MPC Cleaner SafeFinder - Jak to usunąć?

Dla specjalistów Bezpieczeństwo
#1

Witam

Nie moge się pozbyć tych niechcianych aplikacji z mojego kompa. Prosiłbym o pomoc

logi z Farbar

FRST - http://www.wklej.org/id/1930680/

Addition - http://www.wklej.org/id/1930681/

 

#2

Wklej do systemowego notatnika i zapisz jako plik tekstowy o nazwie fixlist :

CloseProcesses:
AppInit_DLLs: C:\ProgramData\Santom\TechFax.dll = Brak pliku
AppInit_DLLs-x32: C:\ProgramData\Santom\Vilatip.dll = Brak pliku
AutoConfigURL: [S-1-5-21-2384551762-2452111429-486109888-1001] = hxxp://stop-block.org/wpad.dat?cb690a04ddf0652fc14c20d43689d9635765653
HKU\S-1-5-21-2384551762-2452111429-486109888-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBVRmzv2pJwNObeR_98Utx3C8ptD7y2v-XGG6C3grZrXfDL71IybB4r_iM-StOUsLOwVfzcu74-lQKZBjdfcS_QFDZyJQocalaLRAbXm4ZylNI-snN6RADwT1uru9PCqBztkl4U9wTLmZLnTG0ekFAaLpbJOI2jmBpViE9r98thZ4-d4WdTdQiYq={searchTerms}
HKU\S-1-5-21-2384551762-2452111429-486109888-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://%66%65%65%64.%73%6E%61%70%64%6F.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBVRmzv2pJwNObeR_98Utx3C8ptD7y2v-XGG6C3grZrXfDL71IybB4r_iM-StOUsLOwVfzcu74-lQKZBjdfcS_QFDZyKZofRC84vLEJ5EsXEcGWE51ERAs0aSe2zTteOnnExBBBTrPFmKihGvfmZJSLFTbzY4SMvIdvOuqcQ1aUMgNRnF-P9q84
HKU\S-1-5-21-2384551762-2452111429-486109888-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBVRmzv2pJwNObeR_98Utx3C8ptD7y2v-XGG6C3grZrXfDL71IybB4r_iM-StOUsLOwVfzcu74-lQKZBjdfcS_QFDZyJQocalaLRAbXm4ZylNI-snN6RADwT1uru9PCqBztkl4U9wTLmZLnTG0ekFAaLpbJOI2jmBpViE9r98thZ4-d4WdTdQiYq={searchTerms}
HKU\S-1-5-21-2384551762-2452111429-486109888-1001\Software\Microsoft\Internet Explorer\Main,SearchAssistant = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBVRmzv2pJwNObeR_98Utx3C8ptD7y2v-XGG6C3grZrXfDL71IybB4r_iM-StOUsLOwVfzcu74-lQKZBjdfcS_QFDZyJQocalaLRAbXm4ZylNI-snN6RADwT1uru9PCqBztkl4U9wTLmZLnTG0ekFAaLpbJOI2jmBpViE9r98thZ4-d4WdTdQiYq={searchTerms}
SearchScopes: HKLM-x32 - DefaultScope {ielnksrch} URL =
BHO-x32: Discover Treasure - {bfa55139-82af-4663-a19b-e135dac8d043} - C:\Program Files (x86)\Discover Treasure\Extensions\bfa55139-82af-4663-a19b-e135dac8d043.dll = Brak pliku
FF Extension: Discover Treasure - C:\Users\zis\AppData\Roaming\Mozilla\Firefox\Profiles\he87d81e.default\Extensions\{d749d8a6-2564-455e-820c-a49ef3a150c8}.xpi [2016-02-05] [Brak podpisu cyfrowego]
FF Extension: Sale Charger - C:\Users\zis\AppData\Roaming\Mozilla\Firefox\Profiles\he87d81e.default\Extensions\{df939561-d922-423d-8b4f-41764db11526}.xpi [2015-05-07] [Brak podpisu cyfrowego]
CHR HKU\S-1-5-21-2384551762-2452111429-486109888-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
S2 Santom; C:\ProgramData\\Santom\\Santom.exe shuz -f "C:\ProgramData\\Santom\\Santom.dat" -l -a
S3 HWiNFO32; \??\C:\Users\zis\AppData\Local\Temp\HWiNFO64A.SYS [X]
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]
R1 MPCKpt; C:\Windows\System32\DRIVERS\MPCKpt.sys [60136 2016-02-06] (DotC United Inc)
2016-02-06 11:27 - 2016-02-06 11:27 - 00001729 _____ C:\Users\Public\Desktop\MPC Cleaner.lnk
2016-02-06 11:27 - 2016-02-06 11:27 - 00000000 ____ D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MPC
2016-02-06 11:05 - 2016-02-06 11:25 - 00000000 ____ D C:\AdwCleaner
2016-02-06 10:51 - 2016-02-06 10:52 - 00000000 ____ D C:\ProgramData\ZWdMZ
2016-02-06 10:50 - 2016-02-06 11:17 - 00000000 ____ D C:\Program Files (x86)\MPC Cleaner
2016-02-06 10:50 - 2016-02-06 10:50 - 00060136 ____ N (DotC United Inc) C:\Windows\system32\Drivers\MPCKpt.sys
2016-02-06 10:45 - 2016-02-06 10:45 - 00000000 ____ D C:\ProgramData\X360CE
2016-02-06 10:41 - 2016-02-06 10:39 - 00000967 _____ C:\Windows\system32\Drivers\etc\hp.bak
2016-02-06 10:40 - 2016-02-06 10:40 - 00000000 ____ D C:\ProgramData\Santoms
2016-02-06 10:39 - 2016-02-06 11:09 - 00000000 ____ D C:\ProgramData\Santom
Task: {B42576E1-6BC7-4493-A4A0-980D24DBF566} - System32\Tasks\{170484A2-2E91-444A-91FE-20A9CD597D95} = pcalua.exe -a "C:\Program Files (x86)\Common Files\Tonit\uninstall.exe" -c -f "C:\Program Files (x86)\Common Files\Tonit\uninstall.dat" -a uninstallme 26950B43-60B7-4E5D-A248-1D4B7B44A3FE DeviceId=b27fc4f4-62b9-97ac-a9ca-e442cb83a621 BarcodeId=51129011 ChannelId=11 DistributerName=APSFSWAds
HKU\S-1-5-21-2384551762-2452111429-486109888-1001\Software\Classes\.exe:  =  ===== UWAGA
Hosts:
EmptyTemp:

Uruchom FRST i kliknij Napraw (Fix). Pokaż raport z usuwania Fixlog.

#3

Fixlog -  http://www.wklej.org/id/1930697/

FRST - http://www.wklej.org/id/1930699/

#4

Naprawę wykonaj w trybie awaryjnym.

#5

fixlog - http://www.wklej.org/id/1930704/

FRST - http://www.wklej.org/id/1930705/

#6

Jak widzisz nie można tego usunąć.

#7

No nic - Dziękuje za chęci i pomoc

#8

Jeżeli chcesz to możesz uruchomić FRST z poziomu WinRE:

#9

Pomogło przywracanie systemu do wybranego punkt :smiley: