Round World - jak usunąć?


(Przemek1991r15) #1

Witam,

Jakiś czas temu wkradł mi się do systemu program ROUND WORLD.

Chcę się go pozbyć.

 

oto:

FRST: http://wklej.org/id/1639496/

ADDITION: http://wklej.org/id/1639514/

 

Z góry dziękuję :wink:


(Acorus) #2

Odinstaluj Adobe Download Assistant,Round World,Yahoo! Search.Otwórz notatnik systemowy i wklej:

Task: {B2D1D416-B66D-443C-826E-855199410CB4} - System32\Tasks\Yahoo! Search Updater = C:\Users\Marta Łada\AppData\Local\Pay-By-Ads\Yahoo! Search\1.3.19.2\dsrsetup.exe [2015-02-16] (Pay By Ads LTD) ==== ATTENTION
Task: {D76BC8E5-C271-439F-AB73-C1668C12D729} - System32\Tasks\Yahoo! Search = C:\Users\Marta Łada\AppData\Local\Pay-By-Ads\Yahoo! Search\1.3.19.2\dsrlte.exe [2015-02-16] (Pay By Ads LTD) ==== ATTENTION
HKLM\...\Run: [RtHDVCpl] = C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12632168 2011-07-28] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] = C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2264168 2011-07-28] (Realtek Semiconductor)
HKLM\...\Run: [AdobeAAMUpdater-1.0] = C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [444904 2012-09-20] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [] = [X]
HKU\S-1-5-21-4199620015-4048668363-414801585-1001\...\Run: [Yahoo! Search] = C:\Users\Marta Łada\AppData\Local\Pay-By-Ads\Yahoo! Search\1.3.19.2\dsrlte.exe [644816 2015-02-16] (Pay By Ads LTD)
HKU\S-1-5-21-4199620015-4048668363-414801585-1001\...\MountPoints2: {389779be-3ca3-11e4-82a4-14dae9e61215} - "G:\LG_PC_Programs.exe"
HKU\S-1-5-21-4199620015-4048668363-414801585-1001\...\MountPoints2: {49353c5c-0abc-11e4-8289-14dae9e61215} - "G:\iLinker.exe"
HKU\S-1-5-21-4199620015-4048668363-414801585-1001\...\MountPoints2: {b3a326aa-f651-11e3-827f-14dae9e61215} - "G:\AutoRun.exe"
HKU\S-1-5-21-4199620015-4048668363-414801585-1001\...\MountPoints2: {b3a32757-f651-11e3-827f-14dae9e61215} - "G:\AutoRun.exe"
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
ShortcutTarget: Adobe Gamma Loader.lnk - C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
GroupPolicy: Group Policy on Chrome detected ======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction ======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.sweet-page.com/web/?type=dsts=1408179609from=coruid=ST9320325AS_5VEL58MMXXXX5VEL58MMq={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.sweet-page.com/web/?type=dsts=1408179609from=coruid=ST9320325AS_5VEL58MMXXXX5VEL58MMq={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.sweet-page.com/web/?type=dsts=1408179609from=coruid=ST9320325AS_5VEL58MMXXXX5VEL58MMq={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.sweet-page.com/web/?type=dsts=1408179609from=coruid=ST9320325AS_5VEL58MMXXXX5VEL58MMq={searchTerms}
HKU\S-1-5-21-4199620015-4048668363-414801585-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://rts.dsrlte.com?affID=na
SearchScopes: HKU\S-1-5-21-4199620015-4048668363-414801585-1001 - {7D18478C-636A-4DC4-8C61-83FB798EED12} URL = http://rts.dsrlte.com/?affID=naq={searchTerms}r=37
BHO-x32: Round World 1.0.0.7 - {78549bde-b964-4d2a-b7b1-c4ac15ddff64} - C:\Program Files (x86)\Round World\RoundWorldbho.dll (Round World)
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File
FF NewTab: hxxp://search.yahoo.com/?fr=hp-ddc-bd-tabtype=616_pr __alt__ ddc_dsssyctab_bd_com
FF SelectedSearchEngine: Yahoo! Search
FF Homepage: hxxp://search.yahoo.com/?fr=hp-ddc-bdtype=616_pr __alt__ ddc_dsssyc_bd_com
FF Keyword.URL: hxxp://search.yahoo.com/yhs/search?hspart=ddchsimp=yhs-ddc_bdtype=616_pr __alt__ ddc_dss_bd_comp=
FF SearchPlugin: C:\Users\Marta Łada\AppData\Roaming\Mozilla\Firefox\Profiles\dw0spzie.default\searchplugins\dsrlte.xml
FF SearchPlugin: C:\Users\Marta Łada\AppData\Roaming\Mozilla\Firefox\Profiles\dw0spzie.default\searchplugins\keepmysearch.xml
FF Extension: Round World 1.0.1 - C:\Users\Marta Łada\AppData\Roaming\Mozilla\Firefox\Profiles\dw0spzie.default\Extensions\{7eca9cfa-8eb0-4cc4-b008-3419a1b1582a}.xpi [2015-02-16]
CHR StartupUrls: Default - "hxxp://rts.dsrlte.com"
S4 IePluginServices; C:\ProgramData\IePluginServices\PluginService.exe [694784 2014-08-16] (Cherished Technololgy LIMITED) [File not signed]
R2 Update Round World; C:\Program Files (x86)\Round World\updateRoundWorld.exe [407280 2015-02-18] ()
R2 Util Round World; C:\Program Files (x86)\Round World\bin\utilRoundWorld.exe [407280 2015-02-18] ()
R1 {55685567-4840-4a91-962b-49a412e9485a}Gw64; C:\Windows\System32\drivers\{55685567-4840-4a91-962b-49a412e9485a}Gw64.sys [61112 2014-05-26] (StdLib)
R1 {55685567-4840-4a91-962b-49a412e9485a}w64; C:\Windows\System32\drivers\{55685567-4840-4a91-962b-49a412e9485a}w64.sys [61112 2014-06-19] (StdLib)
R1 {7eca9cfa-8eb0-4cc4-b008-3419a1b1582a}w64; C:\Windows\System32\drivers\{7eca9cfa-8eb0-4cc4-b008-3419a1b1582a}w64.sys [48784 2015-02-16] (StdLib)
R1 {9edd0ea8-2819-47c2-8320-b007d5996f8a}Gw64; C:\Windows\System32\drivers\{9edd0ea8-2819-47c2-8320-b007d5996f8a}Gw64.sys [61112 2014-05-16] (StdLib)
R1 {c5e48979-bd7f-4cf7-9b73-2482a67a4f37}w64; C:\Windows\System32\drivers\{c5e48979-bd7f-4cf7-9b73-2482a67a4f37}w64.sys [61072 2014-08-16] (StdLib)
S3 ASUSProcObsrv; \\F:\I386\AsPrOb64.sys [X]
S3 ew_hwusbdev; \SystemRoot\system32\DRIVERS\ew_hwusbdev.sys [X]
S3 ew_usbenumfilter; \SystemRoot\System32\drivers\ew_usbenumfilter.sys [X]
S3 huawei_cdcacm; \SystemRoot\system32\DRIVERS\ew_jucdcacm.sys [X]
S3 huawei_cdcecm; \SystemRoot\system32\DRIVERS\ew_jucdcecm.sys [X]
S3 huawei_enumerator; \SystemRoot\System32\drivers\ew_jubusenum.sys [X]
S3 huawei_ext_ctrl; \SystemRoot\System32\drivers\ew_juextctrl.sys [X]
S3 IT9135BDA; \SystemRoot\System32\Drivers\IT9135BDA.sys [X]
2015-02-18 08:11 - 2015-02-18 08:11 - 03044736 _____ (Enigma Software Group USA, LLC.) C:\Users\Marta Łada\Downloads\SpyHunter-Installer.exe
2015-02-16 23:18 - 2015-02-16 23:18 - 00003518 _____ () C:\Windows\System32\Tasks\Yahoo! Search Updater
2015-02-16 23:18 - 2015-02-16 23:18 - 00003514 _____ () C:\Windows\System32\Tasks\Yahoo! Search
2015-02-16 23:18 - 2015-02-16 23:18 - 00000000 ____ D () C:\Users\Marta Łada\AppData\Local\Pay-By-Ads
2015-02-16 23:18 - 2015-02-16 05:28 - 00048784 _____ (StdLib) C:\Windows\system32\Drivers\{7eca9cfa-8eb0-4cc4-b008-3419a1b1582a}w64.sys
2015-02-16 23:06 - 2015-02-18 17:12 - 00000000 ____ D () C:\Program Files (x86)\Round World
EmptyTemp:

Plik zapisz pod nazwą fixlist.txt i umieść obok FRST w tym samym folderze.


(Przemek1991r15) #3

Dziękuję za podanie rozwiązania