Co wbity program to niepoprawnie odinstalowany.
Bit
Comodo
Rising security Software
Unchecky pozostały wpisy po nim w hosts
Użycie combofixa
Do notatnika wklej i zapisz jako
fixlist.txt
Kod:
CloseProcesses:
CreateRestorePoint:
BootExecute: autocheck autochk * BootDefrag.exe
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Zasada ograniczeń <======= UWAGA
HKU\S-1-5-21-2193585789-1827547596-1363779275-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Zasada ograniczeń <======= UWAGA
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-2193585789-1827547596-1363779275-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM -> DefaultScope - brak wartości
SearchScopes: HKU\S-1-5-21-2193585789-1827547596-1363779275-1000 -> {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} URL =
CHR HKLM\...\Chrome\Extension: [fdhbkaahephniejapepaiggngjnedpci] - https://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [ooebklgpfnbcnpokahmdidgbmlcdepkm] - https://clients2.google.com/service/update2/crx
R2 bdfsfltr; C:\Windows\system32\Drivers\bdfsfltr.sys [356368 2013-11-21] (BitDefender)
R1 hooksys; C:\Windows\system32\drivers\Hooksys.sys [176088 2012-12-24] (Beijing Rising Information Technology Co., Ltd.)
R1 HookTdi; C:\Windows\system32\drivers\HookTdi.sys [24280 2012-12-24] (Beijing Rising Information Technology Co., Ltd.)
R1 HyperVM; C:\Windows\system32\drivers\hvm.sys [32568 2012-12-24] (Beijing Rising Information Technology Co., Ltd.)
R2 rsdsys; C:\Windows\system32\drivers\protreg.sys [24120 2014-05-29] (Beijing Rising Information Technology Co., Ltd.)
S2 LiveUpdateSvc; C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe [X]
S3 IpInIp; Brak ImagePath
S3 NwlnkFlt; Brak ImagePath
S3 NwlnkFwd; Brak ImagePath
C:\Users\Tibu\Desktop\Google Chrome (3).lnk
C:\Users\Tibu\Desktop\Google Chrome (2).lnk
C:\Windows\erdnt
C:\Windows\PEV.exe
C:\Windows\MBR.exe
C:\Windows\NIRCMD.exe
C:\Windows\SWREG.exe
C:\Windows\SWSC.exe
C:\Windows\sed.exe
C:\Windows\grep.exe
C:\Windows\zip.exe
C:\Windows\system32\guard32.dll
C:\Windows\system32\Drivers\bdfsfltr.sys
C:\Program Files\Tencent
C:\rising.ini
C:\Windows\system32\BsMain.ini
C:\Windows\system32\bsmain.exe
C:\Windows\system32\ravext.dll
C:\Windows\system32\Drivers\hvm.sys
C:\Windows\system32\Drivers\HookTdi.sys
C:\Windows\system32\Drivers\Hooksys.sys
C:\Windows\system32\Drivers\HookHelp.sys
C:\Windows\system32\Drivers\protreg.sys
C:\Users\Default\AppData\Roaming\TuneUp Software
C:\Users\Default User\AppData\Roaming\TuneUp Software
C:\Users\Tibu\AppData\Roaming\Apple Computer
Task: {264F87EA-47BE-44A0-B735-2B258868E311} - \Soft installer -> Brak pliku <==== UWAGA
Task: {C1D054B3-BE3C-41C3-B514-147D7FE53F84} - \Hosts Block run at startup -> Brak pliku <==== UWAGA
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
Hosts:
CMD: netsh advfirewall reset
EmptyTemp:
Zapisany skrypt umieść obok ściągniętego programu
FRST
Następnie w programie kliknij
Fix,po wykonaniu pokaż raport z tego działania.