remove www.30tab.com Solved

Question

Hello,   Help, my Chrome and Firefox browsers have changed their homepage to https://fr.stop-bot.com/?network=SA&campaign_id=STB+CPA+FR&cn=357551061&cid=78486214827  and the internet freezes after a few minutes...  Malware crashes after a few minutes (Blue Screen + Windows reboot).  I can't manage to deal with this.  I think I need help.  Thank you  Configuration: Windows / Chrome 62.0.3202.94

Malekal_morte- · Answer

Hello,  Follow the FRST tutorial. ( take the time to read carefully - everything is well explained there ).  Download and run the FRST scan, Wait for the scan to finish, a message will indicate that the analysis is complete.  Three FRST reports will be generated:  FRST.txt  Shortcut.txt  Additional.txt  Send these 3 reports to the site https://pjjoint.malekal.com/ to share them. In return, provide the 3 pjjoint links that lead to the reports here in a new response so that we can review them.    -- Please press any key to continue the disinfection...

jdcben · Answer

Thank you, here are the reports:   https://pjjoint.malekal.com/files.php?id=FRST_20171201_u9x7u10l14s13  https://pjjoint.malekal.com/files.php?id=20171201_n11w7q11w11d7 https://pjjoint.malekal.com/files.php?id=20171201_d12t14j6m5z11  There you go ;)  --

Malekal_morte- · Answer

You have programs that were installed when you bought the computer or installed later that are not necessarily useful. They clutter Windows and can slow it down. You can uninstall them. Go to the Control Panel then Programs and Features. Uninstall:  AVG PC TuneUp CCleaner   PS: CCleaner is not really useful, even though it is recommended everywhere. Disable CCleaner's monitoring; it's unnecessary, it starts up with Windows and slows it down with its constant cleanings. See: https://www.malekal.com/supprimer-ccleaner-demarrage-windows/   Here is the correction to be made with FRST. You can use this explanatory note with screenshots.  Open Notepad: Windows Key + R, In the "Run" field, type notepad and click OK. Copy/Paste the following into it:  CreateRestorePoint:CloseProcesses:Task: {17ED09F7-026C-4B8C-B5AC-DDD36837258C} - System32\Tasks\{83203BDC-9676-4E8C-A458-7CAE20F20A48} => C:\Temp\setup.exe [2015-03-10] (JVC KENWOOD Corporation) <==== WARNINGStartup: C:\Users\chapon.ASC-0429\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\connexion G.lnk [2017-03-27]Startup: C:\Users\chapon.ASC-0429\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\connexion M.lnk [2017-10-09]Startup: C:\Users\chapon.ASC-0429\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\connexion S.lnk [2017-04-21]2017-12-01 08:54 - 2017-12-01 08:56 - 000000000 ____D C:\AdwCleaner2017-12-01 11:23 - 2017-12-01 11:23 - 002985856 _____ C:\Users\chapon.ASC-0429\ZHPCleaner.exe2017-12-01 10:41 - 2017-12-01 10:41 - 000000000 ____D C:\Users\chapon.ASC-0429\AppData\Local\TempTaskUpdateDetection24910096-2045-4878-8573-E4D968F3B2882017-12-01 10:37 - 2017-12-01 11:56 - 000002021 _____ C:\Users\chapon.ASC-0429\Desktop\ZHPCleaner.txt2017-12-01 10:13 - 2017-12-01 11:16 - 000158262 _____ C:\Users\chapon.ASC-0429\Desktop\ZHPDiag.txt2017-12-01 10:02 - 2017-12-01 10:02 - 000000794 _____ C:\Users\chapon.ASC-0429\Desktop\ZHPDiag.lnk2017-12-01 09:43 - 2017-12-01 11:56 - 000000000 ____D C:\Users\chapon.ASC-0429\AppData\Roaming\ZHP2017-12-01 09:43 - 2017-12-01 11:23 - 000000647 _____ C:\Users\chapon.ASC-0429\Desktop\ZHPCleaner.lnk2017-12-01 09:43 - 2017-12-01 11:14 - 000000000 ____D C:\Users\chapon.ASC-0429\AppData\Local\ZHP2017-12-01 09:33 - 2017-12-01 09:13 - 002983296 _____ C:\Users\chapon.ASC-0429\Desktop\ZHPCleaner.exe2017-12-01 09:33 - 2017-12-01 09:13 - 002937728 _____ C:\Users\chapon.ASC-0429\Desktop\ZHPDiag3.exeHosts:EmptyTemp:RemoveProxy:Reboot:  Once the text is pasted into Notepad, go to the "File" menu and then "Save As", On the left, navigate to the Desktop, In the bottom field, file name enter: fixlist.txt Click "Save", this will create fixlist.txt on the Desktop.  Restart FRST and click on the "Fix" button A restart may be needed ( not mandatory ) A text file will appear, copy/paste the content here in a new message.  Restart the computer.   2°) Reset/Repair the affected web browsers:  Repair Mozilla Firefox (first paragraph)  Repair Google Chrome (only the first paragraph).   -- Please press a key to continue the disinfection...

jdcben · Answer

Hello,  Here is the file: Farbar Recovery Scan Tool (x64) Correction Results Version: 30-11-2017 Executed by chapon (04-12-2017 07:31:44) Run:1 Executed from C:\Users\chapon.ASC-0429\Desktop Loaded profiles: chapon (Available profiles: insta & admin & chapon) Boot mode: Normal ==============================================  fixlist content:  CreateRestorePoint: CloseProcesses: Task: {17ED09F7-026C-4B8C-B5AC-DDD36837258C} - System32\Tasks\{83203BDC-9676-4E8C-A458-7CAE20F20A48} => C:\Temp\setup.exe [2015-03-10] (JVC KENWOOD Corporation) <==== WARNING Startup: C:\Users\chapon.ASC-0429\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\connexion G.lnk [2017-03-27] Startup: C:\Users\chapon.ASC-0429\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\connexion M.lnk [2017-10-09] Startup: C:\Users\chapon.ASC-0429\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\connexion S.lnk [2017-04-21] 2017-12-01 08:54 - 2017-12-01 08:56 - 000000000 ____D C:\AdwCleaner 2017-12-01 11:23 - 2017-12-01 11:23 - 002985856 _____ C:\Users\chapon.ASC-0429\ZHPCleaner.exe 2017-12-01 10:41 - 2017-12-01 10:41 - 000000000 ____D C:\Users\chapon.ASC-0429\AppData\Local\TempTaskUpdateDetection24910096-2045-4878-8573-E4D968F3B288 2017-12-01 10:37 - 2017-12-01 11:56 - 000002021 _____ C:\Users\chapon.ASC-0429\Desktop\ZHPCleaner.txt 2017-12-01 10:13 - 2017-12-01 11:16 - 000158262 _____ C:\Users\chapon.ASC-0429\Desktop\ZHPDiag.txt 2017-12-01 10:02 - 2017-12-01 10:02 - 000000794 _____ C:\Users\chapon.ASC-0429\Desktop\ZHPDiag.lnk 2017-12-01 09:43 - 2017-12-01 11:56 - 000000000 ____D C:\Users\chapon.ASC-0429\AppData\Roaming\ZHP 2017-12-01 09:43 - 2017-12-01 11:23 - 000000647 _____ C:\Users\chapon.ASC-0429\Desktop\ZHPCleaner.lnk 2017-12-01 09:43 - 2017-12-01 11:14 - 000000000 ____D C:\Users\chapon.ASC-0429\AppData\Local\ZHP 2017-12-01 09:33 - 2017-12-01 09:13 - 002983296 _____ C:\Users\chapon.ASC-0429\Desktop\ZHPCleaner.exe 2017-12-01 09:33 - 2017-12-01 09:13 - 002937728 _____ C:\Users\chapon.ASC-0429\Desktop\ZHPDiag3.exe Hosts: EmptyTemp: RemoveProxy: Reboot:   The restore point was successfully created. Processes closed successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{17ED09F7-026C-4B8C-B5AC-DDD36837258C} => key deleted successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{17ED09F7-026C-4B8C-B5AC-DDD36837258C} => key deleted successfully C:\Windows\System32\Tasks\{83203BDC-9676-4E8C-A458-7CAE20F20A48} => moved successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{83203BDC-9676-4E8C-A458-7CAE20F20A48} => key deleted successfully C:\Users\chapon.ASC-0429\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\connexion G.lnk => moved successfully C:\Users\chapon.ASC-0429\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\connexion M.lnk => moved successfully C:\Users\chapon.ASC-0429\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\connexion S.lnk => moved successfully C:\AdwCleaner => moved successfully C:\Users\chapon.ASC-0429\ZHPCleaner.exe => moved successfully C:\Users\chapon.ASC-0429\AppData\Local\TempTaskUpdateDetection24910096-2045-4878-8573-E4D968F3B288 => moved successfully C:\Users\chapon.ASC-0429\Desktop\ZHPCleaner.txt => moved successfully C:\Users\chapon.ASC-0429\Desktop\ZHPDiag.txt => moved successfully C:\Users\chapon.ASC-0429\Desktop\ZHPDiag.lnk => moved successfully C:\Users\chapon.ASC-0429\AppData\Roaming\ZHP => moved successfully C:\Users\chapon.ASC-0429\Desktop\ZHPCleaner.lnk => moved successfully C:\Users\chapon.ASC-0429\AppData\Local\ZHP => moved successfully C:\Users\chapon.ASC-0429\Desktop\ZHPCleaner.exe => moved successfully C:\Users\chapon.ASC-0429\Desktop\ZHPDiag3.exe => moved successfully C:\Windows\System32\Drivers\etc\hosts => moved successfully Hosts restored successfully.  ========= RemoveProxy: =========  HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer => key deleted successfully HKU\S-1-5-21-171610261-1065904840-2019330994-1003\SOFTWARE\Policies\Microsoft\Internet Explorer => key deleted successfully HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\DefaultConnectionSettings => value deleted successfully HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\SavedLegacySettings => value deleted successfully HKU\S-1-5-21-171610261-1065904840-2019330994-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\DefaultConnectionSettings => value deleted successfully HKU\S-1-5-21-171610261-1065904840-2019330994-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\SavedLegacySettings => value deleted successfully   ========= End of RemoveProxy: =========   =========== EmptyTemp: ==========  BITS transfer queue => 8388608 B DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 5540218 B Java, Flash, Steam htmlcache => 997 B Windows/system/drivers => 1997446 B Edge => 0 B Chrome => 55842914 B Firefox => 39423406 B Opera => 0 B  Temp, IE cache, history, cookies, recent: Users => 0 B Default => 0 B Public => 0 B ProgramData => 0 B systemprofile => 16674 B systemprofile32 => 66228 B LocalService => 0 B NetworkService => 0 B insta => 59967 B admin => 25212672 B chapon.ASC-0429 => 33487791 B bergere => 73694 B insta.KEB => 3247318 B chapon => 351363610 B asc => 94276 B  RecycleBin => 10850448 B EmptyTemp: => 510.9 MB temporary data deleted.  ================================   The system had to restart.  End of Fixlog 07:33:24  --  The issue is still present  Thank you

jdcben · Answer

Yes, it has been done.    --

jdcben · Answer

what I find strange:  - Always the page 30tab.com on startup - internet crashing after a while then the whole pc. - DNS Servers: 178.255.160.92 - 178.255.160.94 ??? - Tcpip\Parameters: [DhcpNameServer] 178.255.160.92 178.255.160.94  Tcpip\..\Interfaces\{9DFF53B9-0F00-4C32-AE2F-0093107D1138}: [DhcpNameServer] 178.255.160.92 178.255.160.94 - Chrome: ======= CHR StartupUrls: Default -> "hxxp://www.google.fr/"   I don't understand the link starting with "HXXP".    --

jdcben · Answer

For the moment, I have initiated a restoration to a restore point prior to the appearance of the problem.  When I run Malwarebytes, it crashes during memory analysis (Windows Blue Screen!!!) In safe mode, it finds nothing. I will reinstall Mozilla around 2 PM.  I will keep you updated.  --

jdcben · Answer

No, should it?   --

jdcben · Answer

I tried, he doesn't find anything.  --

Remove www.30tab.com

9 réponses

End of Fixlog 07:33:24

Texture issues in enshrouded

Old lullaby

Unable to connect to freebox os

Edit ad on leboncoin for free

Freebox wifi password

Computer tower that won't turn on

Blocked: are my messages still being delivered?

Video intercom inspector

Your computer can't use another display.

Fransat decoder stuck