как избавиться от самостоятельно всплывающего во время работы(игры) Яндекс

во время работы(игры) перекрывая все открывается Яндекс
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 10-02-2017
Ran by Пользователь (administrator) on MEGA (11-02-2017 16:11:17)
Running from D:\Загрузки
Loaded Profiles: Пользователь (Available Profiles: Пользователь)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: Русский (Россия)
Internet Explorer Version 8 (Default browser: Yandex Browser)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.1\avp.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Mail.Ru) C:\Program Files (x86)\Mail.Ru\Update Service\mrupdsrv.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Kerish Products) C:\Program Files (x86)\Kerish Doctor\KerishDoctor.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(LLC Mail.Ru) C:\Users\Пользователь\AppData\Local\Mail.Ru\GameCenter\GameCenter@Mail.Ru.exe
() C:\Program Files (x86)\Oscar Editor x7\OscarEditor.exe
(YANDEX LLC) C:\Program Files (x86)\Yandex\YandexBrowser\17.1.0.2034\service_update.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler64.exe
(LLC Mail.Ru) C:\Users\Пользователь\AppData\Local\Mail.Ru\GameCenter\GameCenter@Mail.Ru.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.1\avpui.exe
(YANDEX LLC) C:\Users\Пользователь\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
(YANDEX LLC) C:\Users\Пользователь\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
(YANDEX LLC) C:\Users\Пользователь\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
(YANDEX LLC) C:\Users\Пользователь\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
(YANDEX LLC) C:\Users\Пользователь\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
(YANDEX LLC) C:\Users\Пользователь\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
(YANDEX LLC) C:\Users\Пользователь\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
(YANDEX LLC) C:\Users\Пользователь\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
(BitTorrent Inc.) C:\Users\Пользователь\AppData\Roaming\uTorrent\uTorrent.exe
(YANDEX LLC) C:\Users\Пользователь\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\…\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2585744 2015-10-13] (NVIDIA Corporation)
HKLM\…\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKU\S-1-5-21-4011927263-3324289307-1760038168-1000\…\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8891608 2016-07-13] (Piriform Ltd)
HKU\S-1-5-21-4011927263-3324289307-1760038168-1000\…\Run: [GameCenterMailRu] => C:\Users\Пользователь\AppData\Local\Mail.Ru\GameCenter\GameCenter@Mail.Ru.exe [5754784 2017-02-08] (LLC Mail.Ru)
HKU\S-1-5-21-4011927263-3324289307-1760038168-1000\…\Run: [OscarEditor] => C:\Program Files (x86)\Oscar Editor x7\OscarEditor.exe [3340288 2012-03-20] ()
HKU\S-1-5-21-4011927263-3324289307-1760038168-1000\…\MountPoints2: {074d9e05-7c7e-11e4-b021-806e6f6e6963} — E:\autorun.exe
HKU\S-1-5-21-4011927263-3324289307-1760038168-1000\…\MountPoints2: {4f632662-da2d-11e6-b422-448a5b5cb823} — F:\Lenovo_Suite.exe
GroupPolicy: Restriction — Windows Defender <======= ATTENTION
GroupPolicy\User: Restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{DA0DAD3F-8714-42B0-A948-7E419F26C095}: [DhcpNameServer] 192.168.0.1
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-4011927263-3324289307-1760038168-1000\Software\Microsoft\Internet Explorer\Main,Start Page =
SearchScopes: HKU\S-1-5-21-4011927263-3324289307-1760038168-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://yandex.ru/search/?win=191&clid=2105524-500&text={searchTerms}
SearchScopes: HKU\S-1-5-21-4011927263-3324289307-1760038168-1000 -> 5AC25DAC72072DB8F69E28028DBA1BBC URL = hxxp://www.bing.com/search?FORM=SK2MDF&PC=SK2M&q={searchTerms}&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-4011927263-3324289307-1760038168-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://yandex.ru/search/?win=191&clid=2105524-500&text={searchTerms}
BHO: Kaspersky Protection -> {03993315-5CE9-4F00-8790-D14A94F1D91A} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.1\x64\IEExt\ie_plugin.dll [2016-12-02] (AO Kaspersky Lab)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2014-12-05] (Oracle Corporation)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2014-12-05] (Oracle Corporation)
BHO: Kaspersky Password Manager -> {F710F7E5-A520-471D-989C-F653AC328FB2} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Password Manager 8.0.5\x64\ie_engine.dll [2016-07-15] (AO Kaspersky Lab)
BHO-x32: Kaspersky Protection -> {03993315-5CE9-4F00-8790-D14A94F1D91A} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.1\IEExt\ie_plugin.dll [2016-12-02] (AO Kaspersky Lab)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2014-12-05] (Oracle Corporation)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)
BHO-x32: No Name -> {B69F34DD-F0F9-42DC-9EDD-957187DA688D} -> No File
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2014-12-05] (Oracle Corporation)
BHO-x32: Kaspersky Password Manager -> {F710F7E5-A520-471D-989C-F653AC328FB2} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Password Manager 8.0.5\ie_engine.dll [2016-07-15] (AO Kaspersky Lab)
Toolbar: HKLM — Kaspersky Protection Toolbar — {001032CB-B0AC-4F2C-A650-AD4B2B26E5DA} — C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.1\x64\IEExt\ie_plugin.dll [2016-12-02] (AO Kaspersky Lab)
Toolbar: HKLM-x32 — Kaspersky Protection Toolbar — {001032CB-B0AC-4F2C-A650-AD4B2B26E5DA} — C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.1\IEExt\ie_plugin.dll [2016-12-02] (AO Kaspersky Lab)
Toolbar: HKU\S-1-5-21-4011927263-3324289307-1760038168-1000 -> No Name — {91397D20-1446-11D4-8AF4-0040CA1127B6} — No File
Handler: skypec2c — {91774881-D725-4E58-B298-07617B9B86A8} — C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation)
Handler-x32: skypec2c — {91774881-D725-4E58-B298-07617B9B86A8} — C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)
Filter: deflate — {8f6b0360-b80d-11d0-a9b3-006097942311} — C:\Windows\system32\urlmon.dll [2010-11-21] (Microsoft Corporation)
Filter-x32: deflate — {8f6b0360-b80d-11d0-a9b3-006097942311} — C:\Windows\SysWOW64\urlmon.dll [2010-11-21] (Microsoft Corporation)
Filter: gzip — {8f6b0360-b80d-11d0-a9b3-006097942311} — C:\Windows\system32\urlmon.dll [2010-11-21] (Microsoft Corporation)
Filter-x32: gzip — {8f6b0360-b80d-11d0-a9b3-006097942311} — C:\Windows\SysWOW64\urlmon.dll [2010-11-21] (Microsoft Corporation)
FireFox:
========
FF ProfilePath: C:\Users\Пользователь\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default [2017-02-11] FF user.js: detected! => C:\Users\Пользователь\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\user.js [2015-12-07] FF NewTab: Mozilla\Firefox\Profiles\nahd6ha2.default -> yafd:tabs
FF DefaultSearchEngine: Mozilla\Firefox\Profiles\nahd6ha2.default -> Google
FF SelectedSearchEngine: Mozilla\Firefox\Profiles\nahd6ha2.default -> Поиск@Mail.Ru
FF Homepage: Mozilla\Firefox\Profiles\nahd6ha2.default -> about:home
FF Keyword.URL: Mozilla\Firefox\Profiles\nahd6ha2.default -> hxxp://go.mail.ru/distib/ep/?product_id=%7B9F950E03-3A9D-43F5-A1C4-B18B137F4AA8%7D&gp=820333
FF Extension: (Домашняя страница Mail.Ru) — C:\Users\Пользователь\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\Extensions\homepage@mail.ru [2016-06-23] FF Extension: (Поиск@Mail.Ru) — C:\Users\Пользователь\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\Extensions\search@mail.ru [2016-06-23] FF Extension: (Visual Bookmarks) — C:\Users\Пользователь\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\Extensions\vb@yandex.ru.xpi [2015-12-07] [not signed] FF Extension: (&Yandex Elements&) — C:\Users\Пользователь\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\Extensions\yasearch@yandex.ru.xpi [2015-12-07] FF Extension: (Визуальные закладки @Mail.Ru) — C:\Users\Пользователь\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\Extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7} [2015-12-26] FF Extension: (HTML5 location provider) — C:\Users\Пользователь\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\Extensions\{B100D0FF-0001-8CE4-2790-AACE49B8AE35} [2015-02-08] [not signed] FF Extension: (No Name) — C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 16.0.0\FFExt\light_plugin_firefox [not found] FF SearchPlugin: C:\Users\Пользователь\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\searchplugins\mailru.xml [2016-06-23] FF SearchPlugin: C:\Users\Пользователь\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\searchplugins\yandex.ru-121647.xml [2015-01-05] FF HKLM-x32\…\Firefox\Extensions: [light_plugin_ACF0E80077C511E59DED005056C00008@kaspersky.com] — C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.1\FFExt\light_plugin_firefox\addon.xpi
FF Extension: (Kaspersky Protection) — C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.1\FFExt\light_plugin_firefox\addon.xpi [2016-12-02] FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_24_0_0_194.dll [2017-01-10] ()
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2013-04-02] (Foxit Corporation)
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2013-04-02] (Foxit Corporation)
FF Plugin: @java.com/DTPlugin,version=10.45.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-12-05] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2014-12-05] (Oracle Corporation)
FF Plugin-x32: @adobe.com/AuthorwarePlayer -> C:\Windows\system32\Macromed\AUTHORWA\np32asw.dll [No File] FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_24_0_0_194.dll [2017-01-10] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1207148.dll [No File] FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2013-04-02] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2013-04-02] (Foxit Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-12-05] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2014-12-05] (Oracle Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-10-13] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-10-13] (NVIDIA Corporation)
FF Plugin-x32: @raidcall.en/RCplugin -> C:\Users\Пользователь\AppData\Roaming\raidcall\plugins\nprcplugin.dll [2015-03-18] (Raidcall)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-04-26] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-12-23] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-4011927263-3324289307-1760038168-1000: @mail.ru/GameCenter -> C:\Users\Пользователь\AppData\Local\Mail.Ru\GameCenter\NPDetector.dll [2016-09-24] (LLC Mail.Ru)
Chrome:
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> yandex.ru/?clid=2163430
CHR StartupUrls: Default -> «hxxps://www.google.ru/webhp?ie=UTF-8&rct=j»,»hxxps://www.yandex.ru/»
CHR DefaultSearchURL: Default -> hxxps://yandex.ru/{yandex:searchPath}?text={searchTerms}
CHR DefaultSearchKeyword: Default -> yandex.ru_
CHR DefaultNewTabURL: Default -> hxxps://www.yandex.ru/chrome/newtab
CHR DefaultSuggestURL: Default -> hxxps://suggest.yandex.ru/suggest-ff.cgi?part={searchTerms}
CHR Session Restore: Default -> is enabled.
CHR Profile: C:\Users\Пользователь\AppData\Local\Google\Chrome\User Data\Default [2017-02-11] CHR Extension: (Mail.Ru) — C:\Users\Пользователь\AppData\Local\Google\Chrome\User Data\Default\Extensions\ahnphcmhmhcjjcjhmnnjjlbmaeljecga [2016-06-23] CHR Extension: (Яндекс) — C:\Users\Пользователь\AppData\Local\Google\Chrome\User Data\Default\Extensions\emdfomeimchipjggcigmbmeocjncbdgo [2016-12-07] CHR Extension: (Яндекс) — C:\Users\Пользователь\AppData\Local\Google\Chrome\User Data\Default\Extensions\laddjijkcfpakbbnnedbhnnciecidncp [2016-12-09] CHR Extension: (Стартовая — Яндекс) — C:\Users\Пользователь\AppData\Local\Google\Chrome\User Data\Default\Extensions\lalfiodohdgaejjccfgfmmngggpplmhp [2016-09-28] CHR Extension: (Kaspersky Protection) — C:\Users\Пользователь\AppData\Local\Google\Chrome\User Data\Default\Extensions\lpeeaghdjmhlakojjcgfdhgcejdaefmi [2017-01-27] CHR Extension: (Менеджер браузеров) — C:\Users\Пользователь\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgkbofmmnlpcojllljenlamflhidfkna [2015-10-24] CHR Extension: (Яндекс) — C:\Users\Пользователь\AppData\Local\Google\Chrome\User Data\Default\Extensions\nehapofakghljopfegjogpgpeljkhjjn [2016-12-09] CHR Extension: (Платежная система Интернет-магазина Chrome) — C:\Users\Пользователь\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-01-19] CHR Extension: (Яндекс) — C:\Users\Пользователь\AppData\Local\Google\Chrome\User Data\Default\Extensions\obljgommdlocbendaldnhhinpjbmdmcn [2017-01-26] CHR Extension: (Визуальные закладки) — C:\Users\Пользователь\AppData\Local\Google\Chrome\User Data\Default\Extensions\pchfckkccldkbclgdepkaonamkignanh [2016-10-31] CHR Extension: (Chrome Media Router) — C:\Users\Пользователь\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-02-08] CHR Profile: C:\Users\Пользователь\AppData\Local\Google\Chrome\User Data\System Profile [2017-02-11] CHR HKLM\…\Chrome\Extension: [lpeeaghdjmhlakojjcgfdhgcejdaefmi] — hxxps://chrome.google.com/webstore/detail/lpeeaghdjmhlakojjcgfdhgcejdaefmi
CHR HKU\S-1-5-21-4011927263-3324289307-1760038168-1000\SOFTWARE\Google\Chrome\Extensions\…\Chrome\Extension: [gebpdbfmpedcnopofelmhndhincfkhki] — hxxps://chrome.google.com/webstore/detail/gebpdbfmpedcnopofelmhndhincfkhki
CHR HKLM-x32\…\Chrome\Extension: [ahnphcmhmhcjjcjhmnnjjlbmaeljecga] — hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\…\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] — hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\…\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] — C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2015-05-01] CHR HKLM-x32\…\Chrome\Extension: [lpeeaghdjmhlakojjcgfdhgcejdaefmi] — hxxps://chrome.google.com/webstore/detail/lpeeaghdjmhlakojjcgfdhgcejdaefmi
Opera:
=======
OPR StartupUrls: «hxxp://www.yandex.ru/?win=153&clid=1987499»
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AVP16.0.1; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.1\avp.exe [236928 2015-12-22] (AO Kaspersky Lab)
S4 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1394816 2015-05-01] (Microsoft Corporation)
S3 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1772672 2015-05-01] (Microsoft Corporation)
S3 defragsvc; C:\Windows\System32\defragsvc.dll [291328 2009-07-14] (Корпорация Майкрософт)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148560 2015-10-13] (NVIDIA Corporation)
S3 klvssbrigde64; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.1\x64\vssbridge64.exe [152488 2015-12-22] (AO Kaspersky Lab)
R2 mrupdsrv; C:\Program Files (x86)\Mail.Ru\Update Service\mrupdsrv.exe [2187992 2016-06-01] (Mail.Ru)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1706128 2015-10-13] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [21833360 2015-10-13] (NVIDIA Corporation)
S3 ServiceLayer; C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe [615936 2010-06-14] (Nokia) [File not signed] R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)
S3 WPCSvc; C:\Windows\System32\wpcsvc.dll [12288 2009-07-14] (Корпорация Майкрософт)
S3 WPCSvc; C:\Windows\SysWOW64\wpcsvc.dll [10752 2009-07-14] (Корпорация Майкрософт)
R2 YandexBrowserService; C:\Program Files (x86)\Yandex\YandexBrowser\17.1.0.2034\service_update.exe [626168 2017-01-12] (YANDEX LLC)
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R0 amdide64; C:\Windows\System32\DRIVERS\amdide64.sys [11944 2012-12-04] (Advanced Micro Devices Inc.)
R0 asstor64; C:\Windows\System32\DRIVERS\asstor64.sys [77600 2014-03-26] (Asmedia Technology)
R0 cm_km; C:\Windows\System32\DRIVERS\cm_km.sys [389816 2015-07-06] (Kaspersky Lab ZAO)
R3 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2016-02-13] (DT Soft Ltd)
R2 inpoutx64; C:\Windows\System32\Drivers\inpoutx64.sys [15008 2016-09-06] (Highresolution Enterprises [www.highrez.co.uk])
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [478392 2015-09-11] (Kaspersky Lab ZAO)
R0 klbackupdisk; C:\Windows\System32\DRIVERS\klbackupdisk.sys [53432 2015-06-06] (Kaspersky Lab ZAO)
R1 klbackupflt; C:\Windows\System32\DRIVERS\klbackupflt.sys [79240 2015-12-01] (AO Kaspersky Lab)
R2 kldisk; C:\Windows\System32\DRIVERS\kldisk.sys [78200 2015-12-02] (AO Kaspersky Lab)
R3 klflt; C:\Windows\System32\DRIVERS\klflt.sys [182152 2015-12-11] (AO Kaspersky Lab)
R1 klhk; C:\Windows\System32\DRIVERS\klhk.sys [236432 2016-12-02] (AO Kaspersky Lab)
R3 klids; C:\ProgramData\Kaspersky Lab\AVP16.0.1\Bases\klids.sys [182360 2017-02-11] (AO Kaspersky Lab)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [1001304 2016-08-16] (AO Kaspersky Lab)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [50776 2016-04-29] (AO Kaspersky Lab)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [52608 2015-11-11] (AO Kaspersky Lab)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [41648 2015-06-07] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [45960 2015-12-07] (AO Kaspersky Lab)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [65208 2015-06-11] (Kaspersky Lab ZAO)
R1 Klwtp; C:\Windows\System32\DRIVERS\klwtp.sys [110424 2016-08-16] (AO Kaspersky Lab)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [194440 2015-12-03] (AO Kaspersky Lab)
R0 mountmgr; C:\Windows\System32\drivers\mountmgr.sys [94592 2010-11-21] (Корпорация Майкрософт)
S3 nmwcdcx64; C:\Windows\System32\drivers\ccdcmbox64.sys [25088 2010-02-26] (Nokia)
S3 nmwcdx64; C:\Windows\System32\drivers\ccdcmbx64.sys [19456 2010-02-26] (Nokia)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2015-10-13] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38032 2015-10-13] (NVIDIA Corporation)
R3 rusb3hub; C:\Windows\System32\DRIVERS\rusb3hub.sys [114568 2012-08-27] (Renesas Electronics Corporation)
R3 rusb3xhc; C:\Windows\System32\DRIVERS\rusb3xhc.sys [230280 2012-08-27] (Renesas Electronics Corporation)
S3 UsbserFilt; C:\Windows\System32\DRIVERS\usbser_lowerfltx64j.sys [9216 2010-02-26] (Nokia)
R0 volmgrx; C:\Windows\System32\drivers\volmgrx.sys [363392 2010-11-21] (Корпорация Майкрософт)
S3 VGPU; System32\drivers\rdvgkmd.sys [X] ==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-02-04 20:32 — 2017-02-04 20:32 — 00001083 _____ C:\Users\Public\Desktop\Oscar Editor x7.lnk
2017-02-04 20:32 — 2017-02-04 20:32 — 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Oscar Editor x7
2017-02-04 20:32 — 2017-02-04 20:32 — 00000000 ____D C:\Program Files (x86)\Oscar Editor x7
2017-01-22 18:57 — 2017-01-22 18:57 — 00000071 _____ C:\Users\Пользователь\Desktop\фотография.url
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-02-11 16:11 — 2016-09-06 16:22 — 00000000 ____D C:\FRST
2017-02-11 16:11 — 2014-12-05 16:28 — 00000000 ____D C:\Users\Пользователь\AppData\Roaming\uTorrent
2017-02-11 15:28 — 2014-12-05 16:45 — 00000896 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2017-02-11 15:24 — 2016-10-20 14:54 — 00003244 _____ C:\Windows\System32\Tasks\Kerish Doctor
2017-02-11 15:14 — 2016-12-14 08:28 — 00000958 _____ C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job
2017-02-11 15:14 — 2014-12-05 16:33 — 00000000 ____D C:\Windows\SysWOW64\Macromed
2017-02-11 14:28 — 2014-12-05 16:59 — 00000000 ____D C:\Users\Все пользователи\Kaspersky Lab
2017-02-11 14:28 — 2014-12-05 16:59 — 00000000 ____D C:\ProgramData\Kaspersky Lab
2017-02-11 13:24 — 2016-08-07 09:24 — 00000468 _____ C:\Windows\Tasks\Системное обновление Браузера Яндекс.job
2017-02-11 12:20 — 2015-10-19 19:05 — 00003424 _____ C:\Windows\System32\Tasks\Обновление Браузера Яндекс
2017-02-11 12:20 — 2015-10-19 19:05 — 00000426 _____ C:\Windows\Tasks\Обновление Браузера Яндекс.job
2017-02-11 12:17 — 2009-07-14 07:45 — 00021072 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-02-11 12:17 — 2009-07-14 07:45 — 00021072 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-02-11 12:10 — 2017-01-01 10:51 — 00308648 _____ C:\Windows\system32\FNTCACHE.DAT
2017-02-11 12:09 — 2016-08-07 09:24 — 00003560 _____ C:\Windows\System32\Tasks\Системное обновление Браузера Яндекс
2017-02-11 12:09 — 2014-12-05 16:15 — 00000000 ____D C:\Users\Все пользователи\NVIDIA
2017-02-11 12:09 — 2014-12-05 16:15 — 00000000 ____D C:\ProgramData\NVIDIA
2017-02-11 12:09 — 2009-07-14 08:08 — 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-02-11 09:30 — 2017-01-01 11:57 — 00066328 _____ C:\Users\Пользователь\AppData\Local\GDIPFONTCACHEV1.DAT
2017-02-11 09:13 — 2014-12-05 21:07 — 00000000 ____D C:\Program Files (x86)\Kerish Doctor
2017-02-10 18:40 — 2009-07-14 06:20 — 00000000 ____D C:\Windows\inf
2017-02-08 20:00 — 2015-09-18 17:45 — 00000000 ____D C:\Users\Пользователь\AppData\LocalLow\uTorrent
2017-02-07 19:33 — 2016-07-06 19:24 — 00002181 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-02-07 19:33 — 2016-07-02 03:43 — 00002193 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-02-07 09:19 — 2009-07-14 08:08 — 00032618 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2017-02-04 20:29 — 2016-02-17 10:33 — 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2017-02-04 20:29 — 2016-01-11 10:01 — 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2017-02-04 20:29 — 2014-12-05 16:29 — 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SAM CoDeC Pack
2017-02-04 20:29 — 2014-12-05 16:29 — 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack
2017-02-04 20:29 — 2014-12-05 16:27 — 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Total Commander
2017-02-04 20:29 — 2014-12-05 16:25 — 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2017-02-04 16:49 — 2014-12-05 16:30 — 00000000 ____D C:\Users\Пользователь\AppData\Roaming\vlc
2017-02-01 10:09 — 2016-01-21 22:49 — 00000000 ____D C:\Users\Пользователь\Desktop\3,14
2017-01-31 13:13 — 2015-01-05 12:26 — 00002532 _____ C:\Users\Пользователь\Desktop\Yandex.lnk
2017-01-31 13:13 — 2014-12-05 21:18 — 00000000 ____D C:\Users\Все пользователи\Yandex
2017-01-31 13:13 — 2014-12-05 21:18 — 00000000 ____D C:\ProgramData\Yandex
2017-01-20 18:01 — 2016-12-31 15:06 — 00002471 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-01-12 17:37 — 2014-12-05 16:03 — 00000000 ____D C:\Users\Пользователь
2017-01-12 14:28 — 2016-12-14 08:28 — 00003958 _____ C:\Windows\System32\Tasks\Adobe Flash Player PPAPI Notifier
2017-01-12 14:28 — 2014-12-05 16:45 — 00003834 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2017-01-12 14:28 — 2014-12-05 16:41 — 00000000 ____D C:\Windows\system32\Macromed
2017-01-12 14:28 — 2013-12-11 06:00 — 00802904 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-01-12 14:28 — 2013-12-11 06:00 — 00144472 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
==================== Files in the root of some directories =======
2014-12-05 16:11 — 2014-12-05 16:11 — 0000000 ____H () C:\ProgramData\DP45977C.lfl
2016-08-29 20:39 — 2016-08-29 20:39 — 0000260 _____ () C:\ProgramData\fontcacheev1.dat
2015-09-11 21:24 — 2015-09-11 21:24 — 0000016 _____ () C:\ProgramData\mntemp
2015-09-11 21:24 — 2015-09-11 21:24 — 0004105 _____ () C:\ProgramData\wmzddnmb.cix
Files to move or delete:
====================
C:\ProgramData\fontcacheev1.dat
C:\Users\Все пользователи\fontcacheev1.dat

==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2017-02-11 13:39
==================== End of FRST.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 10-02-2017
Ran by Пользователь (11-02-2017 16:13:07)
Running from D:\Загрузки
Windows 7 Ultimate Service Pack 1 (X64) (2014-12-05 13:03:36)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================
ASPNET (S-1-5-21-4011927263-3324289307-1760038168-1002 — Limited — Enabled)
Администратор (S-1-5-21-4011927263-3324289307-1760038168-500 — Administrator — Disabled)
Гость (S-1-5-21-4011927263-3324289307-1760038168-501 — Limited — Disabled)
Пользователь (S-1-5-21-4011927263-3324289307-1760038168-1000 — Administrator — Enabled) => C:\Users\Пользователь
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Kaspersky Total Security (Enabled — Up to date) {86367591-4BE4-AE08-2FD9-7FCB8259CD98}
AS: Kaspersky Total Security (Enabled — Up to date) {3D579475-6DDE-A186-1569-44B9F9DE8725}
AS: Windows Defender (Enabled — Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Total Security (Enabled) {BE0DF4B4-018B-AF50-0486-D6FE7C8A8AE3}
==================== Installed Programs ======================
(Only the adware programs with «Hidden» flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
µTorrent (HKU\S-1-5-21-4011927263-3324289307-1760038168-1000\…\uTorrent) (Version: 3.3.2.30416 — BitTorrent Inc.)
ABBYY FineReader 11 Corporate Edition (HKLM-x32\…\{F1100000-0007-0000-0000-074957833700}) (Version: 11.0.289 — ABBYY)
Adobe Acrobat Reader DC — Russian (HKLM-x32\…\{AC76BA86-7AD7-1049-7B44-AC0F074E4100}) (Version: 15.023.20056 — Adobe Systems Incorporated)
Adobe Flash Player 24 NPAPI (HKLM-x32\…\Adobe Flash Player NPAPI) (Version: 24.0.0.194 — Adobe Systems Incorporated)
Adobe Flash Player 24 PPAPI (HKLM-x32\…\Adobe Flash Player PPAPI) (Version: 24.0.0.194 — Adobe Systems Incorporated)
Adobe Shockwave Player + Authorware Web Player (HKLM-x32\…\Adobe Shockwave Player + Authorware Web Player) (Version: v12.0.7.148 — Adobe Systems, Inc.)
Adobe Update version 1.0 (HKLM-x32\…\{A676F2B7-54DE-49B0-A2F0-6DB40CC85984}_is1) (Version: 1.0 — Adobe System Incorporated)
AIMP v2.61 Build 583 (HKLM-x32\…\AIMP2_is1) (Version: v2.61 Build 583 — © Habetdin)
Ashampoo Burning Studio 6 FREE v.6.84 (HKLM-x32\…\Ashampoo Burning Studio 6 FREE_is1) (Version: 6.8.4 — Ashampoo GmbH & Co. KG)
CCleaner (HKLM\…\CCleaner) (Version: 5.20 — Piriform)
DAEMON Tools Pro 5.3.0.0359 (HKLM\…\DAEMON Tools Pro_is1) (Version: 5.3.0.0359 — l-rePack®)
FastStone Image Viewer (HKLM-x32\…\FastStone Image Viewer) (Version: 4.6 — FastStone Soft)
Foxit Reader 6.0.3.524 (HKLM\…\Foxit Reader) (Version: v 6.0.3.524 — oszone.net)
Google Chrome (HKLM-x32\…\{FD78FCBB-B20E-370E-BA1C-FE6886D4214F}) (Version: 56.0.2924.87 — Google, Inc.)
Google Update Helper (x32 Version: 1.3.32.7 — Google Inc.) Hidden
Html5 geolocation provider (HKLM-x32\…\{D492942E-9368-48D9-BB8B-68E8E4CE2D43}) (Version: 3.8.0.912 — AlterGeo)
ICE Book Reader Professional (HKLM-x32\…\ICE Book Reader Professional) (Version: 9.1.0 — )
Java 7 Update 45 (64-bit) (HKLM\…\{26A24AE4-039D-4CA4-87B4-2F86417045FF}) (Version: 7.0.450 — Oracle)
Java 7 Update 45 (HKLM-x32\…\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.450 — Oracle)
Java SE Development Kit 7 Update 45 (64-bit) (HKLM\…\{64A3A4F4-B792-11D6-A78A-00B0D0170450}) (Version: 1.7.0.450 — Oracle)
Java SE Development Kit 7 Update 45 (HKLM-x32\…\{32A3A4F4-B792-11D6-A78A-00B0D0170450}) (Version: 1.7.0.450 — Oracle)
Kaspersky Password Manager (HKLM-x32\…\InstallWIX_{2C74A102-DC39-4158-A831-02BDE2EC7D5D}) (Version: 8.0.5.485 — Kaspersky Lab)
Kaspersky Password Manager (x32 Version: 8.0.5.485 — Kaspersky Lab) Hidden
Kaspersky Total Security (HKLM-x32\…\InstallWIX_{F575F386-57EF-4943-B003-A13F13B05EEB}) (Version: 16.0.1.445 — Лаборатория Касперского)
Kaspersky Total Security (x32 Version: 16.0.1.445 — Лаборатория Касперского) Hidden
Kerish Doctor 2017 (HKLM-x32\…\{EF70A54F-E09E-4570-8F21-C7674CDDB5B6}_is1) (Version: 4.65 — Kerish Products)
K-Lite Mega Codec Pack 9.9.5 (HKLM-x32\…\KLiteCodecPack_is1) (Version: 9.9.5 — )
Light Alloy 4.7.6.799 (HKLM-x32\…\Light Alloy) (Version: 4.7.6.799 — )
Microsoft .NET Framework 1.1 Security Update (KB2698023) (HKLM-x32\…\M2698023) (Version: — )
Microsoft .NET Framework 1.1 Service Pack 1 (HKLM-x32\…\M2833941) (Version: — )
Microsoft .NET Framework 1.1 Service Pack 1 (HKLM-x32\…\Microsoft .NET Framework 1.1 (1033)) (Version: — Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\…\{92FB6C44-E685-45AD-9B20-CADF4CABA132} — 1033) (Version: 4.5.51209 — Microsoft Corporation)
Microsoft Office Стандартный 2007 (HKLM-x32\…\STANDARD) (Version: 12.0.4518.1014 — Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable — x64 8.0.61000 (HKLM\…\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 — Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable — x86 8.0.61001 (HKLM-x32\…\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 — Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable — x64 9.0.30729.6161 (HKLM\…\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 — Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable — x86 9.0.30729.6161 (HKLM-x32\…\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 — Microsoft Corporation)
Microsoft Visual C++ 2010 Redistributable — x64 10.0.40219 (HKLM\…\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 — Microsoft Corporation)
Microsoft Visual C++ 2010 Redistributable — x86 10.0.40219 (HKLM-x32\…\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 — Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) — 11.0.61030 (HKLM-x32\…\{a2199617-3609-410f-a8e8-e8806c73545b}) (Version: 11.0.61030.0 — Корпорация Майкрософт)
Microsoft Visual C++ 2012 Redistributable (x86) — 11.0.61030 (HKLM-x32\…\{f0080ca2-80ae-4958-b6eb-e8fa916d744a}) (Version: 11.0.61030.0 — Корпорация Майкрософт)
Microsoft Visual C++ 2013 Redistributable (x64) — 12.0.21005 (HKLM-x32\…\{51adbf11-493f-431c-a862-967a0fae2944}) (Version: 12.0.21005.1 — Корпорация Майкрософт)
Microsoft Visual C++ 2013 Redistributable (x86) — 12.0.21005 (HKLM-x32\…\{2af972c7-13b0-4978-92a8-fee26a4fb4e9}) (Version: 12.0.21005.1 — Корпорация Майкрософт)
MPC-HC 1.7.1.158 (HKLM-x32\…\MPC HomeCinema_is1) (Version: 1.7.1.158 — MPC-HC Team)
MSVC80_x64_v2 (Version: 1.0.3.0 — Nokia) Hidden
MSVC80_x86_v2 (x32 Version: 1.0.3.0 — Nokia) Hidden
Nero Burning ROM (HKLM-x32\…\Nero Burning ROM) (Version: — )
Nokia Connectivity Cable Driver (HKLM-x32\…\{1B9B5B3B-28E7-4E59-A80D-D670AA984514}) (Version: 7.1.29.0 — Nokia)
Nokia PC Suite (HKLM-x32\…\Nokia PC Suite) (Version: 7.1.51.0 — Nokia)
Nokia PC Suite (x32 Version: 7.1.51.0 — Nokia) Hidden
NVIDIA GeForce Experience 2.2.2 (HKLM\…\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.2.2 — NVIDIA Corporation)
NVIDIA Графический драйвер 341.92 (HKLM\…\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 341.92 — NVIDIA Corporation)
NVIDIA Драйвер 3D Vision 341.92 (HKLM\…\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 341.92 — NVIDIA Corporation)
NVIDIA Драйвер контроллера 3D Vision 340.50 (HKLM\…\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 340.50 — NVIDIA Corporation)
NVIDIA Системное программное обеспечение PhysX 9.13.1220 (HKLM\…\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 — NVIDIA Corporation)
Oscar Editor x7, версия 1 (HKLM-x32\…\{60978EB4-A9EB-4C80-ABCC-53B59F6828FB}_is1) (Version: 1 — OlegAnykey)
PC Connectivity Solution (HKLM-x32\…\{089DD780-DB3F-4CDB-A0C2-111360247298}) (Version: 10.24.0.0 — Nokia)
PCRADIO 4.0.5 (HKLM-x32\…\PCRadio_is1) (Version: — pcradio.ru)
RadioSure (HKU\S-1-5-21-4011927263-3324289307-1760038168-1000\…\RadioSure) (Version: — )
RaidCall (HKLM-x32\…\RaidCall) (Version: 7.3.6-1.2.13009.198 — raidcall.com.ru)
Realtek High Definition Audio Driver (HKLM-x32\…\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7348 — Realtek Semiconductor Corp.)
SAM CoDeC Pack (HKLM\…\SAM CoDeC Pack) (Version: 5.35 — http://www.SamLab.ws)
SHIELD Streaming (Version: 4.0.1000 — NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 17.12.8 — NVIDIA Corporation) Hidden
Skype Click to Call (HKLM-x32\…\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.4.0.9058 — Microsoft Corporation)
Skype™ 7.25 (HKLM-x32\…\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.25.106 — Skype Technologies S.A.)
STDU Viewer Utilities 1.6.160.0 (HKLM\…\STDU Viewer Utilities) (Version: v 1.6.160.0 — liben, oszone.net)
Total Commander 8.01 PowerPack (HKLM-x32\…\Total Commander) (Version: — )
VLC media player (HKLM-x32\…\VLC media player) (Version: 2.2.3 — VideoLAN)
Warface (HKU\S-1-5-21-4011927263-3324289307-1760038168-1000\…\Warface) (Version: 1.185 — Mail.Ru)
WarfaceLoader, версия 1.8 (HKLM-x32\…\{6860B37E-5EF3-4F62-B496-A4278EFCCAFB}_is1) (Version: 1.8 — )
WinRAR 5.01 (64-разрядная) (HKLM\…\WinRAR Archiver) (Version: 5.0.1.0 — win.rar GmbH)
Yandex (HKU\S-1-5-21-4011927263-3324289307-1760038168-1000\…\YandexBrowser) (Version: 17.1.0.2034 — ООО «ЯНДЕКС»)
Игровой центр (HKU\S-1-5-21-4011927263-3324289307-1760038168-1000\…\GameCenterMailRu) (Version: 3.1231 — ООО «Мэйл.Ру Геймз»)
Менеджер браузеров (x32 Version: 2.3.0.619 — Яндекс) Hidden
Обновления NVIDIA 17.12.8 (Version: 17.12.8 — NVIDIA Corporation) Hidden
Пакет драйверов Windows — Nokia pccsmcfd (08/22/2008 7.0.0.0) (HKLM\…\FCEC33AD40CEA5E0FC4CEE6E42041A0DA189652D) (Version: 08/22/2008 7.0.0.0 — Nokia)
Панель управления NVIDIA 341.92 (Version: 341.92 — NVIDIA Corporation) Hidden
Поддержка программ Apple (HKLM-x32\…\{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}) (Version: 2.3.4 — Apple Inc.)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-4011927263-3324289307-1760038168-1000_Classes\CLSID\{D6F91AE3-0A00-8EAF-EC01-3A87021B2FBC}\InprocServer32 -> C:\Windows\system32\ole32.dll (Microsoft Corporation)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {0DCF57B9-5605-498E-864B-6C306B636814} — System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-07-02] (Google Inc.)
Task: {0EA0A35C-03A1-414A-AC20-48C1A6AC92B0} — System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-12-19] (Adobe Systems Incorporated)
Task: {19DAFFDD-3AE4-4558-878F-AF9E44474BA6} — System32\Tasks\System_service => c:\Temp\System32\start.vbs [2016-06-17] () <==== ATTENTION
Task: {5A40E926-9E86-4B89-9CFD-B12311724371} — System32\Tasks\Microsoft\Windows\UPnP\UPnPHostConfig => sc.execonfig upnphost start= auto
Task: {667EB224-3007-4B57-8F2A-4CC88C5469D5} — System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-01-12] (Adobe Systems Incorporated)
Task: {84EFF3AC-F754-470F-BA6C-338B159C0A66} — System32\Tasks\Обновление Браузера Яндекс => C:\Users\Пользователь\AppData\Local\Yandex\YandexBrowser\Application\browser.exe [2017-01-12] (YANDEX LLC)
Task: {90A640AB-79DF-45B7-9D55-5DB477DB210D} — System32\Tasks\{657A95D2-9512-4C42-BA97-ACDCF908E79B} => C:\Users\Пользователь\AppData\Roaming\uTorrent\uTorrent.exe [2014-12-05] (BitTorrent Inc.)
Task: {915FFD99-99FD-45C9-9B9B-9E822339E04C} — System32\Tasks\System_update => c:\Temp\System32\start.vbs [2016-06-17] () <==== ATTENTION
Task: {AC4E5ACF-89F7-4220-BA21-81EE183975E2} — System32\Tasks\Microsoft\Windows\Application Experience\AitAgent => C:\Windows\system32\aitagent.exe [2010-11-21] (Корпорация Майкрософт (Microsoft Corp.))
Task: {C047E1C5-F836-427B-B9AD-6E8BC865DBF3} — System32\Tasks\{E345F56A-8DA5-431F-AE11-9F0250CAC2ED} => c:\users\Пользователь\appdata\local\yandex\yandexbrowser\application\browser.exe [2017-01-12] (YANDEX LLC)
Task: {C7D0241A-A431-4400-9CD3-27B3EDDFDDEA} — System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-07-02] (Google Inc.)
Task: {CC4A08C2-9821-4CB7-BE30-2221A89E37E8} — System32\Tasks\Системное обновление Браузера Яндекс => C:\Program Files (x86)\Yandex\YandexBrowser\17.1.0.2034\service_update.exe [2017-01-12] (YANDEX LLC)
Task: {D0EF526D-4791-46DC-9425-0FD5B54F5064} — System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_24_0_0_194_pepper.exe [2017-01-12] (Adobe Systems Incorporated)
Task: {D2881EEE-2785-40C9-8C92-C0D58ED88C83} — System32\Tasks\{DE39EEB2-5CA9-4B0D-B9C6-9AA8C9A333FE} => Chrome.exe hxxp://www.skype.com/go/downloading?source=lightinstaller&amp;ver=6.16.66.105&amp;LastError=404
Task: {DD598093-7C12-40B4-A3B3-7CA598ED5F92} — System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-07-13] (Piriform Ltd)
Task: {DD9F510C-95F4-499A-90C8-BAC5BC372FF4} — System32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTask => sc.exestart sppsvc
Task: {F9628D80-4447-4ACA-B036-77B49D493EF7} — System32\Tasks\Kerish Doctor => C:\Program Files (x86)\Kerish Doctor\KerishDoctor.exe [2017-02-11] (Kerish Products)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_24_0_0_194_pepper.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\Обновление Браузера Яндекс.job => C:\Users\Пользователь\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
Task: C:\Windows\Tasks\Системное обновление Браузера Яндекс.job => C:\Program Files (x86)\Yandex\YandexBrowser\17.1.0.2034\service_update.exe
==================== Shortcuts =============================
(The entries could be listed to be restored or removed.)
Shortcut: C:\Users\Пользователь\Links\Яндекс.Диск.lnk -> C:\Users\Пользователь\YandexDisk (No File) <===== Cyrillic
Shortcut: C:\Users\Пользователь\Downloads\Локальный диск (C) — Ярлык.lnk -> C:\ () <===== Cyrillic
Shortcut: C:\Users\Пользователь\Desktop\Data (D) — Ярлык.lnk -> D:\ () <===== Cyrillic
Shortcut: C:\Users\Пользователь\Desktop\Игровой центр Mail.Ru.lnk -> C:\Users\Пользователь\AppData\Local\Mail.Ru\GameCenter\GameCenter@Mail.Ru.exe (LLC Mail.Ru) <===== Cyrillic
Shortcut: C:\Users\Пользователь\Desktop\Игровой центр@Mail.Ru.lnk -> C:\Users\Пользователь\AppData\Local\Mail.Ru\GameCenter\GameCenter@Mail.Ru.exe (LLC Mail.Ru) <===== Cyrillic
Shortcut: C:\Users\Пользователь\Desktop\СП\Новая папка\MyDocs\Рабочий стол\Загрузки готовые.lnk -> D:\Загрузки готовые () <===== Cyrillic
Shortcut: C:\Users\Пользователь\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mail.Ru\Игровой центр Mail.Ru\Игровой центр Mail.Ru.lnk -> C:\Users\Пользователь\AppData\Local\Mail.Ru\GameCenter\GameCenter@Mail.Ru.exe (LLC Mail.Ru) <===== Cyrillic
ShortcutWithArgument: C:\Users\Пользователь\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Яндекс\Менеджер браузеров\Менеджер браузеров.lnk -> C:\Users\Пользователь\AppData\Local\Yandex\BrowserManager\BrowserManager.exe (Yandex LLC) -> /gui <===== Cyrillic
ShortcutWithArgument: C:\Users\Public\Desktop\Безопасные платежи.lnk -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.1\avpui.exe (AO Kaspersky Lab) -> -safebanking <===== Cyrillic
==================== Loaded Modules (Whitelisted) ==============
2014-12-05 16:15 — 2015-10-13 20:26 — 00125616 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2016-07-13 22:42 — 2016-07-13 22:42 — 00057344 _____ () C:\Program Files\CCleaner\lang\lang-1049.dll
2017-02-04 20:32 — 2012-03-20 11:59 — 03340288 _____ () C:\Program Files (x86)\Oscar Editor x7\OscarEditor.exe
2015-12-22 02:47 — 2015-12-22 02:47 — 00794920 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.1\kpcengine.2.3.dll
2016-09-24 20:05 — 2016-09-24 20:05 — 00144896 _____ () C:\Users\Пользователь\AppData\Local\Mail.Ru\GameCenter\zlib1.dll
2016-09-24 20:05 — 2016-09-24 20:05 — 00076192 _____ () C:\Users\Пользователь\AppData\Local\Mail.Ru\GameCenter\pxd.dll
2016-09-24 20:05 — 2016-09-24 20:05 — 00186272 _____ () C:\Users\Пользователь\AppData\Local\Mail.Ru\GameCenter\LightUpdate.dll
2016-09-24 20:05 — 2016-09-24 20:05 — 02318240 _____ () C:\Users\Пользователь\AppData\Local\Mail.Ru\GameCenter\BigUp2.dll
2016-05-23 21:36 — 2016-05-23 21:36 — 48962048 _____ () C:\Users\Пользователь\AppData\Local\Mail.Ru\GameCenter\Chrome\3.2623.1401\libcef.dll
2017-02-04 20:32 — 2010-12-02 17:56 — 00815104 _____ () C:\Program Files (x86)\Oscar Editor x7\Data\X7\Forms\OSD_Text\OSD_Text.dll
2017-02-04 20:32 — 2011-01-09 20:45 — 00088064 _____ () C:\Program Files (x86)\Oscar Editor x7\DLL\DLL_MouseDeviceManager.dll
2017-02-04 20:32 — 2012-02-07 11:20 — 02413568 _____ () C:\Program Files (x86)\Oscar Editor x7\Data\X7\Forms\ScreenCapture\ScreenCapture.dll
2017-02-04 20:32 — 2011-03-21 19:33 — 00999424 _____ () C:\Program Files (x86)\Oscar Editor x7\Data\X7\Forms\TrayIconWebAdvertisement\TrayIconWebAdvertisement.dll
2017-02-04 20:32 — 2010-09-20 14:18 — 00085504 _____ () C:\Program Files (x86)\Oscar Editor x7\DLL\DLL_ZoomControl.dll
2017-02-04 20:32 — 2010-09-20 14:18 — 00054272 _____ () C:\Program Files (x86)\Oscar Editor x7\DLL\DLL_ScrollbarControl.dll
2017-02-04 20:32 — 2011-04-12 15:14 — 00063488 _____ () C:\Program Files (x86)\Oscar Editor x7\DLL\DLL_AnalyzeGesturesInRight.dll
2017-02-04 20:32 — 2010-11-01 20:16 — 00062976 _____ () C:\Program Files (x86)\Oscar Editor x7\DLL\DLL_AnalyzeGesturesInOne.dll
2017-02-04 20:32 — 2011-08-10 13:43 — 00118272 _____ () C:\Program Files (x86)\Oscar Editor x7\DLL\DLL_Wheel4D.dll
2017-01-31 13:13 — 2017-01-12 16:35 — 01903096 _____ () C:\Users\Пользователь\AppData\Local\Yandex\YandexBrowser\Application\17.1.0.2034\libglesv2.dll
2017-01-31 13:13 — 2017-01-12 16:35 — 00095224 _____ () C:\Users\Пользователь\AppData\Local\Yandex\YandexBrowser\Application\17.1.0.2034\libegl.dll
2017-02-07 19:33 — 2017-02-01 12:01 — 01870168 _____ () C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\libglesv2.dll
2017-02-07 19:33 — 2017-02-01 12:01 — 00085848 _____ () C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\libegl.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The «AlternateShell» will be restored.)

==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 05:34 — 2016-08-08 13:16 — 00001489 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 activate.adobe.com
127.0.0.1 activate-sjc0.adobe.com
127.0.0.1 practivate.adobe.com
127.0.0.1 ereg.adobe.com
127.0.0.1 activate.wip3.adobe.com
127.0.0.1 wip3.adobe.com
127.0.0.1 3dns-3.adobe.com
127.0.0.1 3dns-2.adobe.com
127.0.0.1 adobe-dns.adobe.com
127.0.0.1 adobe-dns-2.adobe.com
127.0.0.1 adobe-dns-3.adobe.com
127.0.0.1 ereg.wip3.adobe.com
127.0.0.1 wwis-dubc1-vip60.adobe.com
127.0.0.1 ood.opsource.net
127.0.0.1 CRL.VERISIGN.NET
127.0.0.1 adobeereg.com
127.0.0.1 OCSP.SPO1.VERISIGN.COM
127.0.0.1 activate-sea.adobe.com
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-4011927263-3324289307-1760038168-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Пользователь\AppData\Roaming\FastStone\FSIV\FSViewerWallPaper.bmp
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
MSCONFIG\startupreg: Adobe ARM => «C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe»
MSCONFIG\startupreg: BingSvc => C:\Users\Пользователь\AppData\Local\Microsoft\BingSvc\BingSvc.exe
MSCONFIG\startupreg: kpm.exe => «C:\Program Files (x86)\Kaspersky Lab\Kaspersky Password Manager 8.0.5\kpm.exe» -autoStart
MSCONFIG\startupreg: MAgent => C:\Program Files (x86)\Mail.RU\Agent\magent.exe -LM
MSCONFIG\startupreg: OscarEditor => «C:\Program Files (x86)\OSCAR Editor X7\OscarEditor.exe» Minimum
MSCONFIG\startupreg: PC Suite Tray => «C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe» -onlytray
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{A1F3B7EE-8715-4C64-B703-5DC331EB8F48}] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
FirewallRules: [{0A394DB3-8962-465C-8DBA-AB82B38C9E9C}] => C:\Users\Пользователь\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{52BCE2FD-8C74-4D8F-8476-490A76518AD6}] => C:\Users\Пользователь\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{8E4BAF62-627C-4ADF-8E60-DBEB00EB7765}] => C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{D727E8E3-0FFC-4A2D-BB34-12F0AD9A6EB7}] => C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{83643B78-9527-4B48-B782-8EAAD0DDAF04}] => C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{8E9B5C64-C5B8-4DC1-9394-71B4E31E91F2}] => C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{F6E781C2-56C5-40B6-8057-5F3800CC8F98}] => C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{B447E5FD-F807-44CB-AE87-F41968730218}] => C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [TCP Query User{09AE13C3-56F0-4600-B233-9E1C6C761D6D}C:\users\пользователь\appdata\local\mail.ru\gamecenter\gamecenter@mail.ru.exe] => C:\users\пользователь\appdata\local\mail.ru\gamecenter\gamecenter@mail.ru.exe
FirewallRules: [UDP Query User{8858EE3E-0176-4BA9-B9E6-656523FF6C4B}C:\users\пользователь\appdata\local\mail.ru\gamecenter\gamecenter@mail.ru.exe] => C:\users\пользователь\appdata\local\mail.ru\gamecenter\gamecenter@mail.ru.exe
FirewallRules: [{D245C3F5-BF9B-45A4-9DF3-D2EFB2D2905C}] => C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [TCP Query User{22068047-0794-4F80-8D69-561C3C8848A5}C:\users\пользователь\appdata\local\mail.ru\gamecenter\gamecenter@mail.ru.exe] => C:\users\пользователь\appdata\local\mail.ru\gamecenter\gamecenter@mail.ru.exe
FirewallRules: [UDP Query User{8BA1A968-FBE9-4ADE-81E7-484863CC2AD6}C:\users\пользователь\appdata\local\mail.ru\gamecenter\gamecenter@mail.ru.exe] => C:\users\пользователь\appdata\local\mail.ru\gamecenter\gamecenter@mail.ru.exe
FirewallRules: [{079DB4BC-E24D-4735-83CA-933E18B2AB87}] => C:\Users\Пользователь\AppData\Local\Mail.Ru\GameCenter\GameCenter@Mail.Ru.exe
FirewallRules: [{D0587A84-B8B8-48C5-B452-E2610CF4F1A3}] => C:\Users\Пользователь\AppData\Local\Mail.Ru\GameCenter\GameCenter@Mail.Ru.exe
FirewallRules: [{5C32FC70-9E53-4350-B069-142EC66418EC}] => C:\Program Files (x86)\uTorrent\uTorrent.exe
FirewallRules: [{EC61ECB2-15D0-4131-AB99-E4CD47468077}] => C:\Program Files (x86)\uTorrent\uTorrent.exe
FirewallRules: [{E8555E1C-FD64-4FCE-8B06-1194979B02A9}] => C:\Users\Пользователь\AppData\Local\Mail.Ru\GameCenter\GameCenter@Mail.Ru.exe
FirewallRules: [{BA5B8BD5-2348-4505-94E7-31E99982C4D9}] => C:\Users\Пользователь\AppData\Local\Mail.Ru\GameCenter\GameCenter@Mail.Ru.exe
FirewallRules: [{C77CE410-37C5-4881-816A-ABDD0A8018A2}] => D:\GamesMailRu\Warface\Bin32Release\Game.exe
FirewallRules: [{549597B5-20F7-4167-8E4C-2D8B9ECC6225}] => D:\GamesMailRu\Warface\Bin32Release\Game.exe
FirewallRules: [{D4DF4933-09D1-4417-9C94-B19D53D082AF}] => C:\Users\Пользователь\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
FirewallRules: [{D0EEC127-7C7B-4811-887D-EC3FA752D65F}] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Restore Points =========================

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================
Application errors:
==================
Error: (02/11/2017 12:11:17 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query «SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA «Win32_Processor» AND TargetInstance.LoadPercentage > 99″ could not be reactivated in namespace «//./root/CIMV2» because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Error: (02/11/2017 12:10:00 PM) (Source: NvStreamSvc) (EventID: 2001) (User: )
Description: Event-ID 2001
Error: (02/11/2017 12:10:00 PM) (Source: NvStreamSvc) (EventID: 2001) (User: )
Description: Event-ID 2001
Error: (02/11/2017 12:10:00 PM) (Source: NvStreamSvc) (EventID: 2001) (User: )
Description: Event-ID 2001
Error: (02/11/2017 09:10:34 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query «SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA «Win32_Processor» AND TargetInstance.LoadPercentage > 99″ could not be reactivated in namespace «//./root/CIMV2» because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Error: (02/10/2017 06:02:23 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query «SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA «Win32_Processor» AND TargetInstance.LoadPercentage > 99″ could not be reactivated in namespace «//./root/CIMV2» because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Error: (02/09/2017 11:24:33 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query «SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA «Win32_Processor» AND TargetInstance.LoadPercentage > 99″ could not be reactivated in namespace «//./root/CIMV2» because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

System errors:
=============
CodeIntegrity:
===================================
Date: 2016-07-30 08:42:17.093
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.
Date: 2016-07-30 08:42:17.092
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.
Date: 2016-07-30 08:41:57.717
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.
Date: 2016-07-30 08:41:57.717
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.
Date: 2016-07-30 08:41:56.414
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.
Date: 2016-07-30 08:41:56.344
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.
Date: 2016-07-30 08:41:55.425
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.
Date: 2016-07-30 08:41:55.415
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.
Date: 2016-07-05 21:33:59.014
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Password Manager 8.0.4\kldw.exe because the set of per-page image hashes could not be found on the system.
Date: 2016-07-05 21:33:58.987
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Password Manager 8.0.4\kldw.exe because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================
Processor: AMD FX(tm)-4300 Quad-Core Processor
Percentage of memory in use: 30%
Total physical RAM: 8191.18 MB
Available physical RAM: 5674.61 MB
Total Virtual: 20475.36 MB
Available Virtual: 17438.18 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:50.86 GB) (Free:14.37 GB) NTFS
Drive d: (Data) (Fixed) (Total:414.8 GB) (Free:202.95 GB) NTFS
Drive e: (kidenc) (CDROM) (Total:2.63 GB) (Free:0 GB) CDFS
Drive g: () (Removable) (Total:7.42 GB) (Free:1.03 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 0420C600)
Partition 1: (Active) — (Size=100 MB) — (Type=07 NTFS)
Partition 2: (Not Active) — (Size=50.9 GB) — (Type=07 NTFS)
Partition 3: (Not Active) — (Size=414.8 GB) — (Type=OF Extended)
========================================================
Disk: 1 (Size: 7.4 GB) (Disk ID: 6E697373)
No partition Table on disk 1.
==================== End of Addition.txt ============================