Otwórz notatnik systemowy i wklej: Task: {2425894A-A08E-458A-9151-0762B9E45235} - System32\Tasks\{38DE5B66-09CC-43DF-BE7F-D986A7CD8C56} => C:\Windows\system32\pcalua.exe -a C:\Users\KRYSTIK\AppData\Local\Temp\Temp1_TL-WN781ND_V2_Utility_150818.zip\TL-WN781ND_V2_Utility_150818\Utility\setup.exe <==== ATTENTION Task: {4D496E47-C8BF-4F98-A9E8-7979D8660E4D} - System32\Tasks\curl => C:\Users\KRYSTIK\AppData\Roaming\curl\curl_7_54.exe [2017-11-29] (curl, hxxps://curl.haxx.se/) <==== ATTENTION Task: {8FAA67E6-5F1C-4A57-A9C8-0D6FA273DEC4} - System32\Tasks\curls => C:\Users\KRYSTIK\AppData\Roaming\curl\curl.exe <==== ATTENTION Task: {BEB5D2DE-32E8-4D48-895A-ABC43C30097C} - System32\Tasks\initwin => C:\Users\KRYSTIK\AppData\Local\initwin\initwin.exe [2017-12-03] () <==== ATTENTION Task: {EA3B2B22-E7FA-4452-9FD8-0FE79F948A28} - System32\Tasks\ROCCAT_Swarm_HWMonitor => D:/Program [Argument = Files (x86)/ROCCAT/ROCCAT Swarm/data/SWARM_CONNECT/SwarmHW_Service.exe] ShortcutWithArgument: C:\Users\KRYSTIK\AppData\Local\Microsoft\Start Menu\Вoйти в Интeрнeт.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> "hxxp://pzemisa.ru/?utm_source=startlink03&utm_content=736921f4e59eac7fe759af5a765d3686&utm_term=A7F599EC01C64E8EAA5B1D7397335F5B&utm_d=20171129" HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION HKU\S-1-5-21-1775769091-897169614-202756039-1000\...\Run: [ycAutoLaunch_88B89DA5271085617E3802DF353A7CC2] => "C:\Users\KRYSTIK\AppData\Local\yc\Application\yc.exe" /prefetch:5 HKU\S-1-5-21-1775769091-897169614-202756039-1000\...\Run: [xawletbfpo] => explorer "hxxp://granena.ru/?utm_source=uoua03n&utm_content=e739009bccd5f1e6d71a91bff5994529&utm_term=A7F599EC01C64E8EAA5B1D7397335F5B&utm_d=20171129" <==== ATTENTION HKU\S-1-5-21-1775769091-897169614-202756039-1000\...\MountPoints2: {0570e86b-5389-11e7-be8d-9be63a4c0e45} - F:\AutoRun.exe HKU\S-1-5-21-1775769091-897169614-202756039-1000\...\MountPoints2: {4af78d47-9a2e-11e7-b0c1-e07f1ed7e3ce} - F:\AutoRun.exe HKU\S-1-5-21-1775769091-897169614-202756039-1000\...\MountPoints2: {87631081-538d-11e7-82ce-9cac337ff847} - F:\AutoRun.exe HKU\S-1-5-21-1775769091-897169614-202756039-1000\...\MountPoints2: {aff5b1a5-c3e9-11e7-95f5-9c0a934c7155} - F:\AutoRun.exe HKU\S-1-5-21-1775769091-897169614-202756039-1000\...\MountPoints2: {d1282777-5477-11e7-9447-b80864bb1857} - E:\AutoRun.exe GroupPolicy: Restriction - Chrome <==== ATTENTION GroupPolicy\User: Restriction <==== ATTENTION HKU\S-1-5-21-1775769091-897169614-202756039-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://granena.ru/?utm_content=31b5cebd524a9af6c7a772dca81815e9&utm_source=startpm&utm_term=A7F599EC01C64E8EAA5B1D7397335F5B&utm_d=20171129 HKU\S-1-5-21-1775769091-897169614-202756039-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/pl-pl/?ocid=iehp SearchScopes: HKU\S-1-5-21-1775769091-897169614-202756039-1000 -> DefaultScope {FFEBBF0A-C22C-4172-89FF-45215A135AC7} URL = hxxp://go.mail.ru/distib/ep/?q={searchTerms}&fr=ntg&product_id=%7BDE04A17B-1D12-4313-9BED-84A87005EBC5%7D&gp=855500 SearchScopes: HKU\S-1-5-21-1775769091-897169614-202756039-1000 -> {FFEBBF0A-C22C-4172-89FF-45215A135AC7} URL = hxxp://go.mail.ru/distib/ep/?q={searchTerms}&fr=ntg&product_id=%7BDE04A17B-1D12-4313-9BED-84A87005EBC5%7D&gp=855500 CHR HomePage: Default -> inline.go.mail.ru CHR StartupUrls: Default -> "hxxp://www.google.com/","hxxp://www.nuesearch.com/?type=hp&ts=1468315569&z=e136e6df6b5b25f82badf98gaz5qfbbccgeweweqdb&from=wpm0616&uid=WDCXWD10EZEX-00RKKA0_WD-WCC1S456069760697","hxxp://mail.ru/cnt/10445?gp=855100" CHR HKLM-x32\...\Chrome\Extension: [bhjhnafpiilpffhglajcaepjbnbjemci] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [hcadgijmedbfgciegjomfpjcdchlhnif] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [lhemechcanjmilllmccjbjldonmnnjjj] - hxxps://clients2.google.com/service/update2/crx R2 SvcHost Service Host; C:\Windows\Microsoft\svchost.exe [0 ] () <==== ATTENTION (zero byte File/Folder) S2 Ea3Host; C:\Windows\system32\Ea3Host.exe [X] S3 VGPU; System32\drivers\rdvgkmd.sys [X] S1 wfcre; system32\drivers\wfcre.sys [X] 2017-12-02 14:50 - 2017-12-02 15:29 - 000000000 ____D C:\AdwCleaner 2017-11-29 21:35 - 2017-11-29 21:35 - 000000000 ____D C:\Windat 2017-11-29 21:35 - 2017-11-29 21:35 - 000000000 ____D C:\Disk 2017-11-29 21:32 - 2017-11-29 21:32 - 000003542 _____ C:\Windows\System32\Tasks\curl 2017-11-29 21:32 - 2017-11-29 21:32 - 000003330 _____ C:\Windows\System32\Tasks\curls 2017-11-29 21:32 - 2017-11-29 21:32 - 000000000 ____D C:\Users\KRYSTIK\AppData\Roaming\curl 2017-11-29 21:30 - 2017-11-29 22:42 - 000000000 ____D C:\Users\KRYSTIK\AppData\Local\yc 2017-11-29 21:27 - 2017-12-03 10:41 - 000000000 ____D C:\Users\KRYSTIK\AppData\Local\initwin 2017-11-29 21:27 - 2017-11-29 21:27 - 000003422 _____ C:\Windows\System32\Tasks\initwin EmptyTemp: Plik zapisz pod nazwą fixlist.txt i umieść obok FRST w tym samym folderze. Uruchom jako administrator FRST i kliknij w Fix/Napraw.