Wyszukiwarka Omiga Plus i wolno działający komputer


(SGF_) #1

Witam, proszę o sprawdzenie logów z tego komputera, zainstalowany jest na nim pewien syf (wyszukiwarka Omiga, jakiś program Bonjour itd.), pojawiają się informacje z Windowsa o potencjalnie niechcianym oprogramowaniu (BrowserModifier:Win32/SupTab), do tego komputer wolno pracuje, scrollowanie przeglądarki się zacina, a szybki internet działa również bardzo słabo. Dorzucam logi:

FRST -> http://www.wklej.org/id/1785455/

Addition -> http://www.wklej.org/id/1785457/

Shortcut -> http://www.wklej.org/id/1785458/

 

Z góry dziękuję.


(Acorus) #2

Otwórz notatnik systemowy i wklej:

Task: {D487BB01-F874-40D7-A65D-99EB7BAED9F1} - System32\Tasks\{8EAF9FFD-5528-4CD9-BC9B-897D67EC0321} = pcalua.exe -a C:\Users\user\AppData\Roaming\omiga-plus\UninstallManager.exe -c -ptid=cor ==== UWAGA
HKLM-x32\...\Run: [mobilegeni daemon] = C:\Program Files (x86)\Mobogenie\DaemonProcess.exe
HKU\S-1-5-21-3895694228-1441834800-3820288221-1000\...\Run: [NextLive] = C:\Windows\SysWOW64\rundll32.exe "C:\Users\user\AppData\Roaming\newnext.me\nengine.dll",EntryPoint -m l
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://isearch.omiga-plus.com/?type=hpppts=1422905215from=coruid=HitachiXHTS543232A7A384_E203421L2VWR8J2VWR8JX
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://isearch.omiga-plus.com/web/?type=dsts=1422905140from=coruid=HitachiXHTS543232A7A384_E203421L2VWR8J2VWR8JXq={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://isearch.omiga-plus.com/?type=hpppts=1422905215from=coruid=HitachiXHTS543232A7A384_E203421L2VWR8J2VWR8JX
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://isearch.omiga-plus.com/?type=hpppts=1422905215from=coruid=HitachiXHTS543232A7A384_E203421L2VWR8J2VWR8JX
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://isearch.omiga-plus.com/web/?type=dsts=1422905140from=coruid=HitachiXHTS543232A7A384_E203421L2VWR8J2VWR8JXq={searchTerms}
HKU\S-1-5-21-3895694228-1441834800-3820288221-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://isearch.omiga-plus.com/?type=hpppts=1422905215from=coruid=HitachiXHTS543232A7A384_E203421L2VWR8J2VWR8JX
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://isearch.omiga-plus.com/web/?type=dsppts=1422905215from=coruid=HitachiXHTS543232A7A384_E203421L2VWR8J2VWR8JXq={searchTerms}
SearchScopes: HKLM - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://isearch.omiga-plus.com/web/?type=dsppts=1422905215from=coruid=HitachiXHTS543232A7A384_E203421L2VWR8J2VWR8JXq={searchTerms}
SearchScopes: HKLM-x32 - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://isearch.omiga-plus.com/web/?type=dsts=1422905140from=coruid=HitachiXHTS543232A7A384_E203421L2VWR8J2VWR8JXq={searchTerms}
SearchScopes: HKLM-x32 - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://isearch.omiga-plus.com/web/?type=dsts=1422905140from=coruid=HitachiXHTS543232A7A384_E203421L2VWR8J2VWR8JXq={searchTerms}
SearchScopes: HKU\S-1-5-21-3895694228-1441834800-3820288221-1000 - {139EA572-E48E-4B64-B199-A526E8648793} URL = hxxp://isearch.omiga-plus.com/web/?utm_source=butm_medium=corutm_campaign=install_ieutm_content=dsfrom=coruid=HitachiXHTS543232A7A384_E203421L2VWR8J2VWR8JXts=1422905260type=defaultq={searchTerms}
SearchScopes: HKU\S-1-5-21-3895694228-1441834800-3820288221-1000 - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
BHO-x32: FindRight - {2c774641-5504-46a8-b63f-6715ae3fe376} - C:\Program Files (x86)\FindRight\FindRightBHO.dll Brak pliku
BHO-x32: IETabPage Class - {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} - C:\Program Files (x86)\XTab\SupTab.dll [2015-01-16] (Thinknice Co. Limited)
FF SelectedSearchEngine: omiga-plus
FF SearchPlugin: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\626ga1mk.default\searchplugins\omiga-plus.xml [2015-02-02]
FF Extension: FF Toolbar - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\626ga1mk.default\Extensions\fftoolbar2014@etech.com [2015-02-02]
FF HKLM-x32\...\Firefox\Extensions: [fftoolbar2014@etech.com] - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\626ga1mk.default\extensions\fftoolbar2014@etech.com
FF HKLM-x32\...\Firefox\Extensions: [faststartff@gmail.com] - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\626ga1mk.default\extensions\faststartff@gmail.com
S3 ASUSProcObsrv; \\C:\Users\user\Desktop\U82U\I386\AsPrOb64.sys [X]
S3 ewusbnet; system32\DRIVERS\ewusbnet.sys [X]
EmptyTemp:

Plik zapisz pod nazwą fixlist.txt i umieść obok FRST w tym samym folderze.