Elektroda.pl
Elektroda.pl
X
Proszę, dodaj wyjątek www.elektroda.pl do Adblock.
Dzięki temu, że oglądasz reklamy, wspierasz portal i użytkowników.

Mpc cleaner win 8.1 jak usunąć

andrew321 30 Lip 2017 15:49 447 6
  • #2 30 Lip 2017 17:44
    Kolobos
    Spec od komputerów

    Odinstaluj: McAfee WebAdvisor

    Obok frst.exe utworz plik Fixlist.txt z zawartoscia:
    CloseProcesses:
    Task: {7525E50E-780C-4BB4-8D82-64CE0E26134E} - System32\Tasks\{EBA61A9A-0312-41FA-B0B9-ED3AC22A6101} => C:\Windows\system32\pcalua.exe -a "D:\Program Files (x86)\Cenega\Age of Pirates\engine.exe" -d "d:\Program Files (x86)\Cenega\Age of Pirates"
    Task: {B6039D9A-3A97-4841-8558-A54E6648A0E5} - System32\Tasks\{75C1E1FD-BDBA-4402-BC7C-C32E89D4798C} => C:\Windows\system32\pcalua.exe -a "C:\Program Files (x86)\Bluestacks\BluestacksUninstaller.exe" -c :tmp
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
    Hosts:
    HKU\S-1-5-21-1417796096-4184053496-2432532190-1001\...\Policies\Explorer: []
    HKU\S-1-5-21-1417796096-4184053496-2432532190-1001\...\MountPoints2: {8c4be831-a11e-11e5-829b-ac9e179930e5} - "H:\Setup.exe"
    HKU\S-1-5-21-1417796096-4184053496-2432532190-1001\...\MountPoints2: {8c4be885-a11e-11e5-829b-ac9e179930e5} - "I:\Setup.exe"
    HKU\S-1-5-21-1417796096-4184053496-2432532190-1001\...\MountPoints2: {cdb2f927-bf58-11e4-8264-54271ec0a156} - "G:\autorun.exe"
    HKU\S-1-5-21-1417796096-4184053496-2432532190-1001\...\MountPoints2: {cdb2f986-bf58-11e4-8264-54271ec0a156} - "G:\autorun.exe"
    GroupPolicy: Ograniczenia - Chrome <==== UWAGA
    CHR HKLM\SOFTWARE\Policies\Google: Ograniczenia <==== UWAGA
    AutoConfigURL: [S-1-5-21-1417796096-4184053496-2432532190-1001] => hxxp://nonestops.biz/wpad.dat?26f86234f2f07d5c0a78908a2bc09a7019761941
    ManualProxies: 0hxxp://nonestops.biz/wpad.dat?26f86234f2f07d5c0a78908a2bc09a7019761941
    RemoveProxy:
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = search.mpc.am/?geo=pl
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = search.mpc.am/?geo=pl
    FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi
    FF Extension: (McAfee WebAdvisor) - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi [2017-07-13]
    FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi
    FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\defaults\pref\47886186.js [2016-11-09] <==== UWAGA (Linkuje do pliku *.cfg)
    FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\47886186.cfg [2016-11-09] <==== UWAGA
    CHR Extension: (Search Monk) - C:\Users\asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdblbpofjaocmncblkenfeafoahicefi [2017-07-27]
    CHR Extension: (Particle Playground) - C:\Users\asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\nomlmkeijjkfbadekbnpdhepbmnpleij [2017-07-27]




    C:\Users\asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdblbpofjaocmncblkenfeafoahicefi
    C:\Users\asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\nomlmkeijjkfbadekbnpdhepbmnpleij
    CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2016-05-29]
    CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx <nie znaleziono>
    CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2016-05-29]
    CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <nie znaleziono>
    R2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [163592 2016-04-20] (McAfee, Inc.)
    S2 MPCProtectService; "C:\Program Files (x86)\MPC Cleaner\MPCProtectService.exe" [X] <==== UWAGA
    R3 mfesapsn; C:\Program Files (x86)\McAfee\SiteAdvisor\x64\mfesapsn.sys [45728 2016-03-15] (McAfee, Inc.)
    R1 MPCKpt; C:\Windows\System32\DRIVERS\MPCKpt.sys [60136 2016-08-31] (DotC United Inc) <==== UWAGA
    2017-07-30 12:12 - 2016-12-07 21:45 - 00000000 ____D C:\AdwCleaner
    2017-07-30 12:12 - 2016-06-02 18:00 - 00000000 ____D C:\Program Files (x86)\MPC Cleaner
    2017-05-06 20:22 - 2017-05-20 21:22 - 39313072 _____ () C:\Users\asus\AppData\Roaming\gameboxsetup.exe
    2017-03-28 22:10 - 2017-03-28 22:10 - 0000016 _____ () C:\ProgramData\mntemp
    EmptyTemp:

    W FRST wybierz Napraw.

    Uruchom FRST z poziomu WinRe:
    https://www.fixitpc.pl/topic/4414-diagnostyka-infekcji-na-niestartujących-windows/#entry32551 i tam wykonaj taki Fixlist.txt:
    C:\Program Files (x86)\MPC Cleaner
    S2 MPCProtectService; "C:\Program Files (x86)\MPC Cleaner\MPCProtectService.exe" [X] <==== UWAGA
    R1 MPCKpt; C:\Windows\System32\DRIVERS\MPCKpt.sys [60136 2016-08-31] (DotC United Inc) <==== UWAGA
    C:\Windows\System32\DRIVERS\MPCKpt.sys

    Po wykonaniu zamiesc nowe logi z FRST, ze skanowania.

    0
  • #4 30 Lip 2017 21:36
    Kolobos
    Spec od komputerów

    Z tego co widze to nie uzyles FRST z poziomu WinRe, z jakiego powodu? Bez tego nie usuniesz infekcji.

    Odinstaluj: NarutoOnline 2.4.0.12121

    0
  • #6 30 Lip 2017 22:37
    Kolobos
    Spec od komputerów

    Nowy Fixlist.txt dla FRST:
    S2 0001701501441440mcinstcleanup; C:\Users\asus\AppData\Local\Temp\000170~1.EXE -cleanup -nolog [X] <==== UWAGA
    2017-07-30 21:06 - 2017-07-30 21:06 - 000000000 ____D C:\Users\asus\Downloads\FRST-OlderVersion
    2017-07-30 21:03 - 2017-07-30 21:03 - 000000000 ____D C:\Program Files\McAfee

    Po wykonaniu usun katalog C:\FRST i to wszystko.

    0
  • #7 31 Lip 2017 19:17
    andrew321
    Poziom 2  

    Dziękuję bardzo za pomoc i za cierpliwość

    0