Elektroda.pl
Elektroda.pl
X
CControls
Proszę, dodaj wyjątek www.elektroda.pl do Adblock.
Dzięki temu, że oglądasz reklamy, wspierasz portal i użytkowników.

Jak usunąć Elex-tech YAC? Logi.

atchlan 27 Lip 2015 11:58 6333 7
  • CControls
  • #2 27 Lip 2015 12:10
    Domino_2
    Pomocny dla użytkowników

    Odinstaluj: Adobe Edge Inspect CC, bestadblocker, mystartsearch uninstall, New Tab Redirect, omiga-plus uninstall, ParallelInspector, QuasarInfract, WinZipper, YAC(Yet Another Cleaner!), McAfee Security Scan Plus.

    Cytat:

    CustomCLSID: HKU\S-1-5-21-828126381-2269690625-3173931184-1000_Classes\CLSID\{F28C2F70-47DE-4EA5-8F6D-7D1476CD1EF5}\localserver32 -> C:\Users\admin\AppData\Local\Temp\66C0\temp\20140706_011359.exe No File
    GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
    CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    HKU\S-1-5-21-828126381-2269690625-3173931184-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mystartsearch.com/?type=hp&ts=...=cornl&uid=SAMSUNGXHD502IJ_S13TJDWQ428396
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.mystartsearch.com/?type=hp&ts=...=cornl&uid=SAMSUNGXHD502IJ_S13TJDWQ428396
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=56626&...oft.com/isapi/redir.dll?prd=ie&ar=msnhome
    HKU\S-1-5-21-828126381-2269690625-3173931184-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    HKU\S-1-5-21-828126381-2269690625-3173931184-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mystartsearch.com/?type=hp&ts=...=cornl&uid=SAMSUNGXHD502IJ_S13TJDWQ428396
    HKU\S-1-5-21-828126381-2269690625-3173931184-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.mystartsearch.com/?type=hp&ts=...=cornl&uid=SAMSUNGXHD502IJ_S13TJDWQ428396




    HKU\S-1-5-21-828126381-2269690625-3173931184-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://isearch.omiga-plus.com/web/?type=dspp&...amp;uid=SAMSUNGXHD502IJ_S13TJDWQ428396&q={searchTerms}
    SearchScopes: HKLM -> DefaultScope {BB82DE59-BC4C-4172-9AC4-73315F71CFFE} URL =
    SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.mystartsearch.com/web/?type=ds&...amp;uid=SAMSUNGXHD502IJ_S13TJDWQ428396&q={searchTerms}
    SearchScopes: HKLM -> {BB82DE59-BC4C-4172-9AC4-73315F71CFFE} URL =
    SearchScopes: HKU\S-1-5-21-828126381-2269690625-3173931184-1000 -> DefaultScope {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = http://do-search.com/web/?utm_source=b&ut...G6A&ts=1420373293&type=default&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-828126381-2269690625-3173931184-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://do-search.com/web/?utm_source=b&ut...G6A&ts=1420373293&type=default&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-828126381-2269690625-3173931184-1000 -> {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = http://do-search.com/web/?utm_source=b&ut...G6A&ts=1420373293&type=default&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-828126381-2269690625-3173931184-1000 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://do-search.com/web/?utm_source=b&ut...G6A&ts=1420373293&type=default&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-828126381-2269690625-3173931184-1000 -> {BB82DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://do-search.com/web/?utm_source=b&ut...G6A&ts=1420373293&type=default&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-828126381-2269690625-3173931184-1000 -> {C0C3A6C6-03BC-4195-8FCB-AEA091301353} URL = http://do-search.com/web/?utm_source=b&ut...G6A&ts=1420373293&type=default&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-828126381-2269690625-3173931184-1000 -> {E733165D-CBCF-4FDA-883E-ADEF965B476C} URL = http://do-search.com/web/?utm_source=b&ut...G6A&ts=1420373293&type=default&q={searchTerms}
    BHO: GoodTab Class -> {1F91A9A1-01BA-4c81-863D-3BA0751E1419} -> C:\Program Files\MiuiTab\SupTab.dll No File
    FF Plugin: @microsoft.com/GENUINE -> disabled No File
    FF Extension: No Name - C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [not found]
    CHR HKLM\...\Chrome\Extension: [bopakagnckmlgajfccecajhnimjiiedh] - http://clients2.google.com/service/update2/crx
    R2 Disgusted Put; C:\Program Files\Disgusted Put\Disgusted Put.exe [8016579 2015-07-08] () [File not signed] <==== ATTENTION
    R2 Nonchalant Jacket; C:\Program Files\Nonchalant Jacket\Nonchalant Jacket.exe [8016474 2015-07-12] () [File not signed] <==== ATTENTION
    R2 WindowsMangerProtect; C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe [545280 2015-07-17] (Windows SysTool) [File not signed] <==== ATTENTION
    R2 winzipersvc; C:\Program Files\WinZipper\winzipersvc.exe [337040 2015-07-21] (Taiwan Shui Mu Chih Ching Technology Limited.) <==== ATTENTION
    S2 gupdate; "C:\Program Files\Google\Update\GoogleUpdate.exe" /svc [X]
    S3 gupdatem; "C:\Program Files\Google\Update\GoogleUpdate.exe" /medsvc [X]
    S2 Update Mgr WanderBurst; "C:\Program Files\Common Files\fccb0821-00ee-466c-acb5-2a5cec258511\updater.exe" [X]
    S3 catchme; \??\C:\Users\admin\AppData\Local\Temp\catchme.sys [X]
    S3 VGPU; System32\drivers\rdvgkmd.sys [X]
    Empty Temp:


    Wklej to do notatnika i zapisz pod nazwą fixlist.txt i umieść w folderze gdzie znajduje się plik FRST.exe, odpal go jako administrator i kliknij Fix.

    Odinstaluj Chrome zaznaczając żeby usunął wszystkie dane, a następnie zainstaluj ponownie, tym razem wersję stabilną (bo obecnie posiadasz wersję developerską).

    0
  • CControls
  • #3 27 Lip 2015 12:14
    Kolobos
    Spec od komputerów

    Odinstaluj:
    Adobe Edge Inspect CC (HKLM\...\{AD11DADE-C597-45D9-D8C5-1D2EB0B89613}) (Version: - ) <==== ATTENTION
    bestadblocker (HKLM\...\{4820778D-AB0D-6D18-C316-52A6A0E1D507}) (Version: - ) <==== ATTENTION
    CCUtTheProice (HKLM\...\{A2C98B47-B5F4-94AA-281D-4135416774CF}) (Version: - )
    McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)
    mystartsearch uninstall (HKLM\...\mystartsearch uninstall) (Version: - mystartsearch) <==== ATTENTION
    New Tab Redirect (HKLM\...\{A3FC46A0-9B62-0EF3-B475-743B3A2762B1}) (Version: - "") <==== ATTENTION
    omiga-plus uninstall (HKLM\...\omiga-plus uninstall) (Version: - omiga-plus) <==== ATTENTION
    ParallelInspector (HKLM\...\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}{dd25e48a}) (Version: - ParallelInspector) <==== ATTENTION
    QuasarInfract (HKLM\...\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}{49951c5d}) (Version: - QuasarInfract) <==== ATTENTION
    Wander Burst (HKLM\...\Wander Burst) (Version: 2.0.5679.8770 - Wander Burst)
    WinZipper (HKLM\...\WinZipper) (Version: 1.5.105 - Taiwan Shui Mu Chih Ching Technology Limited.) <==== ATTENTION
    YAC(Yet Another Cleaner!) (HKLM\...\iSafe) (Version: - ELEX DO BRASIL PARTICIPAÇÕES LTDA) <==== ATTENTION
    Picexa (HKLM\...\Picexa) (Version: - Taiwan Shui Mu Chih Ching Technology Limited)
    Web Companion (HKLM\...\{b0856d9e-49e6-4b8b-87d1-2a6e6c574ea1}) (Version: 2.0.1025.2130 - Lavasoft)
    RDS bar seo pagerank dmoz alexa pr

    Uzyj AdwCleaner, opcja Szukaj i Usun:
    http://www.bleepingcomputer.com/download/adwcleaner/

    Obok frst.exe utworz plik fixlist.txt z zawartoscia:
    CloseProcesses:
    (Elex do Brasil Participações Ltda) C:\Program Files\Elex-tech\YAC\iSafeSvc.exe
    (Elex do Brasil Participações Ltda) C:\Program Files\Elex-tech\YAC\iSafeSvc2.exe
    (Taiwan Shui Mu Chih Ching Technology Limited) C:\Program Files\Picexa\picexasvc.exe
    (Windows SysTool) C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe
    (Taiwan Shui Mu Chih Ching Technology Limited.) C:\Program Files\WinZipper\winzipersvc.exe
    () C:\Users\admin\AppData\Roaming\Bitter Hope\Bitter Hope.exe
    () C:\Program Files\Disgusted Put\Disgusted Put.exe
    (XTab system) C:\Program Files\MiuiTab\ProtectService.exe
    () C:\Program Files\Nonchalant Jacket\Nonchalant Jacket.exe
    () C:\ProgramData\fccb0821-00ee-466c-acb5-2a5cec258511\plugincontainer.exe
    () C:\ProgramData\fccb0821-00ee-466c-acb5-2a5cec258511\plugins\10\Plugin.exe
    () C:\ProgramData\fccb0821-00ee-466c-acb5-2a5cec258511\plugins\3\Plugin.exe
    () C:\ProgramData\fccb0821-00ee-466c-acb5-2a5cec258511\plugins\3\Plugin.exe
    () C:\ProgramData\fccb0821-00ee-466c-acb5-2a5cec258511\plugins\7\Plugin.exe
    () C:\ProgramData\fccb0821-00ee-466c-acb5-2a5cec258511\plugins\8\Plugin.exe
    () C:\ProgramData\fccb0821-00ee-466c-acb5-2a5cec258511\plugins\7\Plugin.exe
    () C:\Program Files\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.WinService.exe
    HKU\S-1-5-21-828126381-2269690625-3173931184-1000\...\Run: [{5DE67937-45D5-45E4-923C-0B7F7EC929A7}] => C:\Users\admin\Downloads\LeagueofLegends_EUNE_Installer_9_15_2014.exe [30993712 2015-05-30] (Riot Games)
    HKU\S-1-5-21-828126381-2269690625-3173931184-1000\...\Run: [Web Companion] => C:\Program Files\Lavasoft\Web Companion\Application\WebCompanion.exe [1381648 2015-07-20] (Lavasoft)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2015-06-11]
    ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
    GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
    CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    HKU\S-1-5-21-828126381-2269690625-3173931184-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mystartsearch.com/?type=hp&ts=...=cornl&uid=SAMSUNGXHD502IJ_S13TJDWQ428396
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.mystartsearch.com/?type=hp&ts=...=cornl&uid=SAMSUNGXHD502IJ_S13TJDWQ428396
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=56626&...oft.com/isapi/redir.dll?prd=ie&ar=msnhome
    HKU\S-1-5-21-828126381-2269690625-3173931184-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    HKU\S-1-5-21-828126381-2269690625-3173931184-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mystartsearch.com/?type=hp&ts=...=cornl&uid=SAMSUNGXHD502IJ_S13TJDWQ428396
    HKU\S-1-5-21-828126381-2269690625-3173931184-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.mystartsearch.com/?type=hp&ts=...=cornl&uid=SAMSUNGXHD502IJ_S13TJDWQ428396
    HKU\S-1-5-21-828126381-2269690625-3173931184-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://isearch.omiga-plus.com/web/?type=dspp&...amp;uid=SAMSUNGXHD502IJ_S13TJDWQ428396&q={searchTerms}
    SearchScopes: HKLM -> DefaultScope {BB82DE59-BC4C-4172-9AC4-73315F71CFFE} URL =
    SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.mystartsearch.com/web/?type=ds&...amp;uid=SAMSUNGXHD502IJ_S13TJDWQ428396&q={searchTerms}
    SearchScopes: HKLM -> {BB82DE59-BC4C-4172-9AC4-73315F71CFFE} URL =
    SearchScopes: HKU\S-1-5-21-828126381-2269690625-3173931184-1000 -> DefaultScope {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = http://do-search.com/web/?utm_source=b&ut...G6A&ts=1420373293&type=default&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-828126381-2269690625-3173931184-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://do-search.com/web/?utm_source=b&ut...G6A&ts=1420373293&type=default&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-828126381-2269690625-3173931184-1000 -> {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = http://do-search.com/web/?utm_source=b&ut...G6A&ts=1420373293&type=default&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-828126381-2269690625-3173931184-1000 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://do-search.com/web/?utm_source=b&ut...G6A&ts=1420373293&type=default&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-828126381-2269690625-3173931184-1000 -> {BB82DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://do-search.com/web/?utm_source=b&ut...G6A&ts=1420373293&type=default&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-828126381-2269690625-3173931184-1000 -> {C0C3A6C6-03BC-4195-8FCB-AEA091301353} URL = http://do-search.com/web/?utm_source=b&ut...G6A&ts=1420373293&type=default&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-828126381-2269690625-3173931184-1000 -> {E733165D-CBCF-4FDA-883E-ADEF965B476C} URL = http://do-search.com/web/?utm_source=b&ut...G6A&ts=1420373293&type=default&q={searchTerms}
    BHO: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll [2014-04-09] (McAfee, Inc.)
    BHO: Wander Burst -> {0f4e02f8-f10e-493d-a1a7-3aed7ba7b110} -> C:\Program Files\Wander Burst\Extensions\0f4e02f8-f10e-493d-a1a7-3aed7ba7b110.dll [2015-07-20] ()
    BHO: GoodTab Class -> {1F91A9A1-01BA-4c81-863D-3BA0751E1419} -> C:\Program Files\MiuiTab\SupTab.dll No File
    Winsock: Catalog9 01 C:\Windows\system32\LavasoftTcpService.dll [342016 2015-07-20] (Lavasoft Limited)
    Winsock: Catalog9 02 C:\Windows\system32\LavasoftTcpService.dll [342016 2015-07-20] (Lavasoft Limited)
    Winsock: Catalog9 03 C:\Windows\system32\LavasoftTcpService.dll [342016 2015-07-20] (Lavasoft Limited)
    Winsock: Catalog9 04 C:\Windows\system32\LavasoftTcpService.dll [342016 2015-07-20] (Lavasoft Limited)
    Winsock: Catalog9 15 C:\Windows\system32\LavasoftTcpService.dll [342016 2015-07-20] (Lavasoft Limited)
    FF NewTab: https://pl.search.yahoo.com/?fr=vmn&type=..._ya__hp_WCYID10099_swoc_campaign_150720__yaff
    FF DefaultSearchEngine: WebSearch
    FF SelectedSearchEngine: WebSearch
    FF Homepage: hxxp://websearch.hotsearches.info/?pid=24428&...097334420650&lg=EN&cc=PL&unqvl=90
    FF SearchEngineOrder.1: WebSearch
    FF SearchEngineOrder.1,S: WebSearch
    FF DefaultSearchEngine,S: WebSearch
    FF SelectedSearchEngine,S: WebSearch
    FF Keyword.URL: hxxp://websearch.hotsearches.info/?pid=24428&...p;lg=EN&cc=PL&unqvl=90&l=1&q=
    FF DefaultSearchUrl: hxxp://websearch.hotsearches.info/?pid=24428&...p;lg=EN&cc=PL&unqvl=90&l=1&q=
    FF SearchPlugin: C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\bi2sj07o.default\searchplugins\WebSearch.xml [2015-07-24]
    FF Extension: Default NewTab - C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\bi2sj07o.default\Extensions\default_newtabff@gmail.com [2015-07-17]
    FF Extension: Default SearchProtected - C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\bi2sj07o.default\Extensions\defsearchp@gmail.com [2015-07-17]
    FF Extension: BlockIt Ad remover - C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\bi2sj07o.default\Extensions\r_nwefmoackaawlhoo@bzuizzz_hzbebfhv.org [2015-07-13]
    FF Extension: DiscountBomb - C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\bi2sj07o.default\Extensions\zdzjvfwoqrio@v_cozsexwajz.com [2015-07-06]
    FF HKLM\...\Firefox\Extensions: [fftoolbar2014@etech.com] - C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\bi2sj07o.default\extensions\fftoolbar2014@etech.com
    FF HKLM\...\Firefox\Extensions: [faststartff@gmail.com] - C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\bi2sj07o.default\extensions\faststartff@gmail.com
    FF HKLM\...\Firefox\Extensions: [quick_searchff@gmail.com] - C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\bi2sj07o.default\extensions\quick_searchff@gmail.com
    FF HKLM\...\Firefox\Extensions: [sweetsearch@gmail.com] - C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\bi2sj07o.default\extensions\sweetsearch@gmail.com
    FF HKLM\...\Firefox\Extensions: [searchffv2@gmail.com] - C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\bi2sj07o.default\extensions\searchffv2@gmail.com
    FF HKLM\...\Firefox\Extensions: [default_newtabff@gmail.com] - C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\bi2sj07o.default\extensions\default_newtabff@gmail.com
    FF HKLM\...\Firefox\Extensions: [defsearchp@gmail.com] - C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\bi2sj07o.default\extensions\defsearchp@gmail.com
    FF HKU\S-1-5-21-828126381-2269690625-3173931184-1000\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
    FF Extension: McAfee Security Scan Plus - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]
    FF Extension: No Name - C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [not found]
    S2 49951c5d; c:\program files\sayescoupon\sayescoupon.dll [3020288 2015-07-24] () [File not signed]
    R2 Bitter Hope; C:\Users\admin\AppData\Roaming\Bitter Hope\Bitter Hope.exe [65536 2015-06-20] () [File not signed]
    S2 dd25e48a; c:\program files\PatternGenerators\PatternGenerators.dll [1804800 2015-07-06] () [File not signed]
    R2 Disgusted Put; C:\Program Files\Disgusted Put\Disgusted Put.exe [8016579 2015-07-08] () [File not signed] <==== ATTENTION
    R2 IHProtect Service; C:\Program Files\MiuiTab\ProtectService.exe [125112 2015-07-17] (XTab system)
    R2 iSafeService; C:\Program Files\Elex-tech\YAC\iSafeSvc.exe [118048 2015-06-11] (Elex do Brasil Participações Ltda)
    R2 LavasoftTcpService; C:\Program Files\Lavasoft\Web Companion\TcpService\2.3.4.7\LavasoftTcpService.exe [2751792 2015-07-20] (Lavasoft Limited)
    S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [235696 2015-07-08] (McAfee, Inc.)
    R2 Nonchalant Jacket; C:\Program Files\Nonchalant Jacket\Nonchalant Jacket.exe [8016474 2015-07-12] () [File not signed] <==== ATTENTION
    R2 PicexaService; C:\Program Files\Picexa\PicexaSvc.exe [393880 2015-06-11] (Taiwan Shui Mu Chih Ching Technology Limited)
    R2 SearchProtectionService; C:\Program Files\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.WinService.exe [13312 2015-07-20] () [File not signed]
    R2 Service Mgr WanderBurst; C:\ProgramData\fccb0821-00ee-466c-acb5-2a5cec258511\plugincontainer.exe [1095904 2015-07-26] ()
    R2 WindowsMangerProtect; C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe [545280 2015-07-17] (Windows SysTool) [File not signed] <==== ATTENTION
    R2 winzipersvc; C:\Program Files\WinZipper\winzipersvc.exe [337040 2015-07-21] (Taiwan Shui Mu Chih Ching Technology Limited.) <==== ATTENTION
    S2 Update Mgr WanderBurst; "C:\Program Files\Common Files\fccb0821-00ee-466c-acb5-2a5cec258511\updater.exe" [X]
    R1 iSafeKrnl; C:\Program Files\Elex-tech\YAC\iSafeKrnl.sys [226024 2015-06-10] (Elex do Brasil Participações Ltda)
    S3 iSafeKrnlBoot; C:\Windows\System32\DRIVERS\iSafeKrnlBoot.sys [48784 2015-06-10] (Elex do Brasil Participações Ltda)
    R1 iSafeKrnlKit; C:\Program Files\Elex-tech\YAC\iSafeKrnlKit.sys [96424 2015-06-10] (Elex do Brasil Participações Ltda)
    R1 iSafeKrnlMon; C:\Program Files\Elex-tech\YAC\iSafeKrnlMon.sys [43536 2015-06-10] (Elex do Brasil Participações Ltda)
    R1 iSafeKrnlR3; C:\Program Files\Elex-tech\YAC\iSafeKrnlR3.sys [71744 2015-06-10] (Elex do Brasil Participações Ltda)
    R1 iSafeNetFilter; C:\Windows\System32\DRIVERS\iSafeNetFilter.sys [44712 2015-04-17] (Elex do Brasil Participações Ltda)
    S3 catchme; \??\C:\Users\admin\AppData\Local\Temp\catchme.sys [X]
    S3 VGPU; System32\drivers\rdvgkmd.sys [X]
    2015-07-24 19:55 - 2015-07-24 19:55 - 00000000 ____D C:\Program Files\sayescoupon
    2015-07-24 19:54 - 2015-07-24 19:54 - 00000000 ____D C:\Program Files\Adobe Edge Inspect CC
    2015-07-24 19:53 - 2015-07-26 17:54 - 00000000 ____D C:\Program Files\CCUtTheProice
    2015-07-24 19:53 - 2015-07-26 17:54 - 00000000 ____D C:\Program Files\bestadblocker
    2015-07-24 19:53 - 2015-07-24 19:54 - 00000000 ____D C:\ProgramData\6037299945401282849
    2015-07-24 19:52 - 2015-07-24 19:52 - 00000000 ____D C:\ProgramData\ioioggjogojaihbkepgeilnmfehecgmk
    2015-07-24 19:51 - 2015-07-26 17:54 - 00000000 ____D C:\ProgramData\{a28efaad-07b4-0536-a28e-efaad07beab4}
    2015-07-20 17:11 - 2015-07-20 17:11 - 17116168 _____ (Electronic Arts, Inc.) C:\Users\admin\Downloads\OriginThinSetup (2).exe
    2015-07-20 17:08 - 2015-07-20 17:08 - 17116168 _____ (Electronic Arts, Inc.) C:\Users\admin\Downloads\OriginThinSetup (1).exe
    2015-07-20 16:26 - 2015-07-20 16:26 - 00000000 ____D C:\Users\admin\AppData\Roaming\eCyber
    2015-07-20 15:39 - 2015-07-27 09:18 - 00000000 ____D C:\Program Files\Common Files\fccb0821-00ee-466c-acb5-2a5cec258511
    2015-07-20 15:39 - 2015-07-26 20:20 - 00000000 ____D C:\ProgramData\fccb0821-00ee-466c-acb5-2a5cec258511
    2015-07-20 15:39 - 2015-07-20 15:39 - 00000000 ____D C:\Program Files\Wander Burst
    2015-07-20 15:34 - 2015-07-20 15:34 - 01122679 _____ C:\Users\admin\Downloads\DAEMON-Tools-Lite(12708)-dp.jse
    2015-07-19 22:30 - 2015-07-19 22:30 - 00025266 _____ C:\ComboFix.txt
    2015-07-19 22:17 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe
    2015-07-19 22:17 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe
    2015-07-19 22:17 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
    2015-07-19 22:17 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
    2015-07-19 22:17 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
    2015-07-19 22:17 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe
    2015-07-19 22:17 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe
    2015-07-19 22:17 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe
    2015-07-19 21:45 - 2015-07-19 22:30 - 00000000 ____D C:\Qoobox
    2015-07-19 21:39 - 2015-07-19 21:40 - 05633411 ____R (Swearware) C:\Users\admin\Downloads\ComboFix.exe
    2015-07-19 21:39 - 2015-07-19 21:39 - 01122679 _____ C:\Users\admin\Downloads\Free-Download-Manager(12555)-dp.jse
    2015-07-17 09:30 - 2015-07-27 09:19 - 00000000 ____D C:\Program Files\WinZipper
    2015-07-17 09:30 - 2015-07-24 11:46 - 00000000 ____D C:\Users\admin\AppData\Roaming\WinZipper
    2015-07-17 09:30 - 2015-07-17 09:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZipper
    2015-07-17 09:29 - 2015-07-27 11:30 - 00000000 ____D C:\Program Files\MiuiTab
    2015-07-13 17:34 - 2015-07-13 17:34 - 00000000 ____D C:\Program Files\New Tab Redirect
    2015-07-13 09:32 - 2015-07-13 09:32 - 00000079 _____ C:\Program Files\prefs.js
    2015-07-12 10:13 - 2015-07-12 10:13 - 00000000 ____D C:\Program Files\Nonchalant Jacket
    2015-07-08 19:45 - 2015-07-08 19:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
    2015-07-08 19:45 - 2015-07-08 19:45 - 00000000 ____D C:\Program Files\McAfee Security Scan
    2015-07-08 17:59 - 2015-07-08 17:59 - 00000000 ____D C:\Program Files\Disgusted Put
    2015-07-06 11:41 - 2015-07-06 11:41 - 00000000 ____D C:\Program Files\PatternGenerators
    2015-07-06 11:40 - 2015-07-06 11:40 - 00000000 ____D C:\Program Files\RDS bar seo pagerank dmoz alexa pr
    2015-07-05 20:53 - 2015-07-05 20:53 - 00000000 ____D C:\Users\admin\AppData\Roaming\mystartsearch
    2015-07-04 14:58 - 2015-06-11 19:19 - 00000000 ____D C:\Users\admin\SupTab
    2015-07-13 09:32 - 2015-07-13 09:32 - 0000079 _____ () C:\Program Files\prefs.js
    C:\Program Files\Elex-tech\
    EmptyTemp:

    Po wykonaniu zrob pelny skan przy pomocy mbam i usun to co wykryje.

    Na koniec daj nowe logi z FRST ze skanowania.


    :arrow: @Domino_2
    Jak masz podawac takie skrypty to juz lepiej zebys tego nie robil i trzeba po Tobie sprawdzac logi jeszcze raz.

    0
  • #5 27 Lip 2015 13:43
    Domino_2
    Pomocny dla użytkowników

    @Kolobos Byłbym wdzięczny za wszelkie wskazówki jakich mógłbyś mi udzielić żeby tworzyć kompletne fixy.

    0
  • Pomocny post
    #6 27 Lip 2015 13:50
    Kolobos
    Spec od komputerów

    @atchlan odinstaluj:
    InfiniteCrisis_6EDD581C692E

    Nowy Fixlist.txt dla FRST:
    IE trusted site: HKU\S-1-5-21-828126381-2269690625-3173931184-1000\...\webcompanion.com -> hxxp://webcompanion.com
    FF Extension: No Name - C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\bi2sj07o.default\extensions\zdzjvfwoqrio@v_cozsexwajz.com [not found]
    FF Extension: No Name - C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\bi2sj07o.default\extensions\r_nwefmoackaawlhoo@bzuizzz_hzbebfhv.org [not found]
    FF Extension: No Name - C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\bi2sj07o.default\extensions\default_newtabff@gmail.com [not found]
    FF Extension: No Name - C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\bi2sj07o.default\extensions\defsearchp@gmail.com [not found]
    FF Extension: No Name - C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [not found]
    2015-07-27 12:54 - 2015-07-27 12:56 - 00000000 ____D C:\AdwCleaner

    W FRST wybierz Fix.

    Usun katalog C:\FRST i to wszystko.


    @Domino_2 jak juz pisalem wiele razy, trzeba sie na tym znac, kazdy log jest inny i albo umiesz go sprawdzic albo nie. Nie ma do tego poradnikow i opisow.
    Mozesz zobaczyc co zawiera moj skrypt, ale jak nie bedziesz wiedzial dlaczego to i tak nic z tym nie zrobisz.

    1
  • #7 27 Lip 2015 13:58
    Domino_2
    Pomocny dla użytkowników

    @Kolobos

    (Elex do Brasil Participações Ltda) C:\Program Files\Elex-tech\YAC\iSafeSvc.exe
    (Elex do Brasil Participações Ltda) C:\Program Files\Elex-tech\YAC\iSafeSvc2.exe

    Np. tego nie zamieszczałem bo czy jeśli odinstaluje ręcznie YAC tak jak wskazałem to czy te wpisy automatycznie nie znikną?

    0
  • #8 27 Lip 2015 14:15
    atchlan
    Poziom 2  

    @Kolobos
    Już wszystko zrobiłem dzięki wielkie :)

    0