jakieś diabelstwo zaczyna zjadać mój komputerek, prosiłbym Was o pomoc. Proces ten zjada mi około 80% ram.
Addition:http://www.wklejto.pl/823801
Frst:http://www.wklejto.pl/823804
CloudNet (HKU\S-1-5-21-920357276-1666557797-4135290549-1001\...\CloudNet) (Version: 20170301 - EpicNet Inc.) <==== UWAGA
HKU\S-1-5-21-920357276-1666557797-4135290549-1001\...\Run: [CloudNet] => C:\Users\pc\AppData\Roaming\EpicNet Inc\CloudNet\cloudnet.exe [683008 2020-04-01] (EpicNet Inc.) [Brak podpisu cyfrowego] <==== UWAGA
RemoveDirectory: C:\Users\pc\AppData\Roaming\EpicNet Inc
Task: {2C0BC129-B112-421C-90BF-16648C9DBDED} - System32\Tasks\csrss => C:\WINDOWS\rss\csrss.exe [3947520 2020-03-25] () [Brak podpisu cyfrowego] <==== UWAGA
C:\WINDOWS\rss\csrss.exe
FirewallRules: [{125ADCD8-D7CE-420B-8BDC-5FD97C0B71A2}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe Brak pliku
FirewallRules: [{FF5E1151-7B57-4241-BCF5-E103B758A4AD}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe Brak pliku
FirewallRules: [{AC06DD90-7BAA-4D49-8F9C-13198253B759}] => (Allow) C:\WINDOWS\rss\csrss.exe () [Brak podpisu cyfrowego]
FirewallRules: [{89685766-C6FF-4F65-942E-CF488E513321}] => (Allow) C:\Users\pc\AppData\Roaming\EpicNet Inc\CloudNet\cloudnet.exe (EpicNet Inc.) [Brak podpisu cyfrowego]
CHR Session Restore: Default -> [funkcja włączona]
Powershell: wevtutil el | Foreach-Object {wevtutil cl "$_"}
EmptyTemp:
HKU\S-1-5-21-920357276-1666557797-4135290549-1001\...\Run: [SmallField] => "C:\WINDOWS\rss\csrss.exe" <==== UWAGA
C:\WINDOWS\rss\csrss.exe
R2 WinDefender; C:\WINDOWS\windefender.exe [1986560 2020-04-01] () [Brak podpisu cyfrowego]
C:\WINDOWS\windefender.exe
HKU\S-1-5-21-920357276-1666557797-4135290549-1001\...\StartupApproved\Run: => "SmallField"
FirewallRules: [{D774B216-B68A-4BA2-83C7-F15C0E9A1D7D}] => (Allow) C:\WINDOWS\rss\csrss.exe Brak pliku
FirewallRules: [{A333C18E-708A-4903-8B1D-7658CAD01C2D}] => (Allow) C:\Users\pc\AppData\Roaming\EpicNet Inc\CloudNet\cloudnet.exe Brak pliku
StartRegedit:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\wuauserv]
"PreshutdownTimeout"=dword:036ee800
"DisplayName"="@%systemroot%\\system32\\wuaueng.dll,-105"
"ImagePath"=hex(2):25,00,73,00,79,00,73,00,74,00,65,00,6d,00,72,00,6f,00,6f,00,\
74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,\
00,76,00,63,00,68,00,6f,00,73,00,74,00,2e,00,65,00,78,00,65,00,20,00,2d,00,\
6b,00,20,00,6e,00,65,00,74,00,73,00,76,00,63,00,73,00,00,00
"Description"="@%systemroot%\\system32\\wuaueng.dll,-106"
"ObjectName"="LocalSystem"
"ErrorControl"=dword:00000001
"Start"=dword:00000002
"DelayedAutoStart"=dword:00000001
"Type"=dword:00000020
"DependOnService"=hex(7):72,00,70,00,63,00,73,00,73,00,00,00,00,00
"ServiceSidType"=dword:00000001
"RequiredPrivileges"=hex(7):53,00,65,00,41,00,75,00,64,00,69,00,74,00,50,00,72,\
00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,53,00,65,00,43,00,72,00,\
65,00,61,00,74,00,65,00,47,00,6c,00,6f,00,62,00,61,00,6c,00,50,00,72,00,69,\
00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,53,00,65,00,43,00,72,00,65,00,\
61,00,74,00,65,00,50,00,61,00,67,00,65,00,46,00,69,00,6c,00,65,00,50,00,72,\
00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,53,00,65,00,54,00,63,00,\
62,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,53,00,65,\
00,41,00,73,00,73,00,69,00,67,00,6e,00,50,00,72,00,69,00,6d,00,61,00,72,00,\
79,00,54,00,6f,00,6b,00,65,00,6e,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,\
00,67,00,65,00,00,00,53,00,65,00,49,00,6d,00,70,00,65,00,72,00,73,00,6f,00,\
6e,00,61,00,74,00,65,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,\
00,00,00,53,00,65,00,49,00,6e,00,63,00,72,00,65,00,61,00,73,00,65,00,51,00,\
75,00,6f,00,74,00,61,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,\
00,00,00,53,00,65,00,53,00,68,00,75,00,74,00,64,00,6f,00,77,00,6e,00,50,00,\
72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,00,00
"FailureActions"=hex:80,51,01,00,00,00,00,00,00,00,00,00,03,00,00,00,14,00,00,\
00,01,00,00,00,60,ea,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\wuauserv\Parameters]
"ServiceDll"=hex(2):25,00,73,00,79,00,73,00,74,00,65,00,6d,00,72,00,6f,00,6f,\
00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,\
77,00,75,00,61,00,75,00,65,00,6e,00,67,00,2e,00,64,00,6c,00,6c,00,00,00
"ServiceMain"="WUServiceMain"
"ServiceDllUnloadOnStop"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\wuauserv\Security]
"Security"=hex:01,00,14,80,78,00,00,00,84,00,00,00,14,00,00,00,30,00,00,00,02,\
00,1c,00,01,00,00,00,02,80,14,00,ff,00,0f,00,01,01,00,00,00,00,00,01,00,00,\
00,00,02,00,48,00,03,00,00,00,00,00,14,00,9d,00,02,00,01,01,00,00,00,00,00,\
05,0b,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,\
20,02,00,00,00,00,14,00,ff,01,0f,00,01,01,00,00,00,00,00,05,12,00,00,00,01,\
01,00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00
EndRegedit:
Reboot:
DeleteKey: HKKU\S-1-5-21-920357276-1666557797-4135290549-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\CloudNet
DeleteKey: HKKU\S-1-5-21-920357276-1666557797-4135290549-1001\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\CloudNet
DeleteKey: HKKU\S-1-5-21-920357276-1666557797-4135290549-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\CloudNet
DeleteKey: HKKU\S-1-5-21-920357276-1666557797-4135290549-1001\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\CloudNet
Reboot:
DeleteKey: HKU\S-1-5-21-920357276-1666557797-4135290549-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\CloudNet
DeleteKey: HKU\S-1-5-21-920357276-1666557797-4135290549-1001\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\CloudNet
Użytkownicy przeglądający to forum: Brak zarejestrowanych użytkowników oraz 18 gości