Kupa adware.
Do notatnika wklej i zapisz jako
fixlist.txt
Kod:
(Cherished Technololgy LIMITED) C:\ProgramData\IePluginServices\PluginService.exe
HKU\S-1-5-21-738901422-3834044633-3186353055-1000\...\Run: [SpeedUpMyComputer] => C:\Program Files (x86)\SmartTweak\SpeedUpMyComputer\SpeedUpMyComputer.exe /ot /as /ss
HKU\S-1-5-21-738901422-3834044633-3186353055-1000\...\Run: [FixMyRegistry] => C:\Program Files (x86)\SmartTweak\FixMyRegistry\FixMyRegistry.exe /ot /as /ss
AppInit_DLLs: C:\PROGRA~2\SupTab\SEARCH~2.DLL => C:\Program Files (x86)\SupTab\SearchProtect64.dll [102512 2014-05-08] (Skytech Co., Ltd.)
AppInit_DLLs-x32: C:\PROGRA~2\SupTab\SEARCH~1.DLL => C:\Program Files (x86)\SupTab\SearchProtect32.dll [91248 2014-05-08] (Skytech Co., Ltd.)
ShortcutTarget: Registration Driver Parallel Lines.LNK -> D:\graaa\Register\RegistrationReminder.exe (No File)
BootExecute: autocheck autochk * aswBoot.exe /M:284b44468 /wow /dir:"C:\Program Files\AVAST Software\Avast"
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.qone8.com/?type=hp&ts=1401016987&from=smt&uid=TOSHIBAXMK3265GSXN_80I1P2KFTXX80I1P2KFT
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.qone8.com/?type=hp&ts=1401016987&from=smt&uid=TOSHIBAXMK3265GSXN_80I1P2KFTXX80I1P2KFT
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.qone8.com/web/?type=ds&ts=1401016987&from=smt&uid=TOSHIBAXMK3265GSXN_80I1P2KFTXX80I1P2KFT&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.qone8.com/?type=hp&ts=1401016987&from=smt&uid=TOSHIBAXMK3265GSXN_80I1P2KFTXX80I1P2KFT
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.qone8.com/?type=hp&ts=1401016987&from=smt&uid=TOSHIBAXMK3265GSXN_80I1P2KFTXX80I1P2KFT
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.qone8.com/web/?type=ds&ts=1401016987&from=smt&uid=TOSHIBAXMK3265GSXN_80I1P2KFTXX80I1P2KFT&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.qone8.com/web/?type=ds&ts=1401016987&from=smt&uid=TOSHIBAXMK3265GSXN_80I1P2KFTXX80I1P2KFT&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.qone8.com/?type=hp&ts=1401016987&from=smt&uid=TOSHIBAXMK3265GSXN_80I1P2KFTXX80I1P2KFT
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://start.qone8.com/?type=hp&ts=1401016987&from=smt&uid=TOSHIBAXMK3265GSXN_80I1P2KFTXX80I1P2KFT
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.qone8.com/web/?type=ds&ts=1401016987&from=smt&uid=TOSHIBAXMK3265GSXN_80I1P2KFTXX80I1P2KFT&q={searchTerms}
StartMenuInternet: IEXPLORE.EXE - c:\program files (x86)\internet explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.qone8.com/web/?type=ds&ts=1401016987&from=smt&uid=TOSHIBAXMK3265GSXN_80I1P2KFTXX80I1P2KFT&q={searchTerms}
SearchScopes: HKLM - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.qone8.com/web/?type=ds&ts=1401016987&from=smt&uid=TOSHIBAXMK3265GSXN_80I1P2KFTXX80I1P2KFT&q={searchTerms}
SearchScopes: HKLM-x32 - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.qone8.com/web/?type=ds&ts=1401016987&from=smt&uid=TOSHIBAXMK3265GSXN_80I1P2KFTXX80I1P2KFT&q={searchTerms}
SearchScopes: HKLM-x32 - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.qone8.com/web/?type=ds&ts=1401016987&from=smt&uid=TOSHIBAXMK3265GSXN_80I1P2KFTXX80I1P2KFT&q={searchTerms}
SearchScopes: HKCU - DefaultScope {FA7B4E9D-6BAD-4CCA-B6FB-AA35BC06CC4A} URL = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=293224&p={searchTerms}
SearchScopes: HKCU - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.qone8.com/web/?type=ds&ts=1401016987&from=smt&uid=TOSHIBAXMK3265GSXN_80I1P2KFTXX80I1P2KFT&q={searchTerms}
SearchScopes: HKCU - {FA7B4E9D-6BAD-4CCA-B6FB-AA35BC06CC4A} URL = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=293224&p={searchTerms}
BHO-x32: IETabPage Class - {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} - C:\Program Files (x86)\SupTab\SupTab.dll (Thinknice Co. Limited)
CHR HKLM-x32\...\Chrome\Extension: [pelmeidfhdlhlbjimpabfcbnnojbboma] - C:\Users\Satellite\AppData\Local\Google\Chrome\User Data\Default\Extensions\newtabv3.crx [2014-05-25]
R2 IePluginServices; C:\ProgramData\IePluginServices\PluginService.exe [704112 2014-05-08] (Cherished Technololgy LIMITED)
S3 aspnet_state; %SystemRoot%\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [X]
S2 clr_optimization_v4.0.30319_32; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [X]
S2 clr_optimization_v4.0.30319_64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [X]
S2 MgAssistService; C:\Program Files (x86)\Mobogenie\MgAssist.exe [X]
S4 NetMsmqActivator; "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe" -NetMsmqActivator [X]
S4 NetPipeActivator; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [X]
S4 NetTcpActivator; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [X]
S4 NetTcpPortSharing; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [X]
S1 AIP; C:\Windows\SysWOW64\drivers\aip.sys [51200 2014-06-15] () [File not signed]
S3 Tosrfcom; No ImagePath
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 FairplayKD; \??\C:\ProgramData\MTA San Andreas All\Common\temp\FairplayKD.sys [X]
C:\Users\Satellite\Downloads\AIMP(12499).exe
C:\Users\Satellite\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SmartTweak Software
C:\Users\Satellite\AppData\Roaming\SupTab
C:\Users\Satellite\AppData\Roaming\qone8
C:\ProgramData\WPM
C:\ProgramData\IePluginServices
C:\Program Files (x86)\SupTab
C:\ProgramData\Package Cache
C:\Users\Satellite\AppData\Local\Temp\bitool.dll
C:\Users\Satellite\AppData\Local\Temp\FixMyRegistry.exe
C:\Users\Satellite\AppData\Local\Temp\ggdrive-menu.exe
C:\Users\Satellite\AppData\Local\Temp\ggdrive-overlay.exe
C:\Users\Satellite\AppData\Local\Temp\htmlayout.dll
C:\Users\Satellite\AppData\Local\Temp\installstats.exe
C:\Users\Satellite\AppData\Local\Temp\MD5Hash.dll
C:\Users\Satellite\AppData\Local\Temp\Quarantine.exe
C:\Users\Satellite\AppData\Local\Temp\smtnew_qone8.exe
C:\Users\Satellite\AppData\Local\Temp\SpeedUpMyComputer.exe
C:\Users\Satellite\AppData\Local\Temp\tmp1C98.exe
C:\Users\Satellite\AppData\Local\Temp\tmp80E4.exe
C:\Users\Satellite\AppData\Local\Temp\tmpBA5.exe
C:\Users\Satellite\AppData\Local\Temp\tmpDE5E.exe
C:\Users\Satellite\AppData\Local\Temp\tmpE41D.exe
C:\Users\Satellite\AppData\Local\Temp\uninst1.exe
C:\Users\Satellite\AppData\Local\Temp\VirtualDJ New Version.exe
C:\Users\Satellite\AppData\Local\Temp\Virtual_DJ_Pro_7.4.rar_Downloader.exe
C:\Users\Satellite\AppData\Local\Temp\_is198A.exe
Task: {066D32D0-B57D-4FC2-9EB1-B1F42F3A6263} - \DealPlyUpdate No Task File <==== ATTENTION
Task: {4501A473-CFE5-46E8-8930-8C40FDF46A98} - \Express FilesUpdate No Task File <==== ATTENTION
Task: {4AFAA3F4-D608-43B0-9680-FC339DEEE9C4} - \bench-sys No Task File <==== ATTENTION
Task: {7B9F6836-40A1-41F7-A544-F596D56BE3EF} - System32\Tasks\bench-Updater removing
Task: {88FA8CEB-7E4A-4B9E-85C0-63180290AFFE} - \AmiUpdXp No Task File <==== ATTENTION
Task: {8DAD46A3-D4FC-483C-9538-E673191A327A} - System32\Tasks\{AD922F8B-59E7-47CB-9B28-3E38B1E18A19} => Chrome.exe http://ui.skype.com/ui/0/6.16.0.105/pl/abandoninstall?page=tsProgressBar
Task: {A6FC25A6-88E3-47A5-B6C0-12E330F34A79} - System32\Tasks\{003D6D94-25A3-4FDB-BD0B-496327D38735} => Chrome.exe http://ui.skype.com/ui/0/6.16.0.105/pl/abandoninstall?page=tsProgressBar
Task: {D471DFCC-D923-4262-8C8F-F829E62D6428} - \BonanzaDealsUpdate No Task File <==== ATTENTION
Task: C:\Windows\Tasks\bench-Updater removing.job => ? <==== ATTENTION
AlternateDataStreams: C:\ProgramData:NT
AlternateDataStreams: C:\ProgramData:NT2
AlternateDataStreams: C:\Users\All Users:NT
AlternateDataStreams: C:\Users\All Users:NT2
AlternateDataStreams: C:\ProgramData\Application Data:NT
AlternateDataStreams: C:\ProgramData\Application Data:NT2
AlternateDataStreams: C:\ProgramData\Dane aplikacji:NT
AlternateDataStreams: C:\ProgramData\Dane aplikacji:NT2
AlternateDataStreams: C:\ProgramData\MTA San Andreas All:NT
AlternateDataStreams: C:\ProgramData\MTA San Andreas All:NT2
AlternateDataStreams: C:\Users\Satellite\Dane aplikacji:NT
AlternateDataStreams: C:\Users\Satellite\Dane aplikacji:NT2
AlternateDataStreams: C:\Users\Satellite\AppData\Roaming:NT
AlternateDataStreams: C:\Users\Satellite\AppData\Roaming:NT2
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"
Reboot:
Zapisany skrypt umieść obok ściągniętego programu
FRST
Następnie w programie kliknij
Fix,po wykonaniu pokaż raport z tego działania.
Odinstaluj:
AutoIt v3.3.10.0
qone8 uninstaller
Update_for_BonanzaDeals
WPM18.8.0.304
W przeglądarce Firefox -menu Pomoc > Informacje dla pomocy technicznej > Zresetuj program Firefox. Reset nie naruszy zakładek i haseł.
Google Chrome
Ustawienia > karta Ustawienia > Po uruchomieniu > Otwórz konkretną stronę lub zestaw stron i z listy usuń adres start.qone8.com,następnie przestaw na "Otwórz stronę nowej karty"
Ustawienia > karta Ustawienia > Wygląd i zaznacz "Pokaż przycisk strony startowej" > klik w Zmień i usuń adres start.qone8.com
Ustawienia > karta Historia > wyczyść
Ustawienia > karta Ustawienia > Pokaż ustawienia zaawansowane > zjedź na sam spód i uruchom opcję "Zresetuj ustawienia przeglądarki".
Ściągnij program
[Aby zobaczyć linki, zarejestruj się tutaj]
kliknij
Szukaj i następnie
Usuń
pokaż raport
Ściągnij
[Aby zobaczyć linki, zarejestruj się tutaj]
i kliknij Start.
Wklej na stronę raport z
SecurityCheck
[Aby zobaczyć linki, zarejestruj się tutaj]
Uruchom kliknij w dowolny klawisz,poczekaj aż program zakończy działanie.