Zamulony komp oraz niedziałający Internet - logi do sprawdzenia

Dla specjalistów Bezpieczeństwo
#1

Witam,

mam problem, a dokładnie znajoma. Z tego co opisała problem polega na tym, że po kilku minutach pracy po odpaleniu laptopa ten zaczyna mulić oraz dodatkowo net przestaje ‘działać’ = nie odpalają się żadne strony. Osobiście nie mogę tego sprawdzić jak to się objawia i kiedy, bo znajomwa przebywa za granicą. Kazałem jej przeskanować komputer i podesłać logi, które wrzucam. Z góry dziękuję za pomoc.

#2

W panelu sterowania odinstaluj:

BBQLeads

Consumer Input

Converter Free Online version 9.17

Wklej do systemowego notatnika i zapisz jako plik tekstowy o nazwie fixlist :

CloseProcesses:
HKLM\...\Run: [Shop For Rewards] => C:\Program Files\Shop For Rewards\vbsprn.exe
HKLM\...\Run: [Shop For Rewards64] => C:\Program Files\Shop For Rewards\vbsprn64.exe
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [WinCheck] => C:\Users\Ania\AppData\Local\wincheck\wincheck.exe
HKU\S-1-5-19\...\RunOnce: [] => [X]
HKU\S-1-5-20\...\RunOnce: [] => [X]
HKU\S-1-5-21-3355558870-2079871683-2967084349-1000\...\RunOnce: [] => [X]
HKU\S-1-5-21-3355558870-2079871683-2967084349-1000\...\Policies\system: [EnableLUA] 1
HKU\S-1-5-21-3355558870-2079871683-2967084349-1002\...\Run: [CFO] => C:\Program Files (x86)\Converter Free Online\Taskbar.exe [56952 2014-09-02] ()
HKU\S-1-5-21-3355558870-2079871683-2967084349-1002\...\Run: [BBQLeadsApplication] => C:\Program Files (x86)\bbqleads\BBQLeadsApplication.exe [378880 2014-11-27] (Microsoft)
HKU\S-1-5-21-3355558870-2079871683-2967084349-1002\...\Run: [SwvUpdtr] => C:\Users\Ania\AppData\Local\26977\Updater.exe [816640 2014-12-20] ()
HKU\S-1-5-21-3355558870-2079871683-2967084349-1002\...\Policies\system: [EnableLUA] 1
HKU\S-1-5-18\...\RunOnce: [] => [X]
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
ProxyServer: [S-1-5-21-3355558870-2079871683-2967084349-1002] => http=127.0.0.1:8800;https=127.0.0.1:8800
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
SearchScopes: HKLM -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL = 
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: ConverterFreeOnline -> {C37441D1-E3E2-4733-BA49-FB8C35629E5B} -> C:\Program Files (x86)\Converter Free Online\ConverterFreeOnline_x64.dll ()
BHO-x32: ConverterFreeOnline -> {C37441D1-E3E2-4733-BA49-FB8C35629E5B} -> C:\Program Files (x86)\Converter Free Online\ConverterFreeOnline.dll ()
FF HKLM-x32\...\Firefox\Extensions: [avg@toolbar] - C:\ProgramData\AVG Secure Search\FireFoxExt\17.3.0.49
FF HKLM\...\Firefox\Extensions: [{BF883488-0379-470e-8BF2-C5D1F3828428}] - C:\Program Files\Shop For Rewards\Firefox
FF Plugin-x32: @UtilityChest_49.com/Plugin -> C:\Program Files (x86)\UtilityChest_49\bar\1.bin\NP49Stub.dll No File
FF HKLM-x32\...\Firefox\Extensions: [{BF883488-0379-470e-8BF2-C5D1F3828428}] - C:\Program Files\Shop For Rewards\Firefox
FF HKU\S-1-5-21-3355558870-2079871683-2967084349-1002\...\Firefox\Extensions: [ConsumerInput@Compete] - C:\Program Files (x86)\Consumer Input\Firefox\ciff-3.2.0-12039.xpi
CHR HomePage: Default -> hxxp://vosteran.com/?f=1&a=&cd=&cr=&ir=
CHR StartupUrls: Default -> "hxxp://vosteran.com/?f=7&a=&cd=&cr=&ir=",
CHR DefaultSearchKeyword: Default -> vosteran.com
CHR DefaultSearchURL: Default -> http://Vosteran.com/results.php?f=4&q={searchTerms}&a=vst_ir_14_50_ie&cd=2XzuyEtN2Y1L1Qzu0CtBtCzzzzyD0B0Fzz0AtDtA0B0D0AtAtN0D0Tzu0StCtDyByBtN1L2XzutAtFyCtFtCtDtFyBtN1L1CzutCyEtBzytDyD1V1BtN1L1G1B1V1N2Y1L1Qzu2StD0BtC0B0AyC0F0AtGtD0A0E0EtGyB0DyEyDtG0AtDtCyEtGyByEtCyC0D0D0D0FtDtA0B0C2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyBtAtAzz0ByEtCzztG0DzztCzztGyE0FzyzztGzy0CtBtBtGyEyD0CyCyC0BtC0FzyyEyCyC2Q&cr=851840970&ir=
CHR Extension: (imflhicibaneljgphmfahdknpmidflel) - C:\Users\Ania\AppData\Local\Google\Chrome\User Data\Default\Extensions\imflhicibaneljgphmfahdknpmidflel [2015-01-03]
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [50976 2014-08-11] (AVG Technologies)
R1 cherimoya; C:\Windows\System32\drivers\cherimoya.sys [60376 2014-11-23] (Cherimoya Ltd)
C:\AdwCleaner
C:\Windows\system32\drivers\avgtpx64.sys
C:\ProgramData\1078601655
C:\Users\Ania\AppData\Local\26977
C:\Users\Ania\AppData\Local\26977
C:\user.js
C:\Users\Ania\AppData\Local\wincheck
C:\Program Files (x86)\Converter Free Online
C:\Windows\system32\Drivers\cherimoya.sys
C:\ProgramData\bbqleads
C:\Program Files (x86)\bbqleads
C:\Users\Ania\AppData\Roaming\Compete
C:\Users\Public\Temp
C:\ProgramData\FcKOOHBQLU
C:\Users\Ania\AppData\Local\dsisetup24517422.exe
CustomCLSID: HKU\S-1-5-21-3355558870-2079871683-2967084349-1002_Classes\CLSID\{F6BF8414-962C-40FE-90F1-B80A7E72DB9A}\InprocServer32 -> C:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8}\d3d10core.dll (Microsoft Corporation)
C:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8}
Task: {28AF503F-6039-41F0-8719-C70EE1BA3184} - System32\Tasks\BBQLeads => C:\Program Files (x86)\bbqleads\ScheduledTask.exe [2014-11-27] ()
Task: {43899CF7-2028-4AD8-A5DA-B3A73AD5567E} - System32\Tasks\SrvDaily => C:\Program Files\Shop For Rewards\stc.bat
 C:\Program Files\Shop For Rewards
Task: {ADAF2BB0-B3DA-4C79-9437-5EF18207035D} - System32\Tasks\ConsumerInputUpdateTaskMachineUA => C:\Program Files (x86)\Consumer Input\Update\ConsumerInputUpdate.exe
Task: {CD6D7866-A7DA-45D5-84F3-DC2CD76C8294} - System32\Tasks\CIMT_daily_S-1-5-21-3355558870-2079871683-2967084349-1002 => C:\Program Files (x86)\Consumer Input\Monitoring\dca-monitoring.exe
Task: {D2F8086B-CCA9-49C4-ACC0-8DA55787753F} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express Self Updater\ExpressSelfUpdater.exe [2014-08-27] ()
Task: {DBA8A51F-1BE4-4A19-826D-63282D13E6B8} - System32\Tasks\0814tbUpdateInfo => C:\ProgramData\Avg_Update_0814tb\0814tb_{54FCD19E-AD8A-41E4-93A6-35758B2F4F59}.exe [2014-08-26] ()
Task: C:\Windows\Tasks\CIMT_daily_S-1-5-21-3355558870-2079871683-2967084349-1002.job => C:\Program Files (x86)\Consumer Input\Monitoring\dca-monitoring.exe
Task: C:\Windows\Tasks\CIMT_S-1-5-21-3355558870-2079871683-2967084349-1002.job => C:\Program Files (x86)\Consumer Input\Monitoring\dca-monitoring.exe
Task: C:\Windows\Tasks\ConsumerInputUpdateTaskMachineCore.job => C:\Program Files (x86)\Consumer Input\Update\ConsumerInputUpdate.exe
Task: C:\Windows\Tasks\ConsumerInputUpdateTaskMachineUA.job => C:\Program Files (x86)\Consumer Input\Update\ConsumerInputUpdate.exe
EmptyTemp:

Uruchom FRST i kliknij Fix. Pokaż raport z usuwania Fixlog.

Kliknij Scan i pokaż nowy raport z FRST bez Addition.

#3

Fixlog: http://wklej.org/id/1585338/

#4

Skasuj folder C:\FRST

Usuń stare punkty przywracania: Aby usunąć wszystkie punkty przywracania

Dysk przeskanuj Malwarebytes Anti-Malware

Podczas instalacji usuń zaznaczenie przy Uruchom okres testowy Malwarebytes Anti-Malware Premium.

http://wstaw.org/m/2014/03/25/2014-03-25_123039.png

Język PL > Settings > General Settings > Language > Polish

Odinstaluj:

Adobe Flash Player 15 ActiveX

Adobe Reader

Zainstaluj:

Flash Player 16.0.0.235 ActiveX

Adobe Reader XI 11.0.10

#5

Zrobione !