Problem z odinstalowaniem YAC


(Hhebe) #1

Więc, nie mogę pozbyć się Yet Another Cleaner. Mimo że już kilkakrotnie wsadzałam pliki do kwarantanny za pomocą AdwCleanera, to po restarcie nadal Adw je wykrywa. Próbowałam wyłączyć uruchamianie "osłon" przy odpaleniu komputera w CCleanerze, ale nadal przy uruchamianiu komputera się pojawiają. Nie mogę też odinstalować YAC w panelu sterowania ani CCleanerze (gdy próbuję uruchamiać "odinstaluj", to nic się nie dzieje).

FRST.txt

Addition.txt


(Acorus) #2

Otwórz notatnik systemowy i wklej:

Task: {082ED993-A014-4ADF-9C52-0C3536B1ADF2} - \77395672-6ac3-4711-ba58-61c6c5015a05-5_user No Task File ==== ATTENTION
Task: {0C1BA6C4-428A-40BA-98AC-873BAEBBAF03} - \77395672-6ac3-4711-ba58-61c6c5015a05-5 No Task File ==== ATTENTION
Task: {1941EF1F-8FE2-40D0-95D3-B5A5070AB89B} - System32\Tasks\UNELEVATE_26044 = C:\Program Files (x86)\ShopperPro\JSDriver\1.37.0.1380\jsdrv.exe ==== ATTENTION
Task: {5BF4E230-0382-48A3-8A7A-CF7540B3E269} - \77395672-6ac3-4711-ba58-61c6c5015a05-1 No Task File ==== ATTENTION
Task: {9211A7C8-27A9-435A-9D51-E52BBCFF4422} - \77395672-6ac3-4711-ba58-61c6c5015a05-11 No Task File ==== ATTENTION
Task: {B836BDC3-9AAA-429F-8705-FC9B722BD604} - \77395672-6ac3-4711-ba58-61c6c5015a05-2 No Task File ==== ATTENTION
Task: {DFA4B850-0D4B-4FC1-B343-BFD825F5EC76} - System32\Tasks\YTAUpdate = C:\PROGRA~2\YOUTUB~1\Updater.exe ==== ATTENTION
Task: C:\WINDOWS\Tasks\Launch 26110.job = C:\Program Files (x86)\YouTube Accelerator\YouTubeAccelerator.exe
HKU\S-1-5-21-2517874207-1659249511-648885325-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\RunOnce: [Adobe Speed Launcher] = 1419287941
ShellIconOverlayIdentifiers: [SugarSyncBackedUp] - {0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} = No File
ShellIconOverlayIdentifiers: [SugarSyncPending] - {62CCD8E3-9C21-41E1-B55E-1E26DFC68511} = No File
ShellIconOverlayIdentifiers: [SugarSyncRoot] - {A759AFF6-5851-457D-A540-F4ECED148351} = No File
ShellIconOverlayIdentifiers: [SugarSyncShared] - {1574C9EF-7D58-488F-B358-8B78C1538F51} =
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction ======= ATTENTION
R2 iSafeService; C:\Program Files (x86)\Elex-tech\YAC\iSafeSvc.exe [118048 2014-12-04] (Elex do Brasil Participações Ltda)
R1 iSafeKrnl; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnl.sys [249000 2014-12-04] (Elex do Brasil Participações Ltda)
R1 iSafeKrnlKit; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlKit.sys [99496 2014-12-04] (Elex do Brasil Participações Ltda)
R1 iSafeKrnlR3; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlR3.sys [65704 2014-12-04] (Elex do Brasil Participações Ltda)
R1 iSafeNetFilter; C:\Windows\System32\DRIVERS\iSafeNetFilter.sys [49320 2014-11-03] (Elex do Brasil Participações Ltda)
S3 wsvd; C:\Windows\system32\DRIVERS\wsvd.sys [102376 2012-06-13] ("CyberLink)
S3 esgiguard; \\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
S3 iSafeKrnlBoot; system32\DRIVERS\iSafeKrnlBoot.sys [X]
S2 SPDRIVER_1.37.0.1380; \\C:\Program Files (x86)\ShopperPro\JSDriver\1.37.0.1380\jsdrv.sys [X]
2014-12-22 23:08 - 2014-12-22 23:08 - 00000000 ____ D () C:\Users\Magda\AppData\Roaming\Elex-tech
2014-12-13 13:35 - 2014-12-22 21:09 - 00000000 ____ D () C:\Program Files (x86)\Elex-tech
2014-12-13 13:35 - 2014-11-03 10:04 - 00049320 _____ (Elex do Brasil Participações Ltda) C:\WINDOWS\system32\Drivers\iSafeNetFilter.sys

Plik zapisz pod nazwą fixlist.txt i umieść obok FRST w tym samym folderze.


(Hhebe) #3

Zrobione:

Fixlog.txt

FRST.txt


(Acorus) #4

Otwórz notatnik systemowy i wklej:

HKLM\...\Run: [RtHDVCpl] = C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13545032 2013-05-28] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] = C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1308232 2013-05-20] (Realtek Semiconductor)
HKLM-x32\...\Run: [Adobe ARM] = C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-11-20] (Adobe Systems Incorporated)
HKU\S-1-5-21-2517874207-1659249511-648885325-1002\...\RunOnce: [Adobe Speed Launcher] = 1419338538
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\.DEFAULT - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2517874207-1659249511-648885325-1002 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2517874207-1659249511-648885325-1002 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2517874207-1659249511-648885325-1002 - {CB6D74BB-62F1-4416-A0ED-F29AAEE21CA6} URL =
FF Extension: Tumblr Savior - C:\Users\Magda\AppData\Roaming\Mozilla\Firefox\Profiles\5ibcmpnf.default\Extensions\jid1-W5guVoyeUR0uBg@jetpack.xpi [2014-10-11]
FF Extension: No Name - wrc@avast.com [Not Found]
S2 iSafeService; C:\Program Files (x86)\Elex-tech\YAC\iSafeSvc.exe [X]
R1 iSafeKrnl; \\C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnl.sys [X]
S3 iSafeKrnlBoot; system32\DRIVERS\iSafeKrnlBoot.sys [X]
R1 iSafeKrnlKit; \\C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlKit.sys [X]
R1 iSafeKrnlR3; \\C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlR3.sys [X]
S1 iSafeNetFilter; system32\DRIVERS\iSafeNetFilter.sys [X]
2014-12-17 19:13 - 2014-12-22 23:48 - 00000000 ____ D () C:\AdwCleaner
2014-12-17 19:09 - 2014-12-22 21:08 - 00000000 ___SD () C:\ComboFix
2014-12-17 19:07 - 2014-12-17 19:09 - 00000000 ____ D () C:\Qoobox
EmptyTemp:

Plik zapisz pod nazwą fixlist.txt i umieść obok FRST w tym samym folderze.


(Hhebe) #5

Logi po drugiej naprawie:

 

Fixlog.txt

FRST.txt


(Acorus) #6

Jak wszystko gra to skasuj folder C:\FRST


(Hhebe) #7

Co prawda zostały mi jakieś “resztki” po YAC, ale wyczyściłam rejestr CCleanerem i zniknęły. Wielkie dzięki za pomoc :wink: