Omiga-plus i Search Protect - jak usunąc

Dla specjalistów Bezpieczeństwo
#1

Witam,

Mam problem z programem omiga-plus. Nie mogę go osunąć z poziomu panelu sterowania. Jest także program Search Protect, ale go nie widzę w liście programów, ale się znajduje na komputerze i działa. Proszę o pomoc

#2

Pobierz Farbar Recovery Scan Tool http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/ zgodny z wersją systemu 32-bit lub 64-bit.

#3

FRST: http://wklej.org/id/1627808/

#4

Odinstaluj Adobe Reader 9.3.Otwórz notatnik systemowy i wklej:

Task: {427DAE8F-857B-4886-B171-4E3E920EA95A} - System32\Tasks\{76767156-1B76-455C-ADDB-8C16D966DAF8} = pcalua.exe -a C:\Users\JOOALOVSKY\AppData\Roaming\omiga-plus\UninstallManager.exe -c -ptid=cor ==== ATTENTION
Task: {DEF42DD4-9D02-414C-969B-ED21CED290DE} - System32\Tasks\{92CA6E7B-EA69-46DA-9A6F-3034BF552182} = pcalua.exe -a C:\Users\JOOALOVSKY\AppData\Roaming\mystartsearch\UninstallManager.exe -c -ptid=smt
HKLM\...\Run: [RtHDVCpl] = C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13307496 2011-10-17] (Realtek Semiconductor)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [35760 2009-12-22] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] = C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [GrooveMonitor] = C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-26] (Microsoft Corporation)
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://isearch.omiga-plus.com/?type=hpppts=1422907267from=coruid=WDCXWD5000AAJS-00YFA0_WD-WCAS8557276472764
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://isearch.omiga-plus.com/?type=hpppts=1422907267from=coruid=WDCXWD5000AAJS-00YFA0_WD-WCAS8557276472764
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://isearch.omiga-plus.com/web/?type=dsts=1422907212from=coruid=WDCXWD5000AAJS-00YFA0_WD-WCAS8557276472764q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://isearch.omiga-plus.com/web/?type=dsts=1422907212from=coruid=WDCXWD5000AAJS-00YFA0_WD-WCAS8557276472764q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://isearch.omiga-plus.com/?type=hpppts=1422907267from=coruid=WDCXWD5000AAJS-00YFA0_WD-WCAS8557276472764
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://isearch.omiga-plus.com/?type=hpppts=1422907267from=coruid=WDCXWD5000AAJS-00YFA0_WD-WCAS8557276472764
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://isearch.omiga-plus.com/web/?type=dsts=1422907212from=coruid=WDCXWD5000AAJS-00YFA0_WD-WCAS8557276472764q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://isearch.omiga-plus.com/web/?type=dsts=1422907212from=coruid=WDCXWD5000AAJS-00YFA0_WD-WCAS8557276472764q={searchTerms}
HKU\S-1-5-21-2594325440-3845664021-2313394457-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://isearch.omiga-plus.com/web/?type=dsppts=1422907267from=coruid=WDCXWD5000AAJS-00YFA0_WD-WCAS8557276472764q={searchTerms}
HKU\S-1-5-21-2594325440-3845664021-2313394457-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://isearch.omiga-plus.com/?type=hpppts=1422907267from=coruid=WDCXWD5000AAJS-00YFA0_WD-WCAS8557276472764
HKU\S-1-5-21-2594325440-3845664021-2313394457-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://isearch.omiga-plus.com/?type=hpppts=1422907267from=coruid=WDCXWD5000AAJS-00YFA0_WD-WCAS8557276472764
HKU\S-1-5-21-2594325440-3845664021-2313394457-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://isearch.omiga-plus.com/web/?type=dsppts=1422907267from=coruid=WDCXWD5000AAJS-00YFA0_WD-WCAS8557276472764q={searchTerms}
SearchScopes: HKU\.DEFAULT - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2594325440-3845664021-2313394457-1000 - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://isearch.omiga-plus.com/web/?type=dsppts=1422907267from=coruid=WDCXWD5000AAJS-00YFA0_WD-WCAS8557276472764q={searchTerms}
SearchScopes: HKU\S-1-5-21-2594325440-3845664021-2313394457-1000 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://isearch.omiga-plus.com/web/?utm_source=butm_medium=corutm_campaign=install_ieutm_content=dsfrom=coruid=WDCXWD5000AAJS-00YFA0_WD-WCAS8557276472764ts=1422907303type=defaultq={searchTerms}
SearchScopes: HKU\S-1-5-21-2594325440-3845664021-2313394457-1000 - {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = http://isearch.omiga-plus.com/web/?utm_source=butm_medium=corutm_campaign=install_ieutm_content=dsfrom=coruid=WDCXWD5000AAJS-00YFA0_WD-WCAS8557276472764ts=1422907303type=defaultq={searchTerms}
SearchScopes: HKU\S-1-5-21-2594325440-3845664021-2313394457-1000 - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://isearch.omiga-plus.com/web/?type=dsppts=1422907267from=coruid=WDCXWD5000AAJS-00YFA0_WD-WCAS8557276472764q={searchTerms}
SearchScopes: HKU\S-1-5-21-2594325440-3845664021-2313394457-1000 - {E733165D-CBCF-4FDA-883E-ADEF965B476C} URL = http://isearch.omiga-plus.com/web/?utm_source=butm_medium=corutm_campaign=install_ieutm_content=dsfrom=coruid=WDCXWD5000AAJS-00YFA0_WD-WCAS8557276472764ts=1422907303type=defaultq={searchTerms}
BHO-x32: IETabPage Class - {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} - C:\Program Files (x86)\XTab\SupTab.dll (Thinknice Co. Limited)
CHR StartupUrls: Default - "hxxp://www.google.com/", "hxxp://isearch.omiga-plus.com/?type=hpts=1422907212from=coruid=WDCXWD5000AAJS-00YFA0_WD-WCAS8557276472764", "hxxp://isearch.omiga-plus.com/?type=hpppts=1422907267from=coruid=WDCXWD5000AAJS-00YFA0_WD-WCAS8557276472764"
R2 IHProtect Service; C:\Program Files (x86)\XTab\ProtectService.exe [158896 2015-01-16] (XTab system)
R2 MaintainerSvc2.14.9041534; C:\ProgramData\aea8cc93-2213-47cf-a265-0391e3461dbb\maintainer.exe [123632 2015-02-07] ()
R2 WindowsMangerProtect; C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe [464384 2015-02-02] (SysTool PasSame LIMITED) [File not signed]
R1 {624928ef-5dfa-4c3f-a4d8-7dddec6d32f0}Gw64; C:\Windows\System32\drivers\{624928ef-5dfa-4c3f-a4d8-7dddec6d32f0}Gw64.sys [48784 2015-02-02] (StdLib)
S3 gdrv; \\C:\Windows\gdrv.sys [X]
S4 nvvad_WaveExtensible; system32\drivers\nvvad64v.sys [X]
2015-02-02 21:16 - 2015-02-02 21:16 - 00003172 _____ () C:\Windows\System32\Tasks\{76767156-1B76-455C-ADDB-8C16D966DAF8}
2015-02-02 21:05 - 2015-02-02 05:52 - 00048784 _____ (StdLib) C:\Windows\system32\Drivers\{624928ef-5dfa-4c3f-a4d8-7dddec6d32f0}Gw64.sys
2015-02-02 21:02 - 2015-02-02 21:02 - 00000000 ____ D () C:\ProgramData\IHProtectUpDate
2015-02-02 21:01 - 2015-02-02 21:02 - 00000000 ____ D () C:\Program Files (x86)\XTab
2015-02-02 21:01 - 2015-02-02 21:01 - 00000000 ____ D () C:\ProgramData\WindowsMangerProtect
2015-02-02 21:00 - 2015-02-02 21:16 - 00000000 ____ D () C:\Users\JOOALOVSKY\AppData\Roaming\omiga-plus
EmptyTemp:

Plik zapisz pod nazwą fixlist.txt i umieść obok FRST w tym samym folderze.

#5

Dzięki, omiga i search protect zniknely ale teraz mam jakies round world  :-x  :-x  :-x

#6

Skasuj folder C:\FRST