Strong signal ads - proszę o pomoc

[martakow]

Cześć,

Dzisiaj rano zaczął się mój problem z Strong signal ads - wszędzie reklamy i co chwile przekierowanie na strony z reklamami. Bardzo proszę o pomoc. W załączeniu logi.

Marta

Addition.txt

FRST.txt

Shortcut.txt

[Rucek]

Sprobuj jeszcze zrobic log GMER. Tutaj masz instrukcje: https://www.fixitpc.pl/topic/60-diagnostyka-infekcje-typu-rootkit/?do=findComment&comment=318

[picasso]

1. Przez Panel sterowania odinstaluj adware Strong Signal oraz instalacę sponsorowaną McAfee Security Scan Plus.

 

2. Otwórz Notatnik i wklej w nim:

 

CloseProcesses:
CreateRestorePoint:
R2 IHProtect Service; C:\Program Files (x86)\XTab\ProtectService.exe [158896 2015-01-16] (XTab system)
R2 Service Mgr StrongSignal; C:\ProgramData\0780f478-67ce-4ec3-98db-39a65f4618ce\plugincontainer.exe [581368 2015-03-05] ()
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://isearch.omiga-plus.com/?type=hppp&ts=1422911826&from=cor&uid=TOSHIBAXMQ01ABF050_942RCBE7TXX942RCBE7T
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://isearch.omiga-plus.com/web/?type=ds&ts=1422911775&from=cor&uid=TOSHIBAXMQ01ABF050_942RCBE7TXX942RCBE7T&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://isearch.omiga-plus.com/web/?type=ds&ts=1422911775&from=cor&uid=TOSHIBAXMQ01ABF050_942RCBE7TXX942RCBE7T&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://isearch.omiga-plus.com/?type=hppp&ts=1422911826&from=cor&uid=TOSHIBAXMQ01ABF050_942RCBE7TXX942RCBE7T
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://isearch.omiga-plus.com/?type=hppp&ts=1422911826&from=cor&uid=TOSHIBAXMQ01ABF050_942RCBE7TXX942RCBE7T
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://isearch.omiga-plus.com/web/?type=ds&ts=1422911775&from=cor&uid=TOSHIBAXMQ01ABF050_942RCBE7TXX942RCBE7T&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://isearch.omiga-plus.com/web/?type=ds&ts=1422911775&from=cor&uid=TOSHIBAXMQ01ABF050_942RCBE7TXX942RCBE7T&q={searchTerms}
HKU\S-1-5-21-2067980254-2302860552-500229903-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://isearch.omiga-plus.com/?type=hppp&ts=1422911826&from=cor&uid=TOSHIBAXMQ01ABF050_942RCBE7TXX942RCBE7T
HKU\S-1-5-21-2067980254-2302860552-500229903-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://isearch.omiga-plus.com/?type=hppp&ts=1422911826&from=cor&uid=TOSHIBAXMQ01ABF050_942RCBE7TXX942RCBE7T
HKU\S-1-5-21-2067980254-2302860552-500229903-1001\Software\Microsoft\Internet Explorer\Main,Search Page = http://isearch.omiga-plus.com/web/?type=dspp&ts=1422911826&from=cor&uid=TOSHIBAXMQ01ABF050_942RCBE7TXX942RCBE7T&q={searchTerms}
HKU\S-1-5-21-2067980254-2302860552-500229903-1001\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://isearch.omiga-plus.com/web/?type=dspp&ts=1422911826&from=cor&uid=TOSHIBAXMQ01ABF050_942RCBE7TXX942RCBE7T&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2067980254-2302860552-500229903-1001 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://isearch.omiga-plus.com/web/?type=dspp&ts=1422911826&from=cor&uid=TOSHIBAXMQ01ABF050_942RCBE7TXX942RCBE7T&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2067980254-2302860552-500229903-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://isearch.omiga-plus.com/web/?utm_source=b&utm_medium=cor&utm_campaign=install_ie&utm_content=ds&from=cor&uid=TOSHIBAXMQ01ABF050_942RCBE7TXX942RCBE7T&ts=1422911841&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2067980254-2302860552-500229903-1001 -> {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = http://isearch.omiga-plus.com/web/?utm_source=b&utm_medium=cor&utm_campaign=install_ie&utm_content=ds&from=cor&uid=TOSHIBAXMQ01ABF050_942RCBE7TXX942RCBE7T&ts=1422911841&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2067980254-2302860552-500229903-1001 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://isearch.omiga-plus.com/web/?type=dspp&ts=1422911826&from=cor&uid=TOSHIBAXMQ01ABF050_942RCBE7TXX942RCBE7T&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2067980254-2302860552-500229903-1001 -> {A702B04C-0985-4BCC-96CD-9BB033E7C7BF} URL = http://isearch.omiga-plus.com/web/?utm_source=b&utm_medium=cor&utm_campaign=install_ie&utm_content=ds&from=cor&uid=TOSHIBAXMQ01ABF050_942RCBE7TXX942RCBE7T&ts=1422911841&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2067980254-2302860552-500229903-1001 -> {E733165D-CBCF-4FDA-883E-ADEF965B476C} URL = http://isearch.omiga-plus.com/web/?utm_source=b&utm_medium=cor&utm_campaign=install_ie&utm_content=ds&from=cor&uid=TOSHIBAXMQ01ABF050_942RCBE7TXX942RCBE7T&ts=1422911841&type=default&q={searchTerms}
BHO-x32: IETabPage Class -> {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} -> C:\Program Files (x86)\XTab\SupTab.dll (Thinknice Co. Limited)
FF HKLM-x32\...\Firefox\Extensions: [fftoolbar2014@etech.com] - C:\Users\Martaa\AppData\Roaming\Mozilla\Firefox\Profiles\k4czelmd.default\extensions\fftoolbar2014@etech.com
C:\Program Files\AVAST Software
C:\Program Files (x86)\XTab
C:\Program Files (x86)\Common Files\0780f478-67ce-4ec3-98db-39a65f4618ce
C:\ProgramData\0780f478-67ce-4ec3-98db-39a65f4618ce
C:\ProgramData\AVAST Software
Reg: reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\mountpoints2 /f
CMD: sc config "Internet Manager. RunOuc" start= disabled
EmptyTemp:

 

Adnotacja dla innych czytających: skrypt unikatowy - dopasowany tylko i wyłącznie pod ten system, proszę nie stosować na swoich systemach.

 

Plik zapisz pod nazwą fixlist.txt i umieść obok narzędzia FRST. Uruchom FRST i kliknij w Fix. Czekaj cierpliwie, nie przerywaj działania. Gdy Fix ukończy pracę, system zostanie zresetowany. W tym samym katalogu skąd uruchamiano FRST powstanie plik fixlog.txt.

 

3. Wyczyść Firefox z adware: menu Pomoc > Informacje dla pomocy technicznej > Zresetuj / Odśwież program Firefox. Zakładki i hasła nie zostaną naruszone.

 

4. Zrób nowy log FRST z opcji Scan (bez Addition i Shortcut). Dołącz też plik fixlog.txt.