Witam
Mam problem z wirusem/robakiem Strong Signal. Objawia się to reklamami w przeglądarkach, natrętnym wyskakiwaniem yahoo i ogólnym zamuleniem komputera.
Próbowałem usuwać to domowymi sposobami ale bez skutku.
Wklejki z FRST:
Addition: http://www.wklej.org/id/1704436/
Shortcut: http://www.wklej.org/id/1704437/
FRST: http://www.wklej.org/id/1704438/
Atis
(Atis)
#2
Usuń szkodliwe rozszerzenia w przeglądarce Firefox i Operze w pasek adresu wpisz: opera:extensions
Wklej do systemowego notatnika i zapisz jako plik tekstowy o nazwie fixlist :
CloseProcesses:
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
ShellIconOverlayIdentifiers: [SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File
ShellIconOverlayIdentifiers: [SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File
ShellIconOverlayIdentifiers: [SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File
ShellIconOverlayIdentifiers-x32: [SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File
ShellIconOverlayIdentifiers-x32: [SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File
ShellIconOverlayIdentifiers-x32: [SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://q.search-simple.com/?affID=bl_48696074-6a41-4b53-86a0-7e795c846cf5
HKU\S-1-5-21-2643334295-1950182277-2930636355-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://q.search-simple.com/?affID=bl_48696074-6a41-4b53-86a0-7e795c846cf5
HKU\S-1-5-21-2643334295-1950182277-2930636355-1002\Software\Microsoft\Internet Explorer\Main,Start Page = http://q.search-simple.com/?affID=bl_48696074-6a41-4b53-86a0-7e795c846cf5
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://q.search-simple.com/?affID=bl_48696074-6a41-4b53-86a0-7e795c846cf5&q={searchTerms}
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://q.search-simple.com/?affID=bl_48696074-6a41-4b53-86a0-7e795c846cf5&q={searchTerms}
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://q.search-simple.com/?affID=bl_48696074-6a41-4b53-86a0-7e795c846cf5&q={searchTerms}
SearchScopes: HKLM -> {8CDE19E6-71C2-4B46-89B7-35F6A18C571A} URL = http://q.search-simple.com/?affID=bl_48696074-6a41-4b53-86a0-7e795c846cf5&q={searchTerms}
SearchScopes: HKLM-x32 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = https://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2643334295-1950182277-2930636355-1002 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://q.search-simple.com/?affID=bl_48696074-6a41-4b53-86a0-7e795c846cf5&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2643334295-1950182277-2930636355-1002 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://q.search-simple.com/?affID=bl_48696074-6a41-4b53-86a0-7e795c846cf5&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2643334295-1950182277-2930636355-1002 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://q.search-simple.com/?affID=bl_48696074-6a41-4b53-86a0-7e795c846cf5&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2643334295-1950182277-2930636355-1002 -> {8CDE19E6-71C2-4B46-89B7-35F6A18C571A} URL = http://q.search-simple.com/?affID=bl_48696074-6a41-4b53-86a0-7e795c846cf5&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2643334295-1950182277-2930636355-1002 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = http://q.search-simple.com/?affID=bl_48696074-6a41-4b53-86a0-7e795c846cf5&q={searchTerms}
FF NewTab: hxxp://search.yahoo.com/?fr=hp-ddc-bd-tab&type=bg_616_bl-is-19 __alt__ ddc_dsssyctab_bd_com
FF SelectedSearchEngine: Yahoo! Search
FF Extension: Strong Signal - C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\haltoi0v.default\Extensions\{a79c3626-182f-4a17-8a9b-c339fc78f352}.xpi [2015-05-05]
OPR StartupUrls: "hxxp://search.yahoo.com/?fr=hp-ddc-bd&type=bg_616_bl-is-19 __alt__ ddc_dsssyc_bd_com"
OPR Extension: (Strong Signal) - C:\Users\Asus\AppData\Roaming\Opera Software\Opera Stable\Extensions\fhenmccifbacmpkimjenglmplcpiehke [2015-05-05]
U4 AvastVBoxSvc; "C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe" [X]
R2 Service Mgr StrongSignal; C:\ProgramData\0780f478-67ce-4ec3-98db-39a65f4618ce\PluginContainer.exe [556304 2015-05-05] ()
R2 Update Mgr StrongSignal; C:\Program Files (x86)\Common Files\0780f478-67ce-4ec3-98db-39a65f4618ce\Updater.exe [478992 2015-05-05] ()
U4 VBoxAswDrv; \??\C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [X]
C:\ProgramData\0780f478-67ce-4ec3-98db-39a65f4618ce
C:\Program Files (x86)\Common Files\0780f478-67ce-4ec3-98db-39a65f4618ce
42015-05-05 22:26 - 2015-05-05 22:42 - 00000000 ____ D () C:\AdwCleaner
2015-04-15 13:42 - 2013-05-01 13:18 - 00000000 ____ D () C:\ProgramData\McAfee
Task: {B16E1C62-912F-4DE5-A2FB-0ACC698BC434} - System32\Tasks\{7A3E0681-076B-40FA-983B-0DC9CA2BA6CD} => pcalua.exe -a C:\Users\Asus\AppData\Roaming\key-find\UninstallManager.exe -c -ptid=cor
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
EmptyTemp:
Uruchom FRST i kliknij Fix. Pokaż raport z usuwania Fixlog.
Kliknij Scan i pokaż nowy raport z FRST bez Addition i Shortcut.
Atis
(Atis)
#4
Wklej do systemowego notatnika i zapisz jako plik tekstowy o nazwie fixlist :
HKU\S-1-5-21-2643334295-1950182277-2930636355-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://q.search-simple.com/?affID=bl_48696074-6a41-4b53-86a0-7e795c846cf5
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
FF DefaultSearchEngine: Yahoo! Search
FF Homepage: hxxp://search.yahoo.com/?fr=hp-ddc-bd&type=bg_616_bl-is-19 __alt__ ddc_dsssyc_bd_com
FF Keyword.URL: hxxp://search.yahoo.com/yhs/search?hspart=ddc&hsimp=yhs-ddc_bd&type=bg_616_bl-is-19 __alt__ ddc_dss_bd_com&p={searchTerms}
FF Extension: Strong Signal - C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\haltoi0v.default\Extensions\{cf2e72d6-ff45-4f2e-8c1a-e2f060b90cec}.xpi [2015-05-06]
U4 VBoxAswDrv; \??\C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [X]
2015-05-05 23:50 - 2015-05-05 23:50 - 00000000 ____ D () C:\Program Files (x86)\Strong Signal
2015-05-05 22:26 - 2015-05-05 22:42 - 00000000 ____ D () C:\AdwCleaner
DeleteQuarantine:
Uruchom FRST i kliknij Fix. Skasuj folder C:\FRST
Usuń stare punkty przywracania: Przywracanie systemu i kopie w tle
Dysk przeskanuj Malwarebytes Anti-Malware
Podczas instalacji usuń zaznaczenie przy Uruchom okres testowy Malwarebytes Anti-Malware Premium.
http://wstaw.org/m/2014/03/25/2014-03-25_123039.png
Język PL > Settings > General Settings > Language > Polish
Przeczytaj w jaki sposób należy instalować programy: KLIK - KLIK - KLIK - KLIK