
Otwórz notatnik systemowy i wklej:

CustomCLSID: HKU\S-1-5-21-1438363208-2009567037-2830964314-1001_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-4083BE60F427}\InprocServer32 -> %%systemroot%%\system32\shell32.dll => Brak pliku
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> Brak pliku
ContextMenuHandlers1: [Glary Utilities] -> {B3C418F8-922B-4faf-915E-59BC14448CF7} => C:\Program Files (x86)\Glary Utilities 5\x64\ContextHandler.dll -> Brak pliku
ContextMenuHandlers2: [Glary Utilities] -> {B3C418F8-922B-4faf-915E-59BC14448CF7} => C:\Program Files (x86)\Glary Utilities 5\x64\ContextHandler.dll -> Brak pliku
ContextMenuHandlers3: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> Brak pliku
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> Brak pliku
ContextMenuHandlers6: [Glary Utilities] -> {B3C418F8-922B-4faf-915E-59BC14448CF7} => C:\Program Files (x86)\Glary Utilities 5\x64\ContextHandler.dll -> Brak pliku
Task: {5A9BB1C3-AFDB-4920-BE68-3349F5DDFB9D} - \CCleanerSkipUAC -> Brak pliku <==== UWAGA
Task: {99029A1D-9305-4E0A-A2A7-2640EC750864} - System32\Tasks\{1274D717-BFA9-4138-9EB0-72876BFB6E4D} => C:\Windows\system32\pcalua.exe -a "C:\Program Files\Animated Wallpaper\Video Wallpaper\unins000.exe"
Task: {9C9EEDA9-14C6-4936-A551-D7E3FDCDD592} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> Brak pliku <==== UWAGA
Task: {E34F1C34-BFA5-4FAC-A50A-66F93CEA2F4A} - System32\Tasks\Red Giant Link => C:\Program Files (x86)\Red Giant Link\Common\Red Giant Link.exe [2012-06-25] ()
AlternateDataStreams: C:\ProgramData:DF7F2D1D696EAE6F [217]
AlternateDataStreams: C:\Users\All Users:DF7F2D1D696EAE6F [217]
AlternateDataStreams: C:\ProgramData\Dane aplikacji:DF7F2D1D696EAE6F [217]
AlternateDataStreams: C:\Users\pawel\Cookies:A4RNRHm1W9oeUxRuh [2364]
HKU\S-1-5-21-1438363208-2009567037-2830964314-1001\Software\Classes\regfile: regedit.exe "%1" <==== UWAGA
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-07-01] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [] => [X]
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Ograniczenia <==== UWAGA
HKU\S-1-5-21-1438363208-2009567037-2830964314-1001\...\MountPoints2: {80cbf579-77ca-11e7-9ced-f0761cfc526d} - "E:\setup.exe" 
GroupPolicy: Ograniczenia - Chrome <==== UWAGA
GroupPolicy\User: Ograniczenia <==== UWAGA
HKU\S-1-5-21-1438363208-2009567037-2830964314-1001\Software\Microsoft\Internet Explorer\Main,Start Page = 
SearchScopes: HKU\S-1-5-21-1438363208-2009567037-2830964314-1001 -> DefaultScope {FFEBBF0A-C22C-4172-89FF-45215A135AC7} URL = 
CHR HomePage: Default -> inline.go.mail.ru
CHR HKU\S-1-5-21-1438363208-2009567037-2830964314-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [ofoeigeaodhbjogdigckajfhjbonaofg] - hxxps://clients2.google.com/service/update2/crx
2017-09-09 12:38 - 2017-09-09 12:38 - 000000000 ____D C:\Users\pawel\AppData\Local\Tempzxpsigna55f510963f0ccb7
2017-09-09 12:38 - 2017-09-09 12:38 - 000000000 ____D C:\Users\pawel\AppData\Local\Tempzxpsign611f77f23437d225
2017-09-09 12:38 - 2017-09-09 12:38 - 000000000 ____D C:\Users\pawel\AppData\Local\Tempzxpsign16ae5aac1fc2b0a2
2017-09-03 13:14 - 2017-09-03 13:14 - 000000000 ____D C:\Users\pawel\AppData\Local\Tempzxpsignbddb3b4892f5ca25
2017-09-03 13:14 - 2017-09-03 13:14 - 000000000 ____D C:\Users\pawel\AppData\Local\Tempzxpsign1ec04643ac1a2a54
2017-09-03 13:14 - 2017-09-03 13:14 - 000000000 ____D C:\Users\pawel\AppData\Local\Tempzxpsign13cf6c8b27e992f7
\AppData\Local\Tempzxpsignbe84a0befad96987
2017-09-03 12:54 - 2017-09-03 12:54 - 000000000 ____D C:\Users\pawel\AppData\Local\Tempzxpsign7b19edd3ae44ace8
2017-09-03 12:54 - 2017-09-03 12:54 - 000000000 ____D C:\Users\pawel\AppData\Local\Tempzxpsign0a4470e3fa117ff1
2017-09-03 12:30 - 2017-09-09 11:49 - 000000000 ____D C:\AdwCleaner
2017-08-31 18:57 - 2017-08-31 18:57 - 000000000 ____D C:\Users\pawel\AppData\Local\Tempzxpsignd79fe6652500b00e
2017-08-31 18:57 - 2017-08-31 18:57 - 000000000 ____D C:\Users\pawel\AppData\Local\Tempzxpsign402477922c4501fb
2017-08-31 18:56 - 2017-08-31 18:56 - 000000000 ____D C:\Users\pawel\AppData\Local\Tempzxpsign22225e7d02afac6a
2017-08-31 18:56 - 2017-08-31 18:56 - 000000000 ____D C:\Users\pawel\AppData\Local\Tempzxpsign2208dcd821bfe728
2017-08-31 17:24 - 2017-08-31 17:24 - 000000000 ____D C:\Users\pawel\AppData\Local\Tempzxpsign87fe89c430f0c834
2017-08-31 17:24 - 2017-08-31 17:24 - 000000000 ____D C:\Users\pawel\AppData\Local\Tempzxpsign855912b1ac6e88b6
2017-08-31 17:24 - 2017-08-31 17:24 - 000000000 ____D C:\Users\pawel\AppData\Local\Tempzxpsign3d34247515acb04a
2017-08-31 17:24 - 2017-08-31 17:24 - 000000000 ____D C:\Users\pawel\AppData\Local\Tempzxpsign0fd7bd2ccfed9e8b
2017-08-24 19:08 - 2017-08-24 19:08 - 000000000 ____D C:\Users\pawel\AppData\Local\Tempzxpsign846833161239297c
2017-08-24 19:08 - 2017-08-24 19:08 - 000000000 ____D C:\Users\pawel\AppData\Local\Tempzxpsign7a195600363e0e3a
2017-08-24 19:08 - 2017-08-24 19:08 - 000000000 ____D C:\Users\pawel\AppData\Local\Tempzxpsign3ee60c783f7bfd8e
C:\Users\lame3.99.5-64\lame.exe
C:\Users\lame3.99.5-64\lame_enc.dll
EmptyTemp:

Plik zapisz pod nazwą fixlist.txt i umieść obok FRST w tym samym folderze. 
Uruchom jako administrator FRST i kliknij w Fix/Napraw.