Elektroda.pl
Elektroda.pl
X
CControls
Proszę, dodaj wyjątek www.elektroda.pl do Adblock.
Dzięki temu, że oglądasz reklamy, wspierasz portal i użytkowników.

Jak usunąć YAC? Logi z FRST.

nowson 30 Kwi 2016 23:50 1116 2
  • CControls
  • CControls
  • #3 01 Maj 2016 08:41
    Acorus 20
    Spec od komputerów

    Odinstaluj Amazon 1Button App, Lenovo Browser Guard, McAfee LiveSafe, YAC(Yet Another Cleaner!). Otwórz notatnik systemowy i wklej:

    Cytat:
    CloseProcesses:
    Task: {1FB66E0D-A4C5-4F32-9315-2356F6BC8EC6} - System32\Tasks\Opera scheduled Autoupdate 1444731839 => C:\Program Files (x86)\Opera\launcher.exe
    Task: {28E3AF39-79F3-43BC-8EC5-EFC4F144FBF7} - System32\Tasks\ceQeekgCheckTask => C:\Program Files (x86)\ceQeekg\ceQeekg\bin\ceQeekg_server.exe <==== UWAGA
    Task: {59DBEF80-E8DF-4F6A-83D0-16B81138981D} - System32\Tasks\ceQeekgBrowserUpdateUA => C:\Program Files (x86)\ceQeekg\ceQeekg\bin\ceQeekg_server.exe <==== UWAGA
    Task: {93AC1B77-A88A-4D77-B4F8-15E701B1F446} - System32\Tasks\ceQeekgBrowserUpdateCore => C:\Program Files (x86)\ceQeekg\ceQeekg\bin\ceQeekg_server.exe <==== UWAGA
    Shortcut: C:\Users\Mateusz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\ceQeekg\ceQeekg\chrome.exe (The ceQeekg Authors)
    Shortcut: C:\Users\Mateusz\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\ceQeekg\ceQeekg\chrome.exe (The ceQeekg Authors)
    Shortcut: C:\Users\Mateusz\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Google Chrome.lnk -> C:\Program Files (x86)\ceQeekg\ceQeekg\chrome.exe (The ceQeekg Authors)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\ceQeekg\ceQeekg\chrome.exe (The ceQeekg Authors)
    Shortcut: C:\Users\Public\Desktop\Google Chrome.lnk -> C:\Program Files (x86)\ceQeekg\ceQeekg\chrome.exe (The ceQeekg Authors)
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfemms => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Service"
    AppInit_DLLs: C:\PROGRA~2\LENOVO~1\LENOVO~1\bin\SPVC64~1.DLL => C:\Program Files (x86)\LenovoBrowserGuard\LenovoBrowserGuard\bin\SPVC64Loader.dll [206152 2014-07-22] (ClientConnect LTD)




    AppInit_DLLs: C:\PROGRA~2\Amazon\AMAZON~1\AMAZON~2.DLL => C:\Program Files (x86)\Amazon\Amazon1ButtonApp\AmazonExtIE64.dll [119616 2014-09-26] (Amazon Inc.)
    AppInit_DLLs-x32: C:\PROGRA~2\LENOVO~1\LENOVO~1\bin\SPVC32~1.DLL => C:\Program Files (x86)\LenovoBrowserGuard\LenovoBrowserGuard\bin\SPVC32Loader.dll [173896 2014-07-22] (ClientConnect LTD)
    AppInit_DLLs-x32: C:\PROGRA~2\Amazon\AMAZON~1\AMAZON~3.DLL => C:\Program Files (x86)\Amazon\Amazon1ButtonApp\AmazonExtIE.dll [106304 2014-09-26] (Amazon Inc.)
    GroupPolicy: Ograniczenia - Chrome <======= UWAGA
    Tcpip\..\Interfaces\{FFAD6463-EB7A-4BD9-8FFD-AFB86D69F14E}: [DhcpNameServer] 150.206.1.3
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yoursites123.com/?type=hp&ts=1...p;uid=TOSHIBAXMQ01ABF032_74O2C4C6TXX74O2C4C6T
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yoursites123.com/?type=hp&ts=1...p;uid=TOSHIBAXMQ01ABF032_74O2C4C6TXX74O2C4C6T
    HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.istartpageing.com/web/?type=ds&...oshibaxmq01abf032_74o2c4c6txx74o2c4c6t&q={searchTerms}
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.istartpageing.com/web/?type=ds&...oshibaxmq01abf032_74o2c4c6txx74o2c4c6t&q={searchTerms}
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.yoursites123.com/?type=hp&ts=1...p;uid=TOSHIBAXMQ01ABF032_74O2C4C6TXX74O2C4C6T
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.yoursites123.com/?type=hp&ts=1...p;uid=TOSHIBAXMQ01ABF032_74O2C4C6TXX74O2C4C6T
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.istartpageing.com/web/?type=ds&...oshibaxmq01abf032_74o2c4c6txx74o2c4c6t&q={searchTerms}
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.istartpageing.com/web/?type=ds&...oshibaxmq01abf032_74o2c4c6txx74o2c4c6t&q={searchTerms}
    HKU\S-1-5-21-1961204503-2371552641-3844675044-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://yoursites123.com/web?type=ds&ts=14...OSHIBAXMQ01ABF032_74O2C4C6TXX74O2C4C6T&q={searchTerms}
    HKU\S-1-5-21-1961204503-2371552641-3844675044-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yoursites123.com/?type=hp&ts=1...p;uid=TOSHIBAXMQ01ABF032_74O2C4C6TXX74O2C4C6T
    HKU\S-1-5-21-1961204503-2371552641-3844675044-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.yoursites123.com/?type=hp&ts=1...p;uid=TOSHIBAXMQ01ABF032_74O2C4C6TXX74O2C4C6T
    HKU\S-1-5-21-1961204503-2371552641-3844675044-1001\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://yoursites123.com/web?type=ds&ts=14...OSHIBAXMQ01ABF032_74O2C4C6TXX74O2C4C6T&q={searchTerms}
    SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.istartpageing.com/web/?type=ds&...oshibaxmq01abf032_74o2c4c6txx74o2c4c6t&q={searchTerms}
    SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.istartpageing.com/web/?type=ds&...oshibaxmq01abf032_74o2c4c6txx74o2c4c6t&q={searchTerms}
    SearchScopes: HKLM-x32 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.istartpageing.com/web/?type=ds&...oshibaxmq01abf032_74o2c4c6txx74o2c4c6t&q={searchTerms}
    SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.istartpageing.com/web/?type=ds&...oshibaxmq01abf032_74o2c4c6txx74o2c4c6t&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-1961204503-2371552641-3844675044-1001 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://yoursites123.com/web?type=ds&ts=14...OSHIBAXMQ01ABF032_74O2C4C6TXX74O2C4C6T&q={searchTerms}
    CHR HomePage: Default -> hxxp://www.istartpageing.com/?type=hp&ts=...p;uid=toshibaxmq01abf032_74o2c4c6txx74o2c4c6t
    CHR StartupUrls: Default -> "hxxp://www.istartpageing.com/?type=hp&ts=1448722320&z=2612062bc54fbe3c936515dg7z1z8b8mfo5o3c4o8e&from=cor&uid=toshibaxmq01abf032_74o2c4c6txx74o2c4c6t"
    CHR DefaultSearchURL: Default -> hxxp://yoursites123.com/web?type=ds&ts=14...OSHIBAXMQ01ABF032_74O2C4C6TXX74O2C4C6T&q={searchTerms}
    CHR DefaultSearchKeyword: Default -> yoursites123
    R2 ceQeekg_protect; C:\ProgramData\ceQeekg\protect\protect.exe [303000 2016-04-28] ()
    R2 IhPul; C:\Users\Mateusz\AppData\Roaming\TSv\TSvr.exe [291064 2016-03-24] (tsvr.com)
    R2 iSafeService; C:\Program Files (x86)\Elex-tech\YAC\iSafeSvc.exe [118048 2016-04-22] (Elex do Brasil Participações Ltda)
    R2 qkseeService; C:\Program Files (x86)\qksee\qkseeSvc.exe [751320 2016-04-29] (Qksee Pvt Ltd.)
    R2 WdMan; C:\ProgramData\nWdMn\WdMan.exe [294912 2016-04-30] (TFuns LIMITED) [Brak podpisu cyfrowego]
    S2 ceQeekg_update; "C:\Program Files (x86)\ceQeekg\ceQeekg\bin\ceQeekg_server.exe" [X]
    S2 VisualDiscovery; C:\Program Files (x86)\Lenovo\VisualDiscovery\VisualDiscovery.exe [X]
    R1 iSafeKrnl; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnl.sys [260856 2015-05-14] (Elex do Brasil Participações Ltda)
    S3 iSafeKrnlBoot; C:\Windows\System32\DRIVERS\iSafeKrnlBoot.sys [55056 2016-04-22] (Elex do Brasil Participações Ltda)
    R1 iSafeKrnlKit; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlKit.sys [110112 2016-04-22] (Elex do Brasil Participações Ltda)
    S1 iSafeKrnlR3; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlR3.sys [103904 2015-08-19] (Elex do Brasil Participações Ltda) [Brak podpisu cyfrowego]
    R1 iSafeNetFilter; C:\Windows\System32\DRIVERS\iSafeNetFilter.sys [52392 2015-06-30] (Elex do Brasil Participações Ltda)
    R1 wfdrvr_vw_1_10_0_28; system32\drivers\wfdrvr_vw_1_10_0_28.sys [X]
    2016-04-29 19:06 - 2016-04-29 19:06 - 00000000 ____D C:\ProgramData\ceQeekg
    2016-04-29 19:01 - 2016-04-30 14:13 - 00000000 ____D C:\Program Files (x86)\ceQeekg
    2016-04-29 19:01 - 2016-04-30 13:12 - 00014744 _____ C:\WINDOWS\System32\Tasks\ceQeekgBrowserUpdateUA
    2016-04-29 19:01 - 2016-04-30 13:12 - 00014738 _____ C:\WINDOWS\System32\Tasks\ceQeekgCheckTask
    2016-04-29 19:01 - 2016-04-30 13:12 - 00003804 _____ C:\WINDOWS\System32\Tasks\ceQeekgBrowserUpdateCore
    2016-04-29 19:01 - 2016-04-29 19:01 - 00000000 ____D C:\Users\Public\Documents\ceQeekg
    2016-04-29 19:01 - 2016-04-29 19:01 - 00000000 ____D C:\Users\Mateusz\AppData\Roaming\Elex-tech
    2016-04-29 19:01 - 2016-04-29 19:01 - 00000000 ____D C:\Users\Mateusz\AppData\Local\ceQeekg
    2016-04-29 19:01 - 2016-04-29 19:01 - 00000000 ____D C:\Program Files (x86)\Elex-tech
    2016-04-29 19:01 - 2016-04-22 04:38 - 00055056 _____ (Elex do Brasil Participações Ltda) C:\WINDOWS\system32\Drivers\iSafeKrnlBoot.sys
    2016-04-29 19:01 - 2015-06-30 04:50 - 00052392 _____ (Elex do Brasil Participações Ltda) C:\WINDOWS\system32\Drivers\iSafeNetFilter.sys
    2016-04-29 19:00 - 2016-04-30 23:38 - 00000000 ____D C:\Program Files (x86)\qksee
    2016-04-30 14:24 - 2015-11-28 16:53 - 00000000 ____D C:\Program Files (x86)\RayDld
    C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat
    EmptyTemp:


    Plik zapisz pod nazwą fixlist.txt i umieść obok FRST w tym samym folderze.
    Uruchom jako administrator FRST i kliknij w Fix/Napraw.
    Pobierz i uruchom jako administrator AdwCleaner https://toolslib.net/downloads/finish/1/ Kliknij Scan i później Cleaning.

    0