Strong Signal ads


(Michuh99) #1

Mam problem z tym wirusem.

FRST: http://wklej.org/id/1712928/

Addition: http://wklej.org/id/1712930/

 

Proszę o szybką pomoc.

 


(Atis) #2

W panelu sterowania odinstaluj SpyHunter 4 i YAC Yet Another Cleaner.

Usuń szkodliwe rozszerzenia w przeglądarce Firefox i Opera. Usuń szkodliwe rozszerzenie. W pasek adresu wpisz: opera:extensions

Pobierz i uruchom AdwCleaner Kliknij Scan i później Cleaning.

 

Odinstaluj Chrome zaznaczając usunięcie danych przeglądania za pomocą Geek Uninstaller Free: KLIK

Najpierw możesz wyeksportować zakładki: KLIK

Później zainstaluj stabilną wersję: KLIK

Kliknij Scan i pokaż nowy raport z FRST bez Addition i Shortcut.


(Michuh99) #3

http://wklej.org/id/1713466/


(Atis) #4

Ja napisałem, że masz użyć najnowszej wersji AdwCleaner pobranej z strony producenta.

Później pokaż nowy log FRST.txt oraz Addition.txt


(Michuh99) #5

FRST: http://wklej.org/id/1713484/

Addition: http://wklej.org/id/1713485/


(Atis) #6

Nie cytuj moich odpowiedzi.

Wklej do systemowego notatnika i zapisz jako plik tekstowy o nazwie fixlist :

CloseProcesses:
HKU\S-1-5-18\...\RunOnce: [WLStart] => C:\Program Files (x86)\Windows Live\Installer\wlstart.exe [785744 2009-07-26] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [EnhancedStorageShell] -> {D9144DCD-E998-4ECA-AB6A-DCD83CCBA16D} => No File
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-4069963607-555104463-568858475-1003\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll No File
BHO-x32: No Name -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> No File
BHO-x32: No Name -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> No File
BHO-x32: No Name -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> No File
BHO-x32: No Name -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> No File
BHO-x32: No Name -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> No File
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll No File
Toolbar: HKU\S-1-5-21-4069963607-555104463-568858475-1003 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
FF Extension: CinemaPlus-3.2cV16.05 - C:\Users\Michał\AppData\Roaming\Mozilla\Firefox\Profiles\rfuahorp.default\Extensions\d4db60df25f14dae9dd18@185c395f9e794c9ab86be3eb.com [2015-05-16]
R2 lurelide; C:\Users\Michał\AppData\Roaming\Failed to create IWbemLocator object. Error code = 0x-1431806691---\hnsp8076.tmp [396288 2015-05-16] () [File not signed]
R2 sudogiqi; C:\Users\Michał\AppData\Roaming\Failed to create IWbemLocator object. Error code = 0x-1431806691---\jnsp6B6E.tmp [235520 2015-05-16] () [File not signed]
S2 Update Mgr StrongSignal; C:\Program Files (x86)\Common Files\0780f478-67ce-4ec3-98db-39a65f4618ce\updater.exe [478992 2015-05-16] ()
R2 dezojici; C:\Users\Michał\AppData\Roaming\Failed to create IWbemLocator object. Error code = 0x-1431806691---\nsf3FF6.tmpfs [X]
S2 McAfee SiteAdvisor Service; c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe [X]
S2 NvNetworkService; "C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe" [X]
S2 Util Edu App; "C:\Program Files (x86)\Edu App\bin\utilEduApp.exe" [X]
S2 Util Ski Search; "C:\Program Files (x86)\Ski Search\bin\utilSkiSearch.exe" [X]
S3 BRDriver64_1_3_3_E02B25FC; \??\C:\ProgramData\BitRaider\support\1.3.3\E02B25FC\BRDriver64.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 EagleX64; \??\C:\windows\system32\drivers\EagleX64.sys [X]
U2 IviRegMgr; No ImagePath
U3 RichVideo; No ImagePath
S3 X6va022; \??\C:\windows\SysWOW64\Drivers\X6va022 [X]
C:\Program Files (x86)\Common Files\0780f478-67ce-4ec3-98db-39a65f4618ce
2015-05-16 22:40 - 2015-05-16 22:40 - 00613255 _____ (CMI Limited) C:\Users\Michał\AppData\Local\nsy6573.tmp
2015-05-16 22:38 - 2015-05-16 22:38 - 00001010 _____ () C:\windows\Tasks\Q6EOVmGeAuHGXZMgt.job
2015-05-16 22:29 - 2015-05-16 22:29 - 00737200 _____ (Web ) C:\Users\Michał\Downloads\pobierz_Yac_pc_cleaner_V5.6.92.exe
2015-05-16 22:08 - 2015-05-16 22:08 - 00000000 ____ D () C:\Users\Michał\Downloads\FRST-OlderVersion
2015-05-16 22:05 - 2015-05-16 11:33 - 00000027 _____ () C:\windows\system32\Drivers\etc\hp.bak
C:\Users\Michał\AppData\Roaming\Failed to create IWbemLocator object. Error code = 0x-1431806691---
2015-05-16 08:11 - 2015-05-16 23:35 - 00000000 ____ D () C:\AdwCleaner
2015-05-16 08:03 - 2015-05-16 08:10 - 00000000 ____ D () C:\ProgramData\0780f478-67ce-4ec3-98db-39a65f4618ce
2014-09-01 10:18 - 2015-05-15 22:42 - 0000365 _____ () C:\Users\Michał\AppData\Roaming\PIFSUAL
2014-09-01 10:18 - 2014-09-01 10:18 - 0002086 _____ () C:\Users\Michał\AppData\Roaming\PXIWRHW
2015-04-14 18:28 - 2015-04-14 18:28 - 0004387 _____ () C:\Users\Michał\AppData\Roaming\Q6EOVmGeAuHGXZMgt
C:\Users\Michał\AppData\Roaming\*.exe
CustomCLSID: HKU\S-1-5-21-4069963607-555104463-568858475-1003_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\Michał\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-4069963607-555104463-568858475-1003_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Michał\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-4069963607-555104463-568858475-1003_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Michał\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-4069963607-555104463-568858475-1003_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Michał\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll No File
Task: {0138B5B2-21FD-426C-ACB4-CE7E70590E6F} - System32\Tasks\Bidaily Synchronize Task[pr] => c:\programdata\{03366dc7-4595-74fa-0336-66dc7459b71d}\crack(2).exe <==== ATTENTION
Task: {38987291-30A4-4809-A532-CE621573D12F} - System32\Tasks\{7D019652-7E06-42B9-85F6-1CFB95668B3B} => C:\Users\Michał\Downloads\winrar-x64-501.exe
Task: {78F0E7F4-EF71-4428-BF89-292AE917B0CF} - System32\Tasks\Windows Update Check - 0x0E5602E0 => C:\ProgramData\Windows <==== ATTENTION
Task: {CB97ECA0-69B9-42ED-A6ED-47930C9961E8} - System32\Tasks\{3747305C-68E1-4ABA-BF53-B4262CE6F2BB} => C:\Users\Michał\Downloads\winrar-x64-501.exe
Task: {CDA8D719-AD29-47FA-9611-7BA2DFEF50FF} - System32\Tasks\{A0253345-C9D5-44F8-8C5F-35531964B57A} => pcalua.exe -a E:\DirectX\DXSETUP.exe -d E:\DirectX
Task: C:\windows\Tasks\Bidaily Synchronize Task[pr].job => c:\programdata\{03366dc7-4595-74fa-0336-66dc7459b71d}\crack(2).exe <==== ATTENTION
Task: C:\windows\Tasks\Q6EOVmGeAuHGXZMgt.job => C:\Users\Michaý˙\AppData\Roaming\Q6EOVmGeAuHGXZMgt.exe <==== ATTENTION
c:\programdata\{03366dc7-4595-74fa-0336-66dc7459b71d}
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MpfService => ""="Service"
EmptyTemp:

Uruchom FRST i kliknij Fix. Pokaż raport z usuwania Fixlog.

Kliknij Scan i pokaż nowy raport z FRST bez Addition i Shortcut.


(Michuh99) #7

Fixlog: http://wklej.org/id/1713529/

 

FRST: http://wklej.org/id/1713531/


(Atis) #8

Wklej do systemowego notatnika i zapisz jako plik tekstowy o nazwie fixlist :

S3 DAUpdaterSvc; C:\Program Files (x86)\Origin Games\Dragon Age\\bin_ship\daupdatersvc.service.exe [X]
2015-05-16 11:42 - 2015-05-16 11:42 - 00027891 _____ () C:\ComboFix.txt
2015-05-16 11:14 - 2011-06-26 08:45 - 00256000 _____ () C:\windows\PEV.exe
2015-05-16 11:14 - 2010-11-07 19:20 - 00208896 _____ () C:\windows\MBR.exe
2015-05-16 11:14 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\windows\NIRCMD.exe
2015-05-16 11:14 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\windows\SWREG.exe
2015-05-16 11:14 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\windows\SWSC.exe
2015-05-16 11:14 - 2000-08-31 02:00 - 00098816 _____ () C:\windows\sed.exe
2015-05-16 11:14 - 2000-08-31 02:00 - 00080412 _____ () C:\windows\grep.exe
2015-05-16 11:14 - 2000-08-31 02:00 - 00068096 _____ () C:\windows\zip.exe
RemoveDirectory: C:\Qoobox
DeleteQuarantine:

Uruchom FRST i kliknij Fix. Skasuj folder C:\FRST

Usuń stare punkty przywracania: Aby usunąć wszystkie punkty przywracania

Dysk przeskanuj Malwarebytes Anti-Malware

Podczas instalacji usuń zaznaczenie przy Uruchom okres testowy Malwarebytes Anti-Malware Premium.

http://wstaw.org/m/2014/03/25/2014-03-25_123039.png

Język PL > Settings > General Settings > Language > Polish

Przeczytaj w jaki sposób należy instalować programy: KLIK - KLIK - KLIK - KLIK

Odinstaluj:

Adobe Flash Player 17 NPAPI

Adobe Reader 9.0.1

Zainstaluj:

Flash Player 17.0.0.188 NPAPI

Adobe Reader XI 11.0.11


(Michuh99) #9

Już wszystko zrobiłem. Co dalej?


(Atis) #10

W takim razie to już wszystko.