Elektroda.pl
Elektroda.pl
X
CControls
Proszę, dodaj wyjątek www.elektroda.pl do Adblock.
Dzięki temu, że oglądasz reklamy, wspierasz portal i użytkowników.

Strong Signal wirus, logi FRST

Razaiel 24 Sie 2015 16:42 381 4
  • #1 24 Sie 2015 16:42
    Razaiel
    Poziom 9  

    Witam. Mam spory problem z wirusem (jak sądzę) Strong Signal, usunięcie go z pomocą googla do tej pory nie wyszło, załączam więc logi z FRST i zwracam się o pomoc do bardziej obeznanych informatycznie ludzi ode mnie. Za wszelką pomoc będę bardzo wdzięczny.

    Pozdrawiam.

    0 4
  • CControls
  • #2 24 Sie 2015 16:56
    Acorus 20
    Spec od komputerów

    Odinstaluj Elite Unzip, Mipony Download Manager Packages, Picexa, Update for Mipony Download Manager, Update for PriceFountain, UpdateChecker, WinZipper, YAC(Yet Another Cleaner!). Pobierz i uruchom jako administrator AdwCleaner https://toolslib.net/downloads/finish/1/ Kliknij Scan i później Cleaning.
    Pokaż nowe logi z FRST.

    0
  • CControls
  • Pomocny post
    #4 24 Sie 2015 17:59
    Acorus 20
    Spec od komputerów

    Otwórz notatnik systemowy i wklej:

    Cytat:
    Task: {4C72956F-0DF5-406C-883B-3F14314BDA52} - \AdobeFlashPlayerUpdate -> No File <==== ATTENTION
    Task: {C4AF82DB-8D2B-471F-9272-A9D75FA1BEDD} - System32\Tasks\{AB236AC7-3CC5-4DB3-9598-C1F7878EB367} => pcalua.exe -a "C:\Users\Jakub\AppData\Roaming\Mipony Download Manager Packages\uninstaller.exe" -c /Uninstall /NM="Mipony Download Manager Packages" /AN="" /MBN="Mipony Download Manager Packages"
    Task: {EE69EE7F-93BA-49B2-AD6D-AEB12E98052D} - \AdobeFlashPlayerUpdate 2 -> No File <==== ATTENTION
    HKLM-x32\...\Run: [LManager] => [X]
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2013-04-09]
    ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.149\SSScheduler.exe (McAfee, Inc.)
    GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
    URLSearchHook: HKU\S-1-5-21-1554937678-2620801960-4140214067-1002 - (No Name) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - No File
    SearchScopes: HKLM -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2448} URL = hxxp://dts.search.ask.com/sr?src=ieb&gct=...CH001&o=APN10648&apn_ptnrs=AGI&q={searchTerms}
    SearchScopes: HKLM-x32 -> DefaultScope {67C334C0-408D-4E6D-B5A7-0ADD6AFFA252} URL =
    SearchScopes: HKLM-x32 -> {67C334C0-408D-4E6D-B5A7-0ADD6AFFA252} URL =
    SearchScopes: HKLM-x32 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2448} URL =
    SearchScopes: HKU\S-1-5-21-1554937678-2620801960-4140214067-1002 -> DefaultScope {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL =
    SearchScopes: HKU\S-1-5-21-1554937678-2620801960-4140214067-1002 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://do-search.com/web/?utm_source=b&ut...G6A&ts=1420373293&type=default&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-1554937678-2620801960-4140214067-1002 -> {67C334C0-408D-4E6D-B5A7-0ADD6AFFA252} URL = hxxp://do-search.com/web/?utm_source=b&ut...G6A&ts=1420373293&type=default&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-1554937678-2620801960-4140214067-1002 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2448} URL = hxxp://do-search.com/web/?utm_source=b&ut...G6A&ts=1420373293&type=default&q={searchTerms}




    SearchScopes: HKU\S-1-5-21-1554937678-2620801960-4140214067-1002 -> {B6B738E6-C618-4C27-8046-AA6211535868} URL = hxxp://do-search.com/web/?utm_source=b&ut...G6A&ts=1420373293&type=default&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-1554937678-2620801960-4140214067-1002 -> {C6D93270-541F-404E-BDA4-A8EB09291CB8} URL = hxxp://do-search.com/web/?utm_source=b&ut...G6A&ts=1420373293&type=default&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-1554937678-2620801960-4140214067-1002 -> {E733165D-CBCF-4FDA-883E-ADEF965B476C} URL = hxxp://do-search.com/web/?utm_source=b&ut...G6A&ts=1420373293&type=default&q={searchTerms}
    BHO: SmileysWeLoveToolbar -> {E4EF8A64-0A30-48F5-B3FE-5FDA978DA775} -> C:\Program Files (x86)\Smileys We Love Toolbar for IE\adxloader64.dll No File
    BHO-x32: SmileysWeLoveToolbar -> {E4EF8A64-0A30-48F5-B3FE-5FDA978DA775} -> C:\Program Files (x86)\Smileys We Love Toolbar for IE\adxloader.dll No File
    Toolbar: HKLM - SmileysWeLove - {CF0F43AB-9C23-4D7B-8040-201B82844854} - C:\Program Files (x86)\Smileys We Love Toolbar for IE\adxloader64.dll No File
    Toolbar: HKLM-x32 - SmileysWeLove - {CF0F43AB-9C23-4D7B-8040-201B82844854} - C:\Program Files (x86)\Smileys We Love Toolbar for IE\adxloader.dll No File
    FF SelectedSearchEngine: Yahoo Search!
    FF Keyword.URL: hxxp://search.yahoo.com/yhs/search?hspart=ddc...mp;type=bl-bfr-is__alt__ddc_dss_bd_com&p={searchTerms}
    FF Extension: Strong Signal - C:\Users\Jakub\AppData\Roaming\Mozilla\Firefox\Profiles\gxjqxdjj.default-1436099154144\Extensions\{ebedbc7a-82fd-40eb-8e7f-dd258633e013}.xpi [2015-08-08]
    FF HKLM-x32\...\Firefox\Extensions: [arthurj8283@gmail.com] - C:\Users\Jakub\AppData\Roaming\Mozilla\Firefox\Profiles\gxjqxdjj.default-1436099154144\extensions\arthurj8283@gmail.com
    CHR Extension: (Strong Signal) - C:\Users\Jakub\AppData\Local\Google\Chrome\User Data\Default\Extensions\pimbeodheinjfgijbdifopkjoonifdap [2015-07-16]
    CHR HKLM-x32\...\Chrome\Extension: [nohfdhapjjlndfgjnmdlcabloeembdkj] - C:\Users\Jakub\AppData\Roaming\BabSolution\CR\delta2.crx <not found>
    OPR Extension: (Strong Signal) - C:\Users\Jakub\AppData\Roaming\Opera Software\Opera Stable\Extensions\pimbeodheinjfgijbdifopkjoonifdap [2015-07-16]
    S3 GamesAppService; "C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe" [X]
    2015-08-24 17:08 - 2015-08-24 17:17 - 00000000 ____D C:\AdwCleaner
    2015-08-24 17:05 - 2015-08-24 17:05 - 00003348 _____ C:\WINDOWS\System32\Tasks\{AB236AC7-3CC5-4DB3-9598-C1F7878EB367}
    EmptyTemp:


    Plik zapisz pod nazwą fixlist.txt i umieść obok FRST w tym samym folderze.
    Uruchom jako administrator FRST i kliknij w Fix.

    1
  • #5 25 Sie 2015 22:40
    Razaiel
    Poziom 9  

    Problem ustąpił, bardzo dziękuję za pomoc.

    Pozdrawiam.

    0