Witam serdecznie,
Proszę o pomoc jak mogę pozbyć się omiga plus z mojego google chrome, oraz jak na przyszłość mogę zabezpieczyć swój komputer przed podobnymi infekcjami.
Pozdrawiam Marcin
Pobierz Farbar Recovery Scan Tool http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/ zgodny z wersją systemu 32-bit lub 64-bit.
FRST
ADDITION
cZEGO MOGĘ UŻYWAC BY ZAPOBIEC PROBLEMOM W PRZYSZŁOŚCI?
Odinstaluj omiga-plus uninstall,SpyHunter,WinCheck.Otwórz notatnik systemowy i wklej:
Task: {46D91266-42B6-48B3-9803-4E80C1BAE9CE} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-42408890-943492679-4135173530-1002Core = C:\Users\Danuta\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-09-08] (Facebook Inc.)
Task: {A1EEB292-7106-407F-8E4F-4D2296890CAA} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-42408890-943492679-4135173530-1002UA = C:\Users\Danuta\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-09-08] (Facebook Inc.)
Task: {F7C8FFAB-F82A-4744-BB18-B261CE3932AB} - System32\Tasks\HZUZZTKE = C:\Users\Danuta\AppData\Roaming\HZUZZTKE.exe ==== ATTENTION
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-42408890-943492679-4135173530-1002Core.job = C:\Users\Danuta\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-42408890-943492679-4135173530-1002UA.job = C:\Users\Danuta\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\HZUZZTKE.job = C:\Users\Danuta\AppData\Roaming\HZUZZTKE.exe ==== ATTENTION
HKLM-x32\...\Run: [WinCheck] = C:\Users\Danuta\AppData\Local\wincheck\wincheck.exe
HKU\S-1-5-21-42408890-943492679-4135173530-1002\...\Run: [ViStart] = C:\Users\Danuta\AppData\Roaming\ViStart\ViStart.exe
HKU\S-1-5-21-42408890-943492679-4135173530-1002\...\Run: [Facebook Update] = C:\Users\Danuta\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2014-09-08] (Facebook Inc.)
HKU\S-1-5-21-42408890-943492679-4135173530-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [ViStart] = C:\Users\Danuta\AppData\Roaming\ViStart\ViStart.exe
HKU\S-1-5-21-42408890-943492679-4135173530-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Facebook Update] = C:\Users\Danuta\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2014-09-08] (Facebook Inc.)
HKU\S-1-5-21-42408890-943492679-4135173530-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\Run: [ViStart] = C:\Users\Danuta\AppData\Roaming\ViStart\ViStart.exe
HKU\S-1-5-21-42408890-943492679-4135173530-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\Run: [Facebook Update] = C:\Users\Danuta\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2014-09-08] (Facebook Inc.)
GroupPolicy: Group Policy on Chrome detected ======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction ======= ATTENTION
SearchScopes: HKLM - {C0AEEC99-925B-4758-86CC-779F7E340798} URL = http://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8tag=hp-uk3-vsb-21link%5Fcode=qsindex=apsfield-keywords={searchTerms}
SearchScopes: HKLM-x32 - {C0AEEC99-925B-4758-86CC-779F7E340798} URL = http://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8tag=hp-uk3-vsb-21link%5Fcode=qsindex=apsfield-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-42408890-943492679-4135173530-1002 - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
SearchScopes: HKU\S-1-5-21-42408890-943492679-4135173530-1002 - {C0AEEC99-925B-4758-86CC-779F7E340798} URL = http://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8tag=hp-uk3-vsb-21link%5Fcode=qsindex=apsfield-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-42408890-943492679-4135173530-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
SearchScopes: HKU\S-1-5-21-42408890-943492679-4135173530-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 - {C0AEEC99-925B-4758-86CC-779F7E340798} URL = http://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8tag=hp-uk3-vsb-21link%5Fcode=qsindex=apsfield-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-42408890-943492679-4135173530-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1 - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
SearchScopes: HKU\S-1-5-21-42408890-943492679-4135173530-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1 - {C0AEEC99-925B-4758-86CC-779F7E340798} URL = http://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8tag=hp-uk3-vsb-21link%5Fcode=qsindex=apsfield-keywords={searchTerms}
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
S2 fiwisoko; C:\Users\Danuta\AppData\Roaming\VOPackage\VOsrv.exe [X] ==== ATTENTION
U3 McAPExe; No ImagePath
U3 McMPFSvc; No ImagePath
U3 McNaiAnn; No ImagePath
U3 mcpltsvc; No ImagePath
U3 McProxy; No ImagePath
U3 mfecore; No ImagePath
U3 MSK80Service; No ImagePath
2015-02-05 13:15 - 2015-02-21 13:25 - 00001702 _____ () C:\Windows\Tasks\HZUZZTKE.job
2015-02-05 13:15 - 2015-02-05 14:08 - 00000000 ____ D () C:\Program Files (x86)\globalUpdate
2015-02-05 13:15 - 2015-02-05 14:08 - 00000000 ____ D () C:\Program Files (x86)\76141c0a-1d19-4ad3-bee8-4c7e7d3daea8
2015-02-05 13:15 - 2015-02-05 13:15 - 00004706 _____ () C:\Windows\System32\Tasks\HZUZZTKE
2015-02-05 13:15 - 2015-02-05 13:15 - 00000000 ____ D () C:\Users\Danuta\AppData\Local\globalUpdate
2015-01-25 17:12 - 2015-01-25 17:12 - 00001248 _____ () C:\Users\Danuta\AppData\Roaming\HZUZZTKE
EmptyTemp:
Plik zapisz pod nazwą fixlist.txt i umieść obok FRST w tym samym folderze.