Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:05-03-2016 01
Ran by пк (administrator) on ПК-ПК (29-03-2016 15:57:10)
Running from C:\Users\пк\Downloads
Loaded Profiles: пк (Available Profiles: пк)
Platform: Windows 7 Ultimate (X64) Language: Русский (Россия)
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Safe Mode (with Networking)
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Desktop.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [CNAP2 Launcher] => C:\Windows\system32\spool\DRIVERS\x64\3\CNAP2LAK.EXE [226784 2010-10-15] (CANON INC.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [594992 2016-01-29] (Oracle Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{3BF745A9-2D3F-45AF-A502-B89C2C34F55A}: [DhcpNameServer] 192.168.0.1

Internet Explorer:
==================
HKU\S-1-5-21-626708744-3105167495-3993900258-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.yandex.ru/?clid=
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\ssv.dll [2016-03-14] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\jp2ssv.dll [2016-03-14] (Oracle Corporation)
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2009-07-14] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2009-07-14] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2009-07-14] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2009-07-14] (Microsoft Corporation)

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_21_0_0_197.dll [2016-03-24] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_197.dll [2016-03-24] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.73.2 -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\dtplugin\npDeployJava1.dll [2016-03-14] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.73.2 -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\plugin2\npjp2.dll [2016-03-14] (Oracle Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-10] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-10] (Google Inc.)
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi [2016-03-21] [not signed]

Chrome: 
=======
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.87\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.87\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.87\pdf.dll => No File
CHR Profile: C:\Users\пк\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (YouTube) - C:\Users\пк\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-12-14]
CHR Extension: (Google Search) - C:\Users\пк\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-12-14]
CHR Extension: (Платежная система Интернет-магазина Chrome) - C:\Users\пк\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-12-14]
CHR Extension: (Gmail) - C:\Users\пк\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-12-14]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AvgAMPS; C:\Program Files (x86)\AVG\Av\avgamps.exe [615584 2015-12-09] (AVG Technologies CZ, s.r.o.)
S2 avgfws; C:\Program Files (x86)\AVG\Av\avgfws.exe [1587128 2015-12-09] (AVG Technologies CZ, s.r.o.)
S2 AVGIDSAgent; C:\Program Files (x86)\AVG\Av\avgidsagent.exe [3857272 2015-12-09] (AVG Technologies CZ, s.r.o.)
S2 avgsvc; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [1045928 2016-02-18] (AVG Technologies CZ, s.r.o.)
S2 avgwd; C:\Program Files (x86)\AVG\Av\avgwdsvcx.exe [579776 2015-12-09] (AVG Technologies CZ, s.r.o.)
S3 defragsvc; C:\Windows\System32\defragsvc.dll [291328 2009-07-14] (Корпорация Майкрософт)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.292\McCHSvc.exe [293128 2016-02-05] (McAfee, Inc.)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [6942480 2016-03-03] (TeamViewer GmbH)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)
S3 WPCSvc; C:\Windows\System32\wpcsvc.dll [12288 2009-07-14] (Корпорация Майкрософт)
S3 WPCSvc; C:\Windows\SysWOW64\wpcsvc.dll [10752 2009-07-14] (Корпорация Майкрософт)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [184240 2015-11-06] (AVG Technologies CZ, s.r.o.)
R1 Avgfwfd; C:\Windows\System32\DRIVERS\avgfwd6a.sys [97208 2015-08-29] (AVG Technologies CZ, s.r.o.)
S1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [313776 2015-11-06] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [298416 2015-08-20] (AVG Technologies CZ, s.r.o.)
S1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [284080 2015-10-21] (AVG Technologies CZ, s.r.o.)
S0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [398256 2015-08-14] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [256432 2015-11-06] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [42416 2015-08-10] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [302000 2015-10-08] (AVG Technologies CZ, s.r.o.)
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-11] (Broadcom Corporation)
R0 mountmgr; C:\Windows\System32\drivers\mountmgr.sys [94784 2009-07-14] (Корпорация Майкрософт)
R3 R5BaseSmc; C:\Windows\System32\DRIVERS\smccard.sys [23592 2015-12-14] (OEM)
S3 usbscan; C:\Windows\SysWOW64\DRIVERS\usbscan.sys [8944 2016-02-15] (Microsoft Corporation) [File not signed]
R0 volmgrx; C:\Windows\System32\drivers\volmgrx.sys [363584 2009-07-14] (Корпорация Майкрософт)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-03-29 15:56 - 2016-03-29 15:57 - 00008709 _____ C:\Users\пк\Downloads\FRST.txt
2016-03-29 15:55 - 2016-03-29 15:57 - 00000000 ____D C:\FRST
2016-03-29 15:42 - 2016-03-29 15:42 - 00000000 ____D C:\Windows\pss
2016-03-29 15:24 - 2016-03-29 15:24 - 00000020 ___SH C:\Users\пк\ntuser.ini
2016-03-29 15:10 - 2016-03-29 15:10 - 00002712 _____ C:\Users\пк\Desktop\README9.txt
2016-03-29 15:10 - 2016-03-29 15:10 - 00002712 _____ C:\Users\пк\Desktop\README8.txt
2016-03-29 15:10 - 2016-03-29 15:10 - 00002712 _____ C:\Users\пк\Desktop\README7.txt
2016-03-29 15:10 - 2016-03-29 15:10 - 00002712 _____ C:\Users\пк\Desktop\README6.txt
2016-03-29 15:10 - 2016-03-29 15:10 - 00002712 _____ C:\Users\пк\Desktop\README5.txt
2016-03-29 15:10 - 2016-03-29 15:10 - 00002712 _____ C:\Users\пк\Desktop\README4.txt
2016-03-29 15:10 - 2016-03-29 15:10 - 00002712 _____ C:\Users\пк\Desktop\README3.txt
2016-03-29 15:10 - 2016-03-29 15:10 - 00002712 _____ C:\Users\пк\Desktop\README2.txt
2016-03-29 15:10 - 2016-03-29 15:10 - 00002712 _____ C:\Users\пк\Desktop\README10.txt
2016-03-29 15:10 - 2016-03-29 15:10 - 00002712 _____ C:\Users\пк\Desktop\README1.txt
2016-03-29 15:10 - 2016-03-29 15:10 - 00002712 _____ C:\Users\Public\Desktop\README9.txt
2016-03-29 15:10 - 2016-03-29 15:10 - 00002712 _____ C:\Users\Public\Desktop\README8.txt
2016-03-29 15:10 - 2016-03-29 15:10 - 00002712 _____ C:\Users\Public\Desktop\README7.txt
2016-03-29 15:10 - 2016-03-29 15:10 - 00002712 _____ C:\Users\Public\Desktop\README6.txt
2016-03-29 15:10 - 2016-03-29 15:10 - 00002712 _____ C:\Users\Public\Desktop\README5.txt
2016-03-29 15:10 - 2016-03-29 15:10 - 00002712 _____ C:\Users\Public\Desktop\README4.txt
2016-03-29 15:10 - 2016-03-29 15:10 - 00002712 _____ C:\Users\Public\Desktop\README3.txt
2016-03-29 15:10 - 2016-03-29 15:10 - 00002712 _____ C:\Users\Public\Desktop\README2.txt
2016-03-29 15:10 - 2016-03-29 15:10 - 00002712 _____ C:\Users\Public\Desktop\README10.txt
2016-03-29 15:10 - 2016-03-29 15:10 - 00002712 _____ C:\Users\Public\Desktop\README1.txt
2016-03-29 14:55 - 2016-03-29 14:55 - 00002712 _____ C:\README9.txt
2016-03-29 14:55 - 2016-03-29 14:55 - 00002712 _____ C:\README8.txt
2016-03-29 14:55 - 2016-03-29 14:55 - 00002712 _____ C:\README7.txt
2016-03-29 14:55 - 2016-03-29 14:55 - 00002712 _____ C:\README6.txt
2016-03-29 14:55 - 2016-03-29 14:55 - 00002712 _____ C:\README5.txt
2016-03-29 14:55 - 2016-03-29 14:55 - 00002712 _____ C:\README4.txt
2016-03-29 14:55 - 2016-03-29 14:55 - 00002712 _____ C:\README3.txt
2016-03-29 14:55 - 2016-03-29 14:55 - 00002712 _____ C:\README2.txt
2016-03-29 14:55 - 2016-03-29 14:55 - 00002712 _____ C:\README10.txt
2016-03-29 14:55 - 2016-03-29 14:55 - 00002712 _____ C:\README1.txt
2016-03-29 14:35 - 2016-03-29 15:54 - 00000000 ____D C:\Users\пк\Doctor Web
2016-03-29 14:22 - 2016-03-29 14:23 - 02374144 _____ (Farbar) C:\Users\пк\Downloads\FRST64.exe
2016-03-29 14:10 - 2016-03-29 14:27 - 186460040 _____ C:\Users\пк\Downloads\cureit.exe
2016-03-29 14:00 - 2016-03-29 14:58 - 00000000 ____D C:\Users\пк\AppData\Roaming\DriverCure
2016-03-29 14:00 - 2016-03-29 14:00 - 00000000 ____D C:\Users\пк\AppData\Roaming\ParetoLogic
2016-03-29 13:59 - 2016-03-29 14:50 - 00000462 _____ C:\Windows\Tasks\ParetoLogic Registration3.job
2016-03-29 13:59 - 2016-03-29 14:00 - 05964208 _____ (ParetoLogic Inc.) C:\Users\пк\Downloads\ParetoLogic PC Health Advisor.exe
2016-03-29 13:59 - 2016-03-29 13:59 - 00003120 _____ C:\Windows\System32\Tasks\ParetoLogic Registration3
2016-03-29 13:58 - 2016-03-29 14:55 - 00000488 _____ C:\Windows\Tasks\ParetoLogic Update Version3 Startup Task.job
2016-03-29 13:58 - 2016-03-29 14:50 - 00000436 _____ C:\Windows\Tasks\ParetoLogic Update Version3.job
2016-03-29 13:58 - 2016-03-29 14:11 - 00000000 ____D C:\Users\Все пользователи\ParetoLogic
2016-03-29 13:58 - 2016-03-29 14:11 - 00000000 ____D C:\ProgramData\ParetoLogic
2016-03-29 13:58 - 2016-03-29 13:58 - 00003240 _____ C:\Windows\System32\Tasks\ParetoLogic Update Version3
2016-03-29 13:58 - 2016-03-29 13:58 - 00002908 _____ C:\Windows\System32\Tasks\ParetoLogic Update Version3 Startup Task
2016-03-29 13:56 - 2016-03-29 13:57 - 02936816 _____ (ParetoLogic) C:\Users\пк\Downloads\Pareto_DR_Setup_RW.exe
2016-03-29 13:46 - 2016-03-29 13:46 - 00000000 ____D C:\Users\Все пользователи\Kaspersky Lab Setup Files
2016-03-29 13:46 - 2016-03-29 13:46 - 00000000 ____D C:\ProgramData\Kaspersky Lab Setup Files
2016-03-29 13:45 - 2016-03-29 13:45 - 02623496 _____ (Лаборатория Касперского) C:\Users\пк\Downloads\kss16.0.0.1344mlg_10022.exe
2016-03-29 13:39 - 2016-03-29 14:58 - 00000000 ____D C:\Users\пк\Desktop\123
2016-03-29 13:38 - 2016-03-29 15:10 - 00003504 _____ C:\xRp6Uu5e5Kb1liMNV10lrn6ec+OJmSmYsURTmhqzi95BMywNUx9c8fe6SlVDl+AEKUHSQh03R7iVozqjoNRKCRWZY4w7VdZSyVEiKtpzXHxCAxK8Uu9oTTz8G0lfnSaftvtcDp5Kr2p8rSWVUMZEAg==.D8F382FE2984EA035623.better_call_saul
2016-03-29 13:37 - 2016-03-29 14:59 - 00065136 _____ C:\Users\пк\AppData\Local\aqSZsaH0w4f6I48rNm5+vC-HQHc7P+lF2xyx5cacZr10-3CF4JQmEfVPnTUICAA0.D8F382FE2984EA035623.better_call_saul
2016-03-29 13:37 - 2016-03-29 13:38 - 02447392 _____ (Kaspersky Lab ZAO) C:\Users\пк\Downloads\rakhnidecryptor.exe
2016-03-29 13:25 - 2016-03-29 14:58 - 00000000 ____D C:\Users\пк\AppData\Roaming\TeamViewer
2016-03-29 13:25 - 2016-03-29 13:42 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2016-03-29 13:25 - 2016-03-29 13:25 - 00001044 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 11.lnk
2016-03-29 13:25 - 2016-03-29 13:25 - 00001032 _____ C:\Users\Public\Desktop\TeamViewer 11.lnk
2016-03-29 13:23 - 2016-03-29 13:24 - 09789648 _____ (TeamViewer GmbH) C:\Users\пк\Downloads\TeamViewer_Setup_ru-iqs.exe
2016-03-29 11:54 - 2016-03-29 14:58 - 00014032 _____ C:\Users\пк\Desktop\o-faeRxPmKk+0dh4HJkxNXbmxuTznzdb6NXrn-KwU9U=.D8F382FE2984EA035623.better_call_saul
2016-03-29 10:57 - 2016-03-29 14:59 - 00063360 _____ C:\Users\пк\Downloads\lV3WZRI7y-J0hJE7vBe4nEJsrcPtACBKnp6KkLK6dnYsnzMDujWcf7Ag7z-BXrytpfruBIXtELYMkDeIpgEzJKplnhcKAv+G7rpLwTb9HXjcNl6--984Y2v2GQN1t-iy.D8F382FE2984EA035623.better_call_saul
2016-03-28 13:54 - 2016-03-29 14:59 - 01107520 ____H C:\Users\пк\AppData\Local\EoGbGgKbWPJBI14MC7MbvJTp2Qh9QYC3mNlmFRPML3w=.D8F382FE2984EA035623.better_call_saul
2016-03-28 13:53 - 2016-03-28 13:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spu_orb
2016-03-28 13:42 - 2016-03-29 14:59 - 00000416 ___SH C:\Users\пк\zOsO0kdZ-+ViwN4NbC4RpRL7SGi7nJOLAjzZJEro6no=.D8F382FE2984EA035623.better_call_saul
2016-03-28 12:22 - 2016-03-29 15:54 - 00000000 ____D C:\Users\пк\AppData\Local\YVRPack
2016-03-28 12:21 - 2016-03-29 14:58 - 03932608 _____ C:\Users\пк\AppData\Roaming\G4mky10RsOcfgJdXt-t6I-4DlPS6VNFrQtU7HyBQDc6BFcDBrzve13mFYbYYb+nu.D8F382FE2984EA035623.better_call_saul
2016-03-28 12:21 - 2016-03-29 14:58 - 00003104 _____ C:\Users\пк\Desktop\xe9hOvjC20GLKrk2yq3WGArF8h83SdaZ-Q-zXF3G+gE=.D8F382FE2984EA035623.better_call_saul
2016-03-28 12:21 - 2016-03-29 14:58 - 00003104 _____ C:\Users\пк\Desktop\SA778Mwj3agfYBW21aBqWu8kaLpj9zjZkWsGFGpDzxs=.D8F382FE2984EA035623.better_call_saul
2016-03-28 12:21 - 2016-03-29 14:58 - 00003104 _____ C:\Users\пк\Desktop\qz-Qkzu+xoedVufAgmL+oN5BbMCzHVq966zHs8seGWk=.D8F382FE2984EA035623.better_call_saul
2016-03-28 12:21 - 2016-03-29 14:58 - 00003104 _____ C:\Users\пк\Desktop\-QnIEwASOaZb13XCcNcoE77K5S+wbRv1oCZVqV19sas=.D8F382FE2984EA035623.better_call_saul
2016-03-28 12:21 - 2016-03-29 14:58 - 00003104 _____ C:\Users\пк\Desktop\KWPtzIwrr+dFwqFRDH6GUSuK55QW-VR38Lp9agK0z0Y=.D8F382FE2984EA035623.better_call_saul
2016-03-28 12:21 - 2016-03-29 14:58 - 00003104 _____ C:\Users\пк\Desktop\kSZFLcjdCnVH8-UFjoDjioHUbLTWsnVDudn7HsYuSoM=.D8F382FE2984EA035623.better_call_saul
2016-03-28 12:21 - 2016-03-29 14:58 - 00003104 _____ C:\Users\пк\Desktop\ISzGOPcOcUor8CMXq7ltU8YldWEF1vBczWTFe5AmuFA=.D8F382FE2984EA035623.better_call_saul
2016-03-28 12:21 - 2016-03-29 14:58 - 00003104 _____ C:\Users\пк\Desktop\iFn2Zz20rcj4yWoU1vU69dk5tTZRjLdHf5Cm+BwQRYI=.D8F382FE2984EA035623.better_call_saul
2016-03-28 12:21 - 2016-03-29 14:58 - 00003104 _____ C:\Users\пк\Desktop\3TZnZLH0hDarY33r+eKtXj7Ru+-ZwvA813M2Q2W4GSY=.D8F382FE2984EA035623.better_call_saul
2016-03-28 11:50 - 2016-03-28 12:04 - 00673952 _____ C:\Users\пк\Downloads\bNvRH3uzyX3A0pHFlwdMU68JBfbIG9XxGqyNXty-UvqKoQ4iIPynKz45tODJ0DmQ.D8F382FE2984EA035623.better_call_saul
2016-03-28 11:50 - 2016-03-28 12:04 - 00622832 _____ C:\Users\пк\Downloads\h6XtsgfVI6ASEzTxwh0eHX0vS5UgMEUcql9ykXaRtncNL-yoF1tEHdum-zmSJtUB.D8F382FE2984EA035623.better_call_saul
2016-03-28 11:36 - 2016-03-29 15:54 - 00000000 __SHD C:\Users\Все пользователи\Windows
2016-03-28 11:36 - 2016-03-29 15:54 - 00000000 __SHD C:\ProgramData\Windows
2016-03-28 11:35 - 2016-03-28 12:04 - 00003904 _____ C:\Users\пк\Downloads\6JUt0BU+-eN6svrN2SDignEvYl08uEGOq+gK9kZqfGT7fuPaf1-VYgtAv4YNWwfJ.D8F382FE2984EA035623.better_call_saul
2016-03-28 11:04 - 2016-03-28 11:05 - 29727656 _____ (Oracle Corporation) C:\Users\пк\Downloads\jre-8u25-windows-i586.exe
2016-03-27 05:23 - 2016-03-27 05:23 - 00050464 _____ C:\Users\пк\AppData\Roaming\Vincennes
2016-03-27 05:23 - 2016-03-27 05:23 - 00001571 _____ C:\Users\пк\AppData\Roaming\TeazelUniqueTripCousinship
2016-03-26 12:48 - 2016-03-26 12:48 - 00064512 _____ (PC-Doctor, Inc.) C:\Users\пк\AppData\Roaming\urd.dll
2016-03-23 13:19 - 2016-03-23 13:19 - 00000000 ____D C:\Windows\system32\appmgmt
2016-03-21 14:39 - 2016-03-28 12:04 - 00078176 _____ C:\Users\пк\Downloads\UZ71Gty73CcVYGrENe6kuKfZEkjz4wzQdhRxuOlFcGaiv5OnKTcm9jNnID4ula-J.D8F382FE2984EA035623.better_call_saul
2016-03-17 11:52 - 2016-03-28 12:05 - 00152912 _____ C:\Users\пк\Downloads\rd9V8Tt1V9wQOUutpYDcd1phkPH15E1gPcSAQwWWQg4+cv0NSWUSsua3TYxkNn7c.D8F382FE2984EA035623.better_call_saul
2016-03-15 12:15 - 2016-03-28 12:05 - 00308464 _____ C:\Users\пк\Downloads\R1innpRbInrZeulC2qTI5JN8zicGVTrSfRjiwbt3pu9JyfBZiWj+OyaKHB5kNlLj.D8F382FE2984EA035623.better_call_saul
2016-03-14 11:49 - 2016-03-14 11:49 - 00000000 ____D C:\Users\пк\AppData\Roaming\Sun
2016-03-14 11:49 - 2016-03-14 11:49 - 00000000 ____D C:\Users\пк\.oracle_jre_usage
2016-03-14 11:46 - 2016-03-14 11:47 - 00735328 _____ (Oracle Corporation) C:\Users\пк\Downloads\jxpiinstall.exe
2016-03-14 11:45 - 2016-03-28 12:04 - 01011440 _____ C:\Users\пк\Downloads\HWyl4ntHaOdPvv6fuJWqcGj2yVOyshE1oynHCfSVSTg=.D8F382FE2984EA035623.better_call_saul
2016-03-14 11:45 - 2016-03-28 12:04 - 00280528 _____ C:\Users\пк\Downloads\YWkt4tESCjokXEEsu5LMXCp3QiRn1ITbuwSiimK+FWVX8tplJutbmitcNiEYQm9u.D8F382FE2984EA035623.better_call_saul
2016-03-14 11:24 - 2016-03-14 11:35 - 00242432 _____ C:\Users\пк\Downloads\Firefox Setup Stub 45.0.exe
2016-03-14 11:06 - 2016-03-14 11:06 - 00000000 ____D C:\Windows\System32\Tasks\AVAST Software
2016-03-14 11:05 - 2016-03-14 11:05 - 00478128 _____ (AVAST Software) C:\Windows\system32\Drivers\aswNdisFlt.sys
2016-03-14 11:01 - 2016-03-14 12:16 - 00000000 ____D C:\Users\Все пользователи\AVAST Software
2016-03-14 11:01 - 2016-03-14 12:16 - 00000000 ____D C:\ProgramData\AVAST Software
2016-03-14 11:01 - 2016-03-14 12:16 - 00000000 ____D C:\Program Files\AVAST Software
2016-03-14 11:00 - 2016-03-14 11:01 - 05178000 _____ (AVAST Software) C:\Users\пк\Downloads\avast_internet_security_setup_online.exe
2016-03-11 12:45 - 2016-03-28 12:05 - 00062080 _____ C:\Users\пк\Downloads\Jb2o9UoWul52M2mwBQi9zMi2kkGm7sqso0II6vYwBXwjRAAQqAhdognAPfni0OnM.D8F382FE2984EA035623.better_call_saul
2016-03-11 12:41 - 2016-03-28 12:06 - 00003696 _____ C:\Users\пк\Desktop\HyuZftIFTVCppuavUoJlZef7RIZ4hYKYw93rJMavWrOO-TlCsHR45ho5A3zNIl2C.D8F382FE2984EA035623.better_call_saul
2016-03-11 12:40 - 2016-03-28 12:04 - 00036112 _____ C:\Users\пк\Downloads\iJytYQcN3GHSeMkBjUXd8dJhU0T++Xl2mCNONgwP0sw=.D8F382FE2984EA035623.better_call_saul
2016-03-09 11:30 - 2016-03-28 12:04 - 06880992 _____ C:\Users\пк\Downloads\1C-4WG6Z7lSD3KnrA1GZMA==.D8F382FE2984EA035623.better_call_saul
2016-03-02 12:18 - 2016-03-28 12:04 - 00030688 _____ C:\Users\пк\Downloads\6V9xz-q5k-s+wbIWhXSacC1pSl-J+nHYki4LTkJYNUAxC3LfhsyUGzBveTMFJbvnc6jIl3FBfitGgnIr9gvbpVnMi8C8Dy0p0E14Tp0LKb5vy0xk7NVyNCyYn8NXBn5zwIgTpcS1rUz0E9dlMSlAKw==.D8F382FE2984EA035623.better_call_saul
2016-03-02 12:17 - 2016-03-28 12:04 - 00050480 _____ C:\Users\пк\Downloads\uf2nld1j8mmiNipu+A7xqQ==.D8F382FE2984EA035623.better_call_saul
2016-03-02 12:15 - 2016-03-28 12:05 - 00024880 _____ C:\Users\пк\Downloads\gzLQG+LZzQRffJt9BW1i1nU9JXakfHcg2hTD3pT5iHs=.D8F382FE2984EA035623.better_call_saul
2016-03-02 11:54 - 2016-03-28 12:05 - 06213024 _____ C:\Users\пк\Downloads\bhpYlNf9NnS+nhLeztd28I15o7yIGk7eVslAH7nQodo=.D8F382FE2984EA035623.better_call_saul
2016-03-02 11:21 - 2016-03-28 12:04 - 11590704 _____ C:\Users\пк\Downloads\OXmI14trJlXbQxGb5Gc5eEjptSz5h2Vz7ARF0HLYBhU=.D8F382FE2984EA035623.better_call_saul
2016-03-01 13:18 - 2016-03-28 12:04 - 00073600 _____ C:\Users\пк\Downloads\04nUAXThlnnWGUHMVLDvjgkhSIuJo28nHbC3-dPJMyA=.D8F382FE2984EA035623.better_call_saul
2016-02-29 11:19 - 2016-03-28 12:04 - 10412912 _____ C:\Users\пк\Downloads\3IDlAc2d+bU+0e060XBGvGnykT6cn4A3SjXHGL6oh9IeWQ0iQ0H5OMdL0AfC0QRm.D8F382FE2984EA035623.better_call_saul

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-03-29 15:28 - 2015-12-11 23:51 - 00000000 ____D C:\Users\пк
2016-03-29 15:10 - 2016-02-12 12:06 - 00000000 ____D C:\Program Files\Налогоплательщик ЮЛ
2016-03-29 15:10 - 2015-12-14 11:25 - 00000000 ____D C:\Program Files\7-Zip
2016-03-29 15:10 - 2015-12-12 01:31 - 00008576 ___SH C:\Hc5zT1jzTtkKhLFM-6MwLeYyURPPBQ4ocj2IX4ILysI=.D8F382FE2984EA035623.better_call_saul
2016-03-29 15:10 - 2015-12-12 01:31 - 00000592 ____H C:\8a7jQi5ZaR8cwceRGUM9ew==.D8F382FE2984EA035623.better_call_saul
2016-03-29 15:10 - 2015-04-23 10:11 - 00000448 _____ C:\H+OTUkxiPhnc0FzGxkVYCSDdrwkQtn1XZvnTd6gmjWU=.D8F382FE2984EA035623.better_call_saul
2016-03-29 15:10 - 2009-07-14 11:32 - 00000000 ____D C:\Program Files\Windows Sidebar
2016-03-29 15:10 - 2008-04-15 19:00 - 00005344 ___SH C:\osTdZPqdyGmhzJeRtmEnJTV18K2gyLPS6tdr5BJWK1w=.D8F382FE2984EA035623.better_call_saul
2016-03-29 15:00 - 2009-07-14 21:09 - 00001408 ____H C:\Users\Default\KfmdnnEZezcuBSW5GxiPzx59dyxPGBhLj9kTYZbdm9Q=.D8F382FE2984EA035623.better_call_saul
2016-03-29 15:00 - 2009-07-14 08:34 - 00262528 ___SH C:\Users\Default\-Gc-JnP2+SayYh32VqxXUWAUdTYI8yz1D-M0QXhkHSU=.D8F382FE2984EA035623.better_call_saul
2016-03-29 14:59 - 2015-12-15 13:18 - 00000896 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-03-29 14:59 - 2015-12-15 13:18 - 00000000 ____D C:\Users\Все пользователи\McAfee Security Scan
2016-03-29 14:59 - 2015-12-15 13:18 - 00000000 ____D C:\ProgramData\McAfee Security Scan
2016-03-29 14:59 - 2015-12-14 11:58 - 00000000 ____D C:\Users\Все пользователи\MFAData
2016-03-29 14:59 - 2015-12-14 11:58 - 00000000 ____D C:\ProgramData\MFAData
2016-03-29 14:59 - 2009-07-14 11:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2016-03-29 14:58 - 2009-07-14 10:45 - 00016944 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-03-29 14:58 - 2009-07-14 10:45 - 00016944 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-03-29 14:57 - 2009-07-14 21:18 - 00721772 _____ C:\Windows\system32\perfh019.dat
2016-03-29 14:57 - 2009-07-14 21:18 - 00148824 _____ C:\Windows\system32\perfc019.dat
2016-03-29 14:57 - 2009-07-14 11:13 - 01640642 _____ C:\Windows\system32\PerfStringBackup.INI
2016-03-29 14:57 - 2009-07-14 09:20 - 00000000 ____D C:\Windows\inf
2016-03-29 14:54 - 2015-12-12 00:00 - 00000966 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-03-29 14:50 - 2009-07-14 11:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-03-29 14:50 - 2009-07-14 10:45 - 00305600 _____ C:\Windows\system32\FNTCACHE.DAT
2016-03-29 14:43 - 2015-12-12 00:00 - 00000970 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-03-29 13:02 - 2015-12-14 11:36 - 00001990 _____ C:\Users\пк\.iBank2
2016-03-29 11:31 - 2015-12-14 12:41 - 00000000 ____D C:\Users\пк\Desktop\Всё со стола
2016-03-28 13:48 - 2015-12-12 00:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2016-03-28 13:48 - 2015-12-11 23:59 - 00000000 ____D C:\Users\Все пользователи\Microsoft Help
2016-03-28 12:21 - 2015-12-11 23:51 - 00000000 ____D C:\Users\пк\AppData\Local\VirtualStore
2016-03-28 12:11 - 2015-12-15 11:28 - 00000000 ____D C:\Users\Все пользователи\AMMYY
2016-03-28 12:11 - 2015-12-15 11:28 - 00000000 ____D C:\ProgramData\AMMYY
2016-03-28 12:11 - 2015-12-14 11:55 - 00000000 ____D C:\Users\пк\AppData\Local\AvgSetupLog
2016-03-28 12:11 - 2015-12-12 09:17 - 00065136 _____ C:\Users\пк\AppData\Local\75IxIw2J0ivShnKJQjLhgFVPGdRzyG2GDJLSm-pSXq3ujWqL8FuR4RTwCUG8jIIp.D8F382FE2984EA035623.better_call_saul
2016-03-28 12:11 - 2015-12-12 00:12 - 02484160 ____H C:\Users\пк\AppData\Local\OSATsuBI1eFJkzgbo+xGIz-QYCCWQ35jza6qP4LTg6M=.D8F382FE2984EA035623.better_call_saul
2016-03-28 12:11 - 2015-12-11 23:51 - 00000416 ___SH C:\Users\пк\4tfWI5ni0idGmcHfTR0iAWOLR4AHnZWdbJLPyaZhtFk=.D8F382FE2984EA035623.better_call_saul
2016-03-28 12:06 - 2016-02-10 12:11 - 00030592 _____ C:\Users\пк\Desktop\9TsxSv6u4c9VzD1nIrsN+2mwOwGH1w6ujjYkUDB94dhz5VkX5PXNlzh4fg8HJp3g.D8F382FE2984EA035623.better_call_saul
2016-03-28 12:06 - 2016-02-09 16:32 - 00012896 _____ C:\Users\пк\Desktop\lGrERy3xy4lssoUWJ7EQCM7SrD9cLNm4vZE-uIL5G-2GesmDiMIhVf8FpESig-M9H-6B-yPWhwPdDt-wExqrZQ==.D8F382FE2984EA035623.better_call_saul
2016-03-28 12:06 - 2016-02-05 12:25 - 00017520 _____ C:\Users\пк\Desktop\kDooJz6Lhk5-s27SOl4xTBTVDSrECEgmqw8DrsRaQjM=.D8F382FE2984EA035623.better_call_saul
2016-03-28 12:06 - 2016-01-11 12:59 - 00017936 _____ C:\Users\пк\Desktop\P-Q3h54jXw6M0Y169sxaA47QwrTHCmuFP1WahZTrxLPmMVdELLew+Ki12qPmpdT5.D8F382FE2984EA035623.better_call_saul
2016-03-28 12:06 - 2015-12-24 12:17 - 00000560 ____H C:\Users\пк\Desktop\EFFdRzVIN9tjKlRE1F5lxbDxJuSVTZ0lnGy59jp6+P4UmFG3KxUvLgubirS8zwpFggeYi9nqcScdO4IG-Pb7Fw==.D8F382FE2984EA035623.better_call_saul
2016-03-28 12:06 - 2015-12-22 14:34 - 00000560 ____H C:\Users\пк\Desktop\Koxo7bmjMWDBsjvwggYfDqPW1+Q6MO6PXrHQhF49R6g=.D8F382FE2984EA035623.better_call_saul
2016-03-28 12:05 - 2016-02-19 12:15 - 00000000 ____D C:\Users\пк\Desktop\выгрузка
2016-03-28 12:05 - 2016-01-29 11:31 - 00000000 ____D C:\Users\пк\Desktop\Киселев
2016-03-28 12:05 - 2015-12-14 12:48 - 00000000 ____D C:\Users\пк\Desktop\рабочие документы
2016-03-28 12:05 - 2015-12-14 12:42 - 00000000 ____D C:\Users\пк\Desktop\Олеся1
2016-03-28 12:04 - 2016-02-26 11:01 - 00010912 _____ C:\Users\пк\Downloads\6fDMFRAlIKBnFFPD4hAE6OzZNf5bmvQ7yWpiixLYFPA=.D8F382FE2984EA035623.better_call_saul
2016-03-28 12:04 - 2016-02-24 16:53 - 01000448 _____ C:\Users\пк\Downloads\zwlEW6lfDMCaQtehX8HzYh0ep5btmlu-20Gb39K6B282Q4W7XHRmIvkvnahbdJnbHhUs1DLPKa8KUFNv0ADZ7A==.D8F382FE2984EA035623.better_call_saul
2016-03-28 12:04 - 2016-02-24 16:52 - 00104384 _____ C:\Users\пк\Downloads\tDk0ILvShYFAp67H2XUtBQMV7RzXGNcvvxFYSZaHLmhjy9-I1W-NhTXWls6rh1ezqdDB5KR-WcfkQlVY7cWAvzPiawZtZZ8Zap0Xl7KSQ9HkfJIKguj5AF7IKt4Q83ui.D8F382FE2984EA035623.better_call_saul
2016-03-28 12:04 - 2016-02-24 16:39 - 00104384 _____ C:\Users\пк\Downloads\kc7mbdIc+rfmxdsiNiHg0gUQzKXSKQbNno9FksG68Yz4dBFrRzDnhChG6N3enyWFwQLm5IcY2gp66MXQcGQk83Uo-DKHpi5c8LguURQif6BtmGN0wF-jce8NteN7kh6J.D8F382FE2984EA035623.better_call_saul
2016-03-28 12:04 - 2016-02-24 16:38 - 01544272 _____ C:\Users\пк\Downloads\svami-brakhmachari-istselyayuschaya-sila-mudr-zdorove-na-konchikakh-paltsev.fb2.zip.los_pollos
2016-03-28 12:04 - 2016-02-24 16:38 - 00566096 _____ C:\Users\пк\Downloads\tatyana-ignateva-lechebnaya-yoga-50-luchshikh-dykhatelnykh-uprazhneniy-i-asan.fb2.zip.los_pollos
2016-03-28 12:04 - 2016-02-24 16:36 - 08918080 _____ C:\Users\пк\Downloads\galina-kizima-chto-i-kogda-sazhat-zaschischat-i-udobryat-kalendar-sadovoda-do-2019-goda.fb2.zip.los_pollos
2016-03-28 12:04 - 2016-02-24 16:35 - 05368224 _____ C:\Users\пк\Downloads\+4g3ikfMPsw+gaf2vCw6q7ZmnaAFLSGjJPKjxTmer6XhMk7tywztPe83zk7xOKkv7Zl3Ab0fj0vp6SzLph0WQjf17KCM-Tx5D4Ayjb5RAFKyY+vRl0G1YtslBojv2cRfOqyb0wdUaBlDTJE2G7-8bAFI4a0UDQg62VvTsvQzh08=.D8F382FE2984EA035623.better_call_saul
2016-03-28 12:04 - 2016-02-24 16:33 - 00272992 _____ C:\Users\пк\Downloads\9iovhfgME4fGSI2qHK-pQknB6IgwaAqsu3r4ywsnO3SyVFPGPmCZLL7uze4dHqFfruFE43WlXs3gEvrqErQ9VxcD6EWXgzAoGRpCeEV1lk27pcxW0Ysf9zHOcKd9LCHEvN1Or2lYHR6w4Oi11w1Tqg==.D8F382FE2984EA035623.better_call_saul
2016-03-28 12:04 - 2016-02-24 16:32 - 01028672 _____ C:\Users\пк\Downloads\tatyana-borsch-samyy-polnyy-kalendar-na-2016-god-astrologicheskiy-lunnyy-posevnoy.fb2.zip.los_pollos
2016-03-28 12:04 - 2016-02-24 16:31 - 01386544 _____ C:\Users\пк\Downloads\76XskPadnASJbFc+Jt+t0z+l3FU35d8btpCB6h20pDdTSviV5BPa3QBKZUsnt3fnNKztahPVV9kZg17PV1yfZR4sPmNqbhvEaUgnGgUz+Rnx4WYe-i8BBBtGPQ03JNEZZWJnYvPbBzFQIZZ-4uB4Cw==.D8F382FE2984EA035623.better_call_saul
2016-03-28 12:04 - 2016-02-24 16:12 - 00632608 _____ C:\Users\пк\Downloads\zk-qnfo4PoaAb4LcroIrIrT-erTQRMDchhekFkSMh8DmYPiqIjhfZ3Ik701nBsr-HcetV2aKaYDT9ZmsDzzQbosHV0MeoQRPzsEH1JYswPma1W17y4EqJjJXhpF-8Z9-uatz4byoAdG5X5sakyIT5yHuleCKykBNhAfP2yN+epGZxoCZFNvCSIAdheZPbdsh.D8F382FE2984EA035623.better_call_saul
2016-03-28 12:04 - 2016-02-24 16:12 - 00197248 _____ C:\Users\пк\Downloads\3cKoUnZO6nayB6GrQNSAhB6DvL-zmeQ8CGssGYWV-xH3Ed87p03afFM6mRzNGkjqE1EF0BEoCbIi434FwcIzN3jAoq5al7RvjvvAA1b7xBUDAjrjfYd+cUnEK1DKb-P6.D8F382FE2984EA035623.better_call_saul
2016-03-28 12:04 - 2016-02-24 16:10 - 00336480 _____ C:\Users\пк\Downloads\Kl5CPy0NBOabtXgd+3yjItmEp9MOp489Ms1SbsYGZn41p2OXQdhTkmOSfmRN6ma7KVZxChUa8rJYRRwtthY8DRiaPAq4-wYEPiBVcDY4B9RpMTsBo-Nro1ymPe1ppHRkngk3mKOI5mkTKBu+V2UV0S8sg6E7cGSUB4sP9a4bLq0=.D8F382FE2984EA035623.better_call_saul
2016-03-28 12:04 - 2016-02-24 16:09 - 00231104 _____ C:\Users\пк\Downloads\sMCI8hiny5WvRaqrRYmSi8d2KG1zHVEjswYHHd79URhvgo4x5GunoWpCxNJQXBILG-l3gxIELm-Ft-RfRNgZNCASrqPjlovtMuA-y5aDiZb8OFrrXRuKGRTBFWW2oW0a.D8F382FE2984EA035623.better_call_saul
2016-03-28 12:04 - 2016-02-24 16:08 - 00921616 _____ C:\Users\пк\Downloads\tamara-zyurnyaeva-chto-mozhno-uznat-o-cheloveke-po-date-ego-rozhdeniya-i-imeni.fb2.zip.los_pollos
2016-03-28 12:04 - 2016-02-24 16:05 - 01626464 _____ C:\Users\пк\Downloads\olesya-runova-lyuboe-zhelanie-za-30-minut-karta-zhelaniy-bystroe-ispolnenie-zhelaniy.fb2.zip.los_pollos
2016-03-28 12:04 - 2016-02-24 16:03 - 01729344 _____ C:\Users\пк\Downloads\svami-brakhmachari-5-minut-yogi-ne-vstavaya-s-krovati-dlya-kazhdoy-zhenschiny-v-lyubom.fb2.zip.los_pollos
2016-03-28 12:04 - 2016-02-24 16:02 - 01358912 _____ C:\Users\пк\Downloads\reychel-sonya-laytman-pochemu-odni-zhelaniya-sbyvayutsya-a-drugie-net-i-kak-pravilno.fb2.zip.los_pollos
2016-03-28 12:04 - 2016-02-24 16:01 - 00000416 _____ C:\Users\пк\Downloads\tatyana-khlebnikova-kak-privlech-dengi-v-dom-sovety-po-obrascheniyu-s-dengami.fb2.zip.los_pollos
2016-03-28 12:04 - 2016-02-24 16:00 - 00666400 _____ C:\Users\пк\Downloads\Oz0dWkxQ8zaYk28pXqtJxDy4uucqtTiZTtm-NKNoRjxvIcpeF0+KYVP0X1pfbFFjhry1I-dbVOjyc7pmIZ6QiF3cKN5MntYQ8aBtEF0sHnFCprMsmwUhb1IIrtypq37y.D8F382FE2984EA035623.better_call_saul
2016-03-28 12:04 - 2016-02-24 15:58 - 01435872 _____ C:\Users\пк\Downloads\8rbXPf8om56xjP05BRwnZ7gMNnJsHMBroIHrc2o5U93AMQbfmtpkJ9tAa4V0Ll9kf-7li-UHjcJCRqo9DZKc87EK6zZvADu9OpCg1UTLK45gXCJXE0mYntN8dgK51ssa0o8ycMx6XH0yIdWzQI6gFzb--0CL2oUX8N5A5gQ7vqd3p8Hs1KKq7PTHGVbpUXBn.D8F382FE2984EA035623.better_call_saul
2016-03-24 12:58 - 2015-12-15 13:18 - 00003834 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-03-24 12:58 - 2015-12-15 13:17 - 00797376 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-03-24 12:58 - 2015-12-15 13:17 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-03-23 13:18 - 2015-12-14 11:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2016-03-22 10:51 - 2016-02-12 12:16 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-03-22 10:51 - 2015-12-14 11:54 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-03-15 11:47 - 2015-12-12 00:01 - 00002192 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-03-15 11:47 - 2015-12-12 00:01 - 00002180 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-03-15 11:08 - 2009-07-14 21:37 - 00000000 ___RD C:\Users\Public\Recorded TV
2016-03-14 11:53 - 2015-12-14 11:31 - 00000000 ____D C:\Users\Все пользователи\Oracle
2016-03-14 11:53 - 2015-12-14 11:31 - 00000000 ____D C:\ProgramData\Oracle
2016-03-14 11:48 - 2015-12-14 11:32 - 00097888 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2016-03-14 11:48 - 2015-12-14 11:31 - 00000000 ____D C:\Program Files (x86)\Java
2016-03-14 11:38 - 2015-12-14 11:54 - 00001160 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2016-03-14 11:38 - 2015-12-14 11:54 - 00001148 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2016-03-14 11:06 - 2015-12-14 12:07 - 00000000 ____D C:\Program Files\Common Files\AV
2016-03-09 14:12 - 2015-12-11 23:59 - 00000000 ____D C:\Users\пк\AppData\Local\Microsoft Help

==================== Files in the root of some directories =======

2016-03-28 12:21 - 2016-03-29 14:58 - 3932608 _____ () C:\Users\пк\AppData\Roaming\G4mky10RsOcfgJdXt-t6I-4DlPS6VNFrQtU7HyBQDc6BFcDBrzve13mFYbYYb+nu.D8F382FE2984EA035623.better_call_saul
2014-10-07 10:39 - 2014-10-07 10:39 - 0011264 _____ () C:\Users\пк\AppData\Roaming\System.dll
2016-03-27 05:23 - 2016-03-27 05:23 - 0001571 _____ () C:\Users\пк\AppData\Roaming\TeazelUniqueTripCousinship
2016-03-26 12:48 - 2016-03-26 12:48 - 0064512 _____ (PC-Doctor, Inc.) C:\Users\пк\AppData\Roaming\urd.dll
2016-03-27 05:23 - 2016-03-27 05:23 - 0050464 _____ () C:\Users\пк\AppData\Roaming\Vincennes
2015-12-12 09:17 - 2016-03-28 12:11 - 0065136 _____ () C:\Users\пк\AppData\Local\75IxIw2J0ivShnKJQjLhgFVPGdRzyG2GDJLSm-pSXq3ujWqL8FuR4RTwCUG8jIIp.D8F382FE2984EA035623.better_call_saul
2016-03-29 13:37 - 2016-03-29 14:59 - 0065136 _____ () C:\Users\пк\AppData\Local\aqSZsaH0w4f6I48rNm5+vC-HQHc7P+lF2xyx5cacZr10-3CF4JQmEfVPnTUICAA0.D8F382FE2984EA035623.better_call_saul
2016-03-28 13:54 - 2016-03-29 14:59 - 1107520 ____H () C:\Users\пк\AppData\Local\EoGbGgKbWPJBI14MC7MbvJTp2Qh9QYC3mNlmFRPML3w=.D8F382FE2984EA035623.better_call_saul
2015-12-12 00:12 - 2016-03-28 12:11 - 2484160 ____H () C:\Users\пк\AppData\Local\OSATsuBI1eFJkzgbo+xGIz-QYCCWQ35jza6qP4LTg6M=.D8F382FE2984EA035623.better_call_saul
2016-02-15 16:31 - 2016-02-15 16:31 - 0000016 _____ () C:\ProgramData\mntemp
2016-02-15 16:31 - 2016-02-15 16:31 - 0005067 _____ () C:\ProgramData\mtbjfghn.xbe

Some files in TEMP:
====================
C:\Users\пк\AppData\Local\Temp\avguirn_081460802006.exe
C:\Users\пк\AppData\Local\Temp\avguirn_081673879322.exe
C:\Users\пк\AppData\Local\Temp\avguirn_082019393151.exe
C:\Users\пк\AppData\Local\Temp\downloader.exe
C:\Users\пк\AppData\Local\Temp\exereader.exe
C:\Users\пк\AppData\Local\Temp\rn32.dll


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-03-18 13:04

==================== End of FRST.txt ============================