

Otwórz notatnik systemowy i wklej:


ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ContextMenuHandlers1: [SHAREit.FileContextMenuExt] -> {430BD134-576D-4E75-87CD-0F5C6221A82B} =>  -> No File
ContextMenuHandlers4: [SHAREit.FileContextMenuExt] -> {430BD134-576D-4E75-87CD-0F5C6221A82B} =>  -> No File
Task: {1A3D5D38-1D13-4DFC-A6EB-C23A1F5932A5} - System32\Tasks\Avast Software\Overseer => C:\Program Files\AVAST Software\Avast\setup\overseer.exe
Task: {4149EA94-B478-4763-91D6-A375E0F162EF} - no filepath
Task: {4C4094BC-A9C0-498D-BE52-3A0234FF22E0} - System32\Tasks\{AAEE208E-52F0-4B53-BC53-4FA3FBBB5753} => C:\Program Files (x86)\Slitherine\Military History Commander - Europe at War GOLD\jre\bin\java.exe [2008-09-06] (Sun Microsystems, Inc.)
Task: {4F52D436-E40F-4414-8005-CE1240A3F8D6} - \{8B3B1984-781B-4216-BE5C-4923CFB6853E} -> No File <==== ATTENTION
Task: {667D4F3B-26F9-4286-8FC4-0E127E8903CF} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe
Task: {A89C55E7-AD73-4115-89B8-BCCEE4732C08} - System32\Tasks\{24BF0A68-CB45-42D5-864D-C3D4E97CC4C6} => C:\gry\pirates\PIR.EXE [1989-05-02] ()
Task: {DA80F58A-1108-4BB0-BE01-D4CCFDE3B2E4} - System32\Tasks\{1826AD66-13E8-47B5-B286-A7375E450D3C} => C:\gry\pirates\PIR.EXE [1989-05-02] ()
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-4131202851-2711608564-3124560631-1000\...\Run: [dpinst] => C:\Users\Kaspian\AppData\Roaming\DIFX\dpinst.exe [7293280 2013-02-19] (TeamViewer GmbH)
HKU\S-1-5-21-4131202851-2711608564-3124560631-1000\...\Run: [vkenjizi] => "C:\Users\Kaspian\oqlctnun.exe"
HKU\S-1-5-21-4131202851-2711608564-3124560631-1000\...\MountPoints2: F - F:\.\StartModem.exe
HKU\S-1-5-21-4131202851-2711608564-3124560631-1000\...\MountPoints2: {26e3e8e9-78eb-11e0-8639-70f1a1d90a4e} - E:\PzC-AfrikaKorps-SetupRelease-DE-v112.exe
HKU\S-1-5-21-4131202851-2711608564-3124560631-1000\...\MountPoints2: {32fc0ef1-9898-11e7-8f92-206a8a19903e} - F:\AutoRun.exe
HKU\S-1-5-21-4131202851-2711608564-3124560631-1000\...\MountPoints2: {5cfc91fd-c628-11df-b844-806e6f6e6963} - D:\Autorun.exe
HKU\S-1-5-21-4131202851-2711608564-3124560631-1000\...\MountPoints2: {c9611101-fdbf-11de-af89-206a8a19903e} - F:\AutoRun.exe
HKU\S-1-5-21-4131202851-2711608564-3124560631-1000\...\MountPoints2: {c961110b-fdbf-11de-af89-206a8a19903e} - F:\AutoRun.exe
HKU\S-1-5-21-4131202851-2711608564-3124560631-1000\...\MountPoints2: {c9611120-fdbf-11de-af89-206a8a19903e} - F:\AutoRun.exe
HKU\S-1-5-21-4131202851-2711608564-3124560631-1000\...\MountPoints2: {c9611136-fdbf-11de-af89-206a8a19903e} - F:\AutoRun.exe
HKU\S-1-5-21-4131202851-2711608564-3124560631-1000\...\MountPoints2: {f9e5634c-6389-11e6-8e01-206a8a19903e} - F:\.\StartModem.exe
GroupPolicyScripts: Restriction <==== ATTENTION
Toolbar: HKLM-x32 - No Name - {2318C2B1-4965-11d4-9B18-009027A5CD4F} -  No File
"laudzypy" => service was unlocked. <==== ATTENTION
S2 laudzypy; C:\Windows\SysWOW64\laudzypy\ojqnmjfg.exe [0 ] () <==== ATTENTION (zero byte File/Folder)
S3 gusvc; "C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe" [X]
U3 aswbdisk; no ImagePath
S3 EverestDriver; \??\C:\Users\Kaspian\AppData\Local\Temp\EverestDriver.sys [X] <==== ATTENTION
2018-11-13 19:03 - 2018-11-13 19:03 - 000000000 ____D C:\Windows\SysWOW64\laudzypy
2018-11-13 19:02 - 2018-09-22 19:27 - 000000000 __SHD C:\found.002
2018-11-13 19:02 - 2018-07-05 18:45 - 000000000 __SHD C:\found.001
2018-11-13 19:02 - 2016-03-22 13:47 - 000000000 __SHD C:\found.000
EmptyTemp:

Plik zapisz pod nazwą fixlist.txt i umieść obok FRST w tym samym folderze. 
Uruchom jako administrator FRST i kliknij w Fix/Napraw.