Spam Strong Signal Ads POMOCY


(Agaciia2309) #1

Pomocy!

 

Problem pojawił się już jakiś czas temu, ale niestety go zbagatelizowałam, a teraz nie można już prawie nic zrobić ciągle milion reklam i przełączanie na inne strony co uniemożliwia jakąkolwiek pracę.. Zrobiłam zalecany scan, przesyłam wyniki, pomóżcie :frowning:

 

 

http://wklej.org/id/1743297/

 

 

http://wklej.org/id/1743298/


(Atis) #2

W panelu sterowania odinstaluj McAfee Security Scan Plus.

Pobierz i uruchom AdwCleaner Kliknij Skanuj i później Usuń.

Kliknij Scan i pokaż nowy raport z FRST bez Addition i Shortcut.


(Acorus) #3

Odinstaluj ASUS WebStorage.Otwórz notatnik systemowy i wklej:

CloseProcesses:
HKLM\...\Run: [EeeStorageBackup] => C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe [1732608 2009-11-26] ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2015-03-21]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.istartsurf.com/web/?type=ds&ts=1434574729&z=1dfe437d7f187793696e06ag4z2cezew5mdzcm6obc&from=cornl&uid=3219913727_67194_806E3062&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.istartsurf.com/web/?type=ds&ts=1434574729&z=1dfe437d7f187793696e06ag4z2cezew5mdzcm6obc&from=cornl&uid=3219913727_67194_806E3062&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.istartsurf.com/web/?type=ds&ts=1434574729&z=1dfe437d7f187793696e06ag4z2cezew5mdzcm6obc&from=cornl&uid=3219913727_67194_806E3062&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.istartsurf.com/web/?type=ds&ts=1434574729&z=1dfe437d7f187793696e06ag4z2cezew5mdzcm6obc&from=cornl&uid=3219913727_67194_806E3062&q={searchTerms}
HKU\S-1-5-21-4082598902-313539552-2744866490-1001\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.delta-homes.com/web/?type=ds&ts=1432152157&z=fc8b4df7d5a7bd997361c44g0z5c2o3g3waoagfw8q&from=wpm05203&uid=3219913727_67194_806E3062&q={searchTerms}
SearchScopes: HKLM -> OldSearch URL =
SearchScopes: HKU\S-1-5-21-4082598902-313539552-2744866490-1001 -> OldSearch URL = http://do-search.com/web/?utm_source=b&utm_medium=&utm_campaign=install_ie&utm_content=ds&from=&uid=ST500DM002-1BC142_W2A27G6AXXXXW2A27G6A&ts=1420373293&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-4082598902-313539552-2744866490-1001 -> {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = http://do-search.com/web/?utm_source=b&utm_medium=&utm_campaign=install_ie&utm_content=ds&from=&uid=ST500DM002-1BC142_W2A27G6AXXXXW2A27G6A&ts=1420373293&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-4082598902-313539552-2744866490-1001 -> {E733165D-CBCF-4FDA-883E-ADEF965B476C} URL = http://do-search.com/web/?utm_source=b&utm_medium=&utm_campaign=install_ie&utm_content=ds&from=&uid=ST500DM002-1BC142_W2A27G6AXXXXW2A27G6A&ts=1420373293&type=default&q={searchTerms}
BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll [2014-04-09] (McAfee, Inc.)
BHO-x32: IETabPage Class -> {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} -> C:\Program Files (x86)\XTab\SupTab.dll No File
BHO-x32: Strong Signal -> {c723a437-2eaf-466d-a95b-3fa0966bf88c} -> C:\Program Files (x86)\Strong Signal\Extensions\c723a437-2eaf-466d-a95b-3fa0966bf88c.dll No File
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll No File
Toolbar: HKU\S-1-5-21-4082598902-313539552-2744866490-1001 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe http://www.delta-homes.com/?type=sc&ts=1432152157&z=fc8b4df7d5a7bd997361c44g0z5c2o3g3waoagfw8q&from=wpm05203&uid=3219913727_67194_806E3062
FF DefaultSearchEngine: istartsurf
FF Keyword.URL: hxxp://search.yahoo.com/yhs/search?hspart=ddc&hsimp=yhs-ddc_bd&type=bg_616_bl-is-22 __alt__ ddc_dss_bd_com&p={searchTerms}
FF SearchPlugin: C:\Users\Agatka\AppData\Roaming\Mozilla\Firefox\Profiles\fre6bmjo.default\searchplugins\delta-homes.xml [2015-06-17]
FF SearchPlugin: C:\Users\Agatka\AppData\Roaming\Mozilla\Firefox\Profiles\fre6bmjo.default\searchplugins\do-search.xml [2015-03-31]
FF SearchPlugin: C:\Users\Agatka\AppData\Roaming\Mozilla\Firefox\Profiles\fre6bmjo.default\searchplugins\istartsurf.xml [2015-06-17]
FF Extension: FF Toolbar - C:\Users\Agatka\AppData\Roaming\Mozilla\Firefox\Profiles\fre6bmjo.default\Extensions\fftoolbar2014@etech.com [2015-05-20]
FF Extension: Fast Start - C:\Users\Agatka\AppData\Roaming\Mozilla\Firefox\Profiles\fre6bmjo.default\Extensions\istart_ffnt@gmail.com [2015-03-31]
FF Extension: QuickSearch - C:\Users\Agatka\AppData\Roaming\Mozilla\Firefox\Profiles\fre6bmjo.default\Extensions\quick_searchff@gmail.com [2015-05-20]
FF Extension: Search Enginer - C:\Users\Agatka\AppData\Roaming\Mozilla\Firefox\Profiles\fre6bmjo.default\Extensions\searchengine@gmail.com [2015-03-31]
FF Extension: Strong Signal - C:\Users\Agatka\AppData\Roaming\Mozilla\Firefox\Profiles\fre6bmjo.default\Extensions\{7ed5e138-ac26-4542-adc5-765dee01c1f8}.xpi [2015-05-20]
FF HKLM-x32\...\Firefox\Extensions: [searchengine@gmail.com] - C:\Users\Agatka\AppData\Roaming\Mozilla\Firefox\Profiles\fre6bmjo.default\extensions\searchengine@gmail.com
FF HKLM-x32\...\Firefox\Extensions: [istart_ffnt@gmail.com] - C:\Users\Agatka\AppData\Roaming\Mozilla\Firefox\Profiles\fre6bmjo.default\extensions\istart_ffnt@gmail.com
FF HKLM-x32\...\Firefox\Extensions: [fftoolbar2014@etech.com] - C:\Users\Agatka\AppData\Roaming\Mozilla\Firefox\Profiles\fre6bmjo.default\extensions\fftoolbar2014@etech.com
FF HKLM-x32\...\Firefox\Extensions: [quick_searchff@gmail.com] - C:\Users\Agatka\AppData\Roaming\Mozilla\Firefox\Profiles\fre6bmjo.default\extensions\quick_searchff@gmail.com
FF HKU\S-1-5-21-4082598902-313539552-2744866490-1001\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: McAfee Security Scan Plus - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]
CHR HKLM-x32\...\Chrome\Extension: [bopakagnckmlgajfccecajhnimjiiedh] - http://clients2.google.com/service/update2/crx
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
R2 Service Mgr StrongSignal; C:\ProgramData\0780f478-67ce-4ec3-98db-39a65f4618ce\PluginContainer.exe [651536 2015-06-21] ()
R2 Update Mgr StrongSignal; C:\Program Files (x86)\Common Files\0780f478-67ce-4ec3-98db-39a65f4618ce\updater.exe [575760 2015-06-21] ()
S3 AmUStor; system32\drivers\AmUStor.SYS [X]
S3 IntcAzAudAddService; system32\drivers\RTKVHD64.sys [X]
U3 tmlwf; No ImagePath
U3 tmwfp; No ImagePath
2015-06-17 23:00 - 2015-06-17 23:01 - 00000000 ____ D C:\Program Files (x86)\MiuiTab
2015-06-17 21:37 - 2015-06-17 21:37 - 00713312 _____ (Internet ) C:\Users\Agatka\Downloads\PRO100(12274)-dp.exe
EmptyTemp:

Plik zapisz pod nazwą fixlist.txt i umieść obok FRST w tym samym folderze.


(Agaciia2309) #4

 

nowy FRST : http://wklej.org/id/1743510/

 

raport z AdwCleanera : http://wklej.org/id/1743504/

 

Już teraz nic nie występuje, napiszcie proszę czy udało się usunąć to beznadziejstwo w pełni i jak na przyszłość ustrzec się przed podobnymi problemami? Jakieś specjalne antywirusy?

 

Z góry dziękuje za odpowiedzi!

Dorzucam jeszcze screen panelu sterowania z dzisiaj - jeśli ktoś będzie mógł niech sprawdzi czy mam coś jeszcze usunąć.

 

Pozdrawiam i jeszcze raz wielkie dzięki!


(Atis) #5

Wklej do systemowego notatnika i zapisz jako plik tekstowy o nazwie fixlist :

SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
2015-06-21 18:55 - 2015-06-21 18:57 - 00000000 ____ D C:\AdwCleaner
2009-12-26 01:45 - 2009-12-26 01:46 - 0000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
2009-12-26 01:45 - 2009-12-26 01:45 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
DeleteQuarantine:

Uruchom FRST i kliknij Fix. Skasuj folder C:\FRST

Dysk przeskanuj Malwarebytes Anti-Malware

Podczas instalacji usuń zaznaczenie przy Uruchom okres testowy Malwarebytes Anti-Malware Premium.

http://wstaw.org/m/2014/03/25/2014-03-25_123039.png

Język PL > Settings > General Settings > Language > Polish

Przeczytaj w jaki sposób należy instalować programy: KLIK - KLIK - KLIK - KLIK