VIRY.CZ

Přeji dobrý den.

Prosím o pomoc.
Chtěl jsem si stáhnout jeden torrent a omylem jsem klikl ne na torrent ale na nějaký program pro stahování torrentů, takže se neplánovaně spustila instalace a zavlekla mi do PC asi nějaké svinstvo. Pro torrenty mám svůj mTorrent.
Odstranil jsem asi většinu toho programu, ale po spuštění Chrome mi neustále naskakuje stránka http://isearch.omiga-plus.com/ které se neumím zbavit.
Prosím tedy o kontrolu logu.
Děkuji.

----------------------------------------------
P.S. Nedaří se mi odeslat ten log FRST, jelikož to má strašně moc znaků. Asi 5 x více nežli mi povoluje limit fóra.
Posílám to tedy v příloze.

Zdravím!
Spusťte nejprve tuto utilitu:

Stáhněte AdwCleaner http://www.stahuj.centrum.cz/utility_a_ ... dwcleaner/
Uložte na plochu
Ukončete všechny programy
Klikněte nejprve >Scan< a potom na >Clean< (smazat)
Proběhne skenováni a pak se objeví log, který sem vložte.

Díky.
Posílám ten log:

---------------------
# AdwCleaner v4.106 - Report created 25/12/2014 at 12:15:20
# Updated 21/12/2014 by Xplode
# Database : 2014-12-21.4 [Live]
# Operating System : Windows 8.1 Pro (64 bits)
# Username : Milan - MILAN
# Running from : D:\Staženo z webu\adwcleaner_4.106.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\Reimage Protector
Folder Deleted : C:\Program Files (x86)\globalUpdate
Folder Deleted : C:\Users\Milan\AppData\Local\globalUpdate
Folder Deleted : C:\Users\Milan\AppData\Roaming\Solvusoft
File Deleted : C:\WINDOWS\Reimage.ini
File Deleted : C:\WINDOWS\System32\roboot64.exe
File Deleted : C:\Users\Milan\AppData\Roaming\Mozilla\Firefox\Profiles\r3jpb4vn.default\user.js
File Deleted : C:\Users\Milan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.audienceinsights.net_0.localstorage

***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****

Shortcut Disinfected : C:\Users\Public\Desktop\Mozilla Firefox.lnk
Shortcut Disinfected : C:\Users\Milan\Desktop\Google Chrome.lnk
Shortcut Disinfected : C:\Users\Milan\Desktop\Internet Explorer.lnk
Shortcut Disinfected : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
Shortcut Disinfected : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk
Shortcut Disinfected : C:\Users\Milan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
Shortcut Disinfected : C:\Users\Milan\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
Shortcut Disinfected : C:\Users\Milan\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk
Shortcut Disinfected : C:\Users\Milan\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C007DADD-132A-624C-088E-59EE6CF0711F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKCU\Software\GlobalUpdate
Key Deleted : HKCU\Software\Reimage
Key Deleted : [x64] HKLM\SOFTWARE\Reimage
Key Deleted : [x64] HKLM\SOFTWARE\TornTv Downloader

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17416


-\\ Mozilla Firefox v34.0.5 (x86 cs)

[r3jpb4vn.default\prefs.js] - Line Deleted : user_pref("browser.search.defaultenginename", "omiga-plus");

-\\ Google Chrome v40.0.2214.45

[C:\Users\Milan\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4
[C:\Users\Milan\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.conduit.com/Results.aspx?q={searchTerms}&SearchSource=49&ctid=CT2801948
[C:\Users\Milan\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.conduit.com/Results.aspx?q={searchTerms}&SearchSource=49&ctid=CT2801948
[C:\Users\Milan\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://start.funmoods.com/results.php?f=4&a=ddrnw&q={searchTerms}
[C:\Users\Milan\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://isearch.omiga-plus.com/web/?type=ds&ts=1419498054&from=ild&uid=ST3250410AS_6RY7RG1R&q={searchTerms}
[C:\Users\Milan\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://isearch.omiga-plus.com/web/?type=ds&ts=1419498054&from=ild&uid=ST3250410AS_6RY7RG1R&q={searchTerms}
[C:\Users\Milan\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://isearch.omiga-plus.com/web/?type=ds&ts=1419498054&from=ild&uid=ST3250410AS_6RY7RG1R&q={searchTerms}
[C:\Users\Milan\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://isearch.omiga-plus.com/web/?type=ds&ts=1419498054&from=ild&uid=ST3250410AS_6RY7RG1R&q={searchTerms}
[C:\Users\Milan\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://en.softonic.com/s/{searchTerms}

*************************

AdwCleaner[R0].txt - [12763 octets] - [14/12/2014 10:24:44]
AdwCleaner[R1].txt - [3599 octets] - [25/12/2014 12:11:31]
AdwCleaner[S0].txt - [12458 octets] - [14/12/2014 10:26:42]
AdwCleaner[S1].txt - [4408 octets] - [25/12/2014 12:15:20]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [4468 octets] ##########

Dejte nový log FRST.

Posílám log zase v příloze.
Když teď otevřu Chrome tak mi najede opět na první kartě moje pošta, ale pak se otevře druká karta s tím vyhledávačem omiga.

Aha - tak ta druhá stránka se tam sama přidala. Stačilo jen změnit nastavení v Chrome - skupina stránek - a ke to OK.

Otevřte poznámkový blok a zkopírujte do něj:

Start
HKU\S-1-5-21-2007596338-2558511808-3841995970-1001\...\MountPoints2: {2c38ff37-4c07-11e2-be76-00215a5a544d} - "G:\sources\setup.exe"
ShellIconOverlayIdentifiers: [HubicPublishedItemOverlayHandler] -> {7C76B697-27DF-4CFF-9909-863905561298} => C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers: [HubicSyncItemOverlayHandler] -> {9B497753-D273-4A80-9DE8-72248D7FA595} => C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers: [HubicUnsyncItemOverlayHandler] -> {D5454A6E-0904-4BA3-9E4A-240A5080259D} => C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
C:\WINDOWS\system32\mscoree.dll
FF Plugin-x32: @videolan.org/vlc,version=2.1.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll No File
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll No File
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll No File
FF Extension: No Name - C:\Users\Milan\AppData\Roaming\Mozilla\Firefox\Profiles\r3jpb4vn.default\extensions\5760ec0d6ec24a119c6398f@fa137c6b34f842bd805263bee28d76.com [Not Found]
FF Extension: No Name - C:\Users\Milan\AppData\Roaming\Mozilla\Firefox\Profiles\r3jpb4vn.default\extensions\faststartff@gmail.com [Not Found]
FF Extension: No Name - 5760ec0d6ec24a119c6398f@fa137c6b34f842bd805263bee28d76.com [Not Found]
CHR StartupUrls: Default -> "https://mail.google.com/mail/?shva=1#inbox", "hxxp://isearch.omiga-plus.com/?type=hp&ts=1419498054&from=ild&uid=ST3250410AS_6RY7RG1R"
C:\WINDOWS\Tasks\PTTOQ.job
C:\WINDOWS\System32\Tasks\PTTOQ
C:\WINDOWS\Tasks\XPEQGO.job
C:\WINDOWS\System32\Tasks\XPEQGO
C:\Users\Public\Desktop\JUJU.lnk
C:\Users\Milan\AppData\Local\Temp
End

Uložte do D:\Staženo z webu jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.

Posílám ten Log:

-------------------------
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 24-12-2014
Ran by Milan at 2014-12-25 20:13:37 Run:1
Running from D:\Staženo z webu
Loaded Profile: Milan (Available profiles: Milan & Guest)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
Start
HKU\S-1-5-21-2007596338-2558511808-3841995970-1001\...\MountPoints2: {2c38ff37-4c07-11e2-be76-00215a5a544d} - "G:\sources\setup.exe"
ShellIconOverlayIdentifiers: [HubicPublishedItemOverlayHandler] -> {7C76B697-27DF-4CFF-9909-863905561298} => C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers: [HubicSyncItemOverlayHandler] -> {9B497753-D273-4A80-9DE8-72248D7FA595} => C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers: [HubicUnsyncItemOverlayHandler] -> {D5454A6E-0904-4BA3-9E4A-240A5080259D} => C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
C:\WINDOWS\system32\mscoree.dll
FF Plugin-x32: @videolan.org/vlc,version=2.1.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll No File
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll No File
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll No File
FF Extension: No Name - C:\Users\Milan\AppData\Roaming\Mozilla\Firefox\Profiles\r3jpb4vn.default\extensions\5760ec0d6ec24a119c6398f@fa137c6b34f842bd805263bee28d76.com [Not Found]
FF Extension: No Name - C:\Users\Milan\AppData\Roaming\Mozilla\Firefox\Profiles\r3jpb4vn.default\extensions\faststartff@gmail.com [Not Found]
FF Extension: No Name - 5760ec0d6ec24a119c6398f@fa137c6b34f842b ... e28d76.com [Not Found]
CHR StartupUrls: Default -> "https://mail.google.com/mail/?shva=1#inbox", "hxxp://isearch.omiga-plus.com/?type=hp&ts=1419498054&from=ild&uid=ST3250410AS_6RY7RG1R"
C:\WINDOWS\Tasks\PTTOQ.job
C:\WINDOWS\System32\Tasks\PTTOQ
C:\WINDOWS\Tasks\XPEQGO.job
C:\WINDOWS\System32\Tasks\XPEQGO
C:\Users\Public\Desktop\JUJU.lnk
C:\Users\Milan\AppData\Local\Temp
End
*****************

"HKU\S-1-5-21-2007596338-2558511808-3841995970-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2c38ff37-4c07-11e2-be76-00215a5a544d}" => Key deleted successfully.
HKCR\CLSID\{2c38ff37-4c07-11e2-be76-00215a5a544d} => Key not found.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\HubicPublishedItemOverlayHandler" => Key deleted successfully.
"HKCR\CLSID\{7C76B697-27DF-4CFF-9909-863905561298}" => Key deleted successfully.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\HubicSyncItemOverlayHandler" => Key deleted successfully.
"HKCR\CLSID\{9B497753-D273-4A80-9DE8-72248D7FA595}" => Key deleted successfully.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\HubicUnsyncItemOverlayHandler" => Key deleted successfully.
"HKCR\CLSID\{D5454A6E-0904-4BA3-9E4A-240A5080259D}" => Key deleted successfully.
C:\WINDOWS\system32\mscoree.dll => Moved successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=2.1.0" => Key deleted successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=2.1.2" => Key deleted successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=2.1.3" => Key deleted successfully.
C:\Users\Milan\AppData\Roaming\Mozilla\Firefox\Profiles\r3jpb4vn.default\extensions\5760ec0d6ec24a119c6398f@fa137c6b34f842bd805263bee28d76.com not found.
C:\Users\Milan\AppData\Roaming\Mozilla\Firefox\Profiles\r3jpb4vn.default\extensions\faststartff@gmail.com not found.
FF Extension: No Name - 5760ec0d6ec24a119c6398f@fa137c6b34f842b ... e28d76.com [Not Found] not found.
Chrome StartupUrls deleted successfully.
C:\WINDOWS\Tasks\PTTOQ.job => Moved successfully.
C:\WINDOWS\System32\Tasks\PTTOQ => Moved successfully.
C:\WINDOWS\Tasks\XPEQGO.job => Moved successfully.
C:\WINDOWS\System32\Tasks\XPEQGO => Moved successfully.
C:\Users\Public\Desktop\JUJU.lnk => Moved successfully.

"C:\Users\Milan\AppData\Local\Temp" directory move:

C:\Users\Milan\AppData\Local\Temp\403390.exe.exe => Moved successfully.
C:\Users\Milan\AppData\Local\Temp\ack.txt => Moved successfully.
C:\Users\Milan\AppData\Local\Temp\adwcleaner.db => Moved successfully.
C:\Users\Milan\AppData\Local\Temp\AdwCleaner.jpg => Moved successfully.
C:\Users\Milan\AppData\Local\Temp\Cleaning.ico => Moved successfully.
C:\Users\Milan\AppData\Local\Temp\cmunst_.exe => Moved successfully.
C:\Users\Milan\AppData\Local\Temp\downloader log.txt => Moved successfully.
C:\Users\Milan\AppData\Local\Temp\downloader_version.xml => Moved successfully.
C:\Users\Milan\AppData\Local\Temp\EULA.txt => Moved successfully.
C:\Users\Milan\AppData\Local\Temp\FBFDE863-3C17-4B82-A5D1-9B8ED5BE6B40.tmp => Moved successfully.
Could not move "C:\Users\Milan\AppData\Local\Temp\JET4F15.tmp" => Scheduled to move on reboot.
C:\Users\Milan\AppData\Local\Temp\MSI7a4a8.LOG => Moved successfully.
C:\Users\Milan\AppData\Local\Temp\MSI959c3.LOG => Moved successfully.
C:\Users\Milan\AppData\Local\Temp\nsl45E6.tmp => Moved successfully.
C:\Users\Milan\AppData\Local\Temp\nslF04E.tmp => Moved successfully.
C:\Users\Milan\AppData\Local\Temp\preferences00 => Moved successfully.
C:\Users\Milan\AppData\Local\Temp\protector_version.xml => Moved successfully.
C:\Users\Milan\AppData\Local\Temp\Quarantine.exe => Moved successfully.
C:\Users\Milan\AppData\Local\Temp\reimage.log => Moved successfully.
C:\Users\Milan\AppData\Local\Temp\ReimagePackage.exe => Moved successfully.
C:\Users\Milan\AppData\Local\Temp\repair setup log.txt => Moved successfully.
C:\Users\Milan\AppData\Local\Temp\repair_version.xml => Moved successfully.
C:\Users\Milan\AppData\Local\Temp\Report.ico => Moved successfully.
C:\Users\Milan\AppData\Local\Temp\Runner2.exe => Moved successfully.
C:\Users\Milan\AppData\Local\Temp\runner2.log => Moved successfully.
C:\Users\Milan\AppData\Local\Temp\Runner4.exe => Moved successfully.
C:\Users\Milan\AppData\Local\Temp\Scan.ico => Moved successfully.
C:\Users\Milan\AppData\Local\Temp\sqlite3.dll => Moved successfully.
C:\Users\Milan\AppData\Local\Temp\ttv.exe => Moved successfully.
C:\Users\Milan\AppData\Local\Temp\ttv.sdb => Moved successfully.
C:\Users\Milan\AppData\Local\Temp\Uninstall.ico => Moved successfully.
C:\Users\Milan\AppData\Local\Temp\UniProtectorPackage.exe => Moved successfully.
C:\Users\Milan\AppData\Local\Temp\WebDataJs => Moved successfully.
C:\Users\Milan\AppData\Local\Temp\~nsu.tmp\Au_.exe => Moved successfully.
Could not move "C:\Users\Milan\AppData\Local\Temp\Skype\DbTemp\temp-9Roj1FTxu5713zlvUOgn5hng" => Scheduled to move on reboot.
Could not move "C:\Users\Milan\AppData\Local\Temp\Skype\DbTemp\temp-BdZUyTmO6vPqq7xj9LlIXKZr" => Scheduled to move on reboot.
Could not move "C:\Users\Milan\AppData\Local\Temp\Skype\DbTemp\temp-DgDP5c1yxNp7bHPKxFUJs8Bq" => Scheduled to move on reboot.
Could not move "C:\Users\Milan\AppData\Local\Temp\Skype\DbTemp\temp-Ix4tU0IdQMFWIelF2ANlRoQa" => Scheduled to move on reboot.
C:\Users\Milan\AppData\Local\Temp\nspEE96.tmp\nsProcess.dll => Moved successfully.
C:\Users\Milan\AppData\Local\Temp\nsc1F9B.tmp\AccessControl.dll => Moved successfully.
C:\Users\Milan\AppData\Local\Temp\nsc1F9B.tmp\inetc.dll => Moved successfully.
C:\Users\Milan\AppData\Local\Temp\nsc1F9B.tmp\LogEx.dll => Moved successfully.
C:\Users\Milan\AppData\Local\Temp\nsc1F9B.tmp\nsExec.dll => Moved successfully.
C:\Users\Milan\AppData\Local\Temp\nsc1F9B.tmp\stack.dll => Moved successfully.
C:\Users\Milan\AppData\Local\Temp\nsc1F9B.tmp\System.dll => Moved successfully.
C:\Users\Milan\AppData\Local\Temp\nsc1F9B.tmp\UserInfo.dll => Moved successfully.
C:\Users\Milan\AppData\Local\Temp\nsc1F9B.tmp\xml.dll => Moved successfully.
Could not move "C:\Users\Milan\AppData\Local\Temp" directory. => Scheduled to move on reboot.


=> Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2014-12-25 20:22:19)<=

C:\Users\Milan\AppData\Local\Temp\JET4F15.tmp => Is moved successfully.
C:\Users\Milan\AppData\Local\Temp\Skype\DbTemp\temp-9Roj1FTxu5713zlvUOgn5hng => Is moved successfully.
C:\Users\Milan\AppData\Local\Temp\Skype\DbTemp\temp-BdZUyTmO6vPqq7xj9LlIXKZr => Is moved successfully.
C:\Users\Milan\AppData\Local\Temp\Skype\DbTemp\temp-DgDP5c1yxNp7bHPKxFUJs8Bq => Is moved successfully.
C:\Users\Milan\AppData\Local\Temp\Skype\DbTemp\temp-Ix4tU0IdQMFWIelF2ANlRoQa => Is moved successfully.
"C:\Users\Milan\AppData\Local\Temp" => Directory could not move.

==== End of Fixlog 20:22:22 ====

Smazáno. Nastala nějaká změna?

Ano. Vše je myslím v pořádku.
Děkuji vám

Rádo se stalo a hezký zbytek svátků!