Avast wykrywa zagrożenie URL:Mal w procesie wscript.exe - jak to naprawić?

Mam problem z wyskakującą co chwilę informacją o zagrożeniu z programu Avast:

//org.publicvm.com/is-ready
Zarazenie URL:MAL
Proces C:\Windows\System32\wscript.exe

Załączam pliki FRST i Additi. Proszę o pomoc.

Odinstaluj:
AION
Babylon toolbar
Bing Bar
ExpressFiles
express-files Toolbar
Internet Explorer Toolbar 4.6 by SweetPacks
PC Tools Registry Mechanic 11.1
Smart File Advisor 1.1.2
Tv-Plug-In
Update for Codec Pack
V9 Homepage Uninstaller
Wsys Control 10.2.1.2652
Yontoo 1.12.02

Uzyj AdwCleaner, opcja Scan i Clean/Szukaj i Usun: http://www.bleepingcomputer.com/download/adwcleaner/

Obok frst.exe utworz plik Fixlist.txt z zawartoscia:
CloseProcesses:
CustomCLSID: HKU\S-1-5-21-2104657585-1371390912-4140370265-1001_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Łukasz\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll => Brak pliku
Task: {17AE6F08-E149-4E6C-B7FC-2354CC2845CC} - System32\Tasks\{740730DF-DB1C-40BF-A3A9-5CBC179704A9} => pcalua.exe -a C:\Users\JA1\Desktop\StatS-pack.exe -d C:\Users\JA1\Desktop
Task: {319BC17F-73D6-4DA6-8D20-613E49093A16} - \BitGuard -> Brak pliku <==== UWAGA
Task: {3242ADF3-55EB-4D6F-8086-EF312B1053BA} - System32\Tasks\{924CAB58-FDFE-449F-8E26-2197EB688C84} => pcalua.exe -a "C:\Users\Łukasz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H15GWUNF\xdview.exe" -d C:\Users\Łukasz\Desktop
Task: {338820D9-4DAE-4085-8847-BC35A13B264D} - System32\Tasks\DivXUpdate => C:\Program Files (x86)\Common Files\DivX Shared\Qt4.8\DivXUpdate.exe [2016-03-01] (DivX, LLC)
Task: {46CE2D02-0F97-462D-AF47-09BF03C9347E} - \bbjoin_crr_uninst -> Brak pliku <==== UWAGA
Task: {66046499-1E0D-4F7A-B9EE-9C8DA1905B5F} - System32\Tasks\Opera scheduled Autoupdate 1415048491 => C:\Program Files (x86)\Opera\launcher.exe [2016-12-19] (Opera Software)
Task: {69F0A110-1F0A-4262-AEA2-8F9F21D5437F} - System32\Tasks\{72E99D25-5AE7-41E2-A183-CAB5D6D0FDF8} => pcalua.exe -a "C:\Program Files\AVAST Software\Avast\aswRunDll.exe" -c "C:\Program Files\AVAST Software\Avast\Setup\setiface.dll" RunSetup
Task: {75F14734-4386-491F-8D74-09F7BE82A928} - \bbjoin_crr_uninst Updater -> Brak pliku <==== UWAGA
Task: {91155AC6-C86B-4515-B78B-02A514F8EDF5} - System32\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv => C:\windows\TEMP\{7192BAD2-BC93-4D63-9969-AF9AEF2CCDFC}.exe <==== UWAGA
Task: {95977681-30EE-435C-A6D3-ACA3B2B77EFC} - \EPUpdater -> Brak pliku <==== UWAGA
Task: {A2BE6FC0-4AA6-45F0-A89F-694328D26E6E} - System32\Tasks\Smlupd => C:\Users\Łukasz\AppData\Roaming\Smlupd\smlupd.exe [2015-02-08] (HFT Player) <==== UWAGA
Task: {A38C0929-77D9-4F49-876B-D67C418EFE35} - System32\Tasks\{E6E76816-ED64-4631-A450-B1546FAE05E7} => pcalua.exe -a E:\Installer.exe -d E:\
Task: {AB0E0911-037C-44C5-9245-D795DA40BA8E} - \btclient -> Brak pliku <==== UWAGA
Task: {CCCD75BA-3B9F-436E-AB72-79A44D9C6AFC} - System32\Tasks\{0C519DD5-AAEA-4115-9475-900A396D47DD} => pcalua.exe -a C:\Users\Łukasz\Desktop\setup.exe -d C:\Users\Łukasz\Desktop
Task: {E9C8B636-91FE-460F-A125-8B1ECAF5A895} - System32\Tasks\{4ED4F2B8-4044-4AAD-B7F4-322339A88A14} => pcalua.exe -a C:\Users\Łukasz\Downloads\sweetimsetup.exe -d C:\Users\Łukasz\Downloads
Task: {F24356F5-E761-4853-8A56-B4C8444818C9} - \PC Performer -> Brak pliku <==== UWAGA
Task: {F44E3623-752F-47EA-946D-40BA197FA293} - \btclient Updater -> Brak pliku <==== UWAGA
Task: {F57BB0A2-319E-4163-9FB2-E1D48CEC80AA} - System32\Tasks\WindowsUpda2ta => C:\Users\Łukasz\AppData\Roaming\MICROSOFT\home.vbs [2016-07-27] () <==== UWAGA
C:\Users\Łukasz\AppData\Roaming\MICROSOFT\home.vbs
Task: C:\windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job => C:\windows\TEMP\{7192BAD2-BC93-4D63-9969-AF9AEF2CCDFC}.exe <==== UWAGA
Task: C:\windows\Tasks\DSite.job => C:\Users\UKASZ~1\AppData\Roaming\DSite\UPDATE~1\UPDATE~1.EXE <==== UWAGA
ShortcutWithArgument: C:\Users\Łukasz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WarThunder.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://mmotraffic.com/catalog/goplay/1000932/MTE3NjYvLy8xMDAwOTMy?click_id=0EzztDtAzy0A0AyByB0Ezz0D0ByC0ByC2RtBtDtCyCtDtCtCtAtCzytCzytDyEyEyEyE
ShortcutWithArgument: C:\Users\Łukasz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sparta\Sparta.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --app=hxxp://plarium.com/play/en/sparta/navy_pl?adCampaign=88078&clickID=0EzztDtAzy0A0AyByB0Ezz0D0ByC0ByC&publisherID=100 --app-window-size=1366,768
ShortcutWithArgument: C:\Users\Łukasz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AION\AION.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://boost.games724.com/click/e41614aa088743ed2ffb3b3333d19d079f0ba22c5adcdf1bb57589d16e6f0f90?cp1=0EzztDtAzy0A0AyByB0Ezz0D0ByC0ByC2RtBtDtCyCtDtCtCyDtCtByDyCtBtBtAtDtC
ShortcutWithArgument: C:\Users\Łukasz\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\AION.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://boost.games724.com/click/e41614aa088743ed2ffb3b3333d19d079f0ba22c5adcdf1bb57589d16e6f0f90?cp1=0EzztDtAzy0A0AyByB0Ezz0D0ByC0ByC2RtBtDtCyCtDtCtCyDtCtByDyCtBtBtAtDtC
ShortcutWithArgument: C:\Users\Łukasz\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Sparta.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --app=hxxp://plarium.com/play/en/sparta/navy_pl?adCampaign=88078&clickID=0EzztDtAzy0A0AyByB0Ezz0D0ByC0ByC&publisherID=100 --app-window-size=1366,768
ShortcutWithArgument: C:\Users\Łukasz\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\WarThunder.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://mmotraffic.com/catalog/goplay/1000932/MTE3NjYvLy8xMDAwOTMy?click_id=0EzztDtAzy0A0AyByB0Ezz0D0ByC0ByC2RtBtDtCyCtDtCtCtAtCzytCzytDyEyEyEyE
HKLM-x32\...\Run: [mobilegeni daemon] => C:\Program Files (x86)\Mobogenie\DaemonProcess.exe
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-2104657585-1371390912-4140370265-1001\...\MountPoints2: {69a41fc9-8cf7-11e1-815d-806e6f6e6963} - D:\autorun.exe
HKU\S-1-5-21-2104657585-1371390912-4140370265-1001\...\MountPoints2: {d14a525c-3774-11e4-9f92-e8039a89cac9} - J:\iLinker.exe
Startup: C:\Users\Łukasz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\home.vbs [2016-07-27] ()
C:\Users\Łukasz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\home.vbs
SearchScopes: HKU\S-1-5-21-2104657585-1371390912-4140370265-1001 -> {2E7DF491-DB51-463A-837F-017D6615369A} URL = hxxp://search.ividi.org/?q={searchTerms}&src=tbsp&id=9e49b6b60000000000008a039a89cac8&affilt=3&r=834
BHO-x32: Brak nazwy -> {2EECD738-5844-4a99-B4B6-146BF802613B} -> Brak pliku
BHO-x32: PDF Architect Helper -> {3A2D5EBA-F86D-4BD3-A177-019765996711} -> C:\Program Files (x86)\PDF Architect\PDFIEHelper.dll => Brak pliku
BHO-x32: Brak nazwy -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> Brak pliku
Toolbar: HKLM-x32 - PDF Architect Toolbar - {25A3A431-30BB-47C8-AD6A-E1063801134F} - C:\Program Files (x86)\PDF Architect\PDFIEPlugin.dll Brak pliku
Toolbar: HKU\S-1-5-21-2104657585-1371390912-4140370265-1001 -> Brak nazwy - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - Brak pliku
CHR HomePage: Default -> hxxp://www.interia.pl/#utm_source=instalki1&utm_medium=installer&utm_campaign=instalki1&iwa_source=installer_instalki
CHR StartupUrls: Default -> "hxxp://www.interia.pl/#utm_source=instalki1&utm_medium=installer&utm_campaign=instalki1&iwa_source=installer_instalki","hxxp://do-search.com/?type=hp&ts=1431676478&z=0d56d360d66f9675cf8e85cgczac8g8q1maqaz0wdb&from=cor&uid=HitachiXHTS547550A9E384_J2160051JJPMTDJJPMTDX"
CHR DefaultSearchURL: Default -> hxxp://do-search.com/web/?type=ds&ts=1431676478&z=0d56d360d66f9675cf8e85cgczac8g8q1maqaz0wdb&from=cor&uid=HitachiXHTS547550A9E384_J2160051JJPMTDJJPMTDX&q={searchTerms}
CHR DefaultSearchKeyword: Default -> do-search
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [ogccgbmabaphcakpiclgcnmcnimhokcj] - C:\Users\Łukasz\AppData\Local\Google\Chrome\User Data\Default\External Extensions\{EEE6C373-6118-11DC-9C72-001320C79847}\SweetNT.crx <nie znaleziono>
U3 aro2tysf; C:\Windows\System32\Drivers\aro2tysf.sys [0 ] (Advanced Micro Devices) <==== UWAGA (zerobajtowy plik/folder)
2017-01-12 13:14 - 2017-01-12 13:14 - 00003262 _____ C:\windows\System32\Tasks\WindowsUpda2ta
2017-01-12 13:14 - 2016-07-27 11:11 - 00114148 ___SH C:\Users\Łukasz\AppData\Roaming\home.vbs
2017-01-12 09:12 - 2013-06-03 11:50 - 00000350 _____ C:\windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job
2017-01-12 13:14 - 2016-07-27 11:11 - 0114148 ___SH () C:\Users\Łukasz\AppData\Roaming\home.vbs
2013-09-21 14:04 - 2013-09-21 14:04 - 0361117 _____ () C:\Users\Łukasz\AppData\Local\newhb2.crx
2013-04-08 13:28 - 2014-05-24 10:12 - 0000000 _____ () C:\Users\Łukasz\AppData\Local\Temptable.xml
EmptyTemp:

W FRST wybierz Napraw.

Po wykonaniu zamiesc nowe logi z FRST, ze skanowania.

Wykonałem wszystkie zalecenia, a o to logi

Nowy Fixlist.txt dla FRST:
U3 ax5w3xzu; C:\Windows\System32\Drivers\ax5w3xzu.sys [0 ] (Microsoft Corporation) <==== UWAGA (zerobajtowy plik/folder)
2017-01-12 18:44 - 2017-01-12 19:02 - 00000000 ____D C:\AdwCleaner
2017-01-12 18:43 - 2017-01-12 18:43 - 01305584 _____ ( ) C:\Users\Łukasz\Downloads\AdwCleaner 6.042.exe

Po wykonaniu usun katalog C:\FRST i to wszystko.

Wielkie dzięki za pomoc, szacunek za wiedzę