Elektroda.pl
Elektroda.pl
X
CControls
Proszę, dodaj wyjątek www.elektroda.pl do Adblock.
Dzięki temu, że oglądasz reklamy, wspierasz portal i użytkowników.

MPC Cleaner - Usunięcie z Windows 7 64 bit

Pablo Bello 07 Kwi 2016 14:18 750 2
  • #1 07 Kwi 2016 14:18
    Pablo Bello
    Poziom 1  

    Witam wszystkich,
    Zgłaszam się do was z problemem. Otóż podczas instalacji jednego z programów, zainstalował mi się program MPC Cleaner. Za wszelkie Skarby nie mogę go odinstalować ani usunąć. Najgorsze jest to że menu tego programu opiera się na chińskich krzaczkach. Czy mógłbym prosić Was o pomoc ? Będę wdzięczny za każde wskazówki. Proszę o wyrozumiałość. Załączam logi.

    1 2
  • CControls
  • #2 07 Kwi 2016 14:28
    Domino_2
    Pomocny dla użytkowników

    Odinstaluj SafeFinder.

    Uruchom komputer zgodnie z podaną poniżej instrukcją i tam uruchom skrypt:
    http://www.fixitpc.pl/topic/4414-diagnostyka-infekcji-na-niestartuj%C4%85cych-windows/

    Cytat:

    AV: 电脑管家系统防护 (Enabled - Up to date) {6F9C3F92-B625-0E47-F0B1-447602EC65F5}
    AS: 电脑管家系统防护 (Enabled - Up to date) {D4FDDE76-901F-01C9-CA01-7F04796B2F48}
    (Tencent) C:\Program Files (x86)\Tencent\QQPCMgr\11.1.16923.222\QQPCRTP.exe
    (Tencent) C:\Program Files (x86)\Tencent\QQPCMgr\11.1.16923.222\QQPCTray.exe
    (Tencent) C:\Program Files (x86)\Tencent\QQPCMgr\11.1.16923.222\plugins\QMNetMon\QQPCNetFlow.exe
    (Tencent) C:\Program Files (x86)\Tencent\QQPCMgr\11.1.16923.222\QQPCRealTimeSpeedup.exe
    (Tencent) C:\Program Files (x86)\Common Files\Tencent\QQDownload\130\Tencentdl.exe
    (腾讯公司) C:\Users\Paweł\AppData\Roaming\Tencent\AndroidServer\1.0.0.512\AndroidServer.exe
    HKLM-x32\...\Run: [ QQPCTray] => C:\Program Files (x86)\Tencent\QQPCMgr\11.1.16923.222\QQPCTRAY.EXE [355296 2016-04-07] (Tencent)
    AppInit_DLLs: C:\ProgramData\Quotenamron\Angotrax.dll => Brak pliku
    ShellIconOverlayIdentifiers: [.QMDeskTopGCIcon] -> {B7667919-3765-4815-A66D-98A09BE662D6} => C:\Program Files (x86)\Tencent\QQPCMgr\11.1.16923.222\QMGCShellExt64.dll [2016-04-07] (Tencent)
    GroupPolicy: Ograniczenia - Chrome <======= UWAGA
    CHR HKLM\SOFTWARE\Policies\Google: Ograniczenia <======= UWAGA
    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Ograniczenia <======= UWAGA
    HKU\S-1-5-21-2543329774-3088327283-2557930943-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Ograniczenia <======= UWAGA
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.hao123.com/?tn=90820167_hao_pg
    HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.sweet-page.com/web/?type=ds&ts...=ST1000LM024XHN-M101MBB_S30YJ9BF300358&q={searchTerms}
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.sweet-page.com/web/?type=ds&ts...=ST1000LM024XHN-M101MBB_S30YJ9BF300358&q={searchTerms}




    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
    HKU\S-1-5-21-2543329774-3088327283-2557930943-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.hao123.com/?tn=90820167_hao_pg
    SearchScopes: HKLM-x32 -> DefaultScope {ielnksrch} URL =
    SearchScopes: HKLM-x32 -> ielnksrch URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61...WS6skjspPZZaSC6NVygXwA7ZBpXgg5DoHjitgg&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-2543329774-3088327283-2557930943-1000 -> DefaultScope {ielnksrch} URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61...WS6skjspPZZaSC6NVygXwA7ZBpXgg5DoHjitgg&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-2543329774-3088327283-2557930943-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={sear
    SearchScopes: HKU\S-1-5-21-2543329774-3088327283-2557930943-1000 -> {ielnksrch} URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61...WS6skjspPZZaSC6NVygXwA7ZBpXgg5DoHjitgg&q={searchTerms}
    BHO: 电脑管家网页防火墙 -> {7C260B4B-F7A0-40B5-B403-BEFCDC6A4C3B} -> C:\Program Files (x86)\Tencent\QQPCMgr\11.1.16923.222\TSWebMon64.dat [2016-04-07] (Tencent)
    FF DefaultSearchEngine: findit
    FF Homepage: hxxp://stadsear.com/search5
    FF Plugin: @microsoft.com/GENUINE -> disabled [Brak pliku]
    FF Plugin-x32: @microsoft.com/GENUINE -> disabled [Brak pliku]
    FF Plugin-x32: @qq.com/QQPCMgr -> C:\Program Files (x86)\Tencent\QQPCMgr\11.1.16923.222\npQMExtensionsMozilla.dll [2016-04-07] (Tencent Technology (Shenzhen) Company Limited)
    CHR HKLM-x32\...\Chrome\Extension: [jidkebcigjgheaahopdnlfaohgnocfai] - hxxps://clients2.google.com/service/update2/crx
    R2 QQPCRTP; C:\Program Files (x86)\Tencent\QQPCMgr\11.1.16923.222\QQPCRtp.exe [301728 2016-04-07] (Tencent)
    U2 QQRepair148b; C:\Program Files (x86)\Tencent\QQPCMGR\Plugins\QQRepair148b [136512 2016-04-07] ()
    S2 QQRepairFixSVC; C:\Program Files (x86)\Tencent\QQPCMGR\Plugins\QQRepairFixSVC [136512 2016-04-07] ()
    S4 TAOFrame; C:\Program Files (x86)\Tencent\QQPCMgr\11.1.16923.222\TAOFrame.exe [297952 2016-04-07] (Tencent)
    R1 QMUdisk; C:\Program Files (x86)\Tencent\QQPCMgr\11.1.16923.222\QMUdisk64.sys [184536 2016-03-02] (Tencent)
    R2 QQSysMonX64; C:\Program Files (x86)\Tencent\QQPCMgr\11.1.16923.222\QQSysMonX64.sys [138040 2016-04-07] (电脑管家)
    R1 softaal; C:\Program Files (x86)\Tencent\QQPCMgr\11.1.16923.222\softaal64.sys [35128 2016-04-07] (Tencent)
    R1 SRepairDrv; \??\C:\Program Files (x86)\Tencent\QQPCMGR\Plugins\SRepairDrv [168568 2016-04-07] ()
    R2 TAOAccelerator; C:\Windows\system32\Drivers\TAOAccelerator64.sys [101472 2016-03-15] (Tencent)
    R1 TAOKernelDriver; C:\Windows\System32\Drivers\TAOKernel64.sys [274232 2016-04-07] (Tencent Technology(Shenzhen) Company Limited)
    R3 TFsFlt; C:\Windows\System32\Drivers\TFsFltX64.sys [87864 2016-04-07] (电脑管家)
    R3 TS888x64; C:\Program Files (x86)\Tencent\QQPCMgr\11.1.16923.222\TS888x64.sys [38520 2016-04-07] (Tencent)
    R1 TSDefenseBt; C:\Program Files (x86)\Tencent\QQPCMgr\11.1.16923.222\TsDefenseBT64.sys [28984 2016-04-07] (Tencent)
    R3 TSSKX64; C:\Windows\System32\drivers\tsskx64.sys [54904 2016-03-16] (电脑管家)
    R4 TSSysKit; C:\Program Files (x86)\Tencent\QQPCMgr\11.1.16923.222\TSSysKit64.sys [87352 2016-04-07] (电脑管家)
    S3 catchme; \??\C:\ComboFix\catchme.sys [X]
    S1 MPCKpt; system32\DRIVERS\MPCKpt.sys [X]
    S1 wafd_vt_1_10_0_20; system32\drivers\wafd_vt_1_10_0_20.sys [X]
    2016-04-07 13:36 - 2016-04-07 13:36 - 00000736 _____ C:\DelFix.txt
    2016-04-07 11:23 - 2016-04-07 13:36 - 00038520 _____ (Tencent) C:\Windows\SysWOW64\Drivers\TS888x64.sys
    2016-04-07 11:20 - 2016-01-14 11:47 - 00128280 _____ (电脑管家) C:\Windows\SysWOW64\Drivers\TsFltMgr.sys
    2016-04-07 11:18 - 2016-04-07 12:35 - 00000000 ____D C:\ProgramData\TXQMPC
    2016-04-07 11:18 - 2016-04-07 11:18 - 00274232 _____ (Tencent Technology(Shenzhen) Company Limited) C:\Windows\system32\Drivers\TAOKernel64.sys
    2016-04-07 11:18 - 2016-04-07 11:18 - 00087864 _____ (电脑管家) C:\Windows\system32\Drivers\TFsFltX64.sys
    2016-04-07 11:18 - 2016-04-07 11:18 - 00000000 ____D C:\Program Files\Common Files\Tencent
    2016-04-07 11:18 - 2016-03-16 12:57 - 00054904 _____ (电脑管家) C:\Windows\system32\Drivers\TSSKX64.sys
    2016-04-07 11:18 - 2016-03-15 17:28 - 00101472 _____ (Tencent) C:\Windows\system32\Drivers\TAOAccelerator64.sys
    2016-04-07 11:12 - 2016-04-07 12:31 - 00000000 ____D C:\Users\Paweł\AppData\Roaming\Tencent
    2016-04-07 11:12 - 2016-04-07 11:22 - 00000000 ____D C:\ProgramData\Tencent
    2016-04-07 11:12 - 2016-04-07 11:12 - 00000000 ____D C:\Program Files (x86)\Tencent
    2016-04-07 11:00 - 2016-04-07 12:35 - 00000000 ____D C:\Program Files (x86)\MPC Cleaner
    2016-04-07 11:00 - 2016-04-07 11:00 - 00000866 __RSH C:\ProgramData\ntuser.pol
    2016-04-07 11:49 - 2014-11-23 19:47 - 00000000 ____D C:\Users\Paweł\AppData\Roaming\MPC-HC
    EmptyTemp:


    Wklej to do notatnika i zapisz pod nazwą fixlist.txt i umieść w folderze gdzie znajduje się plik FRST.exe/FRST64.exe, odpal go i kliknij Fix/Napraw.

    0
  • CControls
  • #3 08 Kwi 2016 10:24
    Kolobos
    Spec od komputerów

    EmptyTemp nie dziala pod WinRe.

    Po wykonaniu zamiesc nowe logi ze skanowania, zrobione juz pod windows.

    1