[code] HitmanPro 3.7.15.281 www.hitmanpro.com Computer name . . . . : KADRY Windows . . . . . . . : 6.1.1.7601.X64/4 User name . . . . . . : Kadry\Renia UAC . . . . . . . . . : Enabled License . . . . . . . : Free Scan date . . . . . . : 2017-03-04 08:27:37 Scan mode . . . . . . : Normal Scan duration . . . . : 10m 22s Disk access mode . . : Direct disk access (SRB) Cloud . . . . . . . . : Internet Reboot . . . . . . . : No Threats . . . . . . . : 2 Traces . . . . . . . : 4 Objects scanned . . . : 1 853 243 Files scanned . . . . : 15 818 Remnants scanned . . : 216 493 files / 1 620 932 keys Malware _____________________________________________________________________ C:\FRST\Quarantine\C\Users\Renia\AppData\Roaming\fieldbus-27\fieldbus-33.exe Size . . . . . . . : 685 056 bytes Age . . . . . . . : 1.0 days (2017-03-03 07:16:07) Entropy . . . . . : 5.1 SHA-256 . . . . . : EB572E095A42E51E93A0773C9123C76BA3BB448BF50FEDE694ACE79B56F12A7A > Kaspersky . . . . : Trojan.Win32.Nymaim.zsd > HitmanPro . . . . : Mal/Generic-S Fuzzy . . . . . . : 108.0 Forensic Cluster 0.0s C:\FRST\Quarantine\C\Users\Renia\AppData\Roaming\fieldbus-27\ 0.0s C:\FRST\Quarantine\C\Users\Renia\AppData\Roaming\fieldbus-27\fieldbus-33.exe C:\ProgramData\cable-95\cable-0.exe Size . . . . . . . : 744 960 bytes Age . . . . . . . : 1.9 days (2017-03-02 10:19:41) Entropy . . . . . : 5.2 SHA-256 . . . . . : 80C5872151C6F590052FE2D21ABBB22A1FACDDFC0D2C9E9D3F0FFDD563C344EF > Bitdefender . . . : Trojan.GenericKD.4504655 > Kaspersky . . . . : Trojan.Win32.Nymaim.zqg Fuzzy . . . . . . : 100.0 Forensic Cluster -0.0s C:\ProgramData\cable-95\ 0.0s C:\ProgramData\cable-95\cable-0.exe Suspicious files ____________________________________________________________ C:\Users\Renia\Desktop\pliki\FRST64.exe Size . . . . . . . : 2 423 808 bytes Age . . . . . . . : 1.7 days (2017-03-02 15:10:40) Entropy . . . . . : 7.6 SHA-256 . . . . . : 60B968082A72AB85CF54E6FF5EE03588CD1F6CA566CC7CCDE96AA4F6080083CF Needs elevation . : Yes Fuzzy . . . . . . : 24.0 Program has no publisher information but prompts the user for permission elevation. Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs. Authors name is missing in version info. This is not common to most programs. Version control is missing. This file is probably created by an individual. This is not typical for most programs. Time indicates that the file appeared recently on this computer. References HKU\S-1-5-21-3464695867-941898725-524424986-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\C:\Users\Renia\Desktop\pliki\FRST64.exe [/code]