Wirus omiga - plus

Dla specjalistów Bezpieczeństwo
#1

Witam,

 

Proszę o pomoc w związku z wirusem omiga - plus. 

 

raport z AdwCleaner http://wklej.org/id/1637227/

Raport FRST http://wklej.org/id/1637228/

Addition http://wklej.org/id/1637231/

 

Pozdrawiam.

#2

Otwórz notatnik systemowy i wklej:

Task: {9B57C275-FA9C-4E55-8CE7-1FB7E3469C74} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1400768014-3960579650-521054622-1000Core = C:\Users\abc\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-06-25] (Facebook Inc.)
Task: {D20404F6-B5A2-4CE2-BD47-2877CA4AD8BF} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1400768014-3960579650-521054622-1000UA = C:\Users\abc\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-06-25] (Facebook Inc.)
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1400768014-3960579650-521054622-1000Core.job = C:\Users\abc\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1400768014-3960579650-521054622-1000UA.job = C:\Users\abc\AppData\Local\Facebook\Update\FacebookUpdate.exe
HKLM\...\Run: [NeroFilterCheck] = C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [153136 2007-03-01] (Nero AG)
HKLM\...\Run: [AdobeCEPServiceManager] = C:\Program Files\Common Files\Adobe\CEPServiceManager4\CEPServiceManager.exe [1039240 2013-05-16] (Adobe Systems Incorporated)
HKLM\...\Run: [SunJavaUpdateSched] = C:\Program Files\Common Files\Java\Java Update\jusched.exe [507776 2014-10-07] (Oracle Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] = C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [557768 2014-10-14] (Adobe Systems Incorporated)
HKLM\...\Run: [SwitchBoard] = C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM\...\Run: [AdobeCS6ServiceManager] = C:\Program Files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKU\S-1-5-21-1400768014-3960579650-521054622-1000\...\Run: [AdobeBridge] = [X]
GroupPolicy: Group Policy on Chrome detected ======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction ======= ATTENTION
SearchScopes: HKU\.DEFAULT - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-80-2872255330-672591203-888807865-2791174282-1554802921 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-80-2885764129-887777008-271615777-1616004480-2722851051 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
FF Extension: Round World 1.0.1 - C:\Users\abc\AppData\Roaming\Mozilla\Firefox\Profiles\6dgfe6vg.default\Extensions\{7eca9cfa-8eb0-4cc4-b008-3419a1b1582a}.xpi [2015-02-16]
CHR StartupUrls: Default - "https://www.google.com/?trackid=sp-006", "hxxp://isearch.omiga-plus.com/?type=hpppts=1423041801from=coruid=WDCXWD5000AAKX-00ERMA0_WD-WCC2EUK5812858128"
CHR DefaultSearchKeyword: Default - omiga-plus
CHR Extension: (Round World) - C:\Users\abc\AppData\Local\Google\Chrome\User Data\Default\Extensions\egkpojibogaemajbehmhdkfadcjmnnae [2015-02-14]
2015-02-16 16:17 - 2015-02-16 16:30 - 00000000 ____ D () C:\AdwCleaner
EmptyTemp:

Plik zapisz pod nazwą fixlist.txt i umieść obok FRST w tym samym folderze.