Round World

DoriDoriDori · 3 Marzec 2015 00:33

Mój komputer zainfekował się tym syfem. Jeszcze dotąd nie zmagałam się z tak upierdliwym wirusem… Help!

Atis · 3 Marzec 2015 01:36

W panelu sterowania odinstaluj Mobogenie

Pobierz i uruchom AdwCleaner Kliknij Scan i później Cleaning.

Wklej do systemowego notatnika i zapisz jako plik tekstowy o nazwie fixlist :

CloseProcesses:
CreateRestorePoint:
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-3142439038-3570084818-1562888342-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
FF Extension: FF Toolbar - C:\Users\Wiesia\AppData\Roaming\Mozilla\Firefox\Profiles\ouor8qcl.default\Extensions\fftoolbar2014@etech.com [2015-03-02]
FF HKLM\...\Firefox\Extensions: [searchengine@gmail.com] - C:\Users\Wiesia\AppData\Roaming\Mozilla\Firefox\Profiles\ouor8qcl.default\extensions\searchengine@gmail.com
FF HKLM\...\Firefox\Extensions: [fftoolbar2014@etech.com] - C:\Users\Wiesia\AppData\Roaming\Mozilla\Firefox\Profiles\ouor8qcl.default\extensions\fftoolbar2014@etech.com
FF SelectedSearchEngine: key-find
FF Homepage: hxxp://www.key-find.com/?type=hppp&ts=1425130934&from=cor&uid=ST9250827AS_5RG78WTCXXXX5RG78WTC
CHR HomePage: Default -> hxxp://www.key-find.com/?type=hppp&ts=1425130934&from=cor&uid=ST9250827AS_5RG78WTCXXXX5RG78WTC
CHR StartupUrls: Default -> "hxxp://www.key-find.com/?type=hppp&ts=1425130934&from=cor&uid=ST9250827AS_5RG78WTCXXXX5RG78WTC"
CHR DefaultSearchKeyword: Default -> key-find
CHR Extension: (No Name) - C:\Users\Wiesia\AppData\Local\Google\Chrome\User Data\Default\Extensions\fmfnfnpmhcllokmkepffndflpnadjmma [2013-04-15]
R2 IHProtect Service; C:\Program Files\XTab\ProtectService.exe [158896 2015-01-16] (XTab system)
R2 Update Round World; C:\Program Files\Round World\updateRoundWorld.exe [401136 2015-03-02] ()
R2 Util Round World; C:\Program Files\Round World\bin\utilRoundWorld.exe [401136 2015-03-02] ()
R1 {97a224e4-fe41-4078-b1ef-069fe8cd6d9f}Gw; C:\Windows\System32\drivers\{97a224e4-fe41-4078-b1ef-069fe8cd6d9f}Gw.sys [43152 2015-03-02] (StdLib)
S3 catchme; \??\C:\Users\Wiesia\AppData\Local\Temp\catchme.sys [X]
U3 mbr; \??\C:\Users\Wiesia\AppData\Local\Temp\mbr.sys [X]
2015-03-02 19:33 - 2015-03-02 07:06 - 00043152 _____ (StdLib) C:\Windows\system32\Drivers\{97a224e4-fe41-4078-b1ef-069fe8cd6d9f}Gw.sys
2015-02-28 14:43 - 2015-02-28 14:43 - 00000000 ____ D () C:\ProgramData\IHProtectUpDate
2015-02-28 14:42 - 2015-03-03 00:51 - 00000000 ____ D () C:\Program Files\Round World
2015-02-28 14:42 - 2015-03-02 19:30 - 00000000 ____ D () C:\Program Files\XTab
2015-02-28 14:35 - 2015-02-28 14:35 - 00710792 _____ (App Web ) C:\Users\Wiesia\Downloads\SopCast(12954)-dp.exe
Task: {19912FE1-84E6-4F20-A483-8376044DD79F} - \DealPlyUpdate No Task File <==== ATTENTION
Task: {1D4630A6-6539-4AA3-865E-6E6BC62EB5EC} - System32\Tasks\{2A8BFBB6-D956-45F4-ABC1-056792CFF8C2} => pcalua.exe -a C:\Users\Wiesia\Downloads\CorelDRAWGraphicsSuiteX4Installer_EN.exe -d C:\Users\Wiesia\Downloads
Task: {3CE7485C-C3B5-4278-BB52-4BE2577D191C} - System32\Tasks\{3AF56748-65D8-47FC-A304-81FF3A142857} => Iexplore.exe http://ui.skype.com/ui/0/7.1.59.105/pl/go/help.faq.installer?LastError=112
Task: {867B2454-B997-4F08-9311-744E80529CCD} - System32\Tasks\{6895ECE3-8B8F-482B-9654-E165CCB52C1E} => pcalua.exe -a "C:\Program Files\Common Files\Nero\Nero ProductInstaller 4\SetupX.exe" -c REMOVESERIALNUMBER="XM02-508X-MHAT-19WU-9Z3Z-0CH0-3U6E-85W5-MMHH-6647-1Z5L-7M8C-0U45-758P-0000"
Task: {9938F7BC-6B29-4F67-879C-025A8BD8E4A2} - \EPUpdater No Task File <==== ATTENTION
Task: {AC1AA548-D94F-4B1D-BD16-7F81825D457B} - \DealPly No Task File <==== ATTENTION
Task: {FCBB00D0-3277-4E52-A916-6CE616082598} - \BitGuard No Task File <==== ATTENTION
EmptyTemp:

Uruchom FRST i kliknij Fix. Pokaż raport z usuwania Fixlog.

Kliknij Scan i pokaż nowy raport z FRST bez Addition.

DoriDoriDori · 3 Marzec 2015 07:34

OK, zrobione: http://wklej.to/ou8Ji

Atis · 3 Marzec 2015 12:43

Wklej do systemowego notatnika i zapisz jako plik tekstowy o nazwie fixlist :

SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
2015-03-03 08:08 - 2015-03-03 08:12 - 00000000 ____ D () C:\AdwCleaner
DeleteQuarantine:
CMD: C:\Users\Wiesia\Downloads\ComboFix.exe /uninstall

Uruchom FRST i kliknij Fix. Skasuj folder C:\FRST

Przeczytaj w jaki sposób należy instalować programy: KLIK - KLIK - KLIK - KLIK

Odinstaluj:

Java 7 Update 45

Microsoft Silverlight

Zainstaluj:

Java 8 Update 31

Silverlight 5.1.30514.0

Service Pack 1 (537.8 MB)

Internet Explorer 11