Elektroda.pl
Elektroda.pl
X
Proszę, dodaj wyjątek www.elektroda.pl do Adblock.
Dzięki temu, że oglądasz reklamy, wspierasz portal i użytkowników.

YAC, elex-tech Jak to usunąć?

ximarox 31 Mar 2016 21:50 1155 4
  • #2 31 Mar 2016 22:20
    eleizea
    Poziom 2  

    U mnie blokował program antywirusowy, niestety nie znam się na tym i nie podpowiem co wpisać w fixlist, ale jakby co, spróbuj wyłączyć antywira na pare minut i wtedy naprawić w FRST. U mnie podziałało.

    0
  • #3 01 Kwi 2016 00:30
    Kolobos
    Spec od komputerów

    Fixlist.txt dla FRST:
    CloseProcesses:
    Task: {1FD654C3-DA14-4E68-9826-107228319CA2} - System32\Tasks\ffgogogoCheckTask => C:\Program Files (x86)\ffgogogo Browser\bin\browserServer.exe
    Task: {3E3ADD07-B6A4-41FE-9C81-5E4F6967538B} - System32\Tasks\ffgogogoBrowserUpdateCore => C:\Program Files (x86)\ffgogogo Browser\bin\browserServer.exe
    Task: {96D78F0F-E7E0-4095-9F0F-FE884CDA79A2} - System32\Tasks\ffgogogoBrowserUpdateUA => C:\Program Files (x86)\ffgogogo Browser\bin\browserServer.exe
    Task: {E4555E3F-1281-45E7-BB1B-66E11C0DB739} - System32\Tasks\Browser Updater Task(Core) => C:\Program Files (x86)\QQBrowser\Update\Download\5FE64DD043FD5DAAB0F0BBC66A293E8B\Update\BrowserUpdate.exe [2016-03-17] (Tencent)
    HKU\S-1-5-21-1789933790-3019214916-3721418029-1000\...\Policies\Explorer: []
    HKU\S-1-5-21-1789933790-3019214916-3721418029-1000\...\MountPoints2: F - F:\autorun.EXE
    HKU\S-1-5-21-1789933790-3019214916-3721418029-1000\...\MountPoints2: {2c9c44be-ea60-11e4-9372-60d819e2fe32} - F:\autorun.EXE
    HKU\S-1-5-21-1789933790-3019214916-3721418029-1000\...\MountPoints2: {4237c481-ab6d-11e5-a480-60d819e2fe32} - E:\AutoRun.exe
    HKU\S-1-5-21-1789933790-3019214916-3721418029-1000\...\MountPoints2: {93fe76fa-077a-11e5-81bf-dc0ea1640c65} - F:\HTC_Sync_Manager_PC.exe
    HKU\S-1-5-21-1789933790-3019214916-3721418029-1000\...\MountPoints2: {add3527c-46fb-11e4-b38c-60d819e2fe32} - F:\AutoRun.exe
    HKU\S-1-5-21-1789933790-3019214916-3721418029-1000\...\MountPoints2: {add35289-46fb-11e4-b38c-60d819e2fe32} - F:\AutoRun.exe
    HKU\S-1-5-21-1789933790-3019214916-3721418029-1000\...\MountPoints2: {b97975c4-5393-11e4-8b3e-60d819e2fe32} - F:\AutoRun.exe
    HKU\S-1-5-21-1789933790-3019214916-3721418029-1000\...\MountPoints2: {cc6285fb-9e81-11e4-8145-60d819e2fe32} - F:\AutoRun.exe
    HKU\S-1-5-21-1789933790-3019214916-3721418029-1000\...\MountPoints2: {cf325a60-7cb7-11e4-9029-60d819e2fe32} - F:\AutoRun.exe
    HKU\S-1-5-21-1789933790-3019214916-3721418029-1000\...\MountPoints2: {cf325a80-7cb7-11e4-9029-60d819e2fe32} - E:\AutoRun.exe
    HKU\S-1-5-21-1789933790-3019214916-3721418029-1000\...\MountPoints2: {e594802f-5dac-11e4-a820-60d819e2fe32} - E:\Startme.exe
    HKU\S-1-5-21-1789933790-3019214916-3721418029-1000\...\MountPoints2: {fd4cc594-9f2e-11e4-bf0c-60d819e2fe32} - F:\AutoRun.exe
    ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => Brak pliku
    CHR HKLM\SOFTWARE\Policies\Google: Ograniczenia <======= UWAGA
    FF NewTab: hxxp://www.yessearches.com/?ts=AHEpB3MkAnItBE...B0F0BBC66A293E8B&ptid=ior&mode=ffseng
    FF DefaultSearchEngine: yessearches
    FF SelectedSearchEngine: yessearches
    FF Homepage: hxxp://www.yessearches.com/?ts=AHEpB3MkAnItBE...B0F0BBC66A293E8B&ptid=ior&mode=ffseng




    FF Extension: GsearchFinder - C:\Users\oem\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\Extensions\@E9438230-A7DF-4D1F-8F2D-CA1D0F0F7924.xpi [2016-02-02]
    FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird => nie znaleziono
    CHR HomePage: Default -> hxxp://www.yessearches.com/?mode=nnnb&pti...293E8B&v=20160202&ts=AHEpB3MkAnItBE....
    CHR StartupUrls: Default -> "hxxp://www.yessearches.com/?mode=nnnb&ptid=ior&uid=5FE64DD043FD5DAAB0F0BBC66A293E8B&v=20160202&ts=AHEpB3MkAnItBE.."
    CHR DefaultSearchURL: Default -> hxxp://www.yessearches.com/chrome.php?q={searchTerms}&ts=AHEpB3MkAnItBE..&v=20160202&uid=5FE64DD043FD5DAAB0F0BBC66A293E8B&ptid=ior&mode=nnnb
    CHR DefaultSearchKeyword: Default -> yessearches
    S2 iSafeService; C:\Program Files (x86)\Elex-tech\YAC\iSafeSvc.exe [118048 2015-08-19] (Elex do Brasil Participações Ltda)
    S2 FFModules; "C:\Program Files (x86)\ffgogogo Browser\bin\browserServer.exe" -runsvc [X]
    R1 iSafeKrnl; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnl.sys [260856 2015-05-14] (Elex do Brasil Participações Ltda)
    R1 iSafeKrnlKit; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlKit.sys [110112 2015-08-19] (Elex do Brasil Participações Ltda)
    R1 iSafeKrnlMon; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlMon.sys [52440 2015-08-19] (Elex do Brasil Participações Ltda)
    R1 iSafeKrnlR3; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlR3.sys [103904 2015-08-19] (Elex do Brasil Participações Ltda)
    S3 iSafeKrnlBoot; system32\DRIVERS\iSafeKrnlBoot.sys [X]
    S1 iSafeNetFilter; system32\DRIVERS\iSafeNetFilter.sys [X]
    2016-03-30 20:38 - 2016-03-30 20:38 - 00000000 ____D C:\Users\oem\AppData\Roaming\Elex-tech
    2016-03-30 13:44 - 2016-03-30 13:44 - 00015054 _____ C:\Windows\System32\Tasks\ffgogogoBrowserUpdateUA
    2016-03-30 13:17 - 2016-03-30 13:17 - 00015032 _____ C:\Windows\System32\Tasks\ffgogogoCheckTask
    2016-03-30 13:16 - 2016-03-30 13:16 - 00004114 _____ C:\Windows\System32\Tasks\ffgogogoBrowserUpdateCore
    2016-03-30 13:10 - 2016-03-30 13:10 - 00000000 ____D C:\Users\oem\AppData\Local\ffgogogo
    2016-03-30 13:04 - 2016-03-30 13:04 - 00000000 ____D C:\Users\Public\Documents\ffgogogo
    2016-03-30 13:04 - 2016-03-30 13:04 - 00000000 ____D C:\Users\oem\AppData\Roaming\ffgogogo
    2016-03-29 12:10 - 2016-03-29 12:10 - 00000000 ____D C:\Program Files (x86)\Elex-tech
    2016-03-24 18:24 - 2016-03-24 18:24 - 00000000 ____D C:\Users\oem\AppData\Roaming\WinZiper
    2016-03-24 18:17 - 2016-03-24 18:17 - 00015146 _____ C:\Windows\System32\Tasks\Browser Updater Task(Core)
    2016-03-24 18:17 - 2016-03-24 18:17 - 00000000 ____D C:\Program Files (x86)\QQBrowser
    2016-03-30 20:34 - 2015-02-09 21:06 - 00000000 ____D C:\AdwCleaner
    EmptyTemp:

    W FRST wybierz Napraw.

    Usun katalog C:\FRST.

    2
  • #4 01 Kwi 2016 20:17
    ximarox
    Poziom 2  

    Witam,

    wirusy zniknęły, folder elex-tech również. Nie ma żadnych śmieciowych wyszukiwarek. Dziękuję za pomoc.

    Czy wrzucać jeszcze logi dla pewności?

    0
  • #5 01 Kwi 2016 23:55
    RADU23
    Moderator - Komputery Serwis

    ximarox napisał:
    Czy wrzucać jeszcze logi dla pewności?

    Nie ma potrzeby skoro wszystko jest ok.
    YAC, elex-tech Jak to usunąć?

    0