Problem z reklamami - Usunięcie Omiga i pozostałe

zyga435 · 19 Styczeń 2015 15:04

Witam,

Na komputerze znajomego pojawiło się wiele reklam, odinstalowałem z panelu sterowania podejrzane programy m.in Omiga Plus.

Logi :

FRST - http://wklej.org/hash/59e963bdd82/

Addition - http://wklej.org/hash/a85adb7dab9/

Proszę o spojrzenie czy trzeba coś jeszcze usunać. Dziękuję za pomoc.

Acorus · 19 Styczeń 2015 15:47

Otwórz notatnik systemowy i wklej:

Task: {0DC47CF5-E4E3-4A12-A053-FE8107CA0BB5} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1732323328-357198868-1962685076-1001UA = C:\Users\Startklaar\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-03-26] (Facebook Inc.)
Task: {1BD9E84B-493D-452F-9996-D822E7BE9A82} - System32\Tasks\45008f83-45f6-4cb3-bfb2-7e51f0750adf-5_user = C:\Program Files (x86)\MPlayerPlusvideo4\45008f83-45f6-4cb3-bfb2-7e51f0750adf-5.exe [2015-01-18] (MDplay+version) ==== ATTENTION
Task: {1C7DDDFC-C48C-443B-84ED-E70A1D73E6E4} - System32\Tasks\45008f83-45f6-4cb3-bfb2-7e51f0750adf-6 = C:\Program Files (x86)\MPlayerPlusvideo4\45008f83-45f6-4cb3-bfb2-7e51f0750adf-6.exe ==== ATTENTION
Task: {3D29AD52-38E1-4973-9A19-AE8C4F29BA65} - System32\Tasks\45008f83-45f6-4cb3-bfb2-7e51f0750adf-5 = C:\Program Files (x86)\MPlayerPlusvideo4\45008f83-45f6-4cb3-bfb2-7e51f0750adf-5.exe [2015-01-18] (MDplay+version) ==== ATTENTION
Task: {3F1577A3-92D5-4448-AA13-085DF9C0D483} - System32\Tasks\45008f83-45f6-4cb3-bfb2-7e51f0750adf-2 = C:\Program Files (x86)\MPlayerPlusvideo4\45008f83-45f6-4cb3-bfb2-7e51f0750adf-2.exe [2015-01-18] (MDplay+version) ==== ATTENTION
Task: {40A267C9-C3FE-4D27-BDB2-1D6A843EE180} - System32\Tasks\45008f83-45f6-4cb3-bfb2-7e51f0750adf-10_user = C:\Program Files (x86)\MPlayerPlusvideo4\45008f83-45f6-4cb3-bfb2-7e51f0750adf-10.exe [2015-01-18] (MDplay+version) ==== ATTENTION
Task: {530D7242-4697-43EC-A6C5-6E983AE7AD99} - System32\Tasks\45008f83-45f6-4cb3-bfb2-7e51f0750adf-11 = C:\Program Files (x86)\MPlayerPlusvideo4\45008f83-45f6-4cb3-bfb2-7e51f0750adf-11.exe [2015-01-18] (MDplay+version) ==== ATTENTION
Task: {60BBA24C-A2A9-4900-9161-7F6D6C6B6AD8} - System32\Tasks\45008f83-45f6-4cb3-bfb2-7e51f0750adf-3 = C:\Program Files (x86)\MPlayerPlusvideo4\45008f83-45f6-4cb3-bfb2-7e51f0750adf-3.exe [2015-01-18] (MDplay+version) ==== ATTENTION
Task: {9BD6F228-F798-444B-AFF1-2A6D254D5881} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1732323328-357198868-1962685076-1001Core = C:\Users\Startklaar\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-03-26] (Facebook Inc.)
Task: {A24A216C-8EB2-4241-B1B0-3DC9BFE9229C} - System32\Tasks\45008f83-45f6-4cb3-bfb2-7e51f0750adf-7 = C:\Program Files (x86)\MPlayerPlusvideo4\45008f83-45f6-4cb3-bfb2-7e51f0750adf-7.exe [2015-01-18] (MDplay+version) ==== ATTENTION
Task: {ACA39FE1-1322-4892-9884-51B06EF46ED2} - System32\Tasks\45008f83-45f6-4cb3-bfb2-7e51f0750adf-1 = C:\Program Files (x86)\MPlayerPlusvideo4\MPlayerPlusvideo4-codedownloader.exe [2015-01-18] (MDplay+version) ==== ATTENTION
Task: {B0A8EB63-3CE5-4CE4-A7CD-4939552D3585} - System32\Tasks\45008f83-45f6-4cb3-bfb2-7e51f0750adf-4 = C:\Program Files (x86)\MPlayerPlusvideo4\45008f83-45f6-4cb3-bfb2-7e51f0750adf-4.exe ==== ATTENTION
Task: {BC5A5CBC-268C-4BBD-856A-644208067EEB} - System32\Tasks\DQBG = C:\Users\Startklaar\AppData\Roaming\DQBG.exe [2015-01-18] (MDplay+version) ==== ATTENTION
Task: C:\Windows\Tasks\45008f83-45f6-4cb3-bfb2-7e51f0750adf-1.job = C:\Program Files (x86)\MPlayerPlusvideo4\MPlayerPlusvideo4-codedownloader.exe ==== ATTENTION
Task: C:\Windows\Tasks\45008f83-45f6-4cb3-bfb2-7e51f0750adf-10_user.job = C:\Program Files (x86)\MPlayerPlusvideo4\45008f83-45f6-4cb3-bfb2-7e51f0750adf-10.exe ==== ATTENTION
Task: C:\Windows\Tasks\45008f83-45f6-4cb3-bfb2-7e51f0750adf-11.job = C:\Program Files (x86)\MPlayerPlusvideo4\45008f83-45f6-4cb3-bfb2-7e51f0750adf-11.exe ==== ATTENTION
Task: C:\Windows\Tasks\45008f83-45f6-4cb3-bfb2-7e51f0750adf-2.job = C:\Program Files (x86)\MPlayerPlusvideo4\45008f83-45f6-4cb3-bfb2-7e51f0750adf-2.exe ==== ATTENTION
Task: C:\Windows\Tasks\45008f83-45f6-4cb3-bfb2-7e51f0750adf-3.job = C:\Program Files (x86)\MPlayerPlusvideo4\45008f83-45f6-4cb3-bfb2-7e51f0750adf-3.exe ==== ATTENTION
Task: C:\Windows\Tasks\45008f83-45f6-4cb3-bfb2-7e51f0750adf-4.job = C:\Program Files (x86)\MPlayerPlusvideo4\45008f83-45f6-4cb3-bfb2-7e51f0750adf-4.exe ==== ATTENTION
Task: C:\Windows\Tasks\45008f83-45f6-4cb3-bfb2-7e51f0750adf-5.job = C:\Program Files (x86)\MPlayerPlusvideo4\45008f83-45f6-4cb3-bfb2-7e51f0750adf-5.exe ==== ATTENTION
Task: C:\Windows\Tasks\45008f83-45f6-4cb3-bfb2-7e51f0750adf-5_user.job = C:\Program Files (x86)\MPlayerPlusvideo4\45008f83-45f6-4cb3-bfb2-7e51f0750adf-5.exe ==== ATTENTION
Task: C:\Windows\Tasks\45008f83-45f6-4cb3-bfb2-7e51f0750adf-6.job = C:\Program Files (x86)\MPlayerPlusvideo4\45008f83-45f6-4cb3-bfb2-7e51f0750adf-6.exe ==== ATTENTION
Task: C:\Windows\Tasks\45008f83-45f6-4cb3-bfb2-7e51f0750adf-7.job = C:\Program Files (x86)\MPlayerPlusvideo4\45008f83-45f6-4cb3-bfb2-7e51f0750adf-7.exe ==== ATTENTION
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1732323328-357198868-1962685076-1001Core.job = C:\Users\Startklaar\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1732323328-357198868-1962685076-1001UA.job = C:\Users\Startklaar\AppData\Local\Facebook\Update\FacebookUpdate.exe
HKLM-x32\...\Run: [] = [X]
HKLM-x32\...\Run: [gmsd_nl_51] = [X]
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-21-1732323328-357198868-1962685076-1001\...\Run: [Facebook Update] = C:\Users\Startklaar\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2014-03-26] (Facebook Inc.)
AppInit_DLLs: C:\PROGRA~2\MUSICT~1\Datamngr\x64\mgrldr.dll = C:\PROGRA~2\MUSICT~1\Datamngr\x64\mgrldr.dll File Not Found
IFEO\bitguard.exe: [Debugger] tasklist.exe
IFEO\bprotect.exe: [Debugger] tasklist.exe
IFEO\bpsvc.exe: [Debugger] tasklist.exe
IFEO\browserdefender.exe: [Debugger] tasklist.exe
IFEO\browserprotect.exe: [Debugger] tasklist.exe
IFEO\browsersafeguard.exe: [Debugger] tasklist.exe
IFEO\dprotectsvc.exe: [Debugger] tasklist.exe
IFEO\protectedsearch.exe: [Debugger] tasklist.exe
IFEO\searchprotection.exe: [Debugger] tasklist.exe
IFEO\searchprotector.exe: [Debugger] tasklist.exe
IFEO\snapdo.exe: [Debugger] tasklist.exe
IFEO\stinst32.exe: [Debugger] tasklist.exe
IFEO\stinst64.exe: [Debugger] tasklist.exe
IFEO\utiljumpflip.exe: [Debugger] tasklist.exe
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction ======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://isearch.omiga-plus.com/web/?type=dsts=1421595459from=tugsuid=HGSTXHTS545050A7E680_131029TM8514GL003H5RXq={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://isearch.omiga-plus.com/web/?type=dsts=1421595459from=tugsuid=HGSTXHTS545050A7E680_131029TM8514GL003H5RXq={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://isearch.omiga-plus.com/?type=hpts=1421595459from=tugsuid=HGSTXHTS545050A7E680_131029TM8514GL003H5RX
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://isearch.omiga-plus.com/?type=hpts=1421595459from=tugsuid=HGSTXHTS545050A7E680_131029TM8514GL003H5RX
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://isearch.omiga-plus.com/web/?type=dsts=1421595459from=tugsuid=HGSTXHTS545050A7E680_131029TM8514GL003H5RXq={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://isearch.omiga-plus.com/web/?type=dsts=1421595459from=tugsuid=HGSTXHTS545050A7E680_131029TM8514GL003H5RXq={searchTerms}
HKU\S-1-5-21-1732323328-357198868-1962685076-1001\Software\Microsoft\Internet Explorer\Main,Search Page = http://isearch.omiga-plus.com/web/?type=dsts=1421595459from=tugsuid=HGSTXHTS545050A7E680_131029TM8514GL003H5RXq={searchTerms}
HKU\S-1-5-21-1732323328-357198868-1962685076-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://isearch.omiga-plus.com/?type=hpts=1421595459from=tugsuid=HGSTXHTS545050A7E680_131029TM8514GL003H5RX
HKU\S-1-5-21-1732323328-357198868-1962685076-1001\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://isearch.omiga-plus.com/web/?type=dsts=1421595459from=tugsuid=HGSTXHTS545050A7E680_131029TM8514GL003H5RXq={searchTerms}
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe http://isearch.omiga-plus.com/?type=scts=1421595459from=tugsuid=HGSTXHTS545050A7E680_131029TM8514GL003H5RX
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - {77AA745B-F4F8-45DA-9B14-61D2D95054C8} URL =
SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2459} URL = http://dts.search.ask.com/sr?src=iebgct=dsappid=167systemid=459v=n11474-298apn_uid=3327548140614007apn_dtid=BND103o=APN10652apn_ptnrs=AGDq={searchTerms}
SearchScopes: HKLM-x32 - DefaultScope value is missing.
SearchScopes: HKLM-x32 - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2459} URL = http://dts.search.ask.com/sr?src=iebgct=dsappid=167systemid=459v=n11474-298apn_uid=3327548140614007apn_dtid=BND103o=APN10652apn_ptnrs=AGDq={searchTerms}
SearchScopes: HKU\S-1-5-21-1732323328-357198868-1962685076-1001 - CC6667D8A40144BBB8B46021DB9565A4 URL = http://start.mysearchdial.com/results.php?f=4q={searchTerms}a=ir_14_13_iecd=2XzuyEtN2Y1L1QzutAyEtBtAzzyBzztAyBtDtCyCzy0A0EzytN0D0Tzu0SzztCyCtN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1PtN1L1G1B1V1N2Y1L1Qzu2StCtBtB0EtCyDtDtBtG0BtAzy0EtG0BtAzytCtGyE0A0C0FtGtB0FzztA0F0FyCzzyBzytCtA2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCyCtD0BtDyBtAyBtGtByByDyBtGyCyCtA0BtGtBtCzyyBtGyE0E0E0FyCtB0C0C0FzztCyE2Qcr=93079557ir=
SearchScopes: HKU\S-1-5-21-1732323328-357198868-1962685076-1001 - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://isearch.omiga-plus.com/web/?type=dsts=1421595459from=tugsuid=HGSTXHTS545050A7E680_131029TM8514GL003H5RXq={searchTerms}
SearchScopes: HKU\S-1-5-21-1732323328-357198868-1962685076-1001 - {427067C1-29B0-41E4-A8FA-C00765F895D0} URL = http://rover.ebay.com/rover/1/1346-81661-16445-14/4?mpre=http://shop.ebay.nl/?oemInLn=ieSrch-_nkw={searchTerms}
SearchScopes: HKU\S-1-5-21-1732323328-357198868-1962685076-1001 - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2459} URL = http://dts.search.ask.com/sr?src=iebgct=dsappid=167systemid=459v=n11474-298apn_uid=3327548140614007apn_dtid=BND103o=APN10652apn_ptnrs=AGDq={searchTerms}
BHO: No Name - {11111111-1111-1111-1111-110611791113} - No File
BHO-x32: No Name - {11111111-1111-1111-1111-110611791113} - No File
BHO-x32: No Name - {e8150ff6-e972-4a0e-80f2-8ac633ec148a} - No File
BHO-x32: No Name - {EF5625A3-37AB-4BDB-9875-2A3D91CD0DFD} - No File
Toolbar: HKLM-x32 - No Name - {e8150ff6-e972-4a0e-80f2-8ac633ec148a} - No File
Toolbar: HKLM-x32 - No Name - {3004627E-F8E9-4E8B-909D-316753CBA923} - No File
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\Ask.xml
FF HKLM-x32\...\Firefox\Extensions: [fftoolbar2014@etech.com] - C:\Users\Startklaar\AppData\Roaming\Mozilla\Firefox\Profiles\haxki1ak.default\extensions\fftoolbar2014@etech.com
FF HKLM-x32\...\Firefox\Extensions: [faststartff@gmail.com] - C:\Users\Startklaar\AppData\Roaming\Mozilla\Firefox\Profiles\haxki1ak.default\extensions\faststartff@gmail.com
CHR StartupUrls: Default - "hxxp://www.msn.com/?pc=UP97ocid=UP97DHP", "hxxp://isearch.omiga-plus.com/?type=hpts=1421595459from=tugsuid=HGSTXHTS545050A7E680_131029TM8514GL003H5RX"
CHR HKU\S-1-5-21-1732323328-357198868-1962685076-1001\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - No Path
S3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [X]
U3 ad013n4g; C:\Windows\System32\Drivers\ad013n4g.sys [0] (Intel Corporation) ==== ATTENTION (zero size file/folder)
S2 VBoxAswDrv; \\C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [X]
EmptyTemp:

Plik zapisz pod nazwą fixlist.txt i umieść obok FRST w tym samym folderze.