Qone8 problem z usunięciem

centrino · 13 Kwiecień 2014 13:45

Witam!

W każdej przeglądarce jako stronę startową mam uciążliwą qone:(. Program ADWCleaner nie poradził sobie z usunięciem tego niechcianego oprogramowania. Ponadto przeskanowałem system programem Malwarebytes, wykrył mi ponad 2000 zagrożeń.

Proszę Was o pomoc!

Log OTL: http://www.wklej.org/id/1331106/

Log Extras: http://www.wklej.org/id/1331107/

Acorus · 13 Kwiecień 2014 15:38

Uruchom OTL i w okno (Własne opcje skanowania/Script)wklej:

:OTL
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.qone8.com/?type=hpts=1396127975from=adksuid=ST500LT012-9WS142_W0V3EJGKXXXXW0V3EJGK
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.qone8.com/web/?type=dsts=1396127975from=adksuid=ST500LT012-9WS142_W0V3EJGKXXXXW0V3EJGKq={searchTerms}
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.qone8.com/web/?type=dsts=1396127975from=adksuid=ST500LT012-9WS142_W0V3EJGKXXXXW0V3EJGKq={searchTerms}
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.qone8.com/?type=hpts=1396127975from=adksuid=ST500LT012-9WS142_W0V3EJGKXXXXW0V3EJGK
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.qone8.com/web/?type=dsts=1396127975from=adksuid=ST500LT012-9WS142_W0V3EJGKXXXXW0V3EJGKq={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.qone8.com/web/?type=dsts=1396127975from=adksuid=ST500LT012-9WS142_W0V3EJGKXXXXW0V3EJGKq={searchTerms}
IE - HKU\S-1-5-21-2474039047-766173774-4137948987-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:63650;https=127.0.0.1:63650
FF - prefs.js..keyword.URL: "http://feed.snapdo.com/?p=mKO_AwFzXIpYRbPAMW02fQbYPFkTjj8jzRyB0rQvzyej3yvtCjyXXnQme9oxsQRSyyp0BotVe68jC14BsJ2OIVNp-JIe2v9oMQQrbnO-Rbh52Usi7wCAO41M7LGCsP136RuuRRnB5wxEJGXcNKkmhLQI6fikrpcLhXIGd7Y7cqVzj3mpp7w0dTItGj7hIr7HiZ_wq="
[2014.04.08 19:36:34 | 000,000,000 | ---D | M] ("Plus-HD-9.3") -- C:\Users\Malgorzata\AppData\Roaming\mozilla\Firefox\Profiles\3dmrw444.default-1394910556954\extensions\120b8567-cef7-4a3f-bc74-951746209d5b@e3f0d12e-110a-4dac-a277-22ad73cee452.com
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [InstallerLauncher] "C:\Program Files\Common Files\Bitdefender\SetupInformation\{6F57816A-791A-4159-A75F-CFD0C7EA4FBF}\setuplauncher.exe" /run:"C:\Program Files\Common Files\Bitdefender\SetupInformation\{6F57816A-791A-4159-A75F-CFD0C7EA4FBF}\Installer.exe" File not found
O4 - HKLM..\Run: [LManager] File not found
O4 - HKU\.DEFAULT..\Run: [Bitdefender Wallet] "C:\Program Files\Bitdefender\Bitdefender\pwdmanui.exe" --hidden --nowizard File not found
O4 - HKU\.DEFAULT..\Run: [Bitdefender Wallet Agent] "C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe" File not found
O4 - HKU\.DEFAULT..\Run: [Bitdefender Wallet Application Agent] "C:\Program Files\Bitdefender\Bitdefender\antispam32\bdapppassmgr.exe" File not found
O4 - HKU\S-1-5-18..\Run: [Bitdefender Wallet] "C:\Program Files\Bitdefender\Bitdefender\pwdmanui.exe" --hidden --nowizard File not found
O4 - HKU\S-1-5-18..\Run: [Bitdefender Wallet Agent] "C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe" File not found
O4 - HKU\S-1-5-18..\Run: [Bitdefender Wallet Application Agent] "C:\Program Files\Bitdefender\Bitdefender\antispam32\bdapppassmgr.exe" File not found
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\SupTab\SEARCH~2.DLL) - File not found
[2014.03.31 15:38:00 | 000,000,000 | ---D | C] -- C:\Users\Malgorzata\Doctor Web
[2014.03.29 23:25:39 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\AI_RecycleBin
[2014.03.29 23:20:59 | 000,000,000 | ---D | C] -- C:\Users\Malgorzata\AppData\Roaming\SupTab
[2014.03.29 23:20:49 | 000,000,000 | ---D | C] -- C:\ProgramData\WPM

:Commands
[emptytemp]

Kliknij Wykonaj skrypt.Po restarcie uruchom OTL i użyj opcji Sprzątanie.

centrino · 13 Kwiecień 2014 15:56

Niestety, ale dalej qone uruchamia się jako strona startowa w firefox, chrom i ie. Masz może jakiś pomysł jak temu zaradzić?

Acorus · 13 Kwiecień 2014 16:12

Pobierz Farbar Recovery Scan Tool 64-Bit Version http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/

centrino · 13 Kwiecień 2014 16:55

Raport: FRST :http://www.wklej.org/id/1331338/

Addtion : http://www.wklej.org/id/1331341/

Acorus · 13 Kwiecień 2014 17:42

Otwórz Notatnik i wklej:

:OTL
Task: {36809053-15E5-4C93-ADA9-A6934CC7E90B} - System32\Tasks\BrowserSafeguard Update Task = C:\Program Files (x86)\Browsersafeguard\uninstall.BrowserSafeguard.exe ==== ATTENTION
Task: {D6A86CC7-8BFF-463A-AFEF-EFBC818E7C0F} - \EPUpdater ATTENTION ==== No Task File
Task: {D8F26E57-DE73-469E-AE4D-F3C9880F44BA} - \BrowserDefendert ATTENTION ==== No Task File
Task: {F65560EF-E473-4C96-B415-DB69E1B82AAF} - \LyricXeeker Update ATTENTION ==== No Task File
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
SearchScopes: HKCU - DefaultScope {1CA6DE66-E8EB-42AB-8557-55D8CBA3B452} URL =
SearchScopes: HKCU - {1CA6DE66-E8EB-42AB-8557-55D8CBA3B452} URL =
FF NewTab: chrome://quick_start/content/index.html
FF HKCU\...\Firefox\Extensions: [lyrix@lyrixeeker.co] - C:\Program Files (x86)\LyriXeeker\128.xpi
CHR DefaultSearchKeyword: search.snapdo.com
CHR DefaultSearchProvider: Web
CHR DefaultSearchURL: http://feed.snapdo.com/?publisher=SnapdoOCYBdpid=SnapdoOCYBCHco=DEuserid=7ead2ca9-b162-a84c-ed28-fc7e1255a4a0searchtype=dsq={searchTerms}installDate={installDate}barcodeid={barcodeID}um={UM}
2014-03-31 15:32 - 2014-03-31 15:32 - 00692376 _____ () C:\Users\Malgorzata\Downloads\Dr.WEB-CureIt(12976).exe
2014-03-29 23:21 - 2014-03-29 23:21 - 00004392 _____ () C:\Windows\System32\Tasks\BrowserSafeguard Update Task
2014-03-31 15:22 - 2013-08-26 18:59 - 00000000 ____ D () C:\AdwCleaner

Plik zapisz pod nazwą fixlist.txt i umieść obok FRST.Uruchom FRST i kliknij w Fix.

centrino · 13 Kwiecień 2014 18:07

Qone dalej otwiera się jako strona startowa

Atis · 14 Kwiecień 2014 06:08

Pokaż nowy raport FRST, Addtion i Shortcut.

centrino · 14 Kwiecień 2014 14:30

Raport Frst: http://www.wklej.org/id/1332258/

Addtion: http://www.wklej.org/id/1332259/

Shortcut: http://www.wklej.org/id/1332260/

Atis · 14 Kwiecień 2014 14:45

Zmień domyślną wyszukiwarkę: Ustawianie wyszukiwarki domyślnej

Wklej do systemowego notatnika i zapisz jako plik tekstowy o nazwie fixlist :

SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKCU - DefaultScope {1CA6DE66-E8EB-42AB-8557-55D8CBA3B452} URL = 
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
CHR DefaultSearchKeyword: search.snapdo.com
CHR DefaultSearchURL: http://feed.snapdo.com/?publisher=SnapdoOCYB&dpid=SnapdoOCYBCH&co=DE&userid=7ead2ca9-b162-a84c-ed28-fc7e1255a4a0&searchtype=ds&q={searchTerms}&installDate={installDate}&barcodeid={barcodeID}&um={UM}
C:\Users\Public\AlexaNSISPlugin.7504.dll
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://start.qone8.com/?type=sc&ts=1396127975&from=adks&uid=ST500LT012-9WS142_W0V3EJGKXXXXW0V3EJGK
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://start.qone8.com/?type=sc&ts=1396127975&from=adks&uid=ST500LT012-9WS142_W0V3EJGKXXXXW0V3EJGK
ShortcutWithArgument: C:\Users\Malgorzata\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://start.qone8.com/?type=sc&ts=1396127975&from=adks&uid=ST500LT012-9WS142_W0V3EJGKXXXXW0V3EJGK
ShortcutWithArgument: C:\Users\Malgorzata\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://start.qone8.com/?type=sc&ts=1396127975&from=adks&uid=ST500LT012-9WS142_W0V3EJGKXXXXW0V3EJGK
ShortcutWithArgument: C:\Users\Malgorzata\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://start.qone8.com/?type=sc&ts=1396127975&from=adks&uid=ST500LT012-9WS142_W0V3EJGKXXXXW0V3EJGK
ShortcutWithArgument: C:\Users\Malgorzata\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://start.qone8.com/?type=sc&ts=1396127975&from=adks&uid=ST500LT012-9WS142_W0V3EJGKXXXXW0V3EJGK
ShortcutWithArgument: C:\Users\Malgorzata\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://start.qone8.com/?type=sc&ts=1396127975&from=adks&uid=ST500LT012-9WS142_W0V3EJGKXXXXW0V3EJGK
ShortcutWithArgument: C:\Users\Malgorzata\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://start.qone8.com/?type=sc&ts=1396127975&from=adks&uid=ST500LT012-9WS142_W0V3EJGKXXXXW0V3EJGK

Uruchom FRST i kliknij Fix. Pokaż raport z usuwania Fixlog.

Kliknij Scan i pokaż nowy raport FRST i Shortcut.

centrino · 14 Kwiecień 2014 17:29

Fixlog: http://www.wklej.org/id/1332528/

Nowy FRST: http://www.wklej.org/id/1332531/

Nowy Shortcut: http://www.wklej.org/id/1332535/

Chyba pomogło Firefox uruchamia się z Google.

Atis · 14 Kwiecień 2014 17:58

Skasuj folder C:\FRST i to wszystko.

centrino · 14 Kwiecień 2014 18:33

Dziękuję Wam za pomoc