Elektroda.pl
Elektroda.pl
X
Proszę, dodaj wyjątek www.elektroda.pl do Adblock.
Dzięki temu, że oglądasz reklamy, wspierasz portal i użytkowników.

Proszę o sprawdzenie logów FRST

Tom2666 22 Paź 2016 13:59 636 5
  • #1 22 Paź 2016 13:59
    Tom2666
    Poziom 11  

    Witam , mam jakiś program YAC którego nie ma w panelu sterowania , skany Malwarebytes i ADWcleaner nie dały żadnej poprawy , wszędzie reklamy i te komunikaty YAC , w załączniku dodaję logi FRST , dziękuje

    0 5
  • #2 22 Paź 2016 14:14
    Kolobos
    Spec od komputerów

    W logach z FRST wiadac, ze jest na liscie w panelu:
    YAC(Yet Another Cleaner!) (HKLM\...\iSafe) (Version: - ELEX DO BRASIL PARTICIPAÇÕES LTDA) <==== UWAGA

    Obok frst.exe utworz plik Fixlist.txt z zawartoscia:
    CloseProcesses:
    Task: {33A37C63-C7A0-4D1E-B851-3FA1A6CAE0E2} - System32\Tasks\{3AAE2F00-630A-4474-B6E1-4F83EA03B4AA} => pcalua.exe -a "C:\Users\konrad\AppData\Local\TeamSpeak 3 Client\package_inst.exe" -d C:\Users\konrad\Downloads -c "C:\Users\konrad\Downloads\ClownfishVoiceChanger-v1.50.ts3_plugin"
    Task: {34A3AB2A-4621-4A7B-90E0-9404F1B05922} - System32\Tasks\{899AECF9-A9BF-4E9A-97D1-AD29A8E7C9B5} => pcalua.exe -a C:\Users\konrad\Downloads\camtasia.exe -d C:\Users\konrad\Downloads
    Shortcut: C:\Users\konrad\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files\Easthas\Application\chrome.exe (Google Inc.)
    Shortcut: C:\Users\konrad\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Program Files\Easthas\Application\chrome.exe (Google Inc.)
    Shortcut: C:\Users\konrad\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Google Chrome.lnk -> C:\Program Files\Easthas\Application\chrome.exe (Google Inc.)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files\Easthas\Application\chrome.exe (Google Inc.)
    Shortcut: C:\Users\Public\Desktop\Google Chrome.lnk -> C:\Program Files\Easthas\Application\chrome.exe (Google Inc.)
    2016-10-21 18:24 - 2016-05-23 04:37 - 00065696 ____N () C:\Program Files\Elex-tech\YAC\zlib1.dll
    2016-10-21 18:23 - 2016-10-19 07:52 - 00438784 _____ () C:\ProgramData\UvConverter\UvConverter.exe
    2016-10-21 18:24 - 2016-05-23 04:37 - 00179200 ____N () C:\Program Files\Elex-tech\YAC\libpng.dll
    2016-10-21 18:18 - 2016-10-12 07:43 - 01819240 _____ () C:\Program Files\Easthas\Application\libglesv2.dll
    2016-10-21 18:18 - 2016-10-12 07:43 - 00093288 _____ () C:\Program Files\Easthas\Application\libegl.dll
    (Elex do Brasil Participações Ltda) C:\Program Files\Elex-tech\YAC\iSafeSvc.exe
    (Elex do Brasil Participações Ltda) C:\Program Files\Elex-tech\YAC\iSafeSvc2.exe
    () C:\ProgramData\UvConverter\UvConverter.exe
    (Elex do Brasil Participações Ltda) C:\Program Files\Elex-tech\YAC\iSafeTray.exe
    C:\Program Files\Easthas\
    C:\Program Files\Elex-tech\
    C:\ProgramData\UvConverter\
    HKU\S-1-5-21-541897061-1910081576-3408451107-1000\...\MountPoints2: {246968c6-4b85-11e6-9167-002454286d8e} - F:\HiSuiteDownLoader.exe
    HKU\S-1-5-21-541897061-1910081576-3408451107-1000\...\MountPoints2: {2672fd9e-6053-11e6-8853-002454286d8e} - E:\HiSuiteDownLoader.exe
    HKU\S-1-5-21-541897061-1910081576-3408451107-1000\...\MountPoints2: {73bbb0d9-1841-11e6-8b9b-002454286d8e} - E:\LaunchU3.exe -a
    HKU\S-1-5-21-541897061-1910081576-3408451107-1000\...\MountPoints2: {a6bbc70a-1bea-11e6-be21-002454286d8e} - E:\LGAutoRun.exe




    CHR HomePage: Default -> hxxp://www.mylucky123.com/?type=hp&ts=147...mp;uid=TOSHIBAXMK2555GSX_304CP3A4TXX304CP3A4T
    CHR StartupUrls: Default -> "hxxps://www.google.pl/"
    R2 iSafeService; C:\Program Files\Elex-tech\YAC\iSafeSvc.exe [131024 2016-08-19] (Elex do Brasil Participações Ltda)
    R2 UvConverter; C:\ProgramData\UvConverter\UvConverter.exe [438784 2016-10-19] () [Brak podpisu cyfrowego]
    R1 iSafeKrnl; C:\Program Files\Elex-tech\YAC\iSafeKrnl.sys [227776 2016-05-23] (Elex do Brasil Participações Ltda)
    R1 iSafeKrnlKit; C:\Program Files\Elex-tech\YAC\iSafeKrnlKit.sys [97912 2016-05-23] (Elex do Brasil Participações Ltda)
    R1 iSafeKrnlMon; C:\Program Files\Elex-tech\YAC\iSafeKrnlMon.sys [45032 2016-05-23] (Elex do Brasil Participações Ltda)
    R1 iSafeKrnlR3; C:\Program Files\Elex-tech\YAC\iSafeKrnlR3.sys [73232 2016-05-23] (Elex do Brasil Participações Ltda)
    R1 iSafeNetFilter; C:\Windows\System32\DRIVERS\iSafeNetFilter.sys [59152 2016-05-19] (Elex do Brasil Participações Ltda)
    S3 iSafeKrnlBoot; system32\DRIVERS\iSafeKrnlBoot.sys [X]
    S3 VGPU; System32\drivers\rdvgkmd.sys [X]
    2016-10-21 19:06 - 2016-10-21 19:07 - 00000000 ____D C:\Windows\AF33D0D226274AC88473FDBB7892129C.TMP
    2016-10-21 18:36 - 2016-05-19 08:42 - 00059152 _____ (Elex do Brasil Participações Ltda) C:\Windows\system32\Drivers\iSafeNetFilter.sys
    2016-10-21 18:24 - 2016-10-21 18:24 - 00000000 ____D C:\Users\konrad\AppData\Roaming\Elex-tech
    2016-10-21 18:24 - 2016-10-21 18:24 - 00000000 ____D C:\Program Files\Elex-tech
    2016-10-21 18:23 - 2016-10-21 18:23 - 00000000 ____D C:\ProgramData\UvConverter
    2016-10-21 18:22 - 2016-10-21 18:22 - 00000000 ____D C:\ProgramData\fibei
    2016-10-21 18:22 - 2016-10-21 18:22 - 00000000 ____D C:\ProgramData\BaofengUpdate_U
    2016-10-21 18:22 - 2016-10-21 18:22 - 00000000 _____ C:\Users\Public\Documents\report.dat
    2016-10-21 18:20 - 2016-10-21 18:20 - 00000000 ____D C:\Users\konrad\AppData\Local\Easthas
    2016-10-21 18:18 - 2016-10-21 18:22 - 00000000 ____D C:\ProgramData\chuvc
    2016-10-21 18:18 - 2016-10-21 18:18 - 00000000 ____D C:\Program Files\Easthas
    2016-10-21 18:18 - 2016-10-21 18:18 - 00000000 _____ C:\Users\Public\Documents\temp.dat
    2016-10-01 09:40 - 2016-07-26 19:07 - 00000000 ____D C:\Users\konrad\AppData\Roaming\mcnbs
    EmptyTemp:

    W FRST wybierz Napraw.

    Utworz nowe skroty do Chrome na pasku start i w menu.

    Po wykonaniu zamiesc nowe logi z FRST.

    0
  • Pomocny post
    #4 24 Paź 2016 17:17
    Acorus 20
    Spec od komputerów

    Wykonaj w trybie awaryjnym http://support.eset.pl/kb2268/?viewlocale=pl_PL
    Otwórz notatnik systemowy i wklej:

    Cytat:
    CloseProcesses:
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
    HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
    HKU\S-1-5-21-541897061-1910081576-3408451107-1000\Software\Microsoft\Internet Explorer\Main,Start Page =
    CHR HomePage: Default -> hxxp://www.mylucky123.com/?type=hp&ts=1476286...12&uid=TOSHIBAXMK2555GSX_304CP3A4TXX304CP3A4T
    R2 iSafeService; C:\Program Files\Elex-tech\YAC\iSafeSvc.exe [131024 2016-08-19] (Elex do Brasil Participações Ltda)
    R1 iSafeKrnl; C:\Program Files\Elex-tech\YAC\iSafeKrnl.sys [227776 2016-05-23] (Elex do Brasil Participações Ltda)
    R1 iSafeKrnlKit; C:\Program Files\Elex-tech\YAC\iSafeKrnlKit.sys [97912 2016-05-23] (Elex do Brasil Participações Ltda)
    R1 iSafeKrnlMon; C:\Program Files\Elex-tech\YAC\iSafeKrnlMon.sys [45032 2016-05-23] (Elex do Brasil Participações Ltda)
    R1 iSafeKrnlR3; C:\Program Files\Elex-tech\YAC\iSafeKrnlR3.sys [73232 2016-05-23] (Elex do Brasil Participações Ltda)
    R1 iSafeNetFilter; C:\Windows\System32\DRIVERS\iSafeNetFilter.sys [59152 2016-05-19] (Elex do Brasil Participações Ltda)
    S3 iSafeKrnlBoot; system32\DRIVERS\iSafeKrnlBoot.sys [X]
    2016-10-23 20:52 - 2016-05-19 08:42 - 00059152 _____ (Elex do Brasil Participações Ltda) C:\Windows\system32\Drivers\iSafeNetFilter.sys
    2016-10-23 18:35 - 2016-10-23 18:35 - 00000000 ____D C:\Users\konrad\AppData\Roaming\Elex-tech
    2016-10-21 18:24 - 2016-10-21 18:24 - 00000000 ____D C:\Program Files\Elex-tech
    2016-09-24 10:17 - 2016-10-23 20:51 - 00000000 ____D C:\AdwCleaner


    Plik zapisz pod nazwą fixlist.txt i umieść obok FRST w tym samym folderze.
    Uruchom jako administrator FRST i kliknij w Fix/Napraw.

    0
  • Pomocny post
    #5 24 Paź 2016 17:20
    Kolobos
    Spec od komputerów

    Wykonaj jeszcze raz podany Fixlist, tym razem w trybie awaryjnym.

    0
  • #6 03 Lip 2017 09:53
    Tom2666
    Poziom 11  

    Dziękuję za pomoc , wszystko działa jak ma

    0