Strong Signal proszę o pomoc w usunięciu

Dla specjalistów Bezpieczeństwo
#1

Witam, potrzebuje pomocy w usunięciu tego dziadostwa! Nie daje już rady :frowning:

 

Additional:

http://wklej.org/hash/35617a4b04d/

 

FRST:

http://wklej.org/hash/0418b3e7b8a/

 

Pozdrawiam i dziękuje za pomoc!

 

#2

Odinstaluj McAfee Security Scan Plus,SpyHunter 4.Otwórz notatnik systemowy i wklej:

Task: {B1D16C3B-0799-404A-AEC8-7F2165F4A750} - System32\Tasks\Norton Security Scan for start = C:\Program Files (x86)\Norton Security Scan\Engine\3.5.2.10\Nss.exe [2011-09-01] (Symantec Corporation)
Task: {E3F1EA63-84A0-400A-8E77-48D429692AA5} - System32\Tasks\{DEDFD3C4-9A11-46FF-9E07-A3DEB37DBF2E} = Iexplore.exe http://ui.skype.com/ui/0/5.8.0.158/pl/abandoninstall?page=tsProgressBar
Task: C:\Windows\Tasks\Norton Security Scan for start.job = C:\PROGRA~2\NORTON~2\Engine\352~1.10\Nss.exe
HKLM-x32\...\Run: [] = [X]
HKLM-x32\...\Run: [WinampAgent] = C:\Program Files (x86)\Winamp\winampa.exe [74752 2012-06-28] (Nullsoft, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk - C:\Program Files (x86)\McAfee Security Scan\3.0.285\SSScheduler.exe (McAfee, Inc.)
ProxyEnable: [.DEFAULT] = Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] = http=127.0.0.1:50350;https=127.0.0.1:50350;
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://speedial.com/?f=1a=spd_ir_14_23_iecd=2XzuyEtN2Y1L1Qzuzzzz0A0EtC0D0AyEtBtCtBzytDtDyByEtN0D0Tzu0SzzzzzztN1L2XzutBtFtBtDtFtCzytFtDtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyByCyEtDyE0FyE0BtG0A0DtCtCtGyB0F0B0CtG0EyCzzyBtGtA0D0A0AyC0EtCtBtAtAyDtA2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyC0AtBzzyCyD0DtDtGyEtA0A0BtG0ByBtD0CtG0ByD0B0BtGtA0AtC0AyBzz0CyBzyyCtD0D2Qcr=362215736ir=
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
BHO-x32: No Name - {4accc990-3dc7-4456-a734-5cb4b610a7f5} - No File
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
Toolbar: HKLM-x32 - No Name - {a0b1221c-a3ff-4f7c-a393-dc63af5301e9} - No File
Toolbar: HKU\S-1-5-21-2153526913-811808129-971832331-1000 - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Toolbar: HKU\S-1-5-21-2153526913-811808129-971832331-1000 - No Name - {A0B1221C-A3FF-4F7C-A393-DC63AF5301E9} - No File
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
FF Extension: Strong Signal - C:\Users\start\AppData\Roaming\Mozilla\Firefox\Profiles\y4tv76va.default\Extensions\{f318d533-127c-4630-af87-2d2b706e5282}.xpi [2015-03-26]
CHR HomePage: Default - hxxp://binkiland.com/?f=1a=bnk_ir_15_08cd=2XzuyEtN2Y1L1Qzuzzzz0A0EtC0D0AyEtBtCtBzytDtDyByEtN0D0Tzu0StCtCyEtBtN1L2XzutAtFyBtFyBtFzytN1L1CzutCyEtBzytDyD1V1BtAtN1L1G1B1V1N2Y1L1Qzu2StBtAtD0ByBtBtDtBtGyByEtB0CtGzz0D0D0EtGtBtA0FyEtGtCyEzzyEtD0CyCzzyEzzyB0B2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyCyCtBtA0EzztDyEtGyEtAyCtBtGyE0C0B0BtGzy0DzyyEtGtAzy0B0A0CtAyBtCyEtAzztA2Qcr=1721617385ir=
CHR StartupUrls: Default - "hxxp://binkiland.com/?f=7a=bnk_ir_15_08cd=2XzuyEtN2Y1L1Qzuzzzz0A0EtC0D0AyEtBtCtBzytDtDyByEtN0D0Tzu0StCtCyEtBtN1L2XzutAtFyBtFyBtFzytN1L1CzutCyEtBzytDyD1V1BtAtN1L1G1B1V1N2Y1L1Qzu2StBtAtD0ByBtBtDtBtGyByEtB0CtGzz0D0D0EtGtBtA0FyEtGtCyEzzyEtD0CyCzzyEzzyB0B2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyCyCtBtA0EzztDyEtGyEtAyCtBtGyE0C0B0BtGzy0DzyyEtGtAzy0B0A0CtAyBtCyEtAzztA2Qcr=1721617385ir=","hxxp://www.gazeta.pl/0,0.html?p=154"
CHR Extension: (Strong Signal) - C:\Users\start\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndgafedgphnfegpdleilandjadhkecpl [2015-02-17]
S3 McComponentHostService; C:\Program Files (x86)\McAfee Security Scan\3.0.285\McCHSvc.exe [234776 2012-09-05] (McAfee, Inc.)
2015-03-30 11:05 - 2015-03-30 11:05 - 00000000 ____ D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
2015-03-30 11:05 - 2015-03-30 11:05 - 00000000 ____ D () C:\ProgramData\McAfee Security Scan
2015-03-30 11:05 - 2015-03-30 11:05 - 00000000 ____ D () C:\Program Files (x86)\McAfee Security Scan
EmptyTemp:

Plik zapisz pod nazwą fixlist.txt i umieść obok FRST w tym samym folderze.

#3

DZIĘKUJE BARDZO!

Jeszcze raz dzięki!!

#4

Skasuj folder C:\FRST