adobe 10.1. update

Místo pro vaše HiJackThis logy a logy z dalších programů…

Moderátoři: Mods_senior, Security team

elven
nováček
Příspěvky: 2
Registrován: listopad 14
Pohlaví: Žena
Stav:
Offline

adobe 10.1. update

Příspěvekod elven » 01 lis 2014 21:22

Zdravím, v pc se mi prohání zřejmě škaredá a otravná havěť.
Jednou za čas se mi ukáže "adobe flash player update 10.1" je jasné, že je to vir/malware. Ovšem nedaří se mi ho vykopat. Spybody, Anti-malwary, antivirus, nepomáhají, tak jsem se rozhodla obrátit se zde na radu.

Log:
    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 21:17:06, on 1. 11. 2014
    Platform: Unknown Windows (WinNT 6.02.1008)
    MSIE: Internet Explorer v11.0 (11.00.9600.17344)
    Boot mode: Normal

    Running processes:
    C:\Program Files (x86)\ASUS\Splendid\ColorUService.exe
    C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
    C:\Program Files (x86)\IObit\Start Menu 8\StartMenu8.exe
    C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe
    C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe
    C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.exe
    C:\Users\Naomi_\AppData\Local\Akamai\netsession_win.exe
    C:\Users\Naomi_\AppData\Local\Akamai\netsession_win.exe
    C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
    C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    C:\Program Files (x86)\Steam\Steam.exe
    C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
    C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
    C:\Program Files (x86)\Hi-Rez Studios\HiRezGames\smite\binaries\Win32\Smite.exe
    C:\Users\Naomi_\Downloads\hijackthis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus13.msn.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    F2 - REG:system.ini: UserInit=userinit.exe,
    O2 - BHO: Lync Click to Call BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
    O2 - BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\PROGRA~2\MICROS~1\Office15\GROOVEEX.DLL
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [ASUSPRP] "C:\Program Files (x86)\ASUS\APRP\APRP.EXE"
    O4 - HKLM\..\Run: [ASUSWebStorage] C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSPanel.exe /S
    O4 - HKLM\..\Run: [RemoteControl10] "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
    O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
    O4 - HKLM\..\Run: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
    O4 - HKLM\..\Run: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
    O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
    O4 - HKCU\..\Run: [Akamai NetSession Interface] "C:\Users\Naomi_\AppData\Local\Akamai\netsession_win.exe"
    O4 - HKLM\..\Policies\Explorer\Run: [BtvStack] "C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe"
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office15\EXCEL.EXE/3000
    O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~1\Office15\ONBttnIE.dll/105
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll
    O9 - Extra button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
    O9 - Extra 'Tools' menuitem: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
    O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
    O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
    O9 - Extra button: Site Finder - {CCC7B152-1D8C-11E3-B2AD-F3EF3D58318D} - (no file)
    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
    O15 - Trusted Zone: http://*.aeriagames.com
    O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
    O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    O18 - Filter hijack: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
    O20 - AppInit_DLLs: C:\WINDOWS\SysWOW64\nvinit.dll
    O20 - Winlogon Notify: SDWinLogon - SDWinLogon.dll (file missing)
    O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)
    O23 - Service: ASLDR Service (ASLDRService) - ASUSTek Computer Inc. - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
    O23 - Service: ASUS InstantOn Service (ASUS InstantOn) - ASUS - C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe
    O23 - Service: Asus WebStorage Windows Service - Unknown owner - C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSWinService.exe
    O23 - Service: AtherosSvc - Qualcomm Atheros Commnucations - C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
    O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - ASUS - C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
    O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\WINDOWS\SysWow64\IntelCpHeciSvc.exe
    O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
    O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
    O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing)
    O23 - Service: GamesAppService - WildTangent, Inc. - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
    O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: Hi-Rez Studios Authenticate and Update Service (HiPatchService) - Hi-Rez Studios - C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
    O23 - Service: Intel(R) Integrated Clock Controller Service - Intel(R) ICCS (ICCS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
    O23 - Service: IconMan_R - Realsil Microelectronics Inc. - C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
    O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\WINDOWS\system32\IEEtwCollector.exe (file missing)
    O23 - Service: Intel(R) Capability Licensing Service Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe
    O23 - Service: Intel(R) ME Service - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
    O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
    O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing)
    O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
    O23 - Service: NVIDIA Network Service (NvNetworkService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
    O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
    O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
    O23 - Service: Spybot-S&D 2 Scanner Service (SDScannerService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
    O23 - Service: Spybot-S&D 2 Updating Service (SDUpdateService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
    O23 - Service: Spybot-S&D 2 Security Center Service (SDWSCService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
    O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing)
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing)
    O23 - Service: Spyware Terminator 2012 Realtime Shield Service (ST2012_Svc) - Crawler.com - C:\Program Files (x86)\Spyware Terminator\st_rsser64.exe
    O23 - Service: StartMenu8 Service (StartMenuService) - IObit - C:\Program Files (x86)\IObit\Start Menu 8\StartMenuServices.exe
    O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
    O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\WINDOWS\system32\UI0Detect.exe (file missing)
    O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing)
    O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing)
    O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
    O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
    O23 - Service: Wise Boot Assistant (WiseBootAssistant) - WiseCleaner.com - C:\Program Files (x86)\Wise\Wise Care 365\BootTime.exe
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing)
    O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
    O23 - Service: ZAtheros Bt and Wlan Coex Agent - Atheros - C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe

    --
    End of file - 13321 bytes

Reklama
Uživatelský avatar
jaro3
člen Security týmu
Guru Level 15
Guru Level 15
Příspěvky: 43298
Registrován: červen 07
Bydliště: Jižní Čechy
Pohlaví: Muž
Stav:
Offline

Re: adobe 10.1. update

Příspěvekod jaro3 » 02 lis 2014 10:45

Odinstaluj:
Spybot - Search & Destroy 2
Spyware Terminator


Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni na select all found, poté:
-Když používáš Firefox (Mozzila), klikni na Firefox nahoře a vyber: Select All, poté klikni na Empty Selected.
-Když používáš Operu, klikni nahoře na Operu a vyber: Select All, poté klikni na Empty Selected. Poté klikni na Main (hlavní stránku ) a klikni na Empty Selected.
Po vyčištění klikni na Exit k zavření programu.
ATF-Cleaner je jednoduchý nástroj na odstranění historie z webového prohlížeče. Program dokáže odstranit cache, cookies, historii a další stopy po surfování na Internetu. Mezi podporované prohlížeče patří Internet Explorer, Firefox a Opera. Aplikace navíc umí odstranit dočasné soubory Windows, vysypat koš atd.

- Pokud používáš jen Google Chrome , tak ATF nemusíš použít.


Stáhni si TFC
Otevři soubor a zavři všechny ostatní okna, Klikni na Start k zahájení procesu. Program by neměl trvat dlouho.
Poté by se měl PC restartovat, pokud ne , proveď sám.

Stáhni AdwCleaner (by Xplode)
http://www.bleepingcomputer.com/download/adwcleaner/

Ulož si ho na svojí plochu
Ukonči všechny programy , okna a prohlížeče
Spusť program poklepáním a klikni na „Prohledat-Scan“
Po skenu se objeví log ( jinak je uložen systémovem disku jako AdwCleaner[R?].txt), jeho obsah sem celý vlož.

Stáhni si Malwarebytes' Anti-Malware
- Při instalaci odeber zatržítko u „Povolit bezplatnou zkušební verzi Malwarebytes' Anti-Malware Premium“
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Aktualizace Malwarebytes' Anti-Malware a Spustit aplikaci Malwarebytes' Anti-Malware, pokud jo tak klikni na tlačítko konec
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a klikni na Skenovat nyní a
- po proběhnutí programu se ti objeví hláška vpravo dole tak klikni na b] Kopírovat do schránky [/b]a a vlož sem celý log.

- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).

Pokud budou problémy , spusť v nouz. režimu.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra

elven
nováček
Příspěvky: 2
Registrován: listopad 14
Pohlaví: Žena
Stav:
Offline

Re: adobe 10.1. update

Příspěvekod elven » 02 lis 2014 11:59

AdwCleaner log:
# AdwCleaner v3.311 - Report created 02/11/2014 at 11:33:44
# Updated 30/09/2014 by Xplode
# Operating System : Windows 8.1 (64 bits)
# Username : Naomi_ - NAOMI
# Running from : C:\Users\Naomi_\Downloads\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****

File Found : C:\Users\Naomi_\AppData\Roaming\Mozilla\Firefox\Profiles\38s4x5md.default\invalidprefs.js
File Found : C:\Users\Naomi_\AppData\Roaming\Mozilla\Firefox\Profiles\38s4x5md.default\searchplugins\search.xml
File Found : C:\Users\Naomi_\AppData\Roaming\Mozilla\Firefox\Profiles\38s4x5md.default\user.js
Folder Found : C:\Program Files (x86)\SiteLookup
Folder Found : C:\ProgramData\SafetyNut
Folder Found : C:\ProgramData\Tbccint
Folder Found : C:\Users\Naomi_\AppData\Local\Tbccint
Folder Found : C:\Users\Naomi_\AppData\LocalLow\Tbccint

***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKCU\Software\AppDataLow\Software\SmartBar
Key Found : HKCU\Software\AppDataLow\Software\Tbccint
Key Found : HKCU\Software\AppDataLow\Software\TbccintSearchScopes
Key Found : HKCU\Software\AppDataLow\Toolbar
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\Tbccint
Key Found : HKCU\Software\Tbccint_HKLM
Key Found : HKCU\Software\Tune
Key Found : [x64] HKCU\Software\Conduit
Key Found : [x64] HKCU\Software\Tbccint
Key Found : [x64] HKCU\Software\Tbccint_HKLM
Key Found : [x64] HKCU\Software\Tune
Key Found : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Found : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3329621
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Found : HKLM\SOFTWARE\Conduit
Key Found : HKLM\SOFTWARE\systweak
Key Found : HKLM\SOFTWARE\Tune

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17344


-\\ Mozilla Firefox v32.0.3 (x86 cs)

[ File : C:\Users\Naomi_\AppData\Roaming\Mozilla\Firefox\Profiles\38s4x5md.default\prefs.js ]

Line Found : user_pref("extensions.buenosearch.admin", false);
Line Found : user_pref("extensions.buenosearch.aflt", "babsst");
Line Found : user_pref("extensions.buenosearch.appId", "{37EB75F2-7392-4DBE-B5AD-147EC6D7BF5F}");
Line Found : user_pref("extensions.buenosearch.autoRvrt", "false");
Line Found : user_pref("extensions.buenosearch.dfltLng", "cs");
Line Found : user_pref("extensions.buenosearch.excTlbr", false);
Line Found : user_pref("extensions.buenosearch.ffxUnstlRst", true);
Line Found : user_pref("extensions.buenosearch.id", "22620962000000000000160a64783c33");
Line Found : user_pref("extensions.buenosearch.instlDay", "16245");
Line Found : user_pref("extensions.buenosearch.instlRef", "sst");
Line Found : user_pref("extensions.buenosearch.newTab", false);
Line Found : user_pref("extensions.buenosearch.prdct", "buenosearch");
Line Found : user_pref("extensions.buenosearch.prtnrId", "buenosearch");
Line Found : user_pref("extensions.buenosearch.rvrt", "false");
Line Found : user_pref("extensions.buenosearch.smplGrp", "none");
Line Found : user_pref("extensions.buenosearch.tlbrId", "base");
Line Found : user_pref("extensions.buenosearch.vrsn", "1.8.28.7");
Line Found : user_pref("extensions.buenosearch.vrsnTs", "1.8.28.77:14:14");
Line Found : user_pref("extensions.buenosearch.vrsni", "1.8.28.7");

-\\ Google Chrome v38.0.2125.111

[ File : C:\Users\Naomi_\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [3566 octets] - [02/11/2014 11:33:44]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [3626 octets] ##########



Malwarebytes log:
Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 2. 11. 2014
Scan Time: 11:37:52
Logfile: log.txt
Administrator: Yes

Version: 2.00.3.1025
Malware Database: v2014.11.02.03
Rootkit Database: v2014.11.01.02
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 8.1
CPU: x64
File System: NTFS
User: Naomi_

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 324757
Time Elapsed: 19 min, 15 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 38
Trojan.Agent.FSAVXGen, C:\Users\Naomi_\AppData\Roaming\ScanDisc.exe, , [47b4f34374085fd7134c424e4eb33fc1],
PUP.Optional.BuenoSearch, C:\Users\Naomi_\AppData\Roaming\Mozilla\Firefox\Profiles\38s4x5md.default\prefs.js, Good: (), Bad: (user_pref("extensions.buenosearch.admin", false);), ,[8576ef472953f54101e188e5679e5ba5]
PUP.Optional.BuenoSearch, C:\Users\Naomi_\AppData\Roaming\Mozilla\Firefox\Profiles\38s4x5md.default\prefs.js, Good: (), Bad: (ferences

/* Do not edit this file.
*
* If yo), ,[0bf0ea4c453757df23bfec812dd8d927]
PUP.Optional.BuenoSearch, C:\Users\Naomi_\AppData\Roaming\Mozilla\Firefox\Profiles\38s4x5md.default\prefs.js, Good: (), Bad: (rences

/* Do not edit this file.
*
* If you make changes to this file while t), ,[ee0d8caadba1cd69aa38264718edb050]
PUP.Optional.BuenoSearch, C:\Users\Naomi_\AppData\Roaming\Mozilla\Firefox\Profiles\38s4x5md.default\prefs.js, Good: (), Bad: (e.
*
* If you make changes to this file while the ), ,[ce2dd1654438df57a63c105dee17f808]
PUP.Optional.BuenoSearch, C:\Users\Naomi_\AppData\Roaming\Mozilla\Firefox\Profiles\38s4x5md.default\prefs.js, Good: (), Bad: (ces

/* Do not edit this file.
*
* If you ma), ,[728981b53646072f865cb7b6798c7e82]
PUP.Optional.BuenoSearch, C:\Users\Naomi_\AppData\Roaming\Mozilla\Firefox\Profiles\38s4x5md.default\prefs.js, Good: (), Bad: (erences

/* Do not edit this file.
*
* If you), ,[906bda5c1a62f73fa63c1459cd3845bb]
PUP.Optional.BuenoSearch, C:\Users\Naomi_\AppData\Roaming\Mozilla\Firefox\Profiles\38s4x5md.default\prefs.js, Good: (), Bad: (rences

/* Do not edit this file.
*
* If you mak), ,[02f986b07903b680f0f20667a85d7c84]
PUP.Optional.BuenoSearch, C:\Users\Naomi_\AppData\Roaming\Mozilla\Firefox\Profiles\38s4x5md.default\prefs.js, Good: (), Bad: (ces

/* Do not edit this file.
*
* If you make changes to this file w), ,[04f72016cdaff73fd111a6c7d332c040]
PUP.Optional.BuenoSearch, C:\Users\Naomi_\AppData\Roaming\Mozilla\Firefox\Profiles\38s4x5md.default\prefs.js, Good: (), Bad: ( this file.
*
* If you make changes to this file w), ,[e6158ea8a6d69c9afce6c7a661a4bd43]
PUP.Optional.BuenoSearch, C:\Users\Naomi_\AppData\Roaming\Mozilla\Firefox\Profiles\38s4x5md.default\prefs.js, Good: (), Bad: (ces

/* Do not edit this file.
*
* If you make), ,[916ae650a3d98ea8439f09647f86f20e]
PUP.Optional.BuenoSearch, C:\Users\Naomi_\AppData\Roaming\Mozilla\Firefox\Profiles\38s4x5md.default\prefs.js, Good: (), Bad: (ences

/* Do not edit this file.
*
* If you ), ,[c635b482c9b3290d2cb63a33f5102ad6]
PUP.Optional.BuenoSearch, C:\Users\Naomi_\AppData\Roaming\Mozilla\Firefox\Profiles\38s4x5md.default\prefs.js, Good: (), Bad: (erences

/* Do not edit this file.
*
* If you make ), ,[5e9d9c9a39438ea83ea4fd70c4410df3]
PUP.Optional.BuenoSearch, C:\Users\Naomi_\AppData\Roaming\Mozilla\Firefox\Profiles\38s4x5md.default\prefs.js, Good: (), Bad: (

/* Do not edit this file.
*
* If you make changes t), ,[b84337ffa6d654e2cd15333af510a35d]
PUP.Optional.BuenoSearch, C:\Users\Naomi_\AppData\Roaming\Mozilla\Firefox\Profiles\38s4x5md.default\prefs.js, Good: (), Bad: (
/* Do not edit this file.
*
* If you make ch), ,[4ab170c60f6dfb3b30b25b12c24309f7]
PUP.Optional.BuenoSearch, C:\Users\Naomi_\AppData\Roaming\Mozilla\Firefox\Profiles\38s4x5md.default\prefs.js, Good: (), Bad: (erences

/* Do not edit this file.
*
* If you ), ,[7a8149ed5e1e3501e002115c8d785ca4]
PUP.Optional.BuenoSearch, C:\Users\Naomi_\AppData\Roaming\Mozilla\Firefox\Profiles\38s4x5md.default\prefs.js, Good: (), Bad: (ences

/* Do not edit this file.
*
* If you m), ,[708bdb5b7309a98d13cfbeaf59ac1ce4]
PUP.Optional.BuenoSearch, C:\Users\Naomi_\AppData\Roaming\Mozilla\Firefox\Profiles\38s4x5md.default\prefs.js, Good: (), Bad: (rences

/* Do not edit this file.
*
* If you ma), ,[9a617eb87efeea4c974bcda08382fb05]
PUP.Optional.BuenoSearch, C:\Users\Naomi_\AppData\Roaming\Mozilla\Firefox\Profiles\38s4x5md.default\prefs.js, Good: (), Bad: (nces

/* Do not edit this file.
*
* If you make changes ), ,[689339fd57250234e7fbea8328ddb050]
PUP.Optional.BuenoSearch, C:\Users\Naomi_\AppData\Roaming\Mozilla\Firefox\Profiles\38s4x5md.default\prefs.js, Good: (), Bad: (* Do not edit this file.
*
* If you make changes t), ,[6497e94d0a7249edcf13dd908e7750b0]
PUP.Optional.BuenoSearch, C:\Users\Naomi_\AppData\Roaming\Mozilla\Firefox\Profiles\38s4x5md.default\user.js, Good: (), Bad: (user_pref("extensions.buenosearch.id", "22620962000000000000160a64783c33");), ,[43b83ff7c7b5bd79449d115cca3bc53b]
PUP.Optional.BuenoSearch, C:\Users\Naomi_\AppData\Roaming\Mozilla\Firefox\Profiles\38s4x5md.default\user.js, Good: (), Bad: (22620962000000000000160a64783c33");
user_pref("extensions.buenosearch.appId", "{37E), ,[f803a78ff6861e18776a482501041be5]
PUP.Optional.BuenoSearch, C:\Users\Naomi_\AppData\Roaming\Mozilla\Firefox\Profiles\38s4x5md.default\user.js, Good: (), Bad: (00000000000160a64783c33");
user_pref("extensions.buen), ,[74879a9c0a720630e5fc561758ad2fd1]
PUP.Optional.BuenoSearch, C:\Users\Naomi_\AppData\Roaming\Mozilla\Firefox\Profiles\38s4x5md.default\user.js, Good: (), Bad: (ns.buenosearch.id", "22620962000000000000160a64783c33), ,[3ac12511c1bb9f97e00195d8669f8977]
PUP.Optional.BuenoSearch, C:\Users\Naomi_\AppData\Roaming\Mozilla\Firefox\Profiles\38s4x5md.default\user.js, Good: (), Bad: (ons.buenosearch.id", "22620962000000000000160a64783c33), ,[8972de589ede171faa377af37d88ee12]
PUP.Optional.BuenoSearch, C:\Users\Naomi_\AppData\Roaming\Mozilla\Firefox\Profiles\38s4x5md.default\user.js, Good: (), Bad: (ns.buenosearch.id", "22620962000000000000160a64783c33");
user), ,[aa513df992ea2214469bea838481d62a]
PUP.Optional.BuenoSearch, C:\Users\Naomi_\AppData\Roaming\Mozilla\Firefox\Profiles\38s4x5md.default\user.js, Good: (), Bad: (search.id", "22620962000000000000160a64783c33");
user_pref), ,[8c6fa98d8eeee5511dc4b4b946bf4eb2]
PUP.Optional.BuenoSearch, C:\Users\Naomi_\AppData\Roaming\Mozilla\Firefox\Profiles\38s4x5md.default\user.js, Good: (), Bad: (enosearch.id", "22620962000000000000160a64783c33");
user), ,[47b49b9b6b1140f6c41d3637b84d17e9]
PUP.Optional.BuenoSearch, C:\Users\Naomi_\AppData\Roaming\Mozilla\Firefox\Profiles\38s4x5md.default\user.js, Good: (), Bad: (buenosearch.id", "22620962000000000000160a64783c33"), ,[3dbe46f0384476c0ae33a0cd000538c8]
PUP.Optional.BuenoSearch, C:\Users\Naomi_\AppData\Roaming\Mozilla\Firefox\Profiles\38s4x5md.default\user.js, Good: (), Bad: (sions.buenosearch.id", "22620962000000000000160a6478), ,[8675989e691345f16c75e28b15f058a8]
PUP.Optional.BuenoSearch, C:\Users\Naomi_\AppData\Roaming\Mozilla\Firefox\Profiles\38s4x5md.default\user.js, Good: (), Bad: (ions.buenosearch.id", "22620962000000000000160a6478), ,[d724f1451f5d40f6bc252a4357aee51b]
PUP.Optional.BuenoSearch, C:\Users\Naomi_\AppData\Roaming\Mozilla\Firefox\Profiles\38s4x5md.default\user.js, Good: (), Bad: (ions.buenosearch.id", "22620962000000000000160a647), ,[40bbbc7acfadbb7bdd041954b84d13ed]
PUP.Optional.BuenoSearch, C:\Users\Naomi_\AppData\Roaming\Mozilla\Firefox\Profiles\38s4x5md.default\user.js, Good: (), Bad: (nsions.buenosearch.id", "22620962000000000000160a64), ,[44b7f5417c00c86e8d540c61b055b848]
PUP.Optional.BuenoSearch, C:\Users\Naomi_\AppData\Roaming\Mozilla\Firefox\Profiles\38s4x5md.default\user.js, Good: (), Bad: (sions.buenosearch.id", "22620962000000000000160a64783c), ,[4facf0460b71979fb03177f65ca9a858]
PUP.Optional.BuenoSearch, C:\Users\Naomi_\AppData\Roaming\Mozilla\Firefox\Profiles\38s4x5md.default\user.js, Good: (), Bad: (ns.buenosearch.id", "22620962000000000000160a6478), ,[62998caaef8d94a2e001c3aa59ac7d83]
PUP.Optional.BuenoSearch, C:\Users\Naomi_\AppData\Roaming\Mozilla\Firefox\Profiles\38s4x5md.default\user.js, Good: (), Bad: (ensions.buenosearch.id", "22620962000000000000160a6478), ,[b94238fee3993bfb608109642cd9dc24]
PUP.Optional.BuenoSearch, C:\Users\Naomi_\AppData\Roaming\Mozilla\Firefox\Profiles\38s4x5md.default\user.js, Good: (), Bad: (ns.buenosearch.id", "22620962000000000000160a64783), ,[f902a1952953e74f825f93da5da8ac54]
PUP.Optional.BuenoSearch, C:\Users\Naomi_\AppData\Roaming\Mozilla\Firefox\Profiles\38s4x5md.default\user.js, Good: (), Bad: (nsions.buenosearch.id", "22620962000000000000160a6), ,[c03b05318cf08ea8fee376f7e91c6f91]

Physical Sectors: 0
(No malicious items detected)


(end)

Uživatelský avatar
Orcus
člen Security týmu
Elite Level 10.5
Elite Level 10.5
Příspěvky: 10645
Registrován: duben 10
Bydliště: Okolo rostou 3 růže =o)
Pohlaví: Muž
Stav:
Offline

Re: adobe 10.1. update

Příspěvekod Orcus » 02 lis 2014 19:33

Znovu spusť MbAM a dej Skenovat nyní
Po proběhnutí programu se ti objeví hláška, tak klikni na „Vše do karantény“ -> „Exportovat záznam“ a vyber „textový soubor“ , soubor nějak pojmenuj a ulož na Plochu.
Zkopíruj sem celý obsah toho logu.

====================================================

Spusť znovu AdwCleaner (u Windows Vista či Windows7, klikni na AdwCleaner pravým a vyber „Spustit jako správce“
Klikni na „ Smazat“
Program provede opravu, po automatickém restartu neukáže log (C:\AdwCleaner [S?].txt) , jeho obsah sem celý vlož.

====================================================

Stáhni si Junkware Removal Tool

na svojí plochu.
Deaktivuj si svůj antivirový program.
Pravým tl. myši klikni na JRT.exe a vyber „spustit jako správce“. Pro pokračování budeš vyzván ke stisknutí jakékoliv klávesy. Na nějakou klikni.
Začne skenování programu. Skenování může trvat dloho , podle množství nákaz. Po ukončení skenu se objeví log (JRT.txt) , který se uloží na ploše.
Zkopíruj sem prosím celý jeho obsah.

====================================================

Stáhni si RogueKiller
32bit.:
http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe
64bit.:
http://www.sur-la-toile.com/RogueKiller ... lerX64.exe
na svojí plochu.
- Zavři všechny ostatní programy a prohlížeče.
- Pro OS Vista a win7 spusť program RogueKiller.exe jako správce , u XP poklepáním.
- počkej až skončí Prescan -vyhledávání škodlivých procesů.
- Zkontroluj , zda máš zaškrtnuto:
Kontrola MBR
Kontrola Faked
Antirootkit

-Potom klikni na „Prohledat“.
- Program skenuje procesy PC. Po proskenování klikni na „Zpráva“celý obsah logu sem zkopíruj.
Pokud je program blokován , zkus ho spustit několikrát. Pokud dále program nepůjde spustit a pracovat, přejmenuj ho na winlogon.exe.
Láska hřeje, ale uhlí je uhlí. :fire:



Log z HJT vkládejte do HJT sekce. Je-li moc dlouhý, rozděl jej do více zpráv.

Pár rad k bezpečnosti PC.

Po dobu mé nepřítomnosti mě zastupuje memphisto, jaro3 a Diallix

Pokud budete spokojeni , můžete podpořit naše fórum.


Zpět na “HiJackThis”

Kdo je online

Uživatelé prohlížející si toto fórum: Žádní registrovaní uživatelé a 109 hostů