Problem z round world

Dla specjalistów Bezpieczeństwo
#1

Bardzo proszę o pomoc w usunięciu tego dziadostwa… Pozdrawiam!

 

 

FRST 

#2

Otwórz notatnik systemowy i wklej:

Task: {A1A6EC70-BADC-4ED3-BAF4-6773B71745EA} - \Microsoft\Windows\RemovalTools\MRT_HB No Task File ==== ATTENTION
HKLM\...\Run: [RTHDVCPL] = C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13650648 2013-08-21] (Realtek Semiconductor)
HKLM-x32\...\Run: [Adobe ARM] = C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] = C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [507776 2014-10-07] (Oracle Corporation)
ShellIconOverlayIdentifiers: [00avast] - {472083B0-C522-11CF-8763-00608CC02F24} = No File
GroupPolicy: Group Policy on Chrome detected ======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction ======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://do-search.com/web/?type=dsts=1426387291from=coruid=ST1000DM003-1CH162_Z1DCFB44XXXXZ1DCFB44q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://do-search.com/web/?type=dsts=1426387291from=coruid=ST1000DM003-1CH162_Z1DCFB44XXXXZ1DCFB44q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://do-search.com/web/?type=dsts=1426387291from=coruid=ST1000DM003-1CH162_Z1DCFB44XXXXZ1DCFB44q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://do-search.com/web/?type=dsts=1426387291from=coruid=ST1000DM003-1CH162_Z1DCFB44XXXXZ1DCFB44q={searchTerms}
HKU\S-1-5-21-3128683931-1162215844-2353373155-1001\Software\Microsoft\Internet Explorer\Main,Search Page = http://do-search.com/web/?type=dsts=1426387291from=coruid=ST1000DM003-1CH162_Z1DCFB44XXXXZ1DCFB44q={searchTerms}
HKU\S-1-5-21-3128683931-1162215844-2353373155-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-3128683931-1162215844-2353373155-1001\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://do-search.com/web/?type=dsts=1426387291from=coruid=ST1000DM003-1CH162_Z1DCFB44XXXXZ1DCFB44q={searchTerms}
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3128683931-1162215844-2353373155-1001 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3128683931-1162215844-2353373155-1001 - {FAC64636-D682-4098-B4B6-B4B2E944F222} URL =
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe http://do-search.com/?type=scts=1426387291from=coruid=ST1000DM003-1CH162_Z1DCFB44XXXXZ1DCFB44
FF Extension: Round World 1.0.1 - C:\Users\pc\AppData\Roaming\Mozilla\Firefox\Profiles\xewbbe34.default\Extensions\{f545e6fb-3307-427c-99c9-d8fcad9fa830}.xpi [2015-02-22]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [Not Found]
CHR HomePage: Default - hxxp://www.mysearchresults.com/?c=3519t=01
CHR StartupUrls: Default - "hxxp://www.dosearches.com/?utm_source=butm_medium=corutm_campaign=rgutm_content=hpfrom=coruid=TOSHIBAXMK3276GSX_12K1P7DDTXX12K1P7DDTts=1384073521", "hxxp://www.search.ask.com/?o=APN10640Agct=hpd=473-102v=n11465-296t=4", "hxxp://www.google.com/", "hxxp://do-search.com/?type=hpts=1426387291from=coruid=ST1000DM003-1CH162_Z1DCFB44XXXXZ1DCFB44"
CHR Extension: (Round World) - C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjioplcpdaeippdpodgagmfjdlendajb [2015-03-15]
R1 {237a87b5-881c-4fd8-b80a-c3b471ff75d7}Gw64; C:\Windows\System32\drivers\{237a87b5-881c-4fd8-b80a-c3b471ff75d7}Gw64.sys [48784 2015-03-15] (StdLib)
R1 {72502b1b-b916-4994-814e-c516f9f681b2}Gw64; C:\Windows\System32\drivers\{72502b1b-b916-4994-814e-c516f9f681b2}Gw64.sys [48784 2015-02-25] (StdLib)
R1 {97a224e4-fe41-4078-b1ef-069fe8cd6d9f}Gw64; C:\Windows\System32\drivers\{97a224e4-fe41-4078-b1ef-069fe8cd6d9f}Gw64.sys [48784 2015-02-28] (StdLib)
R1 {c6cf689f-ec21-4add-accd-adc0bafcbba6}Gw64; C:\Windows\System32\drivers\{c6cf689f-ec21-4add-accd-adc0bafcbba6}Gw64.sys [48784 2015-02-22] (StdLib)
R1 {f545e6fb-3307-427c-99c9-d8fcad9fa830}Gw64; C:\Windows\System32\drivers\{f545e6fb-3307-427c-99c9-d8fcad9fa830}Gw64.sys [48784 2015-02-22] (StdLib)
2015-02-22 19:52 - 2015-03-16 09:57 - 00000000 ____ D () C:\Program Files (x86)\Round World
EmptyTemp:

Plik zapisz pod nazwą fixlist.txt i umieść obok FRST w tym samym folderze.

#3

Udało się, dziękuję serdecznie!

#4

Skasuj folder C:\FRST