[Solved] Windows 10 Trojan Infections: Win32/Fuerboos.C!cl, Win32/Occamy.C, Trojan.Eps.38782 and More

Hello
Please check the logs.
Every time Dr.Web CureIt! finds something. Malwarebytes sometimes finds something and sometimes shows it's clean. Windows defender occasionally shows that it has found a threat such as:
- Trojan.Eps.38782
- Trojan: Win32 / Fuerboos.C! Cl
- Trojan: Win32 / Occamy.C
- Trojan: Win32 / Woreflint.A! Cl
- Trojan: Win32 / Emelent.B! Cl
- Trojan.WebPick9115
Often, before the end of the scan with any program, the message "The computer has encountered a problem and needs to be restarted" pops up.

Utworz punkt przywracania systemu.

Odinstaluj NarutoOnline 2.4.1.5251

Wykonaj Fixlist.txt dla FRST:
CloseProcesses:
CustomCLSID: HKU\S-1-5-21-3872729047-4223950186-2412060388-1001_Classes\CLSID\{cece6816-6107-4dc7-bdbc-20cd5ae1ffed}\localserver32 -> C:\ProgramData\Lenovo\ImController\Plugins\LenovoAppPromotionPlugin\x64\DesktopToastsHelper.exe => Brak pliku
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> Brak pliku
Task: {8C965156-17C8-40B0-A65B-7BC5CAD98FEB} - System32\Tasks\MainPM => powershell -ExecutionPolicy ByPass -File pm.ps1
Task: {DC1CA028-21DC-480C-9DBD-DE4FE42D10D2} - System32\Tasks\update64 => C:\Program Files\SystemaRev\RevServicesX\updaterev.exe [2018-05-14] (SystemaRev)
HKU\S-1-5-21-3872729047-4223950186-2412060388-1001\...\Run: [ALLUpdate] => C:\Program Files (x86)\ALLPlayer\ALLUpdate.exe [3884720 2017-10-04] (ALLPlayer.org)
HKU\S-1-5-21-3872729047-4223950186-2412060388-1001\...\Run: [Napisy24Update] => C:\Program Files (x86)\Napisy24\Napisy24Update.exe [3990528 2017-10-04] (Napisy24.pl)
HKU\S-1-5-21-3872729047-4223950186-2412060388-1001\...\Run: [ALLPlayer WiFi Remote] => C:\Program Files (x86)\ALLPlayer Remote\ALLPlayerRemoteControl.exe [6168768 2016-09-15] (ALLPlayer Group Ltd.)
HKU\S-1-5-21-3872729047-4223950186-2412060388-1001\...\MountPoints2: {5d0a8908-55d7-11e7-af27-1c3947d4a9a6} - "F:\autorun.exe"
HKU\S-1-5-18\...\Run: [] => [X]
FF user.js: detected! => C:\Users\Damian\AppData\Roaming\Mozilla\Firefox\Profiles\472p7bwi.default\user.js [2017-06-30]
S3 update64; C:\Program Files\SystemaRev\RevServicesX\updaterev.exe [594432 2018-05-14] (SystemaRev) [Brak podpisu cyfrowego]
R5 hagalkcj;

Now Windows defender showed me the threats:
2 x Trojan: Win32 / Emelent.B! Cl file: C: \ Windows \ winime.exe
3 x PWS: Win32 / Fareit file: C: \ Windows \ winime.exe
Trojan: Win32 / Azden.B! Cl file: C: \ TDSSKiller_Quarantine \ 15.05.2018_13.29.51 \ susp0001 \ svc0000 \ tsk0000.dta
Dr.Web CureIt! detected nothing.
Logs below.

New frst.txt is missing!

My bug is already adding.

Pod Windows raczej nie usuniesz tych rootkitow.

Uruchom Frst pod WinRe: https://www.fixitpc.pl/topic/4414-diagnostyka-infekcji-na-niestartuj%C4%85cych-windows/

Wykonaj Fixlist.txt:
AlternateDataStreams: C:\WINDOWS\system32\Drivers\aljlbvyr.sys:changelist [260]
AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxlctlfudivq`qsp`29hfm [0]
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Ograniczenia

I made a fixlist from Windows and WinRe logs in the attachment.

Fixlist.txt last for FRST:
Task: {0CCCF149-76AB-4A27-A7D5-140D0E810E00} - \ CreateExplorerShellUnelevatedTask -> File missing File missing

Everything works. Thanks a lot for your help