Stron Signal ads - prośba o pomoc

Dla specjalistów Bezpieczeństwo
#1

Witam, po aktualizacji Opery coś takiego wlazło mi na komputer, nie mam pojęcia jak sobie z tym poradzić, desperacko proszę o pomoc. W załączniku dołączam logi

http://www.wklej.org/id/1700976/ FRST

http://www.wklej.org/id/1700979/ ADDITION

http://www.wklej.org/id/1700980/ SHORTCUT

FRST.txt

Addition.txt

Shortcut.txt

#2

Otwórz notatnik systemowy i wklej:

Task: {00FF051E-078E-4036-B4F6-D1D6128BBC20} - System32\Tasks\MaxigetUpdaterTaskMachineUA = C:\Program Files (x86)\Maxiget\Updater\MaxigetUpdater.exe ==== ATTENTION
Task: {D11E2651-C8C6-4997-B045-512603F95228} - System32\Tasks\MaxigetUpdaterTaskMachineCore = C:\Program Files (x86)\Maxiget\Updater\MaxigetUpdater.exe ==== ATTENTION
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1473270785-3277401530-1579951246-1001Core.job = C:\Users\as\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\MaxigetUpdaterTaskMachineCore.job = C:\Program Files (x86)\Maxiget\Updater\MaxigetUpdater.exe ==== ATTENTION
Task: C:\Windows\Tasks\MaxigetUpdaterTaskMachineUA.job = C:\Program Files (x86)\Maxiget\Updater\MaxigetUpdater.exe ==== ATTENTION
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-1473270785-3277401530-1579951246-1001\...\Run: [Facebook Update] = C:\Users\as\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2014-10-26] (Facebook Inc.)
HKU\S-1-5-21-1473270785-3277401530-1579951246-1001\...\Run: [MaxigetMasterUpdate] = "C:\Users\as\AppData\Roaming\Maxiget\Master\Updater\MasterUpdater.exe" -autorun
GroupPolicy: Group Policy on Chrome detected ======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction ======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://q.search-simple.com/?affID=bl_9e67c56b-b52c-48e1-8405-7be6fd117bba
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-1473270785-3277401530-1579951246-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://q.search-simple.com/?affID=bl_9e67c56b-b52c-48e1-8405-7be6fd117bba
SearchScopes: HKLM - {3AD30CC6-D18D-45E4-9A55-0925B04AC914} URL = http://q.search-simple.com/?affID=bl_9e67c56b-b52c-48e1-8405-7be6fd117bbaq={searchTerms}
SearchScopes: HKU\.DEFAULT - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1473270785-3277401530-1579951246-1001 - OldSearch URL =
SearchScopes: HKU\S-1-5-21-1473270785-3277401530-1579951246-1001 - {3AD30CC6-D18D-45E4-9A55-0925B04AC914} URL = http://q.search-simple.com/?affID=bl_9e67c56b-b52c-48e1-8405-7be6fd117bbaq={searchTerms}
BHO: UniDeals - {80b072ba-81a1-4178-b9bc-963778a5688e} - C:\Program Files (x86)\UniDeals\SZUyQzeUKHfVZW.x64.dll No File
BHO-x32: Strong Signal - {c723a437-2eaf-466d-a95b-3fa0966bf88c} - C:\Program Files (x86)\Strong Signal\Extensions\c723a437-2eaf-466d-a95b-3fa0966bf88c.dll No File
CHR RestoreOnStartup: Default - "hxxp://search.yahoo.com/?fr=hp-ddc-bdtype=bg_616_bl-is-15 __alt__ ddc_dsssyc_bd_com"
CHR StartupUrls: Default - "hxxp://search.yahoo.com/?fr=hp-ddc-bdtype=bg_616_bl-is-15 __alt__ ddc_dsssyc_bd_com"
CHR Extension: (Strong Signal) - C:\Users\as\AppData\Local\Google\Chrome\User Data\Default\Extensions\jahepoliaomnhnejhcjbapfailjpapek [2015-03-12]
CHR HKLM\...\Chrome\Extension: [jeaohhlajejodfjadcponpnjgkiikocn] - C:\Users\as\AppData\Local\Temp\Rar$EXa0.365\crack\IDMGCExt.crx [Not Found]
OPR StartupUrls: "hxxp://search.yahoo.com/?fr=hp-ddc-bdtype=bg_616_bl-is-18 __alt__ ddc_dsssyc_bd_com"
OPR Extension: (Strong Signal) - C:\Users\as\AppData\Roaming\Opera Software\Opera Stable\Extensions\jahepoliaomnhnejhcjbapfailjpapek [2015-05-01]
S2 mglupdate; C:\Program Files (x86)\Maxiget\Updater\MaxigetUpdater.exe /svc [X]
S3 mglupdatem; C:\Program Files (x86)\Maxiget\Updater\MaxigetUpdater.exe /medsvc [X]
U2 McMPFSvc; No ImagePath
2015-05-01 13:22 - 2015-05-01 13:24 - 00000000 ____ D () C:\AdwCleaner
EmptyTemp:

Plik zapisz pod nazwą fixlist.txt i umieść obok FRST w tym samym folderze.

#3

Super, dziękuję bardzo, problem rozwiązany :slight_smile:

#4

Skasuj folder C:\FRST