execson
(Mojsteam17)
3 Luty 2015 19:37
#1
Witam,
instalujac jakis program, zainstalowalo mi sie takze omiga plus(z tego co czytam jest to wirus). Czy ktos wie jak to badziewie usunąć? Ta omiga włącza sie na wszystkich przegladarkach u mnie.
załączam skany
ADDITION: http://www.wklej.org/id/1622749/
SHORTCUT: http://www.wklej.org/id/1622751/
i dodatkowo skan
OTL: http://www.wklej.org/id/1622762/
Extras: http://www.wklej.org/id/1622768/
Atis
(Atis)
3 Luty 2015 21:11
#2
W panelu sterowania odinstaluj SpyHunter 4.
Pobierz i uruchom AdwCleaner Kliknij Szukaj i później Usuń.
Kliknij Scan i pokaż nowy raport z FRST bez Addition.
execson
(Mojsteam17)
3 Luty 2015 21:24
#3
Wlasnie w panelu sterowania nie da sie juz odinstalowac SpyHuntera 4
http://www.wklej.org/id/1622985/ oto log po czyszczeniu adwcleanerem
Atis
(Atis)
3 Luty 2015 23:17
#4
Wklej do systemowego notatnika i zapisz jako plik tekstowy o nazwie fixlist :
CloseProcesses:
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
CHR HomePage: Default -> hxxp://isearch.omiga-plus.com/?type=hppp&ts=1422983487&from=cor&uid=WDCXWD6400AAKS-00A7B2_WD-WCASY715817858178
CHR StartupUrls: Default -> "hxxp://isearch.omiga-plus.com/?type=hppp&ts=1422983487&from=cor&uid=WDCXWD6400AAKS-00A7B2_WD-WCASY715817858178"
CHR DefaultSearchKeyword: Default -> omiga-plus
R2 SpyHunter 4 Service; C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe [770944 2015-02-03] (Enigma Software Group USA, LLC.)
R3 esgiguard; C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [16432 2015-02-03] (Enigma Software Group USA, LLC.)
S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [19984 2015-02-03] ()
S3 dgderdrv; System32\drivers\dgderdrv.sys [X]
2015-02-03 21:36 - 2015-02-03 21:40 - 00000000 ____ D () C:\AdwCleaner
2015-02-03 19:09 - 2015-02-03 19:09 - 00000000 ____ D () C:\Users\Paweł\AppData\Roaming\Enigma Software Group
2015-02-03 19:08 - 2015-02-03 19:08 - 00019984 _____ () C:\Windows\system32\Drivers\EsgScanner.sys
2015-02-03 19:08 - 2015-02-03 19:08 - 00001244 _____ () C:\Users\Paweł\Desktop\SpyHunter.lnk
2015-02-03 19:08 - 2015-02-03 19:08 - 00000000 ____ D () C:\sh4ldr
2015-02-03 19:08 - 2015-02-03 19:08 - 00000000 ____ D () C:\Program Files\Enigma Software Group
2015-02-03 19:07 - 2015-02-03 19:07 - 03044736 _____ (Enigma Software Group USA, LLC.) C:\Users\Paweł\Downloads\sh-remover.exe
2015-02-03 18:09 - 2015-02-03 18:09 - 00728784 _____ (Web ) C:\Users\Paweł\Downloads\Bullzip-PDF-Printer(12736)-dp.exe
Task: {0FFFEAAF-A23E-4F68-AC61-CB6A7E7BA8B8} - System32\Tasks\{6860A872-AAB8-4628-A7D1-3A101E9F7FCB} => Firefox.exe http://ui.skype.com/ui/0/6.21.59.104/pl/go/help.faq.installer?LastError=1603
Task: {1C920680-EE35-49D8-A426-B07DBBA9C900} - System32\Tasks\{C654455D-37C8-4C00-8CF1-627C3E1D4885} => Firefox.exe http://ui.skype.com/ui/0/6.21.59.104/pl/go/help.faq.installer?LastError=1603
Task: {2F618B29-560D-40C2-B9A1-5FC3B3ED71ED} - System32\Tasks\{3EA8D68B-E9AE-4EC4-A026-C356312155A4} => Firefox.exe http://ui.skype.com/ui/0/6.22.81.105/pl/go/help.faq.installer?source=lightinstaller&LastError=1603
Task: {91908078-CD1D-458C-B5BC-FC0288D7F8D8} - System32\Tasks\SpyHunter4Startup => C:\Program Files\Enigma Software Group\SpyHunter\Spyhunter4.exe [2015-02-03] (Enigma Software Group USA, LLC.)
Task: {9CE0BEC2-3688-485B-B152-C1E7E58C35DD} - System32\Tasks\{A1FE747B-185B-4263-A722-AC26CFC41E71} => Firefox.exe http://ui.skype.com/ui/0/6.21.59.104/pl/go/help.faq.installer?LastError=1603
Task: {A595373D-8FF9-426E-B6E2-80B6312894B0} - System32\Tasks\{A054BB4B-DA14-4B45-BA68-65219796B756} => Firefox.exe http://ui.skype.com/ui/0/6.21.59.104/pl/go/help.faq.installer?LastError=1603
Task: {FD30B0F9-5F87-4DC8-94AF-869B6A42F889} - System32\Tasks\{D13194D4-8551-49EB-A6D8-36044F1B781B} => pcalua.exe -a "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" -c /uninstall ENTERPRISE /dll OSETUP.DLL
EmptyTemp:
Uruchom FRST i kliknij Fix. Pokaż raport z usuwania Fixlog.
Kliknij Scan i pokaż nowy raport z FRST bez Addition.