Strong Signal - proszę o pomoc!


(Eryka B) #1

Witam!

Na moim laptopie zagnieździł się Strong Signal. Próbowałam go usunąć różnymi sposobami, min. systemowo, ale oczywiście reklamy dalej atakują mój komputer. Proszę o pomoc w jego usunięciu i "łopatologiczne" wytłumaczenie krok po kroku co zrobić, aby pozbyć się tego diabelstwa. Przepraszam za ewentualne błędy z mojej strony, ale w tym temacie jestem laikiem i zupełnie nie wiem jak się do tego zabrać. 

 

Addition.txt

FRST.txt

Shortcut.txt


(Acorus) #2

Otwórz notatnik systemowy i wklej:

Task: {750E76C2-81F0-4AB3-B66E-32011DDEA637} - System32\Tasks\avaxvbxvgx = C:\Users\Eryka\AppData\Local\avaxvbxvgx\avaxvbxvgx.exe ==== ATTENTION
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
AppInit_DLLs-x32: C:\PROGRA~2\SEARCH~1\SEARCH~1\bin\VC32LO~1.DLL = "C:\PROGRA~2\SEARCH~1\SEARCH~1\bin\VC32LO~1.DLL" File Not Found
Startup: C:\Users\Eryka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OptimizerPro.lnk [2015-02-18]
ShortcutTarget: OptimizerPro.lnk - C:\ProgramData\{bd7ca0b3-f91a-c888-bd7c-ca0b3f9182cf}\OptimizerPro.exe (PC Utilities Software Limited)
GroupPolicy: Group Policy on Chrome detected ======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction ======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.sweet-page.com/web/?type=dsts=1424174043from=coruid=TOSHIBAXMQ01ABF050_Y422CEU0TXXY422CEU0Tq={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.sweet-page.com/web/?type=dsts=1424174043from=coruid=TOSHIBAXMQ01ABF050_Y422CEU0TXXY422CEU0Tq={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.sweet-page.com/web/?type=dsts=1424174043from=coruid=TOSHIBAXMQ01ABF050_Y422CEU0TXXY422CEU0Tq={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.sweet-page.com/web/?type=dsts=1424174043from=coruid=TOSHIBAXMQ01ABF050_Y422CEU0TXXY422CEU0Tq={searchTerms}
HKU\S-1-5-21-989478054-3963611319-3182935033-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://de.yhs4.search.yahoo.com/yhs/web?hspart=iryhsimp=yhs-fullyhosted_003type=wny_ir_15_13param1=1param2=f%3D1%26b%3DIE%26cc%3Dde%26pa%3DWinYahoo%26cd%3D2XzuyEtN2Y1L1Qzu0A0C0ByDyB0DyC0FyDzyzzyCzz0FzyzztN0D0Tzu0StCtCyByBtN1L2XzutAtFzytFyEtFtCtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2SyE0DzyyDzz0DzytCtGtA0A0FyDtGyBtD0A0FtGyB0CtB0DtGyDzz0AyDyC0D0B0F0E0B0AtA2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0CtA0A0BtC0CtDyDtG0AtCtAtDtGyE0CtB0BtGzy0DzytBtGyEzz0AyCtDyEtD0FyCtB0CyE2QtN0A0LzuyE%26cr%3D449019128%26a%3Dwny_ir_15_13%26os%3DWindows 8.1 Connected
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {8CDE19E6-71C2-4B46-89B7-35F6A18C571A} URL =
SearchScopes: HKLM-x32 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-989478054-3963611319-3182935033-1001 - DefaultScope {C183AFC4-D757-4E63-996A-815E59E7A6D4} URL = http://www.bing.com/search?PC=WCUGFORM=WCUGDFq={searchTerms}
SearchScopes: HKU\S-1-5-21-989478054-3963611319-3182935033-1001 - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://de.yhs4.search.yahoo.com/yhs/search?hspart=iryhsimp=yhs-fullyhosted_003type=wny_ir_15_13param1=1param2=f%3D4%26b%3DIE%26cc%3Dde%26pa%3DWinYahoo%26cd%3D2XzuyEtN2Y1L1Qzu0A0C0ByDyB0DyC0FyDzyzzyCzz0FzyzztN0D0Tzu0StCtCyByBtN1L2XzutAtFzytFyEtFtCtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2SyE0DzyyDzz0DzytCtGtA0A0FyDtGyBtD0A0FtGyB0CtB0DtGyDzz0AyDyC0D0B0F0E0B0AtA2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0CtA0A0BtC0CtDyDtG0AtCtAtDtGyE0CtB0BtGzy0DzytBtGyEzz0AyCtDyEtD0FyCtB0CyE2QtN0A0LzuyE%26cr%3D449019128%26a%3Dwny_ir_15_13%26os%3DWindows 8.1 Connectedp={searchTerms}
SearchScopes: HKU\S-1-5-21-989478054-3963611319-3182935033-1001 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.sweet-page.com/web/?utm_source=butm_medium=corutm_campaign=install_ieutm_content=dsfrom=coruid=TOSHIBAXMQ01ABF050_Y422CEU0TXXY422CEU0Tts=1424174096type=defaultq={searchTerms}
SearchScopes: HKU\S-1-5-21-989478054-3963611319-3182935033-1001 - {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = http://www.sweet-page.com/web/?utm_source=butm_medium=corutm_campaign=install_ieutm_content=dsfrom=coruid=TOSHIBAXMQ01ABF050_Y422CEU0TXXY422CEU0Tts=1424174096type=defaultq={searchTerms}
SearchScopes: HKU\S-1-5-21-989478054-3963611319-3182935033-1001 - {8CDE19E6-71C2-4B46-89B7-35F6A18C571A} URL = http://www.trovi.com/Results.aspx?gd=ctid=CT3330189octid=EB_ORIGINAL_CTIDISID=M043BAD27-342C-465A-AA58-2E4E37167C21SearchSource=58CUI=UM=8UP=SP88772477-95FB-4452-A946-8FAA89AF92D0q={searchTerms}SSPV=
SearchScopes: HKU\S-1-5-21-989478054-3963611319-3182935033-1001 - {C183AFC4-D757-4E63-996A-815E59E7A6D4} URL = http://www.bing.com/search?PC=WCUGFORM=WCUGDFq={searchTerms}
SearchScopes: HKU\S-1-5-21-989478054-3963611319-3182935033-1001 - {E733165D-CBCF-4FDA-883E-ADEF965B476C} URL = http://www.sweet-page.com/web/?utm_source=butm_medium=corutm_campaign=install_ieutm_content=dsfrom=coruid=TOSHIBAXMQ01ABF050_Y422CEU0TXXY422CEU0Tts=1424174096type=defaultq={searchTerms}
BHO-x32: No Name - {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} - No File
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
OPR Extension: (Strong Signal) - C:\Users\Eryka\AppData\Roaming\Opera Software\Opera Stable\Extensions\ibkenfpakmbdmlalmhgcpdbeennobfho [2015-05-02]
S4 IHProtect Service; C:\Program Files (x86)\XTab\ProtectService.exe [158896 2015-01-16] (XTab system)
S1 pfnfd_1_10_0_11; system32\drivers\pfnfd_1_10_0_11.sys [X]
S1 pfnfd_1_10_0_9; system32\drivers\pfnfd_1_10_0_9.sys [X]
2015-05-02 02:23 - 2015-05-02 02:23 - 00000000 ____ D () C:\WINDOWS\%LOCALAPPDATA%
2015-05-02 01:16 - 2015-05-02 01:31 - 00000000 ____ D () C:\AdwCleaner
2015-05-02 00:52 - 2015-05-02 00:52 - 00000000 _____ () C:\autoexec.bat
2015-05-02 00:51 - 2015-05-02 00:51 - 00000000 ____ D () C:\Program Files\Enigma Software Group
2015-05-02 00:50 - 2015-05-02 02:03 - 00000000 ____ D () C:\WINDOWS\ACF5FE1B377240688B872D2A6EFD0A05.TMP
EmptyTemp:

Plik zapisz pod nazwą fixlist.txt i umieść obok FRST w tym samym folderze.


(Eryka B) #3

Wykonałem te czynności, jednakże program pisze mi że nie może znaleźć tego pliku tekstowego. próbowałem jeszcze usunąć to Malwarebytes Anti-Malware, ale to też nie skończyło się powodzeniem. proszę o dalsze porady.


(Atis) #4

Usuń szkodliwe rozszerzenie Strong Signal.

W pasek adresu wpisz: opera:extensions

Przecież komunikat wyjaśnia, że Fixlist i FRST należy zapisać w tym samym folderze.

FRST zapisałeś w folderze: C:\Users\Eryka\Desktop\Downloads