Elektroda.pl
Elektroda.pl
X
CControls
Proszę, dodaj wyjątek www.elektroda.pl do Adblock.
Dzięki temu, że oglądasz reklamy, wspierasz portal i użytkowników.

Qtipr, nie mogę usunąć z przeglądarek, wyskakuje jako startowa

Wojt4S90 18 Kwi 2017 23:11 420 5
  • CControls
  • CControls
  • Pomocny post
    #3 19 Kwi 2017 05:39
    krzychupar
    Poziom 41  

    Otwórz notatnik systemowy i wklej:

    ShortcutWithArgument: C:\Users\Wojt4S90\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://qtipr.com/
    ShortcutWithArgument: C:\Users\Wojt4S90\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --load-extension="C:\Users\Wojt4S90\AppData\Local\kemgadeojglibflomicgnfeopkdfflnk" hxxp://qtipr.com/
    ShortcutWithArgument: C:\Users\Wojt4S90\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://qtipr.com/
    ShortcutWithArgument: C:\Users\Wojt4S90\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\WarThunder.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://qtipr.com/
    ShortcutWithArgument: C:\Users\Wojt4S90\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --load-extension="C:\Users\Wojt4S90\AppData\Local\kemgadeojglibflomicgnfeopkdfflnk" hxxp://qtipr.com/
    ShortcutWithArgument: C:\Users\Wojt4S90\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://qtipr.com/
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --load-extension="C:\Users\Wojt4S90\AppData\Local\kemgadeojglibflomicgnfeopkdfflnk" hxxp://qtipr.com/
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://qtipr.com/
    ShortcutWithArgument: C:\Users\Public\Desktop\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --load-extension="C:\Users\Wojt4S90\AppData\Local\kemgadeojglibflomicgnfeopkdfflnk" hxxp://qtipr.com/




    ShortcutWithArgument: C:\Users\Public\Desktop\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://qtipr.com/
    (上海千寻网络科技有限公司) C:\Users\Wojt4S90\AppData\Local\ICalc\ICalcSvc.exe
    HKU\S-1-5-21-2898468080-1432747938-2757709028-1002\...\MountPoints2: {0d5be9af-0e4d-11e7-bf0f-201a0630f329} - "H:\Autorun.exe"
    HKU\S-1-5-21-2898468080-1432747938-2757709028-1002\...\MountPoints2: {4b799095-b4cf-11e6-beeb-201a0630f329} - "H:\Setup\rsrc\Autorun.exe"
    HKU\S-1-5-21-2898468080-1432747938-2757709028-1002\...\MountPoints2: {4b7990ef-b4cf-11e6-beeb-201a0630f329} - "I:\Setup\rsrc\Autorun.exe"
    HKU\S-1-5-21-2898468080-1432747938-2757709028-1002\...\MountPoints2: {4b799102-b4cf-11e6-beeb-201a0630f329} - "J:\Setup\rsrc\Autorun.exe"
    HKU\S-1-5-21-2898468080-1432747938-2757709028-1002\...\MountPoints2: {6a8f115c-93c8-11e5-be96-a4db30b0ab90} - "H:\Autorun.exe"
    HKU\S-1-5-21-2898468080-1432747938-2757709028-1002\...\MountPoints2: {6a8f11a1-93c8-11e5-be96-a4db30b0ab90} - "I:\RunGame.exe"
    HKU\S-1-5-21-2898468080-1432747938-2757709028-1002\...\MountPoints2: {6a8f11a9-93c8-11e5-be96-a4db30b0ab90} - "J:\RunGame.exe"
    HKU\S-1-5-21-2898468080-1432747938-2757709028-1002\...\MountPoints2: {6a8f11b1-93c8-11e5-be96-a4db30b0ab90} - "K:\RunGame.exe"
    HKU\S-1-5-21-2898468080-1432747938-2757709028-1002\...\MountPoints2: {a5869d80-4ba4-11e6-bed5-201a0630f329} - "F:\AutoRun.exe"
    HKU\S-1-5-21-2898468080-1432747938-2757709028-1002\...\MountPoints2: {a5869dc9-4ba4-11e6-bed5-201a0630f329} - "F:\AutoRun.exe"
    HKU\S-1-5-21-2898468080-1432747938-2757709028-1002\...\MountPoints2: {c909e0b3-f194-11e5-beba-806e6f6e6963} - "F:\AutoRun.exe"
    HKU\S-1-5-21-2898468080-1432747938-2757709028-1002\...\MountPoints2: {ca9f1b3a-0e69-11e7-bf10-201a0630f329} - "I:\Autorun.exe"
    HKU\S-1-5-21-2898468080-1432747938-2757709028-1002\...\MountPoints2: {ca9f1b6a-0e69-11e7-bf10-201a0630f329} - "J:\Autorun.exe"
    HKU\S-1-5-21-2898468080-1432747938-2757709028-1002\...\MountPoints2: {f20794ba-605e-11e5-be73-806e6f6e6963} - "F:\AutoRun.exe"
    HKU\S-1-5-21-2898468080-1432747938-2757709028-1002\...\MountPoints2: {f2079774-605e-11e5-be73-a4db30b0ab90} - "F:\AutoRun.exe"
    HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE ->
    ShellExecuteHooks: Brak nazwy - {95A6B2E2-233A-11E7-93BC-64006A5CFC23} - -> Brak pliku
    ShellExecuteHooks: Brak nazwy - {5F51FFFE-7463-4220-B711-E5B9ACB8EDFE} - C:\ProgramData\igfxDH.dll -> Brak pliku
    ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> Brak pliku
    GroupPolicy: Ograniczenia - Chrome <======= UWAGA
    AutoConfigURL: [S-1-5-21-2898468080-1432747938-2757709028-1002] => hxxp://no-stop.net/wpad.dat?6dce51adc66a1d406f04c6e63f38a93020925605
    ManualProxies: 0hxxp://no-stop.net/wpad.dat?6dce51adc66a1d406f04c6e63f38a93020925605
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page =
    HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.istartpageing.com/web/?type=ds&...=st1000lm024xhn-m101mbb_s2smj9gd981947&q={searchTerms}
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.istartpageing.com/web/?type=ds&...=st1000lm024xhn-m101mbb_s2smj9gd981947&q={searchTerms}
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.istartpageing.com/web/?type=ds&...=st1000lm024xhn-m101mbb_s2smj9gd981947&q={searchTerms}
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.istartpageing.com/web/?type=ds&...=st1000lm024xhn-m101mbb_s2smj9gd981947&q={searchTerms}
    HKU\S-1-5-21-2898468080-1432747938-2757709028-1002\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.bing.com/search?q={searchTerms}
    HKU\S-1-5-21-2898468080-1432747938-2757709028-1002\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.istartpageing.com/web/?type=ds&...=st1000lm024xhn-m101mbb_s2smj9gd981947&q={searchTerms}
    SearchScopes: HKLM -> DefaultScope - brak wartości
    SearchScopes: HKLM-x32 -> DefaultScope - brak wartości
    SearchScopes: HKU\S-1-5-21-2898468080-1432747938-2757709028-1002 -> DefaultScope {0630AE6C-094A-4DAE-88F5-5597B73F7015} URL =
    BHO-x32: Brak nazwy -> {B69F34DD-F0F9-42DC-9EDD-957187DA688D} -> Brak pliku
    StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.istartsurf.com/?type=sc&ts=144...amp;uid=ST1000LM024XHN-M101MBB_S2SMJ9GD981947
    FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\defaults\pref\2969307.js [2016-11-27] <==== UWAGA (Linkuje do pliku *.cfg)
    FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\2969307.cfg [2016-11-27] <==== UWAGA
    CHR HomePage: ChromeDefaultData -> hxxp://www.initialpage123.com/?z=758e2e067fe4...00LM024XHN-M101MBB_S2SMJ9GD981947&type=hp
    CHR StartupUrls: ChromeDefaultData -> "hxxp://google.pl/","hxxp://www.initialpage123.com/?z=758e2e067fe470921b85f47g5z9t2o0w4z5e4zdo4t&from=wak&uid=ST1000LM024XHN-M101MBB_S2SMJ9GD981947&type=hp"
    CHR Profile: C:\Users\Wojt4S90\AppData\Local\Google\Chrome\User Data\ChromeDefaultData [2017-04-18] <==== UWAGA
    R2 ICalcSvr; C:\Users\Wojt4S90\AppData\Local\ICalc\ICalcSvc.exe [243200 2017-04-18] (上海千寻网络科技有限公司) [Brak podpisu cyfrowego]
    S3 MBAMWebProtection; \??\C:\WINDOWS\system32\drivers\mwac.sys [X]
    2017-04-18 20:35 - 2017-04-18 20:35 - 00000000 ____D C:\Users\Wojt4S90\AppData\Local\UCBrowser
    EmptyTemp:

    Plik zapisz pod nazwą fixlist.txt i umieść w folderze obok FRST.exe.
    Uruchom FRST i kliknij w Fix/Napraw.

    0
  • Pomocny post
    #4 19 Kwi 2017 07:39
    Kolobos
    Spec od komputerów

    Po wykonaniu zamiesc nowe logi z FRST, ze skanowania.

    0
  • #6 19 Kwi 2017 14:18
    Kolobos
    Spec od komputerów

    W ustawieniach Chrome wylacz przywracanie zestawu stron po starcie przegladarki.

    Utworz punkt przywracania systemu.

    Wykonaj Fixlist.txt dla FRST:
    WMI_ActiveScriptEventConsumer_ASEC: <===== UWAGA
    (VisionSv) C:\Users\Wojt4S90\AppData\Local\GHuYan\HuyanSvc.exe
    () C:\Windows\SysWOW64\Mpk\lsynchost.exe
    () C:\Windows\SysWOW64\Mpk\lsynchost.exe
    () C:\Windows\SysWOW64\Mpk\MPK.exe
    CHR HomePage: Default -> hxxp://www.initialpage123.com/?z=758e2e067fe4...00LM024XHN-M101MBB_S2SMJ9GD981947&type=hp
    CHR StartupUrls: Default -> "hxxp://google.pl/","hxxp://www.initialpage123.com/?z=758e2e067fe470921b85f47g5z9t2o0w4z5e4zdo4t&from=wak&uid=ST1000LM024XHN-M101MBB_S2SMJ9GD981947&type=hp"
    R2 CHuyanSvr; C:\Users\Wojt4S90\AppData\Local\GHuYan\HuyanSvc.exe [216576 2017-04-18] (VisionSv) [Brak podpisu cyfrowego]
    S2 MainLSyncHost; c:\windows\syswow64\mpk\lsynchost.exe [1555968 2015-11-03] () [Brak podpisu cyfrowego]
    R1 cryptfd; C:\WINDOWS\System32\drivers\cryptfd.sys [193448 2017-03-03] ()
    R0 flowhlp; C:\WINDOWS\System32\drivers\flowhlp.dat [155168 2017-04-18] ()
    2017-04-18 22:44 - 2017-04-18 23:27 - 00000000 ____D C:\AdwCleaner
    2017-04-18 21:33 - 2017-04-18 22:30 - 00000000 ____D C:\Users\Wojt4S90\AppData\Local\Kitty
    2017-04-18 21:33 - 2017-04-18 21:33 - 00000000 ____D C:\WINDOWS\Update
    2017-04-18 20:38 - 2017-04-19 00:16 - 00000000 ____D C:\Users\Wojt4S90\AppData\Local\GHuYan
    2017-04-18 20:38 - 2017-04-18 20:38 - 00000000 __SHD C:\Users\Wojt4S90\AppData\Local\kemgadeojglibflomicgnfeopkdfflnw
    2017-04-18 20:38 - 2017-04-18 20:38 - 00000000 ____D C:\Users\Wojt4S90\AppData\Local\ICalc
    2017-04-18 20:37 - 2017-04-18 20:37 - 00000000 ____D C:\Users\Public\Documents\XMUpdate
    2017-04-18 20:36 - 2017-04-18 20:36 - 00155168 _____ C:\WINDOWS\system32\Drivers\flowhlp.dat
    2017-04-18 20:33 - 2017-04-18 20:39 - 00000000 ____D C:\Users\Wojt4S90\AppData\Roaming\Gugucult
    2017-04-18 20:33 - 2017-04-18 20:34 - 00000000 ____D C:\Users\Wojt4S90\AppData\Local\Shumsh
    2017-04-19 13:58 - 2016-01-16 02:09 - 00000000 __SHD C:\ProgramData\MPK
    2017-04-18 22:30 - 2016-01-16 02:09 - 00000000 __SHD C:\WINDOWS\SysWOW64\Mpk
    2017-04-18 22:25 - 2016-01-16 03:03 - 00000000 ____D C:\Program Files (x86)\MNTLB_Monitor

    0