Strong signal ads - proszę o pomoc!

**Posty:** 3 · przez **paulua** 07 Maj 2015, 01:15

Witam, od jakiegoś czasu męczę się z tym wirusem i nie za bardzo wiem jak mam sobie poradzić z tym problemem. Próbowałam tradycyjnie odinstalować ten program, ale to nie poskutkowało.W załączniku zamieszczam logi. Bardzo proszę o pomoc i o możliwie jak najprościej wyjaśnione wskazówki, co dalej zrobić z tym fantem..

Pozdrawiam.

**Posty:** 4765 · przez **ordynat** 07 Maj 2015, 08:04

Otwórz Notatnik i wklej w nim:

BHO-x32: Strong Signal -> {c723a437-2eaf-466d-a95b-3fa0966bf88c} -> C:\Program Files (x86)\Strong Signal\Extensions\c723a437-2eaf-466d-a95b-3fa0966bf88c.dll No File
C:\Program Files (x86)\Strong Signal\
R2 IHProtect Service; C:\Program Files (x86)\XTab\ProtectService.exe [158896 2015-01-16] (XTab system)
(XTab system) C:\Program Files (x86)\XTab\ProtectService.exe
C:\Program Files (x86)\XTab
Startup: C:\Users\Paula\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OptimizerPro.lnk
ShortcutTarget: OptimizerPro.lnk -> C:\ProgramData\{96a3f940-d8d2-aa07-96a3-3f940d8de503}\OptimizerPro.exe (No File)
C:\ProgramData\{96a3f940-d8d2-aa07-96a3-3f940d8de503}
C:\Users\Paula\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OptimizerPro.lnk
Reg: reg delete "HKU\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes" /f
Reg: reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes" /f
Reg: reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes" /f
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
Task: C:\Windows\Tasks\0215piUpdateInfo.job => C:\ProgramData\Avg_Update_0215pi\0215pi_AVG-Secure-Search-Update.exe
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.key-find.com/web/?type=ds&ts=1424874936&from=cor&uid=WDCXWD5000LPVX-80V0TT0_WD-WX21A542119921199&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://q.search-simple.com/?affID=bl_78556862-b628-475a-8393-921aabc04f7f
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.key-find.com/web/?type=ds&ts=1424874936&from=cor&uid=WDCXWD5000LPVX-80V0TT0_WD-WX21A542119921199&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.key-find.com/web/?type=ds&ts=1424874936&from=cor&uid=WDCXWD5000LPVX-80V0TT0_WD-WX21A542119921199&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.key-find.com/web/?type=ds&ts=1424874936&from=cor&uid=WDCXWD5000LPVX-80V0TT0_WD-WX21A542119921199&q={searchTerms}
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://q.search-simple.com/?affID=bl_78556862-b628-475a-8393-921aabc04f7f&q={searchTerms}
SearchScopes: HKLM - OldSearch URL = http://www.key-find.com/web/?type=ds&ts=1424874936&from=cor&uid=WDCXWD5000LPVX-80V0TT0_WD-WX21A542119921199&q={searchTerms}
SearchScopes: HKLM - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://q.search-simple.com/?affID=bl_78556862-b628-475a-8393-921aabc04f7f&q={searchTerms}
SearchScopes: HKLM-x32 - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.key-find.com/web/?type=ds&ts=1424874936&from=cor&uid=WDCXWD5000LPVX-80V0TT0_WD-WX21A542119921199&q={searchTerms}
SearchScopes: HKLM-x32 - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.key-find.com/web/?type=ds&ts=1424874936&from=cor&uid=WDCXWD5000LPVX-80V0TT0_WD-WX21A542119921199&q={searchTerms}
SearchScopes: HKCU - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://q.search-simple.com/?affID=bl_78556862-b628-475a-8393-921aabc04f7f&q={searchTerms}
SearchScopes: HKCU - OldSearch URL =
SearchScopes: HKCU - {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = http://www.key-find.com/web/?utm_source=b&utm_medium=cor&utm_campaign=install_ie&utm_content=ds&from=cor&uid=WDCXWD5000LPVX-80V0TT0_WD-WX21A542119921199&ts=1424874975&type=default&q={searchTerms}
SearchScopes: HKCU - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://q.search-simple.com/?affID=bl_78556862-b628-475a-8393-921aabc04f7f&q={searchTerms}
SearchScopes: HKCU - {E733165D-CBCF-4FDA-883E-ADEF965B476C} URL = http://www.key-find.com/web/?utm_source=b&utm_medium=cor&utm_campaign=install_ie&utm_content=ds&from=cor&uid=WDCXWD5000LPVX-80V0TT0_WD-WX21A542119921199&ts=1424874975&type=default&q={searchTerms}
BHO-x32: IETabPage Class -> {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} -> C:\Program Files (x86)\XTab\SupTab.dll (Thinknice Co. Limited)
CHR NewTab: "chrome-extension://maclndggppollanelcmjolohcoinhjbm/index.html"
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
S1 pfnfd_1_10_0_9; system32\drivers\pfnfd_1_10_0_9.sys [X]
C:\Program Files\Enigma Software Group
C:\Users\Paula\Downloads\SpyHunter-Installer (1).exe
C:\Users\Paula\Downloads\SpyHunter-installer.exe
C:\ProgramData\{96a3f940-d8d2-aa07-96a3-3f940d8de503}
C:\Program Files (x86)\Optimizer Pro 3.38
C:\ProgramData\SetStretch.exe
C:\ProgramData\SetStretch.VBS
EmptyTemp:

Plik zapisz pod nazwą fixlist.txt i umieść obok FRST.exe
Uruchom FRST i kliknij przycisk Fix.

----------------------
Jeśli będzie OK, to będziemy kończyć:
Otwórz Notatnik i wklej w nim:

DeleteQuarantine:

Plik zapisz pod nazwą fixlist.txt i umieść obok FRST. Uruchom FRST i kliknij w Fix.
przez SHIFT+DEL usuń pozostały folder C:\FRST.
.

**Posty:** 3 · przez **paulua** 07 Maj 2015, 09:29

Niestety, pomimo robienia wszystkiego zgodnie ze wskazówkami, reklamy nadal pojawiają się w przeglądarce Opery..

Dodano Dzisiaj, 09:57:
Załączam nowy log.

**Posty:** 4765 · przez **ordynat** 07 Maj 2015, 14:09

Otwórz Notatnik i wklej w nim:

=======
OPR StartupUrls: "hxxp://search.yahoo.com/?fr=hp-ddc-bd&type=bg_616_bl-is-18__alt__ddc_dsssyc_bd_com"
OPR Extension: (Strong Signal) - C:\Users\Paula\AppData\Roaming\Opera Software\Opera Stable\Extensions\pdidplnlbafiijjfbomlfokdppebnhpc [2015-05-01]
C:\Users\Paula\AppData\Roaming\Opera Software\Opera Stable\Extensions\pdidplnlbafiijjfbomlfokdppebnhpc
SearchScopes: HKU\S-1-5-21-1746235690-2842419000-195742272-1001 -> {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = http://www.key-find.com/web/?utm_source=b&utm_medium=cor&utm_campaign=install_ie&utm_content=ds&from=cor&uid=WDCXWD5000LPVX-80V0TT0_WD-WX21A542119921199&ts=1424874975&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1746235690-2842419000-195742272-1001 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://q.search-simple.com/?affID=bl_78556862-b628-475a-8393-921aabc04f7f&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1746235690-2842419000-195742272-1001 -> {E733165D-CBCF-4FDA-883E-ADEF965B476C} URL = http://www.key-find.com/web/?utm_source=b&utm_medium=cor&utm_campaign=install_ie&utm_content=ds&from=cor&uid=WDCXWD5000LPVX-80V0TT0_WD-WX21A542119921199&ts=1424874975&type=default&q={searchTerms}
SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://q.search-simple.com/?affID=bl_78556862-b628-475a-8393-921aabc04f7f&q={searchTerms}
SearchScopes: HKLM -> OldSearch URL = http://www.key-find.com/web/?type=ds&ts=1424874936&from=cor&uid=WDCXWD5000LPVX-80V0TT0_WD-WX21A542119921199&q={searchTerms}
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://q.search-simple.com/?affID=bl_78556862-b628-475a-8393-921aabc04f7f&q={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.key-find.com/web/?type=ds&ts=1424874936&from=cor&uid=WDCXWD5000LPVX-80V0TT0_WD-WX21A542119921199&q={searchTerms}
SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.key-find.com/web/?type=ds&ts=1424874936&from=cor&uid=WDCXWD5000LPVX-80V0TT0_WD-WX21A542119921199&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1746235690-2842419000-195742272-1001 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://q.search-simple.com/?affID=bl_78556862-b628-475a-8393-921aabc04f7f&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1746235690-2842419000-195742272-1001 -> OldSearch URL =
CHR RestoreOnStartup: Default -> "hxxp://search.yahoo.com/?fr=hp-ddc-bd&type=bg_616_bl-is-17__alt__ddc_dsssyc_bd_com"
CHR StartupUrls: Default -> "hxxp://search.yahoo.com/?fr=hp-ddc-bd&type=bg_616_bl-is-17__alt__ddc_dsssyc_bd_com"
CHR DefaultSearchKeyword: Default -> yahoo.com
CHR DefaultNewTabURL: Default -> http://search.yahoo.com/?fr=hp-ddc-bd-tab&type=bg_616_bl-is-17__alt__ddc_dsssyctab_bd_com
EmptyTemp:

Plik zapisz pod nazwą fixlist.txt i umieść obok FRST.exe
Uruchom FRST i kliknij przycisk Fix.
Powstanie plik fixlog.txt.
Daj ten log.

Zrób nowe logi FRST.
.

**Posty:** 3 · przez **paulua** 07 Maj 2015, 16:52

Udało się, tym razem reklamy już się nie pojawiają. Bardzo dziękuję za pomoc!

**Posty:** 4765 · przez **ordynat** 07 Maj 2015, 19:35

Możemy kończyć:
Otwórz Notatnik i wklej w nim:

DeleteQuarantine:

Plik zapisz pod nazwą fixlist.txt i umieść obok FRST. Uruchom FRST i kliknij w Fix.
przez SHIFT+DEL usuń pozostały folder C:\FRST.
.