Powered by strong signal - prośba o pomoc w usunięciu

[Aga_ta]

Cześć
uprzejmie proszę o pomoc w usunięciu wirusa powered by strong signal. Załączam pliki raporty.

Pozdrowienia,
Agata

[ordynat]

Log z FRST nieaktualny - potem był użyty Adw-Cleaner.

1) Odinstaluj niepotrzebny do niczego Akamai NetSession Interface

2) Otwórz Notatnik i wklej w nim:

CHR Extension: (Strong Signal) - C:\Users\Agata\AppData\Local\Google\Chrome\User Data\Default\Extensions\effkaaadaanlallgfoamhaoceddephbo [2015-07-26]
S2 Update Mgr StrongSignal; "C:\Program Files (x86)\Common Files\0780f478-67ce-4ec3-98db-39a65f4618ce\updater.exe" [X]
HKU\S-1-5-21-908152944-1551753808-552664026-1000\...\Run: [fsm] => [X]
Reg: reg delete "HKU\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes" /f
Reg: reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes" /f
Reg: reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes" /f
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://isearch.omiga-plus.com/?type=hppp&ts=1421132648&from=cor&uid=ST9320423AS_5VJ5XF8D
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://isearch.omiga-plus.com/?type=hppp&ts=1421132648&from=cor&uid=ST9320423AS_5VJ5XF8D
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://isearch.omiga-plus.com/?type=hppp&ts=1421132648&from=cor&uid=ST9320423AS_5VJ5XF8D
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://isearch.omiga-plus.com/?type=hppp&ts=1421132648&from=cor&uid=ST9320423AS_5VJ5XF8D
HKU\S-1-5-21-908152944-1551753808-552664026-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://isearch.omiga-plus.com/?type=hppp&ts=1421132648&from=cor&uid=ST9320423AS_5VJ5XF8D
HKU\S-1-5-21-908152944-1551753808-552664026-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://isearch.omiga-plus.com/?type=hppp&ts=1421132648&from=cor&uid=ST9320423AS_5VJ5XF8D
SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://isearch.omiga-plus.com/web/?type=dspp&ts=1421132648&from=cor&uid=ST9320423AS_5VJ5XF8D&q={searchTerms}
SearchScopes: HKLM-x32 -> {EEE6C360-6118-11DC-9C72-001320C79847} URL = http://search.sweetim.com/search.asp?src=6&q={searchTerms}
SearchScopes: HKU\S-1-5-21-908152944-1551753808-552664026-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://do-search.com/web/?utm_source=b&utm_medium=&utm_campaign=install_ie&utm_content=ds&from=&uid=ST500DM002-1BC142_W2A27G6AXXXXW2A27G6A&ts=1420373293&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-908152944-1551753808-552664026-1000 -> {02819504-6EF2-41CA-8FFA-8C52E232561E} URL = http://do-search.com/web/?utm_source=b&utm_medium=&utm_campaign=install_ie&utm_content=ds&from=&uid=ST500DM002-1BC142_W2A27G6AXXXXW2A27G6A&ts=1420373293&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-908152944-1551753808-552664026-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://do-search.com/web/?utm_source=b&utm_medium=&utm_campaign=install_ie&utm_content=ds&from=&uid=ST500DM002-1BC142_W2A27G6AXXXXW2A27G6A&ts=1420373293&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-908152944-1551753808-552664026-1000 -> {1F096B29-E9DA-4D64-8D63-936BE7762CC5} URL = http://do-search.com/web/?utm_source=b&utm_medium=&utm_campaign=install_ie&utm_content=ds&from=&uid=ST500DM002-1BC142_W2A27G6AXXXXW2A27G6A&ts=1420373293&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-908152944-1551753808-552664026-1000 -> {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = http://do-search.com/web/?utm_source=b&utm_medium=&utm_campaign=install_ie&utm_content=ds&from=&uid=ST500DM002-1BC142_W2A27G6AXXXXW2A27G6A&ts=1420373293&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-908152944-1551753808-552664026-1000 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://do-search.com/web/?utm_source=b&utm_medium=&utm_campaign=install_ie&utm_content=ds&from=&uid=ST500DM002-1BC142_W2A27G6AXXXXW2A27G6A&ts=1420373293&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-908152944-1551753808-552664026-1000 -> {67A496B1-4623-40ED-AC5A-6D1D9FD64D69} URL = http://do-search.com/web/?utm_source=b&utm_medium=&utm_campaign=install_ie&utm_content=ds&from=&uid=ST500DM002-1BC142_W2A27G6AXXXXW2A27G6A&ts=1420373293&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-908152944-1551753808-552664026-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://do-search.com/web/?utm_source=b&utm_medium=&utm_campaign=install_ie&utm_content=ds&from=&uid=ST500DM002-1BC142_W2A27G6AXXXXW2A27G6A&ts=1420373293&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-908152944-1551753808-552664026-1000 -> {75931373-5B88-4763-8683-861B34869399} URL = http://do-search.com/web/?utm_source=b&utm_medium=&utm_campaign=install_ie&utm_content=ds&from=&uid=ST500DM002-1BC142_W2A27G6AXXXXW2A27G6A&ts=1420373293&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-908152944-1551753808-552664026-1000 -> {7D40A5AB-AC1B-478C-9DE9-D4C2C5F59FEB} URL = http://do-search.com/web/?utm_source=b&utm_medium=&utm_campaign=install_ie&utm_content=ds&from=&uid=ST500DM002-1BC142_W2A27G6AXXXXW2A27G6A&ts=1420373293&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-908152944-1551753808-552664026-1000 -> {AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8} URL = http://do-search.com/web/?utm_source=b&utm_medium=&utm_campaign=install_ie&utm_content=ds&from=&uid=ST500DM002-1BC142_W2A27G6AXXXXW2A27G6A&ts=1420373293&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-908152944-1551753808-552664026-1000 -> {E733165D-CBCF-4FDA-883E-ADEF965B476C} URL = http://do-search.com/web/?utm_source=b&utm_medium=&utm_campaign=install_ie&utm_content=ds&from=&uid=ST500DM002-1BC142_W2A27G6AXXXXW2A27G6A&ts=1420373293&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-908152944-1551753808-552664026-1000 -> {EEE6C360-6118-11DC-9C72-001320C79847} URL = http://do-search.com/web/?utm_source=b&utm_medium=&utm_campaign=install_ie&utm_content=ds&from=&uid=ST500DM002-1BC142_W2A27G6AXXXXW2A27G6A&ts=1420373293&type=default&q={searchTerms}
FF NewTab: hxxp://www.v9.com?type=hp&ts=1435593740&from=mych123&uid=st9320423as_5vj5xf8d&z=011df748af8081670e01bb4g2zccaw6w5tdcem8z2g
FF DefaultSearchUrl: hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3282495&CUI=UN23170995134421631&UM=1&SearchSource=3&q={searchTerms}
FF SearchEngineOrder.1: Search the web
FF SelectedSearchEngine: delta-homes
FF SearchPlugin: C:\Users\Agata\AppData\Roaming\Mozilla\Firefox\Profiles\tt8p9upb.default\searchplugins\delta.xml [2013-07-15]
CHR HKLM-x32\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - No Path Or update_url value
R2 iSafeService; C:\Program Files (x86)\Elex-tech\YAC\iSafeSvc.exe
S3 iSafeKrnlBoot; system32\DRIVERS\iSafeKrnlBoot.sys [X]
C:\Windows\system32\Drivers\iSafeNetFilter.sys
C:\ProgramData\0780f478-67ce-4ec3-98db-39a65f4618ce
C:\Users\Agata\AppData\Local\Temp*.html
EmptyTemp:

Plik zapisz pod nazwą fixlist.txt i umieść obok FRST.exe
Uruchom FRST i kliknij przycisk Fix.


----------------------
Jeśli będzie OK, to będziemy kończyć:
Otwórz Notatnik i wklej w nim:

DeleteQuarantine:

Plik zapisz pod nazwą fixlist.txt i umieść obok FRST. Uruchom FRST i kliknij w Fix.
przez SHIFT+DEL usuń pozostały folder C:\FRST.

W Adw-Cleaner kliknij na przycisk Odinstaluj (UNINSTALL).

.
=================

Jeśli natomiast problem nie zniknie, to przeinstalujesz przeglądarkę, na której to jeszcze będzie.
.