Witam
Pobierz Farbar Recovery Scan Tool http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/ zgodny z wersją systemu 32-bit lub 64-bit.
Uruchom FRST i kliknij Scan. Pokaż raport FRST i Addition.
Otwórz Notatnik i wklej:
Task: {D7EA2076-3CCD-45DA-9A9F-50BD75DADC15} - System32\Tasks\SO_Booster-S-845708974 = c:\programdata\anyappsnow\so_booster\SO_Booster.exe ==== ATTENTION
Task: C:\Windows\Tasks\SO_Booster-S-845708974.job = c:\programdata\anyappsnow\so_booster\SO_Booster.exe ==== ATTENTION
GroupPolicy: Group Policy on Chrome detected ======= ATTENTION
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://isearch.omiga-plus.com/?type=hpts=1403653144from=vttuid=ADATAXSX300_2D1120010397
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://isearch.omiga-plus.com/?type=hpts=1403653144from=vttuid=ADATAXSX300_2D1120010397
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://isearch.omiga-plus.com/web/?type=dsts=1403653144from=vttuid=ADATAXSX300_2D1120010397q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://isearch.omiga-plus.com/web/?type=dsts=1403653144from=vttuid=ADATAXSX300_2D1120010397q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://isearch.omiga-plus.com/web/?type=dsts=1403653144from=vttuid=ADATAXSX300_2D1120010397q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://isearch.omiga-plus.com/web/?type=dsts=1403653144from=vttuid=ADATAXSX300_2D1120010397q={searchTerms}
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://isearch.omiga-plus.com/web/?type=dsts=1403653144from=vttuid=ADATAXSX300_2D1120010397q={searchTerms}
SearchScopes: HKLM - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://isearch.omiga-plus.com/web/?type=dsts=1403653144from=vttuid=ADATAXSX300_2D1120010397q={searchTerms}
SearchScopes: HKLM-x32 - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://isearch.omiga-plus.com/web/?type=dsts=1403653144from=vttuid=ADATAXSX300_2D1120010397q={searchTerms}
SearchScopes: HKLM-x32 - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://isearch.omiga-plus.com/web/?type=dsts=1403653144from=vttuid=ADATAXSX300_2D1120010397q={searchTerms}
SearchScopes: HKCU - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://isearch.omiga-plus.com/web/?type=dsts=1403653144from=vttuid=ADATAXSX300_2D1120010397q={searchTerms}
SearchScopes: HKCU - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://isearch.omiga-plus.com/web/?type=dsts=1403653144from=vttuid=ADATAXSX300_2D1120010397q={searchTerms}
CHR DefaultSearchKeyword: omiga-plus
CHR DefaultSearchProvider: omiga-plus
CHR DefaultSearchURL: http://isearch.omiga-plus.com/web/?type=dsts=1403653144from=vttuid=ADATAXSX300_2D1120010397q={searchTerms}
CHR Extension: (soave on) - C:\Users\Pan Kalafior\AppData\Local\Google\Chrome\User Data\Default\Extensions\hncipkhobepmkgadhkbfhhfdncaggfjl [2014-06-24]
CHR Extension: (soave on) - C:\Users\Pan Kalafior\AppData\Local\Google\Chrome\User Data\Default\Extensions\hncipkhobepmkgadhkbfhhfdncaggfjl\2.14 [2014-06-24]
CHR StartMenuInternet: Google Chrome - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe http://isearch.omiga-plus.com/?type=scts=1403653144from=vttuid=ADATAXSX300_2D1120010397
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction ======= ATTENTION
2014-06-24 20:33 - 2014-06-30 08:24 - 00000462 ____ H () C:\Windows\Tasks\SO_Booster-S-845708974.job
2014-06-24 20:33 - 2014-06-25 02:01 - 00000000 ____ D () C:\Program Files (x86)\SO_Booster
2014-06-24 20:33 - 2014-06-24 20:34 - 00000000 ____ D () C:\ProgramData\AnyAppSnow
2014-06-24 20:33 - 2014-06-24 20:33 - 00002708 _____ () C:\Windows\System32\Tasks\SO_Booster-S-845708974
2014-06-24 20:33 - 2014-06-24 20:33 - 00000000 ____ D () C:\Users\Pan Kalafior\AppData\Roaming\SendSpace
2014-06-24 20:33 - 2014-06-24 20:33 - 00000000 ____ D () C:\ProgramData\Package Cache
2014-06-24 20:32 - 2014-06-25 01:56 - 00000000 ____ D () C:\ProgramData\Save ooN
2014-06-24 20:32 - 2014-06-25 01:56 - 00000000 ____ D () C:\Program Files (x86)\Adblocker
2014-06-24 20:32 - 2014-06-25 01:43 - 00000000 ____ D () C:\ProgramData\b3ee90feaf6d9c6c
2014-06-24 20:32 - 2014-06-25 01:43 - 00000000 ____ D () C:\Program Files (x86)\Save ooN
2014-06-24 20:32 - 2014-06-24 20:32 - 00000000 ____ D () C:\Users\Pan Kalafior\AppData\Local\Torch
2014-06-24 20:32 - 2014-06-24 20:32 - 00000000 ____ D () C:\Users\Pan Kalafior\AppData\Local\Packages
2014-06-24 20:32 - 2014-06-24 20:32 - 00000000 ____ D () C:\Users\Pan Kalafior\AppData\Local\Comodo
2014-06-24 20:32 - 2014-06-24 20:32 - 00000000 ____ D () C:\Users\Pan Kalafior\AppData\Local\Chromatic Browser
2014-06-24 20:32 - 2014-06-24 20:32 - 00000000 ____ D () C:\Users\Gość\AppData\Local\Torch
2014-06-24 20:32 - 2014-06-24 20:32 - 00000000 ____ D () C:\Users\Gość\AppData\Local\Google
2014-06-24 20:32 - 2014-06-24 20:32 - 00000000 ____ D () C:\Users\Gość\AppData\Local\Comodo
2014-06-24 20:32 - 2014-06-24 20:32 - 00000000 ____ D () C:\Users\Gość\AppData\Local\Chromatic Browser
2014-06-24 20:32 - 2014-06-24 20:32 - 00000000 ____ D () C:\Users\Administrator\AppData\Local\Torch
2014-06-24 20:32 - 2014-06-24 20:32 - 00000000 ____ D () C:\Users\Administrator\AppData\Local\Google
2014-06-24 20:32 - 2014-06-24 20:32 - 00000000 ____ D () C:\Users\Administrator\AppData\Local\Comodo
2014-06-24 20:32 - 2014-06-24 20:32 - 00000000 ____ D () C:\Users\Administrator\AppData\Local\Chromatic Browser
2014-06-24 20:32 - 2014-06-24 20:32 - 00000000 ____ D () C:\ProgramData\Adblocker
2014-06-24 20:31 - 2014-06-24 20:34 - 00000000 ____ D () C:\ProgramData\InstallMate
C:\Users\Pan Kalafior\AppData\Local\Temp\*.exe
C:\Users\Pan Kalafior\AppData\Local\Temp\bitool.dll
Plik zapisz pod nazwą fixlist.txt i umieść obok FRST w tym samym folderze.
Skasuj folder C:\FRST
Użyj http://www.bleepingcomputer.com/download/tfc/ (uruchom TFC i kliknij Start).
Dla pewności daję jeszcze logi z OTL’a i FRST.
OTL: http://wklej.org/id/1405945/
FRST: http://wklej.org/id/1405948/
Addition: http://wklej.org/id/1405949/
A po co?