

Otwórz notatnik systemowy i wklej:

CustomCLSID: HKU\S-1-5-21-1043391465-3389820748-3846585623-1001_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-36B45BF033BD}\InprocServer32 -> %%systemroot%%\system32\shell32.dll => Brak pliku
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> Brak pliku
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> Brak pliku
ContextMenuHandlers1: [UnLockerMenu] -> {410BF280-86EF-4E0F-8279-EC5848546AD3} =>  -> Brak pliku
ContextMenuHandlers4: [UnLockerMenu] -> {410BF280-86EF-4E0F-8279-EC5848546AD3} =>  -> Brak pliku
ContextMenuHandlers6: [UnLockerMenu] -> {410BF280-86EF-4E0F-8279-EC5848546AD3} =>  -> Brak pliku
Task: {AF2F5270-C266-4606-91DB-5F2912AEFA1E} - System32\Tasks\Microsoft\Windows\Diagnosis\KeyCreator => C:\Users\twujstary\AppData\Roaming\\keycreator\\kget.exe
Task: {CD670ACE-8063-40B5-A8D6-871C7D3890B4} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe [2018-10-11] (AVAST Software)
Task: {EF08D92A-7523-4517-911F-579B0B8DC4E6} - System32\Tasks\AVG\Overseer => C:\Program Files\Common Files\AVG\Overseer\overseer.exe [2018-10-11] (AVG Technologies CZ, s.r.o.)
AlternateDataStreams: C:\ProgramData:NT [40]
AlternateDataStreams: C:\ProgramData:NT2 [656]
AlternateDataStreams: C:\Users\All Users:NT [40]
AlternateDataStreams: C:\Users\All Users:NT2 [656]
AlternateDataStreams: C:\ProgramData\Dane aplikacji:NT [40]
AlternateDataStreams: C:\ProgramData\Dane aplikacji:NT2 [656]
AlternateDataStreams: C:\ProgramData\MTA San Andreas All:NT [40]
AlternateDataStreams: C:\ProgramData\MTA San Andreas All:NT2 [656]
AlternateDataStreams: C:\Users\twujstary\Dane aplikacji:NT [40]
AlternateDataStreams: C:\Users\twujstary\Dane aplikacji:NT2 [656]
AlternateDataStreams: C:\Users\twujstary\AppData\Roaming:NT [40]
AlternateDataStreams: C:\Users\twujstary\AppData\Roaming:NT2 [656]
Hosts:
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== UWAGA
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Ograniczenia <==== UWAGA
HKU\S-1-5-21-1043391465-3389820748-3846585623-1001\...\MountPoints2: {77c6f116-d2ac-11e7-875f-88ad43fe0bc2} - "G:\setup.exe"
HKU\S-1-5-21-1043391465-3389820748-3846585623-1001\...\MountPoints2: {ff899eb7-ec24-11e7-8760-88ad43fe0bc2} - "H:\Autorun.exe"
BootExecute: autocheck autochk * sdnclean64.exe
GroupPolicy: Ograniczenia ? <==== UWAGA
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1043391465-3389820748-3846585623-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
HKLM\SYSTEM\CurrentControlSet\Services\avgSP <==== UWAGA (Rootkit!)
HKLM\SYSTEM\CurrentControlSet\Services\avgMonFlt <==== UWAGA (Rootkit!)
HKLM\SYSTEM\CurrentControlSet\Services\avgSnx <==== UWAGA (Rootkit!)
2018-10-23 10:44 - 2018-10-23 10:44 - 001028696 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\asw9ac40e78d83f6162.tmp
2018-10-23 10:44 - 2018-10-23 10:44 - 000467760 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\asw938557e574038fbb.tmp
2018-10-23 10:44 - 2018-10-23 10:44 - 000380992 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\aswc11af9d71f927177.tmp
2018-10-23 10:44 - 2018-10-23 10:44 - 000346616 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\aswf53e384aec0d0bea.tmp
2018-10-23 10:44 - 2018-10-23 10:44 - 000230880 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\asw54646024c9abdb9b.tmp
2018-10-23 10:44 - 2018-10-23 10:44 - 000208488 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\asw36d092c8b78c1d0e.tmp
2018-10-23 10:44 - 2018-10-23 10:44 - 000202296 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\asw76a6b54488b37a2b.tmp
2018-10-23 10:44 - 2018-10-23 10:44 - 000201264 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\aswba4b1a3ec80a3664.tmp
2018-10-23 10:44 - 2018-10-23 10:44 - 000163224 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\aswed06398c7bd8b75a.tmp
2018-10-23 10:44 - 2018-10-23 10:44 - 000111816 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\asw15254cc6333403bd.tmp
2018-10-23 10:44 - 2018-10-23 10:44 - 000087968 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\asw3a2472c05b9ce870.tmp
2018-10-23 10:44 - 2018-10-23 10:44 - 000059520 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\aswe7515b873e150931.tmp
2018-10-23 10:44 - 2018-10-23 10:44 - 000046920 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\asw45a6706bfaa41670.tmp
2018-10-23 10:44 - 2018-10-23 10:44 - 000042312 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\asw 75aaa3342e2bd4b.tmp
2018-10-23 10:44 - 2018-09-29 16:48 - 000015344 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\aswb16346bc71189269.tmp
EmptyTemp:

Plik zapisz pod nazwą fixlist.txt i umieść obok FRST w tym samym folderze. 
Uruchom jako administrator FRST i kliknij w Fix/Napraw.