malwarskan.txt

Win 8.1 - Przekierowanie na inne strony z reklamami

Wróciłem po rocznym kontrakcie do Polski, a wcześniejszym użytkownikom to nie przeszkadzało, bądź nie zwrócili na to uwagi. Co najważniejsze nie potrafili podać jakiegoś konkretnego okresu kiedy się to pojawiło, dlatego pozwoliłem sobie dać skanuj 360 dni. Mój błąd.


Malwarebytes Anti-Malware
www.malwarebytes.org

Data skanu: 2014-07-23
Czas skanu: 20:09:56
Raport: malwarskan.txt
Administrator: Tak

Wersja: 2.00.2.1012
Baza danych malware: v2014.07.23.06
Baza danych rootkitów: v2014.07.17.01
Licencja: Darmowy
Ochrona przeciw malware: Wy??czony
Ochrona przeciw szkodliwymi stronami: Wy??czony
Self-protection: Wy??czony

System operacyjny: Windows 8.1
Procesor: x64
System plików: NTFS
U?ytkownik: user

Typ skanu: Skanowanie w poszukiwaniu zagro?e?
Wynik: Zako?czono
Objekty zeskanowane: 316542
Min??o: 7 min, 18 s

Pami?ae: W??czony
Autostart: W??czony
System plików: W??czony
Archiwa: W??czony
Rootkity: Wy??czony
Heuristics: W??czony
PNP: W??czony
PNM: W??czony

Procesy: 1
Trojan.FakeATI, C:\Users\user\AppData\Local\ATI Technologies\atiedxx.exe, 2820, , [e30fc6dca6d570c6b4289fbfaf529070]

Modu?y: 0
(No malicious items detected)

Klucze rejestru: 13
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\CLASSES\CLSID\{631F5535-371E-04BE-9F36-51E1955A1218}, , [43af0c969dded264f8d0c0922bd61ee2],
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{631F5535-371E-04BE-9F36-51E1955A1218}, , [43af0c969dded264f8d0c0922bd61ee2],
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{631F5535-371E-04BE-9F36-51E1955A1218}, , [43af0c969dded264f8d0c0922bd61ee2],
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\CLASSES\NexxtCeoup.NexxtCeoup, , [43af0c969dded264f8d0c0922bd61ee2],
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\CLASSES\NexxtCeoup.NexxtCeoup.1.0, , [43af0c969dded264f8d0c0922bd61ee2],
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\NexxtCeoup.NexxtCeoup, , [43af0c969dded264f8d0c0922bd61ee2],
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\NexxtCeoup.NexxtCeoup.1.0, , [43af0c969dded264f8d0c0922bd61ee2],
PUP.Optional.MultiPlug.A, HKU\S-1-5-21-2070900500-1894314203-3353238036-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{631F5535-371E-04BE-9F36-51E1955A1218}, , [43af0c969dded264f8d0c0922bd61ee2],
PUP.Optional.MultiPlug.A, HKU\S-1-5-21-2070900500-1894314203-3353238036-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{631F5535-371E-04BE-9F36-51E1955A1218}, , [43af0c969dded264f8d0c0922bd61ee2],
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{631F5535-371E-04BE-9F36-51E1955A1218}, , [43af0c969dded264f8d0c0922bd61ee2],
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{631F5535-371E-04BE-9F36-51E1955A1218}, , [43af0c969dded264f8d0c0922bd61ee2],
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\CLASSES\CLSID\{631F5535-371E-04BE-9F36-51E1955A1218}\INPROCSERVER32, , [43af0c969dded264f8d0c0922bd61ee2],
Malware.Trace, HKU\S-1-5-21-2070900500-1894314203-3353238036-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\DC3_FEXEC, , [856d91110b704beb3521b6dc996ad030],

Wartoœci rejestru: 3
Trojan.Agent.FATI, HKU\S-1-5-21-2070900500-1894314203-3353238036-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|AtiDriverStart, C:\Users\user\AppData\Local\ATI Technologies\atidxx.exe, , [18daffa3e596a5914ce2dd5a07fd16ea]
PUP.Optional.FirstSeenToday.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|fst_pl_31, , [46aca4fecab16ec8dba7b12b1be712ee],
Backdoor.Agent, HKU\S-1-5-21-2070900500-1894314203-3353238036-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS|Load, C:\ProgramData\Microsoft.com, , [6f83e4be92e962d48a2230ad659d41bf]

Dane rejestru: 1
PUP.Optional.Qone8, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {33BB0A4E-99AF-4226-BDF6-49120163DE86}, Dobry: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}), Z?y: ({33BB0A4E-99AF-4226-BDF6-49120163DE86}),,[8969dbc75328e551ed4c03ad2fd5af51]

Foldery: 1
Stolen.Data, C:\Users\user\AppData\Roaming\dclogs, , [7c76b5ed4d2e5cda31e1437efd06d62a],

Pliki: 21
Trojan.FakeATI, C:\Users\user\AppData\Local\ATI Technologies\atiedxx.exe, , [e30fc6dca6d570c6b4289fbfaf529070],
Trojan.Agent.FATI, C:\Users\user\AppData\Local\ATI Technologies\atidxx.exe, , [18daffa3e596a5914ce2dd5a07fd16ea],
PUP.Optional.MultiPlug.A, C:\Program Files (x86)\NeoxtCoup\HIW0.X64.DLL, , [43af0c969dded264f8d0c0922bd61ee2],
PUP.Optional.MultiPlug, C:\ProgramData\NeoxtCoup\J42fY.exe, , [2ec4386af18a71c5fa372a7016eb07f9],
FakeMS, C:\Users\user\AppData\Roaming\Microsoft\Windows\appverif.exe, , [17db6a385625330364a531ec35cc37c9],
PUP.Optional.RelevantKnowledge, C:\Windows\System32\rlls64.dll, , [1cd6069cd1aab482be698e35cf358e72],
PUP.Optional.RelevantKnowledge, C:\Windows\SysWOW64\rlls.dll, , [e40e158df4873204f631f2d1976d946c],
PUP.Optional.Multiplug, C:\Windows\SysWOW64\setup.exe, , [2fc3fda58bf00b2b5b601094ac58b24e],
PUP.Optional.MultiPlug.A, C:\Users\user\AppData\Local\Temp\68a93910\temp\extIE_setup.exe, , [b0424062fb80ba7c8b4962e912ee25db],
Trojan.SProtector, C:\Users\user\AppData\Local\Temp\68a93910\temp\putfu.exe, , [7181f5ad512a89ad3b87cd8bae5321df],
PUP.Optional.MultiPlug.A, C:\Users\user\AppData\Local\Temp\68a93910\temp\setupespl.exe, , [1cd662401d5ee3532ea6410a7e82f808],
PUP.Optional.MultiPlug.A, C:\Users\user\AppData\Local\Temp\68a93910\temp\usetup.exe, , [e0128e141b6087afbdb060da877a7090],
PUP.Optional.InstalleRex.A, C:\Users\user\AppData\Local\Temp\{261C5050-FE3A-4B26-A9CD-B618FDFF72A6}\Custom.dll, , [599960426b1061d5cdf861e30bf5af51],
Trojan.SProtector, C:\Users\user\AppData\Local\Temp\{261C5050-FE3A-4B26-A9CD-B618FDFF72A6}\Addons\assistant_v3.exe, , [c52d5c46067573c3ba08ef698c750cf4],
PUP.Optional.EZDownloader.A, C:\Users\user\AppData\Local\Temp\{261C5050-FE3A-4B26-A9CD-B618FDFF72A6}\Addons\EzDownloader_setup.exe, , [688ab7eb304b81b57f2219060ef254ac],
Misused.Legit.AI, C:\Users\user\cam3p473\Wrnm.exe, , [5a98247e9edded495496433ba65bdf21],
PUP.Optional.InstallCore, C:\Users\user\Downloads\Origin(38298).exe, , [6290b6ec116ae452e0c89309a85c738d],
Misused.Legit.AI, C:\Users\user\r87j3t75gp51\dEZvmGfWjo.exe, , [965c386a7ffcf83e81690d71fe035aa6],
Trojan.Agent, C:\Windows\SysWOW64\rlls.dll, , [569c336fde9d20162e397cc5818247b9],
Stolen.Data, C:\Users\user\AppData\Roaming\dclogs\2014-02-10-2.DC, , [7c76b5ed4d2e5cda31e1437efd06d62a],
Stolen.Data, C:\Users\user\AppData\Roaming\dclogs\2014-02-11-3.dc, , [7c76b5ed4d2e5cda31e1437efd06d62a],

Sektory fizyczne: 0
(No malicious items detected)


(end)


Download file - link to post