Strongsignal

[lwombat]

Witam, mam problem z reklamami generowanymi przez strongsignal, oto logi z frst:

FRST: http://wklej.to/5ET0e

Addition: http://wklej.to/Bbg48

ShortCut: http://wklej.to/xTrgQ

Niestety nie potrafie samodzielnie stworzyc pliku, ktory rozwiaze problem, z gory dziekuje za pomoc

[ordynat]

Strong Signal to "pikuś" w porównaniu do drugiej infekcji, która masz!

1) Wejdź w Tryb Awaryjny (F8 przed startem Systemu).

2) Otwórz Notatnik i wklej w nim:

C:\ProgramData\0780f478-67ce-4ec3-98db-39a65f4618ce\
C:\Program Files\Common Files\0780f478-67ce-4ec3-98db-39a65f4618ce
C:\Program Files\Strong Signal
Reg: reg delete "HKU\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes" /f
Reg: reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes" /f
Reg: reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes" /f
Task: C:\Windows\Tasks\OptimizerProUpdaterTask{91683BB5-86C7-4D49-9618-29E73A1DDC26}.job => C:\ProgramData\Premium\OptimizerPro\OptimizerPro.exeI/schedule /profilepath C:\ProgramData\Premium\OptimizerPro\profile.ini <==== ATTENTION
C:\ProgramData\Premium
Task: {B56A5AE9-FB93-45F4-941E-9F5EDF540DAC} - \AdobeFlashPlayerUpdate No Task File <==== ATTENTION
Task: {BFEBDBD4-31D9-4491-AC3D-976F687AEA38} - System32\Tasks\{6D19D885-F650-454F-AEA7-81894861193E} => pcalua.exe -a D:\Install.exe -d D:\
Task: {7D6292F3-7A26-4389-B1AD-AAF95D31FE5B} - \AdobeFlashPlayerUpdate 2 No Task File <==== ATTENTION
Task: {88A70494-CBC5-4180-88F7-62B9C38D59DE} - System32\Tasks\OptimizerProUpdaterTask{91683BB5-86C7-4D49-9618-29E73A1DDC26} => C:\ProgramData\Premium\OptimizerPro\OptimizerPro.exe <==== ATTENTION
Task: {57D26983-1DA0-400F-9C84-9FDA6F134C2F} - System32\Tasks\{4313296F-6089-408B-9CE9-7E1A192C400E} => pcalua.exe -a D:\setup.exe -d D:\
Task: {5EF6F625-C86E-45FE-87B2-BB663AD755B0} - System32\Tasks\{82E006AB-A7D5-4153-8D47-B3212F4B3BDF} => pcalua.exe -a "C:\Program Files\InstallShield Installation Information\{DF315348-721C-40B8-BAE2-58C6C7D935A2}\setup.exe" -d "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sierra\Empire Earth II"
Task: {3E398935-8CAB-4118-80B7-799E456C70AB} - System32\Tasks\{5E2C51D0-92E3-4A0B-91D6-411E6723E879} => pcalua.exe -a D:\CDSETUP.EXE -d D:\
Task: {45ABD616-F37E-4213-B134-A5E795C6796A} - System32\Tasks\{3A83CE64-A6C0-418E-A696-333C22B70C0E} => pcalua.exe -a "C:\Program Files\LG Electronics\LG Bluetooth Drivers\UninstallShld.exe" -d C:\Windows\system32 -c C:\Program Files\LG Electronics\LG Bluetooth Drivers
Task: {32F18EFD-9755-4347-B3ED-2364241CC899} - System32\Tasks\{1107F697-468A-4B14-B946-020670479D60} => pcalua.exe -a C:\Users\dd\AppData\Local\Temp\Setup.exe -d C:\Users\dd\AppData\Local\Temp
Task: {190A23D6-65DB-4570-BFB0-35EB29599D12} - System32\Tasks\{1C4B2F52-8656-4764-BE0F-7E1E6BA1738D} => pcalua.exe -a C:\Users\d\Downloads\Xming-6-9-0-31-setup.exe -d C:\Users\d\Downloads
Task: {150346AA-0C5E-486E-88B5-A52D09E785C4} - System32\Tasks\{2DE4DC89-7669-4F1E-BC27-914FAD2824F3} => pcalua.exe -a "C:\Users\Bartek\Desktop\Tibia 8.61 Hunted.pl.exe" -d C:\Users\Bartek\Desktop
C:\ProgramData\mszfvjiaj.exe
S1 AsrAppCharger; system32\DRIVERS\AsrAppCharger.sys [X]
S3 AsrCDDrv; \??\C:\Windows\system32\Drivers\AsrCDDrv.sys [X]
R4 KProcessHacker2; \??\C:\Program Files\kprocesshacker.sys [X]
S3 lgbusenum; system32\DRIVERS\lgbtbus.sys [X]
S1 lwnfd_1_10_0_13; system32\drivers\lwnfd_1_10_0_13.sys [X]
S3 BITCOMET_HELPER_SERVICE; C:\Program Files\BitComet\tools\BitCometService.exe -service [X]
S3 MozillaMaintenance; "C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe" [X]
S2 SmartViewService; C:\Program Files\DeviceVM\SmartView\SmartViewService.exe [X]
S3 Steam Client Service; C:\Program Files\Common Files\Steam\SteamService.exe /RunAsService [X]
R2 VSSS; C:\Users\dd\AppData\Roaming\Microsoft\SystemCertificates\VSSVC.exe [101536704 2015-06-23] (Microsoft Corporation) [File not signed] <==== ATTENTION
R2 Update Mgr StrongSignal; C:\Program Files\Common Files\0780f478-67ce-4ec3-98db-39a65f4618ce\updater.exe [575760 2015-07-07] ()
R2 Service Mgr StrongSignal; C:\ProgramData\0780f478-67ce-4ec3-98db-39a65f4618ce\PluginContainer.exe [656144 2015-07-07] ()
OPR Extension: (Strong Signal) - C:\Users\dd\AppData\Roaming\Opera Software\Opera Stable\Extensions\clhmhifndffacglmndkhjjmaifjincgh [2015-07-07]
CHR Extension: (Strong Signal) - C:\Users\dd\AppData\Local\Google\Chrome\User Data\Default\Extensions\clhmhifndffacglmndkhjjmaifjincgh [2015-07-07]
FF Plugin: @real.com/nprpjplug;version=15.0.1.13 -> C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll No File
FF Plugin: @real.com/nprjplug;version=15.0.1.13 -> C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll No File
BHO: No Name -> {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} -> No File
HKU\S-1-5-21-3066927965-3610304912-2332847512-1010\Software\Microsoft\Internet Explorer\Main,Start Page = http://q.search-simple.com/?affID=bl_bdda79ec-fe6a-4278-97f4-e5f92f93f340
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKU\S-1-5-21-3066927965-3610304912-2332847512-1012\...\CurrentVersion\Windows: [Load] C:\ProgramData\mszfvjiaj.exe <===== ATTENTION
C:\Users\dd\AppData\Roaming\Microsoft\SystemCertificates\VSSVC.exe
EmptyTemp:

Plik zapisz pod nazwą fixlist.txt i umieść obok FRST.exe
Uruchom FRST i kliknij przycisk Fix.
Powstanie plik fixlog.txt.
Daj ten log.

3) Zrób nowe logi z FRST.

4) Zrób log z Farbar Service Scanner >http://download.bleepingcomputer.com/farbar/FSS.exe (do skanowania zaznacz wszystko).

.