Wirus blokuje dostęp do internetu

Dla specjalistów Bezpieczeństwo
#1

Cześć,

mój problem polega na braku połączenia z internetem w normalnym trybie (w awaryjnym działa poprawnie, czasem pojawia się ten sam problem co w trybie normalnym).

W prawym dolnym rogu, ikonka ilustrująca stan połączenia sieciowego informuje o dostępie do internetu, mimo że tak nie jest.

Działania jakie podjąłem w celu rozwiązania problemu to:

  • skanowanie systemu za pomocą programu Microsoft Safety Scanner,

  • skanowanie systemu za pomocą programu Avast.

Podczas skanowania programy te usuneły kilkanaście błędów, niestety nie pamiętam czego dotyczyły.

 

OTL: http://wklej.org/id/1688797/

Extras: http://wklej.org/id/1688798/

FRST: http://wklej.org/id/1688799/

Addition: http://wklej.org/id/1688801/

Shortcut: http://wklej.org/id/1688803/

#2

Odinstaluj Browser Configuration Utility,Conduit Engine,Download Updater,Funmoods,Hyperionics DB Toolbar,IB Updater 2.0.0.574,McAfee Security Scan Plus,omiga-plus uninstall,SFT_Polska Toolbar,Solution Real,uTorrentBar Toolbar,Winamp Toolbar,WinZipper.Pobierz i uruchom jako administrator AdwCleaner https://toolslib.net/downloads/finish/1/ Kliknij Scan i później Cleaning.

Pokaż nowe logi z FRST.

#3

Nie mogę usunąć Conduit Engine oraz uTorrentBar Toolbar. Co mam zrobić?

#4

Czego nie umiesz znaleźć / odinstalować pomiń. Wykonaj instrukcje do końca.

#5

FRST: http://wklej.org/id/1688905/

Addition: http://wklej.org/id/1688908/

Shortcut: http://wklej.org/id/1688909/

#6

Otwórz notatnik systemowy i wklej:

Task: {570F217A-2B79-42D9-92B1-A5658D01CB4F} - System32\Tasks\{1234A022-5F48-4355-9F26-DF224735BE57} = Firefox.exe http://ui.skype.com/ui/0/6.3.0.107/pl/abandoninstall?source=lightinstalleramp;page=tsProgressBar
Task: {981A8643-50E1-448C-980D-01E6B306CF5C} - System32\Tasks\{5377F232-2393-4DC5-BB89-22259D468471} = Firefox.exe http://ui.skype.com/ui/0/6.3.0.107/pl/abandoninstall?source=lightinstalleramp;page=tsInstall
Task: {9973CE61-434F-4739-9BDC-82601622CA66} - System32\Tasks\{8122687D-3FF5-47B6-A863-DA60B7A30E8A} = Firefox.exe http://ui.skype.com/ui/0/5.0.0.152/pl/abandoninstall?source=lightinstalleramp;page=tsMainamp;installinfo=google-toolbar:notoffered;ienotdefaultbrowser2,google-chrome:notoffered;alreadyoffered
Task: {B3711EC6-9BC6-4DDC-9DFA-46555E9A1CD5} - System32\Tasks\{8C66C9A5-CFEF-453D-A48C-D28B7EA0F2DE} = Firefox.exe http://ui.skype.com/ui/0/7.0.0.102/pl/abandoninstall?page=tsMain
HKU\S-1-5-21-1693294449-2853722536-560343305-1003\...\RunOnce: [Report] = C:\AdwCleaner\AdwCleaner[S0].txt [44994 2015-04-15] ()
HKU\S-1-5-21-1693294449-2853722536-560343305-1003\...\MountPoints2: {9daebe75-f6e7-11e0-8b85-806e6f6e6963} - F:\Setup.exe
HKU\S-1-5-21-1693294449-2853722536-560343305-1003\...\MountPoints2: {caa6efdd-ffa6-11df-a54f-806e6f6e6963} - F:\launcher.exe
GroupPolicy: Group Policy on Chrome detected ======= ATTENTION
GroupPolicyUsers\S-1-5-21-1693294449-2853722536-560343305-1006\User: Group Policy restriction detected ======= ATTENTION
GroupPolicyUsers\S-1-5-21-1693294449-2853722536-560343305-1004\User: Group Policy restriction detected ======= ATTENTION
GroupPolicyUsers\S-1-5-21-1693294449-2853722536-560343305-1003\User: Group Policy restriction detected ======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction ======= ATTENTION
SearchScopes: HKU\.DEFAULT - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\.DEFAULT - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL =
SearchScopes: HKU\S-1-5-19 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File
Toolbar: HKU\.DEFAULT - No Name - {338B4DFE-2E2C-4338-9E41-E176D497299E} - No File
Toolbar: HKU\S-1-5-21-1693294449-2853722536-560343305-1003 - No Name - {A0B1221C-A3FF-4F7C-A393-DC63AF5301E9} - No File
DPF: HKLM-x32 {68282C51-9459-467B-95BF-3C0E89627E55} http://www.mks.com.pl/skaner/SkanerOnline.cab
DPF: HKLM-x32 {6E718D87-6909-4FCE-92D4-EDCB2F725727} http://navigram.com/engine/v1140/Navigram.cab
FF NewTab: hxxp://search.yahoo.com/?fr=hp-ddc-bd-tabtype=616_pr __alt__ ddc_dsssyctab_bd_com
FF SelectedSearchEngine: Yahoo! Search
FF Homepage: hxxp://search.yahoo.com/?fr=hp-ddc-bdtype=616_pr __alt__ ddc_dsssyc_bd_com
FF Keyword.URL: hxxp://search.yahoo.com/yhs/search?hspart=ddchsimp=yhs-ddc_bdtype=616_pr __alt__ ddc_dss_bd_comp=
FF Extension: No Name - C:\Program Files\Alwil Software\Avast5\WebRep\FF [2011-06-10]
CHR HKLM\...\Chrome\Extension: [dlnembnfbcpjnepmfjmngjenhhajpdfd] - C:\Program Files\IB Updater\source.crx [Not Found]
CHR HKLM\...\Chrome\Extension: [noajmlkipclmeolfcnflkjhijkigpfjh] - No Path Or update_url value
CHR HKU\S-1-5-21-1693294449-2853722536-560343305-1003\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [bejbohlohkkgompgecdcbbglkpjfjgdj] - No Path Or update_url value
CHR HKLM-x32\...\Chrome\Extension: [dkinklhnkmkhkhofcnapakaoehijaoih] - C:\Program Files (x86)\OnlineHD.TV\onhd11.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [dpaeeflekdffkcflihellcgkhgbjgibl] - C:\ProgramData\SendSpaceExtention\chrome\sendspace_extension.crx [2011-10-03]
CHR HKLM-x32\...\Chrome\Extension: [edcikfknpchdehdlmjpbofgkoaonaijg] - No Path Or update_url value
CHR HKLM-x32\...\Chrome\Extension: [ifohbjbgfchkkfhphahclmkpgejiplfo] - No Path Or update_url value
CHR HKLM-x32\...\Chrome\Extension: [jcdgjdiieiljkfkdcloehkohchhpekkn] - No Path Or update_url value
CHR HKLM-x32\...\Chrome\Extension: [mbcjjdjanpccmehilicphhmeobiljcpk] - No Path Or update_url value
CHR HKLM-x32\...\Chrome\Extension: [naipdapbimiiikbbgjcpbgmfhnlbagpj] - No Path Or update_url value
CHR HKLM-x32\...\Chrome\Extension: [noajmlkipclmeolfcnflkjhijkigpfjh] - No Path Or update_url value
S3 BT; system32\DRIVERS\btnetdrv.sys [X]
S3 BTCOM; system32\DRIVERS\btcomport.sys [X]
S3 BTCOMBUS; System32\Drivers\btcombus.sys [X]
S3 Btcsrusb; System32\Drivers\btcusb.sys [X]
S3 VHidMinidrv; system32\drivers\VHIDMini.sys [X]
2015-04-15 20:06 - 2015-04-15 20:13 - 00000000 ____ D () C:\AdwCleaner
C:\ProgramData\whlb32g.dll
C:\Users\Marian\ALLPlayerEN.exe
EmptyTemp:

Plik zapisz pod nazwą fixlist.txt i umieść obok FRST w tym samym folderze.

#7

Teraz działa tak jak powinno, wielkie dzięki.

#8

Skasuj folder C:\FRST.