . . : FFFFF8800160C6C0 \SystemRoot\system32\DRIVERS\storport.sys+5824 Suspicious files ____________________________________________________________ C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{BEDB7355-6DC4-47CF-B774-C6CF80BFF763}\MpKsl7e545897.sys Size . . . . . . . : 44.928 bytes Age . . . . . . . : 0.0 days (2017-08-04 14:44:29) Entropy . . . . . : 6.5 SHA-256 . . . . . : AADE8C93BFE0830AE43AD649F62D7D7E25FC14107B172815EF9F4069C19ADFCC Product . . . . . : Microsoft Malware Protection Publisher . . . . : Microsoft Corporation Description . . . : KSLDriver Version . . . . . : 1.2.1003.0 Copyright . . . . : © Microsoft Corporation. All rights reserved. Service . . . . . : MpKsl7e545897 LanguageID . . . . : 1033 Fuzzy . . . . . . : 47.0 The file is hidden from Windows API. This is typical for malware. The file is completely hidden from view and most antivirus products. It may belong to a rootkit. Starts automatically as a service during system bootup. Program starts automatically without user intervention. Time indicates that the file appeared recently on this computer. The file is a device driver. Device drivers run as trusted (highly privileged) code. Startup HKLM\SYSTEM\CurrentControlSet\Services\MpKsl7e545897\ Forensic Cluster -13.3s C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{BEDB7355-6DC4-47CF-B774-C6CF80BFF763}\mpasdlta.vdm -13.2s C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{BEDB7355-6DC4-47CF-B774-C6CF80BFF763}\mpavdlta.vdm -12.7s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\MetaStore\1\44\5E757D42996143B4.dat -11.8s C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{BEDB7355-6DC4-47CF-B774-C6CF80BFF763}\ -11.8s C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{BEDB7355-6DC4-47CF-B774-C6CF80BFF763}\mpengine.dll -8.3s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\mpcache-833F106A665282046ECA7F847E3F9B3687B4D2F1.bin.67 -7.2s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\mpcache-833F106A665282046ECA7F847E3F9B3687B4D2F1.bin.79 -5.1s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\mpcache-833F106A665282046ECA7F847E3F9B3687B4D2F1.bin.7C -4.6s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\mpcache-833F106A665282046ECA7F847E3F9B3687B4D2F1.bin.7E -4.3s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\mpcache-833F106A665282046ECA7F847E3F9B3687B4D2F1.bin.80 -4.1s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\mpcache-833F106A665282046ECA7F847E3F9B3687B4D2F1.bin.87 -4.0s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\mpcache-833F106A665282046ECA7F847E3F9B3687B4D2F1.bin.A0 -3.9s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\mpcache-833F106A665282046ECA7F847E3F9B3687B4D2F1.bin.83 -3.8s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\mpcache-833F106A665282046ECA7F847E3F9B3687B4D2F1.bin.5B 0.0s C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{BEDB7355-6DC4-47CF-B774-C6CF80BFF763}\MpKsl7e545897.sys Cookies _____________________________________________________________________ C:\Users\Haring\AppData\Roaming\Mozilla\Firefox\Profiles\2lxkhezm.default-1492765213492\cookies.sqlite:254a.com C:\Users\Haring\AppData\Roaming\Mozilla\Firefox\Profiles\2lxkhezm.default-1492765213492\cookies.sqlite:abmr.net C:\Users\Haring\AppData\Roaming\Mozilla\Firefox\Profiles\2lxkhezm.default-1492765213492\cookies.sqlite:abnamro.tt.omtrdc.net C:\Users\Haring\AppData\Roaming\Mozilla\Firefox\Profiles\2lxkhezm.default-1492765213492\cookies.sqlite:acuityplatform.com C:\Users\Haring\AppData\Roaming\Mozilla\Firefox\Profiles\2lxkhezm.default-1492765213492\cookies.sqlite:ad.360yield.com C:\Users\Haring\AppData\Roaming\Mozilla\Firefox\Profiles\2lxkhezm.default-1492765213492\cookies.sqlite:ad.zanox.com C:\Users\Haring\AppData\Roaming\Mozilla\Firefox\Profiles\2lxkhezm.default-1492765213492\cookies.sqlite:adaptv.advertising.com C:\Users\Haring\AppData\Roaming\Mozilla\Firefox\Profiles\2lxkhezm.default-1492765213492\cookies.sqlite:adbrn.com C:\Users\Haring\AppData\Roaming\Mozilla\Firefox\Profiles\2lxkhezm.default-1492765213492\cookies.sqlite:addthis.com C:\Users\Haring\AppData\Roaming\Mozilla\Firefox\Profiles\2lxkhezm.default-1492765213492\cookies.sqlite:adfarm1.adition.com C:\Users\Haring\AppData\Roaming\Mozilla\Firefox\Profiles\2lxkhezm.default-1492765213492\cookies.sqlite:adform.net C:\Users\Haring\AppData\Roaming\Mozilla\Firefox\Profiles\2lxkhezm.default-1492765213492\cookies.sqlite:adformdsp.net C:\Users\Haring\AppData\Roaming\Mozilla\Firefox\Profiles\2lxkhezm.default-1492765213492\cookies.sqlite:adgrx.com C:\Users\Haring\AppData\Roaming\Mozilla\Firefox\Profiles\2lxkhezm.default-1492765213492\cookies.sqlite:adhigh.net C:\Users\Haring\AppData\Roaming\Mozilla\Firefox\Profiles\2lxkhezm.default-1492765213492\cookies.sqlite:adingo.jp C:\Users\Haring\AppData\Roaming\Mozilla\Firefox\Profiles\2lxkhezm.default-1492765213492\cookies.sqlite:adnxs.com C:\Users\Haring\AppData\Roaming\Mozilla\Firefox\Profiles\2lxkhezm.default-1492765213492\cookies.sqlite:ads.creative-serving.com C:\Users\Haring\AppData\Roaming\Mozilla\Firefox\Profiles\2lxkhezm.default-1492765213492\cookies.sqlite:ads.linkedin.com C:\Users\Haring\AppData\Roaming\Mozilla\Firefox\Profiles\2lxkhezm.default-1492765213492\cookies.sqlite:ads.programattik.com C:\Users\Haring\AppData\Roaming\Mozilla\Firefox\Profiles\2lxkhezm.default-1492765213492\cookies.sqlite:ads.stickyadstv.com C:\Users\Haring\AppData\Roaming\Mozilla\Firefox\Profiles\2lxkhezm.default-1492765213492\cookies.sqlite:adscale.de C:\Users\Haring\AppData\Roaming\Mozilla\Firefox\Profiles\2lxkhezm.default-1492765213492\cookies.sqlite:adscience.nl C:\Users\Haring\AppData\Roaming\Mozilla\Firefox\Profiles\2lxkhezm.default-1492765213492\cookies.sqlite:adsrvr.org C:\Users\Haring\AppData\Roaming\Mozilla\Firefox\Profiles\2lxkhezm.default-1492765213492\cookies.sqlite:adsymptotic.com C:\Users\Haring\AppData\Roaming\Mozilla\Firefox\Profiles\2lxkhezm.default-1492765213492\cookies.sqlite:adtech.de C:\Users\Haring\AppData\Roaming\Mozilla\Firefox\Profiles\2lxkhezm.default-1492765213492\cookies.sqlite:advertising.com C:\Users\Haring\AppData\Roaming\Mozilla\Firefox\Profiles\2lxkhezm.default-1492765213492\cookies.sqlite:adx.adform.net C:\Users\Haring\AppData\Roaming\Mozilla\Firefox\Profiles\2lxkhezm.default-1492765213492\cookies.sqlite:agkn.com C:\Users\Haring\AppData\Roaming\Mozilla\Firefox\Profiles\2lxkhezm.default-1492765213492\cookies.sqlite:angsrvr.com C:\Users\Haring\AppData\Roaming\Mozilla\Firefox\Profiles\2lxkhezm.default-1492765213492\cookies.sqlite:atdmt.com C:\Users\Haring\AppData\Roaming\Mozilla\Firefox\Profiles\2lxkhezm.default-1492765213492\cookies.sqlite:bidr.io C:\Users\Haring\AppData\Roaming\Mozilla\Firefox\Profiles\2lxkhezm.default-1492765213492\cookies.sqlite:bidswitch.net C:\Users\Haring\AppData\Roaming\Mozilla\Firefox\Profiles\2lxkhezm.default-1492765213492\cookies.sqlite:bluekai.com C:\Users\Haring\AppData\Roaming\Mozilla\Firefox\Profiles\2lxkhezm.default-1492765213492\cookies.sqlite:casalemedia.com C:\Users\Haring\AppData\Roaming\Mozilla\Firefox\Profiles\2lxkhezm.default-1492765213492\cookies.sqlite:connexity.net C:\Users\Haring\AppData\Roaming\Mozilla\Firefox\Profiles\2lxkhezm.default-1492765213492\cookies.sqlite:contextweb.com C:\Users\Haring\AppData\Roaming\Mozilla\Firefox\Profiles\2lxkhezm.default-1492765213492\cookies.sqlite:ctnsnet.com C:\Users\Haring\AppData\Roaming\Mozilla\Firefox\Profiles\2lxkhezm.default-1492765213492\cookies.sqlite:de17a.com C:\Users\Haring\AppData\Roaming\Mozilla\Firefox\Profiles\2lxkhezm.default-1492765213492\cookies.sqlite:demdex.net C:\Users\Haring\AppData\Roaming\Mozilla\Firefox\Profiles\2lxkhezm.default-1492765213492\cookies.sqlite:des.smartclip.net C:\Users\Haring\AppData\Roaming\Mozilla\Firefox\Profiles\2lxkhezm.default-1492765213492\cookies.sqlite:dotomi.com C:\Users\Haring\AppData\Roaming\Mozilla\Firefox\Profiles\2lxkhezm.default-1492765213492\cookies.sqlite:doubleclick.net C:\Users\Haring\AppData\Roaming\Mozilla\Firefox\Profiles\2lxkhezm.default-1492765213492\cookies.sqlite:dpm.demdex.net C:\Users\Haring\AppData\Roaming\Mozilla\Firefox\Profiles\2lxkhezm.default-1492765213492\cookies.sqlite:erne.co C:\Users\Haring\AppData\Roaming\Mozilla\Firefox\Profiles\2lxkhezm.default-1492765213492\cookies.sqlite:everesttech.net C:\Users\Haring\AppData\Roaming\Mozilla\Firefox\Profiles\2lxkhezm.default-1492765213492\cookies.sqlite:exoclick.com C:\Users\Haring\AppData\Roaming\Mozilla\Firefox\Profiles\2lxkhezm.default-1492765213492\cookies.sqlite:eyereturn.com C:\Users\Haring\AppData\Roaming\Mozilla\Firefox\Profiles\2lxkhezm.default-1492765213492\cookies.sqlite:eyeviewads.com C:\Users\Haring\AppData\Roaming\Mozilla\Firefox\Profiles\2lxkhezm.default-1492765213492\cookies.sqlite:fr.sitestat.com C:\Users\Haring\AppData\Roaming\Mozilla\Firefox\Profiles\2lxkhezm.default-1492765213492\cookies.sqlite:go.sonobi.com C:\Users\Haring\AppData\Roaming\Mozilla\Firefox\Profiles\2lxkhezm.default-1492765213492\cookies.sqlite:gwallet.com C:\Users\Haring\AppData\Roaming\Mozilla\Firefox\Profiles\2lxkhezm.default-1492765213492\cookies.sqlite:ih.adscale.de C:\Users\Haring\AppData\Roaming\Mozilla\Firefox\Profiles\2lxkhezm.default-1492765213492\cookies.sqlite:ipredictive.com C:\Users\Haring\AppData\Roaming\Mozilla\Firefox\Profiles\2lxkhezm.default-1492765213492\cookies.sqlite:krxd.net C:\Users\Haring\AppData\Roaming\Mozilla\Firefox\Profiles\2lxkhezm.default-1492765213492\cookies.sqlite:legolas-media.com C:\Users\Haring\AppData\Roaming\Mozilla\Firefox\Profiles\2lxkhezm.default-1492765213492\cookies.sqlite:match.adsby.bidtheatre.com C:\Users\Haring\AppData\Roaming\Mozilla\Firefox\Profiles\2lxkhezm.default-1492765213492\cookies.sqlite:match.rundsp.com C:\Users\Haring\AppData\Roaming\Mozilla\Firefox\Profiles\2lxkhezm.default-1492765213492\cookies.sqlite:mathtag.com C:\Users\Haring\AppData\Roaming\Mozilla\Firefox\Profiles\2lxkhezm.default-1492765213492\cookies.sqlite:mookie1.com C:\Users\Haring\AppData\Roaming\Mozilla\Firefox\Profiles\2lxkhezm.default-1492765213492\cookies.sqlite:mxptint.net C:\Users\Haring\AppData\Roaming\Mozilla\Firefox\Profiles\2lxkhezm.default-1492765213492\cookies.sqlite:nexac.com C:\Users\Haring\AppData\Roaming\Mozilla\Firefox\Profiles\2lxkhezm.default-1492765213492\cookies.sqlite:nl.sitestat.com C:\Users\Haring\AppData\Roaming\Mozilla\Firefox\Profiles\2lxkhezm.default-1492765213492\cookies.sqlite:omtrdc.net C:\Users\Haring\AppData\Roaming\Mozilla\Firefox\Profiles\2lxkhezm.default-1492765213492\cookies.sqlite:openx.net C:\Users\Haring\AppData\Roaming\Mozilla\Firefox\Profiles\2lxkhezm.default-1492765213492\cookies.sqlite:optimatic.com C:\Users\Haring\AppData\Roaming\Mozilla\Firefox\Profiles\2lxkhezm.default-1492765213492\cookies.sqlite:outbrain.com C:\Users\Haring\AppData\Roaming\Mozilla\Firefox\Profiles\2lxkhezm.default-1492765213492\cookies.sqlite:owneriq.net C:\Users\Haring\AppData\Roaming\Mozilla\Firefox\Profiles\2lxkhezm.default-1492765213492\cookies.sqlite:pixel.rubiconproject.com C:\Users\Haring\AppData\Roaming\Mozilla\Firefox\Profiles\2lxkhezm.default-1492765213492\cookies.sqlite:pool.admedo.com C:\Users\Haring\AppData\Roaming\Mozilla\Firefox\Profiles\2lxkhezm.default-1492765213492\cookies.sqlite:postrelease.com C:\Users\Haring\AppData\Roaming\Mozilla\Firefox\Profiles\2lxkhezm.default-1492765213492\cookies.sqlite:pubmatic.com C:\Users\Haring\AppData\Roaming\Mozilla\Firefox\Profiles\2lxkhezm.default-1492765213492\cookies.sqlite:revsci.net C:\Users\Haring\AppData\Roaming\Mozilla\Firefox\Profiles\2lxkhezm.default-1492765213492\cookies.sqlite:rfihub.com C:\Users\Haring\AppData\Roaming\Mozilla\Firefox\Profiles\2lxkhezm.default-1492765213492\cookies.sqlite:rlcdn.com C:\Users\Haring\AppData\Roaming\Mozilla\Firefox\Profiles\2lxkhezm.default-1492765213492\cookies.sqlite:rubiconproject.com C:\Users\Haring\AppData\Roaming\Mozilla\Firefox\Profiles\2lxkhezm.default-1492765213492\cookies.sqlite:rvty.net C:\Users\Haring\AppData\Roaming\Mozilla\Firefox\Profiles\2lxkhezm.default-1492765213492\cookies.sqlite:s7.addthis.com C:\Users\Haring\AppData\Roaming\Mozilla\Firefox\Profiles\2lxkhezm.default-1492765213492\cookies.sqlite:scorecardresearch.com C:\Users\Haring\AppData\Roaming\Mozilla\Firefox\Profiles\2lxkhezm.default-1492765213492\cookies.sqlite:server.adformdsp.net C:\Users\Haring\AppData\Roaming\Mozilla\Firefox\Profiles\2lxkhezm.default-1492765213492\cookies.sqlite:simpli.fi C:\Users\Haring\AppData\Roaming\Mozilla\Firefox\Profiles\2lxkhezm.default-1492765213492\cookies.sqlite:sitescout.com C:\Users\Haring\AppData\Roaming\Mozilla\Firefox\Profiles\2lxkhezm.default-1492765213492\cookies.sqlite:skimresources.com C:\Users\Haring\AppData\Roaming\Mozilla\Firefox\Profiles\2lxkhezm.default-1492765213492\cookies.sqlite:smartadserver.com C:\Users\Haring\AppData\Roaming\Mozilla\Firefox\Profiles\2lxkhezm.default-1492765213492\cookies.sqlite:switchadhub.com C:\Users\Haring\AppData\Roaming\Mozilla\Firefox\Profiles\2lxkhezm.default-1492765213492\cookies.sqlite:sxp.smartclip.net C:\Users\Haring\AppData\Roaming\Mozilla\Firefox\Profiles\2lxkhezm.default-1492765213492\cookies.sqlite:sync.go.sonobi.com C:\Users\Haring\AppData\Roaming\Mozilla\Firefox\Profiles\2lxkhezm.default-1492765213492\cookies.sqlite:taboola.com C:\Users\Haring\AppData\Roaming\Mozilla\Firefox\Profiles\2lxkhezm.default-1492765213492\cookies.sqlite:tap-secure.rubiconproject.com C:\Users\Haring\AppData\Roaming\Mozilla\Firefox\Profiles\2lxkhezm.default-1492765213492\cookies.sqlite:tapad.com C:\Users\Haring\AppData\Roaming\Mozilla\Firefox\Profiles\2lxkhezm.default-1492765213492\cookies.sqlite:tidaltv.com C:\Users\Haring\AppData\Roaming\Mozilla\Firefox\Profiles\2lxkhezm.default-1492765213492\cookies.sqlite:track.adform.net C:\Users\Haring\AppData\Roaming\Mozilla\Firefox\Profiles\2lxkhezm.default-1492765213492\cookies.sqlite:trc.taboola.com C:\Users\Haring\AppData\Roaming\Mozilla\Firefox\Profiles\2lxkhezm.default-1492765213492\cookies.sqlite:tremorhub.com C:\Users\Haring\AppData\Roaming\Mozilla\Firefox\Profiles\2lxkhezm.default-1492765213492\cookies.sqlite:tribalfusion.com C:\Users\Haring\AppData\Roaming\Mozilla\Firefox\Profiles\2lxkhezm.default-1492765213492\cookies.sqlite:turn.com C:\Users\Haring\AppData\Roaming\Mozilla\Firefox\Profiles\2lxkhezm.default-1492765213492\cookies.sqlite:w55c.net C:\Users\Haring\AppData\Roaming\Mozilla\Firefox\Profiles\2lxkhezm.default-1492765213492\cookies.sqlite:webcamsex.nl C:\Users\Haring\AppData\Roaming\Mozilla\Firefox\Profiles\2lxkhezm.default-1492765213492\cookies.sqlite:www.googleadservices.com C:\Users\Haring\AppData\Roaming\Mozilla\Firefox\Profiles\2lxkhezm.default-1492765213492\cookies.sqlite:www.webcamsex.nl C:\Users\Haring\AppData\Roaming\Mozilla\Firefox\Profiles\2lxkhezm.default-1492765213492\cookies.sqlite:xiti.com C:\Users\Haring\AppData\Roaming\Mozilla\Firefox\Profiles\2lxkhezm.default-1492765213492\cookies.sqlite:yieldlab.net [/code]