Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:18-04-2016 Ran by user (administrator) on USER-ПК (19-04-2016 09:32:10) Running from C:\Users\user\Desktop\av\FRST64 Loaded Profiles: user (Available Profiles: user) Platform: Windows 7 Home Basic Service Pack 1 (X64) Language: Русский (Россия) Internet Explorer Version 11 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (ООО ДубльГИС) C:\Program Files (x86)\2gis\3.0\2GISTrayNotifier.exe (Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE (Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe (Microsoft Corporation) C:\Windows\System32\alg.exe (Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Easy Settings\dmhkcore.exe (Samsung Electronics) C:\Program Files (x86)\Samsung\Easy Settings\EasySpeedUpManager.exe (CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe (Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Easy Settings\SmartSetting.exe (Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Easy Settings\MovieColorEnhancer.exe (Intel Corporation) C:\Windows\System32\igfxext.exe (Intel Corporation) C:\Windows\System32\igfxsrvc.exe (SEC) C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (SAMSUNG Electronics) C:\Program Files (x86)\Samsung\Easy Support Center\SSCKbdHk.exe (Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM-x32\...\Run: [2Gis Update Notifier] => C:\Program Files (x86)\2gis\3.0\2GISTrayNotifier.exe [4593384 2016-02-29] (ООО ДубльГИС) Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation) AppInit_DLLs: C:\windows\system32\nvinitx.dll => C:\windows\system32\nvinitx.dll [168616 2013-10-16] (NVIDIA Corporation) AppInit_DLLs-x32: C:\windows\SysWOW64\nvinit.dll => C:\windows\SysWOW64\nvinit.dll [141336 2013-10-16] (NVIDIA Corporation) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 10.0.0.1 Tcpip\..\Interfaces\{38DB8C27-C1B8-4230-9A9E-ECCE03A802D0}: [DhcpNameServer] 10.0.0.1 ManualProxies: Internet Explorer: ================== HKU\S-1-5-21-3102738836-3127478194-571303593-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://ru.msn.com/ HKU\S-1-5-21-3102738836-3127478194-571303593-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://mail.ru/cnt/10445?gp=801004 SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=SMSTDF&pc=MASM&src=IE-SearchBox SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=SMSTDF&pc=MASM&src=IE-SearchBox SearchScopes: HKU\S-1-5-21-3102738836-3127478194-571303593-1001 -> DefaultScope {FFEBBF0A-C22C-4172-89FF-45215A135AC7} URL = hxxp://go.mail.ru/distib/ep/?q={SearchTerms}&product_id=%7B5B0587EC-1279-4A29-856D-D614F3A68152%7D&gp=801504 SearchScopes: HKU\S-1-5-21-3102738836-3127478194-571303593-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-3102738836-3127478194-571303593-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3C} URL = hxxp://yandex.ru/yandsearch?win=162&clid=1985536-202&text={searchTerms} SearchScopes: HKU\S-1-5-21-3102738836-3127478194-571303593-1001 -> {FFEBBF0A-C22C-4172-89FF-45215A135AC7} URL = hxxp://go.mail.ru/distib/ep/?q={SearchTerms}&product_id=%7B5B0587EC-1279-4A29-856D-D614F3A68152%7D&gp=801504 BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.) BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll => No File BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-01-08] (Microsoft Corporation) BHO: Визуальные закладки -> {D5FEC983-01DB-414a-9456-AF95AC9ED7B5} -> No File BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2014-05-18] (Oracle Corporation) BHO-x32: No Name -> {8984B388-A5BB-4DF7-B274-77B879E179DB} -> No File BHO-x32: Помощник по входу с помощью идентификатора Windows Live ID -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.) BHO-x32: AlterGeoBHO Class -> {9BFBA68E-E21B-458E-AE12-FE85E903D2C1} -> C:\Program Files (x86)\AlterGeo\AlterGeo Magic Scanner\3.3.2.779\AlterGeo.BrowserPlugin.dll => No File BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll => No File BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-01-08] (Microsoft Corporation) BHO-x32: No Name -> {D5FEC983-01DB-414a-9456-AF95AC9ED7B5} -> No File BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2014-05-18] (Oracle Corporation) Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll No File Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll No File Toolbar: HKU\S-1-5-21-3102738836-3127478194-571303593-1001 -> No Name - {09900DE8-1DCA-443F-9243-26FF581438AF} - No File Toolbar: HKU\S-1-5-21-3102738836-3127478194-571303593-1001 -> Элементы Яндекса - {91397D20-1446-11D4-8AF4-0040CA1127B6} - No File Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-01-08] (Microsoft Corporation) Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-01-08] (Microsoft Corporation) FireFox: ======== FF ProfilePath: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default FF DefaultSearchEngine: Поиск@Mail.Ru FF SelectedSearchEngine: Поиск@Mail.Ru FF Homepage: hxxp://mail.ru/cnt/10445?gp=801004 FF Keyword.URL: hxxp://go.mail.ru/distib/ep/?product_id=%7B37D47F6F-4527-4CAF-BDA2-755F4127B84A%7D&gp=801504 FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_21_0_0_213.dll [2016-04-08] () FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_213.dll [2016-04-08] () FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-10-14] () FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-05-18] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2014-05-18] (Oracle Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-03] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-03] (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2016-02-28] (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-3102738836-3127478194-571303593-1001: @mail.ru/GameCenter -> C:\Users\user\AppData\Local\Mail.Ru\GameCenter\NPDetector.dll [2016-01-23] (LLC Mail.Ru) FF Plugin HKU\S-1-5-21-3102738836-3127478194-571303593-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\user\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-06-08] (Unity Technologies ApS) FF SearchPlugin: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\searchplugins\yandex.ru-220720.xml [2014-10-02] FF Extension: The best games in one place - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\Extensions\playgame@zugaramedia.com.xpi [2014-05-05] [not signed] Chrome: ======= CHR HomePage: Default -> hxxp://www.yandex.ru/?__PARAM__from=chromehp CHR DefaultSearchURL: Default -> hxxp://go.mail.ru/search?q={searchTerms}&fr=xtn11 CHR DefaultSearchKeyword: Default -> mail.ru CHR DefaultSuggestURL: Default -> hxxp://suggests.go.mail.ru/chrome?q={searchTerms} CHR Profile: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Skype) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2016-01-05] CHR Extension: (Платежная система Интернет-магазина Chrome) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-03] CHR Extension: (Визуальные закладки) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pchfckkccldkbclgdepkaonamkignanh [2016-03-29] CHR HKLM-x32\...\Chrome\Extension: [eioddfaepdoeifbhjphfefgipcjcdieo] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [iflppbjnpneiigcbdfjpnkebidmkjmoi] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2015-10-12] CHR HKLM-x32\...\Chrome\Extension: [pchfckkccldkbclgdepkaonamkignanh] - hxxp://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [ppoilmfkbpckodoifdlkmkepcajfjmhl] - hxxps://clients2.google.com/service/update2/crx ==================== Services (Whitelisted) ======================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 2GISUpdateService; C:\Program Files (x86)\2gis\3.0\2GISUpdateService.exe [3772648 2016-02-29] (ООО ДубльГИС) S4 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-10-07] (Apple Inc.) R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1433216 2016-01-08] (Microsoft Corporation) R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1773696 2016-01-08] (Microsoft Corporation) S3 defragsvc; C:\Windows\System32\defragsvc.dll [291328 2009-07-14] (Корпорация Майкрософт) S4 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [244904 2009-12-01] () [File not signed] R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) S3 WPCSvc; C:\Windows\System32\wpcsvc.dll [12288 2009-07-14] (Корпорация Майкрософт) S3 WPCSvc; C:\windows\SysWOW64\wpcsvc.dll [10752 2009-07-14] (Корпорация Майкрософт) S2 GNUNetTooltip.exe; C:\Users\user\AppData\Local\GNUNetTooltip\GNUNetTooltip.exe [X] S3 gusvc; "C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe" [X] ===================== Drivers (Whitelisted) ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-11] (Broadcom Corporation) R0 mountmgr; C:\Windows\System32\drivers\mountmgr.sys [94656 2015-07-16] (Корпорация Майкрософт) S3 rtport; C:\windows\SysWOW64\drivers\rtport.sys [15144 2011-09-26] (Windows (R) 2003 DDK 3790 provider) R2 SGDrv; C:\Windows\System32\DRIVERS\SGdrv64.sys [7680 2011-04-11] (Phoenix Technologies Ltd.) R0 volmgrx; C:\Windows\System32\drivers\volmgrx.sys [363392 2010-11-21] (Корпорация Майкрософт) ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-04-19 09:31 - 2016-04-19 09:32 - 00000000 ____D C:\FRST 2016-04-18 11:10 - 2016-04-19 09:16 - 00000000 ____D C:\Users\user\Desktop\av 2016-04-18 10:12 - 2016-04-18 10:56 - 00192216 _____ (Malwarebytes) C:\windows\system32\Drivers\MBAMSwissArmy.sys 2016-04-18 10:12 - 2016-04-18 10:12 - 00001102 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2016-04-18 10:12 - 2016-04-18 10:12 - 00000000 ____D C:\Users\Все пользователи\Malwarebytes 2016-04-18 10:12 - 2016-04-18 10:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2016-04-18 10:12 - 2016-04-18 10:12 - 00000000 ____D C:\ProgramData\Malwarebytes 2016-04-18 10:12 - 2016-04-18 10:12 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware 2016-04-18 10:12 - 2016-03-10 14:09 - 00064896 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys 2016-04-18 10:12 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\windows\system32\Drivers\mbamchameleon.sys 2016-04-18 10:12 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\windows\system32\Drivers\mbam.sys 2016-04-18 09:50 - 2016-04-18 09:50 - 00000000 ____D C:\Users\Все пользователи\Auslogics 2016-04-18 09:50 - 2016-04-18 09:50 - 00000000 ____D C:\ProgramData\Auslogics 2016-04-18 09:32 - 2016-04-18 16:42 - 00000000 ____D C:\AdwCleaner 2016-04-18 09:30 - 2016-04-18 09:30 - 00000000 ____D C:\Program Files (x86)\AdwCleaner 2016-04-15 17:29 - 2016-04-15 17:29 - 00000000 ____D C:\windows\CheckSur 2016-04-15 08:22 - 2016-04-15 08:22 - 00442624 _____ C:\windows\Minidump\041516-21450-01.dmp 2016-04-14 23:06 - 2016-04-14 23:06 - 00000000 _____ C:\Users\user\AppData\Local\{1BD0598D-7E42-450A-878C-9B3EEE6C3504} 2016-04-14 00:10 - 2016-04-14 00:10 - 00000000 ____D C:\Users\user\Documents\Мои принятые файлы 2016-04-13 20:25 - 2016-04-13 20:25 - 00000000 _____ C:\Users\user\AppData\Local\{89EF57EA-CF32-497F-8F29-946DB29EF7C2} 2016-04-12 20:04 - 2016-04-12 20:04 - 00000000 _____ C:\Users\user\AppData\Local\{3EE20F54-5FA6-4666-A341-B29DE27D15F7} 2016-04-10 20:22 - 2016-04-10 20:22 - 00000000 _____ C:\Users\user\AppData\Local\{51F68CD0-0114-4B86-A379-498E82A5E098} 2016-03-22 18:47 - 2016-03-22 18:47 - 00000000 ____D C:\windows\System32\Tasks\Apple 2016-03-20 10:31 - 2016-03-20 10:39 - 00000000 ____D C:\Users\user\Desktop\витрина ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-04-19 09:29 - 2011-08-24 09:30 - 00725382 _____ C:\windows\system32\perfh019.dat 2016-04-19 09:29 - 2011-08-24 09:30 - 00151408 _____ C:\windows\system32\perfc019.dat 2016-04-19 09:29 - 2009-07-14 12:13 - 01651418 _____ C:\windows\system32\PerfStringBackup.INI 2016-04-19 09:29 - 2009-07-14 10:20 - 00000000 ____D C:\windows\inf 2016-04-19 09:25 - 2013-11-10 19:12 - 00000389 _____ C:\windows\system32\Drivers\etc\hosts.ics 2016-04-19 09:25 - 2009-07-14 12:08 - 00000006 ____H C:\windows\Tasks\SA.DAT 2016-04-19 09:22 - 2009-07-14 11:45 - 00022624 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2016-04-19 09:22 - 2009-07-14 11:45 - 00022624 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2016-04-18 20:20 - 2012-01-15 14:34 - 00001897 _____ C:\Users\Public\Desktop\2ГИС.lnk 2016-04-18 20:20 - 2012-01-15 14:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\2ГИС 2016-04-18 16:59 - 2014-11-13 02:36 - 00000000 ____D C:\Users\user\AppData\Roaming\TeamViewer 2016-04-18 12:41 - 2014-04-30 18:31 - 00000000 ____D C:\Users\user\AppData\Local\Yandex 2016-04-18 11:02 - 2012-01-15 14:38 - 00000000 ____D C:\Users\user\AppData\Local\CrashDumps 2016-04-18 10:44 - 2014-05-05 20:51 - 00000258 __RSH C:\Users\Все пользователи\ntuser.pol 2016-04-18 10:44 - 2014-05-05 20:51 - 00000258 __RSH C:\ProgramData\ntuser.pol 2016-04-18 10:43 - 2009-07-14 10:20 - 00000000 ____D C:\windows\Cursors 2016-04-18 10:37 - 2014-07-08 15:46 - 00609490 _____ C:\windows\ntbtlog.txt 2016-04-17 10:56 - 2012-01-16 15:47 - 00000000 ____D C:\Users\user\AppData\Roaming\SoftGrid Client 2016-04-15 11:30 - 2013-01-26 22:41 - 00000000 ____D C:\Users\user\AppData\Local\Mail.Ru 2016-04-15 11:30 - 2012-01-19 10:23 - 00000000 ____D C:\Program Files (x86)\Mail.Ru 2016-04-15 10:52 - 2009-07-14 10:20 - 00000000 ____D C:\windows\system32\NDF 2016-04-15 08:22 - 2014-09-03 17:03 - 565449272 _____ C:\windows\MEMORY.DMP 2016-04-15 08:22 - 2014-09-03 17:03 - 00000000 ____D C:\windows\Minidump 2016-04-08 15:33 - 2013-01-16 20:39 - 00797376 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe 2016-04-08 15:33 - 2013-01-16 20:39 - 00142528 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl 2016-04-03 19:07 - 2013-11-10 19:18 - 00000000 ____D C:\Users\user\AppData\Local\ElevatedDiagnostics 2016-03-31 18:30 - 2016-03-12 19:02 - 00003072 _____ C:\windows\System32\Tasks\MailRuUpdater 2016-03-25 09:26 - 2015-04-08 09:25 - 00000000 ___SD C:\windows\SysWOW64\GWX 2016-03-25 09:26 - 2015-04-08 09:25 - 00000000 ___SD C:\windows\system32\GWX 2016-03-24 21:34 - 2013-01-16 20:40 - 00003834 _____ C:\windows\System32\Tasks\Adobe Flash Player Updater 2016-03-22 14:49 - 2009-07-14 10:20 - 00000000 ____D C:\windows\rescache 2016-03-20 18:12 - 2016-03-19 18:42 - 00000000 ____D C:\Users\user\Desktop\музыка в машину ==================== Files in the root of some directories ======= 2014-10-02 21:53 - 2014-10-02 21:53 - 0000120 ____H () C:\Program Files (x86)\Software Launcher.bat 2014-11-02 15:57 - 2015-01-01 01:53 - 0000101 _____ () C:\Users\user\AppData\Roaming\WB.CFG 2016-04-14 23:06 - 2016-04-14 23:06 - 0000000 _____ () C:\Users\user\AppData\Local\{1BD0598D-7E42-450A-878C-9B3EEE6C3504} 2016-04-12 20:04 - 2016-04-12 20:04 - 0000000 _____ () C:\Users\user\AppData\Local\{3EE20F54-5FA6-4666-A341-B29DE27D15F7} 2016-04-10 20:22 - 2016-04-10 20:22 - 0000000 _____ () C:\Users\user\AppData\Local\{51F68CD0-0114-4B86-A379-498E82A5E098} 2016-04-13 20:25 - 2016-04-13 20:25 - 0000000 _____ () C:\Users\user\AppData\Local\{89EF57EA-CF32-497F-8F29-946DB29EF7C2} 2011-08-23 20:43 - 2011-08-23 20:44 - 0000109 _____ () C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log 2011-08-23 20:38 - 2011-08-23 20:39 - 0000113 _____ () C:\ProgramData\{34FBC7C4-CD31-4D93-A428-0E524EAC4586}.log 2011-08-23 20:41 - 2011-08-23 20:42 - 0000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log 2011-08-23 20:39 - 2011-08-23 20:41 - 0000106 _____ () C:\ProgramData\{80E158EA-7181-40FE-A701-301CE6BE64AB}.log 2011-08-23 20:42 - 2011-08-23 20:43 - 0000110 _____ () C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log ==================== Bamital & volsnap ================= (There is no automatic fix for files that do not pass verification.) C:\windows\system32\winlogon.exe => File is digitally signed C:\windows\system32\wininit.exe => File is digitally signed C:\windows\SysWOW64\wininit.exe => File is digitally signed C:\windows\explorer.exe => File is digitally signed C:\windows\SysWOW64\explorer.exe => File is digitally signed C:\windows\system32\svchost.exe => File is digitally signed C:\windows\SysWOW64\svchost.exe => File is digitally signed C:\windows\system32\services.exe => File is digitally signed C:\windows\system32\User32.dll => File is digitally signed C:\windows\SysWOW64\User32.dll => File is digitally signed C:\windows\system32\userinit.exe => File is digitally signed C:\windows\SysWOW64\userinit.exe => File is digitally signed C:\windows\system32\rpcss.dll => File is digitally signed C:\windows\system32\dnsapi.dll => File is digitally signed C:\windows\SysWOW64\dnsapi.dll => File is digitally signed C:\windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2016-04-18 13:33 ==================== End of FRST.txt ============================