Поиск d google проходит через searchengine и автоматически переходит в mail.ru

Когда я хочу найти что-то через google, поиск автоматически переходин на мейл ру (который мне реально не нравится). Во время перехода я заметила, что он переходит через searchengine.

Start your code hereScan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 13-10-2016
Ran by Администратор (administrator) on XTREME-V6GVF9OP (16-10-2016 12:52:36)
Running from C:\Users\Администратор\Desktop
Loaded Profiles: Администратор (Available Profiles: Администратор)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: Русский (Россия)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(arvato digital services llc) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
(Atheros) C:\Program Files (x86)\Qualcomm Atheros WiFi Driver Installation\Ath_WlanAgent.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.1.362.0\SeaPort.EXE
(Performix LLC) C:\Program Files (x86)\Adguard\AdguardSvc.exe
(Performix LLC) C:\Program Files (x86)\Adguard\Adguard.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(hxxp://www.light-alloy.ru) C:\Program Files (x86)\Light Alloy\LA.exe


==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-12-17] (Apple Inc.)
HKLM-x32\...\Run: [Google Chrome] => C:\GoogleChrome\WindowsUpdate.lnk [528 2016-10-16] ()
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [NoInternetOpenWith] 1
HKU\S-1-5-21-4185040160-2872061839-1138422256-500\...\Run: [Google Chrome] => C:\GoogleChrome\WindowsUpdate.lnk [528 2016-10-16] ()
HKU\S-1-5-21-4185040160-2872061839-1138422256-500\...\Run: [Adguard] => C:\Program Files (x86)\Adguard\Adguard.exe [5608440 2016-08-26] (Performix LLC)
HKU\S-1-5-21-4185040160-2872061839-1138422256-500\...\Policies\Explorer: [HideSCAHealth] 1
HKU\S-1-5-21-4185040160-2872061839-1138422256-500\...\MountPoints2: {62a4a54f-de88-11e5-9b66-d850e6084200} - F:\LaunchU3.exe -a
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Google Chrome.lnk [2016-10-16]ShortcutTarget: Google Chrome.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\GoogleUpdate.lnk [2016-10-16]ShortcutTarget: GoogleUpdate.lnk -> C:\GoogleChrome\GoogleChrome.exe (No File)
GroupPolicy: Restriction - Chrome <======= ATTENTION
GroupPolicy\User: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.43.1
Tcpip\..\Interfaces\{DA78503F-E01B-45DF-AE08-1F88C710E008}: [DhcpNameServer] 172.20.10.1
Tcpip\..\Interfaces\{DB43028D-747A-4089-9406-057009FC84FC}: [DhcpNameServer] 192.168.43.1

Internet Explorer:
==================
HKU\S-1-5-21-4185040160-2872061839-1138422256-500\Software\Microsoft\Internet Explorer\Main,Start Page = 
SearchScopes: HKU\S-1-5-21-4185040160-2872061839-1138422256-500 -> DefaultScope {A06ED961-D98F-4CF9-A89B-80AB11DB149C} URL = hxxps://yandex.ru/search/?win=239&clid=2255395-221&text={searchTerms}
SearchScopes: HKU\S-1-5-21-4185040160-2872061839-1138422256-500 -> {896C9FD0-976F-479C-83AD-0DC9FBE25DDC} URL = hxxp://www.google.ru/search?hl=ru&q={searchTerms}
SearchScopes: HKU\S-1-5-21-4185040160-2872061839-1138422256-500 -> {A06ED961-D98F-4CF9-A89B-80AB11DB149C} URL = hxxps://yandex.ru/search/?win=239&clid=2255395-221&text={searchTerms}
BHO: Content Blocker Plugin -> {03C04F0A-E2A3-4F7F-BA30-BFA06FFD1358} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\x64\IEExt\ie_plugin.dll [2014-08-30] (Kaspersky Lab ZAO)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2014-08-13] (Oracle Corporation)
BHO: Virtual Keyboard Plugin -> {B5D5BB14-C8E2-478D-9C97-574AC10AF9E8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\x64\IEExt\ie_plugin.dll [2014-08-30] (Kaspersky Lab ZAO)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2014-08-13] (Oracle Corporation)
BHO: Safe Money Plugin -> {E3D96E85-529D-4269-AC6A-97CF9E2221E3} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\x64\IEExt\ie_plugin.dll [2014-08-30] (Kaspersky Lab ZAO)
BHO-x32: Content Blocker Plugin -> {03C04F0A-E2A3-4F7F-BA30-BFA06FFD1358} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\IEExt\ie_plugin.dll [2014-08-30] (Kaspersky Lab ZAO)
BHO-x32: Virtual Keyboard Plugin -> {B5D5BB14-C8E2-478D-9C97-574AC10AF9E8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\IEExt\ie_plugin.dll [2014-08-30] (Kaspersky Lab ZAO)
BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\7.1.362.0\BingExt.dll [2012-02-13] (Корпорация Майкрософт.)
BHO-x32: Safe Money Plugin -> {E3D96E85-529D-4269-AC6A-97CF9E2221E3} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\IEExt\ie_plugin.dll [2014-08-30] (Kaspersky Lab ZAO)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.362.0\BingExt.dll [2012-02-13] (Корпорация Майкрософт.)
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxps://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab

FireFox:
========
FF ProfilePath: C:\Users\Администратор\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default [2016-09-24]FF DefaultSearchEngine: Mozilla\Firefox\Profiles\nahd6ha2.default -> Поиск@Mail.Ru
FF SelectedSearchEngine: Mozilla\Firefox\Profiles\nahd6ha2.default -> Поиск@Mail.Ru
FF Homepage: Mozilla\Firefox\Profiles\nahd6ha2.default -> hxxp://mail.ru/cnt/10445?gp=821272
FF Keyword.URL: Mozilla\Firefox\Profiles\nahd6ha2.default -> hxxp://go.mail.ru/distib/ep/?product_id=%7B26EE6AAA-346B-433D-AE67-F1B33D530F8A%7D&gp=821273
FF Extension: (Домашняя страница Mail.Ru) - C:\Users\Администратор\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\Extensions\homepage@mail.ru [2016-09-24]FF Extension: (Поиск@Mail.Ru) - C:\Users\Администратор\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\Extensions\search@mail.ru [2016-09-24]FF Extension: (Визуальные закладки @Mail.Ru) - C:\Users\Администратор\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\Extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7} [2016-09-24]FF SearchPlugin: C:\Users\Администратор\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\searchplugins\mailru.xml [2016-09-24]FF HKLM-x32\...\Firefox\Extensions: [content_blocker_6418E0D362104DADA084DC312DFA8ABC@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\content_blocker@kaspersky.com
FF Extension: (Dangerous Websites Blocker) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\content_blocker@kaspersky.com [2016-02-09] [not signed]FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard_294FF26A1D5B455495946778FDE7CEDB@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\virtual_keyboard@kaspersky.com
FF Extension: (Virtual Keyboard) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\virtual_keyboard@kaspersky.com [2016-02-09] [not signed]FF HKLM-x32\...\Firefox\Extensions: [online_banking_69A4E213815F42BD863D889007201D82@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\online_banking@kaspersky.com
FF Extension: (Safe Money) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\online_banking@kaspersky.com [2016-02-09] [not signed]FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_23_0_0_185.dll [2016-10-16] ()
FF Plugin: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-08-13] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2014-08-13] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_23_0_0_185.dll [2016-10-16] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-10-14] ()
FF Plugin-x32: @kaspersky.com/content_blocker_6418E0D362104DADA084DC312DFA8ABC -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\content_blocker@kaspersky.com [2016-02-09] ()
FF Plugin-x32: @kaspersky.com/online_banking_69A4E213815F42BD863D889007201D82 -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\online_banking@kaspersky.com [2016-02-09] ()
FF Plugin-x32: @kaspersky.com/virtual_keyboard_294FF26A1D5B455495946778FDE7CEDB -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\virtual_keyboard@kaspersky.com [2016-02-09] ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-30] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-30] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-10-01] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-4185040160-2872061839-1138422256-500: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Администратор\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2016-05-08] (Unity Technologies ApS)

Chrome: 
=======
CHR HomePage: Default -> yandex.ru/?__PARAM__from=chromehp
CHR StartupUrls: Default -> "hxxp://google.kz/"
CHR DefaultSearchURL: Default -> hxxp://yandex.ru/search/?__PARAM__from=chromesearch&text={searchTerms}
CHR DefaultSearchKeyword: Default -> yandex.ru
CHR DefaultSuggestURL: Default -> hxxp://suggest.yandex.net/suggest-ff.cgi?uil=ru&part={searchTerms}
CHR Profile: C:\Users\Администратор\AppData\Local\Google\Chrome\User Data\Default [2016-10-16]CHR Extension: (Google Презентации) - C:\Users\Администратор\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-03-10]CHR Extension: (Документы Google) - C:\Users\Администратор\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-03-10]CHR Extension: (Диск Google) - C:\Users\Администратор\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-03-10]CHR Extension: (YouTube) - C:\Users\Администратор\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-03-10]CHR Extension: (Google Таблицы) - C:\Users\Администратор\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-03-10]CHR Extension: (Google Документы офлайн) - C:\Users\Администратор\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-04-15]CHR Extension: (Платежная система Интернет-магазина Chrome) - C:\Users\Администратор\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-03]CHR Extension: (Gmail) - C:\Users\Администратор\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-03-10]CHR Extension: (Chrome Media Router) - C:\Users\Администратор\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-09-22]CHR HKLM-x32\...\Chrome\Extension: [ablpcikjmhamjanpibkccdmpoekjigja] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [cpegcopcfajiiibidlaelhjjblpefbjk] - hxxp://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Adguard Service; C:\Program Files (x86)\Adguard\AdguardSvc.exe [149496 2016-08-26] (Performix LLC)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-10-07] (Apple Inc.)
S2 AVP15.0.1; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\avp.exe [234520 2014-08-30] (Kaspersky Lab ZAO)
S3 defragsvc; C:\Windows\System32\defragsvc.dll [291328 2009-07-14] (Корпорация Майкрософт)
R2 PSI_SVC_2_x64; c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [337776 2014-04-30] (arvato digital services llc)
R2 SysMain; C:\Windows\system32\sysmain.dll [1752064 2014-08-16] (Microsoft Corporation) [File not signed]R2 Themes; C:\Windows\system32\themeservice.dll [44544 2009-07-14] (Microsoft Corporation) [File not signed]S3 UI0Detect; C:\Windows\system32\UI0Detect.exe [40960 2014-08-16] (Microsoft Corporation) [File not signed]R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S3 WPCSvc; C:\Windows\System32\wpcsvc.dll [12288 2009-07-14] (Корпорация Майкрософт)
S3 WPCSvc; C:\Windows\SysWOW64\wpcsvc.dll [10752 2009-07-14] (Корпорация Майкрософт)
R2 ZAtheros Wlan Agent; C:\Program Files (x86)\Qualcomm Atheros WiFi Driver Installation\Ath_WlanAgent.exe [77824 2012-06-19] (Atheros) [File not signed]S2 CppWindowsService; C:\Program Files (x86)\filter\2\CppWindowsService.exe [X]
===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 adgnetworktdidrv; C:\Windows\System32\drivers\adgnetworktdidrv.sys [62536 2016-07-21] ()
R0 cm_km_w; C:\Windows\System32\DRIVERS\cm_km_w.sys [238288 2013-01-14] (Kaspersky Lab UK Ltd)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-11] (Broadcom Corporation)
S3 igfx; C:\Windows\System32\DRIVERS\igdkmd64.sys [5358464 2013-02-21] (Intel Corporation) [File not signed]S3 IntcDAud; C:\Windows\System32\DRIVERS\IntcDAud.sys [342528 2013-01-28] (Intel(R) Corporation) [File not signed]R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [468576 2014-03-31] (Kaspersky Lab ZAO)
R2 kldisk; C:\Windows\System32\DRIVERS\kldisk.sys [46144 2014-07-02] (Kaspersky Lab ZAO)
R3 klflt; C:\Windows\System32\DRIVERS\klflt.sys [150536 2014-08-18] (Kaspersky Lab ZAO)
R1 klhk; C:\Windows\System32\DRIVERS\klhk.sys [246456 2014-08-12] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [820232 2014-08-20] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [30304 2014-02-25] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [28768 2014-03-28] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-08-08] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [55872 2014-06-05] (Kaspersky Lab ZAO)
R1 Klwtp; C:\Windows\System32\DRIVERS\klwtp.sys [74424 2014-08-13] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [179776 2014-07-09] (Kaspersky Lab ZAO)
S3 MarvinBus; C:\Windows\System32\DRIVERS\MarvinBus64.sys [261120 2005-09-23] (Pinnacle Systems GmbH) [File not signed]R0 mountmgr; C:\Windows\System32\drivers\mountmgr.sys [94656 2015-02-03] (Корпорация Майкрософт)
R0 oem-drv64; C:\Windows\System32\DRIVERS\oem-drv64.sys [42496 2016-10-16] (secr9tos) [File not signed]U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [12352 2010-07-01] ()
R0 volmgrx; C:\Windows\System32\drivers\volmgrx.sys [363392 2010-11-21] (Корпорация Майкрософт)
U4 klkbdflt2; system32\DRIVERS\klkbdflt2.sys [X]S3 VGPU; System32\drivers\rdvgkmd.sys [X]
==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-10-16 12:52 - 2016-10-16 12:52 - 00018172 _____ C:\Users\Администратор\Desktop\FRST.txt
2016-10-16 12:51 - 2016-10-16 12:52 - 00000000 ____D C:\FRST
2016-10-16 12:49 - 2016-10-16 12:49 - 02406912 _____ (Farbar) C:\Users\Администратор\Desktop\FRST64.exe
2016-10-16 12:48 - 2016-10-16 12:48 - 01756672 _____ (Farbar) C:\Users\Администратор\Desktop\FRST.exe
2016-10-16 12:42 - 2016-10-16 12:52 - 00000000 ____D C:\Users\Все пользователи\Adguard
2016-10-16 12:42 - 2016-10-16 12:52 - 00000000 ____D C:\ProgramData\Adguard
2016-10-16 12:42 - 2016-10-16 12:42 - 00000889 _____ C:\Users\Public\Desktop\Adguard.lnk
2016-10-16 12:42 - 2016-10-16 12:42 - 00000231 _____ C:\Windows\SysWOW64\Drivers\vwifikerneldrv.sys
2016-10-16 12:42 - 2016-10-16 12:42 - 00000231 _____ C:\Windows\SysWOW64\d3dx9_11.dll.tmp
2016-10-16 12:42 - 2016-10-16 12:42 - 00000231 _____ C:\Users\Все пользователи\fontcacheev1.dat
2016-10-16 12:42 - 2016-10-16 12:42 - 00000231 _____ C:\ProgramData\fontcacheev1.dat
2016-10-16 12:42 - 2016-10-16 12:42 - 00000000 ____D C:\Users\Администратор\AppData\Roaming\Performix LLC
2016-10-16 12:42 - 2016-10-16 12:42 - 00000000 ____D C:\Users\Администратор\AppData\Local\Performix_LLC
2016-10-16 12:42 - 2016-10-16 12:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adguard
2016-10-16 12:42 - 2016-10-16 12:42 - 00000000 ____D C:\Program Files (x86)\Adguard
2016-10-16 12:42 - 2016-07-21 18:29 - 00062536 _____ () C:\Windows\system32\Drivers\adgnetworktdidrv.sys
2016-10-16 12:28 - 2016-10-16 12:30 - 00000080 _____ C:\Users\Администратор\AppData\Roaming\Microsoft\Windows\Start Menu\чTorrent.lnk
2016-10-16 12:02 - 2016-10-16 12:06 - 00000000 ____D C:\AdwCleaner
2016-10-16 12:01 - 2016-10-16 12:02 - 03874368 _____ C:\Users\Администратор\Desktop\adwcleaner_6.021.exe
2016-10-16 11:58 - 2016-10-16 11:58 - 00000000 _____ C:\autoexec.bat
2016-10-16 11:57 - 2016-10-16 12:28 - 00000000 ____D C:\Users\Администратор\AppData\Roaming\Enigma Software Group
2016-10-16 11:56 - 2016-10-16 11:57 - 00000000 ____D C:\sh4ldr
2016-10-16 11:52 - 2016-10-16 12:30 - 00000000 ____D C:\Program Files\Enigma Software Group
2016-10-16 11:29 - 2016-10-16 11:29 - 00000000 ____D C:\Users\Администратор\AppData\Roaming\MPC-HC
2016-10-16 11:15 - 2016-10-16 12:30 - 00000784 _____ C:\Users\Администратор\Desktop\Light Alloy.lnk
2016-10-16 11:15 - 2016-10-16 11:15 - 00000000 ____D C:\Users\Администратор\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Light Alloy
2016-10-16 11:15 - 2016-10-16 11:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MPC-HC x64
2016-10-16 11:15 - 2016-10-16 11:15 - 00000000 ____D C:\Program Files\MPC-HC
2016-10-16 11:15 - 2016-10-16 11:15 - 00000000 ____D C:\Program Files (x86)\Light Alloy
2016-09-25 16:41 - 2016-10-01 13:33 - 00001030 _____ C:\Program Files\Program Files.lnk
2016-09-25 16:41 - 2016-10-01 13:33 - 00001030 _____ C:\Program Files\My Music.lnk
2016-09-25 16:41 - 2016-10-01 13:33 - 00001030 _____ C:\Program Files (x86)\Program Files (x86).lnk
2016-09-25 16:41 - 2016-10-01 13:33 - 00001030 _____ C:\Program Files (x86)\My Music.lnk
2016-09-25 11:46 - 2016-10-16 12:31 - 00000613 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-09-25 11:46 - 2016-10-16 12:14 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-09-25 11:46 - 2016-09-25 11:46 - 00000000 ____D C:\Users\Все пользователи\Malwarebytes
2016-09-25 11:46 - 2016-09-25 11:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-09-25 11:46 - 2016-09-25 11:46 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-09-25 11:46 - 2016-03-10 14:09 - 00064896 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2016-09-25 11:46 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-09-25 11:46 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2016-09-24 23:14 - 2016-10-16 12:31 - 00002200 _____ C:\Users\Public\Desktop\Pinnacle Studio 16.lnk
2016-09-24 23:13 - 2016-09-24 23:13 - 00000000 ____D C:\Users\Public\Documents\Pinnacle
2016-09-24 23:06 - 2016-09-24 23:16 - 00000000 ____D C:\Users\Администратор\temp
2016-09-24 23:06 - 2016-09-24 23:15 - 00000349 _____ C:\Users\Public\Documents\PCLECHAL.INI
2016-09-24 23:06 - 2016-09-24 23:06 - 00000000 ____D C:\Users\Администратор\Documents\InstantCDDVD
2016-09-24 21:45 - 2016-09-24 21:46 - 00000000 ____D C:\Users\Администратор\AppData\Local\LightAlloy
2016-09-24 21:36 - 2016-09-24 21:36 - 00000000 ____D C:\Users\Администратор\AppData\Roaming\InstallPack
2016-09-24 21:33 - 2016-09-24 21:33 - 00000000 ____D C:\Users\Администратор\AppData\Local\Corel
2016-09-24 21:32 - 2016-09-24 21:33 - 00000000 ____D C:\Users\Все пользователи\Protexis64
2016-09-24 21:32 - 2016-09-24 21:33 - 00000000 ____D C:\ProgramData\Protexis64
2016-09-24 21:32 - 2016-09-24 21:32 - 00000000 ____D C:\Users\Администратор\AppData\Roaming\Corel
2016-09-24 21:27 - 2016-10-16 12:31 - 00002101 _____ C:\Users\Public\Desktop\Corel AfterShot Pro 3 (64-bit).lnk
2016-09-24 21:26 - 2016-09-24 21:26 - 00003346 _____ C:\Windows\System32\Tasks\CorelUpdateHelperTaskCore
2016-09-24 21:26 - 2016-09-24 21:26 - 00000000 ____D C:\Program Files\Common Files\Protexis
2016-09-24 21:26 - 2016-09-24 21:26 - 00000000 ____D C:\Program Files (x86)\Corel
2016-09-24 21:25 - 2016-09-24 21:26 - 00000000 ____D C:\Users\Все пользователи\Corel
2016-09-24 21:25 - 2016-09-24 21:26 - 00000000 ____D C:\ProgramData\Corel
2016-09-24 21:25 - 2016-09-24 21:26 - 00000000 ____D C:\Program Files\Corel
2016-09-24 21:25 - 2016-09-24 21:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Corel AfterShot Pro 3
2016-09-24 21:23 - 2016-09-24 23:15 - 00000000 ____D C:\Users\Администратор\AppData\Local\Avid
2016-09-24 21:23 - 2016-09-24 21:23 - 00000230 _____ C:\Users\Администратор\AppData\Roaming\XTREME-V6GVF9OP.MTBF.txt
2016-09-24 21:12 - 2008-10-15 06:22 - 05631312 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_40.dll
2016-09-24 21:12 - 2008-10-15 06:22 - 04379984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_40.dll
2016-09-24 21:12 - 2008-10-15 06:22 - 02605920 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_40.dll
2016-09-24 21:12 - 2008-10-15 06:22 - 02036576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_40.dll
2016-09-24 21:12 - 2008-10-15 06:22 - 00519000 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_40.dll
2016-09-24 21:12 - 2008-10-15 06:22 - 00452440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_40.dll
2016-09-24 21:11 - 2016-09-24 21:12 - 00000000 ____D C:\Users\Все пользователи\Avid
2016-09-24 21:11 - 2016-09-24 21:12 - 00000000 ____D C:\ProgramData\Avid
2016-09-24 21:06 - 2016-09-24 21:06 - 00000000 ____D C:\Users\Все пользователи\PCTV Systems
2016-09-24 21:06 - 2016-09-24 21:06 - 00000000 ____D C:\ProgramData\PCTV Systems
2016-09-24 21:03 - 2016-09-24 21:18 - 00000000 ____D C:\Users\Все пользователи\Pinnacle
2016-09-24 21:03 - 2016-09-24 21:18 - 00000000 ____D C:\ProgramData\Pinnacle
2016-09-24 21:03 - 2016-09-24 21:09 - 00000000 ____D C:\Users\Администратор\AppData\Local\Pinnacle
2016-09-24 21:02 - 2016-09-24 23:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pinnacle Studio 16
2016-09-24 21:02 - 2016-09-24 21:22 - 00000000 ____D C:\Users\Администратор\AppData\Local\Downloaded Installations
2016-09-24 21:02 - 2016-09-24 21:18 - 00000000 ____D C:\Program Files (x86)\Pinnacle
2016-09-24 20:52 - 2016-09-24 20:52 - 00000000 ____D C:\Users\Все пользователи\UniqueId
2016-09-24 20:52 - 2016-09-24 20:52 - 00000000 ____D C:\ProgramData\UniqueId
2016-09-24 20:51 - 2016-10-16 12:31 - 00001074 _____ C:\Users\Public\Desktop\Movavi Video Editor 11.lnk
2016-09-24 20:51 - 2016-09-24 20:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movavi Video Editor 11
2016-09-24 20:51 - 2016-09-24 20:51 - 00000000 ____D C:\Program Files (x86)\Movavi Video Editor 11
2016-09-24 20:47 - 2016-10-16 12:31 - 00001124 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoPad Video Editor.lnk
2016-09-24 20:47 - 2016-10-16 12:31 - 00001106 _____ C:\Users\Public\Desktop\VideoPad Video Editor.lnk
2016-09-24 20:47 - 2016-09-24 20:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Программы для видео
2016-09-24 20:47 - 2016-09-24 20:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Пакет программ NCH Software
2016-09-24 20:26 - 2016-09-24 23:01 - 00000000 ____D C:\Users\Администратор\Documents\Pinnacle Studio 16 Ultimate 16.1.0.115 Final Ml_Rus
2016-09-24 20:26 - 2016-09-24 20:26 - 00000000 ____D C:\Users\Администратор\Downloads\pinnacle-studio-16(1)
2016-09-24 20:25 - 2016-10-16 12:30 - 00000000 ____D C:\Users\Администратор\AppData\Roaming\NotepadPlusPlusApp
2016-09-24 20:25 - 2016-09-24 20:40 - 00000000 ____D C:\Users\Администратор\AppData\Local\ZetaGamesViewer
2016-09-24 20:25 - 2016-09-24 20:40 - 00000000 ____D C:\Users\Администратор\AppData\Local\ZetaGamesNews
2016-09-24 20:25 - 2016-09-24 20:25 - 00000000 ____D C:\Users\Администратор\AppData\Roaming\Smart Application Controller
2016-09-17 19:12 - 2016-09-25 11:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Python 2.7
2016-09-17 19:11 - 2016-09-25 16:41 - 00000000 ____D C:\Python27
2016-09-17 19:04 - 2016-09-24 22:50 - 00000000 ____D C:\Users\Администратор\AppData\Local\Package Cache
2016-09-17 14:53 - 2016-09-17 14:53 - 00000000 ____D C:\Users\Администратор\AppData\Local\CEF
2016-09-17 14:53 - 2016-09-17 14:53 - 00000000 ____D C:\Users\�������������\AppData\Local\Adobe
2016-09-17 14:53 - 2016-09-17 14:53 - 00000000 ____D C:\Users\�������������
2016-09-17 14:51 - 2016-10-16 12:31 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-09-17 14:51 - 2016-10-16 12:31 - 00002001 _____ C:\Users\Public\Desktop\Acrobat Reader DC.lnk
2016-09-17 14:51 - 2016-09-17 14:51 - 00000000 ____D C:\Program Files (x86)\Adobe
2016-09-17 14:41 - 2016-10-16 12:31 - 00000644 _____ C:\Users\Public\Desktop\Stamina.lnk
2016-09-17 14:41 - 2016-09-17 14:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Stamina

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-10-16 12:42 - 2016-03-10 20:20 - 00000970 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-10-16 12:41 - 2014-08-12 23:01 - 00000000 ____D C:\Users\Все пользователи\Package Cache
2016-10-16 12:41 - 2014-08-12 23:01 - 00000000 ____D C:\ProgramData\Package Cache
2016-10-16 12:37 - 2009-07-14 10:45 - 00026576 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-10-16 12:37 - 2009-07-14 10:45 - 00026576 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-10-16 12:31 - 2016-03-19 19:17 - 00001747 _____ C:\Users\Public\Desktop\iTunes.lnk
2016-10-16 12:31 - 2016-03-10 22:40 - 00002519 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2016-10-16 12:31 - 2016-03-10 20:21 - 00002151 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-10-16 12:31 - 2016-03-10 20:21 - 00002133 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-10-16 12:31 - 2016-02-09 20:32 - 00001841 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
2016-10-16 12:31 - 2016-02-09 20:32 - 00001823 _____ C:\Users\Public\Desktop\Opera.lnk
2016-10-16 12:31 - 2009-07-14 10:57 - 00001547 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2016-10-16 12:31 - 2009-07-14 10:57 - 00001330 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk
2016-10-16 12:31 - 2009-07-14 10:54 - 00001210 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk
2016-10-16 12:30 - 2016-07-31 21:09 - 00042496 _____ (secr9tos) C:\Windows\system32\Drivers\oem-drv64.sys
2016-10-16 12:30 - 2016-06-16 00:15 - 00000359 _____ C:\Users\Администратор\Desktop\Компьютер - Ярлык.lnk
2016-10-16 12:30 - 2016-02-09 15:56 - 00001405 _____ C:\Users\Администратор\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2016-10-16 12:30 - 2009-07-14 11:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-10-16 12:30 - 2009-07-14 11:01 - 00001282 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Default Programs.lnk
2016-10-16 12:30 - 2009-07-14 10:49 - 00001266 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Windows Update.lnk
2016-10-16 12:28 - 2016-04-17 12:55 - 00000000 ____D C:\Users\Администратор\AppData\Roaming\WindowsUpdate
2016-10-16 12:08 - 2016-03-10 20:20 - 00000966 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-10-16 12:08 - 2014-08-12 22:56 - 00000896 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-10-16 12:08 - 2009-07-14 10:45 - 00360880 _____ C:\Windows\system32\FNTCACHE.DAT
2016-10-16 12:01 - 2014-08-12 22:56 - 00796352 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-10-16 12:01 - 2014-08-12 22:56 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-10-16 12:01 - 2014-08-12 22:56 - 00003834 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-10-16 12:01 - 2014-08-12 22:56 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2016-10-16 12:01 - 2014-08-12 22:56 - 00000000 ____D C:\Windows\system32\Macromed
2016-10-16 11:57 - 2016-02-09 15:56 - 00000000 ____D C:\Users\Администратор
2016-10-16 11:43 - 2016-03-10 21:01 - 00000000 ____D C:\Users\Администратор\AppData\Roaming\Yandex
2016-10-16 11:38 - 2014-08-13 03:34 - 00000000 ____D C:\Windows\SysWOW64\directx
2016-10-16 11:34 - 2016-05-13 14:30 - 00000000 ____D C:\Users\Администратор\AppData\Local\PowerMonitor
2016-10-16 10:53 - 2016-03-01 08:13 - 00004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2016-10-16 10:25 - 2009-07-14 11:32 - 00000000 ____D C:\Windows\system32\FxsTmp
2016-10-09 20:50 - 2011-04-12 19:26 - 00722010 _____ C:\Windows\system32\perfh019.dat
2016-10-09 20:50 - 2011-04-12 19:26 - 00149030 _____ C:\Windows\system32\perfc019.dat
2016-10-09 20:50 - 2009-07-14 11:13 - 00868654 _____ C:\Windows\system32\PerfStringBackup.INI
2016-10-09 20:50 - 2009-07-14 09:20 - 00000000 ____D C:\Windows\inf
2016-10-03 21:38 - 2016-04-04 23:30 - 00000000 ____D C:\Users\Администратор\AppData\Local\ElevatedDiagnostics
2016-10-02 17:30 - 2016-03-18 21:22 - 00000000 ____D C:\Windows\System32\Tasks\NCH Software
2016-10-01 14:53 - 2016-05-31 15:44 - 00000000 _RSHD C:\GoogleChrome
2016-10-01 14:53 - 2009-07-14 11:32 - 00000000 ____D C:\Windows\Downloaded Program Files
2016-10-01 14:52 - 2016-05-31 15:44 - 00000000 _RSHD C:\MozillaFirefox
2016-10-01 13:33 - 2016-05-31 15:44 - 00001030 _____ C:\Users\Все пользователи\ProgramData.lnk
2016-10-01 13:33 - 2016-05-31 15:44 - 00001030 _____ C:\Users\Все пользователи\My Music.lnk
2016-10-01 13:33 - 2016-05-31 15:44 - 00001030 _____ C:\ProgramData\ProgramData.lnk
2016-10-01 13:33 - 2016-05-31 15:44 - 00001030 _____ C:\ProgramData\My Music.lnk
2016-10-01 13:33 - 2016-05-31 15:44 - 00001012 _____ C:\Windows\Windows.lnk
2016-10-01 13:33 - 2016-05-31 15:44 - 00001012 _____ C:\Windows\My Music.lnk
2016-09-25 16:41 - 2016-02-09 20:26 - 00000000 ____D C:\Intel
2016-09-25 16:41 - 2009-07-14 09:20 - 00000000 ____D C:\PerfLogs
2016-09-25 12:08 - 2016-04-23 22:03 - 00000000 ____D C:\Users\Администратор\AppData\Roaming\Windows Live
2016-09-25 12:08 - 2009-07-14 10:45 - 00000000 ____D C:\Windows\ServiceProfiles
2016-09-25 12:07 - 2016-05-31 15:44 - 00000000 ____D C:\Users\Администратор\AppData\Roaming\NsCpuCNMiner
2016-09-25 12:07 - 2016-04-17 12:55 - 00000000 ____D C:\Users\Администратор\AppData\Roaming\Update
2016-09-25 11:44 - 2016-03-10 20:21 - 00000000 ____D C:\Users\Администратор\AppData\Local\Google
2016-09-25 11:30 - 2016-05-09 15:42 - 00000000 ____D C:\Program Files (x86)\360
2016-09-25 11:28 - 2016-03-18 21:22 - 00000000 ____D C:\Users\Администратор\AppData\Local\Unity
2016-09-24 23:09 - 2014-08-13 17:17 - 00000000 ____D C:\Windows\system32\appmgmt
2016-09-24 22:54 - 2016-07-31 12:30 - 00000258 __RSH C:\Users\Администратор\ntuser.pol
2016-09-24 22:50 - 2016-03-10 21:01 - 00000000 ____D C:\Users\Администратор\AppData\Local\Yandex
2016-09-24 22:16 - 2016-07-31 12:29 - 00002188 __RSH C:\Users\Все пользователи\ntuser.pol
2016-09-24 22:16 - 2016-07-31 12:29 - 00002188 __RSH C:\ProgramData\ntuser.pol
2016-09-24 21:39 - 2016-02-09 15:56 - 00093336 _____ C:\Users\Администратор\AppData\Local\GDIPFONTCACHEV1.DAT
2016-09-24 21:15 - 2014-08-13 03:14 - 00858286 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2016-09-24 20:47 - 2016-03-18 21:22 - 00000000 ____D C:\Program Files (x86)\NCH Software
2016-09-24 20:38 - 2016-02-09 15:56 - 00000000 ____D C:\Users\Администратор\AppData\Roaming\Notepad++
2016-09-24 20:26 - 2016-03-18 21:22 - 00000000 ____D C:\Users\Администратор\AppData\LocalLow\Unity
2016-09-23 05:32 - 2016-02-17 11:11 - 00000000 ____D C:\Users\Все пользователи\Microsoft Help
2016-09-17 22:10 - 2016-02-09 15:54 - 00000000 ____D C:\Windows\rescache
2016-09-17 14:53 - 2016-02-18 16:56 - 00000000 ____D C:\Users\Администратор\AppData\Local\Adobe
2016-09-17 14:51 - 2016-02-09 20:31 - 00000000 ____D C:\Users\Все пользователи\Adobe
2016-09-17 14:51 - 2016-02-09 20:31 - 00000000 ____D C:\ProgramData\Adobe

==================== Files in the root of some directories =======

2016-09-25 16:41 - 2016-10-01 13:33 - 0001030 _____ () C:\Program Files\My Music.lnk
2016-09-25 16:41 - 2016-10-01 13:33 - 0001030 _____ () C:\Program Files\Program Files.lnk
2016-09-25 16:41 - 2016-10-01 13:33 - 0001030 _____ () C:\Program Files (x86)\My Music.lnk
2016-09-25 16:41 - 2016-10-01 13:33 - 0001030 _____ () C:\Program Files (x86)\Program Files (x86).lnk
2016-09-24 21:23 - 2016-09-24 21:23 - 0000230 _____ () C:\Users\Администратор\AppData\Roaming\XTREME-V6GVF9OP.MTBF.txt
2016-09-24 21:23 - 2016-09-24 23:15 - 0000628 _____ () C:\Users\Администратор\AppData\Roaming\__AvidCloudManager.log
2016-09-24 21:23 - 2016-09-24 21:24 - 0000793 _____ () C:\Users\Администратор\AppData\Roaming\__AvidCloudManagerPrevious.log
2016-05-16 23:38 - 2016-05-16 23:38 - 0007600 _____ () C:\Users\Администратор\AppData\Local\Resmon.ResmonCfg
2016-10-16 12:42 - 2016-10-16 12:42 - 0000231 _____ () C:\ProgramData\fontcacheev1.dat
2016-03-18 13:15 - 2016-03-18 13:15 - 0000016 _____ () C:\ProgramData\mntemp
2016-05-31 15:44 - 2016-10-01 13:33 - 0001030 _____ () C:\ProgramData\My Music.lnk
2016-05-31 15:44 - 2016-10-01 13:33 - 0001030 _____ () C:\ProgramData\ProgramData.lnk
2016-03-18 13:15 - 2016-03-18 13:15 - 0004145 _____ () C:\ProgramData\rxsmznjf.zcp

Files to move or delete:
====================
C:\ProgramData\fontcacheev1.dat
C:\Users\Все пользователи\fontcacheev1.dat


Some files in TEMP:
====================
C:\Users\Администратор\AppData\Local\Temp\BingBarSetup-Partner.exe
C:\Users\Администратор\AppData\Local\Temp\libeay32.dll
C:\Users\Администратор\AppData\Local\Temp\msvcr120.dll
C:\Users\Администратор\AppData\Local\Temp\Setup-yabrowser.exe
C:\Users\Администратор\AppData\Local\Temp\sqlite3.dll
C:\Users\Администратор\AppData\Local\Temp\tmp227D.tmp.exe
C:\Users\Администратор\AppData\Local\Temp\YandexWorking.exe


==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe
[2010-11-21 09:24] - [2010-11-21 09:24] - 0030720 ____A (Microsoft Corporation) 8A23A8204DDD0FC3B2E6C30B67A845C6

C:\Windows\SysWOW64\userinit.exe
[2010-11-21 09:23] - [2010-11-21 09:23] - 0026624 ____A (Microsoft Corporation) 9FCF19DFE8E2D11B0D0855A389D4DBE6

C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


nointegritychecks: ==> "IntegrityChecks" is disabled. <===== ATTENTION


LastRegBack: 2016-10-15 18:13

==================== End of FRST.txt ============================

Start your code hereAdditional scan result of Farbar Recovery Scan Tool (x64) Version: 13-10-2016
Ran by Администратор (16-10-2016 12:53:15)
Running from C:\Users\Администратор\Desktop
Windows 7 Ultimate Service Pack 1 (X64) (2016-02-09 09:55:57)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Администратор (S-1-5-21-4185040160-2872061839-1138422256-500 - Administrator - Enabled) => C:\Users\Администратор
Гость (S-1-5-21-4185040160-2872061839-1138422256-501 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-4185040160-2872061839-1138422256-500\...\uTorrent) (Version: 3.4.2.33023 - BitTorrent Inc.)
7-Zip 9.34 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0934-000001000000}) (Version: 9.34.00.0 - Igor Pavlov)
Adguard (HKLM-x32\...\{25902abd-601f-4fb7-9932-5c5064fe3392}) (Version: 6.1.258.1302 - Performix LLC)
Adguard (x32 Version: 6.1.258.1302 - Performix LLC) Hidden
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.020.20039 - Adobe Systems Incorporated)
Adobe Flash Player 23 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 23.0.0.185 - Adobe Systems Incorporated)
Adobe Flash Player 23 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 23.0.0.185 - Adobe Systems Incorporated)
Apple Mobile Device Support (HKLM\...\{3540181E-340A-4E7A-B409-31663472B2F7}) (Version: 9.1.0.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
Bing Bar (HKLM-x32\...\{16793295-2366-40F7-A045-A3E42A81365E}) (Version: 7.1.362.0 - Microsoft Corporation)
Corel AfterShot Pro 3 - HDR x64 (Version: 3.0 - Corel Corporation) Hidden
Corel AfterShot Pro 3 - ICA x64 (Version: 3.0 - Corel Corporation) Hidden
Corel AfterShot Pro 3 - IPM Content x64 (Version: 3.0 - Corel Corporation) Hidden
Corel AfterShot Pro 3 - IPM x64 (Version: 3.1.0.181 - Corel Corporation) Hidden
Corel AfterShot Pro 3 x64 (Version: 3.0 - Corel Corporation) Hidden
Corel AfterShot Pro 3(64-bit) (HKLM\...\_{B75B59C9-4E9F-4632-B70E-80A62BD91EA2}) (Version: 3.1.0.181 - Corel Corporation)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 54.0.2840.59 - Google Inc.)
Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden
IPM_Common_x64 (Version: 2.3 - Your Company Name) Hidden
iTunes (HKLM\...\{FBEB98F8-64E4-4FA3-A15E-4A9F42FF962E}) (Version: 12.3.2.35 - Apple Inc.)
Java 7 Update 67 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F06417067FF}) (Version: 7.0.670 - Oracle)
Kaspersky Internet Security (HKLM-x32\...\InstallWIX_{8ED07EBD-22AD-415A-B71E-C1AD86862C2E}) (Version: 15.0.1.415 - Лаборатория Касперского)
Kaspersky Internet Security (x32 Version: 15.0.1.415 - Лаборатория Касперского) Hidden
K-Lite Mega Codec Pack 6.9.0 (HKLM-x32\...\KLiteCodecPack_is1) (Version: 6.9.0 - )
Light Alloy 4.8.8 (build 2038) (HKLM-x32\...\Light Alloy) (Version: 4.8.8 (build 2038) - )
Malwarebytes Anti-Malware, версия 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Office Excel 2007 (HKLM-x32\...\EXCEL) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office PowerPoint 2007 (HKLM-x32\...\POWERPOINT) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office Word 2007 (HKLM-x32\...\WORD) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable - x64 8.0.61000 (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable - x86 8.0.61001 (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 Redistributable - x64 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 Redistributable - x86 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{a2199617-3609-410f-a8e8-e8806c73545b}) (Version: 11.0.61030.0 - Корпорация Майкрософт)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{f0080ca2-80ae-4958-b6eb-e8fa916d744a}) (Version: 11.0.61030.0 - Корпорация Майкрософт)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{51adbf11-493f-431c-a862-967a0fae2944}) (Version: 12.0.21005.1 - Корпорация Майкрософт)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{2af972c7-13b0-4978-92a8-fee26a4fb4e9}) (Version: 12.0.21005.1 - Корпорация Майкрософт)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23026 (HKLM-x32\...\{74d0e5db-b326-4dae-a6b2-445b9de1836e}) (Version: 14.0.23026.0 - Microsoft Corporation)
Movavi Video Editor 11 (HKLM-x32\...\Movavi Video Editor 11) (Version: 11.4.1 - Movavi)
MPC-HC 1.7.10 (64-bit) (HKLM\...\{2ACBF1FA-F5C3-4B19-A774-B22A31F231B9}_is1) (Version: 1.7.10 - MPC-HC Team)
NotepadPlusPlusApp (HKU\S-1-5-21-4185040160-2872061839-1138422256-500\...\NotepadPlusPlusApp) (Version: - )
Opera 12.00 (HKLM-x32\...\Opera 12.00.1467) (Version: 12.00.1467 - Opera Software ASA)
Pinnacle Studio 16 (HKLM-x32\...\{284BFDBC-DAC6-43EC-85A8-E1CEC0D3A114}) (Version: 16.0.0.75 - Avid Technology, Inc.)
Python 2.7.12 (HKLM-x32\...\{9DA28CE5-0AA5-429E-86D8-686ED898C665}) (Version: 2.7.12150 - Python Software Foundation)
Qualcomm Atheros WiFi Driver Installation (HKLM-x32\...\{7D916FA5-DAE9-4A25-B089-655C70EAF607}) (Version: 3.0 - Qualcomm Atheros)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.61.612.2012 - Realtek)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.7601.27015 - Realtek Semiconductor Corp.)
Stamina 2.5 (HKLM-x32\...\Stamina) (Version: - )
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Unity Web Player (HKU\S-1-5-21-4185040160-2872061839-1138422256-500\...\UnityWebPlayer) (Version: 5.3.5f1 - Unity Technologies ApS)
Unlocker 1.9.2 (HKLM\...\Unlocker) (Version: 1.9.2 - Cedrick Collomb)
VideoPad Video Editor (HKLM-x32\...\VideoPad) (Version: 4.01 - NCH Software)
WinRAR 5.10 (64-разрядная) (HKLM\...\WinRAR archiver) (Version: 5.10.0 - win.rar GmbH)
Поддержка программ Apple (x64) (HKLM\...\{691F30EB-9009-475A-B8A9-E1BF39598FD5}) (Version: 4.1.2 - Apple Inc.)
Поддержка программ Apple (x86) (HKLM-x32\...\{7FA9ECCF-A2DE-4DA1-BFF3-81260DBDA68F}) (Version: 4.1.2 - Apple Inc.)
Языковой пакет клиентского профиля Microsoft.NET Framework 4 - RUS (HKLM\...\Microsoft .NET Framework 4 Client Profile RUS Language Pack) (Version: 4.0.30319 - Корпорация Майкрософт)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {2CB170C1-EE38-46E5-9700-65C04293DA6D} - System32\Tasks\cvc => C:\Windows\System32\comparevers.exe [2016-02-09] (Microsoft Corporation)
Task: {33961B46-2C35-4905-8EE4-59269E7079D3} - System32\Tasks\CorelUpdateHelperTaskCore => c:\Program Files (x86)\Corel\CUH\v2\CUH.exe [2016-08-25] (Corel Corporation)
Task: {4C6D4637-CBC8-4B53-B34D-7E46DAE53C57} - \PowerMonitor -> No File <==== ATTENTION
Task: {76C19760-C9CC-46B4-8821-06DD25A4C8A0} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-03-10] (Google Inc.)
Task: {7F54E4C8-9724-4D69-9298-3DD092D18498} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-09-16] (Adobe Systems Incorporated)
Task: {A820B7B3-BA10-49DF-B3A4-F57BDD804690} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-03-10] (Google Inc.)
Task: {AC4E5ACF-89F7-4220-BA21-81EE183975E2} - System32\Tasks\Microsoft\Windows\Application Experience\AitAgent => C:\Windows\system32\aitagent.exe [2010-11-21] (Корпорация Майкрософт (Microsoft Corp.))
Task: {BE6A2D08-6C61-45D7-93F3-BC3FCEF77DAA} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-10-16] (Adobe Systems Incorporated)
Task: {CFC96A99-46E8-48D6-A75E-ABF20FA53680} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2015-08-27] (Apple Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

Shortcut: C:\Users\Администратор\Favorites\Пакет программ NCH Software для скачивания.lnk -> hxxp://www.nchsoftware.com/ru/index.html
Shortcut: C:\Users\Администратор\Desktop\Компьютер - Ярлык.lnk -> 0x4C0000000114020000000000C0000000000000468100080000000000000000000000000000000000000000000000000000000000000000000000000001000000000000000000000000000000160014001F50E04FD020EA3A6910A2D808002B30309D0000FF000000090000A0720000003153505330F125B7EF471A10A5F102608C9EEBAC250000000A000000001F0000000A0000001A043E043C043F044C044E0442043504400400003100000004000000001F00000010000000210438044104420435043C043D0430044F0420003F0430043F043A0430040000000000008100000031535053A66A63283D95D211B5D600C04FD918D0650000001E000000001F000000290000003A003A007B00320030004400300034004600450030002D0033004100450041002D0031003000360039002D0041003200440038002D003000380030003000320042003300300033003000390044007D0000000000000000000000000000000000 <===== Cyrillic
Shortcut: C:\Users\Администратор\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\Справка WinRAR.lnk -> C:\Program Files\WinRAR\WinRAR.chm () <===== Cyrillic
Shortcut: C:\Users\Администратор\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Вконтакте (2).lnk -> C:\Users\Администратор\AppData\Local\Amigo\Application\vk.exe (No File) <===== Cyrillic
Shortcut: C:\Users\Администратор\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\9eeba61e85febcf9\Визуальные Закладки Mail.Ru.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) <===== Cyrillic

ShortcutWithArgument: C:\Users\Администратор\AppData\Local\Microsoft\Start Menu\Вoйти в Интeрнeт.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> "hxxp://lajtewo.ru/?utm_source=startlink03&utm_content=2fec60cf2177a751b60041b175371d97&utm_term=90EFBEADE885DC46B7184765F44DA947&utm_d=20160513"
ShortcutWithArgument: C:\Users\Администратор\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Вoйти в Интeрнeт.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> "hxxp://etopal.ru/?utm_source=startlink03&utm_content=ff5af3d52b3ae6928afbf0c02bcc5552&utm_term=90EFBEADE885DC46B7184765F44DA947&utm_d=20160513"

==================== Loaded Modules (Whitelisted) ==============

2015-12-17 18:38 - 2015-12-17 18:38 - 00085800 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-12-17 18:38 - 2015-12-17 18:38 - 01328912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2010-07-15 10:44 - 2010-07-15 10:44 - 00020032 _____ () C:\Program Files\Unlocker\UnlockerCOM.dll
2016-08-19 15:11 - 2016-08-19 15:11 - 01426424 _____ () C:\Program Files (x86)\Adguard\AdguardNetApi.DLL
2016-08-19 15:11 - 2016-08-19 15:11 - 00140280 _____ () C:\Program Files (x86)\Adguard\AdguardNetLib.DLL
2016-10-16 11:15 - 2014-05-07 15:15 - 00040448 _____ () C:\Program Files (x86)\Light Alloy\wheeltray.dll
2016-02-09 20:35 - 2011-01-28 14:00 - 03668992 _____ () C:\Program Files (x86)\K-Lite Codec Pack\ffdshow\ffdshow.ax

==================== Alternate Data Streams (Whitelisted) =========

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 08:34 - 2016-02-09 20:33 - 00000918 ____N C:\Windows\system32\Drivers\etc\hosts

127.0.0.1 activation-v2.kaspersky.com
127.0.0.1 activation-v2.geo.kaspersky.com

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-4185040160-2872061839-1138422256-500\Control Panel\Desktop\\Wallpaper -> C:\Users\Администратор\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.43.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
mpsdrv => Firewall Service is not running.
MpsSvc => Firewall Service is not running.

==================== MSCONFIG/TASK MANAGER disabled items ==


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{EDAF9076-85C1-477E-B260-5FC64CD2B82D}] => (Allow) C:\Users\Administrator\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{AA12FFBF-E35A-4C49-B867-73D06DD5DF44}] => (Allow) C:\Users\Administrator\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{35A59DAB-2499-428F-973E-8DDCBCC0AB35}] => (Allow) %SystemRoot%\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
FirewallRules: [mediaget-tcp] => (Allow) C:\Users\Администратор\AppData\Local\MediaGet2\mediaget.exe
FirewallRules: [mediaget-udp] => (Allow) C:\Users\Администратор\AppData\Local\MediaGet2\mediaget.exe

==================== Restore Points =========================

Check "winmgmt" service or repair WMI.


==================== Faulty Device Manager Devices =============

Name: Туннельный адаптер Microsoft Teredo
Description: Туннельный адаптер Microsoft Teredo
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: Контроллер универсальной последовательной шины USB
Description: Контроллер универсальной последовательной шины USB
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: PCI-контроллер Simple Communications
Description: PCI-контроллер Simple Communications
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (10/16/2016 12:32:14 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (10/16/2016 12:09:47 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (10/16/2016 11:27:13 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Имя сбойного приложения: PFHttpContentFilter.exe, версия: 0.0.0.0, отметка времени: 0x573c3928
Имя сбойного модуля: ProtocolFilters.dll, версия: 0.0.0.0, отметка времени 0x5695306c
Код исключения: 0xc0000005
Смещение ошибки: 0x00034fbc
Идентификатор сбойного процесса: 0x8a8
Время запуска сбойного приложения: 0x01d22763d4e54541
Путь сбойного приложения: C:\Program Files (x86)\filter\2\PFHttpContentFilter.exe
Путь сбойного модуля: C:\Program Files (x86)\filter\2\ProtocolFilters.dll
Код отчета: 312bfa9e-9361-11e6-a261-d850e6084200

Error: (10/16/2016 10:16:14 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (10/15/2016 06:20:37 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Сбой служб шифрования в ходе обработки вызова OnIdentity() в объекте "Системный модуль записи".

Details:
AddCoreCsiFiles : GetNextFileMapContent() failed.

System Error:
Параметр задан неверно.
.

Error: (10/15/2016 06:20:36 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Сбой служб шифрования в ходе обработки вызова OnIdentity() в объекте "Системный модуль записи".

Details:
AddCoreCsiFiles : GetNextFileMapContent() failed.

System Error:
Параметр задан неверно.
.

Error: (10/15/2016 03:26:28 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (10/15/2016 12:01:17 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (10/15/2016 10:40:05 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (10/14/2016 09:27:16 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.


System errors:
=============
Error: (10/16/2016 12:30:39 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Сбой при запуске службы "CppWindowsService Sample Service" из-за ошибки 
Не удается найти указанный файл.

Error: (10/16/2016 12:30:38 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Сбой при запуске службы "Kaspersky Anti-Virus Service 15.0.1" из-за ошибки 
Служба не ответила на запрос своевременно.

Error: (10/16/2016 12:30:38 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Превышение времени ожидания (30000 мс) при ожидании подключения службы "Kaspersky Anti-Virus Service 15.0.1".

Error: (10/16/2016 12:30:33 PM) (Source: Microsoft-Windows-TaskScheduler) (EventID: 413) (User: NT AUTHORITY)
Description: Службе планировщика заданий не удалось загрузить задания при запуске службы. Дополнительные данные: ошибка: 2147942402.

Error: (10/16/2016 12:08:20 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Сбой при запуске службы "CppWindowsService Sample Service" из-за ошибки 
Не удается найти указанный файл.

Error: (10/16/2016 12:08:19 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Сбой при запуске службы "Kaspersky Anti-Virus Service 15.0.1" из-за ошибки 
Служба не ответила на запрос своевременно.

Error: (10/16/2016 12:08:19 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Превышение времени ожидания (30000 мс) при ожидании подключения службы "Kaspersky Anti-Virus Service 15.0.1".

Error: (10/16/2016 12:07:31 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: Модуль расширяемости беспроводной сети неожиданно прекратил работу.

Путь к модулю: C:\Program Files (x86)\Qualcomm Atheros WiFi Driver Installation\AthIhvWlanExt.dll

Error: (10/16/2016 12:07:31 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: Модуль расширяемости беспроводной сети неожиданно прекратил работу.

Путь к модулю: C:\Program Files (x86)\Qualcomm Atheros WiFi Driver Installation\AthIhvWlanExt.dll

Error: (10/16/2016 12:07:29 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: Модуль расширяемости беспроводной сети неожиданно прекратил работу.

Путь к модулю: C:\Program Files (x86)\Qualcomm Atheros WiFi Driver Installation\AthIhvWlanExt.dll


CodeIntegrity:
===================================
 Date: 2016-07-28 21:20:56.506
 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

 Date: 2016-07-28 21:20:56.506
 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

 Date: 2016-07-28 21:20:56.490
 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

 Date: 2016-07-28 21:20:56.490
 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.

 Date: 2016-07-28 21:20:56.475
 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.

 Date: 2016-07-28 21:20:56.475
 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.

 Date: 2016-07-26 16:29:56.037
 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

 Date: 2016-07-26 16:29:56.034
 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

 Date: 2016-07-26 16:29:56.031
 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

 Date: 2016-07-26 16:29:56.013
 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i3-3217U CPU @ 1.80GHz
Percentage of memory in use: 41%
Total physical RAM: 3981.74 MB
Available physical RAM: 2329.48 MB
Total Virtual: 7961.66 MB
Available Virtual: 6199.74 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:48.73 GB) (Free:8.28 GB) NTFS
Drive d: () (Fixed) (Total:416.93 GB) (Free:150.21 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 9364DE26)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=48.7 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=416.9 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================