Witam, pobrałem dzisiaj programik do sciągania z YT i przy okazji zainstalował mi sie Search Protect. Mam problem z jego usunięciem. Nie ma go nigdzie na komputerze prócz paska zadań. Jest ktoś w stanie pomóc?
OTL : http://wklej.to/PUiAp
Extras : http://wklej.to/ECS24
Pobierz Farbar Recovery Scan Tool http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/ zgodny z wersją systemu 32-bit lub 64-bit.
W logu Addition nie widzę instalacji XTab + WindowsMangerProcces - usuwam je skryptem.
1. Do notatnika wklej i zapisz jako fixlist.txt i kliknij Fix w Interfejsie FRST
Plik fixlist.txt umieść obok programu FRST
CloseProcesses:
(XTab system) C:\Program Files (x86)\XTab\ProtectService.exe
(XTab system) C:\Program Files (x86)\XTab\HPNotify.exe
(Fuyu LIMITED) C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://isearch.omiga-plus.com/?type=hppp&ts=1420886154&from=cor&uid=ST31000528AS_9VPA3XKQXXXX9VPA3XKQ
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://isearch.omiga-plus.com/?type=hppp&ts=1420886154&from=cor&uid=ST31000528AS_9VPA3XKQXXXX9VPA3XKQ
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://isearch.omiga-plus.com/web/?type=ds&ts=1420886117&from=cor&uid=ST31000528AS_9VPA3XKQXXXX9VPA3XKQ&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://isearch.omiga-plus.com/web/?type=ds&ts=1420886117&from=cor&uid=ST31000528AS_9VPA3XKQXXXX9VPA3XKQ&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://isearch.omiga-plus.com/?type=hppp&ts=1420886154&from=cor&uid=ST31000528AS_9VPA3XKQXXXX9VPA3XKQ
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://isearch.omiga-plus.com/?type=hppp&ts=1420886154&from=cor&uid=ST31000528AS_9VPA3XKQXXXX9VPA3XKQ
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://isearch.omiga-plus.com/web/?type=ds&ts=1420886117&from=cor&uid=ST31000528AS_9VPA3XKQXXXX9VPA3XKQ&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://isearch.omiga-plus.com/web/?type=ds&ts=1420886117&from=cor&uid=ST31000528AS_9VPA3XKQXXXX9VPA3XKQ&q={searchTerms}
HKU\S-1-5-21-3681342747-1631071932-2063751330-1001\Software\Microsoft\Internet Explorer\Main,Search Page = http://isearch.omiga-plus.com/web/?type=dspp&ts=1420886154&from=cor&uid=ST31000528AS_9VPA3XKQXXXX9VPA3XKQ&q={searchTerms}
HKU\S-1-5-21-3681342747-1631071932-2063751330-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://isearch.omiga-plus.com/?type=hppp&ts=1420886154&from=cor&uid=ST31000528AS_9VPA3XKQXXXX9VPA3XKQ
HKU\S-1-5-21-3681342747-1631071932-2063751330-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://isearch.omiga-plus.com/?type=hppp&ts=1420886154&from=cor&uid=ST31000528AS_9VPA3XKQXXXX9VPA3XKQ
HKU\S-1-5-21-3681342747-1631071932-2063751330-1001\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://isearch.omiga-plus.com/web/?type=dspp&ts=1420886154&from=cor&uid=ST31000528AS_9VPA3XKQXXXX9VPA3XKQ&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3681342747-1631071932-2063751330-1001 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://isearch.omiga-plus.com/web/?type=dspp&ts=1420886154&from=cor&uid=ST31000528AS_9VPA3XKQXXXX9VPA3XKQ&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3681342747-1631071932-2063751330-1001 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://isearch.omiga-plus.com/web/?type=dspp&ts=1420886154&from=cor&uid=ST31000528AS_9VPA3XKQXXXX9VPA3XKQ&q={searchTerms}
BHO: DVDVideoSoft IE Extension -> {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} -> C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll No File
BHO-x32: DVDVideoSoft IE Extension -> {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} -> C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll No File
BHO-x32: IETabPage Class -> {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} -> C:\Program Files (x86)\XTab\SupTab.dll (Thinknice Co. Limited)
R2 IHProtect Service; C:\Program Files (x86)\XTab\ProtectService.exe [158864 2014-12-29] (XTab system)
2015-01-10 11:35 - 2015-01-10 11:35 - 00000000 ____ D () C:\ProgramData\WindowsMangerProtect
2015-01-10 11:36 - 2015-01-10 12:37 - 00000000 ____ D () C:\Users\Mimol\AppData\Roaming\DVDVideoSoft
2015-01-10 11:36 - 2015-01-10 11:37 - 00000000 ____ D () C:\Program Files (x86)\XTab
2015-01-10 11:36 - 2015-01-10 11:36 - 00000000 ____ D () C:\ProgramData\IHProtectUpDate
R2 WindowsMangerProtect; C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe [473088 2015-01-10] (Fuyu LIMITED) [File not signed]
EmptyTemp:
DeleteQuarantine:
Zmień program Antywirusowy na np. Avast + MalwareBytes Anti-Exploit (W wersji Free).
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Microsoft Security Essentials (Enabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
AS: Microsoft Security Essentials (Enabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
Microsoft Security Essentials nie zapewni ci skutecznej ochrony antywirusowej.
3. Pobierz AdwClaner uruchom go i kliknij szukaj a gdy ukatywni się przycisk usuń kliknij go.
Adwclaner: http://www.bleepingcomputer.com/download/adwcleaner/
4. Wrzuć raport ze skryptu i z Adwclaner (Raport z Adwclaner znajduję się w tym folderze: C:\AdwCleaner) + zrób nowe logi z FRST.
Nowy FRST : http://wklej.to/7cNPX
Nowy Addition : http://wklej.to/dqTBf
Adwclaner : http://wklej.to/Nv3rT
Avast + MalvareBytes sciągnięte.
Search Protect został usunięty, dzięki wielkie za pomoc 
Ok - Kończymy.
Pozdrawiam,
Michał.