Elektroda.pl
Elektroda.pl
X
CControls
Proszę, dodaj wyjątek www.elektroda.pl do Adblock.
Dzięki temu, że oglądasz reklamy, wspierasz portal i użytkowników.

YAC - Kłopotliwa deinstalacja.

jutron 19 Gru 2015 23:52 936 9
  • #1 19 Gru 2015 23:52
    jutron
    Poziom 2  

    Witam, dużo o tym programie czytałem - jest on ponoć szkodliwy i niepotrzebny. W dodatku zaobserwowałem, że muli mi on komputer, więc postanowiłem go odinstalować, lecz się nie da!
    Gdy próbuję go odinstalować w Panelu Sterowania komputer się zawiesza i nic nie mogę zrobić.
    Próbowałem AdwCleanerem, CCleanerem również i dalej nic!
    Proszę o pomoc, bo bardzo on mi przeszkadza przy pracy.

    0 9
  • CControls
  • CControls
  • #5 26 Gru 2015 19:47
    krzychupar
    Poziom 40  

    Otwórz notatnik systemowy i wklej:

    Kod: text
    Zaloguj się, aby zobaczyć kod


    Plik zapisz pod nazwą fixlist.txt i umieść obok FRST w tym samym folderze.
    Uruchom FRST i kliknij w Fix/Napraw.

    0
  • #7 28 Gru 2015 13:38
    Acorus 20
    Spec od komputerów

    Pokaż nowe logi z FRST.

    0
  • Pomocny post
    #8 28 Gru 2015 14:18
    Kolobos
    Spec od komputerów

    Nie pobieraj programow za pomoc menadzera pobierania z dobrychprogramow. Menadzer z DP instaluje szkodliwe oprogramowanie! Pobieraj TYLKO z bezposrednich linkow.

    Odinstaluj:
    AION (HKLM\...\AION) (Version: - AION) <==== UWAGA
    DarkEra (HKU\S-1-5-21-1331961834-1346240979-2623158053-1000\...\DarkEra) (Version: - DarkEra) <==== UWAGA
    WarThunder (HKLM\...\WarThunder) (Version: - WarThunder) <==== UWAGA
    YAC(Yet Another Cleaner!) (HKLM-x32\...\iSafe) (Version: - ELEX DO BRASIL PARTICIPAÇÕES LTDA) <==== UWAGA
    yoursearching (HKLM-x32\...\yoursearching) (Version: 1.0.0.6 - )


    Uzyj AdwCleaner, opcja Scan i Clean/Szukaj i Usun: https://toolslib.net/downloads/viewdownload/1-adwcleaner/


    Fixlist.txt dla FRST:

    Spoiler:

    CloseProcesses:
    Task: {01D137D9-14F5-4B61-983F-5BF7DA0B96FF} - System32\Tasks\{429A92E8-FBB3-4955-AB58-5440859061C0} => C:\Program Files (x86)\Opera\launcher.exe
    Task: {0D2E1B44-1DF6-4272-8896-55A63909E6CD} - System32\Tasks\{39EA57AB-E82C-42BC-995A-F81954F9B75C} => Firefox.exe hxxp://ui.skype.com/ui/0/6.14.0.104/pl/abandoninstall?page=tsProgressBar
    Task: {161BF3A2-41FD-4944-A286-4523489F4E26} - System32\Tasks\{EF95F057-A935-4167-AA80-EAEB0846D8A7} => Firefox.exe hxxp://ui.skype.com/ui/0/7.0.0.102/pl/abandoninstall?page=tsMain
    Task: {1907A60F-DCDF-40F2-99E3-87E6CBDB6450} - System32\Tasks\{5E4687E0-71B7-417E-9670-D5E7C8FE8EDF} => pcalua.exe -a C:\Users\fujitsu\Documents\Pobrane\mafia11-13pl.exe -d C:\Users\fujitsu\Documents\Pobrane
    Task: {3B16CCFC-64A8-42CD-9477-A906AB3D50F4} - System32\Tasks\{1C12673E-2994-41AF-829C-0146563E6E1D} => C:\Users\fujitsu\Desktop\Nowy folder (6)\Nokia-Monitor-Test-11451-dp.exe
    Task: {4FB81F8E-FA44-4F73-97F9-32D3238B9E1A} - System32\Tasks\{290CF997-52FC-4F6D-818A-A2C363645B0A} => Firefox.exe hxxp://ui.skype.com/ui/0/6.16.0.105/pl/abandoninstall?page=tsMain
    Task: {6361A3DA-C0F8-4A36-A381-2D62224499C6} - System32\Tasks\AION NS Sunday => Firefox.exe hxxp://boost.games724.com/click/e41614aa08874...F0A0CtAtC2RtBtDtCyDtCtBtByEtCyEtDzztDyEtDyEzy <==== UWAGA




    Task: {6365A31D-A77F-472B-90BF-24CDB8409CC4} - System32\Tasks\{F6F52C25-1E68-4798-BA41-9B87E4657903} => D:\Rzeznik\Rzeznik.exe
    Task: {63B486D9-1096-4E1A-A789-D26D59B8E862} - System32\Tasks\{0A73F17A-C720-4A45-B973-2E17FFE3E64B} => Firefox.exe hxxp://ui.skype.com/ui/0/7.0.0.102/pl/abandoninstall?page=tsMain
    Task: {7A88E7AF-DCBF-4F12-A30F-705650A6549F} - System32\Tasks\{1B8A93C9-181D-48F1-9E50-74EB75043A20} => Firefox.exe hxxp://ui.skype.com/ui/0/7.0.0.102/pl/abandoninstall?page=tsProgressBar
    Task: {7CCCA6EA-32DA-48EF-9822-9B0A7A2130C9} - System32\Tasks\{02DFFEF3-5181-44CE-9E70-F9F1F9AFD91E} => pcalua.exe -a "D:\Star Wars Jedi Knight - Jedi Academy (2 Cds)\Daemon Tools 3.47.exe" -d "D:\Star Wars Jedi Knight - Jedi Academy (2 Cds)"
    Task: {819FA49D-8FF2-49C3-9717-213CE684DE04} - System32\Tasks\AION NS Saturday => Firefox.exe hxxp://boost.games724.com/click/e41614aa08874...F0A0CtAtC2RtBtDtCyDtCtBtByEtCyEtDzztDyEtDyEzy <==== UWAGA
    Task: {836B7389-FBD7-4204-91FF-C203552B2B2E} - System32\Tasks\{D1ABD09C-3C76-4CD9-B4A2-C56FA61B72D9} => pcalua.exe -a C:\Users\fujitsu\AppData\Roaming\omiga-plus\UninstallManager.exe -c -ptid=cor <==== UWAGA
    Task: {A6BE103B-9E31-4E75-97C7-8ACAB66D15A6} - System32\Tasks\{B6C596D3-3197-4C69-9545-9B4A5919A4A0} => Firefox.exe hxxp://ui.skype.com/ui/0/7.0.0.102/pl/abandoninstall?page=tsProgressBar
    Task: {BDA00427-BD94-44D3-A4DF-8972DE0FEFB3} - System32\Tasks\AION NF Sunday => Firefox.exe hxxp://boost.games724.com/click/e41614aa08874...F0A0CtAtC2RtBtDtCyDtCtBtByEtCyEtDzztDyEtDyEzy <==== UWAGA
    Task: {C24383BA-DEED-40BC-82E1-CA347C0377E7} - System32\Tasks\{3771DC40-8325-4B56-B187-4EAD3768F7F3} => pcalua.exe -a E:\EasySetupAssistant\EasySetupAssistant.exe -d E:\EasySetupAssistant
    Task: {CBE02DA0-B996-4B9D-906C-058AD170F8BF} - System32\Tasks\{C41CC8BF-64FC-4C8F-8B23-9B1BD89BEA6D} => pcalua.exe -a "D:\Program Files (x86)\Juiced\juicedpccdromdv.exe" -d "D:\Program Files (x86)\Juiced"
    Task: {CFFBCF59-7427-4D09-A06E-199BF13A5E1F} - System32\Tasks\{F6A744A6-E874-47E5-B1E7-DAA8CBDB920C} => Firefox.exe hxxp://ui.skype.com/ui/0/6.14.0.104/pl/abandoninstall?page=tsProgressBar
    Task: {D003C6AE-44E0-4A42-BE7D-73D82EDC21C7} - System32\Tasks\{9EBC34DE-523E-4C98-BDD0-4C9903429DEB} => pcalua.exe -a C:\Users\fujitsu\Desktop\Dayz_Undetected\Dayz_Undetected.exe -d C:\Users\fujitsu\Desktop\Dayz_Undetected
    Task: {D607FFD4-1B29-4C2F-B827-26E446065DAB} - System32\Tasks\{3DED2ECA-CB3C-4F3C-8F7B-8E6212A881AD} => pcalua.exe -a C:\Users\fujitsu\Documents\Pobrane\juicedpccdromdv.exe -d C:\Users\fujitsu\Documents\Pobrane
    Task: {EA094774-F27C-4B8A-91FC-A18F940ED230} - System32\Tasks\{27E4F546-4183-4D78-B61B-E6504AE54B8C} => pcalua.exe -a "C:\Program Files (x86)\InstallShield Installation Information\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}\Sims3Setup.exe" -c -runfromtemp -l0x0015 -removeonly
    Task: {EA55EAF1-F05D-429E-9708-FAB8D2486047} - System32\Tasks\{9004F383-67BE-4A20-9CD8-1BE42B28865C} => Firefox.exe hxxp://ui.skype.com/ui/0/6.21.59.104/pl/abandoninstall?page=tsProgressBar
    Task: {ECB9E686-F05D-4B23-9928-EDE5168D59C6} - System32\Tasks\{7219A2B2-CC83-4714-92F7-EB7CAC31DD49} => pcalua.exe -a D:\midway_riseandfall.exe -d D:\
    Task: {F0695F96-7F46-473E-8BF0-6553B078E994} - System32\Tasks\{CCA7C272-BC70-4EE9-8DF9-7B81126D862A} => Firefox.exe hxxp://ui.skype.com/ui/0/7.0.0.102/pl/abandoninstall?page=tsProgressBar
    Task: {F2B302EF-5F17-49B3-82D8-2C5D7E2D57D3} - System32\Tasks\{D63D3291-7117-46FF-8930-841A0674BEA1} => Firefox.exe hxxp://ui.skype.com/ui/0/7.2.0.103/pl/abandoninstall?page=tsMain
    ShortcutWithArgument: C:\Users\fujitsu\Desktop\AION.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://www.yoursearching.com/?type=sc&ts=...ornl&uid=st9500325as_s2w57jbnxxxxs2w57jbn
    ShortcutWithArgument: C:\Users\fujitsu\Desktop\pierdy z puplpitu\DarkEra.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.yoursearching.com/?type=sc&ts=...ornl&uid=st9500325as_s2w57jbnxxxxs2w57jbn
    ShortcutWithArgument: C:\Users\fujitsu\Desktop\pierdy z puplpitu\WarThunder.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.yoursearching.com/?type=sc&ts=...ornl&uid=st9500325as_s2w57jbnxxxxs2w57jbn
    ShortcutWithArgument: C:\Users\fujitsu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DarkEra.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.yoursearching.com/?type=sc&ts=...ornl&uid=st9500325as_s2w57jbnxxxxs2w57jbn
    ShortcutWithArgument: C:\Users\fujitsu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WarThunder.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.yoursearching.com/?type=sc&ts=...ornl&uid=st9500325as_s2w57jbnxxxxs2w57jbn
    ShortcutWithArgument: C:\Users\fujitsu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WorldofTanks551\WorldofTanks.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://www.yoursearching.com/?type=sc&ts=...ornl&uid=st9500325as_s2w57jbnxxxxs2w57jbn
    ShortcutWithArgument: C:\Users\fujitsu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AION\AION.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://www.yoursearching.com/?type=sc&ts=...ornl&uid=st9500325as_s2w57jbnxxxxs2w57jbn
    ShortcutWithArgument: C:\Users\fujitsu\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\DarkEra.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.yoursearching.com/?type=sc&ts=...ornl&uid=st9500325as_s2w57jbnxxxxs2w57jbn
    ShortcutWithArgument: C:\Users\fujitsu\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.yoursearching.com/?type=sc&ts=...ornl&uid=st9500325as_s2w57jbnxxxxs2w57jbn
    ShortcutWithArgument: C:\Users\fujitsu\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\WarThunder.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.yoursearching.com/?type=sc&ts=...ornl&uid=st9500325as_s2w57jbnxxxxs2w57jbn
    ShortcutWithArgument: C:\Users\fujitsu\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.yoursearching.com/?type=sc&ts=...ornl&uid=st9500325as_s2w57jbnxxxxs2w57jbn
    ShortcutWithArgument: C:\Users\fujitsu\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://www.yoursearching.com/?type=sc&ts=...ornl&uid=st9500325as_s2w57jbnxxxxs2w57jbn
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://www.yoursearching.com/?type=sc&ts=...ornl&uid=st9500325as_s2w57jbnxxxxs2w57jbn
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.yoursearching.com/?type=sc&ts=...ornl&uid=st9500325as_s2w57jbnxxxxs2w57jbn
    ShortcutWithArgument: C:\Users\Public\Desktop\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.yoursearching.com/?type=sc&ts=...ornl&uid=st9500325as_s2w57jbnxxxxs2w57jbn
    ShortcutWithArgument: C:\Users\Public\Desktop\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://www.yoursearching.com/?type=sc&ts=...ornl&uid=st9500325as_s2w57jbnxxxxs2w57jbn
    AlternateDataStreams: C:\ProgramData:NT
    AlternateDataStreams: C:\ProgramData:NT2
    AlternateDataStreams: C:\Users\All Users:NT
    AlternateDataStreams: C:\Users\All Users:NT2
    AlternateDataStreams: C:\ProgramData\Application Data:NT
    AlternateDataStreams: C:\ProgramData\Application Data:NT2
    AlternateDataStreams: C:\ProgramData\MTA San Andreas All:NT
    AlternateDataStreams: C:\ProgramData\MTA San Andreas All:NT2
    AlternateDataStreams: C:\ProgramData\Temp:EF7F67C4
    AlternateDataStreams: C:\Users\fujitsu\Dane aplikacji:NT
    AlternateDataStreams: C:\Users\fujitsu\Dane aplikacji:NT2
    AlternateDataStreams: C:\Users\fujitsu\AppData\Roaming:NT
    AlternateDataStreams: C:\Users\fujitsu\AppData\Roaming:NT2
    Hosts:
    (Elex do Brasil Participações Ltda) C:\Program Files (x86)\Elex-tech\YAC\iSafeSvc.exe
    (Elex do Brasil Participações Ltda) C:\Program Files (x86)\Elex-tech\YAC\iSafeSvc2.exe
    (Spigot, Inc.) C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe
    (Spigot, Inc.) C:\Program Files (x86)\Common Files\Spigot\Preferences Manager\PreferencesManager.exe
    HKLM-x32\...\Run: [] => [X]
    HKLM-x32\...\Run: [SearchSettings] => C:\Program Files (x86)\Common Files\Spigot\Preferences Manager\PreferencesManager.exe [1375728 2015-12-07] (Spigot, Inc.)
    HKU\S-1-5-21-1331961834-1346240979-2623158053-1000\...\Run: [] => [X]
    HKU\S-1-5-21-1331961834-1346240979-2623158053-1000\...\MountPoints2: F - F:\autorun.exe
    HKU\S-1-5-21-1331961834-1346240979-2623158053-1000\...\MountPoints2: {0efe73aa-3fd8-11e4-9068-ac7289a2ffcf} - F:\Startme.exe
    HKU\S-1-5-21-1331961834-1346240979-2623158053-1000\...\MountPoints2: {2aeaac11-e6ad-11e3-9956-ac7289a2ffcf} - G:\Startme.exe
    HKU\S-1-5-21-1331961834-1346240979-2623158053-1000\...\MountPoints2: {d6b972d6-6e55-11e3-a74d-ac7289a2ffcf} - F:\autorun.exe
    Tcpip\..\Interfaces\{C0A2D8ED-D1C8-4A2C-8BD8-5F7FC02E422F}: [NameServer] 52.18.92.32,8.8.8.8
    Tcpip\..\Interfaces\{DB9821CE-A4AC-44ED-81FC-CED7E2E83BE3}: [NameServer] 52.18.92.32,8.8.8.8
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.mystartsearch.com/?type=hp&ts=...=cor&uid=st9500325as_s2w57jbnxxxxs2w57jbn
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.mystartsearch.com/?type=hp&ts=...=cor&uid=st9500325as_s2w57jbnxxxxs2w57jbn
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.mystartsearch.com/?type=hp&ts=...=cor&uid=st9500325as_s2w57jbnxxxxs2w57jbn
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.mystartsearch.com/?type=hp&ts=...=cor&uid=st9500325as_s2w57jbnxxxxs2w57jbn
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
    HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.v9.com?type=hp&ts=1433851012&a...;z=80369bdaa90d9c60ca36012gfz7cac2b2weg2e8gew
    HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.v9.com?type=hp&ts=1433851012&a...;z=80369bdaa90d9c60ca36012gfz7cac2b2weg2e8gew
    HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.v9.com?type=hp&ts=1433851012&a...;z=80369bdaa90d9c60ca36012gfz7cac2b2weg2e8gew
    HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.v9.com?type=hp&ts=1433851012&a...;z=80369bdaa90d9c60ca36012gfz7cac2b2weg2e8gew
    HKU\S-1-5-21-1331961834-1346240979-2623158053-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.mystartsearch.com/?type=hp&ts=...=cor&uid=st9500325as_s2w57jbnxxxxs2w57jbn
    HKU\S-1-5-21-1331961834-1346240979-2623158053-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.mystartsearch.com/?type=hp&ts=...=cor&uid=st9500325as_s2w57jbnxxxxs2w57jbn
    HKU\S-1-5-21-1331961834-1346240979-2623158053-1000\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.google.com/ig/redirectdomain?brand=FTSG&bmod=FTSG
    HKU\S-1-5-21-1331961834-1346240979-2623158053-1000\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=FTSG&bmod=FTSG
    URLSearchHook: HKLM-x32 -> Domyślne = {CCC7B159-1D8C-11E3-B2AD-F3EF3D58318D}
    URLSearchHook: HKU\S-1-5-21-1331961834-1346240979-2623158053-1000 - IObit Apps Toolbar - {03EB0E9C-7A91-4381-A220-9B52B641CDB1} - C:\Program Files (x86)\IObit Apps Toolbar\IE\23.8\iobitappsToolbarIE64.dll (Spigot, Inc.)
    URLSearchHook: HKU\S-1-5-21-1331961834-1346240979-2623158053-1000 - IObit Apps Toolbar - {03EB0E9C-7A91-4381-A220-9B52B641CDB1} - C:\Program Files (x86)\IObit Apps Toolbar\IE\23.8\iobitappsToolbarIE.dll (Spigot, Inc.)
    SearchScopes: HKLM -> DefaultScope {425ED333-6083-428a-92C9-0CFC28B9D1BF} URL =
    SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.istartsurf.com/web/?type=ds&ts...p;uid=ST9500325AS_S2W57JBNXXXXS2W57JBN&q={searchTerms}
    SearchScopes: HKLM-x32 -> DefaultScope {425ED333-6083-428a-92C9-0CFC28B9D1BF} URL = hxxp://v9.com/web?type=ds&ts=1450269975&a...41b397d315303af5119g1zfw7ecocq5tft1m4w&q={searchTerms}
    SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.istartsurf.com/web/?type=ds&ts...p;uid=ST9500325AS_S2W57JBNXXXXS2W57JBN&q={searchTerms}
    SearchScopes: HKLM-x32 -> {425ED333-6083-428a-92C9-0CFC28B9D1BF} URL = hxxp://v9.com/web?type=ds&ts=1450269975&a...41b397d315303af5119g1zfw7ecocq5tft1m4w&q={searchTerms}
    SearchScopes: HKU\.DEFAULT -> DefaultScope {425ED333-6083-428a-92C9-0CFC28B9D1BF} URL = hxxp://v9.com/web?type=ds&ts=1450269975&a...41b397d315303af5119g1zfw7ecocq5tft1m4w&q={searchTerms}
    SearchScopes: HKU\.DEFAULT -> {425ED333-6083-428a-92C9-0CFC28B9D1BF} URL = hxxp://v9.com/web?type=ds&ts=1450269975&a...41b397d315303af5119g1zfw7ecocq5tft1m4w&q={searchTerms}
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {425ED333-6083-428a-92C9-0CFC28B9D1BF} URL = hxxp://v9.com/web?type=ds&ts=1450269975&a...41b397d315303af5119g1zfw7ecocq5tft1m4w&q={searchTerms}
    SearchScopes: HKU\S-1-5-19 -> {425ED333-6083-428a-92C9-0CFC28B9D1BF} URL = hxxp://v9.com/web?type=ds&ts=1450269975&a...41b397d315303af5119g1zfw7ecocq5tft1m4w&q={searchTerms}
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {425ED333-6083-428a-92C9-0CFC28B9D1BF} URL = hxxp://v9.com/web?type=ds&ts=1450269975&a...41b397d315303af5119g1zfw7ecocq5tft1m4w&q={searchTerms}
    SearchScopes: HKU\S-1-5-20 -> {425ED333-6083-428a-92C9-0CFC28B9D1BF} URL = hxxp://v9.com/web?type=ds&ts=1450269975&a...41b397d315303af5119g1zfw7ecocq5tft1m4w&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-1331961834-1346240979-2623158053-1000 -> DefaultScope {425ED333-6083-428a-92C9-0CFC28B9D1BF} URL = hxxp://v9.com/web?type=ds&ts=1450269975&a...41b397d315303af5119g1zfw7ecocq5tft1m4w&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-1331961834-1346240979-2623158053-1000 -> {019F9FB0-CAE4-4684-B8CE-C121953EF6C0} URL = hxxps://search.yahoo.com/search?fr=chr-greent...mp;ei=utf-8&ilc=12&type=902615&p={searchTerms}
    SearchScopes: HKU\S-1-5-21-1331961834-1346240979-2623158053-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.istartsurf.com/web/?utm_source=b&a...JBN&ts=1438414453&type=default&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-1331961834-1346240979-2623158053-1000 -> {0EA48446-9FB8-43EA-A440-059AEC46E307} URL =
    SearchScopes: HKU\S-1-5-21-1331961834-1346240979-2623158053-1000 -> {12064395-B70C-416C-83F0-686B6B3A26DC} URL =
    SearchScopes: HKU\S-1-5-21-1331961834-1346240979-2623158053-1000 -> {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = hxxp://www.istartsurf.com/web/?utm_source=b&a...JBN&ts=1438414453&type=default&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-1331961834-1346240979-2623158053-1000 -> {2053E8FB-C393-4545-A32B-A71718C10602} URL = hxxp://www.istartsurf.com/web/?utm_source=b&a...JBN&ts=1438414453&type=default&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-1331961834-1346240979-2623158053-1000 -> {20B75F8A-81CA-4E6C-A106-664F35A143A4} URL =
    SearchScopes: HKU\S-1-5-21-1331961834-1346240979-2623158053-1000 -> {2C0EAA6C-2A6A-4174-A48F-ED30F0622A39} URL = hxxp://www.istartsurf.com/web/?utm_source=b&a...JBN&ts=1438414453&type=default&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-1331961834-1346240979-2623158053-1000 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.istartsurf.com/web/?utm_source=b&a...JBN&ts=1438414453&type=default&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-1331961834-1346240979-2623158053-1000 -> {425ED333-6083-428a-92C9-0CFC28B9D1BF} URL = hxxp://v9.com/web?type=ds&ts=1450269975&a...41b397d315303af5119g1zfw7ecocq5tft1m4w&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-1331961834-1346240979-2623158053-1000 -> {50F39B2C-71D5-492A-8AA2-F3EA29E69089} URL =
    SearchScopes: HKU\S-1-5-21-1331961834-1346240979-2623158053-1000 -> {59F5C187-CB68-4E45-A728-71647C1F0824} URL =
    SearchScopes: HKU\S-1-5-21-1331961834-1346240979-2623158053-1000 -> {5D114C13-9595-4A1A-A943-01B5E55500B8} URL =
    SearchScopes: HKU\S-1-5-21-1331961834-1346240979-2623158053-1000 -> {64519CBD-B135-43BC-8E23-A641D1778623} URL =
    SearchScopes: HKU\S-1-5-21-1331961834-1346240979-2623158053-1000 -> {9088B123-5390-4D70-90DF-F64BF464FFCE} URL =
    SearchScopes: HKU\S-1-5-21-1331961834-1346240979-2623158053-1000 -> {95D7C0F0-9532-4D7A-B5CA-FD7BA942BBCA} URL =
    SearchScopes: HKU\S-1-5-21-1331961834-1346240979-2623158053-1000 -> {E00D504C-7AB1-49A4-B229-BA45E524D8C1} URL =
    SearchScopes: HKU\S-1-5-21-1331961834-1346240979-2623158053-1000 -> {E710AF04-C932-4D7C-8637-17C1824678E5} URL =
    SearchScopes: HKU\S-1-5-21-1331961834-1346240979-2623158053-1000 -> {E733165D-CBCF-4FDA-883E-ADEF965B476C} URL = hxxp://www.istartsurf.com/web/?utm_source=b&a...JBN&ts=1438414453&type=default&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-1331961834-1346240979-2623158053-1000 -> {EF45A278-11F3-44B1-BF02-2EA666EA8B27} URL =
    SearchScopes: HKU\S-1-5-21-1331961834-1346240979-2623158053-1000 -> {F06F01B2-6521-4314-BE69-75D1E01EE8DB} URL =
    SearchScopes: HKU\S-1-5-21-1331961834-1346240979-2623158053-1000 -> {F10C5EE2-85FC-4F61-9277-4955153A6687} URL =
    SearchScopes: HKU\S-1-5-21-1331961834-1346240979-2623158053-1000 -> {FF744ED1-DF8D-489D-9CCA-BE86D707F8BC} URL =
    BHO: Brak nazwy -> {a4ad8fd9-b395-43e3-88b5-240710b48e27} -> Brak pliku
    BHO-x32: IObit Apps Toolbar -> {03EB0E9C-7A91-4381-A220-9B52B641CDB1} -> C:\Program Files (x86)\IObit Apps Toolbar\IE\23.8\iobitappsToolbarIE.dll [2015-12-07] (Spigot, Inc.)
    Toolbar: HKLM - Brak nazwy - {a4ad8fd9-b395-43e3-88b5-240710b48e27} - Brak pliku
    Toolbar: HKLM - IObit Apps Toolbar - {03EB0E9C-7A91-4381-A220-9B52B641CDB1} - C:\Program Files (x86)\IObit Apps Toolbar\IE\23.8\iobitappsToolbarIE64.dll [2015-12-07] (Spigot, Inc.)
    Toolbar: HKLM-x32 - IObit Apps Toolbar - {03EB0E9C-7A91-4381-A220-9B52B641CDB1} - C:\Program Files (x86)\IObit Apps Toolbar\IE\23.8\iobitappsToolbarIE.dll [2015-12-07] (Spigot, Inc.)
    Toolbar: HKU\S-1-5-21-1331961834-1346240979-2623158053-1000 -> Brak nazwy - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - Brak pliku
    Toolbar: HKU\S-1-5-21-1331961834-1346240979-2623158053-1000 -> Brak nazwy - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - Brak pliku
    FF NewTab: hxxp://www.yoursearching.com/newtab/?type=nt&...ornl&uid=st9500325as_s2w57jbnxxxxs2w57jbn
    FF DefaultSearchEngine: yoursearching
    FF SelectedSearchEngine: V9
    FF SearchPlugin: C:\Users\fujitsu\AppData\Roaming\Mozilla\Firefox\Profiles\8uj5yrhd.default\searchplugins\istartpageing.xml [2015-12-13]
    FF SearchPlugin: C:\Users\fujitsu\AppData\Roaming\Mozilla\Firefox\Profiles\8uj5yrhd.default\searchplugins\v9-.xml [2015-12-16]
    FF SearchPlugin: C:\Users\fujitsu\AppData\Roaming\Mozilla\Firefox\Profiles\8uj5yrhd.default\searchplugins\yoursearching.xml [2015-12-24]
    FF Extension: FirefixTab - C:\Users\fujitsu\AppData\Roaming\Mozilla\Firefox\Profiles\8uj5yrhd.default\Extensions\1450962512_xpi [2015-12-24] [Brak podpisu cyfrowego]
    FF Extension: xRocket Toolbar - C:\Users\fujitsu\AppData\Roaming\Mozilla\Firefox\Profiles\8uj5yrhd.default\Extensions\arthurj8283@gmail.com [2015-08-10] [Brak podpisu cyfrowego]
    FF Extension: SnapMyScreen - C:\Users\fujitsu\AppData\Roaming\Mozilla\Firefox\Profiles\8uj5yrhd.default\Extensions\bfffxtbr@free.snapmyscreen.com [2015-10-31] [Brak podpisu cyfrowego]
    FF Extension: Default SearchProtected - C:\Users\fujitsu\AppData\Roaming\Mozilla\Firefox\Profiles\8uj5yrhd.default\Extensions\defsearchp@gmail.com [2015-11-21] [Brak podpisu cyfrowego]
    FF Extension: deskCut - C:\Users\fujitsu\AppData\Roaming\Mozilla\Firefox\Profiles\8uj5yrhd.default\Extensions\deskCutv2@gmail.com [2015-11-21] [Brak podpisu cyfrowego]
    FF Extension: sidebar - C:\Users\fujitsu\AppData\Roaming\Mozilla\Firefox\Profiles\8uj5yrhd.default\Extensions\sidebarff@gmail.com [2015-11-07] [Brak podpisu cyfrowego]
    FF Extension: YahooToolsProtected - C:\Users\fujitsu\AppData\Roaming\Mozilla\Firefox\Profiles\8uj5yrhd.default\Extensions\yahooprotected@gmail.com [2015-12-03] [Brak podpisu cyfrowego]
    FF Extension: Movies Search App (Dist. by Somoto Ltd.) - C:\Users\fujitsu\AppData\Roaming\Mozilla\Firefox\Profiles\8uj5yrhd.default\Extensions\{a4ad8fd9-b395-43e3-88b5-240710b48e27} [2014-07-28] [Brak podpisu cyfrowego]
    FF HKLM-x32\...\Firefox\Extensions: [arthurj8283@gmail.com] - C:\Users\fujitsu\AppData\Roaming\Mozilla\Firefox\Profiles\8uj5yrhd.default\extensions\arthurj8283@gmail.com
    FF HKLM-x32\...\Firefox\Extensions: [sidebarff@gmail.com] - C:\Users\fujitsu\AppData\Roaming\Mozilla\Firefox\Profiles\8uj5yrhd.default\extensions\sidebarff@gmail.com
    FF HKLM-x32\...\Firefox\Extensions: [yahooprotected@gmail.com] - C:\Users\fujitsu\AppData\Roaming\Mozilla\Firefox\Profiles\8uj5yrhd.default\extensions\yahooprotected@gmail.com
    FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird => nie znaleziono
    CHR HomePage: Default -> hxxp://www.yoursearching.com/?type=hp&ts=...ornl&uid=st9500325as_s2w57jbnxxxxs2w57jbn
    CHR StartupUrls: Default -> "hxxp://www.yoursearching.com/?type=hp&ts=1450962501&z=70cdf9f5baf6f45e0ace717gbz7w9edt5q6o1wde0g&from=cornl&uid=st9500325as_s2w57jbnxxxxs2w57jbn"
    CHR DefaultSearchURL: Default -> hxxp://yoursearching.com/web/?type=ds&ts=...p;uid=st9500325as_s2w57jbnxxxxs2w57jbn&q={searchTerms}
    CHR DefaultSearchKeyword: Default -> yoursearching
    CHR Extension: (Shortcuts for All Google™) - C:\Users\fujitsu\AppData\Local\Google\Chrome\User Data\Default\Extensions\jdiejbegdjikmehflknhkbieocmnogcf [2015-11-09]
    CHR HKLM\...\Chrome\Extension: [jdiejbegdjikmehflknhkbieocmnogcf] - C:\Users\fujitsu\AppData\Local\Google\Chrome\User Data\Default\Extensions\jdiejbegdjikmehflknhkbieocmnogcf.crx <nie znaleziono>
    CHR HKLM-x32\...\Chrome\Extension: [jdiejbegdjikmehflknhkbieocmnogcf] - C:\Users\fujitsu\AppData\Local\Google\Chrome\User Data\Default\Extensions\jdiejbegdjikmehflknhkbieocmnogcf.crx <nie znaleziono>
    R2 iSafeService; C:\Program Files (x86)\Elex-tech\YAC\iSafeSvc.exe [118048 2015-06-03] (Elex do Brasil Participações Ltda)
    R1 iSafeKrnl; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnl.sys [260856 2015-06-03] (Elex do Brasil Participações Ltda)
    R1 iSafeKrnlKit; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlKit.sys [108616 2015-06-03] (Elex do Brasil Participações Ltda)
    R1 iSafeKrnlMon; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlMon.sys [50944 2015-06-03] (Elex do Brasil Participações Ltda)
    R1 iSafeKrnlR3; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlR3.sys [102416 2015-06-03] (Elex do Brasil Participações Ltda)
    R1 iSafeNetFilter; C:\Windows\System32\DRIVERS\iSafeNetFilter.sys [52392 2015-04-17] (Elex do Brasil Participações Ltda)
    S3 cpuz134; \??\C:\Users\fujitsu\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [X]
    S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
    S3 IlvMoneyDRIVER53; \??\C:\Users\fujitsu\AppData\Local\Temp\Rar$EXa0.571\MoonLight Engine 1236.4.0.18\Money1280.sys [X]
    S3 iSafeKrnlBoot; system32\DRIVERS\iSafeKrnlBoot.sys [X]
    S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]
    2015-12-24 14:08 - 2015-12-24 14:09 - 00002229 _____ C:\Users\fujitsu\Desktop\AION.lnk
    2015-12-24 14:08 - 2015-12-24 14:09 - 00000000 ____D C:\Users\fujitsu\AppData\Roaming\yoursearching
    2015-12-24 14:08 - 2015-12-24 14:08 - 00003838 _____ C:\Windows\System32\Tasks\AION NS Sunday
    2015-12-24 14:08 - 2015-12-24 14:08 - 00003838 _____ C:\Windows\System32\Tasks\AION NS Saturday
    2015-12-24 14:08 - 2015-12-24 14:08 - 00003838 _____ C:\Windows\System32\Tasks\AION NF Sunday
    2015-12-24 14:08 - 2015-12-24 14:08 - 00000000 ____D C:\Users\fujitsu\AppData\Local\AION
    2015-12-24 14:07 - 2015-12-24 14:07 - 00961984 _____ (Installer ) C:\Users\fujitsu\Desktop\CrossFTP-67436-dp.exe
    2015-12-19 23:21 - 2015-12-19 23:21 - 00001836 _____ C:\Users\Public\Desktop\YAC.lnk
    2015-12-19 23:21 - 2015-12-19 23:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\YAC
    2015-12-19 23:05 - 2015-12-19 23:05 - 00000000 ____D C:\Users\fujitsu\AppData\LocalLow\Preferences Manager
    2015-12-19 23:05 - 2015-12-19 23:05 - 00000000 ____D C:\Program Files (x86)\IObit Apps Toolbar
    2015-12-19 23:05 - 2015-12-19 23:05 - 00000000 ____D C:\Program Files (x86)\Application Updater
    2015-12-19 23:04 - 2015-12-19 23:04 - 03624208 _____ (IObit ) C:\Users\fujitsu\Downloads\unlocker-setup(dobreprogramy.pl).exe
    2015-12-19 23:04 - 2015-12-19 23:04 - 00962128 _____ (Installer Soft Program ) C:\Users\fujitsu\Desktop\IObit-Unlocker-26902-dp.exe
    2015-12-03 10:49 - 2015-12-03 10:49 - 00000000 ____D C:\Users\fujitsu\AppData\Roaming\istartpageing
    2015-12-03 10:48 - 2015-12-24 14:09 - 00002544 _____ C:\Users\fujitsu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DarkEra.lnk
    2015-12-03 10:48 - 2015-12-03 10:48 - 00591552 _____ () C:\Users\fujitsu\Downloads\Ntest(dobreprogramy.pl).exe
    2015-12-03 10:48 - 2015-12-03 10:48 - 00000000 ____D C:\Users\fujitsu\AppData\Roaming\DarkEra
    2015-12-24 14:10 - 2015-11-10 18:47 - 00000000 ____D C:\Program Files (x86)\RayDld
    2015-12-24 14:09 - 2015-10-26 16:45 - 00001656 _____ C:\Users\fujitsu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WarThunder.lnk
    2015-12-24 14:08 - 2015-10-30 12:39 - 00000000 ____D C:\Users\fujitsu\AppData\Roaming\AION
    2015-10-26 16:46 - 2015-11-21 18:03 - 0000098 _____ () C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat
    C:\Program Files (x86)\Elex-tech
    EmptyTemp:

    W FRST wybierz Napraw.

    Zrob pelny skan przy pomocy Mbam i usun to co wykryje:
    http://www.bleepingcomputer.com/download/malwarebytes-anti-malware/

    Po wykonaniu wszystkiego zamiesc nowe logi z FRST, ze skanowania.

    0
  • #10 28 Gru 2015 21:38
    Kolobos
    Spec od komputerów

    Miales odinstalowac:
    AION
    DarkEra
    IObit Apps Toolbar v23.8
    YAC(Yet Another Cleaner!)
    yoursearching

    Wykonaj.

    Nowy fixlist.txt:
    S2 iSafeService; C:\Program Files (x86)\Elex-tech\YAC\iSafeSvc.exe [X]
    R1 iSafeNetFilter; C:\Windows\System32\DRIVERS\iSafeNetFilter.sys [52392 2015-04-17] (Elex do Brasil Participações Ltda)
    S1 iSafeKrnl; \??\C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnl.sys [X]
    S3 iSafeKrnlBoot; system32\DRIVERS\iSafeKrnlBoot.sys [X]
    S1 iSafeKrnlKit; \??\C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlKit.sys [X]
    S1 iSafeKrnlR3; \??\C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlR3.sys [X]
    C:\Windows\System32\DRIVERS\iSafeNetFilter.sys
    2015-12-28 19:47 - 2015-04-17 03:43 - 00052392 _____ (Elex do Brasil Participações Ltda) C:\Windows\system32\Drivers\iSafeNetFilter.sys
    2015-12-28 19:45 - 2015-12-28 19:45 - 00000000 ____D C:\Users\fujitsu\AppData\Roaming\Elex-tech
    2015-12-28 19:52 - 2014-05-01 08:44 - 00000000 ____D C:\Users\fujitsu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WorldofTanks551
    2015-12-28 19:42 - 2014-10-19 19:52 - 00000000 ____D C:\AdwCleaner

    0