Elektroda.pl
Elektroda.pl
X
Proszę, dodaj wyjątek www.elektroda.pl do Adblock.
Dzięki temu, że oglądasz reklamy, wspierasz portal i użytkowników.

MPC Cleaner - usunięcie z Windows 7 32bit

TrempeS 18 Mar 2016 10:21 576 5
  • #1 18 Mar 2016 10:21
    TrempeS
    Poziom 11  

    Podczepię się pod wątek. Mam taki sam problem. Czy sposób usunięcia tego dziadostwa jest taki sam?

    Pozdrawiam.

    Moderowany przez RADU23:

    Posty wydzieliłem jako nowy temat.
    Nie podpinaj się proszę pod cudze wątki. Powoduje to bałagan na forum.

    0 5
  • Pomocny post
    #2 18 Mar 2016 10:34
    Kolobos
    Spec od komputerów

    Nie i nie podczepiaj sie pod inne watki.
    Tej infekcji nie usuniesz pod Windows.

    Odinstaluj: Spybot - Search & Destroy

    Uruchom FRST z poziomu WinRE o tak: http://www.fixitpc.pl/topic/4414-diagnostyka-infekcji-na-niestartuj%C4%85cych-windows/
    i wykonaj tam taki Fixlist.txt:
    Task: {0D858AEB-773B-4BDC-9808-F6BF53109354} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2014-06-27] (Safer-Networking Ltd.)
    Task: {1456EB23-2771-445F-9671-1A7D4A2BC1D4} - System32\Tasks\WinTaske => C:\Program Files (x86)\WinTaske\WinTaske\WinTaske.exe
    Task: {74359F71-37D1-4F52-A1C2-8D5EAE7CFD94} - System32\Tasks\MPC AdCleaner => C:\Program Files (x86)\MPC AdCleaner\AdCleaner.exe [2016-02-02] (DotC United Inc)
    Task: {CFE5E34C-9B86-4E13-A733-2D15A7590F06} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2014-06-24] (Safer-Networking Ltd.)
    Task: {D02BC030-68BD-4350-8C52-AFDFC5817225} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2014-06-24] (Safer-Networking Ltd.)
    (DotC United Inc) C:\Program Files (x86)\MPC Cleaner\MPCProtectService.exe
    (DotC United Inc) C:\Program Files (x86)\MPC Cleaner\MPCTray.exe
    (DotC United Inc) C:\Program Files (x86)\MPC Cleaner\MPCTray64.exe
    Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
    HKU\S-1-5-21-967907729-2219885122-3550075769-1000\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
    BootExecute: autocheck autochk * sdnclean64.exe
    Tcpip\..\Interfaces\{BAE9F684-28B2-42B6-BB60-86DA31B6500B}: [NameServer] 104.197.191.4
    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Ograniczenia <======= UWAGA
    HKU\S-1-5-21-967907729-2219885122-3550075769-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Ograniczenia <======= UWAGA
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = search.mpc.am
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = search.mpc.am
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = search.mpc.am
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = search.mpc.am
    HKU\S-1-5-21-967907729-2219885122-3550075769-1000\Software\Microsoft\Internet Explorer\Main,Start Page = search.mpc.am
    CHR HomePage: Default -> search.mpc.am
    CHR StartupUrls: Default -> "hxxp://se16n.com/mantisbt/"
    CHR HKLM-x32\...\Chrome\Extension: [fcgnigmofekcllgbiejhmigggmgehkip] - hxxps://clients2.google.com/service/update2/crx




    R2 MPCProtectService; C:\Program Files (x86)\MPC Cleaner\MPCProtectService.exe [350688 2016-03-16] (DotC United Inc)
    S2 ZAMSvc; "C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe" /service [X]
    R1 MPCKpt; C:\Windows\System32\DRIVERS\MPCKpt.sys [60136 2016-03-16] (DotC United Inc)
    S1 bsdriver; \??\C:\Windows\system32\drivers\bsdriver.sys [X]
    S1 ZAM; \??\C:\Windows\System32\drivers\zam64.sys [X]
    S1 ZAM_Guard; \??\C:\Windows\System32\drivers\zamguard64.sys [X]
    2016-03-17 15:07 - 2016-03-17 15:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MPC
    2016-03-17 10:26 - 2016-03-17 10:26 - 00000000 ____D C:\Users\Admin_HP\AppData\Roaming\MCorp
    2016-03-09 10:45 - 2016-03-17 15:07 - 00001729 _____ C:\Users\Public\Desktop\MPC Cleaner.lnk
    2016-03-01 16:11 - 2016-03-08 10:08 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
    2016-03-01 16:11 - 2016-03-01 17:00 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
    2016-03-01 16:11 - 2016-03-01 16:11 - 00001391 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
    2016-03-01 16:11 - 2016-03-01 16:11 - 00001379 _____ C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
    2016-03-01 16:11 - 2016-03-01 16:11 - 00000000 ____D C:\Windows\System32\Tasks\Safer-Networking
    2016-03-01 16:11 - 2016-03-01 16:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
    2016-03-01 16:11 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe
    2016-03-01 14:34 - 2016-03-01 16:09 - 00000000 ____D C:\Program Files (x86)\SearchesToYesbnd
    2016-03-01 14:34 - 2016-03-01 14:50 - 00000000 ____D C:\Users\Admin_HP\AppData\Local\3810282D-6C19-47B0-8283-5C6C29A7E108
    2016-03-01 14:34 - 2016-03-01 14:34 - 00015236 _____ C:\Windows\System32\Tasks\WinTaske
    2016-03-01 14:34 - 2016-03-01 14:34 - 00000000 ____D C:\Program Files (x86)\WinTaske
    2016-03-01 14:34 - 2016-03-01 14:34 - 00000000 ____D C:\Program Files (x86)\Winsere
    2016-03-01 13:50 - 2016-03-01 13:59 - 00000000 ____D C:\Program Files (x86)\MPC AdCleaner
    2016-03-01 13:50 - 2016-03-01 13:50 - 00003356 _____ C:\Windows\System32\Tasks\MPC AdCleaner
    2016-03-01 13:48 - 2016-03-01 13:48 - 00022745 _____ C:\ComboFix.txt
    2016-03-01 13:40 - 2011-06-26 07:45 - 00256000 _____ C:\Windows\PEV.exe
    2016-03-01 13:40 - 2010-11-07 18:20 - 00208896 _____ C:\Windows\MBR.exe
    2016-03-01 13:40 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
    2016-03-01 13:40 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
    2016-03-01 13:40 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
    2016-03-01 13:40 - 2000-08-31 01:00 - 00098816 _____ C:\Windows\sed.exe
    2016-03-01 13:40 - 2000-08-31 01:00 - 00080412 _____ C:\Windows\grep.exe
    2016-03-01 13:40 - 2000-08-31 01:00 - 00068096 _____ C:\Windows\zip.exe
    2016-03-01 13:39 - 2016-03-01 13:48 - 00000000 ____D C:\Qoobox
    2016-03-01 13:33 - 2016-03-02 07:59 - 00000000 ____D C:\Program Files (x86)\Zemana AntiMalware
    2016-03-01 13:33 - 2016-03-01 17:01 - 00685922 _____ C:\Windows\ZAM.krnl.trace
    2016-03-01 13:33 - 2016-03-01 17:01 - 00000617 _____ C:\Windows\ZAM_Guard.krnl.trace
    2016-03-01 13:33 - 2016-03-01 13:33 - 00000000 ____D C:\Users\Admin_HP\AppData\Local\Zemana
    2016-03-01 13:11 - 2016-03-01 16:09 - 00000000 ____D C:\Users\Admin_HP\AppData\Roaming\EpuyzLedsob
    2016-03-01 13:11 - 2016-03-01 13:11 - 00000000 ____D C:\Windows\system32\sodf
    2016-03-01 12:41 - 2016-03-17 10:21 - 00000000 ____D C:\Program Files (x86)\MPC Cleaner
    2016-03-01 12:41 - 2016-03-16 10:33 - 00060136 _____ (DotC United Inc) C:\Windows\system32\Drivers\MPCKpt.sys
    2016-03-01 12:41 - 2016-03-01 16:09 - 00000000 ____D C:\Users\Admin_HP\AppData\Roaming\JiasfeMunhe
    2016-03-01 12:41 - 2016-03-01 13:38 - 00000000 ____D C:\Users\Admin_HP\AppData\Roaming\cpuminer
    2016-03-01 12:41 - 2016-03-01 13:36 - 00000000 ____D C:\Program Files\groover010320161222
    2016-03-01 12:41 - 2016-03-01 13:11 - 00000000 ____D C:\Users\Admin_HP\AppData\Local\Tempfolder
    2016-03-01 12:41 - 2016-03-01 12:41 - 00000000 ____D C:\Windows\system32\kiu
    2016-03-01 12:41 - 2016-03-01 12:41 - 00000000 ____D C:\Users\Admin_HP\AppData\Roaming\gplyra
    2016-03-01 12:41 - 2016-03-01 12:41 - 00000000 ____D C:\Users\Admin_HP\AppData\LocalLow\Company
    2016-03-01 12:41 - 2016-03-01 12:41 - 00000000 ____D C:\Users\Admin_HP\AppData\LocalLow\{D2020D47-707D-4E26-B4D9-739C4F4C2E9A}
    2016-03-01 12:41 - 2016-03-01 12:41 - 00000000 ____D C:\uninst
    2016-03-01 12:41 - 2016-03-01 12:41 - 00000000 _____ C:\Windows\SysWOW64\Number of results
    2016-03-01 12:37 - 2016-03-01 13:10 - 00000000 ____D C:\Program Files\REACHit
    2016-03-01 12:37 - 2016-03-01 12:37 - 00041472 _____ C:\Users\Admin_HP\AppData\Local\Fundamin.dat
    2016-03-01 12:37 - 2016-03-01 12:37 - 00000187 _____ C:\Users\Admin_HP\AppData\Local\Fundamin.exe.config
    EmptyTemp:

    Po wykonaniu zamiesc fixlog.txt oraz nowe logi wykonane pod Windows.

    0
  • #4 18 Mar 2016 12:23
    Kolobos
    Spec od komputerów

    Zamiesc nowe logi z FRST, ze skanowania.

    0
  • #6 18 Mar 2016 13:46
    Kolobos
    Spec od komputerów

    Zainstaluj: https://support.microsoft.com/pl-pl/kb/2545227

    Frst.txt jest obciety, brakuje poczatku... zamiesc ponownie caly.

    Wykonaj tez na razie taki fixlist.txt:
    Task: {0D858AEB-773B-4BDC-9808-F6BF53109354} - \Safer-Networking\Spybot - Search and Destroy\Check for updates -> Brak pliku <==== UWAGA
    Task: {1456EB23-2771-445F-9671-1A7D4A2BC1D4} - \WinTaske -> Brak pliku <==== UWAGA(Google Inc.)
    Task: {74359F71-37D1-4F52-A1C2-8D5EAE7CFD94} - \MPC AdCleaner -> Brak pliku <==== UWAGA
    Task: {CFE5E34C-9B86-4E13-A733-2D15A7590F06} - \Safer-Networking\Spybot - Search and Destroy\Refresh immunization -> Brak pliku <==== UWAGA
    Task: {D02BC030-68BD-4350-8C52-AFDFC5817225} - \Safer-Networking\Spybot - Search and Destroy\Scan the system -> Brak pliku <==== UWAGA

    0