Omiga plus

Dla specjalistów Bezpieczeństwo
#1

Witam

Jak usunąć niechciane wyskakaujące strony z reklamami i notorycznie ustawiającą sie strone startową omiga plus?

 

http://wklej.org/id/1662298/  FRST

 

http://wklej.org/id/1662302/ ADDITION

 

 

z góry dziękuje

#2

Otwórz notatnik systemowy i wklej:

Task: {1558D864-249C-4BB4-A406-28701DCDCB6E} - System32\Tasks\{B72F951B-A424-405B-B0C4-A76A8BAAA502} = pcalua.exe -a C:\Users\Nika\Downloads\SpyHunter-Installer.exe -d C:\Users\Nika\Downloads
Task: {6DF3C5FC-88B1-4B2F-A842-7730BDF33E93} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3118667746-2820446456-1457910340-1002Core = C:\Users\Nika\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-11-03] (Facebook Inc.)
Task: {D716F4AC-5760-4CBE-9E4C-A38909C9DEE9} - System32\Tasks\FoxTab = C:\Users\Nika\AppData\Roaming\FoxTab\UPDATE~1\UPDATE~1.EXE ==== ATTENTION
Task: {F631ADE5-D9AC-4550-8F93-3972336C45B5} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3118667746-2820446456-1457910340-1002UA = C:\Users\Nika\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-11-03] (Facebook Inc.)
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3118667746-2820446456-1457910340-1002Core.job = C:\Users\Nika\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3118667746-2820446456-1457910340-1002UA.job = C:\Users\Nika\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FoxTab.job = C:\Users\Nika\AppData\Roaming\FoxTab\UPDATE~1\UPDATE~1.EXE ==== ATTENTION
HKLM\...\Run: [ASUS WebStorage] = C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe [1754448 2010-03-16] ()
HKLM\...\Run: [RtHDVBg] = C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2188904 2011-01-18] (Realtek Semiconductor)
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction ======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://isearch.omiga-plus.com/?type=hpppts=1420480634from=coruid=ST9500325AS_6VETFF06XXXX6VETFF06
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://isearch.omiga-plus.com/?type=hpppts=1420480634from=coruid=ST9500325AS_6VETFF06XXXX6VETFF06
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://isearch.omiga-plus.com/web/?type=dsts=1420480619from=coruid=ST9500325AS_6VETFF06XXXX6VETFF06q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://isearch.omiga-plus.com/web/?type=dsts=1420480619from=coruid=ST9500325AS_6VETFF06XXXX6VETFF06q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://isearch.omiga-plus.com/?type=hpppts=1420480634from=coruid=ST9500325AS_6VETFF06XXXX6VETFF06
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://isearch.omiga-plus.com/?type=hpppts=1420480634from=coruid=ST9500325AS_6VETFF06XXXX6VETFF06
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://isearch.omiga-plus.com/web/?type=dsts=1420480619from=coruid=ST9500325AS_6VETFF06XXXX6VETFF06q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://isearch.omiga-plus.com/web/?type=dsts=1420480619from=coruid=ST9500325AS_6VETFF06XXXX6VETFF06q={searchTerms}
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-3118667746-2820446456-1457910340-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-3118667746-2820446456-1457910340-1002\Software\Microsoft\Internet Explorer\Main,Search Page = http://isearch.omiga-plus.com/web/?type=dsppts=1420480634from=coruid=ST9500325AS_6VETFF06XXXX6VETFF06q={searchTerms}
HKU\S-1-5-21-3118667746-2820446456-1457910340-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://isearch.omiga-plus.com/?type=hpppts=1420480634from=coruid=ST9500325AS_6VETFF06XXXX6VETFF06
HKU\S-1-5-21-3118667746-2820446456-1457910340-1002\Software\Microsoft\Internet Explorer\Main,Start Page = http://isearch.omiga-plus.com/?type=hpppts=1420480634from=coruid=ST9500325AS_6VETFF06XXXX6VETFF06
HKU\S-1-5-21-3118667746-2820446456-1457910340-1002\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://isearch.omiga-plus.com/web/?type=dsppts=1420480634from=coruid=ST9500325AS_6VETFF06XXXX6VETFF06q={searchTerms}
SearchScopes: HKU\S-1-5-21-3118667746-2820446456-1457910340-1002 - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://isearch.omiga-plus.com/web/?type=dsppts=1420480634from=coruid=ST9500325AS_6VETFF06XXXX6VETFF06q={searchTerms}
SearchScopes: HKU\S-1-5-21-3118667746-2820446456-1457910340-1002 - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://isearch.omiga-plus.com/web/?type=dsppts=1420480634from=coruid=ST9500325AS_6VETFF06XXXX6VETFF06q={searchTerms}
SearchScopes: HKU\S-1-5-21-3118667746-2820446456-1457910340-1002 - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL =
SearchScopes: HKU\S-1-5-21-3118667746-2820446456-1457910340-1002 - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
BHO: No Name - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - No File
BHO-x32: No Name - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - No File
BHO-x32: No Name - {b608cc98-54de-4775-96c9-097de398500c} - No File
CHR HomePage: Default - hxxp://isearch.omiga-plus.com/?type=hpppts=1420480634from=coruid=ST9500325AS_6VETFF06XXXX6VETFF06
CHR DefaultSearchKeyword: Default - omiga-plus
R2 IHProtect Service; C:\Program Files (x86)\XTab\ProtectService.exe [158864 2014-12-29] (XTab system)
R2 WindowsMangerProtect; C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe [473088 2015-01-05] (Fuyu LIMITED) [File not signed]
2015-03-07 12:13 - 2015-03-07 12:13 - 00000000 ____ D () C:\Users\Nika\AppData\Roaming\eCyber
2015-03-07 12:11 - 2015-03-14 11:42 - 00000000 ____ D () C:\Users\Nika\AppData\Roaming\iSafe
2015-03-07 12:10 - 2015-03-07 12:10 - 00921752 _____ () C:\Users\Nika\Downloads\yet_another_cleaner.exe
2015-03-14 11:52 - 2015-01-05 18:57 - 00000000 ____ D () C:\Program Files (x86)\XTab
EmptyTemp:

Plik zapisz pod nazwą fixlist.txt i umieść obok FRST w tym samym folderze.