Malwarebytes Anti-Malware
www.malwarebytes.org

Data skanowania: 2016-07-14
Czas skanowania: 23:55:05
Raport: malwarebytes.txt
Administrator: Tak

Wersja: 2.02.1.1043
Baza szkodliwego oprogramowania: v2016.07.14.03
Baza danych rootkitów: v2016.05.27.01
Licencja: Premium
Ochrona przed złośliwym oprogramowaniem: Włączony
Ochrona przed szkodliwymi stronami: Włączony
Samoobrona: Wyłączony

System operacyjny: Windows 7 Service Pack 1
Procesor: x64
System plików: NTFS
Użytkownik: Agata

Typ skanowania: Dokładne skanowanie
Wynik: Zakończono
Obiekty przeskanowane: 415092
Czas, który upłynął: 1 h, 8 min, 48 s

Pamięć: Włączony
Autostart: Włączony
System plików: Włączony
Archiwa: Włączony
Rootkity: Wyłączony
Heurystyka: Włączony
PUP: Ostrzegaj
PUM: Ostrzegaj

Procesy: 2
PUP.Optional.Cloud4PC, C:\Program Files (x86)\zebi\SunnyDay.exe, 4592, Usunięcie-po-restarcie, [6784b073405abe785d0390075ea6c43c]
Adware.EoRezo, C:\Program Files (x86)\zebi\SunnyDay.exe, 4592, Usunięcie-po-restarcie, [03e845de3c5e47ef5a1c9261b44f9769]

Moduły: 0
(Nie wykryto zagrożeń)

Klucze rejestru: 15
PUP.Optional.Youndoo, HKLM\SOFTWARE\CLASSES\CLSID\{6710C780-E20E-4C49-A87D-321850ED3D7C}, Przeniesiono do kwarantanny, [965591922e6c0b2b94dbcfa1738f8e72], 
PUP.Optional.CloudScout, HKLM\SOFTWARE\5da059a482fd494db3f252126fbc3d5b, Przeniesiono do kwarantanny, [1ad137ec3e5cbd792fe9576b748f10f0], 
PUP.Optional.DNSUnlocker.ACMB2, HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\ROOT\CERTIFICATES\26D9E607FFF0C58C7844B47FF8B6E079E5A2220E, Przeniesiono do kwarantanny, [ae3dd74c43572016290cb741c43fa55b], 
PUP.Optional.IDSCProduct, HKLM\SOFTWARE\MICROSOFT\TRACING\idscservice_RASAPI32, Przeniesiono do kwarantanny, [edfe31f28b0fa98d043205f7b0538a76], 
PUP.Optional.IDSCProduct, HKLM\SOFTWARE\MICROSOFT\TRACING\idscservice_RASMANCS, Przeniesiono do kwarantanny, [d3183de6415985b1f93d56a6c2410bf5], 
PUP.Optional.WizzCaster, HKLM\SOFTWARE\MICROSOFT\TRACING\wizzcaster_RASAPI32, Przeniesiono do kwarantanny, [35b6909366343df9167ce91549ba7789], 
PUP.Optional.WizzCaster, HKLM\SOFTWARE\MICROSOFT\TRACING\wizzcaster_RASMANCS, Przeniesiono do kwarantanny, [ab40eb381d7d171f593950aed42f41bf], 
PUP.Optional.Komodia.Gen, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{BC04ACA0-5080-4546-A062-2F7F98A56E94}, Przeniesiono do kwarantanny, [2dbea67d6733063058af9c5eba49cd33], 
PUP.Optional.Komodia.Gen, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\vwe3034, Przeniesiono do kwarantanny, [faf13de68a109a9c4bbd4cae7e85fc04], 
PUP.Optional.Youndoo, HKLM\SOFTWARE\MOZILLA\FIREFOX\{EB52F1AB-3C2B-424F-9794-833C687025CF}, Przeniesiono do kwarantanny, [8c5fee358614af8715356763fb07af51], 
PUP.Optional.DNSUnlocker.ACMB2, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\ROOT\CERTIFICATES\26D9E607FFF0C58C7844B47FF8B6E079E5A2220E, Przeniesiono do kwarantanny, [4f9c899ad5c5c373b382b147b64dd828], 
PUP.Optional.HohoSearch, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{3BCFAB38-3849-4A9C-9939-38383091A7FF}, Przeniesiono do kwarantanny, [a84373b0405ada5c06a445b90ef5629e], 
PUP.Optional.HohoSearch, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{682ACBA1-C410-4C20-8D61-C709FF913E45}, Przeniesiono do kwarantanny, [a74459ca396144f2cedcfb035ca750b0], 
PUP.Optional.HohoSearch, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{6FFBC561-09F4-44F6-B842-EEF76090A7A4}, Przeniesiono do kwarantanny, [7a71bf6466345cda6149b24ce41f59a7], 
PUP.Optional.MorePowerfulCleaner, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\MPCKpt, Przeniesiono do kwarantanny, [856679aa772390a6eabef1d81ce602fe], 

Wartości rejestru: 12
PUP.Optional.Cloud4PC, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|sun21, "C:\Program Files (x86)\zebi\SunnyDay.exe", Przeniesiono do kwarantanny, [6784b073405abe785d0390075ea6c43c]
PUP.Optional.Komodia.Gen, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{BC04ACA0-5080-4546-A062-2F7F98A56E94}|Path, \vwe3034, Przeniesiono do kwarantanny, [2dbea67d6733063058af9c5eba49cd33]
PUP.Optional.Youndoo, HKLM\SOFTWARE\MOZILLA\FIREFOX\{EB52F1AB-3C2B-424F-9794-833C687025CF}|hp, http://www.youndoo.com/?z=cb97ebe18c15e338278ac68g7z4q9b4wdcaebw5mcw&from=imm&uid=SAMSUNGXHM321HI_S26VJDRZ715781&type=hp&mode=ffsengext, Przeniesiono do kwarantanny, [8c5fee358614af8715356763fb07af51]
PUP.Optional.Youndoo, HKLM\SOFTWARE\MOZILLA\FIREFOX\{EB52F1AB-3C2B-424F-9794-833C687025CF}|tab, http://www.youndoo.com/?z=cb97ebe18c15e338278ac68g7z4q9b4wdcaebw5mcw&from=imm&uid=SAMSUNGXHM321HI_S26VJDRZ715781&type=hp&mode=ffsengext, Przeniesiono do kwarantanny, [c625eb3828721b1bb2989931db274eb2]
PUP.Optional.Youndoo, HKLM\SOFTWARE\MOZILLA\FIREFOX\{EB52F1AB-3C2B-424F-9794-833C687025CF}|sp, http://www.youndoo.com/search/?q={searchTerms}&z=cb97ebe18c15e338278ac68g7z4q9b4wdcaebw5mcw&from=imm&uid=SAMSUNGXHM321HI_S26VJDRZ715781&type=sp, Przeniesiono do kwarantanny, [3caf65be91094ee8ab9fab1ffa083bc5]
PUP.Optional.Youndoo, HKLM\SOFTWARE\MOZILLA\FIREFOX\{EB52F1AB-3C2B-424F-9794-833C687025CF}|surl, http://www.youndoo.com/search/?&z=cb97ebe18c15e338278ac68g7z4q9b4wdcaebw5mcw&from=imm&uid=SAMSUNGXHM321HI_S26VJDRZ715781&type=sp&q=, Przeniesiono do kwarantanny, [da1136ed28725ed82b1f5b6fea18e020]
PUP.Optional.MorePowerfulCleaner, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT|MPCInstalled,  , Przeniesiono do kwarantanny, [45a65cc74b4ff24441da13ed8b795ca4]
Adware.EoRezo, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|sun21, "C:\Program Files (x86)\zebi\SunnyDay.exe", Przeniesiono do kwarantanny, [03e845de3c5e47ef5a1c9261b44f9769]
PUP.Optional.HohoSearch, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{3BCFAB38-3849-4A9C-9939-38383091A7FF}|DisplayName, hohosearch - Uninstall, Przeniesiono do kwarantanny, [a84373b0405ada5c06a445b90ef5629e]
PUP.Optional.HohoSearch, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{682ACBA1-C410-4C20-8D61-C709FF913E45}|DisplayName, hohosearch - Uninstall, Przeniesiono do kwarantanny, [a74459ca396144f2cedcfb035ca750b0]
PUP.Optional.HohoSearch, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{6FFBC561-09F4-44F6-B842-EEF76090A7A4}|DisplayName, hohosearch - Uninstall, Przeniesiono do kwarantanny, [7a71bf6466345cda6149b24ce41f59a7]
Trojan.DNSChanger.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\INTERFACES\{A8A3C5F9-E5DC-43E3-821F-22660015189D}|NameServer, 82.163.143.187,82.163.142.187, Przeniesiono do kwarantanny, [9a51a87b9703e74fbb686f8922e1b44c]

Dane rejestru: 2
Hijack.UserInit, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON|Userinit, wscript C:\Windows\run.vbs,, Dobry: (userinit.exe), Zły: (wscript C:\Windows\run.vbs,),Zastąpiono,[ecff8c97ebaf8aac90bffc74f60e3fc1]
PUM.Optional.UserInit, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON|Userinit, wscript C:\Windows\run.vbs,, Dobry: (userinit.exe), Zły: (wscript C:\Windows\run.vbs,),Zastąpiono,[2cbfbd66f1a94fe722012e4c26de8c74]

Foldery: 5
PUP.Optional.MorePowerfulCleaner, C:\Users\Agata\AppData\Local\Temp\MPCOnline, Przeniesiono do kwarantanny, [28c3de457a20a690ad883990927039c7], 
PUP.Optional.MorePowerfulCleaner, C:\Users\Agata\AppData\Local\Temp\MPCOnline\Microsoft.VC90.CRT, Przeniesiono do kwarantanny, [28c3de457a20a690ad883990927039c7], 
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner, Usunięcie-po-restarcie, [4c9fa083eab059dd621f3099c83a2cd4], 
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Skin, Przeniesiono do kwarantanny, [4c9fa083eab059dd621f3099c83a2cd4], 
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Skin\Uninstall, Przeniesiono do kwarantanny, [4c9fa083eab059dd621f3099c83a2cd4], 

Pliki: 44
PUP.Optional.Cloud4PC, C:\Program Files (x86)\zebi\SunnyDay.exe, Usunięcie-po-restarcie, [6784b073405abe785d0390075ea6c43c], 
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Uninstall.exe.removed, Przeniesiono do kwarantanny, [11da2cf7c0da35011552b2e006fbaa56], 
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\UninstDelete.exe.removed, Przeniesiono do kwarantanny, [c52642e1aded7fb7b0b7741ea160b34d], 
PUP.Optional.HohoSearch, C:\$RECYCLE.BIN\S-1-5-21-233006258-18527085-3623643150-1000\$R52IQQI\couvit.dll, Przeniesiono do kwarantanny, [866582a159412115c58f19cde41d8f71], 
PUP.Optional.HohoSearch, C:\$RECYCLE.BIN\S-1-5-21-233006258-18527085-3623643150-1000\$R52IQQI\DeElevator.dll, Przeniesiono do kwarantanny, [a348ac77cdcd6fc7c0940dd9b34e01ff], 
PUP.Optional.HohoSearch, C:\$RECYCLE.BIN\S-1-5-21-233006258-18527085-3623643150-1000\$R52IQQI\jumedom.dll, Przeniesiono do kwarantanny, [9754b172acee2d09ee668e58738e44bc], 
PUP.Optional.ConvertAd, C:\$RECYCLE.BIN\S-1-5-21-233006258-18527085-3623643150-1000\$RMWVB8E\qnsh303A.tmp, Przeniesiono do kwarantanny, [5e8d0f1481193afc5e0cbfc937cad42c], 
PUP.Optional.HohoSearch, C:\$RECYCLE.BIN\S-1-5-21-233006258-18527085-3623643150-1000\$RZFGDJG\couvit.dll, Przeniesiono do kwarantanny, [ab409f840b8f72c4243037afc23f0ff1], 
PUP.Optional.HohoSearch, C:\$RECYCLE.BIN\S-1-5-21-233006258-18527085-3623643150-1000\$RZFGDJG\DeElevator.dll, Przeniesiono do kwarantanny, [09e20f14dbbf14220450479fca37748c], 
PUP.Optional.HohoSearch, C:\$RECYCLE.BIN\S-1-5-21-233006258-18527085-3623643150-1000\$RZFGDJG\jumedom.dll, Przeniesiono do kwarantanny, [33b80023bedc4ee861f35f87f20f6b95], 
PUP.Optional.ConvertAd, C:\Users\Agata\AppData\Local\Temp\nsgB86B.tmp, Przeniesiono do kwarantanny, [b93267bc58428fa7e614e08f877d8878], 
PUP.Optional.ConvertAd, C:\Users\Agata\AppData\Local\Temp\nsr31B0.tmp, Przeniesiono do kwarantanny, [14d726fdc6d45bdb738757187e86c43c], 
Trojan.Graftor, C:\Users\Agata\AppData\Local\Temp\nsxDEEF.tmp, Przeniesiono do kwarantanny, [6e7d140f0496a59176b7e2cffd072dd3], 
PUP.Optional.Amonetize, C:\Users\Agata\AppData\Local\Temp\TI7W9EQJC\Bundle_NationZoom.exe, Przeniesiono do kwarantanny, [8a6183a00a903ff797865bd617ea23dd], 
PUP.Optional.Tuto4PC, C:\Users\Agata\AppData\Local\Temp\DAXKN1PAW\DAXKN1PAW.exe, Przeniesiono do kwarantanny, [2cbfe43f3f5be84ef8bdae01af550af6], 
PUP.Optional.Amonetize, C:\Users\Agata\AppData\Local\Temp\f9626892-7a78-3199-abd2-97bbce96297b\OfferInstaller.exe, Przeniesiono do kwarantanny, [08e333f0386245f1a466874647bacb35], 
PUP.Optional.Amonetize, C:\Users\Agata\AppData\Local\Temp\FN935DKB4\Bundle_NationZoom.exe, Przeniesiono do kwarantanny, [a04b160d1585ee481706e54c26dbd927], 
PUP.Optional.Amonetize, C:\Users\Agata\AppData\Local\Temp\LLSUICK4C\Bundle_NationZoom.exe, Przeniesiono do kwarantanny, [f0fb4ad9980268ce95882b06f0110000], 
PUP.Optional.MorePowerfulCleaner, C:\Users\Agata\AppData\Local\Temp\AH4BV2GXZ\HLSYV5CHU.exe, Przeniesiono do kwarantanny, [effcf132fe9cac8a8b234254a75d3dc3], 
Trojan.FakeAlert, C:\Users\Agata\AppData\Local\Temp\7QAEJJER4S\testversion.exe, Przeniesiono do kwarantanny, [28c3cd56edad181e0664c8214fb4ff01], 
Trojan.FakeAlert, C:\Users\Agata\AppData\Local\Temp\9I9LTO8ELF\testversion.exe, Przeniesiono do kwarantanny, [5e8dc3609505e6505e0c0ddcc24101ff], 
PUP.Optional.Komodia.Gen, C:\Windows\System32\Tasks\vwe3034, Przeniesiono do kwarantanny, [1bd05dc6e5b55adca4612dcdba49cc34], 
Adware.EoRezo, C:\Program Files (x86)\zebi\SunnyDay.exe, Usunięcie-po-restarcie, [03e845de3c5e47ef5a1c9261b44f9769], 
PUP.Optional.MorePowerfulCleaner, C:\Users\Agata\AppData\Local\Temp\MPCOnline\DLBT.dll, Przeniesiono do kwarantanny, [28c3de457a20a690ad883990927039c7], 
PUP.Optional.MorePowerfulCleaner, C:\Users\Agata\AppData\Local\Temp\MPCOnline\MPCDownload.exe, Przeniesiono do kwarantanny, [28c3de457a20a690ad883990927039c7], 
PUP.Optional.MorePowerfulCleaner, C:\Users\Agata\AppData\Local\Temp\MPCOnline\MPCSetup_4.torrent, Przeniesiono do kwarantanny, [28c3de457a20a690ad883990927039c7], 
PUP.Optional.MorePowerfulCleaner, C:\Users\Agata\AppData\Local\Temp\MPCOnline\p2pconfig.ini, Przeniesiono do kwarantanny, [28c3de457a20a690ad883990927039c7], 
PUP.Optional.MorePowerfulCleaner, C:\Users\Agata\AppData\Local\Temp\MPCOnline\Report.dll, Przeniesiono do kwarantanny, [28c3de457a20a690ad883990927039c7], 
PUP.Optional.MorePowerfulCleaner, C:\Users\Agata\AppData\Local\Temp\MPCOnline\Support.dll, Przeniesiono do kwarantanny, [28c3de457a20a690ad883990927039c7], 
PUP.Optional.MorePowerfulCleaner, C:\Users\Agata\AppData\Local\Temp\MPCOnline\Utility.dll, Przeniesiono do kwarantanny, [28c3de457a20a690ad883990927039c7], 
PUP.Optional.MorePowerfulCleaner, C:\Users\Agata\AppData\Local\Temp\MPCOnline\Microsoft.VC90.CRT\Microsoft.VC90.CRT.manifest, Przeniesiono do kwarantanny, [28c3de457a20a690ad883990927039c7], 
PUP.Optional.MorePowerfulCleaner, C:\Users\Agata\AppData\Local\Temp\MPCOnline\Microsoft.VC90.CRT\msvcm90.dll, Przeniesiono do kwarantanny, [28c3de457a20a690ad883990927039c7], 
PUP.Optional.MorePowerfulCleaner, C:\Users\Agata\AppData\Local\Temp\MPCOnline\Microsoft.VC90.CRT\msvcp90.dll, Przeniesiono do kwarantanny, [28c3de457a20a690ad883990927039c7], 
PUP.Optional.MorePowerfulCleaner, C:\Users\Agata\AppData\Local\Temp\MPCOnline\Microsoft.VC90.CRT\msvcr90.dll, Przeniesiono do kwarantanny, [28c3de457a20a690ad883990927039c7], 
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\MpcSafeDll.dll.removed, Przeniesiono do kwarantanny, [4c9fa083eab059dd621f3099c83a2cd4], 
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\MpcSafeDll64.dll.removed, Przeniesiono do kwarantanny, [4c9fa083eab059dd621f3099c83a2cd4], 
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\SafeNavi64.dll.removed, Usunięcie-po-restarcie, [4c9fa083eab059dd621f3099c83a2cd4], 
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Support.dll.removed, Przeniesiono do kwarantanny, [4c9fa083eab059dd621f3099c83a2cd4], 
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Utility.dll.removed, Przeniesiono do kwarantanny, [4c9fa083eab059dd621f3099c83a2cd4], 
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\XBus.dll.removed, Przeniesiono do kwarantanny, [4c9fa083eab059dd621f3099c83a2cd4], 
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\XSkin.dll.removed, Przeniesiono do kwarantanny, [4c9fa083eab059dd621f3099c83a2cd4], 
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Skin\Uninstall\Lang.xf, Przeniesiono do kwarantanny, [4c9fa083eab059dd621f3099c83a2cd4], 
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Skin\Uninstall\Skin.xf, Przeniesiono do kwarantanny, [4c9fa083eab059dd621f3099c83a2cd4], 
PUP.Optional.Amonetize, C:\Users\Agata\AppData\Local\Temp\amipixel.cfg, Przeniesiono do kwarantanny, [09e2111279219b9bee2d425b35cf6799], 

Sektory fizyczne: 0
(Nie wykryto zagrożeń)


(end)