[code] HitmanPro 3.7.10.250 www.hitmanpro.com Computer name . . . . : SZELMA-KOMPUTER Windows . . . . . . . : 6.1.1.7601.X64/4 User name . . . . . . : Szelma-Komputer\Szelma UAC . . . . . . . . . : Enabled License . . . . . . . : Trial (30 days left) Scan date . . . . . . : 2015-10-23 23:10:26 Scan mode . . . . . . : Normal Scan duration . . . . : 38m 21s Disk access mode . . : Direct disk access (SRB) Cloud . . . . . . . . : Internet Reboot . . . . . . . : No Threats . . . . . . . : 0 Traces . . . . . . . : 15 Objects scanned . . . : 3 040 597 Files scanned . . . . : 122 022 Remnants scanned . . : 1 161 695 files / 1 756 880 keys Suspicious files ____________________________________________________________ C:\Program Files (x86)\ChomikBox\chomikbox.exe Size . . . . . . . : 6 033 408 bytes Age . . . . . . . : 31.6 days (2015-09-22 09:01:04) Entropy . . . . . : 6.0 SHA-256 . . . . . : B9F7876778956D78147102327ABBF3E4E33467780C568F07C2FCDD0DD852094C Product . . . . . : Publisher . . . . : Description . . . : chomikbox.exe Version . . . . . : 2.0.8.0 Parent Name . . . : C:\Windows\Explorer.EXE LanguageID . . . . : 0 Running processes : 3224 Fuzzy . . . . . . : 26.0 The file is completely hidden from view and most antivirus products. It may belong to a rootkit. Program is running but currently exposes no human-computer interface (GUI). Uses the Windows Registry to run each time the user logs on. Authors name is missing in version info. This is not common to most programs. Program starts automatically without user intervention. The file is in use by one or more active processes. The file appears to be part of an installation package or setup program. This is typical for most programs. Startup HKU\S-1-5-21-3341007479-885208892-836665845-1000\Software\Microsoft\Windows\CurrentVersion\Run\ChomikBox References C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Chomikuj.pl\ChomikBox.lnk C:\Users\Szelma\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\ChomikBox.lnk C:\Users\Szelma\Desktop\Wszystko (2)\ChomikBox.lnk C:\Program Files\Ninja Download Manager\download.ninja.exe Size . . . . . . . : 5 240 240 bytes Age . . . . . . . : 119.6 days (2015-06-26 09:11:57) Entropy . . . . . : 6.6 SHA-256 . . . . . : 8713DE8CF47B10E5FB060DDB737CB2F9199A3831E54F8F0772093B02BF2D17F7 Product . . . . . : downloadninja RSA Key Size . . . : 2048 Parent Name . . . : C:\Windows\Explorer.EXE LanguageID . . . . : 0 Authenticode . . . : Valid Running processes : 3116 Fuzzy . . . . . . : 30.0 The file is completely hidden from view and most antivirus products. It may belong to a rootkit. This program is actively listening for inbound network connections. Uses the Windows Registry to run each time the user logs on. Authors name is missing in version info. This is not common to most programs. Version control is missing. This file is probably created by an individual. This is not typical for most programs. Program starts automatically without user intervention. The file is in use by one or more active processes. Program is code signed with a valid Authenticode certificate. Startup HKU\S-1-5-21-3341007479-885208892-836665845-1000\Software\Microsoft\Windows\CurrentVersion\Run\download.ninja References C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ninja Download Manager\Ninja Download Manager.lnk Network Ports 127.0.0.1:35648 C:\Users\Szelma\AppData\Local\PunkBuster\GRO\pb\dll\wc002334.dll Size . . . . . . . : 976 576 bytes Age . . . . . . . : 634.5 days (2014-01-27 11:47:20) Entropy . . . . . : 7.6 SHA-256 . . . . . : 81321780DAB94F4E20DCC1AF77F370F7277AE4A4D8771125F7CF435F47D6F9D0 RSA Key Size . . . : 2048 Authenticode . . . : Valid Fuzzy . . . . . . : 22.0 The .reloc (relocation) section in this program contains code. This is an indication of malware infection. Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs. Authors name is missing in version info. This is not common to most programs. Version control is missing. This file is probably created by an individual. This is not typical for most programs. Program contains PE structure anomalies. This is not typical for most programs. Program is code signed with a valid Authenticode certificate. C:\Users\Szelma\AppData\Local\PunkBuster\GRO\pb\pbcl.dll Size . . . . . . . : 976 576 bytes Age . . . . . . . : 509.1 days (2014-06-01 20:35:16) Entropy . . . . . : 7.6 SHA-256 . . . . . : 81321780DAB94F4E20DCC1AF77F370F7277AE4A4D8771125F7CF435F47D6F9D0 RSA Key Size . . . : 2048 Authenticode . . . : Valid Fuzzy . . . . . . : 22.0 The .reloc (relocation) section in this program contains code. This is an indication of malware infection. Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs. Authors name is missing in version info. This is not common to most programs. Version control is missing. This file is probably created by an individual. This is not typical for most programs. Program contains PE structure anomalies. This is not typical for most programs. Program is code signed with a valid Authenticode certificate. C:\Users\Szelma\AppData\Local\PunkBuster\GRO\pb\pbclold.dll Size . . . . . . . : 976 576 bytes Age . . . . . . . : 703.4 days (2013-11-19 12:57:01) Entropy . . . . . : 7.6 SHA-256 . . . . . : 81321780DAB94F4E20DCC1AF77F370F7277AE4A4D8771125F7CF435F47D6F9D0 RSA Key Size . . . : 2048 Authenticode . . . : Valid Fuzzy . . . . . . : 22.0 The .reloc (relocation) section in this program contains code. This is an indication of malware infection. Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs. Authors name is missing in version info. This is not common to most programs. Version control is missing. This file is probably created by an individual. This is not typical for most programs. Program contains PE structure anomalies. This is not typical for most programs. Program is code signed with a valid Authenticode certificate. C:\Users\Szelma\AppData\Local\PunkBuster\GRO\pb\PnkBstrK.sys Size . . . . . . . : 139 584 bytes Age . . . . . . . : 703.4 days (2013-11-19 12:57:21) Entropy . . . . . : 7.8 SHA-256 . . . . . : 1E1736FDACDED257CE3621990CBD216D68001A778887CECE5065FCE564CFDFE1 RSA Key Size . . . : 2048 Authenticode . . . : Valid Fuzzy . . . . . . : 22.0 The .reloc (relocation) section in this program contains code. This is an indication of malware infection. Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs. Authors name is missing in version info. This is not common to most programs. Version control is missing. This file is probably created by an individual. This is not typical for most programs. Program contains PE structure anomalies. This is not typical for most programs. The file is a device driver. Device drivers run as trusted (highly privileged) code. Program is code signed with a valid Authenticode certificate. [/code]