Elektroda.pl
Elektroda.pl
X
Proszę, dodaj wyjątek www.elektroda.pl do Adblock.
Dzięki temu, że oglądasz reklamy, wspierasz portal i użytkowników.

VIDsquare - proszę o przegląd logów

cieciw 19 Sie 2017 20:04 822 6
  • #1 19 Sie 2017 20:04
    cieciw
    Poziom 2  

    Problem pojawił się, gdy klasycznie pobrałem coś, czego nie powinienem.

    Zainstalowany adware starsznie spowalnia prace i chroma i nowościągniętego firefoxa. reinstalacja chroma nic nie dała. nie da się wywalić vida z rozszerzeń chroma, bo go nie widać, podobnie jak w panelu sterowania(usuń/dodaj programy)

    Bezustannie wysyła żądania przy otwieraniu nowych kart.

    Załączam logi z FRST:

    0 6
  • Pomocny post
    #2 19 Sie 2017 20:23
    Kolobos
    Spec od komputerów

    Uzyj AdwCleaner, opcja Scan/Szukaj i Clean/Usun: http://www.bleepingcomputer.com/download/adwcleaner/

    Zrob pelny skan przy pomocy Mbam i usun to co wykryje:
    http://www.bleepingcomputer.com/download/malwarebytes-anti-malware/

    Wykonaj Fixlist.txt dla FRST:
    Task: {02B321EA-EE9A-48F8-95C2-AD7316D06686} - \Microsoft\Windows\Windows Activation Technologies\ValidationTask -> No File <==== ATTENTION
    Task: {09539E0F-0772-4649-909F-3F5A840002EA} - System32\Tasks\{7F0A0F47-0F08-0979-0A11-7F7E047D1109} => C:\Windows\system32\WindowsPowershell\v1.0\powershell.exe -nologo -executionpolicy bypass -noninteractive -windowstyle hidden -EncodedCommand
    <==== ATTENTION
    Task: {2472C070-DF1D-46AC-830B-7A19FD6973A2} - System32\Tasks\SystemHealer Monitor => C:\Program Files (x86)\SystemHealer\HealerConsole.exe <==== ATTENTION
    Task: {292AEB06-C66C-4EAF-904A-66ADC1B94978} - System32\Tasks\System HealerPeriod => C:\Program Files (x86)\SystemHealer\SystemHealer.exe <==== ATTENTION
    Task: {839D4DA4-B8C7-4B50-9B1C-4240ADF4AF6C} - System32\Tasks\{33400D72-831E-4D6B-863E-71475E93A8AA} => C:\Windows\system32\pcalua.exe -a C:\Users\USER\Downloads\rtl_ski_jumping_2007_pl\RTLSJ2007PL.exe -d C:\Users\USER\Downloads\rtl_ski_jumping_2007_pl
    Task: {96508C99-3547-4F9E-9336-6186550D1CD1} - System32\Tasks\System Healer Task => C:\PROGRA~2\SYSTEM~1\RESCUE~1.EXE <==== ATTENTION
    Task: {AA220D72-304A-46C9-B1CC-EEA567459FFA} - \Microsoft\Windows\Windows Activation Technologies\ValidationTaskDeadline -> No File <==== ATTENTION
    Task: {CA661DD3-D900-47C6-B34E-7A1E361B78DE} - System32\Tasks\System HealerStartUp => C:\Program Files (x86)\SystemHealer\SystemHealer.exe <==== ATTENTION
    Task: {EB02381F-D652-4B1C-894A-712498C62C51} - \Microsoft\Windows\MUI\LPRemove -> No File <==== ATTENTION
    Task: C:\Windows\Tasks\System HealerPeriod.job => C:\Program Files (x86)\SystemHealer\SystemHealer.exe <==== ATTENTION
    Task: C:\Windows\Tasks\System HealerStartUp.job => C:\Program Files (x86)\SystemHealer\SystemHealer.exe <==== ATTENTION
    ShortcutWithArgument: C:\Users\USER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> %SNP%
    ShortcutWithArgument: C:\Users\USER\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) -> %SNP%
    HKU\S-1-5-21-4294555575-1564647512-4015914699-1000\...\Run: [svchostwn] => "%SystemRoot%\System32\WScript.exe" "C:\Users\USER\AppData\Roaming\svchost store files\start64.vbs" //B "%1" %* <==== ATTENTION




    HKU\S-1-5-21-4294555575-1564647512-4015914699-1000\...\Run: [svchostws] => "%SystemRoot%\System32\WScript.exe" "C:\Users\USER\AppData\Roaming\svchost local files\start.vbs" //B "%1" %* <==== ATTENTION
    HKU\S-1-5-21-4294555575-1564647512-4015914699-1000\...\Run: [csrssst] => "%SystemRoot%\System32\WScript.exe" "C:\Users\USER\AppData\Roaming\csrss saved files\start.vbs" //B "%1" %*
    HKU\S-1-5-21-4294555575-1564647512-4015914699-1000\...\Run: [audiodgst] => "%SystemRoot%\System32\WScript.exe" "C:\Users\USER\AppData\Roaming\audiodg saved files\start.vbs" //B "%1" %*
    HKU\S-1-5-21-4294555575-1564647512-4015914699-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9832152 2017-08-03] (Piriform Ltd)
    HKU\S-1-5-21-4294555575-1564647512-4015914699-1000\...\MountPoints2: {c1c83590-ff0d-11e6-89c0-f46d04917c88} - E:\HiSuiteDownLoader.exe
    HKU\S-1-5-21-4294555575-1564647512-4015914699-1000\...\MountPoints2: {c89747f5-7955-11e7-8f56-f46d04917c88} - E:\HiSuiteDownLoader.exe
    HKU\S-1-5-21-4294555575-1564647512-4015914699-1000\...\MountPoints2: {f845dba5-2b27-11e7-85bd-f46d04917c88} - E:\HiSuiteDownLoader.exe
    Startup: C:\Users\USER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\audiodgst.vbs [2017-08-03] ()
    Startup: C:\Users\USER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\csrssst.vbs [2017-08-03] ()
    Startup: C:\Users\USER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\svchostwn.vbs [2017-08-04] () <==== ATTENTION
    Startup: C:\Users\USER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\svchostws.vbs [2017-08-03] () <==== ATTENTION
    GroupPolicy: Restriction - Chrome <==== ATTENTION
    Tcpip\..\Interfaces\{4DC67455-0BE6-4299-BC9D-9AD9A35E661F}: [NameServer] 82.163.142.8,95.211.158.136
    SearchScopes: HKLM-x32 -> ielnksrch URL = hxxps://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?
    SearchScopes: HKU\S-1-5-21-4294555575-1564647512-4015914699-1000 -> {ielnksrch} URL = hxxps://%66%65%65%64.%73%6F%6E%69%63-
    CHR HomePage: Default -> hxxps://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?
    CHR StartupUrls: Default -> "hxxp://www.mystartsearch.com/?type=hp&ts=1419171121&from=wpc&uid=ST9320325AS_5VD4PVW2XXXX5VD4PVW2","hxxp://us.yhs4.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-
    CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx
    R1 wfcre; C:\Windows\System32\drivers\wfcre.sys [124288 2017-07-04] ()
    2017-08-03 17:12 - 2017-08-03 19:58 - 000000140 _____ C:\Windows\Reimage.ini
    2017-08-03 13:30 - 2017-08-03 13:30 - 000000000 ____D C:\ProgramData\Microleaves
    2017-08-03 13:28 - 2017-08-19 12:23 - 000000270 _____ C:\Windows\Tasks\System HealerStartUp.job
    2017-08-03 13:28 - 2017-08-03 13:36 - 000000270 _____ C:\Windows\Tasks\System HealerPeriod.job
    2017-08-03 13:28 - 2017-08-03 13:28 - 000024358 _____ C:\Windows\System32\Tasks\{7F0A0F47-0F08-0979-0A11-7F7E047D1109}
    2017-08-03 13:28 - 2017-08-03 13:28 - 000003566 _____ C:\Windows\System32\Tasks\System Healer Task
    2017-08-03 13:28 - 2017-08-03 13:28 - 000003234 _____ C:\Windows\System32\Tasks\SystemHealer Monitor
    2017-08-03 13:28 - 2017-08-03 13:28 - 000002844 _____ C:\Windows\System32\Tasks\System HealerPeriod
    2017-08-03 13:28 - 2017-08-03 13:28 - 000002542 _____ C:\Windows\System32\Tasks\System HealerStartUp
    2017-08-03 13:28 - 2017-08-03 13:28 - 000000258 __RSH C:\ProgramData\ntuser.pol
    2017-08-03 13:28 - 2017-08-03 13:28 - 000000000 ____D C:\Users\USER\AppData\Roaming\System Healer
    2017-08-03 13:28 - 2017-08-03 13:28 - 000000000 ____D C:\ProgramData\fb766849-5423-1
    2017-08-03 13:28 - 2017-08-03 13:28 - 000000000 ____D C:\ProgramData\fb766849-1b95-0
    2017-08-03 13:28 - 2017-08-03 13:28 - 000000000 ____D C:\ProgramData\c4ea76aa-71b3-1
    2017-08-03 13:28 - 2017-08-03 13:28 - 000000000 ____D C:\ProgramData\c4ea76aa-3035-0
    2017-08-03 13:27 - 2017-08-04 22:45 - 000000000 ____D C:\Users\USER\AppData\Roaming\svchost store files
    2017-08-03 13:27 - 2017-08-03 21:15 - 000000000 ____D C:\Users\USER\AppData\Roaming\svchost local files
    2017-08-03 13:27 - 2017-08-03 21:15 - 000000000 ____D C:\ProgramData\Micro Foundation 2
    2017-08-03 13:27 - 2017-08-03 16:12 - 000000000 ____D C:\Users\USER\AppData\Roaming\Mozilla
    2017-08-03 13:27 - 2017-08-03 15:13 - 000000000 ____D C:\Users\USER\AppData\Roaming\csrss saved files
    2017-08-03 13:27 - 2017-08-03 13:27 - 000000000 ____D C:\Users\USER\AppData\Roaming\Microleaves
    2017-08-03 13:27 - 2017-08-03 13:27 - 000000000 ____D C:\Users\USER\AppData\Local\AdvinstAnalytics
    2017-08-03 13:27 - 2017-08-03 13:27 - 000000000 ____D C:\Users\Public\Documents\XMUpdate
    2017-08-03 13:26 - 2017-08-03 15:10 - 000000000 ____D C:\ProgramData\Logic Cramble
    2017-08-03 13:26 - 2017-08-03 13:32 - 001847296 _____ C:\Users\USER\AppData\Local\po.db
    2017-08-03 13:26 - 2017-08-03 13:26 - 007324160 _____ C:\Users\USER\AppData\Local\agent.dat
    2017-08-03 13:26 - 2017-08-03 13:26 - 001899067 _____ C:\Users\USER\AppData\Local\OpeKix.tst
    2017-08-03 13:26 - 2017-08-03 13:26 - 000140800 _____ C:\Users\USER\AppData\Local\installer.dat
    2017-08-03 13:26 - 2017-08-03 13:26 - 000126464 _____ C:\Users\USER\AppData\Local\noah.dat
    2017-08-03 13:26 - 2017-08-03 13:26 - 000070800 _____ C:\Users\USER\AppData\Local\Config.xml
    2017-08-03 13:26 - 2017-08-03 13:26 - 000018432 _____ C:\Users\USER\AppData\Local\Main.dat
    2017-08-03 13:26 - 2017-08-03 13:26 - 000016512 _____ C:\Users\USER\AppData\Local\InstallationConfiguration.xml
    2017-08-03 13:26 - 2017-08-03 13:26 - 000015606 _____ C:\Windows\SysWOW64\findit.xml
    2017-08-03 13:26 - 2017-08-03 13:26 - 000005568 _____ C:\Users\USER\AppData\Local\md.xml
    2017-08-03 13:26 - 2017-08-03 13:26 - 000000000 ____D C:\ProgramData\Hotfreshs


    W ustawieniach Chrome wylacz przywracanie zestawu stron po starcie przegladarki.

    Po wszystkim zamiesc nowe logi z FRST, ze skanowania.

    0
  • #3 19 Sie 2017 20:58
    cieciw
    Poziom 2  

    jest progres, sam chrome wygląda dobrze, ale malware blokuje cały czas wyskakujące okna.

    Spoiler:
    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 19-08-2017
    Ran by USER (administrator) on CICHACZ (19-08-2017 20:54:09)
    Running from C:\Users\USER\Downloads
    Loaded Profiles: USER (Available Profiles: USER)
    Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
    Internet Explorer Version 11 (Default browser: Chrome)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-f...utorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
    (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
    (AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
    (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
    () C:\Program Files (x86)\HiSuite\HandSetService\HuaweiHiSuiteService64.exe
    (Electronic Arts) C:\Program Files (x86)\Origin\Origin.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
    (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
    (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler.exe
    (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler64.exe
    (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
    (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
    (AVAST Software s.r.o.) C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
    (Electronic Arts) C:\Program Files (x86)\Origin\OriginWebHelperService.exe
    () C:\Program Files (x86)\Origin\QtWebEngineProcess.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe

    ==================== Registry (Whitelisted) ====================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [ShadowPlay] => "C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
    HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-09-30] (Microsoft Corporation)
    HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [213832 2017-08-03] (AVAST Software)
    HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [3146704 2017-05-09] (Malwarebytes)
    HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation)
    HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
    HKU\S-1-5-21-4294555575-1564647512-4015914699-1000\...\Run: [EADM] => C:\Program Files (x86)\Origin\Origin.exe [3044848 2017-02-21] (Electronic Arts)

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    Hosts: 127.0.0.1 validation.sls.microsoft.com
    Tcpip\Parameters: [DhcpNameServer] 192.168.8.1 192.168.8.1
    Tcpip\Parameters: [NameServer] 8.8.8.8
    Tcpip\..\Interfaces\{4DC67455-0BE6-4299-BC9D-9AD9A35E661F}: [DhcpNameServer] 192.168.8.1 192.168.8.1
    Tcpip\..\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}: [NameServer] 8.8.8.8
    Tcpip\..\Interfaces\{B61A4414-D4EB-4978-944D-EED057018BD9}: [NameServer] 8.8.8.8

    Internet Explorer:
    ==================
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/?bcutc=sp-006
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxps://www.google.com/search?bcutc=sp-006&q={searchTerms}
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
    HKU\S-1-5-21-4294555575-1564647512-4015914699-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://www.google.com/search?bcutc=sp-006&q={searchTerms}
    SearchScopes: HKLM-x32 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?bcutc=sp-006&q={searchTerms}
    SearchScopes: HKLM-x32 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?bcutc=sp-006&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-4294555575-1564647512-4015914699-1000 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?bcutc=sp-006&q={searchTerms}
    BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2010-03-25] (Microsoft Corporation)
    BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2017-08-03] (AVAST Software)
    BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation)
    BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2010-03-25] (Microsoft Corporation)
    BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2017-08-03] (AVAST Software)
    BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation)

    FireFox:
    ========
    FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
    FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
    FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
    FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-12-11] (NVIDIA Corporation)
    FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-12-11] (NVIDIA Corporation)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-08-03] (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-08-03] (Google Inc.)
    FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-08-10] (Adobe Systems Inc.)

    Chrome:
    =======
    CHR HomePage: Default -> hxxp://www.mystartsearch.com/?type=hp&ts=...=wpc&uid=ST9320325AS_5VD4PVW2XXXX5VD4PVW2
    CHR StartupUrls: Default -> "hxxp://www.mystartsearch.com/?type=hp&ts=1419171121&from=wpc&uid=ST9320325AS_5VD4PVW2XXXX5VD4PVW2","hxxp://us.yhs4.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_ir_15_25&param1=1&param2=f%3D7%26b%3DChrome%26cc%3Dpl%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzutBtD0C0FtAtDtB0A0CyE0Bzy0D0CtDtAtN0D0Tzu0StCtByCyBtN1L2XzutAtFtCtDtFtCtDtFtDtN1L1Czu1StN1L1G1B1V1N2Y1L1Qzu2StC0E0AyC0F0DzyyEtGyE0DyE0BtG0E0A0C0AtGyEtA0AyEtG0DtCzyyCtCyBtDyCtAyD0FyD2QtN1M1F1B2Z1V1N2Y1L1Qzu2SzyzzyByDtAzyyDyDtGyD0EtC0CtGyEtB0FtDtG0AtCyCzztGtAyBtD0A0F0D0EtBtByDtA0C2QtN0A0LzuyEtN1B2Z1V1T1S1NzuzztDtD%26cr%3D1724958634%26a%3Dwncy_ir_15_25%26os%3DWindows 7 Home Basic"
    CHR Profile: C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default [2017-08-19]
    CHR Extension: (Prezentacje Google) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-08-03]
    CHR Extension: (Dokumenty Google) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-01-23]
    CHR Extension: (Dysk Google) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-01-23]
    CHR Extension: (YouTube) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-01-23]
    CHR Extension: (Arkusze Google) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-01-23]
    CHR Extension: (Dokumenty Google offline) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-01-23]
    CHR Extension: (Płatności w sklepie Chrome Web Store) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-09]
    CHR Extension: (Gmail) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-01-23]
    CHR Extension: (Chrome Media Router) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-08-03]

    ==================== Services (Whitelisted) ====================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7430992 2017-08-03] (AVAST Software s.r.o.)
    R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [263312 2017-08-03] (AVAST Software)
    R2 HuaweiHiSuiteService64.exe; C:\Program Files (x86)\HiSuite\HandSetService\HuaweiHiSuiteService64.exe [192200 2017-04-11] () [File not signed]
    S2 KMService; C:\Windows\SysWOW64\srvany.exe [8192 2017-06-06] () [File not signed]
    R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4470736 2017-05-09] (Malwarebytes)
    R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [462784 2017-01-06] (NVIDIA Corporation)
    S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [462784 2017-01-06] (NVIDIA Corporation)
    R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [459832 2016-12-11] (NVIDIA Corporation)
    R2 NvTelemetryContainer; C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe [425408 2017-01-06] (NVIDIA Corporation)
    S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2124296 2017-02-21] (Electronic Arts)
    R2 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [2185232 2017-02-21] (Electronic Arts)
    S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

    ===================== Drivers (Whitelisted) ======================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R1 aswbidsdriver; C:\Windows\system32\drivers\aswbidsdrivera.sys [320008 2017-08-03] (AVAST Software s.r.o.)
    R0 aswbidsh; C:\Windows\system32\drivers\aswbidsha.sys [198976 2017-08-03] (AVAST Software s.r.o.)
    R0 aswblog; C:\Windows\system32\drivers\aswbloga.sys [343288 2017-08-03] (AVAST Software s.r.o.)
    R0 aswbuniv; C:\Windows\system32\drivers\aswbuniva.sys [57728 2017-08-03] (AVAST Software s.r.o.)
    S3 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [46984 2017-08-03] (AVAST Software)
    R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [41800 2017-08-03] (AVAST Software)
    R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [146704 2017-08-19] (AVAST Software)
    R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [110352 2017-08-03] (AVAST Software)
    R0 aswRvrt; C:\Windows\system32\drivers\aswRvrt.sys [84392 2017-08-03] (AVAST Software)
    R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1015880 2017-08-19] (AVAST Software)
    R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [585608 2017-08-03] (AVAST Software)
    R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [198768 2017-08-03] (AVAST Software)
    R0 aswVmm; C:\Windows\system32\drivers\aswVmm.sys [361336 2017-08-03] (AVAST Software)
    R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [77376 2017-05-31] ()
    U5 hw_usbdev; C:\Windows\System32\Drivers\hw_usbdev.sys [116864 2017-04-11] (Huawei Technologies Co., Ltd.)
    R2 MBAMChameleon; C:\Windows\system32\drivers\MBAMChameleon.sys [188312 2017-08-19] (Malwarebytes)
    R3 MBAMFarflt; C:\Windows\system32\drivers\farflt.sys [113592 2017-08-19] (Malwarebytes)
    R3 MBAMProtection; C:\Windows\system32\drivers\mbam.sys [44960 2017-08-19] (Malwarebytes)
    R0 MBAMSwissArmy; C:\Windows\System32\drivers\MBAMSwissArmy.sys [252832 2017-08-19] (Malwarebytes)
    R3 MBAMWebProtection; C:\Windows\system32\drivers\mwac.sys [84256 2017-08-19] (Malwarebytes)
    R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [8192 2005-03-29] ()
    S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [27584 2017-01-06] (NVIDIA Corporation)
    R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [46016 2017-01-06] (NVIDIA Corporation)
    R3 nvvhci; C:\Windows\System32\DRIVERS\nvvhci.sys [57792 2017-01-06] (NVIDIA Corporation)
    R3 RtlWlanu; C:\Windows\System32\DRIVERS\rtwlanu.sys [3810520 2015-10-08] (Realtek Semiconductor Corporation )

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== One Month Created files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2017-08-19 20:52 - 2017-08-19 20:52 - 000000008 __RSH C:\ProgramData\ntuser.pol
    2017-08-19 20:50 - 2017-08-19 20:50 - 000017772 _____ C:\Users\USER\Downloads\Fixlog.txt
    2017-08-19 20:37 - 2017-08-19 20:52 - 000252832 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
    2017-08-19 20:37 - 2017-08-19 20:52 - 000113592 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
    2017-08-19 20:37 - 2017-08-19 20:52 - 000084256 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
    2017-08-19 20:37 - 2017-08-19 20:52 - 000044960 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
    2017-08-19 20:37 - 2017-08-19 20:37 - 000188312 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMChameleon.sys
    2017-08-19 20:37 - 2017-08-19 20:37 - 000001867 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
    2017-08-19 20:37 - 2017-08-19 20:37 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
    2017-08-19 20:37 - 2017-08-19 20:37 - 000000000 ____D C:\ProgramData\Malwarebytes
    2017-08-19 20:37 - 2017-08-19 20:37 - 000000000 ____D C:\Program Files\Malwarebytes
    2017-08-19 20:37 - 2017-05-31 11:09 - 000077376 _____ C:\Windows\system32\Drivers\mbae64.sys
    2017-08-19 20:29 - 2017-08-19 20:38 - 000000000 ____D C:\AdwCleaner
    2017-08-19 20:26 - 2017-08-19 20:31 - 064025992 _____ (Malwarebytes ) C:\Users\USER\Downloads\mb3-setup-1878.1878-3.1.2.1733-10139.exe
    2017-08-19 20:25 - 2017-08-19 20:29 - 008185288 _____ (Malwarebytes) C:\Users\USER\Downloads\AdwCleaner.exe
    2017-08-19 13:52 - 2017-08-19 13:52 - 000033362 _____ C:\Users\USER\Downloads\Addition.txt
    2017-08-19 13:51 - 2017-08-19 20:54 - 000014992 _____ C:\Users\USER\Downloads\FRST.txt
    2017-08-19 13:51 - 2017-08-19 20:54 - 000000000 ____D C:\FRST
    2017-08-19 13:51 - 2017-08-19 13:51 - 002395648 _____ (Farbar) C:\Users\USER\Downloads\FRST64.exe
    2017-08-19 13:00 - 2017-08-19 13:00 - 000038372 _____ C:\Users\USER\Documents\cc_20170819_125959.reg
    2017-08-19 12:41 - 2017-08-19 12:41 - 009790392 _____ (Piriform Ltd) C:\Users\USER\Downloads\ccsetup533pro.exe
    2017-08-19 12:41 - 2017-08-19 12:41 - 000002786 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
    2017-08-19 12:41 - 2017-08-19 12:41 - 000000822 _____ C:\Users\Public\Desktop\CCleaner.lnk
    2017-08-19 12:41 - 2017-08-19 12:41 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
    2017-08-19 12:41 - 2017-08-19 12:41 - 000000000 ____D C:\Program Files\CCleaner
    2017-08-04 23:01 - 2017-08-04 23:01 - 000000995 _____ C:\Users\Public\Desktop\HiSuite.lnk
    2017-08-04 23:01 - 2017-08-04 23:01 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HiSuite
    2017-08-04 23:01 - 2017-08-04 23:01 - 000000000 ____D C:\Program Files (x86)\HiSuite
    2017-08-04 22:59 - 2017-08-04 22:59 - 000000000 ____D C:\Users\USER\Documents\HiSuite
    2017-08-04 22:58 - 2017-08-04 23:02 - 000000000 ____D C:\Users\USER\AppData\Local\Hisuite
    2017-08-04 22:58 - 2017-04-11 04:17 - 002152176 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WUDFUpdate_01009.dll
    2017-08-04 22:58 - 2017-04-11 04:17 - 001721576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdfCoInstaller01009.dll
    2017-08-04 22:58 - 2017-04-11 04:17 - 001002728 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\winusbcoinstaller2.dll
    2017-08-04 22:58 - 2017-04-11 04:17 - 000287232 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\hw_quusbnet.sys
    2017-08-04 22:58 - 2017-04-11 04:17 - 000226560 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\hw_quusbmdm.sys
    2017-08-04 22:58 - 2017-04-11 04:17 - 000127360 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\hw_cdcacm.sys
    2017-08-04 22:58 - 2017-04-11 04:17 - 000116864 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\hw_usbdev.sys
    2017-08-04 22:58 - 2017-04-11 04:17 - 000033280 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbser.sys
    2017-08-04 22:58 - 2017-04-11 04:17 - 000018944 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ew_usbccgpfilter.sys
    2017-08-04 22:45 - 2017-08-04 22:45 - 000000000 ___HD C:\$AV_ASW
    2017-08-03 23:40 - 2017-08-19 12:27 - 000002201 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
    2017-08-03 23:40 - 2017-08-19 12:27 - 000002189 _____ C:\Users\Public\Desktop\Google Chrome.lnk
    2017-08-03 23:39 - 2017-08-03 23:39 - 001130328 _____ (Google Inc.) C:\Users\USER\Downloads\ChromeSetup(1).exe
    2017-08-03 23:39 - 2017-08-03 23:39 - 000003480 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
    2017-08-03 23:39 - 2017-08-03 23:39 - 000003352 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
    2017-08-03 16:12 - 2017-08-19 12:41 - 000000000 ____D C:\Users\USER\AppData\LocalLow\Mozilla
    2017-08-03 16:12 - 2017-08-03 19:38 - 000000000 ____D C:\Users\USER\AppData\Local\Mozilla
    2017-08-03 16:12 - 2017-08-03 16:12 - 001130328 _____ (Google Inc.) C:\Users\USER\Downloads\ChromeSetup.exe
    2017-08-03 16:12 - 2017-08-03 16:12 - 000001163 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
    2017-08-03 16:12 - 2017-08-03 16:12 - 000001151 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
    2017-08-03 16:12 - 2017-08-03 16:12 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
    2017-08-03 16:11 - 2017-08-03 16:12 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
    2017-08-03 15:06 - 2017-08-19 12:34 - 000003890 _____ C:\Windows\System32\Tasks\SafeZone scheduled Autoupdate 1501765618
    2017-08-03 15:06 - 2017-08-03 15:06 - 000041800 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
    2017-08-03 15:06 - 2017-08-03 15:06 - 000001043 _____ C:\Users\Public\Desktop\Avast SafeZone Browser.lnk
    2017-08-03 15:06 - 2017-08-03 15:06 - 000001043 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk
    2017-08-03 15:05 - 2017-08-03 15:05 - 000001922 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
    2017-08-03 15:05 - 2017-08-03 15:05 - 000000000 ____D C:\Users\USER\AppData\Roaming\AVAST Software
    2017-08-03 15:05 - 2017-08-03 15:05 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
    2017-08-03 15:04 - 2017-08-19 12:31 - 001015880 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
    2017-08-03 15:04 - 2017-08-19 12:31 - 000146704 _____ (AVAST Software) C:\Windows\system32\Drivers\aswmonflt.sys
    2017-08-03 15:04 - 2017-08-03 15:04 - 000585608 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
    2017-08-03 15:04 - 2017-08-03 15:04 - 000400464 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
    2017-08-03 15:04 - 2017-08-03 15:04 - 000361336 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
    2017-08-03 15:04 - 2017-08-03 15:04 - 000343288 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbloga.sys
    2017-08-03 15:04 - 2017-08-03 15:04 - 000320008 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbidsdrivera.sys
    2017-08-03 15:04 - 2017-08-03 15:04 - 000198976 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbidsha.sys
    2017-08-03 15:04 - 2017-08-03 15:04 - 000198768 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
    2017-08-03 15:04 - 2017-08-03 15:04 - 000110352 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
    2017-08-03 15:04 - 2017-08-03 15:04 - 000084392 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
    2017-08-03 15:04 - 2017-08-03 15:04 - 000057728 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbuniva.sys
    2017-08-03 15:04 - 2017-08-03 15:04 - 000046984 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
    2017-08-03 15:04 - 2017-08-03 15:04 - 000003914 _____ C:\Windows\System32\Tasks\Avast Emergency Update
    2017-08-03 15:03 - 2017-08-03 15:06 - 000000000 ____D C:\Program Files\AVAST Software
    2017-08-03 15:02 - 2017-08-03 15:27 - 000000000 ____D C:\ProgramData\AVAST Software
    2017-08-03 15:02 - 2017-08-03 15:00 - 006654960 _____ (AVAST Software) C:\Users\USER\Desktop\avast_free_antivirus_setup_online.exe
    2017-08-03 13:36 - 2017-08-19 20:52 - 000000008 __RSH C:\Users\USER\ntuser.pol
    2017-08-03 13:36 - 2017-08-03 16:07 - 000000000 ____D C:\Users\USER\AppData\Roaming\audiodg saved files
    2017-08-02 10:47 - 2017-08-02 15:31 - 000000000 ____D C:\Users\USER\Documents\Kariera i praca
    2017-07-30 23:49 - 2017-07-30 23:49 - 000104201 _____ C:\Users\USER\Downloads\CV-Patrycja-Leśniewska.pdf

    ==================== One Month Modified files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2017-08-19 20:54 - 2017-01-25 17:38 - 000000000 ____D C:\ProgramData\Origin
    2017-08-19 20:53 - 2017-01-23 20:02 - 000000000 ____D C:\ProgramData\NVIDIA
    2017-08-19 20:51 - 2009-07-14 07:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
    2017-08-19 20:50 - 2017-01-23 19:38 - 000001160 _____ C:\Users\USER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
    2017-08-19 20:50 - 2009-07-14 07:13 - 000781298 _____ C:\Windows\system32\PerfStringBackup.INI
    2017-08-19 20:50 - 2009-07-14 06:45 - 000021472 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2017-08-19 20:50 - 2009-07-14 06:45 - 000021472 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2017-08-19 20:50 - 2009-07-14 05:20 - 000000000 ____D C:\Windows\system32\GroupPolicy
    2017-08-19 20:50 - 2009-07-14 05:20 - 000000000 ____D C:\Windows\inf
    2017-08-19 17:44 - 2017-07-13 22:19 - 000000000 ____D C:\Users\USER\AppData\Local\ElevatedDiagnostics
    2017-08-19 12:43 - 2017-06-21 16:01 - 000000000 ____D C:\Users\USER\AppData\Local\CrashDumps
    2017-08-19 12:43 - 2017-05-29 17:16 - 000000000 ____D C:\Program Files (x86)\Steam
    2017-08-19 12:43 - 2017-01-24 04:31 - 000000000 ____D C:\Windows\Panther
    2017-08-19 12:38 - 2017-05-24 17:24 - 000004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
    2017-08-19 12:37 - 2017-05-24 17:24 - 000002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
    2017-08-03 23:40 - 2017-01-23 19:56 - 000000000 ____D C:\Program Files (x86)\Google

    ==================== Bamital & volsnap ======================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\system32\winlogon.exe => File is digitally signed
    C:\Windows\system32\wininit.exe => File is digitally signed
    C:\Windows\SysWOW64\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\system32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\system32\services.exe => File is digitally signed
    C:\Windows\system32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\system32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\system32\rpcss.dll => File is digitally signed
    C:\Windows\system32\dnsapi.dll => File is digitally signed
    C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
    C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

    LastRegBack: 2017-08-19 14:33

    ==================== End of FRST.txt ============================


    Spoiler:
    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 19-08-2017
    Ran by USER (19-08-2017 20:54:49)
    Running from C:\Users\USER\Downloads
    Windows 7 Home Premium Service Pack 1 (X64) (2017-01-23 17:37:57)
    Boot Mode: Normal
    ==========================================================


    ==================== Accounts: =============================

    Administrator (S-1-5-21-4294555575-1564647512-4015914699-500 - Administrator - Disabled)
    Guest (S-1-5-21-4294555575-1564647512-4015914699-501 - Limited - Disabled)
    HomeGroupUser$ (S-1-5-21-4294555575-1564647512-4015914699-1002 - Limited - Enabled)
    USER (S-1-5-21-4294555575-1564647512-4015914699-1000 - Administrator - Enabled) => C:\Users\USER

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
    AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
    AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
    AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}

    ==================== Installed Programs ======================

    (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    Adobe Acrobat Reader DC - Polish (HKLM-x32\...\{AC76BA86-7AD7-1045-7B44-AC0F074E4100}) (Version: 17.012.20095 - Adobe Systems Incorporated)
    Ansel (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Ansel) (Version: 376.33 - NVIDIA Corporation) Hidden
    ASUS USB-N10 Wireless LAN Driver (HKLM-x32\...\{B20F9D1C-A0A5-4cd8-8306-DA03872311B1}) (Version: 1.0.0.9 - )
    Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 17.5.2303 - AVAST Software)
    CCleaner (HKLM\...\CCleaner) (Version: 5.33 - Piriform)
    Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
    Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
    Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
    EA SPORTS™ FIFA 15 (HKLM-x32\...\{3D4ADA2B-F028-4307-ADF4-6F9AA44725DA}) (Version: 1.8.0.0 - Electronic Arts)
    Empire: Total War (HKLM\...\Steam App 10500) (Version: - The Creative Assembly)
    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 60.0.3112.101 - Google Inc.)
    Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
    HiSuite (HKLM-x32\...\Hi Suite) (Version: 1.0 - Huawei Technologies Co.,Ltd)
    LibreOffice 5.3.0.3 (HKLM-x32\...\{BB258465-D7F3-474E-8754-3436A75956D8}) (Version: 5.3.0.3 - The Document Foundation)
    Malwarebytes (wersja 3.1.2.1733) (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.1.2.1733 - Malwarebytes)
    Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
    Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.4763.1000 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
    Microsoft Xbox 360 Accessories 1.2 (HKLM\...\{D9C50188-12D5-4D3E-8F00-682346C2AA5F}) (Version: 1.20.146.0 - Microsoft)
    Mozilla Firefox 54.0.1 (x86 pl) (HKLM-x32\...\Mozilla Firefox 54.0.1 (x86 pl)) (Version: 54.0.1 - Mozilla)
    Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 54.0.1 - Mozilla)
    NVIDIA 3D Vision Controller Driver 369.04 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 369.04 - NVIDIA Corporation)
    NVIDIA 3D Vision Driver 376.33 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 376.33 - NVIDIA Corporation)
    NVIDIA GeForce Experience 3.2.2.49 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.2.2.49 - NVIDIA Corporation)
    NVIDIA Graphics Driver 376.33 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 376.33 - NVIDIA Corporation)
    NVIDIA HD Audio Driver 1.3.34.17 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.17 - NVIDIA Corporation)
    NVIDIA PhysX System Software 9.16.0318 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.16.0318 - NVIDIA Corporation)
    NvNodejs (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvNodejs) (Version: 3.2.2.49 - NVIDIA Corporation) Hidden
    NvTelemetry (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvTelemetry) (Version: 2.0.2.1 - NVIDIA Corporation) Hidden
    NvvHci (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvvHci) (Version: 2.02.0.2 - NVIDIA Corporation) Hidden
    Origin (HKLM-x32\...\Origin) (Version: 10.4.5.25153 - Electronic Arts, Inc.)
    SafeZone Stable 4.58.2552.909 (HKLM-x32\...\SafeZone 4.58.2552.909) (Version: 4.58.2552.909 - Avast Software) Hidden
    SHIELD Streaming (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv) (Version: 7.1.0351 - NVIDIA Corporation) Hidden
    SHIELD Wireless Controller Driver (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShieldWirelessController) (Version: 3.2.2.49 - NVIDIA Corporation) Hidden
    Steam (HKLM-x32\...\Steam) (Version: - Valve Corporation)
    WinRAR 5.40 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH)

    ==================== Custom CLSID (Whitelisted): ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-08-03] (AVAST Software)
    ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-08-03] (AVAST Software)
    ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2016-08-15] (Alexander Roshal)
    ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2016-08-15] (Alexander Roshal)
    ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-08-03] (AVAST Software)
    ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-05-09] (Malwarebytes)
    ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2016-12-11] (NVIDIA Corporation)
    ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-08-03] (AVAST Software)
    ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-05-09] (Malwarebytes)
    ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2016-08-15] (Alexander Roshal)
    ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2016-08-15] (Alexander Roshal)

    ==================== Scheduled Tasks (Whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    Task: {2191CE35-31B9-446F-9228-96DD8DD49407} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-07-19] (Adobe Systems Incorporated)
    Task: {3081D2B6-B3C9-41E8-B6C3-EA51C751F72E} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2017-01-06] (NVIDIA Corporation)
    Task: {34E852A7-0CB7-4EA8-AB16-3AD64443B3C7} - System32\Tasks\SafeZone scheduled Autoupdate 1501765618 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2017-08-04] (Avast Software)
    Task: {46553380-E0B9-49DE-9DA7-EC968070499F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-08-03] (Google Inc.)
    Task: {5F46B5F1-52CC-41A9-ADCF-D740C3C187B8} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-01-06] (NVIDIA Corporation)
    Task: {7331B3C4-040B-4659-B39C-7274E0AE17C4} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2017-08-03] (AVAST Software)
    Task: {7CAE032D-8B39-48D5-BD1C-DBC898561E8C} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-01-06] (NVIDIA Corporation)
    Task: {84FCC317-FB21-424D-A3F2-E235FCE00B6D} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2017-01-06] (NVIDIA Corporation)
    Task: {89090803-745D-4A3E-8718-B6C2F8D90E4D} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-01-06] (NVIDIA Corporation)
    Task: {AB05C2C2-7F20-4140-8070-6E234768EC34} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-08-03] (Piriform Ltd)
    Task: {ED31D8DA-99B4-4BE9-8240-908DFFCF06C3} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-01-06] (NVIDIA Corporation)
    Task: {F1DF5DA4-E0B2-4816-A05D-ADFE521D8F33} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-08-03] (Google Inc.)
    Task: {F409102E-5AC7-4A0A-9911-822270728B2B} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2017-01-06] (NVIDIA Corporation)

    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


    ==================== Shortcuts & WMI ========================

    (The entries could be listed to be restored or removed.)


    ==================== Loaded Modules (Whitelisted) ==============

    2017-01-23 20:13 - 2016-12-11 20:47 - 000134712 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
    2010-01-30 02:40 - 2010-01-30 02:40 - 004254560 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
    2017-04-11 04:17 - 2017-04-11 04:17 - 000192200 _____ () C:\Program Files (x86)\HiSuite\HandSetService\HuaweiHiSuiteService64.exe
    2017-01-23 20:02 - 2017-01-06 03:07 - 001147328 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\libprotobuf.dll
    2017-01-23 20:02 - 2017-01-06 03:07 - 004489152 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\Poco.dll
    2017-08-19 20:37 - 2017-05-31 11:09 - 002270664 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
    2017-08-03 15:04 - 2017-08-03 15:04 - 000162032 _____ () c:\Program Files\AVAST Software\Avast\x64\vaarclient.dll
    2017-08-03 15:04 - 2017-08-03 15:04 - 000831664 _____ () C:\Program Files\AVAST Software\Avast\x64\ffl2.dll
    2017-08-03 15:04 - 2017-08-03 15:04 - 000276808 _____ () c:\Program Files\AVAST Software\Avast\x64\StreamBack.dll
    2017-01-25 17:44 - 2017-02-21 13:21 - 000022024 _____ () C:\Program Files (x86)\Origin\QtWebEngineProcess.exe
    2017-08-19 12:27 - 2017-08-11 09:40 - 003824472 _____ () C:\Program Files (x86)\Google\Chrome\Application\60.0.3112.101\libglesv2.dll
    2017-08-19 12:27 - 2017-08-11 09:40 - 000100184 _____ () C:\Program Files (x86)\Google\Chrome\Application\60.0.3112.101\libegl.dll
    2017-08-19 12:30 - 2017-07-28 11:18 - 031134720 _____ () C:\Users\USER\AppData\Local\Google\Chrome\User Data\PepperFlash\26.0.0.151\pepflashplayer.dll
    2017-08-03 15:04 - 2017-08-03 15:04 - 000170224 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
    2017-08-03 15:04 - 2017-08-03 15:04 - 000192664 _____ () C:\Program Files\AVAST Software\Avast\event_routing_rpc.dll
    2017-08-03 15:04 - 2017-08-03 15:04 - 000224256 _____ () C:\Program Files\AVAST Software\Avast\tasks_core.dll
    2017-08-19 12:27 - 2017-08-19 12:27 - 005895544 _____ () C:\Program Files\AVAST Software\Avast\defs\17081900\algo.dll
    2017-08-03 15:04 - 2017-08-03 15:04 - 000689272 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
    2017-08-03 15:04 - 2017-08-03 15:04 - 000231664 _____ () C:\Program Files\AVAST Software\Avast\streamback.dll
    2017-08-03 15:04 - 2017-08-03 15:04 - 001065936 _____ () C:\Program Files\AVAST Software\Avast\AvChrome.dll
    2017-08-03 15:04 - 2017-08-03 15:04 - 067109376 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
    2017-08-03 15:04 - 2017-08-03 15:04 - 000292920 _____ () C:\Program Files\AVAST Software\Avast\gaming_mode_ui.dll
    2017-01-25 17:44 - 2017-01-24 17:44 - 002493440 _____ () C:\Program Files (x86)\Origin\libGLESv2.dll
    2017-01-25 17:44 - 2017-01-24 17:44 - 000012288 _____ () C:\Program Files (x86)\Origin\libEGL.DLL
    2017-01-25 17:39 - 2017-01-25 17:39 - 000266240 _____ () C:\Program Files (x86)\Origin\imageformats\qmng.dll
    2017-01-23 20:02 - 2017-01-06 03:07 - 000018880 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
    2017-01-23 20:02 - 2017-01-06 03:07 - 000900032 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\libprotobuf.dll
    2017-01-23 20:02 - 2017-01-06 03:07 - 003774400 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\Poco.dll
    2017-01-23 20:02 - 2017-01-06 02:09 - 000527416 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvSpCapsAPINode.node
    2017-01-23 20:02 - 2017-01-06 02:09 - 000252352 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\DriverInstall.node
    2017-01-23 20:02 - 2017-01-06 02:09 - 002807232 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\Downloader.node
    2017-01-23 20:02 - 2017-01-06 02:09 - 000384568 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvGameShareAPINode.node
    2017-01-23 20:02 - 2017-01-06 02:09 - 000449080 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvGalleryAPINode.node
    2017-01-23 20:02 - 2017-01-06 02:09 - 000336832 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVAccountAPINode.node
    2017-01-23 20:02 - 2017-01-06 02:09 - 001003456 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvCameraAPINode.node
    2017-01-23 20:02 - 2017-01-06 02:09 - 000954816 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvSDKAPINode.node

    ==================== Alternate Data Streams (Whitelisted) =========

    (If an entry is included in the fixlist, only the ADS will be removed.)


    ==================== Safe Mode (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

    ==================== Association (Whitelisted) ===============

    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)


    ==================== Internet Explorer trusted/restricted ===============

    (If an entry is included in the fixlist, it will be removed from the registry.)


    ==================== Hosts content: ===============================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2009-07-14 04:34 - 2017-01-24 23:33 - 000000864 _____ C:\Windows\system32\Drivers\etc\hosts

    127.0.0.1 validation.sls.microsoft.com

    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-4294555575-1564647512-4015914699-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\USER\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
    DNS Servers: 192.168.8.1
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
    Windows Firewall is enabled.

    ==================== MSCONFIG/TASK MANAGER disabled items ==


    ==================== FirewallRules (Whitelisted) ===============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    FirewallRules: [{25C26A54-DD14-4921-9169-77916C254324}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\NvContainer.exe
    FirewallRules: [{F6B1D272-A96D-449F-B455-0F7A2D5A8D97}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\NvContainer.exe
    FirewallRules: [{7C411F67-54FD-40B6-BC35-6B45F690E30C}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
    FirewallRules: [{270F786C-C9A7-470E-B444-2BD543433EA2}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
    FirewallRules: [{22298447-D7E4-4DD1-84E7-0C7E48E698B5}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
    FirewallRules: [{20956683-50EC-47D4-97A7-0C9C5AABAB40}] => (Allow) C:\Program Files (x86)\Origin Games\FIFA 15\fifasetup\fifaconfig.exe
    FirewallRules: [{C13C1878-3BE9-4AE6-85C0-617FD35ADEA1}] => (Allow) C:\Program Files (x86)\Origin Games\FIFA 15\fifasetup\fifaconfig.exe
    FirewallRules: [TCP Query User{C89BF87F-3DFA-41BE-9D59-F9F7F3566A79}C:\program files (x86)\origin games\fifa 15\fifa15.exe] => (Allow) C:\program files (x86)\origin games\fifa 15\fifa15.exe
    FirewallRules: [UDP Query User{3024FDFD-7C60-47D6-B922-55596D7FFC7B}C:\program files (x86)\origin games\fifa 15\fifa15.exe] => (Allow) C:\program files (x86)\origin games\fifa 15\fifa15.exe
    FirewallRules: [{58E5CB8A-6FB5-48FA-89C7-E3FFAF11BBBD}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
    FirewallRules: [{3903B75E-A23A-4D7D-B056-D9558E0C3A6E}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
    FirewallRules: [{22E7A489-54D4-4865-B7B3-E16A08A1D9DB}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
    FirewallRules: [{F60A8DC3-866B-4E00-97F1-47FF666B513C}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
    FirewallRules: [{9B4BA7E5-133D-405B-9E24-60A2A1249E19}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Empire Total War\Empire.exe
    FirewallRules: [{D758D64C-66E5-41E3-BE18-23976F994D39}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Empire Total War\Empire.exe
    FirewallRules: [{D7E86BA1-BDCB-4BAA-85B9-8B0F7D28DD71}] => (Allow) C:\Program Files\AVAST Software\SZBrowser\3.55.2393.609\SZBrowser.exe
    FirewallRules: [{3289611D-06F5-4FDA-8D61-CF0AF247098F}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [{47863096-5EF7-4C21-A8B4-4553CFCC1D3B}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [{C75F4184-D1A0-4C02-8C13-D7F031CCAB81}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    FirewallRules: [{4816DC82-C34F-47C3-989E-D5A7F2EDD1D1}] => (Allow) C:\Program Files\AVAST Software\SZBrowser\4.58.2552.909\SZBrowser.exe

    ==================== Restore Points =========================

    03-08-2017 14:05:23 Removed Online Application
    19-08-2017 17:44:05 Scheduled Checkpoint

    ==================== Faulty Device Manager Devices =============


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (08/19/2017 08:52:11 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

    Error: (08/19/2017 08:45:19 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

    Error: (08/19/2017 08:41:03 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

    Error: (08/19/2017 05:44:09 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
    Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

    Details:
    AddWin32ServiceFiles: Unable to back up image of service XJZs2iGCdeou Updater since QueryServiceConfig API failed

    System Error:
    The system cannot find the file specified.
    .

    Error: (08/19/2017 12:24:19 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

    Error: (08/04/2017 11:09:37 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

    Error: (08/04/2017 10:45:51 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

    Error: (08/04/2017 10:45:30 PM) (Source: Application Error) (EventID: 1005) (User: )
    Description: Windows cannot access the file for one of the following reasons:
    there is a problem with the network connection, the disk that the file is stored on, or the storage
    drivers installed on this computer; or the disk is missing.
    Windows closed the program svchost.exe because of this error.

    Program: svchost.exe
    File:

    The error value is listed in the Additional Data section.
    User Action
    1. Open the file again.
    This situation might be a temporary problem that corrects itself when the program runs again.
    2.
    If the file still cannot be accessed and
    - It is on the network,
    your network administrator should verify that there is not a problem with the network and that the server can be contacted.
    - It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.
    3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER.
    4. If the problem persists, restore the file from a backup copy.
    5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for
    further assistance.

    Additional Data
    Error value: 00000000
    Disk type: 0

    Error: (08/04/2017 10:45:30 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: svchost.exe, version: 0.0.0.0, time stamp: 0x00000000
    Faulting module name: svchost.exe, version: 0.0.0.0, time stamp: 0x00000000
    Exception code: 0xc000001d
    Fault offset: 0x000000000000a4d8
    Faulting process id: 0x8fc
    Faulting application start time: 0x01d30d629353dfe0
    Faulting application path: C:\Users\USER\AppData\Roaming\svchost store files\svchost.exe
    Faulting module path: C:\Users\USER\AppData\Roaming\svchost store files\svchost.exe
    Report Id: da3394a0-7955-11e7-8f56-f46d04917c88

    Error: (08/04/2017 10:41:10 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.


    System errors:
    =============
    Error: (08/19/2017 08:52:09 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The Origin Web Helper Service service failed to start due to the following error:
    The service did not respond to the start or control request in a timely fashion.

    Error: (08/19/2017 08:52:09 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
    Description: A timeout was reached (30000 milliseconds) while waiting for the Origin Web Helper Service service to connect.

    Error: (08/19/2017 08:51:37 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT AUTHORITY)
    Description: WLAN Extensibility Module has failed to start.

    Module Path: C:\Windows\system32\Rtlihvs.dll
    Error Code: 126

    Error: (08/19/2017 08:45:16 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The Origin Web Helper Service service failed to start due to the following error:
    The service did not respond to the start or control request in a timely fashion.

    Error: (08/19/2017 08:45:16 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
    Description: A timeout was reached (30000 milliseconds) while waiting for the Origin Web Helper Service service to connect.

    Error: (08/19/2017 08:44:44 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT AUTHORITY)
    Description: WLAN Extensibility Module has failed to start.

    Module Path: C:\Windows\system32\Rtlihvs.dll
    Error Code: 126

    Error: (08/19/2017 08:41:00 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The Origin Web Helper Service service failed to start due to the following error:
    The service did not respond to the start or control request in a timely fashion.

    Error: (08/19/2017 08:41:00 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
    Description: A timeout was reached (30000 milliseconds) while waiting for the Origin Web Helper Service service to connect.

    Error: (08/19/2017 08:40:28 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT AUTHORITY)
    Description: WLAN Extensibility Module has failed to start.

    Module Path: C:\Windows\system32\Rtlihvs.dll
    Error Code: 126

    Error: (08/19/2017 08:38:27 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
    Description: The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.


    ==================== Memory info ===========================

    Processor: AMD Phenom(tm) II X4 840 Processor
    Percentage of memory in use: 59%
    Total physical RAM: 4095.23 MB
    Available physical RAM: 1654.53 MB
    Total Virtual: 8188.64 MB
    Available Virtual: 5612.73 MB

    ==================== Drives ================================

    Drive c: () (Fixed) (Total:111.69 GB) (Free:29.62 GB) NTFS
    Drive d: (EMPIRE_DISC2) (CDROM) (Total:4.02 GB) (Free:0 GB) CDFS

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (MBR Code: Windows 7 or 8) (Size: 111.8 GB) (Disk ID: C6FFC08B)
    Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
    Partition 2: (Not Active) - (Size=111.7 GB) - (Type=07 NTFS)

    ==================== End of Addition.txt ============================

    0
  • Pomocny post
    #4 19 Sie 2017 21:37
    Kolobos
    Spec od komputerów

    Logi zamieszczaj w zalaczniku.

    Zgraj zakladki z Chrome, odinstaluj, usun katalog profilu z C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default i zainstaluj Chrome ponownie.
    Jezeli synchronizujesz ustawienia z konta google to tez usun.

    0
  • #5 19 Sie 2017 21:52
    cieciw
    Poziom 2  

    wszystko zrobione wg zaleceń, czy coś jeszcze/ czy teraz bezpiecznie mogę wrócić do użytkowania?

    0
  • Pomocny post
    #6 19 Sie 2017 21:54
    Kolobos
    Spec od komputerów

    Usun katalog C:\FRST i to wszystko, o ile juz jest ok.

    0
  • #7 19 Sie 2017 22:01
    cieciw
    Poziom 2  

    Wygląda na ten moment, że jest dobrze, pooglądam jeszcze jak się zachowuje.
    Ale dziękuję bardzo za pomoc :)
    VIDsquare - proszę o przegląd logów

    0