Jak usunąć wirusa odłączającego dostęp do sieci

Na komputerze zainstalował mi się wirus który odłącza dostęp do sieci i podszywa się pod Microsoft, program Windows Defender wykrył kilka wirusów i usunął je, ale tego wirusa nie wykrywa, proszę o pomoc

Proszę zamieścić logi wg opisu
https://www.elektroda.pl/rtvforum/topic3815619.html

Przeskanowałem to i dodaję pliki tekstowe z wynikami skanowania

Odinstaluj na razie:
Java 7 Update 55 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417055FF}) (Version: 7.0.550 - Oracle)
Java 7 Update 55 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217055FF}) (Version: 7.0.550 - Oracle)

Zrob skan przy pomocy mbam oraz adwclenaer i usun to co wykryja.

Wykonaj Fixlist.txt dla FRST:
CloseProcesses:
(taskeng.exe ->) () [Brak podpisu cyfrowego] D:\Users\Windows 8\AppData\Local\Temp\wfplwfs.exe
HKLM\...\Run: [Opera Browser Assistant] => D:\Users\Windows 8\AppData\Local\Programs\Opera\assistant\browser_assistant.exe [3970456 2023-05-16] (Opera Norway AS -> Opera Software)
HKLM-x32\...\Run: [LuckyWheel] => D:\Program Files (x86)\LuckyWheel\LuckyWheel.exe [73008 2023-04-12] (Lucky Joe -> ) [Brak podpisu cyfrowego]
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Ograniczenia <==== UWAGA
HKU\S-1-5-21-3885444786-4274065525-644525408-1001\...\Run: [Lync] => "D:\Program Files\Microsoft Office\Office15\lync.exe" /fromrunkey (Brak pliku)
HKU\S-1-5-21-3885444786-4274065525-644525408-1001\...\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] => D:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe [1828136 2008-02-28] (Nero AG -> Nero AG)
HKU\S-1-5-21-3885444786-4274065525-644525408-1001\...\Run: [Web Companion] => D:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe --minimize (Brak pliku) <==== UWAGA
HKU\S-1-5-21-3885444786-4274065525-644525408-1001\...\Run: [0c9a16a11ffa07287747c74498b8128d] => D:\Program Files\DVDFab\DVDFab 12\liveupdate.exe [2683976 2021-04-01] (DVDFab Software Inc. -> )
HKU\S-1-5-21-3885444786-4274065525-644525408-1001\...\Run: [MicrosoftEdgeAutoLaunch_F1C06E95F963D8437B2EC375B8F7D759] => "D:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5 [4188560 2023-04-22] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-3885444786-4274065525-644525408-1001\...\Run: [LuckyWheel] => D:\Program Files (x86)\LuckyWheel\LuckyWheel.exe [73008 2023-04-12] (Lucky Joe -> ) [Brak podpisu cyfrowego]
HKU\S-1-5-21-3885444786-4274065525-644525408-1001\...\Run: [WindowsServices] => D:\Program Files (x86)\LuckyWheel\WindowsServices.exe [16176 2023-04-12] (Lucky Joe -> Microsoft) [Brak podpisu cyfrowego]
HKU\S-1-5-21-3885444786-4274065525-644525408-1001\...\Run: [Opera Stable] => D:\Users\Windows 8\AppData\Local\Programs\Opera\launcher.exe [2635160 2023-04-27] (Opera Norway AS -> Opera Software)
HKU\S-1-5-21-3885444786-4274065525-644525408-1001\...\MountPoints2: H - "H:\AutoRun.exe"
HKU\S-1-5-21-3885444786-4274065525-644525408-1001\...\MountPoints2: {334ec806-bc06-11ed-83e4-50465dcfdd0a} - "H:\AutoRun.exe"
HKU\S-1-5-21-3885444786-4274065525-644525408-1001\...\MountPoints2: {334ec83e-bc06-11ed-83e4-50465dcfdd0a} - "H:\AutoRun.exe"
HKU\S-1-5-21-3885444786-4274065525-644525408-1001\...\MountPoints2: {4f29db8b-df60-11ed-8428-50465dcfdd0a} - "H:\AutoRun.exe"
HKU\S-1-5-21-3885444786-4274065525-644525408-1001\...\MountPoints2: {4f29dbf8-df60-11ed-8428-50465dcfdd0a} - "H:\AutoRun.exe"
HKU\S-1-5-21-3885444786-4274065525-644525408-1001\...\MountPoints2: {4f29dc39-df60-11ed-8428-50465dcfdd0a} - "H:\AutoRun.exe"
HKU\S-1-5-21-3885444786-4274065525-644525408-1001\...\MountPoints2: {4f29dc71-df60-11ed-8428-50465dcfdd0a} - "H:\AutoRun.exe"
HKU\S-1-5-21-3885444786-4274065525-644525408-1001\...\MountPoints2: {4f29dcaa-df60-11ed-8428-50465dcfdd0a} - "H:\AutoRun.exe"
HKU\S-1-5-21-3885444786-4274065525-644525408-1001\...\MountPoints2: {4f29dcea-df60-11ed-8428-50465dcfdd0a} - "H:\AutoRun.exe"
HKU\S-1-5-21-3885444786-4274065525-644525408-1001\...\MountPoints2: {4f29dd25-df60-11ed-8428-50465dcfdd0a} - "H:\AutoRun.exe"
HKU\S-1-5-21-3885444786-4274065525-644525408-1001\...\MountPoints2: {4f29dd59-df60-11ed-8428-50465dcfdd0a} - "H:\AutoRun.exe"
HKU\S-1-5-21-3885444786-4274065525-644525408-1001\...\MountPoints2: {4f29ddab-df60-11ed-8428-50465dcfdd0a} - "H:\AutoRun.exe"
HKU\S-1-5-21-3885444786-4274065525-644525408-1001\...\MountPoints2: {4f29dde7-df60-11ed-8428-50465dcfdd0a} - "H:\AutoRun.exe"
HKU\S-1-5-21-3885444786-4274065525-644525408-1001\...\MountPoints2: {4f29deac-df60-11ed-8428-50465dcfdd0a} - "H:\AutoRun.exe"
HKU\S-1-5-21-3885444786-4274065525-644525408-1001\...\MountPoints2: {b15320cc-de8f-11ed-8427-685d439c2989} - "H:\AutoRun.exe"
HKU\S-1-5-21-3885444786-4274065525-644525408-1001\...\MountPoints2: {b1532133-de8f-11ed-8427-685d439c2989} - "H:\AutoRun.exe"
HKU\S-1-5-21-3885444786-4274065525-644525408-1001\...\MountPoints2: {b15322a9-de8f-11ed-8427-685d439c2989} - "H:\AutoRun.exe"
HKU\S-1-5-21-3885444786-4274065525-644525408-1001\...\MountPoints2: {b1532303-de8f-11ed-8427-685d439c2989} - "H:\AutoRun.exe"
HKU\S-1-5-21-3885444786-4274065525-644525408-1001\...\MountPoints2: {b1532321-de8f-11ed-8427-685d439c2989} - "H:\AutoRun.exe"
HKU\S-1-5-21-3885444786-4274065525-644525408-1001\...\MountPoints2: {b1532508-de8f-11ed-8427-685d439c2989} - "H:\AutoRun.exe"
HKU\S-1-5-21-3885444786-4274065525-644525408-1001\...\MountPoints2: {b153254a-de8f-11ed-8427-685d439c2989} - "H:\AutoRun.exe"
HKU\S-1-5-21-3885444786-4274065525-644525408-1001\...\MountPoints2: {c56268ee-e1bd-11ed-842d-685d439c2989} - "K:\AutoRun.exe"
HKU\S-1-5-21-3885444786-4274065525-644525408-1001\...\MountPoints2: {e7a28696-cb00-11ed-8402-685d439c2985} - "H:\AutoRun.exe"
GroupPolicy: Ograniczenia ? <==== UWAGA
Policies: D:\ProgramData\NTUSER.pol: Ograniczenia <==== UWAGA
HKLM\SOFTWARE\Policies\Google: Ograniczenia <==== UWAGA
Task: {1A2A6F87-F5C1-43D6-9F24-5C975273F46A} - System32\Tasks\{239264CF-4D6B-462F-98CB-366F6DDCB6E2} => D:\Windows\system32\pcalua.exe [13312 2013-08-22] (Microsoft Windows -> Microsoft Corporation) -> -a "D:\Program Files\Conexant\VID_1D19&PID_6109&MI_00\Setup64.exe" -c -U -1 -IVID_1D19&PID_6109&MI_00
Task: {1EC57B87-9CB9-430B-AE89-557FACF25826} - System32\Tasks\Nero\Nero Info => D:\Program Files (x86)\Common Files\Nero\Nero Info\NeroInfo.exe [3673424 2014-07-21] (Nero AG -> Nero AG)
Task: {55C95CC9-EF0C-45C4-930D-F7115B55EB4F} - System32\Tasks\GoogleUpdateTaskMachineQC => D:\Program Files\Google\Chrome\updater.exe [59314968 2023-05-19] (Google LLC -> ) [Brak podpisu cyfrowego] <==== UWAGA
Task: {618CB326-E4DD-448D-9947-B3497FC9D76E} - System32\Tasks\Opera scheduled assistant Autoupdate 1677675768 => D:\Users\Windows 8\AppData\Local\Programs\Opera\launcher.exe [2635160 2023-04-27] (Opera Norway AS -> Opera Software) -> --scheduledautoupdate --component-name=assistant --component-path="D:\Users\Windows 8\AppData\Local\Programs\Opera\assistant" $(Arg0)
Task: {6D9AA9F7-9D85-4FCC-9D7A-3A83062DA110} - System32\Tasks\GoogleUpdateTaskMachineCore => D:\Program Files (x86)\Google\Update\GoogleUpdate.exe [155592 2021-04-04] (Odmowa dostępu) [Brak podpisu cyfrowego] /c (Odmowa dostępu) <==== UWAGA
Task: {8D59009A-9DFB-455D-A716-404E35524CDB} - System32\Tasks\GoogleUpdateTaskMachineUA => D:\Program Files (x86)\Google\Update\GoogleUpdate.exe [155592 2021-04-04] (Odmowa dostępu) [Brak podpisu cyfrowego] /ua /installsource scheduler (Odmowa dostępu) <==== UWAGA
Task: {B5E0139D-B40F-4A3B-B462-DBD4A7BBDFDC} - System32\Tasks\Opera scheduled Autoupdate 1677675762 => D:\Users\Windows 8\AppData\Local\Programs\Opera\launcher.exe [2635160 2023-04-27] (Opera Norway AS -> Opera Software)
Task: {D2C62E30-F76B-4A0D-B8A7-939652B72F84} - System32\Tasks\Microsoft\Windows\Windows Error Reporting\SystemInfo => D:\Users\Windows 8\AppData\Roaming\\sysinfotool\\sitool.exe [84480 ] () [Brak podpisu cyfrowego]
D:\Users\Windows 8\AppData\Roaming\sysinfotool\
Task: {E4AE3274-0C3F-4A79-AA71-A1F6AB90B328} - System32\Tasks\79880f71c965a64b => D:\Users\Windows 8\AppData\Local\Temp\wfplwfs.exe [5693440 2023-05-19] () [Brak podpisu cyfrowego] <==== UWAGA
Task: D:\Windows\Tasks\79880f71c965a64b.job => D:\Users\WINDOW~1\AppData\Local\Temp\wfplwfs.exe <==== UWAGA
AutoConfigURL: [{2872221C-1198-46BF-AE22-DE03102D7B63}] => hxxp://35.236.159.79/win.pac <==== UWAGA
AutoConfigURL: [{3975C502-EFF7-46D4-BC8A-A80E4A5BABD8}] => hxxp://35.236.159.79/win.pac <==== UWAGA
AutoConfigURL: [{5E149DB8-16A1-471F-812D-E346D1F66A89}] => hxxp://35.236.159.79/win.pac <==== UWAGA
AutoConfigURL: [{820819BA-7796-4A6D-84E4-B2D08C5D580B}] => hxxp://35.236.159.79/win.pac <==== UWAGA
ProxyServer: [S-1-5-21-3885444786-4274065525-644525408-1001] => 128.140.6.139:8080
AutoConfigURL: [S-1-5-21-3885444786-4274065525-644525408-1002] => hxxp://35.236.159.79/win.pac <==== UWAGA
RemoveProxy:
CHR HKLM-x32\...\Chrome\Extension: [aegnopegbbhjeeiganiajffnalhlkkjb]
S2 Mobile Broadband HL Service; "D:\Program Files (x86)\MobileBrServ\mbbservice.exe" -service [X]
U0 TaskKill; D:\Users\Windows 8\AppData\Local\Temp\Иисус.sys [36208 2023-05-19] (Sysinternals - www.sysinternals.com) [Brak podpisu cyfrowego] <==== UWAGA
U4 DiagTrack; Brak ImagePath
U4 dmwappushservice; Brak ImagePath
S3 DxVGrb; \SystemRoot\system32\drivers\DxVGrb.sys [X]
S3 ewusbnet; \SystemRoot\system32\DRIVERS\ewusbnet.sys [X]
S3 hwusbdev; \SystemRoot\system32\DRIVERS\ewusbdev.sys [X]
S3 hwusbfake; \SystemRoot\system32\DRIVERS\ewusbfake.sys [X]
2023-05-19 20:51 - 2023-05-19 21:03 - 000000000 ____D D:\ProgramData\360Quarant
2023-05-19 19:44 - 2023-05-21 21:55 - 000001976 _____ D:\Users\Windows 8\AppData\Roaming\Microsoft\index.html
2023-05-19 19:44 - 2023-05-21 21:55 - 000000514 _____ D:\Windows\Tasks\79880f71c965a64b.job
2023-05-19 19:44 - 2023-05-19 19:44 - 000002868 _____ D:\Windows\system32\Tasks\79880f71c965a64b
2023-05-19 19:44 - 2023-05-19 19:44 - 000000000 ____D D:\Program Files (x86)\LuckyWheel
2022-02-03 14:57 - 2022-02-03 14:57 - 000000171 _____ () D:\Users\Windows 8\AppData\Roaming\822f02e4-9e9a-4077-a765-71edfca16ad0
2023-02-12 13:07 - 2023-02-12 13:07 - 000000029 _____ () D:\Users\Windows 8\AppData\Roaming\default.rss
2023-02-12 13:07 - 2023-02-12 13:07 - 000000000 _____ () D:\Users\Windows 8\AppData\Roaming\downloads.m3u
2023-05-19 19:44 - 2023-05-21 21:55 - 000001976 _____ () D:\Users\Windows 8\AppData\Roaming\Microsoft\index.html
2023-05-19 19:44 - 2023-05-21 21:55 - 000002967 _____ () D:\Users\Windows 8\AppData\Roaming\Microsoft\logo.png
2023-05-19 19:44 - 2023-05-21 21:55 - 000001591 _____ () D:\Users\Windows 8\AppData\Roaming\Microsoft\qrcode.png
Emptytemp: