Trojany duża ilość

[czybit16]

Witam podczas przeglądania internetu co chwilę ksprzak pokazuje trojany poniżej logi z rsit i otl


rsit

http://wyslijto.pl/plik/xq8jpj6ldw


otl

http://wyslijto.pl/plik/4efpua2hgr

[wojtas]

Daj loga z combofixa ale zainstaluj wraz z nim konsolę odzyskiwania ( instrukcja programu )

[czybit16]

Kod: Zaznacz wszystko

ComboFix 10-01-26.01 - Kiyo 2010-01-27   1:48.1.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6001.1.1250.48.1045.18.2908.2001 [GMT 9:00]
Uruchomiony z: c:\users\Kiyo\Desktop\ComboFix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

(((((((((((((((((((((((((((((((((((((((   Usunięto   )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-3534407646-2922545102-3919244342-500
c:\users\Kiyo\AppData\Roaming\Desktopicon
c:\users\Kiyo\AppData\Roaming\Desktopicon\config.ini
c:\windows\Fonts\MyriadPro-Regular.otf
c:\windows\system32\twain_32.dll

.
(((((((((((((((((((((((((   Pliki utworzone od 2009-12-26 do 2010-01-26  )))))))))))))))))))))))))))))))
.

2010-01-26 16:56 . 2010-01-26 16:56   --------   d-----w-   c:\users\Kiyo\AppData\Local\temp
2010-01-26 16:56 . 2010-01-26 16:56   --------   d-----w-   c:\users\Default\AppData\Local\temp
2010-01-25 15:08 . 2010-01-25 15:09   --------   d-----w-   c:\program files\trend micro
2010-01-25 15:08 . 2010-01-25 15:09   --------   d-----w-   C:\rsit
2010-01-25 11:11 . 2010-01-25 11:11   --------   d-----w-   c:\users\Kiyo\AppData\Roaming\Malwarebytes
2010-01-25 11:10 . 2010-01-07 07:07   38224   ----a-w-   c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-25 11:10 . 2010-01-25 11:11   --------   d-----w-   c:\program files\Malwarebytes' Anti-Malware
2010-01-25 11:10 . 2010-01-25 11:10   --------   d-----w-   c:\programdata\Malwarebytes
2010-01-25 11:10 . 2010-01-07 07:07   19160   ----a-w-   c:\windows\system32\drivers\mbam.sys
2010-01-13 12:59 . 2009-10-19 14:27   156672   ----a-w-   c:\windows\system32\t2embed.dll
2010-01-13 12:59 . 2009-10-19 14:24   72704   ----a-w-   c:\windows\system32\fontsub.dll
2010-01-08 21:35 . 2010-01-25 10:25   --------   d-----w-   c:\users\Kiyo\AppData\Roaming\DMCache
2010-01-08 21:34 . 2010-01-08 21:34   --------   d-----w-   c:\program files\Internet Download Manager
2010-01-03 21:08 . 2010-01-03 21:08   --------   d-----w-   c:\users\Kiyo\AppData\Local\vdownloader
2010-01-03 21:07 . 2010-01-03 21:08   --------   d-----w-   c:\program files\Ask.com
2010-01-03 21:07 . 2010-01-03 21:07   --------   d-----w-   c:\program files\Common Files\eBay
2009-12-30 09:47 . 2009-12-30 09:47   --------   d-----w-   c:\program files\CCleaner

.
((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-26 16:46 . 2009-10-08 12:59   --------   d-----w-   c:\programdata\Kaspersky Lab
2010-01-26 13:21 . 2009-07-07 09:17   --------   d-----w-   c:\users\Kiyo\AppData\Roaming\Skype
2010-01-26 13:21 . 2009-07-07 10:53   --------   d-----w-   c:\users\Kiyo\AppData\Roaming\skypePM
2010-01-25 18:06 . 2009-07-07 12:44   1   ----a-w-   c:\users\Kiyo\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-01-25 14:52 . 2008-04-14 13:31   662056   ----a-w-   c:\windows\system32\perfh015.dat
2010-01-25 14:52 . 2008-04-14 13:31   126908   ----a-w-   c:\windows\system32\perfc015.dat
2010-01-25 10:26 . 2009-10-14 13:13   --------   d-----w-   c:\programdata\eBay
2010-01-25 10:26 . 2009-10-14 13:12   --------   d-----w-   c:\program files\eBay
2010-01-25 10:26 . 2009-04-16 06:13   --------   d--h--w-   c:\program files\InstallShield Installation Information
2010-01-21 16:43 . 2009-12-21 15:32   --------   d-----w-   c:\program files\Gadu-Gadu 10
2010-01-21 16:33 . 2009-11-11 10:43   --------   d-----w-   c:\program files\Microsoft Silverlight
2010-01-14 02:12 . 2009-10-05 16:53   181120   ------w-   c:\windows\system32\MpSigStub.exe
2010-01-09 14:56 . 2009-07-06 11:56   53984   ----a-w-   c:\users\Kiyo\AppData\Local\GDIPFONTCACHEV1.DAT
2010-01-02 06:38 . 2010-01-22 16:45   916480   ----a-w-   c:\windows\system32\wininet.dll
2010-01-02 06:32 . 2010-01-22 16:45   71680   ----a-w-   c:\windows\system32\iesetup.dll
2010-01-02 06:32 . 2010-01-22 16:45   109056   ----a-w-   c:\windows\system32\iesysprep.dll
2010-01-02 04:57 . 2010-01-22 16:45   133632   ----a-w-   c:\windows\system32\ieUnatt.exe
2009-12-25 12:42 . 2009-10-20 15:46   --------   d-----w-   c:\program files\LG PC Suite II
2009-12-23 18:01 . 2009-07-06 11:47   --------   d-----w-   c:\program files\Google
2009-12-21 15:25 . 2009-12-21 15:24   --------   d-----w-   c:\users\Kiyo\AppData\Roaming\Gadu-Gadu 10
2009-12-17 15:05 . 2009-12-17 15:05   37376   ----a-w-   c:\users\Kiyo\AppData\Roaming\Gadu-Gadu 10\_userdata\ggbho.2.dll
2009-12-14 14:43 . 2009-11-09 14:31   95744   ----a-w-   c:\programdata\SpeedBit\DAP\SDCondition.dll
2009-12-13 18:06 . 2009-12-13 18:06   --------   d-----w-   c:\program files\LGInternetKit
2009-12-13 18:04 . 2009-10-20 15:48   --------   d-----w-   c:\program files\LG Electronics
2009-12-02 13:07 . 2009-12-02 12:46   --------   d-----w-   c:\programdata\OpenFM
2009-12-02 12:46 . 2009-12-02 12:46   --------   d-----w-   c:\users\Kiyo\AppData\Roaming\OpenFM
2009-11-29 14:19 . 2009-07-06 11:46   --------   d-----w-   c:\program files\Common Files\Adobe
2009-11-27 19:51 . 2009-11-27 19:51   --------   d-----w-   c:\users\Kiyo\AppData\Roaming\gtk-2.0
2009-11-27 19:40 . 2009-11-27 19:40   --------   d-----w-   c:\program files\GIMP-2.0
2009-11-27 19:39 . 2009-09-24 16:32   --------   d-----w-   c:\users\Kiyo\AppData\Roaming\Corel
2009-11-26 15:50 . 2009-09-24 16:26   7308   --sha-w-   c:\windows\system32\KGyGaAvL.sys
2009-11-26 15:50 . 2009-09-24 16:33   168   --sha-r-   c:\windows\system32\6AA07FFD20.sys
2009-11-24 06:12 . 2009-11-24 06:12   484976   ----a-w-   c:\programdata\Google\Google Toolbar\Update\gtb2195.tmp.exe
2009-11-09 14:31 . 2009-11-09 14:31   3317784   ----a-w-   c:\programdata\SpeedBit\DAP\Offers\VA3_DapSo.exe
2009-11-09 14:30 . 2009-11-09 14:30   99840   ----a-w-   c:\programdata\SpeedBit\DAP\Updates\Condition.dll
2009-11-09 13:22 . 2009-12-09 15:04   24064   ----a-w-   c:\windows\system32\nshhttp.dll
2009-11-09 13:20 . 2009-12-09 15:04   31232   ----a-w-   c:\windows\system32\httpapi.dll
2009-11-09 11:04 . 2009-12-09 15:04   411136   ----a-w-   c:\windows\system32\drivers\http.sys
2009-10-29 09:41 . 2009-11-25 15:02   2048   ----a-w-   c:\windows\system32\tzres.dll
2009-10-08 13:04 . 2009-10-08 13:04   604140   --sha-w-   c:\windows\System32\drivers\ISwift3.dat
.

(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane 
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{31B27F2D-6BC6-451B-B3D2-4EAB36B2FC3B}]
2009-11-09 14:30   2655736   ----a-w-   c:\program files\SpeedBit Video Downloader\Toolbar\tbcore3.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2009-05-19 04:37   1144712   ----a-w-   c:\program files\Ask.com\GenericAskToolbar.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FF6C3CF0-4B15-11D1-ABED-709549C10000}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-05-19 1144712]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-05-19 1144712]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-07-07 39408]
"Odkurzacz-MCD"="d:\program files\Odkurzacz\odk_mcd.exe" [2008-08-16 264704]
"DownloadAccelerator"="c:\program files\DAP\DAP.EXE" [2009-11-09 2803200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"lxdemon.exe"="c:\program files\Lexmark 4800 Series\lxdemon.exe" [2007-06-11 455600]
"lxdeamon"="c:\program files\Lexmark 4800 Series\lxdeamon.exe" [2007-06-01 20480]
"FaxCenterServer"="c:\program files\Lexmark Fax Solutions\fm3032.exe" [2007-06-11 316336]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe" [2009-07-03 303376]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2009-11-22 30192]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-01-07 1394000]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"fsc-reg"="c:\fsc-reg\fscreg.exe" [2008-08-01 380688]

c:\users\Kiyo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
OpenOffice.org 3.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-4-16 384000]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\KASPER~1\KASPER~1\mzvkbd3.dll c:\progra~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-06-12 00:38   34672   ----a-w-   c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ALLUpdate]
2008-11-24 18:44   869888   ----a-w-   c:\program files\ALLPlayer\ALLUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2009-04-23 13:51   691656   ----a-w-   c:\program files\DAEMON Tools Lite\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FSC OSD Utility]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\fsc-reg]
2008-08-01 13:28   380688   ----a-w-   c:\fsc-reg\fscreg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FSCRecovery]
2008-06-18 12:25   268096   ----a-w-   c:\program files\Fujitsu Siemens Computers\Fujitsu Siemens Computers Recovery\FSCRecoveryReminder.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
2009-11-22 16:44   30192   ----a-w-   c:\program files\Google\Google Desktop Search\GoogleDesktop.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google EULA Launcher]
2008-05-28 11:40   20480   ----a-w-   c:\program files\Google\Google EULA\GoogleEULALauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2008-08-12 08:59   170520   ----a-w-   c:\windows\System32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2008-08-12 09:00   150040   ----a-w-   c:\windows\System32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2008-08-12 09:00   145944   ----a-w-   c:\windows\System32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
2008-10-31 12:06   6609440   ----a-w-   c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
2008-01-21 02:23   1233920   ----a-w-   c:\program files\Windows Sidebar\sidebar.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2009-07-01 16:37   37888   ----a-w-   c:\program files\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-21 02:23   1008184   ----a-w-   c:\program files\Windows Defender\MSASCui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3236136987-2309192795-984423249-1000]
"EnableNotifications"=dword:00000001
"EnableNotificationsRef"=dword:00000002

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\System32\drivers\klbg.sys [2008-12-15 33808]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\System32\drivers\klim6.sys [2009-05-15 21008]
R2 lxde_device;lxde_device;c:\windows\system32\lxdecoms.exe -service --> c:\windows\system32\lxdecoms.exe -service [?]
R3 athrusb;Atheros Wireless LAN USB device driver;c:\windows\System32\drivers\athrusb.sys [2009-07-08 449536]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\System32\drivers\klmouflt.sys [2009-05-16 19472]
R3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\System32\drivers\RTL8187B.sys [2009-04-16 337920]
S0 sptd;sptd;c:\windows\System32\drivers\sptd.sys [2009-07-07 721904]
S2 ELOADER;General Purpose USB Driver (adildr.sys);c:\windows\System32\drivers\adildr.sys [2009-10-24 56088]
S2 gupdate;Usługa Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2009-10-18 133104]
S3 GoogleDesktopManager-110309-193829;Menedżer Google Desktop 5.9.911.3589;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2009-07-06 30192]
.
Zawartość folderu 'Zaplanowane zadania'

2010-01-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-17 16:36]

2010-01-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-17 16:36]

2010-01-26 c:\windows\Tasks\User_Feed_Synchronization-{0D89C24C-A74A-4813-B70B-43BB36D9AB9E}.job
- c:\windows\system32\msfeedssync.exe [2010-01-22 04:56]
.
.
------- Skan uzupełniający -------
.
uStart Page = hxxp://www.google.pl/
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=FUJD&bmod=FUJD
IE: &Clean Traces - c:\program files\DAP\Privacy Package\dapcleanerie.htm
IE: &Download with &DAP - c:\program files\DAP\dapextie.htm
IE: Dodaj do blokowanych banerów - c:\program files\Kaspersky Lab\Kaspersky Internet Security 2010\ie_banner_deny.htm
IE: Download &all with DAP - c:\program files\DAP\dapextie2.htm
IE: Funkcja Google Sidewiki - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
IE: Wyszukiwanie w serwisie eBay - c:\program files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} - hxxp://lads.myspace.com/upload/MySpaceUploader2.cab
.
- - - - USUNIĘTO PUSTE WPISY - - - -

HKU-Default-Run-Picasa Media Detector - c:\program files\Picasa2\PicasaMediaDetector.exe
MSConfigStartUp-Picasa Media Detector - c:\program files\Picasa2\PicasaMediaDetector.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-27 01:56
Windows 6.0.6001 Service Pack 1 NTFS

skanowanie ukrytych procesów ... 

skanowanie ukrytych wpisów autostartu ...

skanowanie ukrytych plików ... 

skanowanie pomyślnie ukończone
ukryte pliki: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x86296158]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0x8a3db322
\Driver\ACPI -> acpi.sys @ 0x8069bd4c
\Driver\atapi -> 0x86296158
IoDeviceObjectType ->\Device\Harddisk0\DR0 ->Warning: possible MBR rootkit infection !
user & kernel MBR OK

**************************************************************************
.
--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------

[HKEY_USERS\S-1-5-21-3236136987-2309192795-984423249-1000_Classes\CLSID\{348bff8a-95c5-4fab-b044-c3a100a765f8}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:00000018
"Therad"=dword:00000012

[HKEY_USERS\S-1-5-21-3236136987-2309192795-984423249-1000_Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"scansk"=hex(0):e3,89,03,e0,0b,58,29,52,87,dd,e9,b9,48,11,f3,57,07,b2,ca,fd,7a,
   31,31,b1,11,a7,48,84,2f,45,b7,17,06,47,16,c0,4b,5c,08,fd,00,00,00,00,00,00,\

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Czas ukończenia: 2010-01-27  02:00:42
ComboFix-quarantined-files.txt  2010-01-26 17:00

Przed: 13 877 379 072 bajtów wolnych
Po: 13 733 113 856 bajtów wolnych

- - End Of File - - 7C743A2D453AC4354BEEF3177941EF72


Z czego teraz dać logi ??

[wojtas]

odinstaluj w dodaj usuń programy ask toolbar.

.Uruchom OTL z opcji CleanUp
2. wykonaj optymalizację windowsa
3.Wyłącz przywracanie systemu ( właściwości mój komputer-zakładka przywracanie - wyłącz przywracanie na wszystkich dyskach). Po chwili włącz je powrotem]
4. zrób skan Malwarebytes Anti-Malware (zaktualizuj, usuń co znajdzie ) i daj raport ze skanu