Elektroda.pl
Elektroda.pl
X
Please add exception to AdBlock for elektroda.pl.
If you watch the ads, you support portal and users.

Jak usun±ć program YAC (blokuje administratora)?

kresto94 14 Feb 2015 13:23 2757 6
  • #1
    kresto94
    Level 8  
    Gdzie¶ mi się to ustrojstwo zainstalowało i nie mogę tego się pozbyć.

    Przy próbie usunięcia z panelu sterowania komputer się zawiesza, przy próbie usunięcia folderu z tym dziadostwem wyskakuje że nie mam uprawnień administratora mimo że jestem adminem na swoim komputerze.

    Co mam zrobić? Tylko proszę o dokładne instrukcje nie jestem obcykany w komputerach.
  • Helpful post
    #4
    Acorus 20
    Level 43  
    Otwórz notatnik systemowy i wklej:

    Quote:
    CloseProcesses:
    Task: {044C32D4-D13A-4E87-AFB9-35A3E6542F43} - System32\Tasks\f50fc43a-443d-4966-85d7-20fee45bc7b2-5 => C:\Program Files (x86)\Senses\f50fc43a-443d-4966-85d7-20fee45bc7b2-5.exe <==== ATTENTION
    Task: {1508FACF-0731-4433-A836-E2744E62ECD7} - System32\Tasks\f50fc43a-443d-4966-85d7-20fee45bc7b2-4 => C:\Program Files (x86)\Senses\f50fc43a-443d-4966-85d7-20fee45bc7b2-4.exe <==== ATTENTION
    Task: {2D6CDDAC-D7AE-424D-9F77-AA2E2E91CFB8} - System32\Tasks\{F15F02A6-6DB8-44F3-8430-CA2CE38CF203} => pcalua.exe -a C:\Users\Arek\AppData\Roaming\istartsurf\UninstallManager.exe -c -ptid=smt
    Task: {2E9D1907-A6B9-4337-B727-5F8C57F0AE84} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1235872796-917621967-3410473453-1002Core => C:\Users\Arek\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-04-27] (Facebook Inc.)
    Task: {4844DCE9-923E-4067-94F6-F1A8FE1192EA} - System32\Tasks\globalUpdateUpdateTaskMachineUA => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [2014-09-06] (globalUpdate) <==== ATTENTION
    Task: {52C8A1ED-D753-484C-8CD3-6C34A53ED8D6} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1235872796-917621967-3410473453-1002UA => C:\Users\Arek\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-04-27] (Facebook Inc.)
    Task: {5AC718DE-5787-48B3-AB81-AF314D76E60C} - System32\Tasks\f50fc43a-443d-4966-85d7-20fee45bc7b2-5_user => C:\Program Files (x86)\Senses\f50fc43a-443d-4966-85d7-20fee45bc7b2-5.exe <==== ATTENTION
    Task: {62D8F539-8CB8-4446-A43F-1B9ADCA4D69C} - System32\Tasks\f50fc43a-443d-4966-85d7-20fee45bc7b2-11 => C:\Program Files (x86)\Senses\f50fc43a-443d-4966-85d7-20fee45bc7b2-11.exe <==== ATTENTION
    Task: {8EB1B903-C7BA-4D2D-AE45-4483AE482C5C} - System32\Tasks\f50fc43a-443d-4966-85d7-20fee45bc7b2-6 => C:\Program Files (x86)\Senses\f50fc43a-443d-4966-85d7-20fee45bc7b2-6.exe <==== ATTENTION
    Task: {A5FE946E-EBC0-4039-A1B9-E2890010600D} - System32\Tasks\f50fc43a-443d-4966-85d7-20fee45bc7b2-7 => C:\Program Files (x86)\Senses\f50fc43a-443d-4966-85d7-20fee45bc7b2-7.exe <==== ATTENTION
    Task: {C6F6CD99-0FAE-4BEE-BED2-2C94070ED50F} - System32\Tasks\f50fc43a-443d-4966-85d7-20fee45bc7b2-1 => C:\Program Files (x86)\Senses\Senses-codedownloader.exe <==== ATTENTION
    Task: {CAB44343-5B52-4B67-A118-5214C12DE863} - System32\Tasks\f50fc43a-443d-4966-85d7-20fee45bc7b2-3 => C:\Program Files (x86)\Senses\f50fc43a-443d-4966-85d7-20fee45bc7b2-3.exe <==== ATTENTION
    Task: {E0A7AE4B-F0E1-4E15-9670-EAF55F93D8E2} - System32\Tasks\globalUpdateUpdateTaskMachineCore => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [2014-09-06] (globalUpdate) <==== ATTENTION
    Task: C:\WINDOWS\Tasks\f50fc43a-443d-4966-85d7-20fee45bc7b2-1.job => C:\Program Files (x86)\Senses\Senses-codedownloader.exe <==== ATTENTION
    Task: C:\WINDOWS\Tasks\f50fc43a-443d-4966-85d7-20fee45bc7b2-11.job => C:\Program Files (x86)\Senses\f50fc43a-443d-4966-85d7-20fee45bc7b2-11.exe <==== ATTENTION
    Task: C:\WINDOWS\Tasks\f50fc43a-443d-4966-85d7-20fee45bc7b2-3.job => C:\Program Files (x86)\Senses\f50fc43a-443d-4966-85d7-20fee45bc7b2-3.exe <==== ATTENTION
    Task: C:\WINDOWS\Tasks\f50fc43a-443d-4966-85d7-20fee45bc7b2-4.job => C:\Program Files (x86)\Senses\f50fc43a-443d-4966-85d7-20fee45bc7b2-4.exe <==== ATTENTION
    Task: C:\WINDOWS\Tasks\f50fc43a-443d-4966-85d7-20fee45bc7b2-5.job => C:\Program Files (x86)\Senses\f50fc43a-443d-4966-85d7-20fee45bc7b2-5.exe <==== ATTENTION
    Task: C:\WINDOWS\Tasks\f50fc43a-443d-4966-85d7-20fee45bc7b2-5_user.job => C:\Program Files (x86)\Senses\f50fc43a-443d-4966-85d7-20fee45bc7b2-5.exe <==== ATTENTION
    Task: C:\WINDOWS\Tasks\f50fc43a-443d-4966-85d7-20fee45bc7b2-6.job => C:\Program Files (x86)\Senses\f50fc43a-443d-4966-85d7-20fee45bc7b2-6.exe <==== ATTENTION
    Task: C:\WINDOWS\Tasks\f50fc43a-443d-4966-85d7-20fee45bc7b2-7.job => C:\Program Files (x86)\Senses\f50fc43a-443d-4966-85d7-20fee45bc7b2-7.exe <==== ATTENTION
    Task: C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-1235872796-917621967-3410473453-1002Core.job => C:\Users\Arek\AppData\Local\Facebook\Update\FacebookUpdate.exe
    Task: C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-1235872796-917621967-3410473453-1002UA.job => C:\Users\Arek\AppData\Local\Facebook\Update\FacebookUpdate.exe
    Task: C:\WINDOWS\Tasks\globalUpdateUpdateTaskMachineCore.job => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe <==== ATTENTION
    Task: C:\WINDOWS\Tasks\globalUpdateUpdateTaskMachineUA.job => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe <==== ATTENTION
    HKLM-x32\...\Run: [fst_pl_31] => [X]
    HKLM\...\Policies\Explorer: [NoControlPanel] 0
    HKU\S-1-5-21-1235872796-917621967-3410473453-1002\...\Run: [Facebook Update] => C:\Users\Arek\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2014-04-27] (Facebook Inc.)
    ShellIconOverlayIdentifiers: [GGDriveOverlay1] -> {E68D0A50-3C40-4712-B90D-DCFA93FF2534} => No File
    ShellIconOverlayIdentifiers: [GGDriveOverlay2] -> {E68D0A51-3C40-4712-B90D-DCFA93FF2534} => No File
    ShellIconOverlayIdentifiers: [GGDriveOverlay3] -> {E68D0A52-3C40-4712-B90D-DCFA93FF2534} => No File
    ShellIconOverlayIdentifiers: [GGDriveOverlay4] -> {E68D0A53-3C40-4712-B90D-DCFA93FF2534} => No File
    GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
    CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.delta-homes.com/?type=hp&ts=14...mp;uid=ST500LT012-9WS142_W0V9VLTHXXXXW0V9VLTH
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.delta-homes.com/?type=hp&ts=14...mp;uid=ST500LT012-9WS142_W0V9VLTHXXXXW0V9VLTH
    HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.istartsurf.com/web/?type=ds&ts...ST500LT012-9WS142_W0V9VLTHXXXXW0V9VLTH&q={searchTerms}
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.istartsurf.com/web/?type=ds&ts...ST500LT012-9WS142_W0V9VLTHXXXXW0V9VLTH&q={searchTerms}
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.delta-homes.com/?type=hp&ts=14...mp;uid=ST500LT012-9WS142_W0V9VLTHXXXXW0V9VLTH
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.delta-homes.com/?type=hp&ts=14...mp;uid=ST500LT012-9WS142_W0V9VLTHXXXXW0V9VLTH
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.istartsurf.com/web/?type=ds&ts...ST500LT012-9WS142_W0V9VLTHXXXXW0V9VLTH&q={searchTerms}
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.istartsurf.com/web/?type=ds&ts...ST500LT012-9WS142_W0V9VLTHXXXXW0V9VLTH&q={searchTerms}
    HKU\S-1-5-21-1235872796-917621967-3410473453-1002\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.delta-homes.com/web/?type=ds&am...ST500LT012-9WS142_W0V9VLTHXXXXW0V9VLTH&q={searchTerms}
    HKU\S-1-5-21-1235872796-917621967-3410473453-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.delta-homes.com/?type=hp&ts=14...mp;uid=ST500LT012-9WS142_W0V9VLTHXXXXW0V9VLTH
    HKU\S-1-5-21-1235872796-917621967-3410473453-1002\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.delta-homes.com/web/?type=ds&am...ST500LT012-9WS142_W0V9VLTHXXXXW0V9VLTH&q={searchTerms}
    SearchScopes: HKLM-x32 -> DefaultScope {425ED333-6083-428a-92C9-0CFC28B9D1BF} URL = http://www.v9.com/web?type=ds&ts=14234813...st500lt012-9ws142_w0v9vlthxxxxw0v9vlth&q={searchTerms}
    SearchScopes: HKLM-x32 -> {425ED333-6083-428a-92C9-0CFC28B9D1BF} URL = http://www.v9.com/web?type=ds&ts=14234813...st500lt012-9ws142_w0v9vlthxxxxw0v9vlth&q={searchTerms}
    SearchScopes: HKLM-x32 -> {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.searchsunmy.info/?l=1&q={searchTerms}&pid=625&r=2014/01/05&hid=6921890220188507506&lg=EN&cc=PL&unqvl=45
    SearchScopes: HKU\S-1-5-21-1235872796-917621967-3410473453-1002 -> DefaultScope {425ED333-6083-428a-92C9-0CFC28B9D1BF} URL = http://www.v9.com/web?type=ds&ts=14234813...st500lt012-9ws142_w0v9vlthxxxxw0v9vlth&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-1235872796-917621967-3410473453-1002 -> {2A8679CB-912C-4852-8A50-80673AC51BBA} URL =
    SearchScopes: HKU\S-1-5-21-1235872796-917621967-3410473453-1002 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://search.delta-homes.com/web/?type=ds&am...ST500LT012-9WS142_W0V9VLTHXXXXW0V9VLTH&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-1235872796-917621967-3410473453-1002 -> {425ED333-6083-428a-92C9-0CFC28B9D1BF} URL = http://www.v9.com/web?type=ds&ts=14234813...st500lt012-9ws142_w0v9vlthxxxxw0v9vlth&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-1235872796-917621967-3410473453-1002 -> {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.searchsunmy.info/?l=1&q={searchTerms}&pid=625&r=2014/01/05&hid=6921890220188507506&lg=EN&cc=PL&unqvl=45
    BHO: ReaNdomPriCCe -> {6F52F25C-3AFD-15FD-A229-D9C440D09AF0} -> C:\ProgramData\ReaNdomPriCCe\4crp1kijvs.x64.dll ()
    BHO: YTAdRemovaL -> {F86328F7-9966-BF8A-0726-1B9592EA2A33} -> C:\ProgramData\YTAdRemovaL\g.x64.dll ()
    BHO-x32: YTAdRemovaL -> {F86328F7-9966-BF8A-0726-1B9592EA2A33} -> C:\ProgramData\YTAdRemovaL\g.dll ()
    Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File
    FF NewTab: hxxp://www.delta-homes.com/newtab/?type=nt&ts=1419417585&from=wpm12233&uid=ST500LT012-9WS142_W0V9VLTHXXXXW0V9VLTH
    FF Homepage: hxxp://www.delta-homes.com/?type=hp&ts=1419417585&from=wpm12233&uid=ST500LT012-9WS142_W0V9VLTHXXXXW0V9VLTH
    FF DefaultSearchEngine: V9
    FF SearchEngineOrder.1: V9
    FF SelectedSearchEngine: V9
    FF SearchPlugin: C:\Users\Arek\AppData\Roaming\Mozilla\Firefox\Profiles\ftu3m0vs.default\searchplugins\V9.xml
    FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\delta-homes.xml
    CHR HKLM\...\Chrome\Extension: [noajmlkipclmeolfcnflkjhijkigpfjh] - C:\Users\Arek\AppData\Local\Google\Chrome\User Data\Default\Extensions\noajmlkipclmeolfcnflkjhijkigpfjh.crx [2014-12-24]
    CHR HKU\S-1-5-21-1235872796-917621967-3410473453-1002\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\Arek\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [Not Found]
    CHR HKLM-x32\...\Chrome\Extension: [noajmlkipclmeolfcnflkjhijkigpfjh] - C:\Users\Arek\AppData\Local\Google\Chrome\User Data\Default\Extensions\noajmlkipclmeolfcnflkjhijkigpfjh.crx [2014-12-24]
    S2 globalUpdate; C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [68608 2014-09-06] (globalUpdate) [File not signed]
    S3 globalUpdatem; C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [68608 2014-09-06] (globalUpdate) [File not signed]
    R2 iSafeService; C:\Program Files (x86)\Elex-tech\YAC\iSafeSvc.exe [120128 2015-01-15] (Elex do Brasil Participações Ltda)
    S2 Update Dynamo Combo; "C:\Program Files (x86)\Dynamo Combo\updateDynamoCombo.exe" [X]
    R1 iSafeKrnl; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnl.sys [249000 2015-01-15] (Elex do Brasil Participações Ltda)
    R1 iSafeKrnlKit; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlKit.sys [99496 2015-01-15] (Elex do Brasil Participações Ltda)
    R1 iSafeKrnlMon; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlMon.sys [42152 2015-01-15] (Elex do Brasil Participações Ltda)
    R1 iSafeKrnlR3; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlR3.sys [93352 2015-01-15] (Elex do Brasil Participações Ltda)
    R1 iSafeNetFilter; C:\Windows\System32\DRIVERS\iSafeNetFilter.sys [52392 2015-01-03] (Elex do Brasil Participações Ltda)
    R1 {ebd8d0c0-e022-4b76-a1f2-bc2963e3a147}Gw64; C:\Windows\System32\drivers\{ebd8d0c0-e022-4b76-a1f2-bc2963e3a147}Gw64.sys [48792 2015-01-14] (StdLib)
    R1 {ecd6aae4-019c-44b2-a0e5-570904275d66}Gw64; C:\Windows\System32\drivers\{ecd6aae4-019c-44b2-a0e5-570904275d66}Gw64.sys [48792 2015-01-16] (StdLib)
    S3 iSafeKrnlBoot; system32\DRIVERS\iSafeKrnlBoot.sys [X]
    S3 RivaTuner64; \??\C:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys [X]
    2015-02-14 00:30 - 2015-01-03 09:57 - 00052392 _____ (Elex do Brasil Participações Ltda) C:\WINDOWS\system32\Drivers\iSafeNetFilter.sys
    2015-01-15 13:40 - 2015-01-14 22:38 - 00048792 _____ (StdLib) C:\WINDOWS\system32\Drivers\{ebd8d0c0-e022-4b76-a1f2-bc2963e3a147}Gw64.sys
    EmptyTemp:

    Plik zapisz pod nazw± fixlist.txt i umie¶ć obok FRST w tym samym folderze.
    Uruchom jako administrator FRST i kliknij w Fix.Pobierz i uruchom jako administrator AdwCleaner https://toolslib.net/downloads/finish/1/ Kliknij Scan i póĽniej Cleaning.
  • #5
    kresto94
    Level 8  
    Zrobiłem wszystko krok po kroku jak napisałe¶ a to ustrojstwo nadal w komputerze siedzi.
  • #6
    Kolobos
    IT specialist
    Daj nowe logi z FRST, ze skanowania.
  • #7
    kresto94
    Level 8  
    Mea Culpa.

    Już wiem co zrobiłem Ľle, notatnik miał ustawione kodowanie ANSI i dlatego nie zadziałało.
    Przestawiłem na Unicode czy jak to się zwie i już usunęło YAC'a :D

    Dziękuję Acorus 20 :D Gdyby¶ był kobiet± to bym Cię wycałował. :D

    edit: no chyba że brzydk± to by¶ dostał p±czka