Problem z strong signal ;_;


(Anonimowyczlowiek999) #1

Witam od wczoraj mój komputer został zaatakowany przez spam o nazwie strong signal który przeszkadza niesamowicie, czy ktoś byłby w stanie pomóc?


(Acorus) #2

http://forum.dobreprogramy.pl/farbar-recovery-scan-tool-raport-obowiązkowy-t478727/


(Anonimowyczlowiek999) #3

http://www.wklej.org/id/1701581/

http://www.wklej.org/id/1701582/


(Acorus) #4

Odinstaluj omiga-plus uninstall,SpyHunter 4.Otwórz notatnik systemowy i wklej:

Task: {8369A7A1-731C-437F-A61B-3390CA938F64} - System32\Tasks\SpyHunter4Startup = C:\Program Files\Enigma Software Group\SpyHunter\Spyhunter4.exe [2015-05-01] (Enigma Software Group USA, LLC.)
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
GroupPolicy: Group Policy on Chrome detected ======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction ======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://isearch.omiga-plus.com/web/?type=dsts=1419790392from=coruid=WDCXWD10JPVX-75JC3T0_WX71E34TRP72E34TRP72q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://isearch.omiga-plus.com/web/?type=dsts=1419790392from=coruid=WDCXWD10JPVX-75JC3T0_WX71E34TRP72E34TRP72q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://isearch.omiga-plus.com/?type=hpts=1419790392from=coruid=WDCXWD10JPVX-75JC3T0_WX71E34TRP72E34TRP72
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://isearch.omiga-plus.com/?type=hpts=1419790392from=coruid=WDCXWD10JPVX-75JC3T0_WX71E34TRP72E34TRP72
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://isearch.omiga-plus.com/web/?type=dsts=1419790392from=coruid=WDCXWD10JPVX-75JC3T0_WX71E34TRP72E34TRP72q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://isearch.omiga-plus.com/web/?type=dsts=1419790392from=coruid=WDCXWD10JPVX-75JC3T0_WX71E34TRP72E34TRP72q={searchTerms}
HKU\S-1-5-21-4203217150-2517139480-3474087049-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-4203217150-2517139480-3474087049-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://isearch.omiga-plus.com/?type=hpts=1419790392from=coruid=WDCXWD10JPVX-75JC3T0_WX71E34TRP72E34TRP72
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://isearch.omiga-plus.com/web/?type=dsts=1419790392from=coruid=WDCXWD10JPVX-75JC3T0_WX71E34TRP72E34TRP72q={searchTerms}
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://isearch.omiga-plus.com/web/?type=dsts=1419790392from=coruid=WDCXWD10JPVX-75JC3T0_WX71E34TRP72E34TRP72q={searchTerms}
SearchScopes: HKLM-x32 - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://isearch.omiga-plus.com/web/?type=dsts=1419790392from=coruid=WDCXWD10JPVX-75JC3T0_WX71E34TRP72E34TRP72q={searchTerms}
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://isearch.omiga-plus.com/web/?type=dsts=1419790392from=coruid=WDCXWD10JPVX-75JC3T0_WX71E34TRP72E34TRP72q={searchTerms}
SearchScopes: HKU\S-1-5-21-4203217150-2517139480-3474087049-1001 - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://isearch.omiga-plus.com/web/?type=dsts=1419790392from=coruid=WDCXWD10JPVX-75JC3T0_WX71E34TRP72E34TRP72q={searchTerms}
BHO-x32: Strong Signal - {c723a437-2eaf-466d-a95b-3fa0966bf88c} - C:\Program Files (x86)\Strong Signal\Extensions\c723a437-2eaf-466d-a95b-3fa0966bf88c.dll [2015-03-18] ()
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe http://isearch.omiga-plus.com/?type=scts=1419790392from=coruid=WDCXWD10JPVX-75JC3T0_WX71E34TRP72E34TRP72
OPR Extension: (Strong Signal) - C:\Users\JA\AppData\Roaming\Opera Software\Opera Stable\Extensions\ccdbmmgcjoehfmgnfikopjehmfbbgnef [2015-05-01]
OPR Extension: (AdBlock with CatBlock) - C:\Users\JA\AppData\Roaming\Opera Software\Opera Stable\Extensions\pejeadkbfbppoaoinpmkeonebmngpnkk [2015-05-01]
R2 SpyHunter 4 Service; C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe [1026432 2015-05-01] (Enigma Software Group USA, LLC.)
R2 Update Mgr StrongSignal; C:\Program Files (x86)\Common Files\0780f478-67ce-4ec3-98db-39a65f4618ce\updater.exe [478992 2015-05-01] ()
R2 WindowsMangerProtect; C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe [485888 2014-12-28] (Fuyu LIMITED) [File not signed] ==== ATTENTION
R1 {2c7e9044-6b3b-4ecc-9224-8b8c893f6fc1}w64; C:\Windows\System32\drivers\{2c7e9044-6b3b-4ecc-9224-8b8c893f6fc1}w64.sys [48792 2015-01-01] (StdLib)
R1 {82adbb5d-7d8c-4f2d-9936-53071e499858}w64; C:\Windows\System32\drivers\{82adbb5d-7d8c-4f2d-9936-53071e499858}w64.sys [48792 2015-01-02] (StdLib)
R1 {a081059f-4e06-4f49-9a1e-4b92e171ba25}w64; C:\Windows\System32\drivers\{a081059f-4e06-4f49-9a1e-4b92e171ba25}w64.sys [48792 2015-01-05] (StdLib)
U2 McMPFSvc; No ImagePath
S1 {8fb4e628-35c6-4275-89be-ce3462febcc4}w64; system32\drivers\{8fb4e628-35c6-4275-89be-ce3462febcc4}w64.sys [X]
S1 {f17a6425-9752-4042-9063-36eef24d8b77}Gw64; system32\drivers\{f17a6425-9752-4042-9063-36eef24d8b77}Gw64.sys [X]
2015-05-01 14:15 - 2015-05-01 14:15 - 00003314 _____ () C:\Windows\System32\Tasks\SpyHunter4Startup
2015-05-01 14:15 - 2015-05-01 14:15 - 00001105 _____ () C:\Users\JA\Desktop\SpyHunter.lnk
2015-05-01 14:15 - 2015-05-01 14:15 - 00000000 ____ D () C:\Users\JA\AppData\Roaming\Enigma Software Group
2015-05-01 14:15 - 2015-05-01 14:15 - 00000000 _____ () C:\autoexec.bat
2015-05-01 14:14 - 2015-05-01 14:15 - 00000000 ____ D () C:\sh4ldr
2015-05-01 14:13 - 2015-05-01 14:13 - 00022704 _____ () C:\Windows\system32\Drivers\EsgScanner.sys
2015-05-01 14:12 - 2015-05-01 14:12 - 03109248 _____ (Enigma Software Group USA, LLC.) C:\Users\JA\Downloads\SpyHunter-Installer.exe
2015-05-01 14:12 - 2015-05-01 14:12 - 00000000 ____ D () C:\Program Files\Enigma Software Group
C:\Users\JA\update-theforest.bat
EmptyTemp:

Plik zapisz pod nazwą fixlist.txt i umieść obok FRST w tym samym folderze.


(Anonimowyczlowiek999) #5

A jeśli nie mogę odinstalować spyhuntera?


(Joachimiak Marcin) #6

Fixlist wstaw w folderze gdzie masz umieszczonego FRST, wtedy go znajdzie.


(Anonimowyczlowiek999) #7

Spójrz

post-278074-0-30931200-1430637918_thumb.


(Acorus) #8

Masz umieścić tam gdzie jest FRST czyli C:\Users\JA\Downloads