как избавиться от вредоносного веб-сайта

 в процессе работы часто вклинивается  объявление КТS 

Kaspersky
Total Security

ДОСТУП ЗАПРЕЩЕН
Запрашиваемый веб-адрес не может быть предоставлен

Веб-адрес:

pluginplus.net/install.php

Заблокирован Веб-Антивирусом

Причина: опасный веб-адрес

Нажмите здесь, если считаете, что веб-страница заблокирована ошибочно.

Способ обнаружения: базы. 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 16-09-2016
Ran by Пользователь (administrator) on MEGA (16-09-2016 21:20:14)
Running from D:\Загрузки
Loaded Profiles: Пользователь (Available Profiles: Пользователь)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: Русский (Россия)
Internet Explorer Version 8 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.1\avp.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Intel(R) Corporation) C:\Program Files\Intel\BCA\pabeSvc64.exe
(Mail.Ru) C:\Program Files (x86)\Mail.Ru\Update Service\mrupdsrv.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.31.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.31.5\GoogleCrashHandler64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(McAfee, Inc.) C:\Program Files\TrueKey\McAfee.TrueKey.Service.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(© 2015 Microsoft Corporation) C:\Users\Пользователь\AppData\Local\Microsoft\BingSvc\BingSvc.exe
(BitTorrent Inc.) C:\Users\Пользователь\AppData\Roaming\uTorrent\uTorrent.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(LLC Mail.Ru) C:\Users\Пользователь\AppData\Local\Mail.Ru\GameCenter\GameCenter@Mail.Ru.exe
(McAfee, Inc.) C:\Program Files\TrueKey\McTkSchedulerService.exe
(Mail.Ru) C:\Program Files (x86)\Mail.Ru\MailRuUpdater\MailRuUpdater.exe
(YANDEX LLC) C:\Program Files (x86)\Yandex\YandexBrowser\16.7.1.20936\service_update.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.1\avpui.exe
(LLC Mail.Ru) C:\Users\Пользователь\AppData\Local\Mail.Ru\GameCenter\GameCenter@Mail.Ru.exe
(YANDEX LLC) C:\Users\Пользователь\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
(YANDEX LLC) C:\Users\Пользователь\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
(YANDEX LLC) C:\Users\Пользователь\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
(YANDEX LLC) C:\Users\Пользователь\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
(YANDEX LLC) C:\Users\Пользователь\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
(YANDEX LLC) C:\Users\Пользователь\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
(YANDEX LLC) C:\Users\Пользователь\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
(YANDEX LLC) C:\Users\Пользователь\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
(YANDEX LLC) C:\Users\Пользователь\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
(YANDEX LLC) C:\Users\Пользователь\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Crytek GmbH) D:\GamesMailRu\Warface\Bin32Release\Game.exe
() C:\Program Files (x86)\PCRadio\PCRADIO.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Farbar) D:\Загрузки\FRST64 (4).exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\…\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2585744 2015-10-13] (NVIDIA Corporation)
HKLM\…\Run: [ShadowPlay] => C:\Windows\system32\nvspcap64.dll [1514528 2015-10-13] (NVIDIA Corporation)
HKU\S-1-5-21-4011927263-3324289307-1760038168-1000\…\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8891608 2016-07-13] (Piriform Ltd)
HKU\S-1-5-21-4011927263-3324289307-1760038168-1000\…\Run: [BingSvc] => C:\Users\Пользователь\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2015-11-12] (© 2015 Microsoft Corporation)
HKU\S-1-5-21-4011927263-3324289307-1760038168-1000\…\Run: [uTorrent] => C:\Users\Пользователь\AppData\Roaming\uTorrent\uTorrent.exe [1142864 2014-12-05] (BitTorrent Inc.)
HKU\S-1-5-21-4011927263-3324289307-1760038168-1000\…\Run: [MailRuUpdater] => C:\Users\Пользователь\AppData\Local\Mail.Ru\MailRuUpdater.exe
HKU\S-1-5-21-4011927263-3324289307-1760038168-1000\…\Run: [GameCenterMailRu] => C:\Users\Пользователь\AppData\Local\Mail.Ru\GameCenter\GameCenter@Mail.Ru.exe [5486496 2016-09-16] (LLC Mail.Ru)
Lsa: [Notification Packages] scecli C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\..\Interfaces\{DA0DAD3F-8714-42B0-A948-7E419F26C095}: [NameServer] 80.82.32.9,80.82.33.65

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-4011927263-3324289307-1760038168-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://mail.ru/cnt/10445?gp=820323
SearchScopes: HKU\S-1-5-21-4011927263-3324289307-1760038168-1000 -> DefaultScope {FFEBBF0A-C22C-4172-89FF-45215A135AC7} URL = hxxp://go.mail.ru/distib/ep/?q={SearchTerms}&product_id=%7B9D1D88C4-3D39-4459-96A6-A1B0BA8B2001%7D&gp=820333
SearchScopes: HKU\S-1-5-21-4011927263-3324289307-1760038168-1000 -> 5AC25DAC72072DB8F69E28028DBA1BBC URL = hxxp://www.bing.com/search?FORM=SK2MDF&PC=SK2M&q={searchTerms}&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-4011927263-3324289307-1760038168-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://yandex.ru/search/?win=191&clid=2105524-500&text={searchTerms}
SearchScopes: HKU\S-1-5-21-4011927263-3324289307-1760038168-1000 -> {FFEBBF0A-C22C-4172-89FF-45215A135AC7} URL = hxxp://go.mail.ru/distib/ep/?q={SearchTerms}&product_id=%7B9D1D88C4-3D39-4459-96A6-A1B0BA8B2001%7D&gp=820333
BHO: Kaspersky Protection -> {03993315-5CE9-4F00-8790-D14A94F1D91A} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.1\x64\IEExt\ie_plugin.dll [2015-12-22] (AO Kaspersky Lab)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2014-12-05] (Oracle Corporation)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2014-12-05] (Oracle Corporation)
BHO: Kaspersky Password Manager -> {F710F7E5-A520-471D-989C-F653AC328FB2} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Password Manager 8.0.4\x64\ie_engine.dll [2015-12-11] (AO Kaspersky Lab)
BHO-x32: Kaspersky Protection -> {03993315-5CE9-4F00-8790-D14A94F1D91A} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.1\IEExt\ie_plugin.dll [2015-12-22] (AO Kaspersky Lab)
BHO-x32: True Key Helper -> {0F4B8786-5502-4803-8EBC-F652A1153BB6} -> C:\Program Files\Intel Security\True Key\MSIE\truekey_ie.dll [2016-08-26] (Intel Security)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2014-12-05] (Oracle Corporation)
BHO-x32: AlterGeoBHO Class -> {9BFBA68E-E21B-458E-AE12-FE85E903D2C0} -> C:\Program Files (x86)\AlterGeo\Html5 geolocation provider\npHtml5loc.dll => No File
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)
BHO-x32: No Name -> {B69F34DD-F0F9-42DC-9EDD-957187DA688D} -> No File
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2014-12-05] (Oracle Corporation)
BHO-x32: Kaspersky Password Manager -> {F710F7E5-A520-471D-989C-F653AC328FB2} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Password Manager 8.0.4\ie_engine.dll [2015-12-11] (AO Kaspersky Lab)
Toolbar: HKLM — Kaspersky Protection Toolbar — {001032CB-B0AC-4F2C-A650-AD4B2B26E5DA} — C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.1\x64\IEExt\ie_plugin.dll [2015-12-22] (AO Kaspersky Lab)
Toolbar: HKLM-x32 — Kaspersky Protection Toolbar — {001032CB-B0AC-4F2C-A650-AD4B2B26E5DA} — C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.1\IEExt\ie_plugin.dll [2015-12-22] (AO Kaspersky Lab)
Toolbar: HKLM-x32 — True Key — {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} — C:\Program Files\Intel Security\True Key\MSIE\truekey_ie.dll [2016-08-26] (Intel Security)
Toolbar: HKU\S-1-5-21-4011927263-3324289307-1760038168-1000 -> No Name — {91397D20-1446-11D4-8AF4-0040CA1127B6} — No File
Handler: skypec2c — {91774881-D725-4E58-B298-07617B9B86A8} — C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation)
Handler-x32: skypec2c — {91774881-D725-4E58-B298-07617B9B86A8} — C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)
Filter: deflate — {8f6b0360-b80d-11d0-a9b3-006097942311} — C:\Windows\system32\urlmon.dll [2010-11-21] (Microsoft Corporation)
Filter-x32: deflate — {8f6b0360-b80d-11d0-a9b3-006097942311} — C:\Windows\SysWOW64\urlmon.dll [2010-11-21] (Microsoft Corporation)
Filter: gzip — {8f6b0360-b80d-11d0-a9b3-006097942311} — C:\Windows\system32\urlmon.dll [2010-11-21] (Microsoft Corporation)
Filter-x32: gzip — {8f6b0360-b80d-11d0-a9b3-006097942311} — C:\Windows\SysWOW64\urlmon.dll [2010-11-21] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\Пользователь\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default
FF NewTab: yafd:tabs
FF DefaultSearchEngine: Google
FF SelectedSearchEngine: Поиск@Mail.Ru
FF Homepage: about:home
FF Keyword.URL: hxxp://go.mail.ru/distib/ep/?product_id=%7B9F950E03-3A9D-43F5-A1C4-B18B137F4AA8%7D&gp=820333
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_23_0_0_162.dll [2016-09-13] ()
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2013-04-02] (Foxit Corporation)
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2013-04-02] (Foxit Corporation)
FF Plugin: @java.com/DTPlugin,version=10.45.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-12-05] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2014-12-05] (Oracle Corporation)
FF Plugin-x32: @adobe.com/AuthorwarePlayer -> C:\Windows\system32\Macromed\AUTHORWA\np32asw.dll [No File]FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_23_0_0_162.dll [2016-09-13] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1207148.dll [No File]FF Plugin-x32: @altergeo.ru/Html5loc -> C:\Program Files (x86)\AlterGeo\Html5 geolocation provider\npHtml5loc.dll [No File]FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2013-04-02] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2013-04-02] (Foxit Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-12-05] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2014-12-05] (Oracle Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-10-13] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-10-13] (NVIDIA Corporation)
FF Plugin-x32: @raidcall.en/RCplugin -> C:\Users\Пользователь\AppData\Roaming\raidcall\plugins\nprcplugin.dll [2015-03-18] (Raidcall)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2013-05-11] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-4011927263-3324289307-1760038168-1000: @mail.ru/GameCenter -> C:\Users\Пользователь\AppData\Local\Mail.Ru\GameCenter\NPDetector.dll [2016-09-13] (LLC Mail.Ru)
FF user.js: detected! => C:\Users\Пользователь\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\user.js [2015-12-07]FF SearchPlugin: C:\Users\Пользователь\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\searchplugins\mailru.xml [2016-06-23]FF SearchPlugin: C:\Users\Пользователь\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\searchplugins\yandex.ru-121647.xml [2015-01-05]FF Extension: (&Yandex Elements&) — C:\Users\Пользователь\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\yasearch@yandex.ru.xpi [2015-12-07]FF Extension: (Visual Bookmarks) — C:\Users\Пользователь\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\vb@yandex.ru.xpi [2015-12-07] [not signed]FF Extension: (HTML5 location provider) — C:\Users\Пользователь\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\{B100D0FF-0001-8CE4-2790-AACE49B8AE35} [2015-02-08] [not signed]FF Extension: (Визуальные закладки @Mail.Ru) — C:\Users\Пользователь\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7} [2015-12-26]FF Extension: (No Name) — C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 16.0.0\FFExt\light_plugin_firefox [not found]FF Extension: (Домашняя страница Mail.Ru) — C:\Users\Пользователь\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\Extensions\homepage@mail.ru [2016-06-23]FF Extension: (Поиск@Mail.Ru) — C:\Users\Пользователь\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\Extensions\search@mail.ru [2016-06-23]FF HKLM-x32\…\Firefox\Extensions: [light_plugin_ACF0E80077C511E59DED005056C00008@kaspersky.com] — C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.1\FFExt\light_plugin_firefox\addon.xpi
FF Extension: (Kaspersky Protection) — C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.1\FFExt\light_plugin_firefox\addon.xpi [2016-08-16]

Chrome:
=======
CHR HomePage: Default -> mail.ru/cnt/11956636?rciguc__PARAM__
CHR StartupUrls: Default -> «hxxp://www.yandex.ru/?win=45&clid=1969031″,»hxxp://mail.yandex.ru/?win=50&clid=187997″,»hxxp://www.google.ru/»,»hxxp://mail.ru/cnt/10445?gp=820323″
CHR DefaultSearchURL: Default -> hxxps://inline.go.mail.ru/search?inline_comp=dse&q={searchTerms}&fr=chxtn12.0.8
CHR DefaultSearchKeyword: Default -> mail.ru
CHR DefaultSuggestURL: Default -> hxxp://suggests.go.mail.ru/chrome?q={searchTerms}
CHR Profile: C:\Users\Пользователь\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Mail.Ru) — C:\Users\Пользователь\AppData\Local\Google\Chrome\User Data\Default\Extensions\ahnphcmhmhcjjcjhmnnjjlbmaeljecga [2016-06-23]CHR Extension: (Яндекс) — C:\Users\Пользователь\AppData\Local\Google\Chrome\User Data\Default\Extensions\emdfomeimchipjggcigmbmeocjncbdgo [2016-09-15]CHR Extension: (Яндекс) — C:\Users\Пользователь\AppData\Local\Google\Chrome\User Data\Default\Extensions\laddjijkcfpakbbnnedbhnnciecidncp [2016-09-16]CHR Extension: (Стартовая — Яндекс) — C:\Users\Пользователь\AppData\Local\Google\Chrome\User Data\Default\Extensions\lalfiodohdgaejjccfgfmmngggpplmhp [2016-07-29]CHR Extension: (Kaspersky Protection) — C:\Users\Пользователь\AppData\Local\Google\Chrome\User Data\Default\Extensions\lpeeaghdjmhlakojjcgfdhgcejdaefmi [2016-07-30]CHR Extension: (Менеджер браузеров) — C:\Users\Пользователь\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgkbofmmnlpcojllljenlamflhidfkna [2015-10-24]CHR Extension: (Яндекс) — C:\Users\Пользователь\AppData\Local\Google\Chrome\User Data\Default\Extensions\nehapofakghljopfegjogpgpeljkhjjn [2016-08-21]CHR Extension: (Платежная система Интернет-магазина Chrome) — C:\Users\Пользователь\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-02]CHR Extension: (Визуальные закладки) — C:\Users\Пользователь\AppData\Local\Google\Chrome\User Data\Default\Extensions\pchfckkccldkbclgdepkaonamkignanh [2016-08-22]CHR Extension: (Chrome Media Router) — C:\Users\Пользователь\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-09-15]CHR HKLM\…\Chrome\Extension: [lpeeaghdjmhlakojjcgfdhgcejdaefmi] — hxxps://chrome.google.com/webstore/detail/lpeeaghdjmhlakojjcgfdhgcejdaefmi
CHR HKU\S-1-5-21-4011927263-3324289307-1760038168-1000\SOFTWARE\Google\Chrome\Extensions\…\Chrome\Extension: [gebpdbfmpedcnopofelmhndhincfkhki] — hxxps://chrome.google.com/webstore/detail/gebpdbfmpedcnopofelmhndhincfkhki
CHR HKLM-x32\…\Chrome\Extension: [ahnphcmhmhcjjcjhmnnjjlbmaeljecga] — hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\…\Chrome\Extension: [ehfjihahbphdpljpiadbkmgmhnfehhgi] — hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\…\Chrome\Extension: [jdkihdhlegcdggknokfekoemkjjnjhgi] — hxxp://clients2.google.com/service/update2/crx
CHR HKLM-x32\…\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] — C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2015-05-01]CHR HKLM-x32\…\Chrome\Extension: [lpeeaghdjmhlakojjcgfdhgcejdaefmi] — hxxps://chrome.google.com/webstore/detail/lpeeaghdjmhlakojjcgfdhgcejdaefmi

Opera:
=======
OPR StartupUrls: «hxxp://www.yandex.ru/?win=153&clid=1987499»

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AVP16.0.1; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.1\avp.exe [236928 2015-12-22] (AO Kaspersky Lab)
S4 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1394816 2015-05-01] (Microsoft Corporation)
S3 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1772672 2015-05-01] (Microsoft Corporation)
S3 defragsvc; C:\Windows\System32\defragsvc.dll [291328 2009-07-14] (Корпорация Майкрософт)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148560 2015-10-13] (NVIDIA Corporation)
R2 IntelBCAsvc; C:\Program Files\Intel\BCA\pabeSvc64.exe [3036312 2016-07-28] (Intel(R) Corporation)
S3 klvssbrigde64; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.1\x64\vssbridge64.exe [152488 2015-12-22] (AO Kaspersky Lab)
R2 mrupdsrv; C:\Program Files (x86)\Mail.Ru\Update Service\mrupdsrv.exe [2187992 2016-06-01] (Mail.Ru)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1706128 2015-10-13] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [21833360 2015-10-13] (NVIDIA Corporation)
S3 ServiceLayer; C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe [615936 2010-06-14] (Nokia) [File not signed]R2 TrueKey; C:\Program Files\TrueKey\McAfee.TrueKey.Service.exe [922152 2016-08-25] (McAfee, Inc.)
R2 TrueKeyScheduler; C:\Program Files\TrueKey\McTkSchedulerService.exe [16248 2016-08-25] (McAfee, Inc.)
S3 TrueKeyServiceHelper; C:\Program Files\TrueKey\McAfee.TrueKey.ServiceHelper.Exe [86864 2016-08-25] (McAfee, Inc.)
R2 Updater.Mail.Ru; C:\Program Files (x86)\Mail.Ru\MailRuUpdater\MailRuUpdater.exe [4157656 2016-09-12] (Mail.Ru)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)
S3 WPCSvc; C:\Windows\System32\wpcsvc.dll [12288 2009-07-14] (Корпорация Майкрософт)
S3 WPCSvc; C:\Windows\SysWOW64\wpcsvc.dll [10752 2009-07-14] (Корпорация Майкрософт)
R2 YandexBrowserService; C:\Program Files (x86)\Yandex\YandexBrowser\16.7.1.20936\service_update.exe [768320 2016-08-08] (YANDEX LLC)
S2 InstallerService; C:\Program Files\TrueKey\Mcafee.TrueKey.InstallerService.exe [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 amdide64; C:\Windows\System32\DRIVERS\amdide64.sys [11944 2012-12-04] (Advanced Micro Devices Inc.)
R0 asstor64; C:\Windows\System32\DRIVERS\asstor64.sys [77600 2014-03-26] (Asmedia Technology)
R0 cm_km; C:\Windows\System32\DRIVERS\cm_km.sys [389816 2015-07-06] (Kaspersky Lab ZAO)
R3 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2016-02-13] (DT Soft Ltd)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R2 inpoutx64; C:\Windows\System32\Drivers\inpoutx64.sys [15008 2016-09-06] (Highresolution Enterprises [www.highrez.co.uk])
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [478392 2015-09-11] (Kaspersky Lab ZAO)
R0 klbackupdisk; C:\Windows\System32\DRIVERS\klbackupdisk.sys [53432 2015-06-06] (Kaspersky Lab ZAO)
R1 klbackupflt; C:\Windows\System32\DRIVERS\klbackupflt.sys [79240 2015-12-01] (AO Kaspersky Lab)
R2 kldisk; C:\Windows\System32\DRIVERS\kldisk.sys [78200 2015-12-02] (AO Kaspersky Lab)
R3 klflt; C:\Windows\System32\DRIVERS\klflt.sys [182152 2015-12-11] (AO Kaspersky Lab)
R1 klhk; C:\Windows\System32\DRIVERS\klhk.sys [236888 2016-08-16] (AO Kaspersky Lab)
R3 klids; C:\ProgramData\Kaspersky Lab\AVP16.0.1\Bases\klids.sys [182360 2016-09-16] (AO Kaspersky Lab)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [1001304 2016-08-16] (AO Kaspersky Lab)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [50776 2016-04-29] (AO Kaspersky Lab)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [52608 2015-11-11] (AO Kaspersky Lab)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [41648 2015-06-07] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [45960 2015-12-07] (AO Kaspersky Lab)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [65208 2015-06-11] (Kaspersky Lab ZAO)
R1 Klwtp; C:\Windows\System32\DRIVERS\klwtp.sys [110424 2016-08-16] (AO Kaspersky Lab)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [194440 2015-12-03] (AO Kaspersky Lab)
R0 mountmgr; C:\Windows\System32\drivers\mountmgr.sys [94592 2010-11-21] (Корпорация Майкрософт)
S3 nmwcdcx64; C:\Windows\System32\drivers\ccdcmbox64.sys [25088 2010-02-26] (Nokia)
S3 nmwcdx64; C:\Windows\System32\drivers\ccdcmbx64.sys [19456 2010-02-26] (Nokia)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2015-10-13] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38032 2015-10-13] (NVIDIA Corporation)
R3 rusb3hub; C:\Windows\System32\DRIVERS\rusb3hub.sys [114568 2012-08-27] (Renesas Electronics Corporation)
R3 rusb3xhc; C:\Windows\System32\DRIVERS\rusb3xhc.sys [230280 2012-08-27] (Renesas Electronics Corporation)
S3 UsbserFilt; C:\Windows\System32\DRIVERS\usbser_lowerfltx64j.sys [9216 2010-02-26] (Nokia)
R0 volmgrx; C:\Windows\System32\drivers\volmgrx.sys [363392 2010-11-21] (Корпорация Майкрософт)
S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-09-13 12:42 — 2016-09-13 12:42 — 00002225 _____ C:\Users\Пользователь\Desktop\Игровой центр Mail.Ru.lnk
2016-09-13 12:42 — 2016-09-13 12:42 — 00000000 ____D C:\Users\Пользователь\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mail.Ru
2016-09-13 12:42 — 2016-09-13 12:42 — 00000000 ____D C:\Users\Пользователь\AppData\Local\Mail.Ru
2016-09-13 12:37 — 2016-09-13 12:37 — 00000000 ____D C:\Users\Все пользователи\Mail.Ru
2016-09-13 12:37 — 2016-09-13 12:37 — 00000000 ____D C:\ProgramData\Mail.Ru
2016-09-12 21:44 — 2016-09-12 21:47 — 00000000 ____D C:\Users\Пользователь\Desktop\Новая папка
2016-09-06 17:01 — 2016-09-06 17:01 — 00015008 _____ (Highresolution Enterprises [www.highrez.co.uk]) C:\Windows\system32\Drivers\inpoutx64.sys
2016-09-06 17:01 — 2011-01-20 01:07 — 00098304 _____ (Highresolution Enterprises) C:\Windows\SysWOW64\inpout32.dll
2016-09-06 16:22 — 2016-09-16 21:20 — 00000000 ____D C:\FRST
2016-09-03 22:47 — 2016-09-03 22:47 — 00000000 ____D C:\Users\Все пользователи\Malwarebytes
2016-09-03 22:47 — 2016-09-03 22:47 — 00000000 ____D C:\ProgramData\Malwarebytes
2016-08-29 20:39 — 2016-08-29 20:39 — 00000260 _____ C:\Windows\SysWOW64\Drivers\vwifikerneldrv.sys
2016-08-29 20:39 — 2016-08-29 20:39 — 00000260 _____ C:\Windows\SysWOW64\d3dx9_11.dll.tmp
2016-08-29 20:39 — 2016-08-29 20:39 — 00000260 _____ C:\Users\Все пользователи\fontcacheev1.dat
2016-08-29 20:39 — 2016-08-29 20:39 — 00000260 _____ C:\ProgramData\fontcacheev1.dat
2016-08-29 20:27 — 2016-09-13 09:01 — 00000000 ____D C:\AdwCleaner
2016-08-22 21:42 — 2016-08-22 21:42 — 00001855 _____ C:\Users\Пользователь\Desktop\RCGamebox.lnk

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-09-16 21:20 — 2014-12-05 16:28 — 00000000 ____D C:\Users\Пользователь\AppData\Roaming\uTorrent
2016-09-16 21:14 — 2016-07-02 03:37 — 00000970 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-09-16 21:07 — 2011-04-12 16:26 — 00736180 _____ C:\Windows\system32\perfh019.dat
2016-09-16 21:07 — 2011-04-12 16:26 — 00155888 _____ C:\Windows\system32\perfc019.dat
2016-09-16 21:07 — 2009-07-14 08:13 — 01682974 _____ C:\Windows\system32\PerfStringBackup.INI
2016-09-16 21:07 — 2009-07-14 06:20 — 00000000 ____D C:\Windows\inf
2016-09-16 20:56 — 2016-06-23 20:45 — 00000258 __RSH C:\Users\Пользователь\ntuser.pol
2016-09-16 20:56 — 2014-12-05 16:03 — 00000000 ____D C:\Users\Пользователь
2016-09-16 20:55 — 2016-06-23 20:45 — 00001506 __RSH C:\Users\Все пользователи\ntuser.pol
2016-09-16 20:55 — 2016-06-23 20:45 — 00001506 __RSH C:\ProgramData\ntuser.pol
2016-09-16 20:28 — 2014-12-05 16:45 — 00000896 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-09-16 20:16 — 2014-12-05 16:59 — 00000000 ____D C:\Users\Все пользователи\Kaspersky Lab
2016-09-16 20:16 — 2014-12-05 16:59 — 00000000 ____D C:\ProgramData\Kaspersky Lab
2016-09-16 19:24 — 2016-08-07 09:24 — 00000470 _____ C:\Windows\Tasks\Системное обновление Браузера Яндекс.job
2016-09-16 18:14 — 2016-07-02 03:37 — 00000966 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-09-16 17:54 — 2015-10-19 19:05 — 00003424 _____ C:\Windows\System32\Tasks\Обновление Браузера Яндекс
2016-09-16 17:54 — 2015-10-19 19:05 — 00000426 _____ C:\Windows\Tasks\Обновление Браузера Яндекс.job
2016-09-16 16:03 — 2009-07-14 07:45 — 00021072 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-09-16 16:03 — 2009-07-14 07:45 — 00021072 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-09-16 15:55 — 2016-08-07 09:24 — 00003562 _____ C:\Windows\System32\Tasks\Системное обновление Браузера Яндекс
2016-09-16 15:54 — 2014-12-05 16:15 — 00000000 ____D C:\Users\Все пользователи\NVIDIA
2016-09-16 15:54 — 2014-12-05 16:15 — 00000000 ____D C:\ProgramData\NVIDIA
2016-09-16 15:54 — 2009-07-14 08:08 — 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-09-15 09:22 — 2016-07-06 19:24 — 00002181 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-09-15 09:22 — 2016-07-02 03:43 — 00002193 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-09-14 15:33 — 2016-08-08 15:42 — 00000000 ____D C:\Program Files (x86)\McAfee
2016-09-14 15:33 — 2016-08-08 11:22 — 00000000 ____D C:\Program Files\TrueKey
2016-09-14 08:16 — 2016-08-08 15:42 — 00001198 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\True Key.lnk
2016-09-13 15:28 — 2014-12-05 16:45 — 00003834 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-09-13 15:28 — 2014-12-05 16:41 — 00000000 ____D C:\Windows\system32\Macromed
2016-09-13 15:28 — 2014-12-05 16:33 — 00000000 ____D C:\Windows\SysWOW64\Macromed
2016-09-13 15:28 — 2013-12-11 06:00 — 00796352 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-09-13 15:28 — 2013-12-11 06:00 — 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-09-13 12:42 — 2016-07-05 20:51 — 00000406 _____ C:\Users\Пользователь\Desktop\Warface.url
2016-09-12 22:53 — 2014-12-05 21:07 — 00000000 ____D C:\Program Files (x86)\Kerish Doctor
2016-09-12 22:40 — 2014-12-05 16:30 — 00000000 ____D C:\Users\Пользователь\AppData\Roaming\vlc
2016-09-12 10:25 — 2015-09-18 17:45 — 00000000 ____D C:\Users\Пользователь\AppData\LocalLow\uTorrent
2016-09-10 23:12 — 2016-03-28 22:43 — 00000958 _____ C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job
2016-09-10 23:09 — 2014-12-05 17:02 — 00000000 ____D C:\Users\Пользователь\AppData\Roaming\Skype
2016-09-06 22:15 — 2014-12-06 19:37 — 00000000 ____D C:\Users\Пользователь\AppData\Local\ElevatedDiagnostics
2016-09-06 22:15 — 2009-07-14 06:20 — 00000000 ____D C:\Windows\system32\NDF
2016-09-02 21:30 — 2016-02-10 12:17 — 00000000 ___SD C:\Users\Пользователь\AppData\LocalLow\Temp
2016-09-02 20:38 — 2016-02-24 17:55 — 00003114 _____ C:\Windows\System32\Tasks\MailRuUpdater
2016-08-31 12:16 — 2009-07-14 08:08 — 00032612 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2016-08-30 14:11 — 2014-12-05 16:43 — 00000000 ____D C:\Users\Все пользователи\Package Cache
2016-08-30 14:11 — 2014-12-05 16:43 — 00000000 ____D C:\ProgramData\Package Cache
2016-08-27 20:21 — 2016-01-11 10:04 — 00000000 ____D C:\Users\Пользователь\AppData\Local\NVIDIA Corporation
2016-08-21 17:44 — 2016-08-08 15:42 — 00000000 ____D C:\Users\Пользователь\AppData\Local\tkdata
2016-08-21 17:44 — 2014-12-05 16:33 — 00000000 ____D C:\Program Files\CCleaner

==================== Files in the root of some directories =======

2014-12-05 16:11 — 2014-12-05 16:11 — 0000000 ____H () C:\ProgramData\DP45977C.lfl
2016-08-29 20:39 — 2016-08-29 20:39 — 0000260 _____ () C:\ProgramData\fontcacheev1.dat
2015-09-11 21:24 — 2015-09-11 21:24 — 0000016 _____ () C:\ProgramData\mntemp
2015-09-11 21:24 — 2015-09-11 21:24 — 0004105 _____ () C:\ProgramData\wmzddnmb.cix

Files to move or delete:
====================
C:\ProgramData\fontcacheev1.dat
C:\Users\Все пользователи\fontcacheev1.dat

Some files in TEMP:
====================
C:\Users\Пользователь\AppData\Local\Temp\downloader_upd.exe
C:\Users\Пользователь\AppData\Local\Temp\libeay32.dll
C:\Users\Пользователь\AppData\Local\Temp\msvcr120.dll
C:\Users\Пользователь\AppData\Local\Temp\sqlite3.dll

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2016-09-15 16:24

==================== End of FRST.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 16-09-2016
Ran by Пользователь (16-09-2016 21:21:32)
Running from D:\Загрузки
Windows 7 Ultimate Service Pack 1 (X64) (2014-12-05 13:03:36)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

ASPNET (S-1-5-21-4011927263-3324289307-1760038168-1002 — Limited — Enabled)
Администратор (S-1-5-21-4011927263-3324289307-1760038168-500 — Administrator — Disabled)
Гость (S-1-5-21-4011927263-3324289307-1760038168-501 — Limited — Disabled)
Пользователь (S-1-5-21-4011927263-3324289307-1760038168-1000 — Administrator — Enabled) => C:\Users\Пользователь

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Kaspersky Total Security (Enabled — Up to date) {86367591-4BE4-AE08-2FD9-7FCB8259CD98}
AS: Kaspersky Total Security (Enabled — Up to date) {3D579475-6DDE-A186-1569-44B9F9DE8725}
AS: Windows Defender (Enabled — Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Total Security (Enabled) {BE0DF4B4-018B-AF50-0486-D6FE7C8A8AE3}

==================== Installed Programs ======================

(Only the adware programs with «Hidden» flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-4011927263-3324289307-1760038168-1000\…\uTorrent) (Version: 3.3.2.30416 — BitTorrent Inc.)
ABBYY FineReader 11 Corporate Edition (HKLM-x32\…\{F1100000-0007-0000-0000-074957833700}) (Version: 11.0.289 — ABBYY)
Adobe Flash Player 23 ActiveX (HKLM-x32\…\Adobe Flash Player ActiveX) (Version: 23.0.0.162 — Adobe Systems Incorporated)
Adobe Flash Player 23 NPAPI (HKLM-x32\…\Adobe Flash Player NPAPI) (Version: 23.0.0.162 — Adobe Systems Incorporated)
Adobe Flash Player 23 PPAPI (HKLM-x32\…\Adobe Flash Player PPAPI) (Version: 23.0.0.162 — Adobe Systems Incorporated)
Adobe Reader XI (11.0.03) — Russian (HKLM-x32\…\{AC76BA86-7AD7-1049-7B44-AB0000000001}) (Version: 11.0.03 — Adobe Systems Incorporated)
Adobe Shockwave Player + Authorware Web Player (HKLM-x32\…\Adobe Shockwave Player + Authorware Web Player) (Version: v12.0.7.148 — Adobe Systems, Inc.)
Adobe Update version 1.0 (HKLM-x32\…\{A676F2B7-54DE-49B0-A2F0-6DB40CC85984}_is1) (Version: 1.0 — Adobe System Incorporated)
AIMP v2.61 Build 583 (HKLM-x32\…\AIMP2_is1) (Version: v2.61 Build 583 — © Habetdin)
Ashampoo Burning Studio 6 FREE v.6.84 (HKLM-x32\…\Ashampoo Burning Studio 6 FREE_is1) (Version: 6.8.4 — Ashampoo GmbH & Co. KG)
CCleaner (HKLM\…\CCleaner) (Version: 5.20 — Piriform)
DAEMON Tools Pro 5.3.0.0359 (HKLM\…\DAEMON Tools Pro_is1) (Version: 5.3.0.0359 — l-rePack®)
FastStone Image Viewer (HKLM-x32\…\FastStone Image Viewer) (Version: 4.6 — FastStone Soft)
Foxit Reader 6.0.3.524 (HKLM\…\Foxit Reader) (Version: v 6.0.3.524 — oszone.net)
Google Chrome (HKLM-x32\…\{FD78FCBB-B20E-370E-BA1C-FE6886D4214F}) (Version: 53.0.2785.116 — Google, Inc.)
Google Update Helper (x32 Version: 1.3.31.5 — Google Inc.) Hidden
Html5 geolocation provider (HKLM-x32\…\{D492942E-9368-48D9-BB8B-68E8E4CE2D43}) (Version: 3.8.0.912 — AlterGeo)
ICE Book Reader Professional (HKLM-x32\…\ICE Book Reader Professional) (Version: 9.1.0 — )
Intel Security True Key (HKLM\…\TrueKey) (Version: 4.6.129.1 — Intel Security)
Java 7 Update 45 (64-bit) (HKLM\…\{26A24AE4-039D-4CA4-87B4-2F86417045FF}) (Version: 7.0.450 — Oracle)
Java 7 Update 45 (HKLM-x32\…\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.450 — Oracle)
Java SE Development Kit 7 Update 45 (64-bit) (HKLM\…\{64A3A4F4-B792-11D6-A78A-00B0D0170450}) (Version: 1.7.0.450 — Oracle)
Java SE Development Kit 7 Update 45 (HKLM-x32\…\{32A3A4F4-B792-11D6-A78A-00B0D0170450}) (Version: 1.7.0.450 — Oracle)
Kaspersky Password Manager (HKLM-x32\…\InstallWIX_{F46A1003-7E9A-418C-8149-C6AF1EAF6B89}) (Version: 8.0.4.394 — Kaspersky Lab)
Kaspersky Password Manager (x32 Version: 8.0.4.394 — Kaspersky Lab) Hidden
Kaspersky Total Security (HKLM-x32\…\InstallWIX_{F575F386-57EF-4943-B003-A13F13B05EEB}) (Version: 16.0.1.445 — Лаборатория Касперского)
Kaspersky Total Security (x32 Version: 16.0.1.445 — Лаборатория Касперского) Hidden
K-Lite Mega Codec Pack 9.9.5 (HKLM-x32\…\KLiteCodecPack_is1) (Version: 9.9.5 — )
Light Alloy 4.7.6.799 (HKLM-x32\…\Light Alloy) (Version: 4.7.6.799 — )
Microsoft .NET Framework 1.1 Security Update (KB2698023) (HKLM-x32\…\M2698023) (Version: — )
Microsoft .NET Framework 1.1 Service Pack 1 (HKLM-x32\…\M2833941) (Version: — )
Microsoft .NET Framework 1.1 Service Pack 1 (HKLM-x32\…\Microsoft .NET Framework 1.1 (1033)) (Version: — Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\…\{92FB6C44-E685-45AD-9B20-CADF4CABA132} — 1033) (Version: 4.5.51209 — Microsoft Corporation)
Microsoft Office Стандартный 2007 (HKLM-x32\…\STANDARD) (Version: 12.0.4518.1014 — Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable — x64 8.0.61000 (HKLM\…\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 — Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable — x86 8.0.61001 (HKLM-x32\…\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 — Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable — x64 9.0.30729.6161 (HKLM\…\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 — Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable — x86 9.0.30729.6161 (HKLM-x32\…\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 — Microsoft Corporation)
Microsoft Visual C++ 2010 Redistributable — x64 10.0.40219 (HKLM\…\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 — Microsoft Corporation)
Microsoft Visual C++ 2010 Redistributable — x86 10.0.40219 (HKLM-x32\…\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 — Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) — 11.0.61030 (HKLM-x32\…\{a2199617-3609-410f-a8e8-e8806c73545b}) (Version: 11.0.61030.0 — Корпорация Майкрософт)
Microsoft Visual C++ 2012 Redistributable (x86) — 11.0.61030 (HKLM-x32\…\{f0080ca2-80ae-4958-b6eb-e8fa916d744a}) (Version: 11.0.61030.0 — Корпорация Майкрософт)
Microsoft Visual C++ 2013 Redistributable (x64) — 12.0.21005 (HKLM-x32\…\{51adbf11-493f-431c-a862-967a0fae2944}) (Version: 12.0.21005.1 — Корпорация Майкрософт)
Microsoft Visual C++ 2013 Redistributable (x86) — 12.0.21005 (HKLM-x32\…\{2af972c7-13b0-4978-92a8-fee26a4fb4e9}) (Version: 12.0.21005.1 — Корпорация Майкрософт)
Mozilla Maintenance Service (HKLM-x32\…\MozillaMaintenanceService) (Version: 44.0 — Mozilla)
MPC-HC 1.7.1.158 (HKLM-x32\…\MPC HomeCinema_is1) (Version: 1.7.1.158 — MPC-HC Team)
MSVC80_x64_v2 (Version: 1.0.3.0 — Nokia) Hidden
MSVC80_x86_v2 (x32 Version: 1.0.3.0 — Nokia) Hidden
Nero Burning ROM (HKLM-x32\…\Nero Burning ROM) (Version: — )
Nokia Connectivity Cable Driver (HKLM-x32\…\{1B9B5B3B-28E7-4E59-A80D-D670AA984514}) (Version: 7.1.29.0 — Nokia)
Nokia PC Suite (HKLM-x32\…\Nokia PC Suite) (Version: 7.1.51.0 — Nokia)
Nokia PC Suite (x32 Version: 7.1.51.0 — Nokia) Hidden
NVIDIA GeForce Experience 2.2.2 (HKLM\…\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.2.2 — NVIDIA Corporation)
NVIDIA Графический драйвер 341.92 (HKLM\…\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 341.92 — NVIDIA Corporation)
NVIDIA Драйвер 3D Vision 341.92 (HKLM\…\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 341.92 — NVIDIA Corporation)
NVIDIA Драйвер контроллера 3D Vision 340.50 (HKLM\…\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 340.50 — NVIDIA Corporation)
NVIDIA Системное программное обеспечение PhysX 9.13.1220 (HKLM\…\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 — NVIDIA Corporation)
OSCAR Editor (HKLM-x32\…\InstallShield_{3C2379D2-337A-4FFA-9017-BDFB80EC0931}) (Version: 12.03.0004 — A4TECH)
OSCAR Editor (x32 Version: 12.03.0004 — A4TECH) Hidden
PC Connectivity Solution (HKLM-x32\…\{089DD780-DB3F-4CDB-A0C2-111360247298}) (Version: 10.24.0.0 — Nokia)
PCRADIO 4.0.5 (HKLM-x32\…\PCRadio_is1) (Version: — pcradio)
QuickTime (HKLM-x32\…\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 — Apple Inc.)
RadioSure (HKU\S-1-5-21-4011927263-3324289307-1760038168-1000\…\RadioSure) (Version: — )
RaidCall (HKLM-x32\…\RaidCall) (Version: 7.3.6-1.2.13009.198 — raidcall.com.ru)
Realtek High Definition Audio Driver (HKLM-x32\…\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7348 — Realtek Semiconductor Corp.)
SAM CoDeC Pack (HKLM\…\SAM CoDeC Pack) (Version: 5.35 — http://www.SamLab.ws)
SHIELD Streaming (Version: 4.0.1000 — NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 17.12.8 — NVIDIA Corporation) Hidden
Skype Click to Call (HKLM-x32\…\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.4.0.9058 — Microsoft Corporation)
Skype™ 7.25 (HKLM-x32\…\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.25.106 — Skype Technologies S.A.)
STDU Viewer Utilities 1.6.160.0 (HKLM\…\STDU Viewer Utilities) (Version: v 1.6.160.0 — liben, oszone.net)
Total Commander 8.01 PowerPack (HKLM-x32\…\Total Commander) (Version: — )
VLC media player 2.1.1 (HKLM-x32\…\VLC media player) (Version: 2.1.1 — VideoLAN)
Warface (HKU\S-1-5-21-4011927263-3324289307-1760038168-1000\…\Warface) (Version: 1.166 — Mail.Ru)
WarfaceLoader, версия 1.8 (HKLM-x32\…\{6860B37E-5EF3-4F62-B496-A4278EFCCAFB}_is1) (Version: 1.8 — )
WarfacePts (HKU\S-1-5-21-4011927263-3324289307-1760038168-1000\…\WarfacePts) (Version: 1.63 — Mail.Ru)
WinRAR 5.01 (64-разрядная) (HKLM\…\WinRAR Archiver) (Version: 5.0.1.0 — win.rar GmbH)
Yandex (HKU\S-1-5-21-4011927263-3324289307-1760038168-1000\…\YandexBrowser) (Version: 16.7.1.20936 — ООО «ЯНДЕКС»)
Игровой центр (HKU\S-1-5-21-4011927263-3324289307-1760038168-1000\…\GameCenterMailRu) (Version: 3.1230 — ООО «Мэйл.Ру Геймз»)
Менеджер браузеров (x32 Version: 2.3.0.619 — Яндекс) Hidden
Обновления NVIDIA 17.12.8 (Version: 17.12.8 — NVIDIA Corporation) Hidden
Пакет драйверов Windows — Nokia pccsmcfd (08/22/2008 7.0.0.0) (HKLM\…\FCEC33AD40CEA5E0FC4CEE6E42041A0DA189652D) (Version: 08/22/2008 7.0.0.0 — Nokia)
Панель управления NVIDIA 341.92 (Version: 341.92 — NVIDIA Corporation) Hidden
Поддержка программ Apple (HKLM-x32\…\{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}) (Version: 2.3.4 — Apple Inc.)
Служба автоматического обновления программ (HKU\S-1-5-21-4011927263-3324289307-1760038168-1000\…\MailRuUpdater) (Version: — Mail.Ru)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {06059F3E-F600-4E51-8601-5F7079401E82} — System32\Tasks\AlterGeoUpdater-S-1-5-18 => C:\Program Files (x86)\AlterGeo\Html5 geolocation provider\html5locsvc.exe
Task: {0DCF57B9-5605-498E-864B-6C306B636814} — System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-07-02] (Google Inc.)
Task: {19DAFFDD-3AE4-4558-878F-AF9E44474BA6} — System32\Tasks\System_service => c:\Temp\System32\start.vbs [2016-06-17] () <==== ATTENTION
Task: {1FBF7811-A10C-4DB1-96D7-09C4F4559D75} — System32\Tasks\MailRuUpdater => C:\Users\Пользователь\AppData\Local\Mail.Ru\MailRuUpdater.exe
Task: {3D55FF49-A1D9-40A2-91C3-903143EAE499} — System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_22_0_0_209_pepper.exe
Task: {667EB224-3007-4B57-8F2A-4CC88C5469D5} — System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-09-13] (Adobe Systems Incorporated)
Task: {81614080-0BE1-45BD-841B-B146F1E32129} — System32\Tasks\MailRuUpdateTask => C:\Users\Пользователь\AppData\Local\Mail.Ru\MailRuUpdater.exe
Task: {84EFF3AC-F754-470F-BA6C-338B159C0A66} — System32\Tasks\Обновление Браузера Яндекс => C:\Users\Пользователь\AppData\Local\Yandex\YandexBrowser\Application\browser.exe [2016-08-08] (YANDEX LLC)
Task: {90A640AB-79DF-45B7-9D55-5DB477DB210D} — System32\Tasks\{657A95D2-9512-4C42-BA97-ACDCF908E79B} => C:\Users\Пользователь\AppData\Roaming\uTorrent\uTorrent.exe [2014-12-05] (BitTorrent Inc.)
Task: {915FFD99-99FD-45C9-9B9B-9E822339E04C} — System32\Tasks\System_update => c:\Temp\System32\start.vbs [2016-06-17] () <==== ATTENTION
Task: {AC4E5ACF-89F7-4220-BA21-81EE183975E2} — System32\Tasks\Microsoft\Windows\Application Experience\AitAgent => C:\Windows\system32\aitagent.exe [2010-11-21] (Корпорация Майкрософт (Microsoft Corp.))
Task: {C047E1C5-F836-427B-B9AD-6E8BC865DBF3} — System32\Tasks\{E345F56A-8DA5-431F-AE11-9F0250CAC2ED} => c:\users\Пользователь\appdata\local\yandex\yandexbrowser\application\browser.exe [2016-08-08] (YANDEX LLC)
Task: {C7D0241A-A431-4400-9CD3-27B3EDDFDDEA} — System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-07-02] (Google Inc.)
Task: {CC4A08C2-9821-4CB7-BE30-2221A89E37E8} — System32\Tasks\Системное обновление Браузера Яндекс => C:\Program Files (x86)\Yandex\YandexBrowser\16.7.1.20936\service_update.exe [2016-08-08] (YANDEX LLC)
Task: {D2881EEE-2785-40C9-8C92-C0D58ED88C83} — System32\Tasks\{DE39EEB2-5CA9-4B0D-B9C6-9AA8C9A333FE} => Chrome.exe hxxp://www.skype.com/go/downloading?source=lightinstaller&amp;ver=6.16.66.105&amp;LastError=404
Task: {DD598093-7C12-40B4-A3B3-7CA598ED5F92} — System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-07-13] (Piriform Ltd)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_22_0_0_209_pepper.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\Обновление Браузера Яндекс.job => C:\Users\Пользователь\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
Task: C:\Windows\Tasks\Системное обновление Браузера Яндекс.job => C:\Program Files (x86)\Yandex\YandexBrowser\16.7.1.20936\service_update.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2014-12-05 16:15 — 2015-10-13 20:26 — 00125616 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2016-07-13 22:42 — 2016-07-13 22:42 — 00057344 _____ () C:\Program Files\CCleaner\lang\lang-1049.dll
2016-08-12 15:39 — 2015-10-29 12:42 — 10443776 _____ () C:\Program Files (x86)\PCRadio\PCRADIO.exe
2015-12-22 02:47 — 2015-12-22 02:47 — 00794920 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.1\kpcengine.2.3.dll
2016-09-13 12:42 — 2016-09-13 12:42 — 00144896 _____ () C:\Users\Пользователь\AppData\Local\Mail.Ru\GameCenter\zlib1.dll
2016-09-13 12:42 — 2016-09-13 12:42 — 00076192 _____ () C:\Users\Пользователь\AppData\Local\Mail.Ru\GameCenter\pxd.dll
2016-09-13 12:42 — 2016-09-13 12:42 — 00186272 _____ () C:\Users\Пользователь\AppData\Local\Mail.Ru\GameCenter\LightUpdate.dll
2016-09-13 12:42 — 2016-09-13 12:42 — 02318240 _____ () C:\Users\Пользователь\AppData\Local\Mail.Ru\GameCenter\BigUp2.dll
2016-05-23 21:36 — 2016-05-23 21:36 — 48962048 _____ () C:\Users\Пользователь\AppData\Local\Mail.Ru\GameCenter\Chrome\3.2623.1401\libcef.dll
2016-08-15 23:01 — 2016-08-08 19:39 — 01745216 _____ () C:\Users\Пользователь\AppData\Local\Yandex\YandexBrowser\Application\51.0.2704.20936\libglesv2.dll
2016-08-15 23:01 — 2016-08-08 19:39 — 00090432 _____ () C:\Users\Пользователь\AppData\Local\Yandex\YandexBrowser\Application\51.0.2704.20936\libegl.dll
2016-09-15 09:22 — 2016-09-14 03:38 — 01806152 _____ () C:\Program Files (x86)\Google\Chrome\Application\53.0.2785.116\libglesv2.dll
2016-09-15 09:22 — 2016-09-14 03:38 — 00094024 _____ () C:\Program Files (x86)\Google\Chrome\Application\53.0.2785.116\libegl.dll
2016-06-27 20:00 — 2016-08-23 18:39 — 00169472 _____ () D:\GamesMailRu\Warface\Bin32Release\CrashRpt1402.dll
2015-05-28 19:10 — 2015-05-28 19:10 — 00102400 _____ () D:\GamesMailRu\Warface\Bin32Release\jansson.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The «AlternateShell» will be restored.)

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 05:34 — 2016-08-08 13:16 — 00001489 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1 activate.adobe.com
127.0.0.1 activate-sjc0.adobe.com
127.0.0.1 practivate.adobe.com
127.0.0.1 ereg.adobe.com
127.0.0.1 activate.wip3.adobe.com
127.0.0.1 wip3.adobe.com
127.0.0.1 3dns-3.adobe.com
127.0.0.1 3dns-2.adobe.com
127.0.0.1 adobe-dns.adobe.com
127.0.0.1 adobe-dns-2.adobe.com
127.0.0.1 adobe-dns-3.adobe.com
127.0.0.1 ereg.wip3.adobe.com
127.0.0.1 wwis-dubc1-vip60.adobe.com
127.0.0.1 ood.opsource.net
127.0.0.1 CRL.VERISIGN.NET
127.0.0.1 adobeereg.com
127.0.0.1 OCSP.SPO1.VERISIGN.COM
127.0.0.1 activate-sea.adobe.com

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-4011927263-3324289307-1760038168-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Пользователь\AppData\Roaming\FastStone\FSIV\FSViewerWallPaper.bmp
DNS Servers: 80.82.32.9 — 80.82.33.65
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: Adobe ARM => «C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe»
MSCONFIG\startupreg: kpm.exe => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Password Manager 8.0.4\kpm.exe -autoStart
MSCONFIG\startupreg: MAgent => C:\Program Files (x86)\Mail.RU\Agent\magent.exe -LM
MSCONFIG\startupreg: MailRuUpdater => C:\Users\Пользователь\AppData\Local\Mail.Ru\MailRuUpdater.exe
MSCONFIG\startupreg: OscarEditor => «C:\Program Files (x86)\OSCAR Editor X7\OscarEditor.exe» Minimum
MSCONFIG\startupreg: PC Suite Tray => «C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe» -onlytray

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{A1F3B7EE-8715-4C64-B703-5DC331EB8F48}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
FirewallRules: [{0A394DB3-8962-465C-8DBA-AB82B38C9E9C}] => (Allow) C:\Users\Пользователь\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{52BCE2FD-8C74-4D8F-8476-490A76518AD6}] => (Allow) C:\Users\Пользователь\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{8E4BAF62-627C-4ADF-8E60-DBEB00EB7765}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{D727E8E3-0FFC-4A2D-BB34-12F0AD9A6EB7}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{83643B78-9527-4B48-B782-8EAAD0DDAF04}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{8E9B5C64-C5B8-4DC1-9394-71B4E31E91F2}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{F6E781C2-56C5-40B6-8057-5F3800CC8F98}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{B447E5FD-F807-44CB-AE87-F41968730218}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{CA3094D4-8827-4E5E-BB1C-A7659D591847}] => (Allow) D:\Dima\Steam.exe
FirewallRules: [{A2C9501B-D1FB-4C23-A34E-FA5C91C75B4D}] => (Allow) D:\Dima\Steam.exe
FirewallRules: [TCP Query User{09AE13C3-56F0-4600-B233-9E1C6C761D6D}C:\users\пользователь\appdata\local\mail.ru\gamecenter\gamecenter@mail.ru.exe] => (Allow) C:\users\пользователь\appdata\local\mail.ru\gamecenter\gamecenter@mail.ru.exe
FirewallRules: [UDP Query User{8858EE3E-0176-4BA9-B9E6-656523FF6C4B}C:\users\пользователь\appdata\local\mail.ru\gamecenter\gamecenter@mail.ru.exe] => (Allow) C:\users\пользователь\appdata\local\mail.ru\gamecenter\gamecenter@mail.ru.exe
FirewallRules: [{D245C3F5-BF9B-45A4-9DF3-D2EFB2D2905C}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [TCP Query User{22068047-0794-4F80-8D69-561C3C8848A5}C:\users\пользователь\appdata\local\mail.ru\gamecenter\gamecenter@mail.ru.exe] => (Block) C:\users\пользователь\appdata\local\mail.ru\gamecenter\gamecenter@mail.ru.exe
FirewallRules: [UDP Query User{8BA1A968-FBE9-4ADE-81E7-484863CC2AD6}C:\users\пользователь\appdata\local\mail.ru\gamecenter\gamecenter@mail.ru.exe] => (Block) C:\users\пользователь\appdata\local\mail.ru\gamecenter\gamecenter@mail.ru.exe
FirewallRules: [{C125B9C3-7C30-415B-BD9D-C30ED3D247B7}] => (Allow) C:\Users\Пользователь\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
FirewallRules: [{079DB4BC-E24D-4735-83CA-933E18B2AB87}] => (Allow) C:\Users\Пользователь\AppData\Local\Mail.Ru\GameCenter\GameCenter@Mail.Ru.exe
FirewallRules: [{D0587A84-B8B8-48C5-B452-E2610CF4F1A3}] => (Allow) C:\Users\Пользователь\AppData\Local\Mail.Ru\GameCenter\GameCenter@Mail.Ru.exe
FirewallRules: [{5C32FC70-9E53-4350-B069-142EC66418EC}] => (Allow) C:\Program Files (x86)\uTorrent\uTorrent.exe
FirewallRules: [{EC61ECB2-15D0-4131-AB99-E4CD47468077}] => (Allow) C:\Program Files (x86)\uTorrent\uTorrent.exe
FirewallRules: [{7DB60875-996C-4CF3-826E-3A0A347B1CF7}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (09/16/2016 03:56:12 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query «SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA «Win32_Processor» AND TargetInstance.LoadPercentage > 99″ could not be reactivated in namespace «//./root/CIMV2» because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (09/16/2016 08:06:57 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query «SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA «Win32_Processor» AND TargetInstance.LoadPercentage > 99″ could not be reactivated in namespace «//./root/CIMV2» because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (09/15/2016 09:11:58 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query «SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA «Win32_Processor» AND TargetInstance.LoadPercentage > 99″ could not be reactivated in namespace «//./root/CIMV2» because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (09/15/2016 03:39:06 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query «SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA «Win32_Processor» AND TargetInstance.LoadPercentage > 99″ could not be reactivated in namespace «//./root/CIMV2» because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (09/15/2016 08:16:38 AM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description: Невозможно инициализировать каталог.

Подробности:
Каталог индексов содержимого поврежден. (HRESULT : 0xc0041801) (0xc0041801)

Error: (09/15/2016 08:16:38 AM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: Не удается инициализировать приложение.

Контекст: приложение «Windows»

Подробности:
Каталог индексов содержимого поврежден. (HRESULT : 0xc0041801) (0xc0041801)

Error: (09/15/2016 08:16:38 AM) (Source: Windows Search Service) (EventID: 3028) (User: )
Description: Не удалось инициализировать объект средства сбора данных.

Контекст: приложение «Windows», каталог «SystemIndex»

Подробности:
Каталог индексов содержимого поврежден. (HRESULT : 0xc0041801) (0xc0041801)

Error: (09/15/2016 08:16:38 AM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: Не удается инициализировать подключаемый модуль в <Search.TripoliIndexer>.

Контекст: приложение «Windows», каталог «SystemIndex»

Подробности:
Элемент не найден. (HRESULT : 0x80070490) (0x80070490)

Error: (09/15/2016 08:16:36 AM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: Не удается инициализировать подключаемый модуль в <Search.JetPropStore>.

Контекст: приложение «Windows», каталог «SystemIndex»

Подробности:
Каталог индексов содержимого поврежден. (HRESULT : 0xc0041801) (0xc0041801)

Error: (09/15/2016 08:16:36 AM) (Source: Windows Search Service) (EventID: 9002) (User: )
Description: Службе Windows Search не удается загрузить данные из хранилища свойств.

Контекст: приложение «Windows», каталог «SystemIndex»

Подробности:
База данных индексов содержимого повреждена. (HRESULT : 0xc0041800) (0xc0041800)

System errors:
=============
Error: (09/16/2016 09:17:27 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: Возникло следующее неустранимое предупреждение: 10. Внутреннее состояние ошибки: 10.

Error: (09/16/2016 09:17:23 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: Возникло следующее неустранимое предупреждение: 10. Внутреннее состояние ошибки: 10.

Error: (09/16/2016 03:56:20 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Служба «Intel(R) Biometric and Context Agent Service» зависла при запуске.

Error: (09/16/2016 03:54:31 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Сбой при запуске службы «Service Installer TrueKey» из-за ошибки
Не удается найти указанный файл.

Error: (09/16/2016 08:07:05 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Служба «Intel(R) Biometric and Context Agent Service» зависла при запуске.

Error: (09/16/2016 08:05:17 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Сбой при запуске службы «Service Installer TrueKey» из-за ошибки
Не удается найти указанный файл.

Error: (09/15/2016 09:12:08 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Служба «Intel(R) Biometric and Context Agent Service» зависла при запуске.

Error: (09/15/2016 09:10:18 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Сбой при запуске службы «Service Installer TrueKey» из-за ошибки
Не удается найти указанный файл.

Error: (09/15/2016 03:38:58 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Служба «Intel(R) Biometric and Context Agent Service» зависла при запуске.

Error: (09/15/2016 03:37:23 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Сбой при запуске службы «Service Installer TrueKey» из-за ошибки
Не удается найти указанный файл.

CodeIntegrity:
===================================
Date: 2016-07-30 08:42:17.093
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-07-30 08:42:17.092
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-07-30 08:41:57.717
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-07-30 08:41:57.717
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-07-30 08:41:56.414
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-07-30 08:41:56.344
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-07-30 08:41:55.425
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-07-30 08:41:55.415
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-07-05 21:33:59.014
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Password Manager 8.0.4\kldw.exe because the set of per-page image hashes could not be found on the system.

Date: 2016-07-05 21:33:58.987
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Password Manager 8.0.4\kldw.exe because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Processor: AMD FX(tm)-4300 Quad-Core Processor
Percentage of memory in use: 43%
Total physical RAM: 8191.18 MB
Available physical RAM: 4603.71 MB
Total Virtual: 20475.36 MB
Available Virtual: 15785.37 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:50.86 GB) (Free:13.95 GB) NTFS
Drive d: (Data) (Fixed) (Total:414.8 GB) (Free:195.05 GB) NTFS
Drive e: (Мой диск) (CDROM) (Total:0.32 GB) (Free:0 GB) CDFS

==================== MBR & Partition Table ==================

==================== End of Addition.txt ============================