Malwarebytes nic nie wykrywa ,ccleaner zrobiony a reklamy nadal wyskakuja i na dobre 5 minut zawieszają całą przeglądarke ponizej raport
FRST http://www.wklej.org/id/2059932/
Addition http://www.wklej.org/id/2059933/
shortcut http://www.wklej.org/id/2059981/
Wklej do systemowego notatnika i zapisz jako plik tekstowy o nazwie fixlist :
U3 idsvc; Brak ImagePath
S3 ohci1394; \SystemRoot\System32\drivers\ohci1394.sys [X]
2016-03-07 12:10 - 2016-03-07 12:11 - 00000000 ____ D C:\ProgramData\0de30366-4e05-0
2016-03-07 12:09 - 2016-03-07 12:10 - 00000000 ____ D C:\ProgramData\0de30366-6053-1
2016-03-07 12:09 - 2016-03-07 12:10 - 00000000 ____ D C:\ProgramData\0de30366-2943-0
2016-03-07 09:24 - 2016-03-07 09:25 - 01103152 _____ ( ) C:\Users\Mateusz\Downloads\CCleaner-13061-dp.exe
2016-03-06 12:09 - 2016-03-06 12:09 - 00000000 ____ D C:\ProgramData\0de30366-5655-1
2016-03-06 12:09 - 2016-03-06 12:09 - 00000000 ____ D C:\ProgramData\0de30366-4775-0
2016-03-03 20:30 - 2016-03-03 20:30 - 00000000 ____ D C:\Users\Mateusz\AppData\Local\CEF
2016-02-27 12:09 - 2016-03-05 13:32 - 00000000 ____ D C:\ProgramData\0de30366-2533-0
2016-02-27 12:04 - 2016-03-07 12:10 - 00000000 ____ D C:\ProgramData\fae89bc5
2016-02-27 12:04 - 2016-03-05 13:32 - 00000000 ____ D C:\ProgramData\0de30366-6001-0
2016-02-27 12:04 - 2016-02-27 12:04 - 00000000 ____ D C:\ProgramData\{2f8e1425-712c-0}
2016-02-27 12:04 - 2016-02-27 12:04 - 00000000 ____ D C:\ProgramData\{200cc768-612c-1}
2016-02-27 12:04 - 2015-12-29 10:09 - 00000000 ____ D C:\ProgramData\03004ba8-6d35-1
2016-02-27 12:04 - 2015-12-29 10:09 - 00000000 ____ D C:\ProgramData\03004ba8-5391-0
2012-07-19 12:46 - 2012-07-19 12:46 - 0000000 _____ () C:\Users\Mateusz\AppData\Local\AtStart.txt
2012-07-19 12:46 - 2012-07-19 12:46 - 0000000 _____ () C:\Users\Mateusz\AppData\Local\DSwitch.txt
2012-07-19 12:46 - 2012-07-19 12:46 - 0000000 _____ () C:\Users\Mateusz\AppData\Local\QSwitch.txt
Task: {12BFE6DE-3FC3-4393-A935-17F3426D3F46} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd - Brak pliku ==== UWAGA
Task: {1982D372-AEA5-4E70-B72C-6A1A32EC1D21} - System32\Tasks\{37BC256F-9539-4D2C-B90F-BA53B4564A73} = pcalua.exe -a C:\Users\Mateusz\Desktop\sp41697.exe -d C:\Users\Mateusz\Desktop
Task: {2D724E88-C1D9-488E-BCD3-4EBB7D70019B} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B - Brak pliku ==== UWAGA
Task: {40036FB0-941B-49A0-831C-4A2611578A0E} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d - Brak pliku ==== UWAGA
Task: {4B64EF23-65E5-481C-B825-3154C7DDB140} - System32\Tasks\{4B25A02D-7225-45C5-AAE1-C9032DA89C74} = pcalua.exe -a C:\Users\Mateusz\Desktop\sp41704.exe -d C:\Users\Mateusz\Desktop
Task: {4E1C0AD9-1318-4980-89F0-18B18C915231} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d - Brak pliku ==== UWAGA
Task: {65320246-780E-4090-A460-3A51EC1D23D3} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d - Brak pliku ==== UWAGA
Task: {68DE33FF-8704-45F0-A195-C8D196B06F84} - System32\Tasks\{9E0C5EA8-A593-4922-8982-F61863FA08C0} = pcalua.exe -a C:\Users\Mateusz\Desktop\sp45499.exe -d C:\Users\Mateusz\Desktop
Task: {8BB8B3E3-BE5D-4581-95FC-115CB209D68C} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent - Brak pliku ==== UWAGA
Task: {8E5AE974-C85C-4579-AC88-AE45B26D2A74} - System32\Tasks\DNSLOCKINGTON = dnslockington.exe ==== UWAGA
Task: {A42DE191-FD88-4D70-86AC-A800C1A1F176} - System32\Tasks\{FB5C1334-F7BE-4C1D-9F4F-03F3F540C106} = pcalua.exe -a F:\SISetup.exe -d F:\
Task: {A7CFF6C8-5674-448A-9460-9474B382FDC7} - Brak ścieżki do pliku
Task: {AF7DAF57-809D-4019-A000-33994179C13D} - \{0B097F47-7D7D-0808-0511-05050A0A117E} - Brak pliku ==== UWAGA
Task: {C4E78B8F-7332-48E3-A64D-707BED71FAA4} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent - Brak pliku ==== UWAGA
Task: {D28792B7-80A0-40AF-9EAC-9DEE4882B504} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d - Brak pliku ==== UWAGA
Task: {F27D386A-6397-4C3C-B112-FACBC7A2BFC9} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d - Brak pliku ==== UWAGA
Task: {F39997EB-DB1C-42C1-81FD-D549403D7CE4} - \Microsoft\Windows\Setup\gwx\launchtrayprocess - Brak pliku ==== UWAGA
Task: {F6E4D9A2-56EB-45CC-B23D-879F9DB55CEC} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig - Brak pliku ==== UWAGA
Task: {F7922401-32BA-45F6-85BC-06FDF044D6A3} - System32\Tasks\{F74BC0DE-A8E4-41D0-B88E-72337176815B} = pcalua.exe -a C:\Users\Mateusz\Desktop\sp43913.exe -d C:\Users\Mateusz\Desktop
EmptyTemp:
Uruchom FRST i kliknij Napraw (Fix). Pokaż raport z usuwania Fixlog.
Wklej do systemowego notatnika i zapisz jako plik tekstowy o nazwie fixlist :
Tcpip\Parameters: [NameServer] 82.163.142.7 95.211.158.134
Tcpip\..\Interfaces\{4658924b-bdb6-4954-a67d-241c9eeef211}: [NameServer] 82.163.142.7 95.211.158.134
Tcpip\..\Interfaces\{4658924b-bdb6-4954-a67d-241c9eeef211}: [DhcpNameServer] 192.168.1.1 85.202.144.11
Tcpip\..\Interfaces\{756f53a3-5548-4621-9fce-455456f0c7fa}: [NameServer] 82.163.142.7 95.211.158.134
Tcpip\..\Interfaces\{756f53a3-5548-4621-9fce-455456f0c7fa}: [DhcpNameServer] 82.163.142.7
Tcpip\..\Interfaces\{ea64158a-1a0e-4d45-83f8-030278d00cdc}: [NameServer] 82.163.142.7 95.211.158.134
Tcpip\..\Interfaces\{ea64158a-1a0e-4d45-83f8-030278d00cdc}: [DhcpNameServer] 82.163.142.7
Tcpip\..\Interfaces\{fe102ff4-af21-445f-9c79-67f4332321f1}: [NameServer] 82.163.142.7 95.211.158.134
Tcpip\..\Interfaces\{fe102ff4-af21-445f-9c79-67f4332321f1}: [DhcpNameServer] 82.163.142.7
2016-03-07 13:42 - 2016-03-07 13:42 - 00000000 _____ C:\Users\Mateusz\AppData\Local\QSwitch.txt
2016-03-07 13:42 - 2016-03-07 13:42 - 00000000 _____ C:\Users\Mateusz\AppData\Local\DSwitch.txt
2016-03-07 13:42 - 2016-03-07 13:42 - 00000000 _____ C:\Users\Mateusz\AppData\Local\AtStart.txt
2016-03-07 12:10 - 2016-03-07 12:10 - 00000000 ____ D C:\Program Files\DNS Unlocker
CMD: ipconfig /flushdns
CMD: ipconfig /renew
EmptyTemp:
Uruchom FRST i kliknij Napraw (Fix). Pokaż raport z usuwania Fixlog.
Skasuj folder C:\FRST