Proszę o pomoc w uwolnieniu się od wyskakujących reklam GreatDeals. Upierdliwe są!
W panelu sterowania odinstaluj:
Mimo 2 prób nie mogłem odinstalować YAC-a. Zatrzymywał się na 30% bez dalszej reakcji.
To raport z AdwCleanera
http://www.wklej.org/id/1914021/
FRST
http://www.wklej.org/id/1914022/
Addition
http://www.wklej.org/id/1914026/
Jeżeli nie masz aktualnej licencji na stary Norton to odinstaluj ten program.
CloseProcesses:
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yoursites123.com/?type=hpts=1451309595z=17ed73b342c3b85c870bd97g5z8zat3q3z4w1q4wfzfrom=wpm12253uid=ST500LM012XHN-M500MBB_S2RSJ9CC525314
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yoursites123.com/?type=hpts=1451309595z=17ed73b342c3b85c870bd97g5z8zat3q3z4w1q4wfzfrom=wpm12253uid=ST500LM012XHN-M500MBB_S2RSJ9CC525314
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.yoursites123.com/?type=hpts=1451309595z=17ed73b342c3b85c870bd97g5z8zat3q3z4w1q4wfzfrom=wpm12253uid=ST500LM012XHN-M500MBB_S2RSJ9CC525314
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.yoursites123.com/?type=hpts=1451309595z=17ed73b342c3b85c870bd97g5z8zat3q3z4w1q4wfzfrom=wpm12253uid=ST500LM012XHN-M500MBB_S2RSJ9CC525314
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
HKU\S-1-5-21-4209209786-2917733824-1122995674-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yoursites123.com/?type=hpts=1451309595z=17ed73b342c3b85c870bd97g5z8zat3q3z4w1q4wfzfrom=wpm12253uid=ST500LM012XHN-M500MBB_S2RSJ9CC525314
HKU\S-1-5-21-4209209786-2917733824-1122995674-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.yoursites123.com/?type=hpts=1451309595z=17ed73b342c3b85c870bd97g5z8zat3q3z4w1q4wfzfrom=wpm12253uid=ST500LM012XHN-M500MBB_S2RSJ9CC525314
SearchScopes: HKLM - DefaultScope {425ED333-6083-428a-92C9-0CFC28B9D1BF} URL =
SearchScopes: HKLM - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
SearchScopes: HKLM-x32 - DefaultScope - brak wartości
SearchScopes: HKLM-x32 - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
SearchScopes: HKLM-x32 - {425ED333-6083-428a-92C9-0CFC28B9D1BF} URL = hxxp://v9.com/web?type=dsts=1450698882from=zzgbkk123uid=st500lm012xhn-m500mbb_s2rsj9cc525314z=e6f71a528e430de4223bbcbgczawae2qat0b0b9m0zq={searchTerms}
SearchScopes: HKU\S-1-5-21-4209209786-2917733824-1122995674-1001 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.sweet-page.com/web/?utm_source=butm_medium=corutm_campaign=install_ieutm_content=dsfrom=coruid=ST500LM012XHN-M500MBB_S2RSJ9CC525314ts=1436102336type=defaultq={searchTerms}
SearchScopes: HKU\S-1-5-21-4209209786-2917733824-1122995674-1001 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.sweet-page.com/web/?utm_source=butm_medium=corutm_campaign=install_ieutm_content=dsfrom=coruid=ST500LM012XHN-M500MBB_S2RSJ9CC525314ts=1436102336type=defaultq={searchTerms}
SearchScopes: HKU\S-1-5-21-4209209786-2917733824-1122995674-1001 - {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = hxxp://www.sweet-page.com/web/?utm_source=butm_medium=corutm_campaign=install_ieutm_content=dsfrom=coruid=ST500LM012XHN-M500MBB_S2RSJ9CC525314ts=1436102336type=defaultq={searchTerms}
SearchScopes: HKU\S-1-5-21-4209209786-2917733824-1122995674-1001 - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
SearchScopes: HKU\S-1-5-21-4209209786-2917733824-1122995674-1001 - {425ED333-6083-428a-92C9-0CFC28B9D1BF} URL = hxxp://v9.com/web?type=dsts=1450698882from=zzgbkk123uid=st500lm012xhn-m500mbb_s2rsj9cc525314z=e6f71a528e430de4223bbcbgczawae2qat0b0b9m0zq={searchTerms}
SearchScopes: HKU\S-1-5-21-4209209786-2917733824-1122995674-1001 - {CB39F475-F4D6-45EF-9521-D42CD66EBEFD} URL = hxxp://www.sweet-page.com/web/?utm_source=butm_medium=corutm_campaign=install_ieutm_content=dsfrom=coruid=ST500LM012XHN-M500MBB_S2RSJ9CC525314ts=1436102336type=defaultq={searchTerms}
SearchScopes: HKU\S-1-5-21-4209209786-2917733824-1122995674-1001 - {E733165D-CBCF-4FDA-883E-ADEF965B476C} URL = hxxp://www.sweet-page.com/web/?utm_source=butm_medium=corutm_campaign=install_ieutm_content=dsfrom=coruid=ST500LM012XHN-M500MBB_S2RSJ9CC525314ts=1436102336type=defaultq={searchTerms}
FF NewTab: hxxp://www.yoursites123.com/newtab/?type=ntts=1451309595z=17ed73b342c3b85c870bd97g5z8zat3q3z4w1q4wfzfrom=wpm12253uid=ST500LM012XHN-M500MBB_S2RSJ9CC525314
FF DefaultSearchEngine: yoursites123
FF SelectedSearchEngine: yoursites123
FF SearchPlugin: C:\Users\Henio\AppData\Roaming\Mozilla\Firefox\Profiles\9ui49iub.default\searchplugins\ask-search.xml [2014-01-13]
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\delta-homes.xml [2015-09-25]
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\omniboxes.xml [2015-11-25]
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\sweet-page.xml [2015-07-05]
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\yoursites123.xml [2015-12-28]
FF Extension: Filter Results - C:\Users\Henio\AppData\Roaming\Mozilla\Firefox\Profiles\9ui49iub.default\Extensions\{4d150305-e1ba-4303-8ef6-29a0b276f9f5}.xpi [2015-07-05] [Brak podpisu cyfrowego]
R2 iSafeService; C:\Program Files (x86)\Elex-tech\YAC\iSafeSvc.exe [118048 2015-08-19] (Elex do Brasil Participações Ltda)
R1 iSafeKrnl; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnl.sys [260856 2015-05-14] (Elex do Brasil Participações Ltda)
R1 iSafeKrnlKit; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlKit.sys [110112 2015-08-19] (Elex do Brasil Participações Ltda)
R1 iSafeKrnlMon; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlMon.sys [52440 2015-08-19] (Elex do Brasil Participações Ltda)
R1 iSafeKrnlR3; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlR3.sys [103904 2015-08-19] (Elex do Brasil Participações Ltda)
R1 iSafeNetFilter; C:\Windows\System32\DRIVERS\iSafeNetFilter.sys [52392 2015-06-30] (Elex do Brasil Participações Ltda)
S3 ewusbnet; system32\DRIVERS\ewusbnet.sys [X]
S3 hwusbdev; system32\DRIVERS\ewusbdev.sys [X]
S3 iSafeKrnlBoot; system32\DRIVERS\iSafeKrnlBoot.sys [X]
2016-01-22 00:38 - 2016-01-22 00:38 - 00000000 ____ D C:\Users\Henio\AppData\Roaming\Elex-tech
2016-01-22 00:37 - 2015-06-30 03:50 - 00052392 _____ (Elex do Brasil Participações Ltda) C:\windows\system32\Drivers\iSafeNetFilter.sys
2016-01-21 22:16 - 2016-01-22 00:24 - 00000000 ____ D C:\AdwCleaner
2016-01-21 21:06 - 2016-01-21 21:06 - 00943731 _____ (Installer lite ) C:\Users\Henio\Downloads\Tryb-Windows-XP-17612-dp (1).exe
2016-01-21 21:05 - 2016-01-21 21:06 - 00943731 _____ (Installer lite ) C:\Users\Henio\Downloads\Tryb-Windows-XP-17612-dp.exe
2015-12-28 14:33 - 2015-12-28 14:33 - 02539857 _____ C:\Program Files (x86)\SSFK.exe
2016-01-04 10:34 - 2016-01-04 10:34 - 00968952 _____ (Installer Program Software ) C:\Users\Henio\Downloads\Video-Rotator-39714-dp.exe
2016-01-01 10:45 - 2016-01-01 10:45 - 00000000 ____ D C:\Users\Henio\AppData\Local\{801FC426-91EB-4644-87E6-A627C9749427}
2015-07-07 13:44 - 2016-01-21 20:46 - 0004256 _____ () C:\Users\Henio\AppData\Local\SymbolViewLayout.xml
2012-05-11 15:33 - 2012-05-11 15:34 - 0000109 _____ () C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log
2012-05-11 15:26 - 2012-05-11 15:27 - 0000113 _____ () C:\ProgramData\{34FBC7C4-CD31-4D93-A428-0E524EAC4586}.log
2012-05-11 15:30 - 2012-05-11 15:31 - 0000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
2012-05-11 15:27 - 2012-05-11 15:30 - 0000106 _____ () C:\ProgramData\{80E158EA-7181-40FE-A701-301CE6BE64AB}.log
2012-05-11 15:31 - 2012-05-11 15:33 - 0000110 _____ () C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log
Task: {33CE8D4C-4541-4BBE-A242-2592B5C65F5F} - System32\Tasks\{A7F447C9-4C4F-45E8-B046-39E28925E135} = pcalua.exe -a "C:\Users\Henio\Desktop\DDT\ddt\Add Software-Data\vbrun60sp5.exe" -d "C:\Users\Henio\Desktop\DDT\ddt\Add Software-Data"
Task: {3A5CC00E-40B0-4A95-82ED-3EFAC7CC4158} - System32\Tasks\{C858DE95-3B33-40FA-8339-242256A10C99} = Iexplore.exe hxxp://ui.skype.com/ui/0/6.0.0.120/pl/abandoninstall?source=lightinstalleramp;page=tsMain
Task: {5426A76E-F0A9-41FB-ADBE-CD43D8D406DA} - System32\Tasks\{083B39F9-0E80-41BF-B68E-38327CADCB66} = Iexplore.exe hxxp://ui.skype.com/ui/0/6.0.0.120/sl/privacy?source=lightinstaller
Task: {6664E33C-E665-4E0D-9B24-3041F5867A34} - System32\Tasks\{B13C083E-256B-4760-8772-ADC628A9EEBE} = Iexplore.exe hxxp://ui.skype.com/ui/0/6.0.0.120/sl/eula?source=lightinstaller
Task: {90BE6640-0DA6-4E99-9543-4E9807AD6AAF} - System32\Tasks\{EB69322B-DB09-4C75-AE7A-0A8D2512BF24} = Iexplore.exe hxxp://www.skype.com/go/downloading?source=lightinstalleramp;ver=6.0.0.120amp;LastError=12002
Task: {B5D7F45B-E8DE-4BE7-8064-04899D9D112C} - System32\Tasks\{4BFE19BF-4608-431A-8978-26EDE7F5A869} = Iexplore.exe hxxp://ui.skype.com/ui/0/6.0.0.120/sl/privacy?source=lightinstaller
Task: {F37191C1-D2A8-4099-9374-F1660EE6165A} - System32\Tasks\HenioElmsSeminaryV2 = Rundll32.exe IdeatedLanguid.dll,main 7 1 ==== UWAGA
Task: {F64D0603-8625-42A1-9A5D-C99899337CF7} - System32\Tasks\{EE7890EA-D9E0-45C7-842C-49A32E68F938} = Iexplore.exe hxxp://ui.skype.com/ui/0/6.0.0.120/sl/abandoninstall?source=lightinstalleramp;page=tsMain
EmptyTemp:
Uruchom FRST i kliknij Napraw (Fix). Pokaż raport z usuwania Fixlog.
Nortol odleciał pomyślnie.
Fixlog
http://www.wklej.org/id/1914259/
FRST
http://www.wklej.org/id/1914264/
ADD…
http://www.wklej.org/id/1914266/
Korzystałem z internetu i na razie nic nie wyskoczyło…
Niestety wyskoczyło…Jallywallet teraz…dodatkowo otwierają się nowe okna w przegladarce…
Wklej do systemowego notatnika i zapisz jako plik tekstowy o nazwie fixlist :
CloseProcesses:
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yoursites123.com/?type=hpts=1451309595z=17ed73b342c3b85c870bd97g5z8zat3q3z4w1q4wfzfrom=wpm12253uid=ST500LM012XHN-M500MBB_S2RSJ9CC525314
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yoursites123.com/?type=hpts=1451309595z=17ed73b342c3b85c870bd97g5z8zat3q3z4w1q4wfzfrom=wpm12253uid=ST500LM012XHN-M500MBB_S2RSJ9CC525314
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.yoursites123.com/?type=hpts=1451309595z=17ed73b342c3b85c870bd97g5z8zat3q3z4w1q4wfzfrom=wpm12253uid=ST500LM012XHN-M500MBB_S2RSJ9CC525314
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.yoursites123.com/?type=hpts=1451309595z=17ed73b342c3b85c870bd97g5z8zat3q3z4w1q4wfzfrom=wpm12253uid=ST500LM012XHN-M500MBB_S2RSJ9CC525314
HKU\S-1-5-21-4209209786-2917733824-1122995674-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yoursites123.com/?type=hpts=1451309595z=17ed73b342c3b85c870bd97g5z8zat3q3z4w1q4wfzfrom=wpm12253uid=ST500LM012XHN-M500MBB_S2RSJ9CC525314
HKU\S-1-5-21-4209209786-2917733824-1122995674-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.yoursites123.com/?type=hpts=1451309595z=17ed73b342c3b85c870bd97g5z8zat3q3z4w1q4wfzfrom=wpm12253uid=ST500LM012XHN-M500MBB_S2RSJ9CC525314
SearchScopes: HKLM - DefaultScope {425ED333-6083-428a-92C9-0CFC28B9D1BF} URL =
SearchScopes: HKLM - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
SearchScopes: HKLM-x32 - DefaultScope - brak wartości
SearchScopes: HKLM-x32 - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
SearchScopes: HKLM-x32 - {425ED333-6083-428a-92C9-0CFC28B9D1BF} URL = hxxp://v9.com/web?type=dsts=1450698882from=zzgbkk123uid=st500lm012xhn-m500mbb_s2rsj9cc525314z=e6f71a528e430de4223bbcbgczawae2qat0b0b9m0zq={searchTerms}
SearchScopes: HKU\S-1-5-21-4209209786-2917733824-1122995674-1001 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.sweet-page.com/web/?utm_source=butm_medium=corutm_campaign=install_ieutm_content=dsfrom=coruid=ST500LM012XHN-M500MBB_S2RSJ9CC525314ts=1436102336type=defaultq={searchTerms}
SearchScopes: HKU\S-1-5-21-4209209786-2917733824-1122995674-1001 - {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = hxxp://www.sweet-page.com/web/?utm_source=butm_medium=corutm_campaign=install_ieutm_content=dsfrom=coruid=ST500LM012XHN-M500MBB_S2RSJ9CC525314ts=1436102336type=defaultq={searchTerms}
SearchScopes: HKU\S-1-5-21-4209209786-2917733824-1122995674-1001 - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
SearchScopes: HKU\S-1-5-21-4209209786-2917733824-1122995674-1001 - {425ED333-6083-428a-92C9-0CFC28B9D1BF} URL = hxxp://v9.com/web?type=dsts=1450698882from=zzgbkk123uid=st500lm012xhn-m500mbb_s2rsj9cc525314z=e6f71a528e430de4223bbcbgczawae2qat0b0b9m0zq={searchTerms}
SearchScopes: HKU\S-1-5-21-4209209786-2917733824-1122995674-1001 - {CB39F475-F4D6-45EF-9521-D42CD66EBEFD} URL = hxxp://www.sweet-page.com/web/?utm_source=butm_medium=corutm_campaign=install_ieutm_content=dsfrom=coruid=ST500LM012XHN-M500MBB_S2RSJ9CC525314ts=1436102336type=defaultq={searchTerms}
SearchScopes: HKU\S-1-5-21-4209209786-2917733824-1122995674-1001 - {E733165D-CBCF-4FDA-883E-ADEF965B476C} URL = hxxp://www.sweet-page.com/web/?utm_source=butm_medium=corutm_campaign=install_ieutm_content=dsfrom=coruid=ST500LM012XHN-M500MBB_S2RSJ9CC525314ts=1436102336type=defaultq={searchTerms}
FF NewTab: hxxp://www.yoursites123.com/newtab/?type=ntts=1451309595z=17ed73b342c3b85c870bd97g5z8zat3q3z4w1q4wfzfrom=wpm12253uid=ST500LM012XHN-M500MBB_S2RSJ9CC525314
FF DefaultSearchEngine: yoursites123
FF SelectedSearchEngine: yoursites123
R2 iSafeService; C:\Program Files (x86)\Elex-tech\YAC\iSafeSvc.exe [118048 2015-08-19] (Elex do Brasil Participações Ltda)
R1 iSafeKrnl; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnl.sys [260856 2015-05-14] (Elex do Brasil Participações Ltda)
R1 iSafeKrnlKit; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlKit.sys [110112 2015-08-19] (Elex do Brasil Participações Ltda)
R1 iSafeKrnlMon; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlMon.sys [52440 2015-08-19] (Elex do Brasil Participações Ltda)
R1 iSafeKrnlR3; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlR3.sys [103904 2015-08-19] (Elex do Brasil Participações Ltda)
R1 iSafeNetFilter; C:\Windows\System32\DRIVERS\iSafeNetFilter.sys [52392 2015-06-30] (Elex do Brasil Participações Ltda)
S3 iSafeKrnlBoot; system32\DRIVERS\iSafeKrnlBoot.sys [X]
C:\windows\system32\Drivers\iSafeNetFilter.sys
2016-01-22 08:12 - 2016-01-22 08:12 - 00000000 ____ D C:\Users\Henio\AppData\Roaming\Elex-tech
2016-01-08 07:31 - 2016-01-08 07:31 - 00000000 ____ D C:\ProgramData\lWdMl
2016-01-07 21:54 - 2016-01-07 21:54 - 00000001 _____ C:\windows\SysWOW64\pl.html
2015-12-28 14:34 - 2015-12-28 14:35 - 00000000 ____ D C:\ProgramData\cWdMc
2016-01-22 08:11 - 2012-05-11 14:18 - 00000000 ____ D C:\Program Files (x86)\Norton Internet Security
2016-01-22 08:08 - 2012-05-11 14:18 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Internet Security
2016-01-22 08:08 - 2012-05-11 14:18 - 00000000 ____ D C:\windows\system32\Drivers\NISx64
2016-01-07 12:34 - 2012-05-11 14:18 - 00000000 ____ D C:\ProgramData\Norton
EmptyTemp:
Uruchom FRST i kliknij Napraw (Fix). Pokaż raport z usuwania Fixlog.
Fixlog
http://www.wklej.org/id/1914363/
FRST
http://www.wklej.org/id/1914365/
ADD
http://www.wklej.org/id/1914366/
Wredne to wirusisko…
Nie można usunąć tego programu YAC itp.
Fixlog
http://www.wklej.org/id/1914431/
FRST
http://www.wklej.org/id/1914435/
ADD
http://www.wklej.org/id/1914437/
Skasuj folder C:\FRST
Działam po kolei…
Wychodzi na to że wszystko wróciło do normy.
Jesteś wielki, podziwiam wiedzę i zazdroszczę umiejętności.
Dziękuje bardzo, bardzo…