Pomoc w usunięciu Omiga Plus

zohan85 · 15 Styczeń 2015 11:20

Witam,

Mam powtarzający się problem z omiga plus i zamiast strony startowej google uruchamia mi się to dziadostowo.

linki:

http://www.wklej.org/id/1596384/

Proszę o pomoc

Pozdrawiam

Acorus · 15 Styczeń 2015 11:32

Brak loga Addition.txt

zohan85 · 15 Styczeń 2015 12:39

Usunąłem co mogłem AdwCleaner

Następnie scan Malwarebytes Anti-Malware

A teraz aktualne linki logów:

FRST: http://wklej.org/id/1596445/

Add: http://wklej.org/id/1596446/

Acorus · 15 Styczeń 2015 12:57

Odinstaluj Adobe Reader X MUI.Otwórz notatnik systemowy i wklej:

HKLM\...\Run: [RTHDVCPL] = C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13267016 2013-01-23] (Realtek Semiconductor)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [35736 2010-11-15] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] = C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [932288 2010-11-15] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [ASUSWebStorage] = C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.6.112\AsusWSPanel.exe [3411328 2012-07-24] (ASUS Cloud Corporation)
HKLM-x32\...\Run: [RemoteControl10] = C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.)
GroupPolicy: Group Policy on Chrome detected ======= ATTENTION
GroupPolicyUsers\S-1-5-21-3542110169-2512472302-62336386-1002\User: Group Policy restriction detected ======= ATTENTION
GroupPolicyUsers\S-1-5-21-3542110169-2512472302-62336386-1001\User: Group Policy restriction detected ======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction ======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction ======= ATTENTION
SearchScopes: HKU\.DEFAULT - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
FF Extension: Better Finder - C:\Users\Michal\AppData\Roaming\Mozilla\Firefox\Profiles\p6hfqdmm.default\Extensions\{142c88f6-8b34-46f3-938d-72ffd58238dc} [2014-12-31]
FF Extension: Solution Real 1.0.1 - C:\Users\Michal\AppData\Roaming\Mozilla\Firefox\Profiles\p6hfqdmm.default\Extensions\{a5c25b9e-3974-4e91-9864-34f9aca33ff3}.xpi [2014-12-29]
CHR StartupUrls: Default - "hxxp://www.gazeta.pl/0,0.html?p=153", "hxxp://www.delta-homes.com/?utm_source=butm_medium=wpm0226utm_campaign=installerutm_content=hpfrom=wpm0226uid=HitachiXHTS542525K9SA00_070829BB0F00WDG40AKCXts=1393416209"
CHR Extension: (Solution Real) - C:\Users\Michal\AppData\Local\Google\Chrome\User Data\Default\Extensions\afladalempchejlhmbamkncpjagacedc [2015-01-13]
2015-01-15 12:23 - 2015-01-15 12:28 - 00000000 ____ D () C:\AdwCleaner
C:\ProgramData\SetStretch.exe
EmptyTemp:

Plik zapisz pod nazwą fixlist.txt i umieść obok FRST w tym samym folderze.

zohan85 · 15 Styczeń 2015 13:41

Dzięki za pomoc

Acorus · 15 Styczeń 2015 13:49

Skasuj folder C:\FRST