Elektroda.pl
Elektroda.pl
X
CControls
Proszę, dodaj wyjątek www.elektroda.pl do Adblock.
Dzięki temu, że oglądasz reklamy, wspierasz portal i użytkowników.

Mpc Cleaner kolejny laptop zainfekowany

mactros 28 Gru 2016 14:37 468 6
  • CControls
  • Pomocny post
    #2 28 Gru 2016 14:53
    Kolobos
    Spec od komputerów

    Uruchom uninstall z katalogu C:\Program Files (x86)\MPC Cleaner\ i odinstaluj MPC.

    Odinstaluj:
    Caster
    StreamOptimizer

    Fixlist.txt dla FRST:
    CloseProcesses:
    Task: {105E5D50-9ED9-4180-A382-865D15FC506F} - System32\Tasks\{555C015B-14C7-BB69-E498-4305272188B6} => C:\Users\KACPER\AppData\Roaming\{FCFCCA47-D9AE-A731-B298-80E36E4A7DDD}\synhelper.exe [2016-10-22] () <==== UWAGA
    Task: {45B5450F-7F98-40ED-8538-BA3B5F0BE19F} - System32\Tasks\Yahoo! Powered fitad => Wscript.exe "C:\ProgramData\{95E35080-1FA1-DA46-9967-44040325CFCA}\midi.txt" "687474703a2f2f7761676e672e636f6d" "433a5c50726f6772616d446174615c7b39354533353038302d314641312d444134362d393936372d3434303430333235434643417d5c636f73617365"
    Task: {700007BB-1105-4918-B6DB-8E07292B810E} - System32\Tasks\{EA41DB47-CC15-4E02-94CC-0DC99364F6D8} => pcalua.exe -a C:\Users\KACPER\AppData\Local\{FCA1CAFD-D809-A645-B591-83AD91F97F35}\uninst.exe -c -FN="C:\Users\KACPER\AppData\Roaming\{FCFCCA47-D9AE-A731-B298-80E36E4A7DDD}\synhelper.exe"-P=/Uninstall /s /noun /DelSelfDir
    Task: {E06F114D-F231-4052-8C66-673FFD548A0D} - System32\Tasks\{3EE3B619-34F8-4932-B69A-72864E9ADB77} => pcalua.exe -a E:\AutoRun.exe -d E:\
    Task: {FC6841EF-0C46-4C15-A7BB-35CA07736330} - System32\Tasks\Microsoft\Windows\PLA\LSC Memory => Rundll32.exe C:\WINDOWS\system32\pla.dll,PlaHost "LSC Memory" "$(Arg0)"
    Task: C:\WINDOWS\Tasks\Yahoo! Powered fitad.job => Wscript.exe C:\ProgramData\{95E35080-1FA1-DA46-9967-44040325CFCA}\midi.txt <==== UWAGA
    Task: C:\WINDOWS\Tasks\{555C015B-14C7-BB69-E498-4305272188B6}.job => C:\Users\KACPER\AppData\Roaming\{FCFCCA47-D9AE-A731-B298-80E36E4A7DDD}\synhelper.exe <==== UWAGA
    ShortcutWithArgument: C:\Users\KACPER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WorldofTanks\WorldofTanks.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://www.coldsearch.com/?uid=b847b00f-1295-4530-a942-941dac33e534
    ShortcutWithArgument: C:\Users\KACPER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\World of Tanks\World of Tanks.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://www.coldsearch.com/?uid=b847b00f-1295-4530-a942-941dac33e534
    ShortcutWithArgument: C:\Users\KACPER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sparta\Sparta.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://www.coldsearch.com/?uid=b847b00f-1295-4530-a942-941dac33e534
    ShortcutWithArgument: C:\Users\KACPER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AION\AION.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://www.coldsearch.com/?uid=b847b00f-1295-4530-a942-941dac33e534




    ShortcutWithArgument: C:\Users\KACPER\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\AION.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://www.coldsearch.com/?uid=b847b00f-1295-4530-a942-941dac33e534
    ShortcutWithArgument: C:\Users\KACPER\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Mail.Ru.lnk -> C:\Windows\System32\rundll32.exe (Microsoft Corporation) -> url,FileProtocolHandler "hxxp://www.mail.ru/cnt/20775012?gp=811008"
    ShortcutWithArgument: C:\Users\KACPER\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Sparta.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://www.coldsearch.com/?uid=b847b00f-1295-4530-a942-941dac33e534
    ShortcutWithArgument: C:\Users\KACPER\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\WarThunder.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://www.coldsearch.com/?uid=b847b00f-1295-4530-a942-941dac33e534
    ShortcutWithArgument: C:\Users\KACPER\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\World of Tanks.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://www.coldsearch.com/?uid=b847b00f-1295-4530-a942-941dac33e534
    ShortcutWithArgument: C:\Users\KACPER\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\WorldofTanks.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://www.coldsearch.com/?uid=b847b00f-1295-4530-a942-941dac33e534
    ShortcutWithArgument: C:\Users\KACPER\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://www.coldsearch.com/?uid=b847b00f-1295-4530-a942-941dac33e534
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://www.coldsearch.com/?uid=b847b00f-1295-4530-a942-941dac33e534
    ShortcutWithArgument: C:\Users\Public\Desktop\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://www.coldsearch.com/?uid=b847b00f-1295-4530-a942-941dac33e534
    AlternateDataStreams: C:\Users\KACPER:Heroes & Generals [38]
    Hosts:
    (DotC United Inc) C:\Program Files (x86)\MPC Cleaner\MPCProtectService.exe
    HKU\S-1-5-21-2304476585-3923327912-2502739860-1001\...\MountPoints2: {b0069553-31c3-11e3-be6e-806e6f6e6963} - "E:\Start.exe"
    HKU\S-1-5-21-2304476585-3923327912-2502739860-1001\...\MountPoints2: {c7bf065e-0649-11e6-bf58-0cd29283baac} - "F:\setup.exe"
    ShellIconOverlayIdentifiers: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\KACPER\AppData\Local\MEGAsync\ShellExtX64.dll -> Brak pliku
    ShellIconOverlayIdentifiers: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\KACPER\AppData\Local\MEGAsync\ShellExtX64.dll -> Brak pliku
    ShellIconOverlayIdentifiers: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\KACPER\AppData\Local\MEGAsync\ShellExtX64.dll -> Brak pliku
    ShellIconOverlayIdentifiers-x32: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\KACPER\AppData\Local\MEGAsync\ShellExtX32.dll -> Brak pliku
    ShellIconOverlayIdentifiers-x32: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\KACPER\AppData\Local\MEGAsync\ShellExtX32.dll -> Brak pliku
    ShellIconOverlayIdentifiers-x32: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\KACPER\AppData\Local\MEGAsync\ShellExtX32.dll -> Brak pliku
    GroupPolicy: Ograniczenia <======= UWAGA
    GroupPolicy\User: Ograniczenia <======= UWAGA
    AutoConfigURL: [S-1-5-21-2304476585-3923327912-2502739860-1001] => hxxp://no-stops.com/wpad.dat?06c25dbac04a3205f7b703517345d75621766237
    ManualProxies: 0hxxp://no-stops.com/wpad.dat?06c25dbac04a3205f7b703517345d75621766237
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://mysearch.avg.com/?cid={5F9FF2FA-2F20-484B-AFBE-599670592964}&mid=84ec1434e4a547d29dccdd9bd467535f-6977279c152a6849bff9f38e682bef1294dbbb2a&lang=pl&ds=AVG&coid=avgtbavg&cmpid=0916avz&pr=fr&d=2015-05-01 13:56:47&v=4.3.5.160&pid=wtu&sg=&sap=hp
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxps://mysearch.avg.com/?cid={5F9FF2FA-2F20-484B-AFBE-599670592964}&mid=84ec1434e4a547d29dccdd9bd467535f-6977279c152a6849bff9f38e682bef1294dbbb2a&lang=pl&ds=AVG&coid=avgtbavg&cmpid=0916avz&pr=fr&d=2015-05-01 13:56:47&v=4.3.5.160&pid=wtu&sg=&sap=hp
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxps://mysearch.avg.com/?cid={5F9FF2FA-2F20-484B-AFBE-599670592964}&mid=84ec1434e4a547d29dccdd9bd467535f-6977279c152a6849bff9f38e682bef1294dbbb2a&lang=pl&ds=AVG&coid=avgtbavg&cmpid=0916avz&pr=fr&d=2015-05-01 13:56:47&v=4.3.5.160&pid=wtu&sg=&sap=hp
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxps://mysearch.avg.com/?cid={5F9FF2FA-2F20-484B-AFBE-599670592964}&mid=84ec1434e4a547d29dccdd9bd467535f-6977279c152a6849bff9f38e682bef1294dbbb2a&lang=pl&ds=AVG&coid=avgtbavg&cmpid=0916avz&pr=fr&d=2015-05-01 13:56:47&v=4.3.5.160&pid=wtu&sg=&sap=hp
    HKU\S-1-5-21-2304476585-3923327912-2502739860-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.gazeta.pl/0,0.html?p=190
    HKU\S-1-5-21-2304476585-3923327912-2502739860-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxps://mysearch.avg.com/?cid={5F9FF2FA-2F20-484B-AFBE-599670592964}&mid=84ec1434e4a547d29dccdd9bd467535f-6977279c152a6849bff9f38e682bef1294dbbb2a&lang=pl&ds=AVG&coid=avgtbavg&cmpid=0916avz&pr=fr&d=2015-05-01 13:56:47&v=4.3.5.160&pid=wtu&sg=&sap=hp
    SearchScopes: HKLM -> DefaultScope {95B7759C-8C7F-4BF1-B163-73684A933233} URL =
    SearchScopes: HKLM -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = hxxps://de.search.yahoo.com/yhs/search?hspart...6_26%26os_ver%3D6.2%26os%3DWindows%2B8&p={searchTerms}
    SearchScopes: HKLM -> {f7bb050c-e116-44da-89c2-6f2b68c54836} URL = hxxps://de.search.yahoo.com/yhs/search?hspart...6_26%26os_ver%3D6.2%26os%3DWindows%2B8&p={searchTerms}
    SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKLM-x32 -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = hxxps://de.search.yahoo.com/yhs/search?hspart...6_26%26os_ver%3D6.2%26os%3DWindows%2B8&p={searchTerms}
    SearchScopes: HKLM-x32 -> {f7bb050c-e116-44da-89c2-6f2b68c54836} URL = hxxps://de.search.yahoo.com/yhs/search?hspart...6_26%26os_ver%3D6.2%26os%3DWindows%2B8&p={searchTerms}
    SearchScopes: HKU\.DEFAULT -> DefaultScope {23DDC29C-5937-49F1-A10D-3952688EFE00} URL =
    SearchScopes: HKU\S-1-5-21-2304476585-3923327912-2502739860-1001 -> DefaultScope {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://de.search.yahoo.com/yhs/search?hspart...6_26%26os_ver%3D6.2%26os%3DWindows%2B8&p={searchTerms}
    SearchScopes: HKU\S-1-5-21-2304476585-3923327912-2502739860-1001 -> {23DDC29C-5937-49F1-A10D-3952688EFE00} URL = hxxps://de.search.yahoo.com/yhs/search?hspart...6_26%26os_ver%3D6.2%26os%3DWindows%2B8&p={searchTerms}
    SearchScopes: HKU\S-1-5-21-2304476585-3923327912-2502739860-1001 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://de.search.yahoo.com/yhs/search?hspart...6_26%26os_ver%3D6.2%26os%3DWindows%2B8&p={searchTerms}
    SearchScopes: HKU\S-1-5-21-2304476585-3923327912-2502739860-1001 -> {C0C3A6C6-03BC-4195-8FCB-AEA091301353} URL = hxxps://de.search.yahoo.com/yhs/search?hspart...__1_0__ya__ch_WCYID10118__161228__yaie&p={searchTerms}
    SearchScopes: HKU\S-1-5-21-2304476585-3923327912-2502739860-1001 -> {d4fee3d1-1014-4db8-a824-573bf9ab51c7} URL =
    SearchScopes: HKU\S-1-5-21-2304476585-3923327912-2502739860-1001 -> {F154C596-75A9-4028-90E8-9752BD7CA05B} URL = hxxp://www.google.com/search?q={searchTerms}
    SearchScopes: HKU\S-1-5-21-2304476585-3923327912-2502739860-1001 -> {f7bb050c-e116-44da-89c2-6f2b68c54836} URL = hxxps://mysearch.avg.com/search?cid={5F9FF2FA-2F20-484B-AFBE-599670592964}&mid=84ec1434e4a547d29dccdd9bd467535f-6977279c152a6849bff9f38e682bef1294dbbb2a&lang=pl&ds=AVG&coid=avgtbavg&cmpid=0916avz&pr=fr&d=2015-05-01 13:56:47&v=4.3.5.160&pid=wtu&sg=&sap=dsp&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-2304476585-3923327912-2502739860-1001 -> {FFEBBF0A-C22C-4172-89FF-45215A135AC7} URL = hxxp://go.mail.ru/distib/ep/?q={SearchTerms}&product_id=%7BC6C73415-995E-42E3-955E-6E2CB79AA36E%7D&gp=811014
    BHO-x32: Ďîčńę@Mail.Ru -> {8E8F97CD-60B5-456F-A201-73065652D099} -> C:\Users\KACPER\AppData\Local\Mail.Ru\Sputnik\IESearchPlugin.dll [2016-09-04] (Mail.Ru)
    FF DefaultSearchEngine: Mozilla\Firefox\Profiles\jao97kpe.default -> Yahoo®
    FF SearchEngineOrder.3: Mozilla\Firefox\Profiles\jao97kpe.default -> Bing
    FF SelectedSearchEngine: Mozilla\Firefox\Profiles\jao97kpe.default -> Yahoo®
    FF SearchPlugin: C:\Users\KACPER\AppData\Roaming\Mozilla\Firefox\Profiles\jao97kpe.default\searchplugins\yahoo-lavasoft.xml [2016-12-28]
    FF Extension: (Firefox Homepage) - C:\Program Files (x86)\Mozilla Firefox\browser\features\googletestNT@mozillaonline.com [2016-09-06] [Brak podpisu cyfrowego]
    FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK => nie znaleziono
    FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\wtu-secure-search.xml [2016-09-13]
    FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\defaults\pref\101493515.js [2016-12-09] <==== UWAGA (Linkuje do pliku *.cfg)
    FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\browser\defaults\preferences\firefox.js [2016-11-04]
    FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\101493515.cfg [2016-12-09] <==== UWAGA
    CHR HKLM\...\Chrome\Extension: [kofkpgiaknijknhajbhnghkodiccblkg] - <Brak Path/update_url>
    CHR HKU\S-1-5-21-2304476585-3923327912-2502739860-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [kofkpgiaknijknhajbhnghkodiccblkg] - <Brak Path/update_url>
    CHR HKLM-x32\...\Chrome\Extension: [bbiilhoacmmppcmcogfmaailncbelbgn] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [kofkpgiaknijknhajbhnghkodiccblkg] - <Brak Path/update_url>
    CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx
    R2 FastCompress; C:\Program Files (x86)\FastCompress-Zip\Fast_Support.exe [534720 2016-07-15] (Adlegend Media) <==== UWAGA
    S3 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2945312 2016-03-10] (IObit)
    R2 MPCProtectService; C:\Program Files (x86)\MPC Cleaner\MPCProtectService.exe [355808 2016-08-31] (DotC United Inc) <==== UWAGA
    R1 MPCKpt; C:\WINDOWS\System32\DRIVERS\MPCKpt.sys [60136 2016-08-31] (DotC United Inc) <==== UWAGA
    S3 cpuz137; \??\C:\Users\KACPER\AppData\Local\Temp\cpuz137\cpuz137_x64.sys [X]
    S1 dtsoftbus01; \SystemRoot\System32\drivers\dtsoftbus01.sys [X]
    S3 xhunter1; \??\C:\WINDOWS\xhunter1.sys [X]
    2016-12-28 13:07 - 2016-12-28 13:07 - 00001811 _____ C:\Users\Public\Desktop\MPC Desktop.lnk
    2016-12-28 13:07 - 2016-12-28 13:07 - 00001802 _____ C:\Users\Public\Desktop\MPC AdCleaner.lnk
    2016-12-28 13:07 - 2016-12-28 13:07 - 00001754 _____ C:\Users\Public\Desktop\MPC Cleaner.lnk
    2016-12-28 13:07 - 2016-12-28 13:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MPC
    2016-12-28 15:12 - 2016-06-29 19:12 - 00001000 _____ C:\WINDOWS\Tasks\Yahoo! Powered fitad.job
    2016-12-28 15:12 - 2016-06-29 19:12 - 00000360 _____ C:\WINDOWS\Tasks\{555C015B-14C7-BB69-E498-4305272188B6}.job
    2016-12-28 13:32 - 2016-09-04 11:02 - 00000000 ____D C:\Program Files (x86)\DPower
    2016-12-28 13:31 - 2016-09-04 11:01 - 00000000 ____D C:\Program Files (x86)\FastCompress-Zip
    2016-12-28 13:25 - 2016-10-14 13:23 - 00000000 ____D C:\Users\KACPER\AppData\Roaming\Software Informer
    2016-12-28 13:22 - 2016-11-04 21:35 - 00000000 ____D C:\Program Files (x86)\OtherSearch
    2016-12-28 11:12 - 2016-06-29 19:12 - 00000000 ____D C:\ProgramData\{95E35080-1FA1-DA46-9967-44040325CFCA}
    2016-12-28 11:12 - 2016-06-29 19:12 - 00000000 ____D C:\Program Files (x86)\WinZip Registry Optimizer
    2016-12-28 11:12 - 2016-06-24 12:19 - 00000000 ____D C:\Users\KACPER\AppData\Roaming\Nico Mak Computing
    2016-11-28 14:34 - 2016-11-27 20:17 - 00000000 ____D C:\Users\KACPER\AppData\Roaming\Dironoro
    2016-11-04 21:38 - 2016-11-04 21:38 - 7299584 _____ () C:\Users\KACPER\AppData\Roaming\agent.dat
    2016-11-04 21:38 - 2016-11-04 21:38 - 0070704 _____ () C:\Users\KACPER\AppData\Roaming\Config.xml
    2016-11-04 21:38 - 2016-11-04 21:38 - 0190394 _____ () C:\Users\KACPER\AppData\Roaming\Geo-Dex.bin
    2016-11-04 21:36 - 2016-11-04 21:37 - 0019104 _____ () C:\Users\KACPER\AppData\Roaming\InstallationConfiguration.xml
    2016-11-04 21:36 - 2016-11-04 21:36 - 0140288 _____ () C:\Users\KACPER\AppData\Roaming\Installer.dat
    2016-07-13 12:54 - 2016-08-29 14:32 - 0000097 _____ () C:\Users\KACPER\AppData\Roaming\LauncherSettings_live.cfg
    2016-11-04 21:38 - 2016-11-04 21:38 - 0018432 _____ () C:\Users\KACPER\AppData\Roaming\Main.dat
    2016-11-04 21:38 - 2016-11-04 21:38 - 0005568 _____ () C:\Users\KACPER\AppData\Roaming\md.xml
    2016-11-04 21:38 - 2016-11-04 21:38 - 0126464 _____ () C:\Users\KACPER\AppData\Roaming\noah.dat
    2016-07-13 12:40 - 2016-07-13 12:41 - 0000039 _____ () C:\Users\KACPER\AppData\Roaming\TheHunterSettings_steam_live.cfg
    2016-11-04 21:38 - 2016-11-04 21:35 - 0692736 _____ () C:\Users\KACPER\AppData\Roaming\Voyadox.exe
    2016-11-04 21:38 - 2016-11-04 21:38 - 1904823 _____ () C:\Users\KACPER\AppData\Roaming\Voyadox.tst
    2016-06-24 13:21 - 2016-12-25 18:10 - 0000305 _____ () C:\Users\KACPER\AppData\Roaming\WB.CFG
    2016-09-04 11:03 - 2016-09-04 11:03 - 0002560 _____ () C:\Users\KACPER\AppData\Local\uninstallssl.exe
    2016-09-02 17:18 - 2016-09-02 17:18 - 0000016 _____ () C:\ProgramData\mntemp
    EmptyTemp:


    Uzyj AdwCleaner, opcja Scan i Clean/Szukaj i Usun: http://www.bleepingcomputer.com/download/adwcleaner/

    Zrob pelny skan przy pomocy Mbam i usun to co wykryje:
    http://www.bleepingcomputer.com/download/malwarebytes-anti-malware/

    Po wykonaniu zamiesc nowe logi z FRST, ze skanowania.

    0
  • CControls
  • Pomocny post
    #4 28 Gru 2016 18:08
    Kolobos
    Spec od komputerów

    Nie wykonales w ogole podanego Fixlist! Z jakiego powodu?

    Mpc tez nie odinstalowales tak jak napisalem.

    Dlaczego uzyles combofix? Nie rob tego wiecej.

    Uruchom uninstall z katalogu C:\Program Files (x86)\MPC Cleaner\ i odinstaluj MPC.

    Wykonaj Fixlist:
    (DotC United Inc) C:\Program Files (x86)\MPC Cleaner\MPCProtectService.exe
    HKU\S-1-5-21-2304476585-3923327912-2502739860-1001\...\Run: [WarThunderLauncher] => C:\WarThunder\launcher.exe [5972016 2016-12-14] (Gaijin Entertainment)
    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Ograniczenia <======= UWAGA
    HKU\S-1-5-21-2304476585-3923327912-2502739860-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Ograniczenia <======= UWAGA
    FF DefaultSearchEngine: Mozilla\Firefox\Profiles\jao97kpe.default -> Yahoo®
    FF SearchEngineOrder.3: Mozilla\Firefox\Profiles\jao97kpe.default -> Bing
    FF SelectedSearchEngine: Mozilla\Firefox\Profiles\jao97kpe.default -> Yahoo®
    FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK => nie znaleziono
    FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\defaults\pref\101493515.js [2016-12-09] <==== UWAGA (Linkuje do pliku *.cfg)
    FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\browser\defaults\preferences\firefox.js [2016-11-04]
    FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\101493515.cfg [2016-12-09] <==== UWAGA
    CHR HKLM-x32\...\Chrome\Extension: [bbiilhoacmmppcmcogfmaailncbelbgn] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx
    R2 MPCProtectService; C:\Program Files (x86)\MPC Cleaner\MPCProtectService.exe [355808 2016-08-31] (DotC United Inc) <==== UWAGA
    R1 MPCKpt; C:\WINDOWS\System32\DRIVERS\MPCKpt.sys [60136 2016-08-31] (DotC United Inc) <==== UWAGA
    S3 catchme; \??\C:\ComboFix\catchme.sys [X]
    S3 cpuz137; \??\C:\Users\KACPER\AppData\Local\Temp\cpuz137\cpuz137_x64.sys [X]
    S1 dtsoftbus01; \SystemRoot\System32\drivers\dtsoftbus01.sys [X]
    S3 xhunter1; \??\C:\WINDOWS\xhunter1.sys [X]
    2016-12-28 18:40 - 2016-12-28 18:40 - 00001811 _____ C:\Users\Public\Desktop\MPC Desktop.lnk
    2016-12-28 18:40 - 2016-12-28 18:40 - 00001754 _____ C:\Users\Public\Desktop\MPC Cleaner.lnk
    2016-12-28 18:40 - 2016-12-28 18:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MPC Desktop
    2016-12-28 18:40 - 2016-12-28 18:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MPC
    2016-12-28 17:18 - 2016-12-28 17:18 - 00019895 _____ C:\ComboFix.txt
    2016-12-28 16:50 - 2016-12-28 17:19 - 00000000 ____D C:\Qoobox
    2016-12-28 16:50 - 2011-06-26 08:45 - 00256000 _____ C:\WINDOWS\PEV.exe
    2016-12-28 16:50 - 2010-11-07 19:20 - 00208896 _____ C:\WINDOWS\MBR.exe
    2016-12-28 16:50 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\WINDOWS\NIRCMD.exe
    2016-12-28 16:50 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\WINDOWS\SWREG.exe
    2016-12-28 16:50 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\WINDOWS\SWSC.exe
    2016-12-28 16:50 - 2000-08-31 02:00 - 00212480 _____ (SteelWerX) C:\WINDOWS\SWXCACLS.exe
    2016-12-28 16:50 - 2000-08-31 02:00 - 00098816 _____ C:\WINDOWS\sed.exe
    2016-12-28 16:50 - 2000-08-31 02:00 - 00080412 _____ C:\WINDOWS\grep.exe
    2016-12-28 16:50 - 2000-08-31 02:00 - 00068096 _____ C:\WINDOWS\zip.exe
    2016-12-28 16:45 - 2016-12-28 16:45 - 05659917 ____R (Swearware) C:\Users\KACPER\Desktop\ComboFix.exe
    2016-12-28 18:38 - 2016-03-04 14:42 - 00000000 ____D C:\AdwCleaner
    2016-12-28 11:12 - 2016-06-29 19:12 - 00000000 ____D C:\ProgramData\{95E35080-1FA1-DA46-9967-44040325CFCA}
    2016-12-28 11:12 - 2016-06-24 12:19 - 00000000 ____D C:\Users\KACPER\AppData\Roaming\Nico Mak Computing
    2016-11-28 14:34 - 2016-11-27 20:17 - 00000000 ____D C:\Users\KACPER\AppData\Roaming\Dironoro
    2016-11-04 21:38 - 2016-11-04 21:38 - 7299584 _____ () C:\Users\KACPER\AppData\Roaming\agent.dat
    2016-11-04 21:38 - 2016-11-04 21:38 - 0070704 _____ () C:\Users\KACPER\AppData\Roaming\Config.xml
    2016-11-04 21:36 - 2016-11-04 21:37 - 0019104 _____ () C:\Users\KACPER\AppData\Roaming\InstallationConfiguration.xml
    2016-11-04 21:36 - 2016-11-04 21:36 - 0140288 _____ () C:\Users\KACPER\AppData\Roaming\Installer.dat
    2016-07-13 12:54 - 2016-08-29 14:32 - 0000097 _____ () C:\Users\KACPER\AppData\Roaming\LauncherSettings_live.cfg
    2016-11-04 21:38 - 2016-11-04 21:38 - 0018432 _____ () C:\Users\KACPER\AppData\Roaming\Main.dat
    2016-11-04 21:38 - 2016-11-04 21:38 - 0005568 _____ () C:\Users\KACPER\AppData\Roaming\md.xml
    2016-11-04 21:38 - 2016-11-04 21:38 - 0126464 _____ () C:\Users\KACPER\AppData\Roaming\noah.dat
    2016-07-13 12:40 - 2016-07-13 12:41 - 0000039 _____ () C:\Users\KACPER\AppData\Roaming\TheHunterSettings_steam_live.cfg
    2016-11-04 21:38 - 2016-11-04 21:38 - 1904823 _____ () C:\Users\KACPER\AppData\Roaming\Voyadox.tst
    2016-09-02 17:18 - 2016-09-02 17:18 - 0000016 _____ () C:\ProgramData\mntemp

    Jezeli mpc sie nie usunie to wykonaj fixlist z poziomu WinRe tak jak poprzednio.
    Nastepnie w trybie normalnym i zamiesc nowe logi ze skanowania.

    0
  • #5 28 Gru 2016 18:23
    mactros
    Poziom 9  

    FRST64 się zawiesza.Niby naprawia ale to trwa 4 godziny i nic.
    Próbowałem uruchomić wiersz poleceń poprzez uruchamianie zaawansowane ale znów komputer nie odpowiada.
    W katalogu C:\Program Files (x86)\MPC Cleaner\ nie ma pliku unistall.

    0
  • Pomocny post
    #6 28 Gru 2016 18:28
    Kolobos
    Spec od komputerów

    Wykonaj po kawalku az trafisz na wpis na ktorym sie zawiesza.

    0
  • #7 30 Gru 2016 10:06
    mactros
    Poziom 9  

    W końcu to dziadostwo zniknęło :-) Znów pełny szacunek dla załogi . Wszystkiego dobrego.

    0