Reklamy w przeglądarce, nie działają szyfrowane połączenia, internet muli

Dla specjalistów Bezpieczeństwo
#1

Witam

 

Mam problem z solidnie napakowanym syfem laptopem dziewczyny. Od dwóch dni jest zasypywana reklamami z przeglądarki i w samym systemie. Nie działają również połączenia po SSL, a nieszyfrowane albo ledwo, albo wcale, Próbowaliśmy już wielu programów:

#2

Pobierz Farbar Recovery Scan Tool http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/ zgodny z wersją systemu 32-bit lub 64-bit.

#3

FRST:   http://wklej.org/id/1356275/

Addition: http://wklej.org/id/1356268/ 

 

Edit: niestety nie mam fizycznego dostępu do tego laptopa, ale koleżanka relacjonuje, że do objawów doszły nieoczekiwane restarty komputera.

#4

Odinstaluj Spybot - Search & Destroy.Otwórz Notatnik i wklej:

Task: {4B2BC30B-9E2C-42E6-A311-CB5C954FD67D} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates = C:\Program Files (x86)\Spybot - Search amp; Destroy 2\SDUpdate.exe
Task: {696F56A0-DA38-4607-AECB-21ACA4DF3C2A} - System32\Tasks\Omiga Plus RunAsStdUser = C:\Program Files (x86)\Omiga Plus\omigaplus.exe ==== ATTENTION
Task: {8F9335E8-3453-493C-86C8-EC465969501D} - System32\Tasks\Desk 365 RunAsStdUser = C:\Program Files (x86)\Desk 365\desk365.exe ==== ATTENTION
Task: {95721304-9D4B-4F6D-AD98-6579FA0445A4} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system = C:\Program Files (x86)\Spybot - Search amp; Destroy 2\SDScan.exe
Task: {A98F0D2A-BAD0-48FD-A2BE-9706555B286A} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization = C:\Program Files (x86)\Spybot - Search amp; Destroy 2\SDImmunize.exe
HKLM-x32\...\Run: [] = [X]
HKLM-x32\...\Run: [SDTray] = C:\Program Files (x86)\Spybot - Search Destroy 2\SDTray.exe [4101584 2014-04-25] (Safer-Networking Ltd.)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {596A0D69-1B05-4C83-85EC-AB6FC295D4C1} URL = http://tuvaro.com/ws/?source=536c75e7tbp=rboxtoolbarid=baseu=cea0cb3400000000000000a0c6000000q={searchTerms}
SearchScopes: HKCU - {82CB231A-068E-47E3-BEEB-3C5DD52FF566} URL = http://websearch.ask.com/redirect?client=ietb=ORJo=src=kwq={searchTerms}locale=apn_ptnrs=U3apn_dtid=OSJ000YYPLapn_uid=6D454F82-ADA4-45A4-926C-42E30B6D2080apn_sauid=160B9F90-9141-43F2-AE82-0479062F4BB5
BHO-x32: webget - {dc264a72-fa75-4948-b881-ea8eff8e5dd2} - C:\Program Files (x86)\webget\webgetbho.dll (webget)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File
CHR HKLM-x32\...\Chrome\Extension: [nbmafkdmkkckhggblphicnnhlgljnoje] - C:\Program Files (x86)\TornTV.com\torn2_10.crx [2014-04-30]
CHR HKLM-x32\...\Chrome\Extension: [pbjikboenpfhbbejgkoklgkhjpfogcam] - C:\Program Files (x86)\Amazon\ABB\AmazonChrome-lenovo-abb.crx [2014-04-30]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction ======= ATTENTION
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search Destroy 2\SDFSSvc.exe [1738200 2014-04-25] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search Destroy 2\SDUpdSvc.exe [2081752 2014-04-25] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
S2 Update webget; C:\Program Files (x86)\webget\updatewebget.exe [317720 2014-05-09] ()
R2 Util webget; C:\Program Files (x86)\webget\bin\utilwebget.exe [317720 2014-05-09] ()
S2 avast! Firewall; "C:\Program Files\AVAST Software\Avast\afwServ.exe" [X]
S2 McAfee SiteAdvisor Service; c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe [X]
S1 aswKbd; \\C:\Windows\system32\drivers\aswKbd.sys [X]
S1 aswTdi; \\C:\Windows\system32\drivers\aswTdi.sys [X]
S3 catchme; \\C:\ComboFix\catchme.sys [X]
S3 XFDriver64; \\C:\Program Files (x86)\Xfire2\XFDriver64.sys [X]
2014-05-09 06:40 - 2014-05-09 08:44 - 00000000 ____ D () C:\ProgramData\Spybot - Search Destroy
2014-05-09 06:40 - 2014-05-09 06:40 - 00001406 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-SD Start Center.lnk
2014-05-09 06:40 - 2014-05-09 06:40 - 00001394 _____ () C:\Users\Public\Desktop\Spybot-SD Start Center.lnk
2014-05-09 06:40 - 2014-05-09 06:40 - 00000000 ____ D () C:\Windows\System32\Tasks\Safer-Networking
2014-05-09 06:40 - 2014-05-09 06:40 - 00000000 ____ D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search Destroy 2
2014-05-09 06:40 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe
2014-05-09 06:39 - 2014-05-09 06:40 - 00000000 ____ D () C:\Program Files (x86)\Spybot - Search Destroy 2
2014-05-09 06:38 - 2014-05-09 06:39 - 46392680 _____ (Safer-Networking Ltd. ) C:\Users\Iza\Downloads\spybot-2.3.exe
2014-05-08 15:35 - 2014-05-07 16:06 - 00061112 _____ (StdLib) C:\Windows\system32\Drivers\{9edd0ea8-2819-47c2-8320-b007d5996f8a}Gw64.sys
2014-05-08 13:44 - 2014-05-08 14:48 - 00000000 ____ D () C:\Program Files (x86)\webget

Plik zapisz pod nazwą fixlist.txt i umieść obok FRST