Tarum
7 Luty 2015 18:11
#1
Przez przypadek ściągnąłęm YAC’a (Yet Another Cleaner). Z pośpiechu wszedłem tylko na jedno forum i przeczytałem tam dobre opinie na temat tego programu plus zobaczyłem jeszcze że był na stronie dobreprogramy.pl więc mu zaufałem. Oczywiście to całkowicie moja wina. No ale do rzeczy. Nie da się go usunąć moje logi:
Wklej do systemowego notatnika i zapisz jako fixlist:
CloseProcesses: (Elex do Brasil Participações Ltda) C:\Program Files (x86)\Elex-tech\YAC\iSafeTray.exe () C:\Program Files (x86)\Elex-tech\YAC\iDesk.exe HKU\S-1-5-19…\RunOnce: [isMyWinLockerReboot] => msiexec.exe /qn /x{voidguid} HKU\S-1-5-20…\RunOnce: [isMyWinLockerReboot] => msiexec.exe /qn /x{voidguid} HKU\S-1-5-21-1908413522-3202411140-1111910580-1003…\Policies\Explorer: [NoLowDiskSpaceChecks] 1 HKU\S-1-5-18…\RunOnce: [isMyWinLockerReboot] => msiexec.exe /qn /x{voidguid} ShortcutTarget: GameRanger.lnk -> C:\Users\Andrzej\AppData\Roaming\GameRanger\GameRanger\GameRanger.exe (No File) GroupPolicy: Group Policy on Chrome detected <======= ATTENTION CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION URLSearchHook: HKU\S-1-5-21-1908413522-3202411140-1111910580-1003 - (No Name) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - No File SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = SearchScopes: HKLM-x32 -> DefaultScope value is missing. SearchScopes: HKU\S-1-5-21-1908413522-3202411140-1111910580-1003 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: grEatsavere -> {0F876D28-BB93-409C-B995-3679E9B00A48} -> C:\Program Files (x86)\grEatsavere\bqCrf.x64.dll No File BHO: SNT -> {1472F5D3-8495-E8ED-73A0-01366C032941} -> C:\Program Files (x86)\SNT\vbK.x64.dll No File BHO: YTNoAAdds -> {3D5A178E-6617-6B39-523C-98C9F2B9A607} -> C:\ProgramData\YTNoAAdds\gsvgXtZ8.x64.dll No File BHO: YoutubeAdblocker -> {9D540786-35D2-15E9-B3EA-5065240E7E08} -> C:\Program Files (x86)\YoutubeAdblocker\AevgHR.x64.dll No File BHO: DissccountEXtensi -> {CB1A7F98-6D8D-8103-4A06-A06DC2CEE1DF} -> C:\ProgramData\DissccountEXtensi\8cPZXstML7.x64.dll No File Toolbar: HKLM - avast! WebRep - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File Toolbar: HKU\S-1-5-21-1908413522-3202411140-1111910580-1003 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File StartMenuInternet: IEXPLORE.EXE - iexplore.exe FF Plugin-x32: @avg.com /AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\18.3.0\npsitesafety.dll No File FF Plugin-x32: @pandonetworks.com /PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\PepperFlash\pepflashplayer.dll No File CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\ppGoogleNaClPluginChrome.dll No File CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\pdf.dll No File CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File CHR Plugin: (WildTangent Games App V2 Presence Detector) - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\6\NP_wtapp.dll No File CHR Extension: (No Name) - C:\Users\Andrzej\AppData\Local\Google\Chrome\User Data\Default\Extensions\dljoddffikkgmkdpacbmgdbbpogmahjn [2014-01-12] CHR Extension: (No Name) - C:\Users\Andrzej\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda [2014-05-29] CHR Extension: (No Name) - C:\Users\Andrzej\AppData\Local\Google\Chrome\User Data\Default\Extensions\kneopibhngmgeepafjibdhpmpigcnnnn [2014-03-06] CHR Extension: (No Name) - C:\Users\Andrzej\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiidfnjjeachcehehippnelegaebhmfk [2014-01-12] R2 iSafeService; C:\Program Files (x86)\Elex-tech\YAC\iSafeSvc.exe [120128 2015-01-26] (Elex do Brasil Participações Ltda) S2 vToolbarUpdater18.3.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.3.0\ToolbarUpdater.exe [X] R1 iSafeKrnl; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnl.sys [249000 2015-01-26] (Elex do Brasil Participações Ltda) S3 iSafeKrnlBoot; C:\Windows\System32\DRIVERS\iSafeKrnlBoot.sys [45224 2015-01-26] (Elex do Brasil Participações Ltda) R1 iSafeKrnlKit; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlKit.sys [99496 2015-01-26] (Elex do Brasil Participações Ltda) R1 iSafeKrnlMon; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlMon.sys [42152 2015-01-26] (Elex do Brasil Participações Ltda) R1 iSafeKrnlR3; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlR3.sys [93352 2015-01-26] (Elex do Brasil Participações Ltda) R1 iSafeNetFilter; C:\Windows\System32\DRIVERS\iSafeNetFilter.sys [52392 2015-01-16] (Elex do Brasil Participações Ltda) 2015-02-04 23:25 - 2015-02-04 23:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\YAC 2015-02-04 23:25 - 2015-01-26 08:39 - 00045224 _____ (Elex do Brasil Participações Ltda) C:\Windows\system32\Drivers\iSafeKrnlBoot.sys 2015-02-04 23:25 - 2015-01-16 11:32 - 00052392 _____ (Elex do Brasil Participações Ltda) C:\Windows\system32\Drivers\iSafeNetFilter.sys 2015-02-04 23:24 - 2015-02-04 23:24 - 00000000 ____D () C:\Users\Andrzej\AppData\Roaming\Elex-tech 2015-02-04 23:24 - 2015-02-04 23:24 - 00000000 ____D () C:\Program Files (x86)\Elex-tech 2015-02-01 11:33 - 2015-02-01 11:33 - 00000000 ____D () C:\Users\Tomek\AppData\Local{AA69A893-CD60-4311-8F38-C6FE974201FE} 2015-01-12 10:26 - 2015-01-12 10:26 - 00000000 ____D () C:\Users\Tomek\AppData\Local{3B8DBB9A-BE72-4C54-89F2-632396633A71} 2015-01-12 10:23 - 2015-01-12 10:23 - 00000000 ____D () C:\Users\Tomek\AppData\Local{BD59149E-06A4-468B-B18A-7497E8942B70} 2015-01-12 10:22 - 2015-01-12 10:22 - 00000000 ____D () C:\Users\Tomek\AppData\Local{45073CD9-0D09-45FF-833E-D5952F3871A4} 2015-02-07 18:23 - 2013-02-02 17:42 - 00001046 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-02-07 18:10 - 2013-02-02 17:42 - 00001042 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-01-21 21:47 - 2011-11-10 19:41 - 00740890 _____ () C:\Windows\system32\perfh015.dat 2015-01-21 21:47 - 2011-11-10 19:41 - 00156206 _____ () C:\Windows\system32\perfc015.dat C:\Users\Andrzej\AppData\Local\Temp\drm_dialogs.dll C:\Users\Andrzej\AppData\Local\Temp\drm_dyndata_7370014.dll C:\Users\Andrzej\AppData\Local\Temp\drm_dyndata_7380009.dll C:\Users\Andrzej\AppData\Local\Temp\eauninstall.exe C:\Users\Andrzej\AppData\Local\Temp\nvStInst.exe C:\Users\Andrzej\AppData\Local\Temp\Quarantine.exe C:\Users\Andrzej\AppData\Local\Temp\SkypeSetup.exe C:\Users\Andrzej\AppData\Local\Temp\The Sims 2 Kitchen & Bath Interior Design Stuff_uninst.exe C:\Users\Andrzej\AppData\Local\Temp\tu17p84.exe C:\Users\Tomek\AppData\Local\Temp\afgytdrp_138468_setup.exe C:\Users\Tomek\AppData\Local\Temp\afgytdrp_18258_setup.exe C:\Users\Tomek\AppData\Local\Temp\afgytdrp_198894_setup.exe C:\Users\Tomek\AppData\Local\Temp\afgytdrp_219231_setup.exe C:\Users\Tomek\AppData\Local\Temp\afgytdrp_247912_setup.exe C:\Users\Tomek\AppData\Local\Temp\afgytdrp_293391_setup.exe C:\Users\Tomek\AppData\Local\Temp\afgytdrp_298141_setup.exe C:\Users\Tomek\AppData\Local\Temp\afgytdrp_338406_setup.exe C:\Users\Tomek\AppData\Local\Temp\afgytdrp_394795_setup.exe C:\Users\Tomek\AppData\Local\Temp\afgytdrp_433008_setup.exe C:\Users\Tomek\AppData\Local\Temp\afgytdrp_512268_setup.exe C:\Users\Tomek\AppData\Local\Temp\afgytdrp_569640_setup.exe C:\Users\Tomek\AppData\Local\Temp\afgytdrp_651586_setup.exe C:\Users\Tomek\AppData\Local\Temp\afgytdrp_661907_setup.exe C:\Users\Tomek\AppData\Local\Temp\afgytdrp_673204_setup.exe C:\Users\Tomek\AppData\Local\Temp\afgytdrp_721792_setup.exe C:\Users\Tomek\AppData\Local\Temp\afgytdrp_867972_setup.exe C:\Users\Tomek\AppData\Local\Temp\afgytdrp_881911_setup.exe C:\Users\Tomek\AppData\Local\Temp\afgytdrp_902663_setup.exe C:\Users\Tomek\AppData\Local\Temp\afgytdrp_904563_setup.exe C:\Users\Tomek\AppData\Local\Temp\afgytdrp_995522_setup.exe C:\Users\Tomek\AppData\Local\Temp\AutoRun.exe C:\Users\Tomek\AppData\Local\Temp\AutoRunGUI.dll C:\Users\Tomek\AppData\Local\Temp\BundleSweetIMSetup.exe C:\Users\Tomek\AppData\Local\Temp\comver.dll C:\Users\Tomek\AppData\Local\Temp\Delta.exe C:\Users\Tomek\AppData\Local\Temp\DeltaTB.exe C:\Users\Tomek\AppData\Local\Temp\drm_dialogs.dll C:\Users\Tomek\AppData\Local\Temp\drm_dyndata_7290009.dll C:\Users\Tomek\AppData\Local\Temp\drm_dyndata_7330014.dll C:\Users\Tomek\AppData\Local\Temp\drm_dyndata_7340014.dll C:\Users\Tomek\AppData\Local\Temp\drm_dyndata_7370012.dll C:\Users\Tomek\AppData\Local\Temp\drm_dyndata_7370014.dll C:\Users\Tomek\AppData\Local\Temp\drm_dyndata_7390005.dll C:\Users\Tomek\AppData\Local\Temp\dufgmr4c.exe C:\Users\Tomek\AppData\Local\Temp\First15.exe C:\Users\Tomek\AppData\Local\Temp\GoogleToolbarInstaller_en.exe C:\Users\Tomek\AppData\Local\Temp\gtapi.dll C:\Users\Tomek\AppData\Local\Temp\LiveSupport_setup.exe C:\Users\Tomek\AppData\Local\Temp\Mobogenie_Setup_2.1.23_515.exe C:\Users\Tomek\AppData\Local\Temp\MybabylonTB.exe C:\Users\Tomek\AppData\Local\Temp\nvSCPAPI.dll C:\Users\Tomek\AppData\Local\Temp\nvStInst.exe C:\Users\Tomek\AppData\Local\Temp\Quarantine.exe C:\Users\Tomek\AppData\Local\Temp\SettingsManagerSetup.exe C:\Users\Tomek\AppData\Local\Temp\SkypeSetup.exe C:\Users\Tomek\AppData\Local\Temp\Softonic_PL_1-5-10_PL-Production_10_CleanRelease.exe C:\Users\Tomek\AppData\Local\Temp\sqlite-3.7.2-sqlitejdbc.dll C:\Users\Tomek\AppData\Local\Temp\swt-win32-3740.dll C:\Users\Tomek\AppData\Local\Temp\Tsu7012690F.dll C:\Users\Tomek\AppData\Local\Temp\VP6Install.exe C:\Users\Tomek\AppData\Local\Temp\VP6VFW.dll C:\Users\Tomek\AppData\Local\Temp\WSSetup.exe C:\Users\Tomek\AppData\Local\Temp_is3810.exe C:\Users\Tomek\AppData\Local\Temp_is3A94.exe C:\Users\Tomek\AppData\Local\Temp_is4B1.exe C:\Users\Tomek\AppData\Local\Temp_is5738.exe C:\Users\Tomek\AppData\Local\Temp_is8EAF.exe C:\Users\Tomek\AppData\Local\Temp_isCE09.exe C:\Users\Tomek\AppData\Local\Temp_isF847.exe YAC(Yet Another Cleaner!) (HKLM-x32…\iSafe) (Version: - ELEX DO BRASIL PARTICIPAÇÕES LTDA) <==== ATTENTION Task: {81BD7753-1959-43C2-8CE4-8C13DFEC26AB} - System32\Tasks\Adobe ARM => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-11-16] (Adobe Systems Incorporated) Task: {BE4D9A71-B05F-4E1C-AE4B-6D99E0E0CF76} - \ShopperPro No Task File <==== ATTENTION Task: {CEB534C1-63D5-47D7-88CB-A4279DCFF016} - \ShopperProUpd No Task File <==== ATTENTION 2015-02-04 23:25 - 2015-01-26 08:42 - 00703272 _____ () C:\Program Files (x86)\Elex-tech\YAC\iDesk.exe 2015-02-04 23:25 - 2015-01-26 08:33 - 00065696 _____ () C:\Program Files (x86)\Elex-tech\YAC\zlib1.dll 2015-02-04 23:25 - 2015-01-26 08:33 - 00185672 _____ () C:\Program Files (x86)\Elex-tech\YAC\libpng.dll 2015-02-04 23:25 - 2015-01-26 08:42 - 00209192 _____ () C:\Program Files (x86)\Elex-tech\YAC\iddmgr.dll EmptyTemp: Umieść obok skanera FRST. Uruchom skaner i aktywuj polecenie FIX. Po restarcie pokaż raport FIXLOG i aktualny FRST.