Блокируются сайты, ничего не помогает. Скачал вместе с игрой. Помогите удалить, пожалуйста.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 20-07-2016
Ran by Kostik (administrator) on KOSTJA (20-07-2016 19:44:09)
Running from C:\Users\Kostik\Downloads
Loaded Profiles: Kostik (Available Profiles: Kostik)
Platform: Windows 8.1 Pro (Update) (X64) Language: Русский (Россия)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(VIA Technologies, Inc.) C:\Program Files\VIA XHCI UASP Utility\usb3Monitor.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
() C:\Windows\System32\igfxTray.exe
(Microsoft Corporation) C:\Windows\FileManager\PhotosApp.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe

==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\…\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13671792 2014-03-14] (Realtek Semiconductor)
HKLM\…\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2014-04-11] (Intel Corporation)
HKLM\…\Run: [VIAxHCUtl] => C:\Program Files\VIA XHCI UASP Utility\usb3Monitor
HKLM-x32\…\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [8900328 2016-07-12] (AVAST Software)
HKLM-x32\…\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKU\S-1-5-21-3529388977-2612259316-3712491006-1001\…\Run: [uTorrent] => C:\Users\Kostik\AppData\Roaming\uTorrent\uTorrent.exe [2133504 2016-05-18] (BitTorrent Inc.)
HKU\S-1-5-21-3529388977-2612259316-3712491006-1001\…\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [26424960 2016-06-29] (Skype Technologies S.A.)
HKU\S-1-5-21-3529388977-2612259316-3712491006-1001\…\Run: [Viber] => C:\Users\Kostik\AppData\Local\Viber\Viber.exe [69528656 2016-05-16] (Viber Media S.à r.l.)
HKU\S-1-5-21-3529388977-2612259316-3712491006-1001\…\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8810200 2016-06-10] (Piriform Ltd)
HKU\S-1-5-21-3529388977-2612259316-3712491006-1001\…\Run: [GoogleChromeAutoLaunch_ACFF5128E12935783DB96BD092DCE8DB] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [941720 2016-06-15] (Google Inc.)
HKU\S-1-5-21-3529388977-2612259316-3712491006-1001\…\MountPoints2: {28bf9aa0-39f1-11e6-82c6-fcaa14b63ce8} — «F:\Startme.exe»
HKU\S-1-5-21-3529388977-2612259316-3712491006-1001\…\MountPoints2: {84637c41-0e8a-11e6-82b5-fcaa14b63ce8} — «F:\Startme.exe»
HKU\S-1-5-21-3529388977-2612259316-3712491006-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\scrnsave.scr [11776 2014-11-22] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-05-17] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-05-17] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-05-17] (Google)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2016-07-01] (AVAST Software)
ShellIconOverlayIdentifiers: [GDriveSharedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43} => No File
Startup: C:\Users\Kostik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Отправка в OneNote.lnk [2015-12-30]ShortcutTarget: Отправка в OneNote.lnk -> C:\Program Files\Microsoft Office\root\Office16\ONENOTEM.EXE (No File)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 195.122.12.242 80.232.230.242
Tcpip\..\Interfaces\{CCE226A7-A470-411C-8941-AEB2444C03E2}: [DhcpNameServer] 195.122.12.242 80.232.230.242
Internet Explorer:
==================
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/?bcutc=sp-006
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxps://www.google.com/search?bcutc=sp-006&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-3529388977-2612259316-3712491006-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://www.google.com/search?bcutc=sp-006&q={searchTerms}
HKU\S-1-5-21-3529388977-2612259316-3712491006-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://mail.ru/cnt/10445?gp=802851
HKU\S-1-5-21-3529388977-2612259316-3712491006-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxps://www.google.com/?bcutc=sp-006
SearchScopes: HKLM-x32 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?bcutc=sp-006&q={searchTerms}
SearchScopes: HKLM-x32 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?bcutc=sp-006&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3529388977-2612259316-3712491006-1001 -> DefaultScope {FFEBBF0A-C22C-4172-89FF-45215A135AC7} URL = hxxp://go.mail.ru/distib/ep/?q={SearchTerms}&product_id=%7B776BD540-263F-4920-8F5A-0710A0688AAA%7D&gp=802861
SearchScopes: HKU\S-1-5-21-3529388977-2612259316-3712491006-1001 -> 833DF741FA87F717497AA7DB56FED6A3 URL = hxxps://yandex.ru/search/?win=233&clid=2257055&text={searchTerms}
SearchScopes: HKU\S-1-5-21-3529388977-2612259316-3712491006-1001 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?bcutc=sp-006&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3529388977-2612259316-3712491006-1001 -> {FFEBBF0A-C22C-4172-89FF-45215A135AC7} URL = hxxp://go.mail.ru/distib/ep/?q={SearchTerms}&product_id=%7B776BD540-263F-4920-8F5A-0710A0688AAA%7D&gp=802861
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2016-07-01] (AVAST Software)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-05-25] (Microsoft Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-07-01] (AVAST Software)
BHO-x32: Поиск@Mail.Ru -> {8E8F97CD-60B5-456F-A201-73065652D099} -> C:\Users\Kostik\AppData\Local\Mail.Ru\Sputnik\IESearchPlugin.dll [2016-07-20] (Mail.Ru)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-05-25] (Microsoft Corporation)
BHO-x32: No Name -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> No File
Handler: skypec2c — {91774881-D725-4E58-B298-07617B9B86A8} — C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-05-25] (Microsoft Corporation)
Handler-x32: skypec2c — {91774881-D725-4E58-B298-07617B9B86A8} — C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-05-25] (Microsoft Corporation)
FireFox:
========
FF ProfilePath: C:\Users\Kostik\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default
FF DefaultSearchEngine: Поиск@Mail.Ru
FF SelectedSearchEngine: Поиск@Mail.Ru
FF Homepage: hxxp://mail.ru/cnt/10445?gp=802851
FF Keyword.URL: hxxp://go.mail.ru/distib/ep/?product_id=%7B49687A6A-B572-4917-BDDB-2CCEB8E943C9%7D&gp=802861
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-16] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-16] (Intel Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-06-30] (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Kostik\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\searchplugins\mailru.xml [2016-07-20]FF SearchPlugin: C:\Users\Kostik\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\searchplugins\yandex.ru-225921.xml [2016-06-17]FF Extension: Домашняя страница Mail.Ru — C:\Users\Kostik\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\Extensions\homepage@mail.ru [2016-07-20]FF Extension: Поиск@Mail.Ru — C:\Users\Kostik\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\Extensions\search@mail.ru [2016-07-20]FF Extension: Визуальные закладки @Mail.Ru — C:\Users\Kostik\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\Extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7} [2016-07-20]FF HKLM\…\Firefox\Extensions: [wrc@avast.com] — C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security — C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-07-04]FF HKLM\…\Firefox\Extensions: [sp@avast.com] — C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: Avast SafePrice — C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-07-04]FF HKLM-x32\…\Firefox\Extensions: [wrc@avast.com] — C:\Program Files\AVAST Software\Avast\WebRep\FF
FF HKLM-x32\…\Firefox\Extensions: [sp@avast.com] — C:\Program Files\AVAST Software\Avast\SafePrice\FF
Chrome:
=======
CHR HomePage: Default -> mail.ru/cnt/11956636?rciguc__PARAM__
CHR Profile: C:\Users\Kostik\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Adblock Plus) — C:\Users\Kostik\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-06-29]CHR Extension: (Tampermonkey) — C:\Users\Kostik\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2016-07-20]CHR Extension: (Avast SafePrice) — C:\Users\Kostik\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2016-01-29]CHR Extension: (Точный прогноз погоды) — C:\Users\Kostik\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifoegajimhkofnmlhkdoomoinadohdjn [2016-02-02]CHR Extension: (KMPlayer for Chrome) — C:\Users\Kostik\AppData\Local\Google\Chrome\User Data\Default\Extensions\ipanhlgdkijihdflgmdobeohanbfamho [2016-01-26]CHR Extension: (Платежная система Интернет-магазина Chrome) — C:\Users\Kostik\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-03]CHR HKU\S-1-5-21-3529388977-2612259316-3712491006-1001\SOFTWARE\Google\Chrome\Extensions\…\Chrome\Extension: [dbaonaocldpohelilahfhnkmjankmbcc] — hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-3529388977-2612259316-3712491006-1001\SOFTWARE\Google\Chrome\Extensions\…\Chrome\Extension: [dhdgffkkebhmkfjojejmpbldmpobfkfo] — hxxp://clients2.google.com/service/update2/crx
CHR HKLM-x32\…\Chrome\Extension: [ccfifbojenkenpkmnbnndeadpfdiffof] — hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\…\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] — C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2016-04-15]CHR HKLM-x32\…\Chrome\Extension: [gdljkkmghdkckhaogaemgbgdfophkfco] — hxxp://clients2.google.com/service/update2/crx
CHR HKLM-x32\…\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] — C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2016-04-15]CHR HKLM-x32\…\Chrome\Extension: [hpcghcdjnehpkdecaflpedhklimnejia] — hxxp://clients2.google.com/service/update2/crx
CHR HKLM-x32\…\Chrome\Extension: [lgdnilodcpljomelbbnpgdogdbmclbni] — hxxp://clients2.google.com/service/update2/crx
CHR HKLM-x32\…\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] — C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2016-05-25]CHR HKLM-x32\…\Chrome\Extension: [oelpkepjlgmehajehfeicfbjdiobdkfj] — hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\…\Chrome\Extension: [ojlcebdkbpjdpiligkdbbkdkfjmchbfd] — hxxps://clients2.google.com/service/update2/crx
Opera:
=======
OPR StartupUrls: «hxxps://www.yandex.ru/?win=233&clid=2257054»
OPR Extension: (Tampermonkey) — C:\Users\Kostik\AppData\Roaming\Opera Software\Opera Stable\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2016-07-20] ==================== Services (Whitelisted) ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [197128 2016-07-01] (AVAST Software)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1364096 2016-05-25] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1687680 2016-05-25] (Microsoft Corporation)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [16232 2014-04-11] (Intel Corporation)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [345864 2015-03-19] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel(R) Corporation) [File not signed]S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-16] (Intel Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)
===================== Drivers (Whitelisted) ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [37656 2016-07-01] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [37144 2016-07-01] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [108304 2016-07-01] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [103064 2016-07-01] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [74544 2016-07-01] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1070904 2016-07-01] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [473592 2016-07-13] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [162904 2016-07-01] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [290088 2016-07-01] (AVAST Software)
S3 dtlitescsibus; C:\Windows\System32\drivers\dtlitescsibus.sys [30264 2015-07-18] (Disc Soft Ltd)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2016-07-20] (Malwarebytes)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [65408 2016-03-10] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-09-16] (Intel Corporation)
S3 RtlWlanu; C:\Windows\system32\DRIVERS\rtwlanu.sys [1975000 2013-07-31] (Realtek Semiconductor Corporation )
R3 VUSB3HUB; C:\Windows\System32\drivers\ViaHub3.sys [227840 2013-09-25] (VIA Technologies, Inc.)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)
R3 xhcdrv; C:\Windows\System32\drivers\xhcdrv.sys [297472 2013-09-25] (VIA Technologies, Inc.)
S3 gdrv; \??\C:\Windows\gdrv.sys [X] ==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-07-20 19:44 — 2016-07-20 19:44 — 00019954 _____ C:\Users\Kostik\Downloads\FRST.txt
2016-07-20 19:43 — 2016-07-20 19:44 — 00000000 ____D C:\FRST
2016-07-20 19:42 — 2016-07-20 19:42 — 02393600 _____ (Farbar) C:\Users\Kostik\Downloads\FRST64.exe
2016-07-20 19:38 — 2016-07-20 19:38 — 02369272 _____ C:\Users\Kostik\Downloads\uvs_v386.zip
2016-07-20 19:36 — 2016-07-20 19:36 — 00388608 _____ (Trend Micro Inc.) C:\Users\Kostik\Downloads\HijackThis (1).exe
2016-07-20 19:16 — 2016-07-20 19:16 — 00000000 ____D C:\Users\Kostik\Downloads\backups
2016-07-20 19:15 — 2016-07-20 19:15 — 00388608 _____ (Trend Micro Inc.) C:\Users\Kostik\Downloads\HijackThis.exe
2016-07-20 10:28 — 2016-07-20 10:29 — 00000000 ____D C:\Users\Kostik\Documents\Assassin’s Creed Unity
2016-07-20 10:28 — 2016-07-20 10:28 — 00000000 ____D C:\Users\Все пользователи\Orbit
2016-07-20 10:28 — 2016-07-20 10:28 — 00000000 ____D C:\ProgramData\Orbit
2016-07-20 09:51 — 2016-07-20 09:51 — 03712064 _____ C:\Users\Kostik\Downloads\Не подтвержден 805837.crdownload
2016-07-20 09:51 — 2016-07-20 09:51 — 03712064 _____ C:\Users\Kostik\Downloads\adwcleaner_5.201.exe
2016-07-20 09:51 — 2016-07-20 09:51 — 00000000 ____D C:\AdwCleaner
2016-07-20 08:57 — 2016-07-20 08:57 — 00844760 _____ ( ) C:\Users\Kostik\Downloads\SFHelper-Web-Installer-366065c8ae-[308].exe
2016-07-20 08:52 — 2016-07-20 10:56 — 00000000 ____D C:\Users\Kostik\AppData\Local\MediaGet2
2016-07-20 08:52 — 2016-07-20 08:52 — 00001138 _____ C:\Users\Kostik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MediaGet.lnk
2016-07-20 08:52 — 2016-07-20 08:52 — 00001130 _____ C:\Users\Kostik\Desktop\MediaGet.lnk
2016-07-20 08:52 — 2016-07-20 08:52 — 00000000 ____D C:\Users\Kostik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MediaGet2
2016-07-20 08:52 — 2016-07-20 08:52 — 00000000 ____D C:\Users\Kostik\AppData\Local\Media Get LLC
2016-07-20 08:50 — 2016-07-20 08:51 — 22192888 _____ (MediaGet LLC ) C:\Users\Kostik\Downloads\MediaGet_id2448283ids2s.exe
2016-07-20 08:15 — 2016-07-20 08:15 — 00096654 _____ C:\Users\Kostik\Downloads\K._CHICHINADZE_CV_ENGLISH.PDF
2016-07-20 08:00 — 2016-07-20 08:00 — 00000762 _____ C:\Users\Kostik\Desktop\Загрузки — Ярлык.lnk
2016-07-20 07:40 — 2016-07-20 07:46 — 00000000 ____D C:\Users\Kostik\AppData\LocalLow\Unity
2016-07-20 07:40 — 2016-07-20 07:46 — 00000000 ____D C:\Users\Kostik\AppData\Local\Unity
2016-07-20 07:40 — 2016-07-20 07:46 — 00000000 ____D C:\Program Files (x86)\Mail.Ru
2016-07-20 07:38 — 2016-07-20 07:40 — 00000000 ____D C:\Users\Kostik\AppData\Roaming\MailProducts
2016-07-20 07:36 — 2016-07-20 07:37 — 00000000 ____D C:\Users\Kostik\Documents\[R.G. Mechanics] Assassin’s Creed Unity
2016-07-20 06:45 — 2016-07-20 06:45 — 00000000 ____D C:\Windows\EOONotify
2016-07-19 10:56 — 2016-07-19 10:56 — 00242013 _____ C:\Users\Kostik\Desktop\Horvatija.zip
2016-07-19 10:51 — 2016-07-19 11:13 — 00000000 ____D C:\Users\Kostik\Desktop\Horvatija
2016-07-13 19:53 — 2016-07-13 19:53 — 00000000 ____D C:\Users\Default\AppData\Local\Microsoft Help
2016-07-13 19:53 — 2016-07-13 19:53 — 00000000 ____D C:\Users\Default User\AppData\Local\Microsoft Help
2016-07-13 19:50 — 2016-05-25 16:22 — 00875712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr120_clr0400.dll
2016-07-13 19:50 — 2016-05-25 16:22 — 00536768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp120_clr0400.dll
2016-07-13 19:50 — 2016-05-25 16:12 — 00869576 _____ (Microsoft Corporation) C:\Windows\system32\msvcr120_clr0400.dll
2016-07-13 19:50 — 2016-05-25 16:12 — 00678600 _____ (Microsoft Corporation) C:\Windows\system32\msvcp120_clr0400.dll
2016-07-13 18:32 — 2016-07-13 18:32 — 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2016-07-13 18:32 — 2016-07-13 18:32 — 00000000 ____D C:\Program Files (x86)\Microsoft Synchronization Services
2016-07-13 18:31 — 2016-07-13 18:31 — 00000000 ____D C:\Windows\PCHEALTH
2016-07-13 18:31 — 2016-07-13 18:31 — 00000000 ____D C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2016-07-13 18:30 — 2016-07-13 18:30 — 00000000 ____D C:\Windows\System32\Tasks\OfficeSoftwareProtectionPlatform
2016-07-13 18:29 — 2016-07-14 12:43 — 00000000 ____D C:\Users\Все пользователи\Microsoft Help
2016-07-13 18:29 — 2016-07-13 18:31 — 00000000 ____D C:\Program Files (x86)\Microsoft Office
2016-07-13 18:29 — 2016-07-13 18:29 — 00000000 __RHD C:\MSOCache
2016-07-13 18:29 — 2016-07-13 18:29 — 00000000 ____D C:\Users\Kostik\AppData\Local\Microsoft Help
2016-07-13 18:28 — 2016-07-13 18:28 — 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word 2010
2016-07-13 18:27 — 2016-07-13 18:28 — 00000000 ____D C:\Program Files (x86)\Word 2010
2016-07-13 11:28 — 2016-07-13 11:36 — 00000000 ____D C:\Users\Kostik\Desktop\DACHA
2016-07-13 06:12 — 2016-06-25 23:05 — 00050368 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2016-07-13 06:12 — 2016-06-25 21:13 — 00165376 _____ (Microsoft Corporation) C:\Windows\system32\inetpp.dll
2016-07-13 06:12 — 2016-06-25 19:24 — 00345600 _____ (Microsoft Corporation) C:\Windows\system32\ntprint.dll
2016-07-13 06:12 — 2016-06-25 19:15 — 01094656 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2016-07-13 06:12 — 2016-06-25 19:13 — 00864256 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2016-07-13 06:12 — 2016-06-25 19:05 — 00306176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntprint.dll
2016-07-13 06:12 — 2016-06-22 16:48 — 00268800 _____ (Microsoft Corporation) C:\Windows\system32\centel.dll
2016-07-13 06:12 — 2016-06-21 21:32 — 00146432 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2016-07-13 06:12 — 2016-06-21 17:12 — 00129536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2016-07-13 06:12 — 2016-06-21 16:48 — 01490432 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2016-07-13 06:12 — 2016-06-21 16:48 — 01208320 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2016-07-13 06:12 — 2016-06-21 16:48 — 00571904 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2016-07-13 06:12 — 2016-06-21 16:48 — 00544256 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2016-07-13 06:12 — 2016-06-21 16:48 — 00294912 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2016-07-13 06:12 — 2016-06-21 16:48 — 00219136 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2016-07-13 06:12 — 2016-06-21 16:48 — 00076800 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2016-07-13 06:12 — 2016-06-11 22:45 — 07445856 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-07-13 06:12 — 2016-06-11 20:56 — 25812992 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-07-13 06:12 — 2016-01-30 22:50 — 00477184 _____ (Microsoft Corporation) C:\Windows\system32\puiobj.dll
2016-07-13 06:12 — 2016-01-30 22:00 — 00192512 _____ (Microsoft Corporation) C:\Windows\system32\puiapi.dll
2016-07-13 06:12 — 2016-01-30 21:48 — 00269312 _____ (Microsoft Corporation) C:\Windows\system32\DafPrintProvider.dll
2016-07-13 06:12 — 2016-01-30 21:18 — 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\puiobj.dll
2016-07-13 06:12 — 2016-01-30 20:48 — 00167424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\puiapi.dll
2016-07-13 06:12 — 2016-01-30 20:41 — 00203776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DafPrintProvider.dll
2016-07-13 06:11 — 2016-06-11 21:14 — 00572416 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-07-13 06:11 — 2016-06-11 21:11 — 02895360 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-07-13 06:11 — 2016-06-11 20:56 — 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-07-13 06:11 — 2016-06-11 20:42 — 06047744 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-07-13 06:11 — 2016-06-11 20:23 — 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-07-13 06:11 — 2016-06-11 20:22 — 00497664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-07-13 06:11 — 2016-06-11 20:22 — 00145408 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2016-07-13 06:11 — 2016-06-11 20:21 — 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2016-07-13 06:11 — 2016-06-11 20:20 — 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-07-13 06:11 — 2016-06-11 20:13 — 02287104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-07-13 06:11 — 2016-06-11 20:12 — 20348928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-07-13 06:11 — 2016-06-11 20:12 — 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2016-07-13 06:11 — 2016-06-11 20:07 — 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2016-07-13 06:11 — 2016-06-11 20:03 — 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-07-13 06:11 — 2016-06-11 20:01 — 00378880 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-07-13 06:11 — 2016-06-11 20:00 — 00806400 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-07-13 06:11 — 2016-06-11 20:00 — 00724992 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-07-13 06:11 — 2016-06-11 19:57 — 02131456 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-07-13 06:11 — 2016-06-11 19:44 — 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2016-07-13 06:11 — 2016-06-11 19:43 — 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2016-07-13 06:11 — 2016-06-11 19:38 — 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2016-07-13 06:11 — 2016-06-11 19:33 — 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2016-07-13 06:11 — 2016-06-11 19:31 — 04608000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-07-13 06:11 — 2016-06-11 19:31 — 00692736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-07-13 06:11 — 2016-06-11 19:31 — 00330752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2016-07-13 06:11 — 2016-06-11 19:30 — 15409664 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-07-13 06:11 — 2016-06-11 19:29 — 02055680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2016-07-13 06:11 — 2016-06-11 19:26 — 02869248 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-07-13 06:11 — 2016-06-11 19:15 — 13806080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-07-13 06:11 — 2016-06-11 19:12 — 01550848 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-07-13 06:11 — 2016-06-11 19:02 — 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-07-13 06:11 — 2016-06-11 18:59 — 02392576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-07-13 06:11 — 2016-06-11 18:56 — 01315840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-07-13 06:11 — 2016-06-11 18:56 — 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2016-07-13 06:11 — 2016-06-11 00:35 — 04167680 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-07-11 14:29 — 2016-07-11 14:30 — 00000000 ____D C:\Windows\KMSAutoS
2016-07-04 07:45 — 2016-07-01 03:35 — 00390984 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2016-07-01 03:35 — 2016-07-01 03:35 — 00053208 _____ (AVAST Software) C:\Windows\avastSS.scr
2016-06-30 23:18 — 2016-07-13 18:29 — 00000000 ____D C:\Program Files (x86)\DtsFilter
2016-06-23 08:51 — 2016-07-20 19:28 — 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-06-23 08:36 — 2016-06-23 08:36 — 00001118 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-06-23 08:36 — 2016-06-23 08:36 — 00000000 ____D C:\Users\Все пользователи\Malwarebytes
2016-06-23 08:36 — 2016-06-23 08:36 — 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-06-23 08:36 — 2016-06-23 08:36 — 00000000 ____D C:\ProgramData\Malwarebytes
2016-06-23 08:36 — 2016-06-23 08:36 — 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-06-23 08:36 — 2016-03-10 14:09 — 00065408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2016-06-23 08:36 — 2016-03-10 14:08 — 00140672 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-06-23 08:36 — 2016-03-10 14:08 — 00027008 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2016-06-23 08:07 — 2016-06-23 08:07 — 00002788 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2016-06-23 08:07 — 2016-06-23 08:07 — 00000834 _____ C:\Users\Public\Desktop\CCleaner.lnk
2016-06-23 08:07 — 2016-06-23 08:07 — 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2016-06-23 08:07 — 2016-06-23 08:07 — 00000000 ____D C:\Program Files\CCleaner
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-07-20 19:29 — 2015-07-10 17:47 — 00000000 ____D C:\Users\Kostik\AppData\Roaming\Skype
2016-07-20 19:28 — 2015-07-10 15:00 — 00000000 __SHD C:\Users\Kostik\IntelGraphicsProfiles
2016-07-20 19:28 — 2013-08-22 17:45 — 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-07-20 19:27 — 2013-08-22 16:25 — 00262144 ___SH C:\Windows\system32\config\BBI
2016-07-20 19:15 — 2015-07-10 19:52 — 00003944 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{F4FC177E-2E54-4018-B573-FC12BC03C920}
2016-07-20 19:15 — 2015-07-10 19:44 — 00000000 ____D C:\Users\Kostik\AppData\Local\VirtualStore
2016-07-20 11:07 — 2015-07-10 19:51 — 00003600 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3529388977-2612259316-3712491006-1001
2016-07-20 10:40 — 2015-07-10 18:00 — 00000000 ____D C:\Users\Kostik\AppData\Roaming\uTorrent
2016-07-20 10:26 — 2015-04-25 14:43 — 00000000 ____D C:\Windows\SysWOW64\directx
2016-07-20 10:01 — 2015-07-10 17:56 — 00000000 ____D C:\Program Files\Microsoft Office
2016-07-20 10:00 — 2013-08-22 18:36 — 00000000 ____D C:\Users\Все пользователи\regid.1991-06.com.microsoft
2016-07-20 10:00 — 2013-08-22 18:36 — 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-07-20 10:00 — 2013-08-22 18:36 — 00000000 ____D C:\Program Files\Common Files\microsoft shared
2016-07-20 09:33 — 2016-06-17 22:59 — 00000000 ____D C:\Users\Kostik\AppData\Local\Yandex
2016-07-20 08:43 — 2016-05-08 15:22 — 00000000 ____D C:\Users\Kostik\AppData\Roaming\ViberPC
2016-07-20 07:58 — 2016-05-18 14:15 — 00000000 ____D C:\Users\Kostik\AppData\LocalLow\uTorrent
2016-07-20 07:46 — 2015-10-26 22:48 — 00000000 ____D C:\Users\Kostik\AppData\Local\Mail.Ru
2016-07-20 06:47 — 2015-04-25 14:29 — 00000000 ___SD C:\Windows\SysWOW64\GWX
2016-07-20 06:47 — 2015-04-25 14:29 — 00000000 ___SD C:\Windows\system32\GWX
2016-07-20 06:47 — 2013-08-22 18:20 — 00000000 ____D C:\Windows\CbsTemp
2016-07-20 06:08 — 2013-08-22 18:36 — 00000000 ____D C:\Windows\AppReadiness
2016-07-19 11:52 — 2015-07-14 07:22 — 01732096 ___SH C:\Users\Kostik\Desktop\Thumbs.db
2016-07-19 11:11 — 2015-07-30 21:23 — 04344832 ___SH C:\Users\Kostik\Downloads\Thumbs.db
2016-07-19 06:43 — 2013-08-22 16:36 — 00000000 ____D C:\Windows\Inf
2016-07-19 06:34 — 2015-07-27 00:20 — 00000000 ____D C:\Windows\Minidump
2016-07-17 19:41 — 2015-12-05 15:24 — 00000000 ____D C:\Users\Kostik\Documents\ViberDownloads
2016-07-16 11:22 — 2014-11-22 06:10 — 01808886 _____ C:\Windows\system32\PerfStringBackup.INI
2016-07-16 11:22 — 2014-11-22 05:13 — 00789920 _____ C:\Windows\system32\perfh019.dat
2016-07-16 11:22 — 2014-11-22 05:13 — 00162140 _____ C:\Windows\system32\perfc019.dat
2016-07-15 23:17 — 2015-07-10 19:44 — 00000000 ____D C:\Users\Kostik
2016-07-15 08:53 — 2013-08-22 18:36 — 00000000 ____D C:\Windows\rescache
2016-07-14 12:47 — 2015-04-25 18:22 — 00486856 _____ C:\Windows\system32\FNTCACHE.DAT
2016-07-14 12:43 — 2015-04-25 14:29 — 00000000 ____D C:\Windows\system32\appraiser
2016-07-14 12:43 — 2014-11-22 05:43 — 00000000 ____D C:\Program Files\Windows Journal
2016-07-14 12:43 — 2013-08-22 18:36 — 00000000 ___RD C:\Windows\ToastData
2016-07-14 07:19 — 2015-12-28 11:05 — 00004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2016-07-14 07:18 — 2015-12-28 11:05 — 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-07-13 19:59 — 2015-04-25 14:02 — 00000000 ____D C:\Windows\system32\MRT
2016-07-13 19:55 — 2015-04-25 14:02 — 144749672 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-07-13 19:37 — 2015-07-27 00:18 — 00000000 ____D C:\Users\Kostik\AppData\Local\CrashDumps
2016-07-13 18:47 — 2015-07-10 17:37 — 00473592 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2016-07-13 18:17 — 2015-07-10 19:44 — 00000000 ____D C:\Users\Kostik\AppData\Local\Packages
2016-07-05 15:32 — 2016-05-23 15:55 — 00000000 ____D C:\Users\Kostik\AppData\Local\Viber
2016-07-04 07:45 — 2016-05-05 23:58 — 00001938 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2016-07-04 07:45 — 2016-04-22 11:10 — 00003902 _____ C:\Windows\System32\Tasks\SafeZone scheduled Autoupdate 1461312650
2016-07-04 07:45 — 2016-04-22 11:10 — 00001053 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk
2016-07-04 07:45 — 2015-07-10 17:38 — 00003922 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2016-07-02 07:29 — 2016-06-19 18:21 — 00828408 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-07-02 07:29 — 2016-06-19 18:21 — 00176632 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-07-02 01:25 — 2015-07-10 17:47 — 00000000 ____D C:\Users\Все пользователи\Skype
2016-07-02 01:25 — 2015-07-10 17:47 — 00000000 ____D C:\ProgramData\Skype
2016-07-01 03:35 — 2016-04-15 21:10 — 00037144 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2016-07-01 03:35 — 2015-07-10 17:37 — 01070904 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2016-07-01 03:35 — 2015-07-10 17:37 — 00473592 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys.146733339382802
2016-07-01 03:35 — 2015-07-10 17:37 — 00290088 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2016-07-01 03:35 — 2015-07-10 17:37 — 00162904 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2016-07-01 03:35 — 2015-07-10 17:37 — 00108304 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2016-07-01 03:35 — 2015-07-10 17:37 — 00103064 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2016-07-01 03:35 — 2015-07-10 17:37 — 00074544 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2016-07-01 03:35 — 2015-07-10 17:37 — 00037656 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2016-06-29 13:08 — 2016-04-30 12:12 — 00000000 _____ C:\Windows\SysWOW64\last.dump
2016-06-23 09:02 — 2013-08-22 18:36 — 00000000 __RHD C:\Users\Public\Libraries
2016-06-23 08:30 — 2013-08-22 18:36 — 00000000 ___HD C:\Program Files\WindowsApps
2016-06-23 08:27 — 2016-04-10 01:52 — 00000000 ____D C:\Program Files (x86)\R.G. ReCoding
2016-06-23 08:26 — 2016-04-15 21:30 — 00000000 ____D C:\Users\Kostik\AppData\Roaming\ACEStream
2016-06-23 08:25 — 2016-04-15 21:31 — 00000000 ____D C:\Users\Kostik\AppData\Roaming\.ACEStream
2016-06-23 08:20 — 2015-07-18 23:38 — 00000000 ____D C:\Users\Kostik\AppData\Roaming\DAEMON Tools Lite
2016-06-23 08:19 — 2015-04-25 11:46 — 00000000 ____D C:\Windows\Panther
Some files in TEMP:
====================
C:\Users\Kostik\AppData\Local\Temp\BANDIZIP-SETUP.EXE
C:\Users\Kostik\AppData\Local\Temp\KB4D62A5BE865BB8BB.exe
C:\Users\Kostik\AppData\Local\Temp\KB90EB8BACE06EE61.exe
C:\Users\Kostik\AppData\Local\Temp\mediaget-uninstaller.exe

==================== Bamital & volsnap =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2016-07-20 06:43
==================== End of FRST.txt ============================
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 20-07-2016
Ran by Kostik (2016-07-20 19:44:49)
Running from C:\Users\Kostik\Downloads
Windows 8.1 Pro (Update) (X64) (2015-07-10 16:44:22)
Boot Mode: Normal
==========================================================
 
 
 

==================== Accounts: =============================
HomeGroupUser$ (S-1-5-21-3529388977-2612259316-3712491006-1003 — Limited — Enabled)
Kostik (S-1-5-21-3529388977-2612259316-3712491006-1001 — Administrator — Enabled) => C:\Users\Kostik
Администратор (S-1-5-21-3529388977-2612259316-3712491006-500 — Administrator — Disabled)
Гость (S-1-5-21-3529388977-2612259316-3712491006-501 — Limited — Enabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Disabled — Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: avast! Antivirus (Enabled — Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled — Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled — Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
==================== Installed Programs ======================
(Only the adware programs with «Hidden» flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
µTorrent (HKU\S-1-5-21-3529388977-2612259316-3712491006-1001\…\uTorrent) (Version: 3.4.7.42330 — BitTorrent Inc.)
Adobe Acrobat Reader DC — Russian (HKLM-x32\…\{AC76BA86-7AD7-1049-7B44-AC0F074E4100}) (Version: 15.017.20050 — Adobe Systems Incorporated)
Avast Free Antivirus (HKLM-x32\…\Avast) (Version: 12.1.2272 — AVAST Software)
Bandizip (HKLM\…\Bandizip) (Version: 5.10 — Bandisoft.com)
CCleaner (HKLM\…\CCleaner) (Version: 5.19 — Piriform)
GOM Player (HKLM-x32\…\GOM Player) (Version: 2.3.2.5251 — Gretech Corporation)
Google Chrome (HKLM-x32\…\Google Chrome) (Version: 51.0.2704.103 — Google Inc.)
Google Drive (HKLM-x32\…\{709316AD-161C-4D5C-9AE7-0B3A822DA271}) (Version: 1.30.2170.0459 — Google, Inc.)
Google Update Helper (x32 Version: 1.3.21.115 — Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.30.3 — Google Inc.) Hidden
HashTab 5.2.0.14 (HKLM\…\HashTab) (Version: 5.2.0.14 — Implbits Software)
Intel(R) Management Engine Components (HKLM-x32\…\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.15.1730 — Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\…\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.14.4170 — Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\…\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 13.0.3.1001 — Intel Corporation)
Malwarebytes Anti-Malware, версия 2.2.1.1043 (HKLM-x32\…\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 — Malwarebytes)
MediaGet (HKU\S-1-5-21-3529388977-2612259316-3712491006-1001\…\MediaGet) (Version: 2 — Banner LLC)
Microsoft OneDrive (HKU\S-1-5-21-3529388977-2612259316-3712491006-1001\…\OneDriveSetup.exe) (Version: 17.3.6390.0509 — Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable — x64 8.0.61000 (HKLM\…\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 — Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable — x86 8.0.61001 (HKLM-x32\…\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 — Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable — x64 9.0.30729.6161 (HKLM\…\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 — Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable — x86 9.0.30729.6161 (HKLM-x32\…\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 — Microsoft Corporation)
Microsoft Visual C++ 2010 Redistributable — x64 10.0.40219 (HKLM\…\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 — Microsoft Corporation)
Microsoft Visual C++ 2010 Redistributable — x86 10.0.40219 (HKLM-x32\…\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 — Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) — 11.0.61030 (HKLM-x32\…\{a2199617-3609-410f-a8e8-e8806c73545b}) (Version: 11.0.61030.0 — Корпорация Майкрософт)
Microsoft Visual C++ 2012 Redistributable (x86) — 11.0.61030 (HKLM-x32\…\{f0080ca2-80ae-4958-b6eb-e8fa916d744a}) (Version: 11.0.61030.0 — Корпорация Майкрософт)
Microsoft Visual C++ 2013 Redistributable (x64) — 12.0.21005 (HKLM-x32\…\{51adbf11-493f-431c-a862-967a0fae2944}) (Version: 12.0.21005.1 — Корпорация Майкрософт)
Microsoft Visual C++ 2013 Redistributable (x86) — 12.0.21005 (HKLM-x32\…\{2af972c7-13b0-4978-92a8-fee26a4fb4e9}) (Version: 12.0.21005.1 — Корпорация Майкрософт)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\…\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 — Microsoft Corporation)
Microsoft Word 2010 (HKLM-x32\…\Office14.WORD) (Version: 14.0.7015.1000 — Microsoft Corporation)
MiniTool Power Data Recovery Free Edition 7.0 (HKLM\…\MiniTool Power Data Recovery Free Edition_is1) (Version: — MiniTool Solution Ltd.)
Platform (x32 Version: 1.42 — VIA Technologies, Inc.) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\…\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.29.314.2014 — Realtek)
Realtek High Definition Audio Driver (HKLM-x32\…\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7200 — Realtek Semiconductor Corp.)
SafeZone Stable 1.48.2066.114 (x32 Version: 1.48.2066.114 — Avast Software) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\…\{90140000-001B-0000-0000-0000000FF1CE}_Office14.WORD_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: — Microsoft)
Skype Click to Call (HKLM-x32\…\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 8.3.0.9150 — Microsoft Corporation)
Skype™ 7.25 (HKLM-x32\…\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.25.106 — Skype Technologies S.A.)
STDU Viewer version 1.6.186.0 (HKLM-x32\…\STDU Viewer_is1) (Version: 1.6.186.0 — STDUtility)
VIA Диспетчер устройств платформы (HKLM-x32\…\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.42 — VIA Technologies, Inc.)
Viber (HKU\S-1-5-21-3529388977-2612259316-3712491006-1001\…\{acc83058-83b0-41e2-b372-266672a1af16}) (Version: 6.0.1.5 — Viber Media Inc.)
Viber (x32 Version: 6.0.1.5 — Viber Media Inc.) Hidden
WinRAR 5.31 (32-разрядная) (HKLM-x32\…\WinRAR archiver) (Version: 5.31.0 — win.rar GmbH)
Word 2010, версия null (HKLM-x32\…\{F11C12A8-55E1-4438-85E2-C745E886DF77}_is1) (Version: null — )
Языковой пакет Microsoft Visual Studio 2010 Tools для среды выполнения Office (x64) — RUS (HKLM\…\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack — RUS) (Version: 10.0.50903 — Microsoft Corporation)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-3529388977-2612259316-3712491006-1001_Classes\CLSID\{162C6FB5-44D3-435B-903D-E613FA093FB5}\InprocServer32 -> C:\Users\Kostik\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64\FileCoAuthLib64.dll ()
CustomCLSID: HKU\S-1-5-21-3529388977-2612259316-3712491006-1001_Classes\CLSID\{5B69A6B4-393B-459C-8EBB-214237A9E7AC}\InprocServer32 -> C:\Program Files\Bandizip\bdzshl64.dll (Bandisoft.com)
CustomCLSID: HKU\S-1-5-21-3529388977-2612259316-3712491006-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Kostik\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\FileCoAuth.exe (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3529388977-2612259316-3712491006-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {4142F8AF-6663-4FA8-A443-4832B4B4AB54} — System32\Tasks\{460193FF-1249-49FB-8A2F-1E772A00F2C8} => Chrome.exe hxxp://ui.skype.com/ui/0/7.6.80.105/ru/abandoninstall?page=tsMain
Task: {43B5E994-0C01-41AE-85D8-A4A251B7857B} — System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-06-10] (Piriform Ltd)
Task: {63934BD6-F794-438D-9FEF-455EB816D42A} — System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
Task: {7AEB767E-B6F8-4196-A569-CEE96C8BCC26} — System32\Tasks\SafeZone scheduled Autoupdate 1461312650 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2016-06-17] (Avast Software)
Task: {95ABA107-FC25-4651-BA3D-5980817A1637} — System32\Tasks\KMSAuto => C:\Windows\KMSAuto.exe [2015-07-10] (Ratiborus, MSFree Inc.)
Task: {9C35CF54-A06E-4282-AD02-2184E8A8E3DF} — System32\Tasks\Microsoft\Windows\Setup\EOONotify => C:\Windows\EOONotify\EOONotify.exe [2016-07-08] (Microsoft Corporation)
Task: {AFD77EDA-5340-4B21-84B1-DCDD30B4D1F8} — System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-06-25] (Adobe Systems Incorporated)
Task: {B616F4E5-5AA0-45FF-B650-52EB4097F526} — System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2016-06-03] (AVAST Software)
Task: {B8F9654C-CC9A-4A9F-88E9-E364F1315446} — System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2016-07-01] (AVAST Software)
Task: {BE271041-8F38-4697-9B14-C304AB6675C6} — System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-3529388977-2612259316-3712491006-1001 => C:\Users\Kostik\AppData\Local\Microsoft\OneDrive\OneDrive.exe [2016-05-18] (Microsoft Corporation)
Task: {D92EE1A9-9E42-41D1-8A04-ED6FDBAA1C0D} — System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
Task: {E35F845D-9955-4144-A003-B96801DD44EC} — System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2016-07-13] (Microsoft Corporation)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Shortcuts =============================
(The entries could be listed to be restored or removed.)
ShortcutWithArgument: C:\Users\Kostik\AppData\Local\Microsoft\Windows\Application Shortcuts\Chrome\Яндекс.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxps://www.yandex.ru/?win=233&clid=2257061
ShortcutWithArgument: C:\Users\Kostik\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Mail.Ru.lnk -> C:\Windows\System32\rundll32.exe (Microsoft Corporation) -> url,FileProtocolHandler «hxxp://www.mail.ru/cnt/20775012?gp=802841»
==================== Loaded Modules (Whitelisted) ==============
2016-05-18 10:29 — 2016-05-18 10:29 — 00959168 _____ () C:\Users\Kostik\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64\ClientTelemetry.dll
2015-03-19 21:02 — 2015-03-19 21:02 — 00393480 _____ () C:\Windows\system32\igfxTray.exe
2016-06-10 18:23 — 2016-06-10 18:23 — 00057344 _____ () C:\Program Files\CCleaner\lang\lang-1049.dll
2016-07-01 03:35 — 2016-07-01 03:35 — 00146232 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2016-07-20 14:57 — 2016-07-20 14:57 — 03000832 _____ () C:\Program Files\AVAST Software\Avast\defs\16072000\algo.dll
2016-07-01 03:35 — 2016-07-01 03:35 — 00479288 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2016-07-01 03:35 — 2016-07-01 03:35 — 48936448 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2016-06-18 08:28 — 2016-06-15 12:15 — 01745560 _____ () C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.103\libglesv2.dll
2016-06-18 08:28 — 2016-06-15 12:15 — 00091288 _____ () C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.103\libegl.dll
2015-07-10 15:09 — 2013-09-16 12:17 — 01242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The «AlternateShell» will be restored.)

==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2013-08-22 16:25 — 2016-03-12 10:06 — 00000828 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-3529388977-2612259316-3712491006-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Kostik\AppData\Roaming\Microsoft\Windows Photo Viewer\Фоновый рисунок средства просмотра фотографий Windows.jpg
DNS Servers: 195.122.12.242 — 80.232.230.242
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
HKLM\…\StartupApproved\Run: => «IAStorIcon»
HKLM\…\StartupApproved\Run32: => «IAStorIcon»
HKU\S-1-5-21-3529388977-2612259316-3712491006-1001\…\StartupApproved\Run: => «uTorrent»
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{23A99557-5DD0-41BE-A778-D3748F586479}] => (Allow) C:\Users\Kostik\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{2BCC0CBF-C4B4-47FE-82A5-A82355C6DEDE}] => (Allow) C:\Users\Kostik\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{658FF42C-7FBB-4185-A54D-8668281452FD}] => (Allow) C:\Users\Kostik\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{14D6D4D1-27CA-4078-9916-57F716BAD7D2}] => (Allow) C:\Users\Kostik\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{860CDA20-53E6-4E51-A491-FA9CAB6E9BD7}] => (Allow) C:\Users\Kostik\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{334012E8-4B79-40BB-A9E7-F11458CF416A}] => (Allow) C:\Users\Kostik\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{71450A58-236C-4629-9347-76873245868F}] => (Allow) C:\Users\Kostik\AppData\Local\Microsoft\OneDrive\OneDrive.exe
FirewallRules: [TCP Query User{09204E30-7D52-464E-A2E1-6084297F6C38}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{A45E2B4C-0A61-4923-A120-3E3B95EC5CE9}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [TCP Query User{2A04252A-E49E-4887-B159-9BA585E907AB}C:\users\kostik\appdata\roaming\utorrent\updates\3.4.5_41865.exe] => (Block) C:\users\kostik\appdata\roaming\utorrent\updates\3.4.5_41865.exe
FirewallRules: [UDP Query User{ECAB22DC-9F70-4C1B-B1AC-A7A68B539AF2}C:\users\kostik\appdata\roaming\utorrent\updates\3.4.5_41865.exe] => (Block) C:\users\kostik\appdata\roaming\utorrent\updates\3.4.5_41865.exe
FirewallRules: [{FC795AE6-5C4A-49F9-8196-5D81E9A38910}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{2113105A-B765-4F41-8165-AE65469E77DB}] => (Allow) C:\Users\Kostik\AppData\Local\MediaGet2\mediaget.exe
FirewallRules: [{63B36454-F1E6-4C57-87C9-D2AC25826111}] => (Allow) C:\Users\Kostik\AppData\Local\MediaGet2\mediaget.exe
FirewallRules: [{5AD660A1-9C23-4B87-A05F-2AF776E4A425}] => (Allow) C:\Users\Kostik\AppData\Local\MediaGet2\mediaget.exe
FirewallRules: [{9DF16BC5-8F40-43A3-A601-BB42FB4B4423}] => (Allow) C:\Users\Kostik\AppData\Local\MediaGet2\mediaget.exe
==================== Restore Points =========================
04-07-2016 10:23:25 Запланированная контрольная точка
11-07-2016 14:42:01 Запланированная контрольная точка
13-07-2016 18:28:23 Installed Microsoft Word 2010
20-07-2016 06:44:24 Центр обновления Windows
==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================
Application errors:
==================
Error: (07/20/2016 10:36:37 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Имя сбойного приложения: ACU.exe, версия: 0.0.0.0, метка времени: 0x548efba5
Имя сбойного модуля: ACU.exe, версия: 0.0.0.0, метка времени: 0x548efba5
Код исключения: 0xc0000005
Смещение ошибки: 0x00000000022f2050
Идентификатор сбойного процесса: 0xf04
Время запуска сбойного приложения: 0xACU.exe0
Путь сбойного приложения: ACU.exe1
Путь сбойного модуля: ACU.exe2
Идентификатор отчета: ACU.exe3
Полное имя сбойного пакета: ACU.exe4
Код приложения, связанного со сбойным пакетом: ACU.exe5
Error: (07/20/2016 10:02:08 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Имя сбойного приложения: OfficeClickToRun.exe, версия: 0.0.0.0, метка времени: 0x5783f6d9
Имя сбойного модуля: ntdll.dll, версия: 6.3.9600.18233, метка времени: 0x56bb4ebb
Код исключения: 0xc0000005
Смещение ошибки: 0x000000000003b6a9
Идентификатор сбойного процесса: 0x1188
Время запуска сбойного приложения: 0xOfficeClickToRun.exe0
Путь сбойного приложения: OfficeClickToRun.exe1
Путь сбойного модуля: OfficeClickToRun.exe2
Идентификатор отчета: OfficeClickToRun.exe3
Полное имя сбойного пакета: OfficeClickToRun.exe4
Код приложения, связанного со сбойным пакетом: OfficeClickToRun.exe5
Error: (07/20/2016 06:44:57 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Сбой служб шифрования в ходе обработки вызова OnIdentity() в объекте «Системный модуль записи».
Details:
AddLegacyDriverFiles: Unable to back up image of binary Протокол Microsoft LLDP.
System Error:
Отказано в доступе.
.
Error: (07/18/2016 10:27:37 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Kostja)
Description: Сбой активации приложения DeviceDoctor.RAROpener_mkdtfchztkfbm!App. Ошибка: -2147009284. Дополнительные сведения см. в журнале Microsoft-Windows-TWinUI/Operational.
Error: (07/18/2016 10:27:30 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Kostja)
Description: Сбой активации приложения DeviceDoctor.RAROpener_mkdtfchztkfbm!App. Ошибка: -2147009284. Дополнительные сведения см. в журнале Microsoft-Windows-TWinUI/Operational.
Error: (07/16/2016 11:47:35 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Kostja)
Description: Сбой активации приложения FileManager_cw5n1h2txyewy!Microsoft.Windows.PhotoManager. Ошибка: -2144927145. Дополнительные сведения см. в журнале Microsoft-Windows-TWinUI/Operational.
Error: (07/15/2016 07:35:53 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Программа PhotosApp.exe версии 6.3.9600.17418 прекратила взаимодействие с Windows и была закрыта. Чтобы узнать, имеются ли дополнительные сведения о проблеме, проверьте историю проблемы в Центре поддержки в панели управления.
ИД процесса: 1348
Время запуска: 01d1de140577fc47
Время завершения: 4294967295
Путь приложения: C:\Windows\FileManager\PhotosApp.exe
ИД отчета: ea6d48a7-4a3e-11e6-82d1-fcaa14b63ce8
Полное имя сбойного пакета: FileManager_6.3.9600.16384_neutral_neutral_cw5n1h2txyewy
Код приложения, связанного со сбойным пакетом: Microsoft.Windows.PhotoManager
Error: (07/15/2016 06:47:54 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: Kostja)
Description: Работа пакета FileManager_6.3.9600.16384_neutral_neutral_cw5n1h2txyewy+Microsoft.Windows.PhotoManager завершена, так как его приостановка заняла слишком много времени.
Error: (07/14/2016 12:48:25 PM) (Source: Perflib) (EventID: 1023) (User: )
Description: rdyboost4
Error: (07/14/2016 12:48:24 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: BITSC:\Windows\System32\bitsperf.dll4

System errors:
=============
Error: (07/20/2016 07:28:09 PM) (Source: Tcpip) (EventID: 4199) (User: )
Description: В системе обнаружен конфликт IP-адреса 0.0.0.0 с системой, имеющей
адрес сетевого устройства 00-17-CC-32-2D-EC. В результате могут быть нарушены
сетевые операции на этих системах.
Error: (07/20/2016 10:42:39 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Сбой при запуске службы «Skype Click to Call Updater» из-за ошибки
%53 = Служба не ответила на запрос своевременно.

Error: (07/20/2016 10:42:39 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Превышение времени ожидания (30000 мс) при ожидании подключения службы «Skype Click to Call Updater».
Error: (07/20/2016 07:19:04 AM) (Source: Tcpip) (EventID: 4199) (User: )
Description: В системе обнаружен конфликт IP-адреса 0.0.0.0 с системой, имеющей
адрес сетевого устройства 00-17-CC-32-2D-EC. В результате могут быть нарушены
сетевые операции на этих системах.
Error: (07/20/2016 06:44:29 AM) (Source: DCOM) (EventID: 10010) (User: Kostja)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}
Error: (07/20/2016 06:43:59 AM) (Source: DCOM) (EventID: 10010) (User: Kostja)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}
Error: (07/19/2016 10:33:45 PM) (Source: DCOM) (EventID: 10010) (User: Kostja)
Description: {BEBA2AA5-B5A7-4DD3-9AD6-43B24CDD3B7D}
Error: (07/19/2016 11:52:14 AM) (Source: Tcpip) (EventID: 4199) (User: )
Description: В системе обнаружен конфликт IP-адреса 0.0.0.0 с системой, имеющей
адрес сетевого устройства 00-17-CC-32-2D-EC. В результате могут быть нарушены
сетевые операции на этих системах.
Error: (07/19/2016 10:33:39 AM) (Source: Tcpip) (EventID: 4199) (User: )
Description: В системе обнаружен конфликт IP-адреса 0.0.0.0 с системой, имеющей
адрес сетевого устройства 00-17-CC-32-2D-EC. В результате могут быть нарушены
сетевые операции на этих системах.
Error: (07/19/2016 07:30:04 AM) (Source: DCOM) (EventID: 10010) (User: Kostja)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}

==================== Memory info ===========================
Processor: Intel(R) Pentium(R) CPU G3258 @ 3.20GHz
Percentage of memory in use: 56%
Total physical RAM: 3982.13 MB
Available physical RAM: 1735.16 MB
Total Virtual: 8078.13 MB
Available Virtual: 5466.88 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:194.97 GB) (Free:135.42 GB) NTFS
Drive d: () (Fixed) (Total:736.2 GB) (Free:661.15 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 4106FC58)
Partition 1: (Active) — (Size=350 MB) — (Type=07 NTFS)
Partition 2: (Not Active) — (Size=195 GB) — (Type=07 NTFS)
Partition 3: (Not Active) — (Size=736.2 GB) — (Type=07 NTFS)
==================== End of Addition.txt ============================