ADVERTISEMENT

malwarskan.txt

Win 8.1 - Przekierowanie na inne strony z reklamami

Wróciłem po rocznym kontrakcie do Polski, a wcześniejszym użytkownikom to nie przeszkadzało, bądź nie zwrócili na to uwagi. Co najważniejsze nie potrafili podać jakiegoś konkretnego okresu kiedy się to pojawiło, dlatego pozwoliłem sobie dać skanuj 360 dni. Mój błąd.


Download file - link to post

Malwarebytes Anti-Malware
www.malwarebytes.org

Data skanu: 2014-07-23
Czas skanu: 20:09:56
Raport: malwarskan.txt
Administrator: Tak

Wersja: 2.00.2.1012
Baza danych malware: v2014.07.23.06
Baza danych rootkitów: v2014.07.17.01
Licencja: Darmowy
Ochrona przeciw malware: Wy³¹czony
Ochrona przeciw szkodliwymi stronami: Wy³¹czony
Self-protection: Wy³¹czony

System operacyjny: Windows 8.1
Procesor: x64
System plików: NTFS
U¿ytkownik: user

Typ skanu: Skanowanie w poszukiwaniu zagro¿eñ
Wynik: Zakoñczono
Objekty zeskanowane: 316542
Minê³o: 7 min, 18 s

Pamiêæ: W³¹czony
Autostart: W³¹czony
System plików: W³¹czony
Archiwa: W³¹czony
Rootkity: Wy³¹czony
Heuristics: W³¹czony
PNP: W³¹czony
PNM: W³¹czony

Procesy: 1
Trojan.FakeATI, C:\Users\user\AppData\Local\ATI Technologies\atiedxx.exe, 2820, , [e30fc6dca6d570c6b4289fbfaf529070]

Modu³y: 0
(No malicious items detected)

Klucze rejestru: 13
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\CLASSES\CLSID\{631F5535-371E-04BE-9F36-51E1955A1218}, , [43af0c969dded264f8d0c0922bd61ee2],
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{631F5535-371E-04BE-9F36-51E1955A1218}, , [43af0c969dded264f8d0c0922bd61ee2],
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{631F5535-371E-04BE-9F36-51E1955A1218}, , [43af0c969dded264f8d0c0922bd61ee2],
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\CLASSES\NexxtCeoup.NexxtCeoup, , [43af0c969dded264f8d0c0922bd61ee2],
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\CLASSES\NexxtCeoup.NexxtCeoup.1.0, , [43af0c969dded264f8d0c0922bd61ee2],
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\NexxtCeoup.NexxtCeoup, , [43af0c969dded264f8d0c0922bd61ee2],
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\NexxtCeoup.NexxtCeoup.1.0, , [43af0c969dded264f8d0c0922bd61ee2],
PUP.Optional.MultiPlug.A, HKU\S-1-5-21-2070900500-1894314203-3353238036-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{631F5535-371E-04BE-9F36-51E1955A1218}, , [43af0c969dded264f8d0c0922bd61ee2],
PUP.Optional.MultiPlug.A, HKU\S-1-5-21-2070900500-1894314203-3353238036-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{631F5535-371E-04BE-9F36-51E1955A1218}, , [43af0c969dded264f8d0c0922bd61ee2],
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{631F5535-371E-04BE-9F36-51E1955A1218}, , [43af0c969dded264f8d0c0922bd61ee2],
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{631F5535-371E-04BE-9F36-51E1955A1218}, , [43af0c969dded264f8d0c0922bd61ee2],
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\CLASSES\CLSID\{631F5535-371E-04BE-9F36-51E1955A1218}\INPROCSERVER32, , [43af0c969dded264f8d0c0922bd61ee2],
Malware.Trace, HKU\S-1-5-21-2070900500-1894314203-3353238036-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\DC3_FEXEC, , [856d91110b704beb3521b6dc996ad030],

Wartoœci rejestru: 3
Trojan.Agent.FATI, HKU\S-1-5-21-2070900500-1894314203-3353238036-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|AtiDriverStart, C:\Users\user\AppData\Local\ATI Technologies\atidxx.exe, , [18daffa3e596a5914ce2dd5a07fd16ea]
PUP.Optional.FirstSeenToday.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|fst_pl_31, , [46aca4fecab16ec8dba7b12b1be712ee],
Backdoor.Agent, HKU\S-1-5-21-2070900500-1894314203-3353238036-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS|Load, C:\ProgramData\Microsoft.com, , [6f83e4be92e962d48a2230ad659d41bf]

Dane rejestru: 1
PUP.Optional.Qone8, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {33BB0A4E-99AF-4226-BDF6-49120163DE86}, Dobry: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}), Z³y: ({33BB0A4E-99AF-4226-BDF6-49120163DE86}),,[8969dbc75328e551ed4c03ad2fd5af51]

Foldery: 1
Stolen.Data, C:\Users\user\AppData\Roaming\dclogs, , [7c76b5ed4d2e5cda31e1437efd06d62a],

Pliki: 21
Trojan.FakeATI, C:\Users\user\AppData\Local\ATI Technologies\atiedxx.exe, , [e30fc6dca6d570c6b4289fbfaf529070],
Trojan.Agent.FATI, C:\Users\user\AppData\Local\ATI Technologies\atidxx.exe, , [18daffa3e596a5914ce2dd5a07fd16ea],
PUP.Optional.MultiPlug.A, C:\Program Files (x86)\NeoxtCoup\HIW0.X64.DLL, , [43af0c969dded264f8d0c0922bd61ee2],
PUP.Optional.MultiPlug, C:\ProgramData\NeoxtCoup\J42fY.exe, , [2ec4386af18a71c5fa372a7016eb07f9],
FakeMS, C:\Users\user\AppData\Roaming\Microsoft\Windows\appverif.exe, , [17db6a385625330364a531ec35cc37c9],
PUP.Optional.RelevantKnowledge, C:\Windows\System32\rlls64.dll, , [1cd6069cd1aab482be698e35cf358e72],
PUP.Optional.RelevantKnowledge, C:\Windows\SysWOW64\rlls.dll, , [e40e158df4873204f631f2d1976d946c],
PUP.Optional.Multiplug, C:\Windows\SysWOW64\setup.exe, , [2fc3fda58bf00b2b5b601094ac58b24e],
PUP.Optional.MultiPlug.A, C:\Users\user\AppData\Local\Temp\68a93910\temp\extIE_setup.exe, , [b0424062fb80ba7c8b4962e912ee25db],
Trojan.SProtector, C:\Users\user\AppData\Local\Temp\68a93910\temp\putfu.exe, , [7181f5ad512a89ad3b87cd8bae5321df],
PUP.Optional.MultiPlug.A, C:\Users\user\AppData\Local\Temp\68a93910\temp\setupespl.exe, , [1cd662401d5ee3532ea6410a7e82f808],
PUP.Optional.MultiPlug.A, C:\Users\user\AppData\Local\Temp\68a93910\temp\usetup.exe, , [e0128e141b6087afbdb060da877a7090],
PUP.Optional.InstalleRex.A, C:\Users\user\AppData\Local\Temp\{261C5050-FE3A-4B26-A9CD-B618FDFF72A6}\Custom.dll, , [599960426b1061d5cdf861e30bf5af51],
Trojan.SProtector, C:\Users\user\AppData\Local\Temp\{261C5050-FE3A-4B26-A9CD-B618FDFF72A6}\Addons\assistant_v3.exe, , [c52d5c46067573c3ba08ef698c750cf4],
PUP.Optional.EZDownloader.A, C:\Users\user\AppData\Local\Temp\{261C5050-FE3A-4B26-A9CD-B618FDFF72A6}\Addons\EzDownloader_setup.exe, , [688ab7eb304b81b57f2219060ef254ac],
Misused.Legit.AI, C:\Users\user\cam3p473\Wrnm.exe, , [5a98247e9edded495496433ba65bdf21],
PUP.Optional.InstallCore, C:\Users\user\Downloads\Origin(38298).exe, , [6290b6ec116ae452e0c89309a85c738d],
Misused.Legit.AI, C:\Users\user\r87j3t75gp51\dEZvmGfWjo.exe, , [965c386a7ffcf83e81690d71fe035aa6],
Trojan.Agent, C:\Windows\SysWOW64\rlls.dll, , [569c336fde9d20162e397cc5818247b9],
Stolen.Data, C:\Users\user\AppData\Roaming\dclogs\2014-02-10-2.DC, , [7c76b5ed4d2e5cda31e1437efd06d62a],
Stolen.Data, C:\Users\user\AppData\Roaming\dclogs\2014-02-11-3.dc, , [7c76b5ed4d2e5cda31e1437efd06d62a],

Sektory fizyczne: 0
(No malicious items detected)


(end)