Wróciłem po rocznym kontrakcie do Polski, a wcześniejszym użytkownikom to nie przeszkadzało, bądź nie zwrócili na to uwagi. Co najważniejsze nie potrafili podać jakiegoś konkretnego okresu kiedy się to pojawiło, dlatego pozwoliłem sobie dać skanuj 360 dni. Mój błąd.
Malwarebytes Anti-Malware
www.malwarebytes.org
Data skanu: 2014-07-23
Czas skanu: 20:09:56
Raport: malwarskan.txt
Administrator: Tak
Wersja: 2.00.2.1012
Baza danych malware: v2014.07.23.06
Baza danych rootkitów: v2014.07.17.01
Licencja: Darmowy
Ochrona przeciw malware: Wy³¹czony
Ochrona przeciw szkodliwymi stronami: Wy³¹czony
Self-protection: Wy³¹czony
System operacyjny: Windows 8.1
Procesor: x64
System plików: NTFS
U¿ytkownik: user
Typ skanu: Skanowanie w poszukiwaniu zagro¿eñ
Wynik: Zakoñczono
Objekty zeskanowane: 316542
Minê³o: 7 min, 18 s
Pamiêæ: W³¹czony
Autostart: W³¹czony
System plików: W³¹czony
Archiwa: W³¹czony
Rootkity: Wy³¹czony
Heuristics: W³¹czony
PNP: W³¹czony
PNM: W³¹czony
Procesy: 1
Trojan.FakeATI, C:\Users\user\AppData\Local\ATI Technologies\atiedxx.exe, 2820, , [e30fc6dca6d570c6b4289fbfaf529070]
Modu³y: 0
(No malicious items detected)
Klucze rejestru: 13
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\CLASSES\CLSID\{631F5535-371E-04BE-9F36-51E1955A1218}, , [43af0c969dded264f8d0c0922bd61ee2],
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{631F5535-371E-04BE-9F36-51E1955A1218}, , [43af0c969dded264f8d0c0922bd61ee2],
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{631F5535-371E-04BE-9F36-51E1955A1218}, , [43af0c969dded264f8d0c0922bd61ee2],
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\CLASSES\NexxtCeoup.NexxtCeoup, , [43af0c969dded264f8d0c0922bd61ee2],
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\CLASSES\NexxtCeoup.NexxtCeoup.1.0, , [43af0c969dded264f8d0c0922bd61ee2],
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\NexxtCeoup.NexxtCeoup, , [43af0c969dded264f8d0c0922bd61ee2],
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\NexxtCeoup.NexxtCeoup.1.0, , [43af0c969dded264f8d0c0922bd61ee2],
PUP.Optional.MultiPlug.A, HKU\S-1-5-21-2070900500-1894314203-3353238036-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{631F5535-371E-04BE-9F36-51E1955A1218}, , [43af0c969dded264f8d0c0922bd61ee2],
PUP.Optional.MultiPlug.A, HKU\S-1-5-21-2070900500-1894314203-3353238036-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{631F5535-371E-04BE-9F36-51E1955A1218}, , [43af0c969dded264f8d0c0922bd61ee2],
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{631F5535-371E-04BE-9F36-51E1955A1218}, , [43af0c969dded264f8d0c0922bd61ee2],
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{631F5535-371E-04BE-9F36-51E1955A1218}, , [43af0c969dded264f8d0c0922bd61ee2],
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\CLASSES\CLSID\{631F5535-371E-04BE-9F36-51E1955A1218}\INPROCSERVER32, , [43af0c969dded264f8d0c0922bd61ee2],
Malware.Trace, HKU\S-1-5-21-2070900500-1894314203-3353238036-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\DC3_FEXEC, , [856d91110b704beb3521b6dc996ad030],
Wartoci rejestru: 3
Trojan.Agent.FATI, HKU\S-1-5-21-2070900500-1894314203-3353238036-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|AtiDriverStart, C:\Users\user\AppData\Local\ATI Technologies\atidxx.exe, , [18daffa3e596a5914ce2dd5a07fd16ea]
PUP.Optional.FirstSeenToday.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|fst_pl_31, , [46aca4fecab16ec8dba7b12b1be712ee],
Backdoor.Agent, HKU\S-1-5-21-2070900500-1894314203-3353238036-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS|Load, C:\ProgramData\Microsoft.com, , [6f83e4be92e962d48a2230ad659d41bf]
Dane rejestru: 1
PUP.Optional.Qone8, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {33BB0A4E-99AF-4226-BDF6-49120163DE86}, Dobry: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}), Z³y: ({33BB0A4E-99AF-4226-BDF6-49120163DE86}),,[8969dbc75328e551ed4c03ad2fd5af51]
Foldery: 1
Stolen.Data, C:\Users\user\AppData\Roaming\dclogs, , [7c76b5ed4d2e5cda31e1437efd06d62a],
Pliki: 21
Trojan.FakeATI, C:\Users\user\AppData\Local\ATI Technologies\atiedxx.exe, , [e30fc6dca6d570c6b4289fbfaf529070],
Trojan.Agent.FATI, C:\Users\user\AppData\Local\ATI Technologies\atidxx.exe, , [18daffa3e596a5914ce2dd5a07fd16ea],
PUP.Optional.MultiPlug.A, C:\Program Files (x86)\NeoxtCoup\HIW0.X64.DLL, , [43af0c969dded264f8d0c0922bd61ee2],
PUP.Optional.MultiPlug, C:\ProgramData\NeoxtCoup\J42fY.exe, , [2ec4386af18a71c5fa372a7016eb07f9],
FakeMS, C:\Users\user\AppData\Roaming\Microsoft\Windows\appverif.exe, , [17db6a385625330364a531ec35cc37c9],
PUP.Optional.RelevantKnowledge, C:\Windows\System32\rlls64.dll, , [1cd6069cd1aab482be698e35cf358e72],
PUP.Optional.RelevantKnowledge, C:\Windows\SysWOW64\rlls.dll, , [e40e158df4873204f631f2d1976d946c],
PUP.Optional.Multiplug, C:\Windows\SysWOW64\setup.exe, , [2fc3fda58bf00b2b5b601094ac58b24e],
PUP.Optional.MultiPlug.A, C:\Users\user\AppData\Local\Temp\68a93910\temp\extIE_setup.exe, , [b0424062fb80ba7c8b4962e912ee25db],
Trojan.SProtector, C:\Users\user\AppData\Local\Temp\68a93910\temp\putfu.exe, , [7181f5ad512a89ad3b87cd8bae5321df],
PUP.Optional.MultiPlug.A, C:\Users\user\AppData\Local\Temp\68a93910\temp\setupespl.exe, , [1cd662401d5ee3532ea6410a7e82f808],
PUP.Optional.MultiPlug.A, C:\Users\user\AppData\Local\Temp\68a93910\temp\usetup.exe, , [e0128e141b6087afbdb060da877a7090],
PUP.Optional.InstalleRex.A, C:\Users\user\AppData\Local\Temp\{261C5050-FE3A-4B26-A9CD-B618FDFF72A6}\Custom.dll, , [599960426b1061d5cdf861e30bf5af51],
Trojan.SProtector, C:\Users\user\AppData\Local\Temp\{261C5050-FE3A-4B26-A9CD-B618FDFF72A6}\Addons\assistant_v3.exe, , [c52d5c46067573c3ba08ef698c750cf4],
PUP.Optional.EZDownloader.A, C:\Users\user\AppData\Local\Temp\{261C5050-FE3A-4B26-A9CD-B618FDFF72A6}\Addons\EzDownloader_setup.exe, , [688ab7eb304b81b57f2219060ef254ac],
Misused.Legit.AI, C:\Users\user\cam3p473\Wrnm.exe, , [5a98247e9edded495496433ba65bdf21],
PUP.Optional.InstallCore, C:\Users\user\Downloads\Origin(38298).exe, , [6290b6ec116ae452e0c89309a85c738d],
Misused.Legit.AI, C:\Users\user\r87j3t75gp51\dEZvmGfWjo.exe, , [965c386a7ffcf83e81690d71fe035aa6],
Trojan.Agent, C:\Windows\SysWOW64\rlls.dll, , [569c336fde9d20162e397cc5818247b9],
Stolen.Data, C:\Users\user\AppData\Roaming\dclogs\2014-02-10-2.DC, , [7c76b5ed4d2e5cda31e1437efd06d62a],
Stolen.Data, C:\Users\user\AppData\Roaming\dclogs\2014-02-11-3.dc, , [7c76b5ed4d2e5cda31e1437efd06d62a],
Sektory fizyczne: 0
(No malicious items detected)
(end)