Elektroda.pl
Elektroda.pl
X
CControls
Proszę, dodaj wyjątek www.elektroda.pl do Adblock.
Dzięki temu, że oglądasz reklamy, wspierasz portal i użytkowników.

MPC Cleaner - usunięcie z Windows 8

xx122xx 21 Wrz 2016 16:20 1158 8
  • #1 21 Wrz 2016 16:20
    xx122xx
    Poziom 4  

    Witam, mam problem tak jak w temacie.Męczę się z usunięciem z tym cholerstwem MPC Cleaner. Próbowałam usunąć przez wszelakie programy ale to nie idzie usunąć. Czy macie jakiś dobry sposób i sprawdzony który pozwoli mi raz na zawsze usunąć to badziewie? :cry: :cry: :cry:

    0 8
  • CControls
  • Pomocny post
    #2 21 Wrz 2016 16:30
    Kolobos
    Spec od komputerów

    Uruchom z prawami administratora uninstall, ktory masz w katalogu mpc clenaera.

    Zamiesc w zalaczniku wymagane logi z FRST!

    0
  • CControls
  • Pomocny post
    #4 21 Wrz 2016 17:02
    Kolobos
    Spec od komputerów

    Odinstaluj Chrome oraz Firefox, usun katalogi profilu z:
    C:\Users\Daga\AppData\Local\Google\Chrome\User Data\
    oraz:
    C:\Users\Daga\AppData\Roaming\Profiles\F52829E6BA62

    Nastepnie zainstaluj przegaldarki ponownie, wczesniej mozesz zrobic kopie zakladek o ile sa Ci potrzebne.


    Uruchom z prawami administratora uninstall z katalogu C:\Program Files\MPC Cleaner\

    Obok frst.exe utworz plik Fixlist.txt z zawartoscia:
    Task: {157F86DE-DA58-49C6-B082-613ED218745D} - System32\Tasks\RedjaneUpdateTaskMachineUA => C:\Program Files\Redjane\Update\RedjaneUpdate.exe <==== UWAGA
    Task: {31980A64-A9C8-4A57-B741-3DB41AE2724D} - \AutoPico Daily Restart -> Brak pliku <==== UWAGA
    Task: {DA6CD52E-663E-484A-B41F-F89489E2C32E} - System32\Tasks\RedjaneUpdateTaskMachineCore => C:\Program Files\Redjane\Update\RedjaneUpdate.exe <==== UWAGA
    ShortcutWithArgument: C:\Users\Daga\AppData\Local\Redjane\User Data\Program uruchamiający aplikacje Chrome.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) -> --show-app-list
    ShortcutWithArgument: C:\Users\Daga\AppData\Local\Redjane\User Data\ChromeDefaultData\Web Applications\_crx_oehpjpccmlcalbenfhnacjeocbjdonic\Mój motyw Chrome.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=oehpjpccmlcalbenfhnacjeocbjdonic
    ShortcutWithArgument: C:\Users\Daga\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Web Applications\_crx_oehpjpccmlcalbenfhnacjeocbjdonic\Mój motyw Chrome.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=oehpjpccmlcalbenfhnacjeocbjdonic
    ShortcutWithArgument: C:\Users\Daga\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Web Applications\_crx_jjphmlaoffndcnecccgemfdaaoighkel\Floating for YouTube™.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=jjphmlaoffndcnecccgemfdaaoighkel
    ShortcutWithArgument: C:\Users\Daga\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.mylucky123.com/?type=sc&ts=147...pm0616&uid=SAMSUNGXHD321KJ_S0MQJ1NPA05524
    ShortcutWithArgument: C:\Users\Daga\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk -> C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://www.mylucky123.com/?type=sc&ts=147...pm0616&uid=SAMSUNGXHD321KJ_S0MQJ1NPA05524




    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk -> C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://www.mylucky123.com/?type=sc&ts=147...pm0616&uid=SAMSUNGXHD321KJ_S0MQJ1NPA05524
    ShortcutWithArgument: C:\Users\Public\Desktop\Avast SafeZone Browser.lnk -> C:\Program Files\AVAST Software\SZBrowser\launcher.exe (Avast Software) -> hxxp://www.mylucky123.com/?type=sc&ts=147...pm0616&uid=SAMSUNGXHD321KJ_S0MQJ1NPA05524
    ShortcutWithArgument: C:\Users\Public\Desktop\Mozilla Firefox.lnk -> C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://www.mylucky123.com/?type=sc&ts=147...pm0616&uid=SAMSUNGXHD321KJ_S0MQJ1NPA05524
    ShortcutWithArgument: C:\Users\Public\Desktop\Opera.lnk -> E:\launcher.exe (Opera Software) -> hxxp://www.mylucky123.com/?type=sc&ts=147...pm0616&uid=SAMSUNGXHD321KJ_S0MQJ1NPA05524
    (DotC United Inc) C:\Program Files\MPC Cleaner\MPCProtectService.exe
    (DotC United Inc) C:\Program Files\MPC Cleaner\MPCDesktop.exe
    HKU\S-1-5-21-3967839336-1803737753-2396994476-1001\...\MountPoints2: {5870dce9-f70f-11e5-b0df-001a4d4f0d5e} - "M:\stc2_setup.exe"
    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Ograniczenia <======= UWAGA
    HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.mylucky123.com/search/?type=ds&...amp;uid=SAMSUNGXHD321KJ_S0MQJ1NPA05524&q={searchTerms}
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.mylucky123.com/search/?type=ds&...amp;uid=SAMSUNGXHD321KJ_S0MQJ1NPA05524&q={searchTerms}
    HKU\S-1-5-21-3967839336-1803737753-2396994476-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.mylucky123.com/search/?type=ds&...amp;uid=SAMSUNGXHD321KJ_S0MQJ1NPA05524&q={searchTerms}
    HKU\S-1-5-21-3967839336-1803737753-2396994476-1001\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.mylucky123.com/search/?type=ds&...amp;uid=SAMSUNGXHD321KJ_S0MQJ1NPA05524&q={searchTerms}
    HKU\S-1-5-21-3967839336-1803737753-2396994476-1001\Software\Microsoft\Internet Explorer\Main,Start Page =
    SearchScopes: HKLM -> DefaultScope {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = hxxp://www.google.com/search?q={searchTerms}
    SearchScopes: HKLM -> {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = hxxp://www.google.com/search?q={searchTerms}
    SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.mylucky123.com/search/?type=ds&...amp;uid=SAMSUNGXHD321KJ_S0MQJ1NPA05524&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-3967839336-1803737753-2396994476-1001 -> DefaultScope {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = hxxp://www.google.com/search?q={searchTerms}
    SearchScopes: HKU\S-1-5-21-3967839336-1803737753-2396994476-1001 -> {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = hxxp://www.google.com/search?q={searchTerms}
    SearchScopes: HKU\S-1-5-21-3967839336-1803737753-2396994476-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    FF Homepage: hxxp://www.mylucky123.com/?type=hp&ts=147...pm0616&uid=SAMSUNGXHD321KJ_S0MQJ1NPA05524
    FF Keyword.URL: undefined://undefined/
    OPR Extension: (Brak nazwy) - C:\Users\Daga\AppData\Roaming\Opera Software\Opera Stable\Extensions\mlepmakjdoedngidjlanekmdkllganmg [2016-05-10]
    R2 Hkhlp; C:\Program Files\Common Files\Apps\Hkhlp.dll [281600 2016-09-20] () [Brak podpisu cyfrowego]
    R2 MPCProtectService; C:\Program Files\MPC Cleaner\MPCProtectService.exe [355808 2016-08-31] (DotC United Inc) <==== UWAGA
    R2 Sunshinesvc; C:\Program Files\Corner Sunshine\sunshinesvc.dll [336896 2016-09-20] () [Brak podpisu cyfrowego]
    S4 W3PCC; C:\ProgramData\Sun\Java\extension.dll [342528 2016-09-20] () [Brak podpisu cyfrowego]
    S2 CornerSunshineSvc; "C:\Program Files\Corner Sunshine\CornerSunshineSvc.exe" {8A712DBD-E08B-4D5C-839D-1B9C185FE769} [X]
    S2 Inetmuoki Updater; Brak ImagePath
    S2 Olovzidm; Brak ImagePath
    S2 pytecejy; Brak ImagePath
    S2 RedjaneU; "C:\Program Files\Redjane\Update\RedjaneUpdate.exe" [X]
    S2 vekyzegezbt; Brak ImagePath
    S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [19984 2016-07-10] ()
    R0 MPCBase; C:\Windows\System32\drivers\MPCBase.sys [29032 2016-08-31] (DotC United Inc) <==== UWAGA
    R1 MPCKpt; C:\Windows\System32\DRIVERS\MPCKpt.sys [52968 2016-08-31] (DotC United Inc) <==== UWAGA
    U3 a7pe8m71; C:\Windows\system32\Drivers\a7pe8m71.sys [0 ] (Microsoft Corporation) <==== UWAGA (zerobajtowy plik/folder)
    2016-09-21 16:03 - 2016-09-21 16:03 - 00001742 _____ C:\Users\Public\Desktop\MPC Desktop.lnk
    2016-09-21 16:03 - 2016-09-21 16:03 - 00001735 _____ C:\Users\Public\Desktop\MPC AdCleaner.lnk
    2016-09-21 16:03 - 2016-09-21 16:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MPC
    2016-09-20 18:51 - 2016-09-20 18:51 - 00000000 ____D C:\Program Files\Corner Sunshine
    2016-09-19 11:40 - 2016-09-19 11:47 - 00000000 ____D C:\Program Files\Redjane
    2016-09-19 11:40 - 2016-09-19 11:40 - 00000007 _____ C:\Windows\system32\1168.tmp
    2016-09-19 11:40 - 2016-09-19 11:40 - 00000000 ____D C:\Users\Daga\AppData\Local\Redjane
    2016-09-19 11:40 - 2016-09-19 11:40 - 00000000 ____D C:\ProgramData\Sun
    2016-09-19 11:37 - 2016-09-20 18:50 - 00000027 _____ C:\Users\Public\Documents\temp.dat
    2016-09-19 11:37 - 2016-09-19 11:37 - 00000000 ____D C:\Program Files\walalala co
    2016-09-17 00:08 - 2016-09-17 00:08 - 00981832 _____ ( ) C:\Users\Daga\Downloads\Photoscape-12505-dp.exe
    2016-09-03 16:01 - 2016-09-03 16:08 - 00000150 _____ C:\Windows\Reimage.ini
    2016-09-03 16:01 - 2016-09-03 16:01 - 00603824 _____ (Reimage) C:\Users\Daga\Downloads\ReimageRepair.exe
    2016-08-31 20:25 - 2016-08-31 20:25 - 00000000 ____D C:\Users\Daga\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MPC Desktop
    2016-08-31 20:25 - 2016-08-31 20:25 - 00000000 ____D C:\Users\Daga\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MPC AdCleaner
    2016-08-31 20:25 - 2016-08-31 20:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MPC Desktop
    2016-08-31 20:25 - 2016-08-31 20:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MPC AdCleaner
    2016-08-26 17:18 - 2016-08-28 12:34 - 00000000 ____D C:\Users\Daga\Desktop\Rapsy
    2016-08-25 16:34 - 2016-08-25 16:34 - 00000000 ____D C:\ProgramData\Caphyon
    2016-08-24 20:37 - 2016-09-06 15:44 - 00000000 ____D C:\ProgramData\corss
    2016-09-21 16:03 - 2016-05-28 14:14 - 00000000 ____D C:\Program Files\MPC Cleaner
    2016-09-20 19:08 - 2016-05-31 18:32 - 00000000 ____D C:\ProgramData\Lamzap
    2016-09-20 19:05 - 2016-08-19 13:37 - 00000000 ____D C:\Program Files\WinSaber
    2016-05-31 18:32 - 2016-05-31 18:32 - 6859776 _____ () C:\Users\Daga\AppData\Roaming\agent.dat
    2016-05-31 18:32 - 2016-05-31 18:32 - 0054272 _____ () C:\Users\Daga\AppData\Roaming\ApplicationHosting.dat
    2016-08-21 15:08 - 2016-08-24 20:07 - 0000369 _____ () C:\Users\Daga\AppData\Roaming\burnaware.ini
    2016-05-31 18:32 - 2016-05-31 18:32 - 0067776 _____ () C:\Users\Daga\AppData\Roaming\Config.xml
    2016-05-31 18:31 - 2016-05-31 18:31 - 0848437 _____ () C:\Users\Daga\AppData\Roaming\Funlex.bin
    2016-04-06 18:08 - 2016-04-06 18:08 - 0005120 _____ () C:\Users\Daga\AppData\Roaming\GiftBag.db
    2016-04-06 20:59 - 2016-04-06 20:59 - 0255754 _____ () C:\Users\Daga\AppData\Roaming\inst.lat
    2016-04-06 20:59 - 2016-05-31 18:31 - 0018336 _____ () C:\Users\Daga\AppData\Roaming\InstallationConfiguration.xml
    2016-04-06 20:59 - 2016-05-31 18:31 - 0128512 _____ () C:\Users\Daga\AppData\Roaming\Installer.dat
    2016-05-31 18:32 - 2016-05-31 18:32 - 1756999 _____ () C:\Users\Daga\AppData\Roaming\Jobdax.tst
    2016-05-31 18:32 - 2016-05-31 18:32 - 0126464 _____ () C:\Users\Daga\AppData\Roaming\lobby.dat
    2016-05-31 18:32 - 2016-05-31 18:32 - 0018432 _____ () C:\Users\Daga\AppData\Roaming\Main.dat
    2016-05-31 18:32 - 2016-05-31 18:32 - 0005568 _____ () C:\Users\Daga\AppData\Roaming\md.xml
    2016-04-08 15:03 - 2016-04-08 15:03 - 0000119 _____ () C:\Users\Daga\AppData\Roaming\Network Monitor II_#0_Traffic.ini
    2016-05-31 18:32 - 2016-05-31 18:32 - 0126464 _____ () C:\Users\Daga\AppData\Roaming\noah.dat
    2016-05-31 18:32 - 2016-05-31 18:32 - 0032038 _____ () C:\Users\Daga\AppData\Roaming\uninstall_temp.ico
    2016-05-31 18:32 - 2016-05-31 18:32 - 0072820 _____ () C:\Users\Daga\AppData\Roaming\Zoomeco.tst
    EmptyTemp:

    W FRST wybierz Napraw.

    Po wykonaniu zamiesc nowe logi z FRST.

    0
  • #6 21 Wrz 2016 18:08
    Kolobos
    Spec od komputerów

    Zamiesc jeszcze nowy Addition.txt (zaznacz w FRST opcje tworzenia addition).

    0
  • Pomocny post
    #8 21 Wrz 2016 18:27
    Kolobos
    Spec od komputerów

    Odinstaluj PhotoScape

    Nie usunales profilu FF:
    C:\Users\Daga\AppData\Roaming\Profiles\F52829E6BA62
    (to nie jest poprawna lokalizacja profilu, zapewne zostal utworzony przez infekcje!)

    W ustawieniach Chrome usun przywracanie zestawu stron po starcie przegladarki.

    Nowy Fixlist.txt dla FRST:
    HKLM\...\Run: [AvgUi] => C:\Program Files\AVG\Framework\Common\avguirnx.exe [186640 2016-04-22] (AVG Technologies CZ, s.r.o.)
    CHR StartupUrls: Default -> "chrome://apps/","hxxps://www.google.pl/","hxxp://www.hohosearch.com/?mode=loadm&ptid=csdi&uid=261992F31F351B3D393C80C33CE198DA&v=20160510&ts=AHEqAXYqB3EtBU.."
    CHR HKLM\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx
    CHR HKU\S-1-5-21-3967839336-1803737753-2396994476-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
    S2 ed2kidle; C:\Program Files\walalala co\aMuleCustom\ed2k.exe -downloadwhenidle [X]
    U3 aecykz9p; C:\Windows\system32\Drivers\aecykz9p.sys [0 ] (Microsoft Corporation) <==== UWAGA (zerobajtowy plik/folder)
    2016-09-17 00:15 - 2016-09-17 00:15 - 00000000 ___DC C:\output
    2016-09-17 00:12 - 2016-09-17 00:17 - 00000000 ____D C:\Users\Daga\AppData\Roaming\PhotoScape
    2016-09-17 00:12 - 2016-09-17 00:12 - 00000993 _____ C:\Users\Daga\Desktop\PhotoScape.lnk
    2016-09-17 00:12 - 2016-09-17 00:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PhotoScape
    2016-09-17 00:12 - 2016-09-17 00:12 - 00000000 ____D C:\Program Files\PhotoScape
    2016-09-17 00:10 - 2016-09-17 00:10 - 21025552 _____ (Mooii) C:\Users\Daga\Downloads\Setup_PhotoScapeSetup_V3.7.exe

    Po wykonaniu usun katalog C:\FRST i to wszystko.

    0
  • #9 21 Wrz 2016 18:41
    xx122xx
    Poziom 4  

    Dziękuje bardzo, już jest wszystko okej :wink:

    0