Omiga Plus - problem z usunięciem


(Zyga670) #1

Podczas instalacji programu Picassa zainstalował się program Omiga Plus dorzucająca do przeglądarek reklamy. Odinstalowałem wszystko z panelu sterowania jednak nic to nie pomogło.

 

Logi :

FRST - http://www.wklej.org/id/1597225/

Addition - http://wklej.org/id/1597226/

 

Proszę o pomoc z usunięciem problemu.


(Acorus) #2

Otwórz notatnik systemowy i wklej:

HKLM-x32\...\Run: [GrooveMonitor] = C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-27] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe ARM] = C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-12-03] (Adobe Systems Incorporated)
HKU\S-1-5-21-1973649964-2179322711-1725914235-1000\...\RunOnce: [Adobe Speed Launcher] = 1421399958
HKU\S-1-5-21-1973649964-2179322711-1725914235-1000\...\MountPoints2: G - G:\AutoRun.exe
HKU\S-1-5-21-1973649964-2179322711-1725914235-1000\...\MountPoints2: {44bd26c9-91c1-11e4-a5ef-5404a61217ad} - G:\AutoRun.exe
HKU\S-1-5-21-1973649964-2179322711-1725914235-1000\...\MountPoints2: {44bd28c0-91c1-11e4-a5ef-5404a61217ad} - G:\AutoRun.exe
HKU\S-1-5-21-1973649964-2179322711-1725914235-1000\...\MountPoints2: {8526d8f8-9693-11e4-8362-5404a61217ad} - G:\AutoRun.exe
GroupPolicy: Group Policy on Chrome detected ======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction ======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://isearch.omiga-plus.com/?type=hpppts=1421170113from=coruid=HitachiXHTS547550A9E384_J2150050CU2YHCCU2YHCX
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://isearch.omiga-plus.com/?type=hpppts=1421170113from=coruid=HitachiXHTS547550A9E384_J2150050CU2YHCCU2YHCX
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://isearch.omiga-plus.com/web/?type=dsts=1421170045from=coruid=HitachiXHTS547550A9E384_J2150050CU2YHCCU2YHCXq={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://isearch.omiga-plus.com/web/?type=dsts=1421170045from=coruid=HitachiXHTS547550A9E384_J2150050CU2YHCCU2YHCXq={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://isearch.omiga-plus.com/?type=hpppts=1421170113from=coruid=HitachiXHTS547550A9E384_J2150050CU2YHCCU2YHCX
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://isearch.omiga-plus.com/?type=hpppts=1421170113from=coruid=HitachiXHTS547550A9E384_J2150050CU2YHCCU2YHCX
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://isearch.omiga-plus.com/web/?type=dsts=1421170045from=coruid=HitachiXHTS547550A9E384_J2150050CU2YHCCU2YHCXq={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://isearch.omiga-plus.com/web/?type=dsts=1421170045from=coruid=HitachiXHTS547550A9E384_J2150050CU2YHCCU2YHCXq={searchTerms}
HKU\S-1-5-21-1973649964-2179322711-1725914235-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://isearch.omiga-plus.com/web/?type=dsppts=1421170113from=coruid=HitachiXHTS547550A9E384_J2150050CU2YHCCU2YHCXq={searchTerms}
HKU\S-1-5-21-1973649964-2179322711-1725914235-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://isearch.omiga-plus.com/?type=hpppts=1421170113from=coruid=HitachiXHTS547550A9E384_J2150050CU2YHCCU2YHCX
HKU\S-1-5-21-1973649964-2179322711-1725914235-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://isearch.omiga-plus.com/?type=hpppts=1421170113from=coruid=HitachiXHTS547550A9E384_J2150050CU2YHCCU2YHCX
HKU\S-1-5-21-1973649964-2179322711-1725914235-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://isearch.omiga-plus.com/web/?type=dsppts=1421170113from=coruid=HitachiXHTS547550A9E384_J2150050CU2YHCCU2YHCXq={searchTerms}
SearchScopes: HKU\S-1-5-21-1973649964-2179322711-1725914235-1000 - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://isearch.omiga-plus.com/web/?type=dsppts=1421170113from=coruid=HitachiXHTS547550A9E384_J2150050CU2YHCCU2YHCXq={searchTerms}
SearchScopes: HKU\S-1-5-21-1973649964-2179322711-1725914235-1000 - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://isearch.omiga-plus.com/web/?type=dsppts=1421170113from=coruid=HitachiXHTS547550A9E384_J2150050CU2YHCCU2YHCXq={searchTerms}
FF DefaultSearchEngine: omiga-plus
FF SelectedSearchEngine: omiga-plus
FF SearchPlugin: C:\Users\k\AppData\Roaming\Mozilla\Firefox\Profiles\8gu8e8y2.default\searchplugins\omiga-plus.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\omiga-plus.xml
FF Extension: FF Toolbar - C:\Users\k\AppData\Roaming\Mozilla\Firefox\Profiles\8gu8e8y2.default\Extensions\fftoolbar2014@etech.com [2015-01-13]
FF HKLM-x32\...\Firefox\Extensions: [fftoolbar2014@etech.com] - C:\Users\k\AppData\Roaming\Mozilla\Firefox\Profiles\8gu8e8y2.default\extensions\fftoolbar2014@etech.com
R2 IHProtect Service; C:\Program Files (x86)\XTab\ProtectService.exe [158864 2014-12-29] (XTab system)
R2 WindowsMangerProtect; C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe [473088 2015-01-13] (Fuyu LIMITED) [File not signed]
S2 Update Dynamo Combo; "C:\Program Files (x86)\Dynamo Combo\updateDynamoCombo.exe" [X]
S2 Util Dynamo Combo; "C:\Program Files (x86)\Dynamo Combo\bin\utilDynamoCombo.exe" [X]
R1 {ebd8d0c0-e022-4b76-a1f2-bc2963e3a147}Gw64; C:\Windows\System32\drivers\{ebd8d0c0-e022-4b76-a1f2-bc2963e3a147}Gw64.sys [48792 2015-01-13] (StdLib)
2015-01-13 18:28 - 2015-01-13 18:29 - 00000000 ____ D () C:\Program Files (x86)\XTab
2015-01-13 18:28 - 2015-01-13 18:28 - 00000000 ____ D () C:\ProgramData\WindowsMangerProtect
2015-01-13 18:27 - 2015-01-16 09:53 - 00000000 ____ D () C:\Users\k\AppData\Roaming\MailUpdate
2015-01-13 18:27 - 2015-01-13 20:04 - 00000000 ____ D () C:\ProgramData\MailUpdate
EmptyTemp:

Plik zapisz pod nazwą fixlist.txt i umieść obok FRST w tym samym folderze.


(Zyga670) #3

Problem rozwiązany.


(Acorus) #4

Skasuj folder C:\FRST