[code] HitmanPro 3.7.20.286 www.hitmanpro.com Computer name . . . . : HARING-PC Windows . . . . . . . : 6.1.1.7601.X64/2 User name . . . . . . : Haring-PC\Haring UAC . . . . . . . . . : Enabled License . . . . . . . : Paid (348 days left) Scan date . . . . . . : 2017-09-09 14:27:16 Scan mode . . . . . . : Normal Scan duration . . . . : 49s Disk access mode . . : Direct disk access (SRB) Cloud . . . . . . . . : Internet Reboot . . . . . . . : No Threats . . . . . . . : 0 Traces . . . . . . . : 58 Objects scanned . . . : 1.306.661 Files scanned . . . . : 19.667 Remnants scanned . . : 195.445 files / 1.091.549 keys Miniport ____________________________________________________________________ Primary DriverObject . . . : FFFFFA80077A5550 DriverName . . . . : \Driver\iaStorA DriverPath . . . . : \SystemRoot\system32\DRIVERS\iaStorA.sys StartIo . . . . . : 0000000000000000 +0 IRP_MJ_SCSI . . . : FFFFF880047B82F0 \??\C:\Windows\system32\drivers\hmpalert.sys+135920 Solution DriverObject . . . : FFFFFA80077A5550 DriverName . . . . : \Driver\iaStorA DriverPath . . . . : \SystemRoot\system32\DRIVERS\iaStorA.sys StartIo . . . . . : 0000000000000000 +0 IRP_MJ_SCSI . . . : FFFFF880010016C0 \SystemRoot\system32\DRIVERS\storport.sys+5824 Suspicious files ____________________________________________________________ C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{9BB38535-5376-4A5D-B7A9-871F2A796FFB}\MpKsldcc254ef.sys Size . . . . . . . : 44.928 bytes Age . . . . . . . : 0.1 days (2017-09-09 11:06:56) Entropy . . . . . : 6.5 SHA-256 . . . . . : AADE8C93BFE0830AE43AD649F62D7D7E25FC14107B172815EF9F4069C19ADFCC Product . . . . . : Microsoft Malware Protection Publisher . . . . : Microsoft Corporation Description . . . : KSLDriver Version . . . . . : 1.2.1003.0 Copyright . . . . : © Microsoft Corporation. All rights reserved. Service . . . . . : MpKsldcc254ef LanguageID . . . . : 1033 Fuzzy . . . . . . : 47.0 The file is hidden from Windows API. This is typical for malware. The file is completely hidden from view and most antivirus products. It may belong to a rootkit. Starts automatically as a service during system bootup. Program starts automatically without user intervention. Time indicates that the file appeared recently on this computer. The file is a device driver. Device drivers run as trusted (highly privileged) code. Startup HKLM\SYSTEM\CurrentControlSet\Services\MpKsldcc254ef\ Forensic Cluster -13.8s C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{9BB38535-5376-4A5D-B7A9-871F2A796FFB}\mpasdlta.vdm -13.7s C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{9BB38535-5376-4A5D-B7A9-871F2A796FFB}\mpavdlta.vdm -12.5s C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{9BB38535-5376-4A5D-B7A9-871F2A796FFB}\ -12.5s C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{9BB38535-5376-4A5D-B7A9-871F2A796FFB}\mpengine.dll -8.8s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\mpcache-A6B7DDAFEB6DE9169B369FC6C48D143A29E88F09.bin.20 -8.8s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\mpcache-A6B7DDAFEB6DE9169B369FC6C48D143A29E88F09.bin.55 -8.1s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\mpcache-A6B7DDAFEB6DE9169B369FC6C48D143A29E88F09.bin.67 -7.5s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\mpcache-A6B7DDAFEB6DE9169B369FC6C48D143A29E88F09.bin.79 -5.6s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\mpcache-A6B7DDAFEB6DE9169B369FC6C48D143A29E88F09.bin.7C -5.3s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\mpcache-A6B7DDAFEB6DE9169B369FC6C48D143A29E88F09.bin.7E -5.1s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\mpcache-A6B7DDAFEB6DE9169B369FC6C48D143A29E88F09.bin.80 -4.9s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\mpcache-A6B7DDAFEB6DE9169B369FC6C48D143A29E88F09.bin.87 -4.8s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\mpcache-A6B7DDAFEB6DE9169B369FC6C48D143A29E88F09.bin.A0 -4.7s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\mpcache-A6B7DDAFEB6DE9169B369FC6C48D143A29E88F09.bin.83 -4.6s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\mpcache-A6B7DDAFEB6DE9169B369FC6C48D143A29E88F09.bin.CE -4.6s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\mpcache-A6B7DDAFEB6DE9169B369FC6C48D143A29E88F09.bin.5B -4.2s C:\Windows\Prefetch\AM_DELTA_PATCH_1.251.663.0.EX-63244148.pf 0.0s C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{9BB38535-5376-4A5D-B7A9-871F2A796FFB}\MpKsldcc254ef.sys Cookies _____________________________________________________________________ C:\Users\Haring\AppData\Roaming\Mozilla\Firefox\Profiles\2lxkhezm.default-1492765213492\cookies.sqlite:ad.360yield.com C:\Users\Haring\AppData\Roaming\Mozilla\Firefox\Profiles\2lxkhezm.default-1492765213492\cookies.sqlite:adbrn.com C:\Users\Haring\AppData\Roaming\Mozilla\Firefox\Profiles\2lxkhezm.default-1492765213492\cookies.sqlite:addthis.com C:\Users\Haring\AppData\Roaming\Mozilla\Firefox\Profiles\2lxkhezm.default-1492765213492\cookies.sqlite:adfarm1.adition.com C:\Users\Haring\AppData\Roaming\Mozilla\Firefox\Profiles\2lxkhezm.default-1492765213492\cookies.sqlite:adform.net C:\Users\Haring\AppData\Roaming\Mozilla\Firefox\Profiles\2lxkhezm.default-1492765213492\cookies.sqlite:adgrx.com C:\Users\Haring\AppData\Roaming\Mozilla\Firefox\Profiles\2lxkhezm.default-1492765213492\cookies.sqlite:adnxs.com C:\Users\Haring\AppData\Roaming\Mozilla\Firefox\Profiles\2lxkhezm.default-1492765213492\cookies.sqlite:ads.creative-serving.com C:\Users\Haring\AppData\Roaming\Mozilla\Firefox\Profiles\2lxkhezm.default-1492765213492\cookies.sqlite:ads.stickyadstv.com C:\Users\Haring\AppData\Roaming\Mozilla\Firefox\Profiles\2lxkhezm.default-1492765213492\cookies.sqlite:adscale.de C:\Users\Haring\AppData\Roaming\Mozilla\Firefox\Profiles\2lxkhezm.default-1492765213492\cookies.sqlite:adsrvr.org C:\Users\Haring\AppData\Roaming\Mozilla\Firefox\Profiles\2lxkhezm.default-1492765213492\cookies.sqlite:adsymptotic.com C:\Users\Haring\AppData\Roaming\Mozilla\Firefox\Profiles\2lxkhezm.default-1492765213492\cookies.sqlite:adtech.de C:\Users\Haring\AppData\Roaming\Mozilla\Firefox\Profiles\2lxkhezm.default-1492765213492\cookies.sqlite:advertising.com C:\Users\Haring\AppData\Roaming\Mozilla\Firefox\Profiles\2lxkhezm.default-1492765213492\cookies.sqlite:adx.adform.net C:\Users\Haring\AppData\Roaming\Mozilla\Firefox\Profiles\2lxkhezm.default-1492765213492\cookies.sqlite:agkn.com C:\Users\Haring\AppData\Roaming\Mozilla\Firefox\Profiles\2lxkhezm.default-1492765213492\cookies.sqlite:angsrvr.com C:\Users\Haring\AppData\Roaming\Mozilla\Firefox\Profiles\2lxkhezm.default-1492765213492\cookies.sqlite:bidr.io C:\Users\Haring\AppData\Roaming\Mozilla\Firefox\Profiles\2lxkhezm.default-1492765213492\cookies.sqlite:bidswitch.net C:\Users\Haring\AppData\Roaming\Mozilla\Firefox\Profiles\2lxkhezm.default-1492765213492\cookies.sqlite:casalemedia.com C:\Users\Haring\AppData\Roaming\Mozilla\Firefox\Profiles\2lxkhezm.default-1492765213492\cookies.sqlite:contextweb.com C:\Users\Haring\AppData\Roaming\Mozilla\Firefox\Profiles\2lxkhezm.default-1492765213492\cookies.sqlite:ctnsnet.com C:\Users\Haring\AppData\Roaming\Mozilla\Firefox\Profiles\2lxkhezm.default-1492765213492\cookies.sqlite:de17a.com C:\Users\Haring\AppData\Roaming\Mozilla\Firefox\Profiles\2lxkhezm.default-1492765213492\cookies.sqlite:demdex.net C:\Users\Haring\AppData\Roaming\Mozilla\Firefox\Profiles\2lxkhezm.default-1492765213492\cookies.sqlite:dotomi.com C:\Users\Haring\AppData\Roaming\Mozilla\Firefox\Profiles\2lxkhezm.default-1492765213492\cookies.sqlite:doubleclick.net C:\Users\Haring\AppData\Roaming\Mozilla\Firefox\Profiles\2lxkhezm.default-1492765213492\cookies.sqlite:dpm.demdex.net C:\Users\Haring\AppData\Roaming\Mozilla\Firefox\Profiles\2lxkhezm.default-1492765213492\cookies.sqlite:erne.co C:\Users\Haring\AppData\Roaming\Mozilla\Firefox\Profiles\2lxkhezm.default-1492765213492\cookies.sqlite:everesttech.net C:\Users\Haring\AppData\Roaming\Mozilla\Firefox\Profiles\2lxkhezm.default-1492765213492\cookies.sqlite:eyeviewads.com C:\Users\Haring\AppData\Roaming\Mozilla\Firefox\Profiles\2lxkhezm.default-1492765213492\cookies.sqlite:gwallet.com C:\Users\Haring\AppData\Roaming\Mozilla\Firefox\Profiles\2lxkhezm.default-1492765213492\cookies.sqlite:ih.adscale.de C:\Users\Haring\AppData\Roaming\Mozilla\Firefox\Profiles\2lxkhezm.default-1492765213492\cookies.sqlite:krxd.net C:\Users\Haring\AppData\Roaming\Mozilla\Firefox\Profiles\2lxkhezm.default-1492765213492\cookies.sqlite:mathtag.com C:\Users\Haring\AppData\Roaming\Mozilla\Firefox\Profiles\2lxkhezm.default-1492765213492\cookies.sqlite:mookie1.com C:\Users\Haring\AppData\Roaming\Mozilla\Firefox\Profiles\2lxkhezm.default-1492765213492\cookies.sqlite:openx.net C:\Users\Haring\AppData\Roaming\Mozilla\Firefox\Profiles\2lxkhezm.default-1492765213492\cookies.sqlite:outbrain.com C:\Users\Haring\AppData\Roaming\Mozilla\Firefox\Profiles\2lxkhezm.default-1492765213492\cookies.sqlite:owneriq.net C:\Users\Haring\AppData\Roaming\Mozilla\Firefox\Profiles\2lxkhezm.default-1492765213492\cookies.sqlite:pixel.rubiconproject.com C:\Users\Haring\AppData\Roaming\Mozilla\Firefox\Profiles\2lxkhezm.default-1492765213492\cookies.sqlite:pool.admedo.com C:\Users\Haring\AppData\Roaming\Mozilla\Firefox\Profiles\2lxkhezm.default-1492765213492\cookies.sqlite:pubmatic.com C:\Users\Haring\AppData\Roaming\Mozilla\Firefox\Profiles\2lxkhezm.default-1492765213492\cookies.sqlite:rfihub.com C:\Users\Haring\AppData\Roaming\Mozilla\Firefox\Profiles\2lxkhezm.default-1492765213492\cookies.sqlite:rlcdn.com C:\Users\Haring\AppData\Roaming\Mozilla\Firefox\Profiles\2lxkhezm.default-1492765213492\cookies.sqlite:rubiconproject.com C:\Users\Haring\AppData\Roaming\Mozilla\Firefox\Profiles\2lxkhezm.default-1492765213492\cookies.sqlite:scorecardresearch.com C:\Users\Haring\AppData\Roaming\Mozilla\Firefox\Profiles\2lxkhezm.default-1492765213492\cookies.sqlite:simpli.fi C:\Users\Haring\AppData\Roaming\Mozilla\Firefox\Profiles\2lxkhezm.default-1492765213492\cookies.sqlite:sitescout.com C:\Users\Haring\AppData\Roaming\Mozilla\Firefox\Profiles\2lxkhezm.default-1492765213492\cookies.sqlite:skimresources.com C:\Users\Haring\AppData\Roaming\Mozilla\Firefox\Profiles\2lxkhezm.default-1492765213492\cookies.sqlite:smartadserver.com C:\Users\Haring\AppData\Roaming\Mozilla\Firefox\Profiles\2lxkhezm.default-1492765213492\cookies.sqlite:sxp.smartclip.net C:\Users\Haring\AppData\Roaming\Mozilla\Firefox\Profiles\2lxkhezm.default-1492765213492\cookies.sqlite:tapad.com C:\Users\Haring\AppData\Roaming\Mozilla\Firefox\Profiles\2lxkhezm.default-1492765213492\cookies.sqlite:tidaltv.com C:\Users\Haring\AppData\Roaming\Mozilla\Firefox\Profiles\2lxkhezm.default-1492765213492\cookies.sqlite:track.adform.net C:\Users\Haring\AppData\Roaming\Mozilla\Firefox\Profiles\2lxkhezm.default-1492765213492\cookies.sqlite:turn.com C:\Users\Haring\AppData\Roaming\Mozilla\Firefox\Profiles\2lxkhezm.default-1492765213492\cookies.sqlite:w55c.net C:\Users\Haring\AppData\Roaming\Mozilla\Firefox\Profiles\2lxkhezm.default-1492765213492\cookies.sqlite:yieldlab.net [/code]