

Otwórz notatnik systemowy i wklej:

Task: {44251F7B-D38A-46D9-A6A0-AEF986FFA20E} - System32\Tasks\Kamil => cmd.exe /c REG ADD HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /f /v Kamil /t REG_SZ /d "explorer.exe hxxp://ozirizsoos.info" <==== UWAGA
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-26] (Microsoft Corporation)
HKLM-x32\...\Run: [] => [X]
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Ograniczenia <==== UWAGA
HKU\S-1-5-21-3015294588-2046372597-794763334-1000\...\Run: [Kamil] => explorer.exe hxxp://ozirizsoos.info <==== UWAGA
HKU\S-1-5-21-3015294588-2046372597-794763334-1000\...\Policies\Explorer: [] 
HKU\S-1-5-21-3015294588-2046372597-794763334-1000\...\MountPoints2: {2b1f00c6-3d66-11e7-a671-1c1b0d70c8c1} - J:\autorun.exe
HKU\S-1-5-21-3015294588-2046372597-794763334-1000\...\MountPoints2: {40a1e88a-4210-11e7-89e9-1c1b0d70c8c1} - K:\startme.exe
HKU\S-1-5-21-3015294588-2046372597-794763334-1000\...\MountPoints2: {47c93818-3cba-11e7-b959-806e6f6e6963} - I:\Run.exe
HKU\S-1-5-21-3015294588-2046372597-794763334-1000\...\MountPoints2: {88cd06cf-c14a-11e7-b82c-1c1b0d70c8c1} - K:\Autorun.exe
IFEO\AdobeIPCBroker.exe: [Debugger] null
IFEO\LogTransport2.exe: [Debugger] null
GroupPolicy: Ograniczenia <==== UWAGA
GroupPolicy\User: Ograniczenia <==== UWAGA
FF Extension: (Safe Browsing Version 4 (temporary add-on)) - C:\Users\Kamil\AppData\Roaming\Mozilla\Firefox\Profiles\je75l479.default-1496129375120\Extensions\sbv4-gradual-rollout@mozilla.com.xpi [2017-10-13]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
U3 SwitchBoard; Brak ImagePath
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
2017-11-01 12:34 - 2017-11-01 12:34 - 000000000 ____D C:\Users\Kamil\AppData\Local\Tempzxpsign7c384e52794a421c
2017-11-01 12:31 - 2017-11-01 12:31 - 000000000 ____D C:\Users\Kamil\AppData\Local\Tempzxpsign4ce39a224fa01e4e
2017-11-01 12:29 - 2017-11-01 12:29 - 000000000 ____D C:\Users\Kamil\AppData\Local\Tempzxpsignb0542a10024fadd0
2017-11-01 12:28 - 2017-11-01 12:28 - 000000000 ____D C:\Users\Kamil\AppData\Local\Tempzxpsignb8d59258a41b75d6
2017-11-01 12:26 - 2017-11-01 12:26 - 000000000 ____D C:\Users\Kamil\AppData\Local\Tempzxpsignafe9411b28512e8e
2017-11-01 12:21 - 2017-11-01 12:21 - 000000000 ____D C:\Users\Kamil\AppData\Local\Tempzxpsignbf7d331c7680402c
2017-11-01 12:20 - 2017-11-01 12:20 - 000000000 ____D C:\Users\Kamil\AppData\Local\Tempzxpsign902e5cebcf51f36a
2017-11-01 12:20 - 2017-11-01 12:20 - 000000000 ____D C:\Users\Kamil\AppData\Local\Tempzxpsign7d190ef0de809880
2017-11-13 10:15 - 2017-05-28 17:58 - 000000000 ____D C:\AdwCleaner
EmptyTemp:

Plik zapisz pod nazwą fixlist.txt i umieść obok FRST w tym samym folderze. 
Uruchom jako administrator FRST i kliknij w Fix/Napraw.