Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 21-12-2016 Ran by user (administrator) on USER-PK (28-12-2016 10:08:02) Running from D:\AntiVir Loaded Profiles: user (Available Profiles: user) Platform: Microsoft Windows 7 Профессиональная Service Pack 1 (X86) Language: Русский (Россия) Internet Explorer Version 11 (Default browser: Opera) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AMD) C:\Windows\System32\atiesrxx.exe (AMD) C:\Windows\System32\atieclxx.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (Garmin Ltd. or its subsidiaries) C:\Program Files\Garmin\Device Interaction Service\GarminService.exe (SafeNet Inc.) C:\Windows\System32\hasplms.exe () C:\ProgramData\DatacardService\HWDeviceService.exe () C:\ProgramData\MegaFon Modem\OnlineUpdate\ouc.exe (Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL\Binn\sqlservr.exe (Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe (Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe (ООО ДубльГИС) C:\Program Files\2gis\3.0\2GISTrayNotifier.exe (Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuSchd2.exe (Hewlett-Packard) C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe (Garmin Ltd. or its subsidiaries) C:\Program Files\Garmin\Express Tray\ExpressTray.exe (Tensor Company Ltd) C:\Users\user\AppData\Roaming\SbisLauncher\Launcher.exe (Opera Software) C:\Program Files\Opera\42.0.2393.94\opera.exe (Opera Software) C:\Program Files\Opera\42.0.2393.94\opera_crashreporter.exe (Opera Software) C:\Program Files\Opera\42.0.2393.94\opera.exe (Opera Software) C:\Program Files\Opera\42.0.2393.94\opera.exe (Opera Software) C:\Program Files\Opera\42.0.2393.94\opera.exe (Opera Software) C:\Program Files\Opera\42.0.2393.94\opera.exe ==================== Registry (Whitelisted) ==================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [2Gis Update Notifier] => C:\Program Files\2gis\3.0\2GISTrayNotifier.exe [4593384 2016-02-29] (ООО ДубльГИС) HKLM\...\Run: [HP Software Update] => C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [54840 2007-05-08] (Hewlett-Packard) HKLM\...\Run: [hpqSRMon] => C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe [150016 2008-08-20] (Hewlett-Packard) HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [9080768 2016-12-02] (AVAST Software) Winlogon\Notify\cpcsp: C:\Program Files\Crypto Pro\CSP\cpcspi.dll [2010-08-13] (Компания Крипто-Про) HKU\S-1-5-21-3060366726-1207059899-2045018388-1000\...\Run: [GarminExpressTrayApp] => C:\Program Files\Garmin\Express Tray\ExpressTray.exe [1407912 2016-11-29] (Garmin Ltd. or its subsidiaries) HKU\S-1-5-21-3060366726-1207059899-2045018388-1000\...\Run: [Sbis Launcher] => C:\Users\user\AppData\Roaming\SbisLauncher\Launcher.exe [406576 2016-12-05] (Tensor Company Ltd) HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => C:\Program Files\Garmin\Express Tray\ExpressTray.exe [1407912 2016-11-29] (Garmin Ltd. or its subsidiaries) ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2016-12-02] (AVAST Software) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\..\Interfaces\{21F87AE0-F81B-42D6-9F9D-E6CAC79FBA4D}: [DhcpNameServer] 10.0.0.1 Tcpip\..\Interfaces\{79EFC2F9-2D55-4392-9F29-2786B9C2EDC7}: [NameServer] 10.7.0.1,213.108.216.5 Tcpip\..\Interfaces\{B4788888-AB6A-4978-9767-301F864064AD}: [NameServer] 10.52.129.36 10.52.129.56 Tcpip\..\Interfaces\{BC377451-74AA-4A74-8AE7-9E160514C341}: [DhcpNameServer] 10.0.0.1 Tcpip\..\Interfaces\{BD3FFB9F-A0EA-4DC2-9CB7-2416A5234069}: [DhcpNameServer] 192.168.42.129 Tcpip\..\Interfaces\{C850EA63-FEE4-412C-BFB8-E623B09A9098}: [NameServer] 10.52.129.36 10.52.129.56 Internet Explorer: ================== HKU\S-1-5-21-3060366726-1207059899-2045018388-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yandex.ru/?win=151&clid=2084453 HKU\S-1-5-21-3060366726-1207059899-2045018388-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://ru.msn.com/?ocid=iehp SearchScopes: HKU\S-1-5-21-3060366726-1207059899-2045018388-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://yandex.ru/yandsearch?win=151&clid=2084454&text={searchTerms} SearchScopes: HKU\S-1-5-21-3060366726-1207059899-2045018388-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://yandex.ru/yandsearch?win=151&clid=2084454&text={searchTerms} BHO: SSVHelper Class -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_111\bin\ssv.dll [2016-12-27] (Oracle Corporation) BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-12-02] (AVAST Software) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_111\bin\jp2ssv.dll [2016-12-27] (Oracle Corporation) Toolbar: HKU\S-1-5-21-3060366726-1207059899-2045018388-1000 -> No Name - {91397D20-1446-11D4-8AF4-0040CA1127B6} - No File DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_111-windows-i586.cab DPF: {A996E48C-D3DC-4244-89F7-AFA33EC60679} hxxps://etp.roseltorg.ru/resources/capicom.cab DPF: {CAFEEFAC-0018-0000-00111-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_111-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_111-windows-i586.cab FireFox: ======== FF ProfilePath: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default [2016-12-27] FF user.js: detected! => C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\user.js [2015-09-15] FF SearchPlugin: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\searchplugins\yandex.ru-102004.xml [2014-11-17] FF HKLM\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF FF Extension: (Avast SafePrice) - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-12-02] FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: (Avast Online Security) - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-12-02] FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_24_0_0_186.dll [2016-12-14] () FF Plugin: @cryptopro.ru/CAdES,version=1.0 -> C:\Program Files\Crypto Pro\CAdES Browser Plug-in\npcades.dll [2015-09-16] () FF Plugin: @java.com/DTPlugin,version=11.111.2 -> C:\Program Files\Java\jre1.8.0_111\bin\dtplugin\npDeployJava1.dll [2016-12-27] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.111.2 -> C:\Program Files\Java\jre1.8.0_111\bin\plugin2\npjp2.dll [2016-12-27] (Oracle Corporation) FF Plugin: @microsoft.com/GENUINE -> disabled [No File] FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation) FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-19] (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-19] (Google Inc.) FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2016-10-01] (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-3060366726-1207059899-2045018388-1000: @rts-tender.ru -> C:\Windows\system32\npRTSCrypto.dll [2015-09-30] (RTS ) FF Plugin HKU\S-1-5-21-3060366726-1207059899-2045018388-1000: @tensor.ru/SbisPluginClient,version=1.0.0 -> C:\Users\user\AppData\Roaming\SbisLauncher\Plugins\SbisPluginClient\npSbisPluginClient.dll [2016-05-17] (Tensor Company Ltd) Chrome: ======= CHR DefaultProfile: Default CHR HomePage: Default -> hxxp://www.google.com/ CHR StartupUrls: Default -> "hxxp://www.google.com/" CHR Profile: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default [2016-12-28] CHR Extension: (Документы Google) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-06] CHR Extension: (Диск Google) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-30] CHR Extension: (YouTube) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-07] CHR Extension: (Google Search) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-30] CHR Extension: (Google Документы офлайн) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-15] CHR Extension: (Vk log out) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmkdgggabnedkjnkejcaebkigkpdgife [2015-07-03] CHR Extension: (Платежная система Интернет-магазина Chrome) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-13] CHR Extension: (Gmail) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-31] CHR Extension: (Chrome Media Router) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-12-16] ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 2GISUpdateService; C:\Program Files\2gis\3.0\2GISUpdateService.exe [3772648 2016-02-29] (ООО ДубльГИС) R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [197128 2016-12-02] (AVAST Software) R2 cpcsp1; C:\Program Files\Crypto Pro\CSP\cpcspi.dll [645704 2010-08-13] (Компания Крипто-Про) S3 defragsvc; C:\Windows\System32\defragsvc.dll [218624 2009-07-14] (Корпорация Майкрософт) R2 Garmin Device Interaction Service; C:\Program Files\Garmin\Device Interaction Service\GarminService.exe [1029648 2016-11-29] (Garmin Ltd. or its subsidiaries) R2 hasplms; C:\Windows\system32\hasplms.exe [4180576 2010-09-27] (SafeNet Inc.) S3 hpqcxs08; C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll [248832 2009-05-21] (Hewlett-Packard Co.) [File not signed] R2 HWDeviceService.exe; C:\ProgramData\DatacardService\HWDeviceService.exe [271712 2011-03-14] () R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [3381200 2016-12-14] (Malwarebytes) S2 MegaFon Modem. RunOuc; C:\Program Files\MegaFon Modem\UpdateDog\ouc.exe [240640 2016-02-10] () [File not signed] R2 MSSQL$SQLEXPRESS; C:\Program Files\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [43130032 2015-03-30] (Microsoft Corporation) S4 SQLAgent$SQLEXPRESS; C:\Program Files\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [381104 2015-03-30] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation) S3 WPCSvc; C:\Windows\System32\wpcsvc.dll [10752 2009-07-14] (Корпорация Майкрософт) ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 aksfridge; C:\Windows\system32\drivers\aksfridge.sys [356864 2010-09-27] (SafeNet Inc.) S3 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [34008 2016-12-02] (AVAST Software) R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [35096 2016-12-02] (AVAST Software) R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [92256 2016-12-02] (AVAST Software) R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [91232 2016-12-02] (AVAST Software) R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [60424 2016-12-02] (AVAST Software) R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [735488 2016-12-02] (AVAST Software) R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [433768 2016-12-02] (AVAST Software) R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [118664 2016-12-02] (AVAST Software) R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [224752 2016-12-02] (AVAST Software) R1 CProCtrl; C:\Windows\System32\DRIVERS\CProCtrl.sys [56144 2010-08-03] (Компания Крипто-Про) R2 hardlock; C:\Windows\system32\drivers\hardlock.sys [588800 2009-12-09] (SafeNet Inc.) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [219072 2016-12-28] (Malwarebytes) R0 mountmgr; C:\Windows\System32\drivers\mountmgr.sys [78784 2015-07-15] (Корпорация Майкрософт) S4 RsFx0153; C:\Windows\System32\DRIVERS\RsFx0153.sys [250152 2015-03-30] (Microsoft Corporation) R3 RTIFDH; C:\Windows\System32\DRIVERS\rtIFDH.sys [13312 2012-02-27] (Компания "Актив") S3 RTUSB; C:\Windows\System32\DRIVERS\rtUSB.sys [29824 2012-02-27] (Компания "Актив") R1 uze3njuw; C:\Windows\system32\Drivers\uze3njuw.sys [11264 2016-12-27] () [File not signed] R0 volmgrx; C:\Windows\System32\drivers\volmgrx.sys [297040 2009-07-14] (Корпорация Майкрософт) ========================== Drivers MD5 ======================= C:\Windows\system32\drivers\1394ohci.sys ==> MD5 is legit C:\Windows\System32\drivers\ACPI.sys ==> MD5 is legit C:\Windows\system32\drivers\acpipmi.sys ==> MD5 is legit C:\Windows\system32\drivers\adp94xx.sys ==> MD5 is legit C:\Windows\system32\drivers\adpahci.sys ==> MD5 is legit C:\Windows\system32\drivers\adpu320.sys ==> MD5 is legit C:\Windows\system32\drivers\afd.sys 93B49FA857F7036A4EFF32371F6E7391 C:\Windows\system32\drivers\agp440.sys ==> MD5 is legit C:\Windows\system32\drivers\djsvs.sys ==> MD5 is legit C:\Windows\system32\drivers\aksfridge.sys 11F424D02AEA63A3A53445087072FDD0 C:\Windows\system32\drivers\aliide.sys ==> MD5 is legit C:\Windows\system32\drivers\amdagp.sys ==> MD5 is legit C:\Windows\system32\drivers\amdide.sys ==> MD5 is legit C:\Windows\system32\drivers\amdk8.sys ==> MD5 is legit C:\Windows\system32\drivers\amdppm.sys ==> MD5 is legit C:\Windows\system32\drivers\amdsata.sys ==> MD5 is legit C:\Windows\system32\drivers\amdsbs.sys ==> MD5 is legit C:\Windows\System32\drivers\amdxata.sys ==> MD5 is legit C:\Windows\system32\drivers\appid.sys FE4F2ADE5DBB3B888E9EB0A1FBA1F152 C:\Windows\system32\drivers\arc.sys ==> MD5 is legit C:\Windows\system32\drivers\arcsas.sys ==> MD5 is legit C:\Windows\system32\drivers\aswHwid.sys ACE407AF9DCE214772E04894C18BC18B C:\Windows\system32\drivers\aswKbd.sys 7393DE24CAE720E128FE61CC1A7632E3 C:\Windows\system32\drivers\aswMonFlt.sys 9A3BCD9CB36311EC1DB686010CE2E793 C:\Windows\system32\drivers\aswRdr2.sys 411E8CF998E01C3247DE094376E3CB3B C:\Windows\system32\Drivers\aswRvrt.sys 39445B2AA5CD7711DA5572E816D5DC86 C:\Windows\system32\drivers\aswSnx.sys 03AD952FC1287D5623763E310CE081BA C:\Windows\system32\drivers\aswSP.sys E061C8C09103BBE429D9DB222ED7F4C3 C:\Windows\system32\drivers\aswStm.sys A084E7BEA9EA4D0BE94357BFE8E987D7 C:\Windows\system32\Drivers\aswVmm.sys 8CA850403483A9373406707E8144EB5C C:\Windows\System32\DRIVERS\asyncmac.sys ==> MD5 is legit C:\Windows\System32\drivers\atapi.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\atikmdag.sys 04F09923A393E4E0E8453A8F78361E73 C:\Windows\system32\drivers\bxvbdx.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\b57nd60x.sys ==> MD5 is legit C:\Windows\system32\Drivers\Beep.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\blbdrive.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\bowser.sys ==> MD5 is legit C:\Windows\system32\drivers\BrFiltLo.sys ==> MD5 is legit C:\Windows\system32\drivers\BrFiltUp.sys ==> MD5 is legit C:\Windows\System32\Drivers\Brserid.sys ==> MD5 is legit C:\Windows\System32\Drivers\BrSerWdm.sys ==> MD5 is legit C:\Windows\System32\Drivers\BrUsbMdm.sys ==> MD5 is legit C:\Windows\System32\Drivers\BrUsbSer.sys ==> MD5 is legit C:\Windows\system32\drivers\bthmodem.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\cdfs.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\cdrom.sys ==> MD5 is legit C:\Windows\system32\drivers\circlass.sys ==> MD5 is legit C:\Windows\System32\CLFS.sys 33A60554882FDF59CDA3E1806370BBA1 C:\Windows\System32\DRIVERS\CmBatt.sys ==> MD5 is legit C:\Windows\system32\drivers\cmdide.sys ==> MD5 is legit C:\Windows\System32\Drivers\cng.sys 780FFC005741C9316576086155E55F56 C:\Windows\System32\DRIVERS\compbatt.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\CompositeBus.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\CProCtrl.sys 06A1E83C13C537FD764C38D391A114A6 C:\Windows\system32\drivers\crcdisk.sys ==> MD5 is legit C:\Windows\System32\drivers\csc.sys ==> MD5 is legit C:\Windows\System32\Drivers\dfsc.sys ==> MD5 is legit C:\Windows\System32\drivers\discache.sys ==> MD5 is legit C:\Windows\System32\drivers\disk.sys ==> MD5 is legit C:\Windows\system32\drivers\dmvsc.sys 2A958EF85DB1B61FFCA65044FA4BCE9E C:\Windows\system32\drivers\drmkaud.sys A3F684B866A7D89AE396276CE7AFD416 C:\Windows\System32\drivers\dxgkrnl.sys 3583A5A8CC2E682BFFBD4630D0FEC08B C:\Windows\system32\drivers\evbdx.sys ==> MD5 is legit C:\Windows\system32\drivers\elxstor.sys ==> MD5 is legit C:\Windows\system32\drivers\errdev.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\ewusbwwan.sys 026F6D48CC5293C7B8A696376618B9D2 C:\Windows\System32\DRIVERS\ew_hwusbdev.sys 57C171EA22F0A7F068FCB0CAEDD1E8E7 C:\Windows\system32\Drivers\exfat.sys ==> MD5 is legit C:\Windows\system32\Drivers\fastfat.sys ==> MD5 is legit C:\Windows\system32\drivers\fdc.sys ==> MD5 is legit C:\Windows\System32\drivers\fileinfo.sys ==> MD5 is legit C:\Windows\System32\drivers\filetrace.sys ==> MD5 is legit C:\Windows\system32\drivers\flpydisk.sys ==> MD5 is legitB C:\Windows\System32\drivers\fltmgr.sys ==> MD5 is legit C:\Windows\System32\drivers\FsDepends.sys ==> MD5 is legit C:\Windows\system32\Drivers\Fs_Rec.sys 7DAE5EBCC80E45D3253F4923DC424D05 C:\Windows\System32\DRIVERS\fvevol.sys ==> MD5 is legit C:\Windows\system32\drivers\gagp30kx.sys ==> MD5 is legit C:\Windows\system32\drivers\hardlock.sys 995178A443B07FA9EEAEA041D7B4B5CA C:\Windows\system32\drivers\hcw85cir.sys ==> MD5 is legit C:\Windows\System32\drivers\HdAudio.sys A5EF29D5315111C80A5C1ABAD14C8972 C:\Windows\System32\DRIVERS\HDAudBus.sys ==> MD5 is legit C:\Windows\system32\drivers\HidBatt.sys ==> MD5 is legit C:\Windows\system32\drivers\hidbth.sys ==> MD5 is legit C:\Windows\system32\drivers\hidir.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\hidusb.sys ==> MD5 is legit C:\Windows\system32\drivers\HpSAMD.sys ==> MD5 is legit C:\Windows\System32\drivers\HTTP.sys 487569E5DA56A5A432FF8AF6D3599CF9 C:\Windows\System32\DRIVERS\ew_jubusenum.sys F44461E66F1B7DD267957FE9BAA63ED0 C:\Windows\System32\DRIVERS\ewusbmdm.sys F547F862B8907F1BCBD9B72A72A6449E C:\Windows\System32\drivers\hwpolicy.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\i8042prt.sys ==> MD5 is legit C:\Windows\system32\drivers\iaStorV.sys ==> MD5 is legit C:\Windows\system32\drivers\iirsp.sys ==> MD5 is legit C:\Windows\system32\drivers\intelide.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\intelppm.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\ipfltdrv.sys ==> MD5 is legit C:\Windows\system32\drivers\IPMIDrv.sys ==> MD5 is legit C:\Windows\System32\drivers\ipnat.sys ==> MD5 is legit C:\Windows\System32\drivers\irenum.sys ==> MD5 is legit C:\Windows\system32\drivers\isapnp.sys ==> MD5 is legit C:\Windows\system32\drivers\msiscsi.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\kbdclass.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\kbdhid.sys ==> MD5 is legit C:\Windows\System32\Drivers\ksecdd.sys 0C51E9B34F3521806C78325E511E93EF C:\Windows\System32\Drivers\ksecpkg.sys CC5B7CF2D08FDDAF1112FE2785F33FAC C:\Windows\System32\DRIVERS\lltdio.sys ==> MD5 is legit C:\Windows\system32\drivers\lsi_fc.sys ==> MD5 is legit C:\Windows\system32\drivers\lsi_sas.sys ==> MD5 is legit C:\Windows\system32\drivers\lsi_sas2.sys ==> MD5 is legit C:\Windows\system32\drivers\lsi_scsi.sys ==> MD5 is legit C:\Windows\system32\drivers\luafv.sys ==> MD5 is legit C:\Windows\system32\drivers\MBAMSwissArmy.sys BF7D701D9EDDA9737DF8A39C1C0B8210 C:\Windows\system32\drivers\megasas.sys ==> MD5 is legit C:\Windows\system32\drivers\MegaSR.sys ==> MD5 is legit C:\Windows\System32\drivers\modem.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\monitor.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\mouclass.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\mouhid.sys ==> MD5 is legit C:\Windows\System32\drivers\mountmgr.sys BAD9C0366134BA181514E9263C8CE606 C:\Windows\system32\drivers\mpio.sys ==> MD5 is legit C:\Windows\System32\drivers\mpsdrv.sys ==> MD5 is legit C:\Windows\system32\drivers\mrxdav.sys 6430A074F6E32176FBEF2DEB110AE952 C:\Windows\System32\DRIVERS\mrxsmb.sys E900BD16B9EE8F09609D7FBE2027B376 C:\Windows\System32\DRIVERS\mrxsmb10.sys 34F71B69DD2875AF07C4DDF19563C457 C:\Windows\System32\DRIVERS\mrxsmb20.sys 14063258261AA807DAADC9233422A5E5 C:\Windows\system32\drivers\msahci.sys ==> MD5 is legit C:\Windows\system32\drivers\msdsm.sys ==> MD5 is legit C:\Windows\system32\Drivers\Msfs.sys ==> MD5 is legit C:\Windows\System32\drivers\mshidkmdf.sys ==> MD5 is legit C:\Windows\System32\drivers\msisadrv.sys ==> MD5 is legit C:\Windows\System32\drivers\MSKSSRV.sys ==> MD5 is legit C:\Windows\System32\drivers\MSPCLOCK.sys ==> MD5 is legit C:\Windows\System32\drivers\MSPQM.sys ==> MD5 is legit C:\Windows\system32\Drivers\MsRPC.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\mssmbios.sys ==> MD5 is legit C:\Windows\System32\drivers\MSTEE.sys ==> MD5 is legit C:\Windows\system32\drivers\MTConfig.sys ==> MD5 is legit C:\Windows\System32\Drivers\mup.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\nwifi.sys ==> MD5 is legit C:\Windows\System32\drivers\ndis.sys 9804FB2E46077F2977552347DFCA7E05 C:\Windows\System32\DRIVERS\ndiscap.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\ndistapi.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\ndisuio.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\ndiswan.sys ==> MD5 is legit C:\Windows\system32\Drivers\NDProxy.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\netbios.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\netbt.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\netr28.sys 652881F65B35564575255A0E05E23C55 C:\Windows\system32\drivers\nfrd960.sys ==> MD5 is legit C:\Windows\system32\Drivers\Npfs.sys ==> MD5 is legit C:\Windows\System32\drivers\nsiproxy.sys ==> MD5 is legit C:\Windows\system32\Drivers\Ntfs.sys 5E43D2B0EE64123D4880DFA6626DEFDE C:\Windows\system32\Drivers\Null.sys ==> MD5 is legit C:\Windows\system32\drivers\nvraid.sys ==> MD5 is legit C:\Windows\system32\drivers\nvstor.sys ==> MD5 is legit C:\Windows\system32\drivers\nv_agp.sys ==> MD5 is legit C:\Windows\system32\drivers\ohci1394.sys ==> MD5 is legit C:\Windows\system32\drivers\parport.sys ==> MD5 is legit C:\Windows\System32\drivers\partmgr.sys 3F34A1B4C5F6475F320C275E63AFCE9B C:\Windows\system32\drivers\parvdm.sys ==> MD5 is legit C:\Windows\System32\drivers\pci.sys ==> MD5 is legit C:\Windows\System32\drivers\pciide.sys ==> MD5 is legit C:\Windows\system32\drivers\pcmcia.sys ==> MD5 is legit C:\Windows\System32\drivers\pcw.sys ==> MD5 is legit C:\Windows\System32\drivers\peauth.sys AEBC369F7DC72AB3F5B9BDF34FA0D43F C:\Windows\System32\DRIVERS\raspptp.sys ==> MD5 is legit C:\Windows\system32\drivers\processr.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\pacer.sys ==> MD5 is legit C:\Windows\system32\drivers\ql2300.sys ==> MD5 is legit C:\Windows\system32\drivers\ql40xx.sys ==> MD5 is legit C:\Windows\system32\drivers\qwavedrv.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\rasacd.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\AgileVpn.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\rasl2tp.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\raspppoe.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\rassstp.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\rdbss.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\rdpbus.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\RDPCDD.sys ==> MD5 is legit C:\Windows\System32\drivers\rdpdr.sys ==> MD5 is legit C:\Windows\System32\drivers\rdpencdd.sys ==> MD5 is legit C:\Windows\System32\drivers\rdprefmp.sys ==> MD5 is legit C:\Windows\system32\Drivers\RDPWD.sys CD9214A6AE17D188D17C3CF8CB9CC693 C:\Windows\System32\drivers\rdyboost.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\RsFx0153.sys 412FEE325FDC5054AE44CF7797692AF3 C:\Windows\System32\DRIVERS\rspndr.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\rtIFDH.sys 6C5BAB6BE480D966A3904D8BF12AA3AC C:\Windows\System32\DRIVERS\rtUSB.sys 022548C5D0DFBA837B535FC9C040238B C:\Windows\system32\drivers\vms3cap.sys ==> MD5 is legit C:\Windows\system32\drivers\sbp2port.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\scfilter.sys ==> MD5 is legit C:\Windows\system32\Drivers\secdrv.sys ==> MD5 is legit C:\Windows\system32\drivers\serenum.sys ==> MD5 is legit C:\Windows\system32\drivers\serial.sys ==> MD5 is legit C:\Windows\system32\drivers\sermouse.sys ==> MD5 is legit C:\Windows\system32\drivers\sffdisk.sys ==> MD5 is legit C:\Windows\system32\drivers\sffp_mmc.sys ==> MD5 is legit C:\Windows\system32\drivers\sffp_sd.sys ==> MD5 is legit C:\Windows\system32\drivers\sfloppy.sys ==> MD5 is legit C:\Windows\system32\drivers\sisagp.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\SiSGB6.sys 6F0C643C7F49F2091B01D014EAE72E1A C:\Windows\system32\drivers\SiSRaid2.sys ==> MD5 is legit C:\Windows\system32\drivers\sisraid4.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\smb.sys ==> MD5 is legit C:\Windows\system32\Drivers\spldr.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\srv.sys E4C2764065D66EA1D2D3EBC28FE99C46 C:\Windows\System32\DRIVERS\srv2.sys 03F0545BD8D4C77FA0AE1CEEDFCC71AB C:\Windows\System32\DRIVERS\srvnet.sys BE6BD660CAA6F291AE06A718A4FA8ABC C:\Windows\system32\drivers\stexstor.sys ==> MD5 is legit C:\Windows\System32\drivers\vmstorfl.sys ==> MD5 is legit C:\Windows\system32\drivers\storvsc.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\swenum.sys ==> MD5 is legit C:\Windows\System32\drivers\tcpip.sys 5579DD18546999F5D0EC39D018726C6B C:\Windows\System32\DRIVERS\tcpip.sys 5579DD18546999F5D0EC39D018726C6B C:\Windows\System32\drivers\tcpipreg.sys ==> MD5 is legit C:\Windows\System32\drivers\tdpipe.sys ==> MD5 is legit C:\Windows\System32\drivers\tdtcp.sys 2C2C5AFE7EE4F620D69C23C0617651A8 C:\Windows\System32\DRIVERS\tdx.sys BB8817D0508DD5EA69C770C8DEF5AB67 C:\Windows\System32\DRIVERS\termdd.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\tssecsrv.sys 6C5139E4283249518F7743D7043775B3 C:\Windows\System32\drivers\tsusbflt.sys ==> MD5 is legit C:\Windows\system32\drivers\TsUsbGD.sys 01246F0BAAD7B68EC0F472AA41E33282 C:\Windows\System32\DRIVERS\tunnel.sys ==> MD5 is legit C:\Windows\system32\drivers\uagp35.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\udfs.sys ==> MD5 is legit C:\Windows\system32\drivers\uliagpkx.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\umbus.sys ==> MD5 is legit C:\Windows\system32\drivers\umpass.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\usbccgp.sys 0803FBA9FE829D61AE26EC0BCC910C46 C:\Windows\system32\drivers\usbcir.sys 2352AB5F9F8F097BF9D41D5A4718A041 C:\Windows\System32\DRIVERS\usbehci.sys D40855F89B69305140BBD7E9A3BA2DA6 C:\Windows\System32\DRIVERS\usbhub.sys EDF2DF71C4F1E13A6AC75F5224DE655A C:\Windows\System32\DRIVERS\usbohci.sys 9828C8D14CC2676421778F0DE638CF97 C:\Windows\system32\drivers\usbprint.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\usbscan.sys FC6B21DB4B5B398AB93DBE59CBF11036 C:\Windows\System32\DRIVERS\USBSTOR.SYS ==> MD5 is legit C:\Windows\system32\drivers\usbuhci.sys ==> MD5 is legit C:\Windows\System32\Drivers\usbvideo.sys DE014425522610BEDCA3821BB8C0F1D5 C:\Windows\System32\DRIVERS\usb8023x.sys AF77716205C97E902E6C5B78DECE2CCA C:\Windows\system32\Drivers\uze3njuw.sys D565AD44C6C4D934AFAD3CA4196B09AA C:\Windows\System32\drivers\vdrvroot.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\vgapnp.sys ==> MD5 is legit C:\Windows\System32\drivers\vga.sys ==> MD5 is legit C:\Windows\system32\drivers\vhdmp.sys ==> MD5 is legit C:\Windows\system32\drivers\viaagp.sys ==> MD5 is legit C:\Windows\system32\drivers\viac7.sys ==> MD5 is legit C:\Windows\system32\drivers\viaide.sys ==> MD5 is legit C:\Windows\system32\drivers\vmbus.sys ==> MD5 is legit C:\Windows\system32\drivers\VMBusHID.sys ==> MD5 is legit C:\Windows\System32\drivers\volmgr.sys ==> MD5 is legit C:\Windows\System32\drivers\volmgrx.sys ==> MD5 is legit C:\Windows\System32\drivers\volsnap.sys ==> MD5 is legit C:\Windows\system32\drivers\vsmraid.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\vwifibus.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\vwififlt.sys 7090D3436EEB4E7DA3373090A23448F7 C:\Windows\System32\DRIVERS\vwifimp.sys A3F04CBEA6C2A10E6CB01F8B47611882 C:\Windows\system32\drivers\wacompen.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit C:\Windows\system32\drivers\wd.sys ==> MD5 is legit C:\Windows\System32\drivers\Wdf01000.sys 25944D2CC49E0A6C581D02A74B7D6645 C:\Windows\System32\DRIVERS\wfplwf.sys ==> MD5 is legit C:\Windows\System32\drivers\wimmount.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\WinUsb.sys A67E5F9A400F3BD1BE3D80613B45F708 C:\Windows\System32\DRIVERS\wmiacpi.sys ==> MD5 is legit C:\Windows\system32\drivers\ws2ifsl.sys ==> MD5 is legit C:\Windows\System32\drivers\WudfPf.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\WUDFRd.sys ==> MD5 is legit ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-12-28 10:07 - 2016-12-28 10:08 - 00000000 ____D C:\FRST 2016-12-27 16:40 - 2016-12-28 09:55 - 00219072 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2016-12-27 16:40 - 2016-12-28 08:40 - 00087496 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys 2016-12-27 16:40 - 2016-12-28 08:39 - 00063264 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys 2016-12-27 16:40 - 2016-12-28 08:39 - 00039360 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys 2016-12-27 16:40 - 2016-12-27 16:55 - 00153024 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMChameleon.sys 2016-12-27 16:39 - 2016-12-27 16:39 - 00002024 _____ C:\Users\Public\Desktop\Malwarebytes.lnk 2016-12-27 16:39 - 2016-12-27 16:39 - 00000000 ____D C:\Users\Все пользователи\Malwarebytes 2016-12-27 16:39 - 2016-12-27 16:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes 2016-12-27 16:39 - 2016-12-27 16:39 - 00000000 ____D C:\ProgramData\Malwarebytes 2016-12-27 16:39 - 2016-12-27 16:39 - 00000000 ____D C:\Program Files\Malwarebytes 2016-12-27 16:39 - 2016-12-14 12:55 - 00059968 _____ C:\Windows\system32\Drivers\mbae.sys 2016-12-27 16:36 - 2016-12-28 09:52 - 00000000 ____D C:\AdwCleaner 2016-12-27 12:43 - 2016-05-21 00:49 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2016-12-27 12:43 - 2016-05-20 23:38 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2016-12-27 12:42 - 2016-05-24 01:54 - 00346312 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2016-12-27 12:42 - 2016-05-20 23:42 - 02121216 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2016-12-27 12:23 - 2016-05-21 01:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2016-12-27 12:23 - 2016-05-21 00:57 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2016-12-27 12:23 - 2016-05-21 00:56 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\html.iec 2016-12-27 12:23 - 2016-05-21 00:55 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2016-12-27 12:23 - 2016-05-21 00:45 - 00476160 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2016-12-27 12:23 - 2016-05-21 00:19 - 00130048 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll 2016-12-27 12:22 - 2016-05-21 19:57 - 20341248 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2016-12-27 12:22 - 2016-05-21 01:14 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2016-12-27 12:22 - 2016-05-21 00:57 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2016-12-27 12:22 - 2016-05-21 00:57 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2016-12-27 12:22 - 2016-05-21 00:50 - 02287104 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2016-12-27 12:22 - 2016-05-21 00:48 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2016-12-27 12:22 - 2016-05-21 00:44 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2016-12-27 12:22 - 2016-05-21 00:44 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2016-12-27 12:22 - 2016-05-21 00:44 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2016-12-27 12:22 - 2016-05-21 00:43 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2016-12-27 12:22 - 2016-05-21 00:36 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2016-12-27 12:22 - 2016-05-21 00:33 - 00416256 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2016-12-27 12:22 - 2016-05-21 00:29 - 13815808 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2016-12-27 12:22 - 2016-05-21 00:27 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2016-12-27 12:22 - 2016-05-21 00:26 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll 2016-12-27 12:22 - 2016-05-21 00:23 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2016-12-27 12:22 - 2016-05-21 00:23 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2016-12-27 12:22 - 2016-05-21 00:21 - 00279040 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2016-12-27 12:22 - 2016-05-21 00:14 - 04610048 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2016-12-27 12:22 - 2016-05-21 00:12 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll 2016-12-27 12:22 - 2016-05-21 00:09 - 00693248 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2016-12-27 12:22 - 2016-05-21 00:09 - 00689664 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2016-12-27 12:22 - 2016-05-21 00:08 - 02055680 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2016-12-27 12:22 - 2016-05-21 00:07 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2016-12-27 12:22 - 2016-05-20 23:38 - 01310208 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2016-12-27 12:12 - 2016-12-27 12:12 - 00000000 ____D C:\Users\user\AppData\Roaming\Sun 2016-12-27 12:11 - 2016-12-27 12:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2016-12-27 12:11 - 2016-12-27 12:10 - 00095808 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll 2016-12-27 12:09 - 2016-12-27 12:15 - 00000000 ____D C:\Users\Все пользователи\Oracle 2016-12-27 12:09 - 2016-12-27 12:15 - 00000000 ____D C:\ProgramData\Oracle 2016-12-27 12:01 - 2016-12-27 12:04 - 00011264 _____ C:\Windows\system32\Drivers\uze3njuw.sys 2016-12-27 10:22 - 2016-12-27 10:22 - 00623216 _____ (Doctor Web, Ltd.) C:\Users\user\Downloads\drw_remover.exe 2016-12-27 08:51 - 2016-12-27 09:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Яндекс 2016-12-27 08:51 - 2016-12-27 09:26 - 00000000 ____D C:\Program Files\Yandex 2016-12-27 08:51 - 2016-12-27 08:51 - 00000000 ____D C:\Users\user\AppData\Local\Yandex 2016-12-27 08:13 - 2016-12-27 08:13 - 03371406 _____ C:\Users\user\Downloads\uvs_latest.zip 2016-12-27 07:39 - 2016-12-27 07:39 - 00000969 _____ C:\Users\Public\Desktop\CCleaner.lnk 2016-12-27 07:39 - 2016-12-27 07:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner 2016-12-27 07:39 - 2016-12-27 07:39 - 00000000 ____D C:\Program Files\CCleaner 2016-12-27 07:27 - 2016-12-27 10:03 - 00000000 ____D C:\Windows\pss 2016-12-27 07:06 - 2016-12-27 07:06 - 00001191 _____ C:\Users\Public\Desktop\Revo Uninstaller.lnk 2016-12-27 07:06 - 2016-12-27 07:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller 2016-12-27 07:01 - 2016-12-27 07:01 - 00000000 ____D C:\Program Files\VS Revo Group 2016-12-27 06:52 - 2016-12-27 06:52 - 00000000 ____D C:\Users\user\AppData\Local\ElevatedDiagnostics 2016-12-26 09:35 - 2016-12-26 09:35 - 00293558 _____ C:\Users\user\Downloads\Презентация+анализ (1).ppt 2016-12-26 09:31 - 2016-12-26 09:35 - 00555702 _____ C:\Users\user\Downloads\Презентация+анализ.ppt 2016-12-26 09:29 - 2016-12-26 09:29 - 00013526 _____ C:\Users\user\Downloads\нород лэнд (1).odt 2016-12-23 09:55 - 2016-12-23 09:55 - 00013526 _____ C:\Users\user\Downloads\нород лэнд.odt 2016-12-21 14:44 - 2016-12-21 14:44 - 00269312 _____ C:\Users\user\Downloads\price-list_megapolis-group-companies_08_12_2016.xls 2016-12-21 10:12 - 2016-12-21 10:12 - 00657091 _____ C:\Users\user\Downloads\ПРОТОКОЛ_№_АЭф-510-Р-2_от_20.12.2016.pdf 2016-12-20 11:34 - 2016-12-20 11:34 - 00234442 _____ C:\Users\user\Downloads\8. Прайс на прямостенные ангары из профлиста или сэндвич панелей.pdf 2016-12-20 10:21 - 2016-12-20 10:21 - 00016137 _____ C:\Users\user\Downloads\Schet_factura_20161205070614169227000 (1).pdf 2016-12-20 10:20 - 2016-12-20 10:20 - 00921573 _____ C:\Users\user\Downloads\Schet_ezhemesjachniy_20161205070611299978000 (1).pdf 2016-12-19 10:35 - 2016-12-19 10:44 - 00000000 ____D C:\Program Files\GUM93A7.tmp 2016-12-16 14:19 - 2016-12-16 14:19 - 00443402 _____ C:\Users\user\Downloads\������..pdf 2016-12-15 14:14 - 2016-12-15 14:14 - 00452825 _____ C:\Users\user\Downloads\КП обучение.pdf 2016-12-15 14:11 - 2016-12-15 14:11 - 00043641 _____ C:\Users\user\Downloads\BKAN-0548_rus_Inquire List.xlsx 2016-12-15 14:10 - 2016-12-15 14:11 - 00325338 _____ C:\Users\user\Downloads\RFQ3797_Запрос.pdf 2016-12-15 09:25 - 2016-12-15 09:25 - 00111602 _____ C:\Users\user\Downloads\invoice (8).pdf 2016-12-13 13:18 - 2016-12-13 13:20 - 00000000 ____D C:\Users\user\Desktop\Инструкции технологичка 2016-12-13 12:03 - 2016-12-13 12:03 - 00637362 _____ C:\Users\user\Downloads\re_myasorubki___10.06.2013.pdf 2016-12-08 12:52 - 2016-12-08 12:52 - 03308436 _____ C:\Users\user\Downloads\кадетский корпус0001.pdf 2016-12-08 11:20 - 2016-12-08 11:20 - 00866304 _____ C:\Users\user\Downloads\PriceGlorya (2).xls 2016-12-08 11:20 - 2016-12-08 11:20 - 00604357 _____ C:\Users\user\Desktop\PriceGlorya (2).xlsx 2016-12-07 14:46 - 2016-12-07 14:46 - 00016137 _____ C:\Users\user\Downloads\Schet_factura_20161205070614169227000.pdf 2016-12-07 14:40 - 2016-12-07 14:41 - 00921573 _____ C:\Users\user\Downloads\Schet_ezhemesjachniy_20161205070611299978000.pdf 2016-12-06 11:49 - 2016-12-06 11:49 - 00839602 _____ C:\Users\user\Downloads\сканирование0083.pdf 2016-12-06 09:25 - 2016-12-06 09:25 - 00106920 _____ C:\Users\user\Downloads\Сопроводительная документация.rar 2016-12-05 14:23 - 2016-12-05 14:23 - 00445541 _____ C:\Users\user\Downloads\реарт0001.pdf 2016-12-05 14:03 - 2016-12-05 14:03 - 01121332 _____ C:\Users\user\Downloads\сканирование0078.pdf 2016-12-05 14:02 - 2016-12-05 14:02 - 00963901 _____ C:\Users\user\Downloads\сканирование0079 (1).pdf 2016-12-05 12:47 - 2016-12-05 12:47 - 04426498 _____ C:\Users\user\Downloads\согласие на поставку0001.pdf 2016-12-05 12:43 - 2016-12-05 12:43 - 00601014 _____ C:\Users\user\Downloads\сканирование0077.pdf 2016-12-05 11:26 - 2016-12-05 11:26 - 00014416 _____ C:\Users\user\Downloads\Приложение № 1 - Технические характеристики (3).xlsx 2016-12-05 10:48 - 2016-12-15 09:21 - 00000000 ____D C:\Users\user\Desktop\ЛИИН 2016-12-05 10:37 - 2016-12-05 10:37 - 00049664 _____ C:\Users\user\Downloads\Приложение 2 (5).xls 2016-12-05 10:37 - 2016-12-05 10:37 - 00039936 _____ C:\Users\user\Downloads\Приложение 1 (7).xls 2016-12-02 15:11 - 2016-12-02 15:11 - 00059904 _____ C:\Users\user\Downloads\Счет на оплату № 471 от 02 декабря 2016 г.xls 2016-12-02 15:05 - 2016-12-02 15:05 - 00023233 _____ C:\Users\user\Downloads\Для участника закупки СМП (13).zip 2016-12-02 14:42 - 2016-12-02 14:42 - 00016649 _____ C:\Users\user\Downloads\Для участника закупки (2).zip 2016-12-02 14:34 - 2016-12-02 14:34 - 00174462 _____ C:\Users\user\Downloads\3327319753_20161202_143410.pdf 2016-12-02 11:21 - 2016-12-02 11:21 - 00001124 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk 2016-12-02 11:20 - 2016-12-02 11:20 - 00035096 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys 2016-12-02 11:17 - 2016-12-02 11:17 - 00000000 ____D C:\Users\user\AppData\Roaming\AVAST Software 2016-12-02 11:16 - 2016-12-02 11:16 - 00735488 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys 2016-12-02 11:16 - 2016-12-02 11:16 - 00433768 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys 2016-12-02 11:16 - 2016-12-02 11:16 - 00224752 _____ (AVAST Software) C:\Windows\system32\Drivers\aswvmm.sys 2016-12-02 11:16 - 2016-12-02 11:16 - 00039832 _____ () C:\Windows\system32\Drivers\staport.sys 2016-12-02 11:16 - 2016-12-02 11:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software 2016-12-02 11:16 - 2016-12-02 11:15 - 00118664 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys 2016-12-02 11:16 - 2016-12-02 11:15 - 00092256 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys 2016-12-02 11:16 - 2016-12-02 11:15 - 00091232 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys 2016-12-02 11:16 - 2016-12-02 11:15 - 00060424 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys 2016-12-02 11:16 - 2016-12-02 11:15 - 00034008 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys 2016-12-02 11:15 - 2016-12-02 11:15 - 00319760 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe 2016-12-02 11:15 - 2016-12-02 11:15 - 00053208 _____ (AVAST Software) C:\Windows\avastSS.scr 2016-12-02 11:12 - 2016-12-02 11:20 - 00000000 ____D C:\Program Files\AVAST Software 2016-12-02 10:56 - 2016-12-02 10:56 - 00766546 _____ C:\Users\user\Downloads\сканирование0074.pdf 2016-12-02 10:53 - 2016-12-02 10:53 - 00014416 _____ C:\Users\user\Downloads\Приложение № 1 - Технические характеристики (2).xlsx 2016-12-02 10:51 - 2016-12-02 10:51 - 00023233 _____ C:\Users\user\Downloads\Для участника закупки СМП (12).zip 2016-12-02 09:34 - 2016-12-02 09:34 - 00001860 _____ C:\Users\Public\Desktop\Garmin Express.lnk 2016-12-02 09:34 - 2016-12-02 09:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garmin 2016-12-01 15:35 - 2016-12-01 15:35 - 03081438 _____ C:\Users\user\Downloads\сканирование0067 (1).pdf 2016-12-01 15:15 - 2016-12-01 15:15 - 00573855 _____ C:\Users\user\Downloads\Договор НПП Техпромбизнес.pdf 2016-12-01 14:38 - 2016-12-01 14:38 - 00288594 _____ C:\Users\user\Downloads\Счет на оплату № 2582 от 01 декабря 2016 г (1).pdf 2016-12-01 14:08 - 2016-12-01 14:08 - 00014416 _____ C:\Users\user\Downloads\Приложение № 1 - Технические характеристики (1).xlsx 2016-12-01 14:05 - 2016-12-01 14:05 - 00012170 _____ C:\Users\user\Downloads\Приложение № 1 - Технические характеристики.xlsx 2016-12-01 11:06 - 2016-12-01 11:06 - 00633284 _____ C:\Users\user\Downloads\Счет Холод-К0001.pdf 2016-12-01 11:06 - 2016-12-01 11:06 - 00343422 _____ C:\Users\user\Downloads\АКТ Холод-К0001.pdf 2016-12-01 10:54 - 2016-12-01 10:54 - 00486793 _____ C:\Users\user\Downloads\заявка0001 (1).pdf 2016-11-29 15:13 - 2016-11-29 15:13 - 00014018 _____ C:\Users\user\Desktop\матариалы КХН.odt 2016-11-29 15:08 - 2016-11-29 15:21 - 00023806 _____ C:\Users\user\Desktop\Материалы КХС 11х11.odt 2016-11-29 14:30 - 2016-11-29 14:30 - 00023233 _____ C:\Users\user\Downloads\Для участника закупки СМП (11).zip 2016-11-29 09:26 - 2016-11-29 09:26 - 00033280 _____ C:\Users\user\Downloads\ПРИЛ_ЭАД_3.xls 2016-11-28 13:19 - 2016-11-28 13:19 - 01828175 _____ C:\Users\user\Desktop\Прайс на комплектующие.xlsx 2016-11-28 13:18 - 2016-11-28 13:19 - 12743452 _____ C:\Users\user\Desktop\Прайс на оборудование 21-11-2016.xlsx 2016-11-28 13:17 - 2016-11-28 13:19 - 07718229 _____ C:\Users\user\Downloads\rosholod_price 28.11.rar 2016-11-28 12:47 - 2016-11-28 12:47 - 00515854 _____ C:\Users\user\Downloads\price-list-moscow.xlsx 2016-11-28 12:37 - 2016-11-28 12:37 - 03436976 _____ C:\Users\user\Downloads\0f8dfaa648097450ba968623c6e2bae3 (1).pdf 2016-11-28 11:26 - 2016-11-28 11:26 - 03436976 _____ C:\Users\user\Downloads\0f8dfaa648097450ba968623c6e2bae3.pdf 2016-11-28 10:32 - 2016-11-28 10:33 - 00057972 _____ C:\Users\user\Downloads\разъяснение 12773 544575.PDF ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-12-28 10:03 - 2009-07-14 07:34 - 00021312 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2016-12-28 10:03 - 2009-07-14 07:34 - 00021312 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2016-12-28 09:54 - 2009-07-14 07:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2016-12-28 09:40 - 2014-06-19 11:25 - 00000896 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2016-12-27 12:39 - 2011-04-12 01:46 - 00790728 _____ C:\Windows\system32\perfh019.dat 2016-12-27 12:39 - 2011-04-12 01:46 - 00176102 _____ C:\Windows\system32\perfc019.dat 2016-12-27 12:39 - 2010-11-21 00:01 - 01834984 _____ C:\Windows\system32\PerfStringBackup.INI 2016-12-27 12:39 - 2009-07-14 05:37 - 00000000 ____D C:\Windows\inf 2016-12-27 12:16 - 2015-11-18 09:23 - 00000000 ____D C:\Program Files\MSXML 4.0 2016-12-27 12:14 - 2014-02-10 11:55 - 00000000 ____D C:\Program Files\Java 2016-12-27 12:14 - 2014-02-10 11:55 - 00000000 ____D C:\Program Files\Common Files\Java 2016-12-27 12:10 - 2014-02-10 11:57 - 00269888 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe 2016-12-27 09:59 - 2014-02-10 11:49 - 00000000 ____D C:\Windows\Panther 2016-12-27 09:55 - 2014-02-10 11:10 - 00001945 _____ C:\Windows\epplauncher.mif 2016-12-27 09:30 - 2009-07-14 07:33 - 00427872 _____ C:\Windows\system32\FNTCACHE.DAT 2016-12-27 09:29 - 2014-02-10 12:15 - 00000000 ____D C:\Program Files\Google 2016-12-27 08:51 - 2014-11-17 10:20 - 00000000 ____D C:\Users\user\AppData\LocalLow\Yandex 2016-12-27 08:24 - 2014-02-10 11:10 - 00113384 _____ C:\Users\user\AppData\Local\GDIPFONTCACHEV1.DAT 2016-12-27 08:17 - 2014-02-10 12:15 - 00000000 ____D C:\Users\user\AppData\Local\Google 2016-12-27 06:55 - 2014-02-10 11:15 - 00000000 ____D C:\Program Files\Opera 2016-12-22 10:19 - 2014-06-25 13:44 - 00000000 ____D C:\Users\user\Desktop\Рябов суд 2016-12-21 14:04 - 2011-10-11 18:09 - 00000000 ____D C:\buckup 2016-12-20 12:40 - 2011-10-11 18:10 - 00000000 ___RD C:\Users\user\Desktop\Мои документы 2016-12-19 13:19 - 2014-11-25 13:37 - 00000000 ____D C:\Users\user\Desktop\Котировки 2014 2016-12-16 09:15 - 2016-04-08 15:40 - 00000958 _____ C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job 2016-12-15 13:29 - 2014-12-11 13:25 - 00000000 ____D C:\EcoTmp 2016-12-15 11:53 - 2014-11-25 13:36 - 00000000 ____D C:\Users\user\Desktop\ТО 2014 2016-12-15 00:34 - 2014-02-10 12:16 - 00002137 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2016-12-15 00:34 - 2014-02-10 12:16 - 00002125 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2016-12-14 13:40 - 2014-06-19 11:25 - 00802904 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe 2016-12-14 13:40 - 2014-06-19 11:25 - 00144472 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl 2016-12-14 13:40 - 2014-06-19 11:25 - 00000000 ____D C:\Windows\system32\Macromed 2016-12-08 13:50 - 2014-06-19 10:56 - 00000000 ____D C:\Users\user\Desktop\Документы Техпром 2016-12-06 09:32 - 2015-10-15 14:05 - 00000000 ____D C:\Users\user\AppData\Roaming\SbisLauncher 2016-12-06 09:31 - 2015-12-30 09:27 - 00000000 ____D C:\Users\Все пользователи\SBISDisk 2016-12-06 09:31 - 2015-12-30 09:27 - 00000000 ____D C:\ProgramData\SBISDisk 2016-12-06 09:31 - 2015-10-15 14:06 - 00000000 ____D C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\СБИС плагин 2016-12-05 14:57 - 2015-03-11 09:47 - 00000000 ____D C:\Users\user\Desktop\Аукционы 2015 2016-12-02 14:48 - 2009-07-14 05:37 - 00000000 ____D C:\Windows\system32\NDF 2016-12-02 14:37 - 2013-10-09 13:08 - 00000000 ____D C:\Users\user\Desktop\Документы ЭТП ЛЭнд 2016-12-02 11:32 - 2014-06-19 13:13 - 00000000 ____D C:\Users\user\AppData\Local\Adobe 2016-12-02 11:32 - 2014-05-22 14:34 - 00000000 ____D C:\Program Files\Common Files\Adobe AIR 2016-12-02 11:20 - 2015-03-30 14:14 - 00000000 ____D C:\Users\Все пользователи\AVAST Software 2016-12-02 11:20 - 2015-03-30 14:14 - 00000000 ____D C:\ProgramData\AVAST Software 2016-12-02 09:37 - 2015-07-23 11:04 - 00000000 ____D C:\Users\Все пользователи\Package Cache 2016-12-02 09:37 - 2015-07-23 11:04 - 00000000 ____D C:\ProgramData\Package Cache 2016-12-02 09:36 - 2015-07-23 11:18 - 00000000 ____D C:\Program Files\Garmin ==================== Files in the root of some directories ======= 2014-06-01 11:28 - 2014-06-01 11:32 - 0000000 _____ () C:\Users\user\AppData\Local\{2F3180CF-CF99-4C0F-B96B-44F74D957CC6} 2015-03-30 14:05 - 2015-03-30 14:05 - 0000414 _____ () C:\ProgramData\fontcacheev1.dat 2015-10-09 13:31 - 2015-10-09 13:43 - 0000300 _____ () C:\ProgramData\hpzinstall.log Files to move or delete: ==================== C:\ProgramData\fontcacheev1.dat C:\Users\user\SkypeSetup.exe C:\Users\Все пользователи\fontcacheev1.dat Some files in TEMP: ==================== C:\Users\user\AppData\Local\Temp\libeay32.dll C:\Users\user\AppData\Local\Temp\msvcr120.dll C:\Users\user\AppData\Local\Temp\sqlite3.dll ==================== Bamital & volsnap ====================== (There is no automatic fix for files that do not pass verification.) C:\Windows\explorer.exe => File is digitally signed C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\dnsapi.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed ==================== BCD ================================ „ЁбЇҐвзҐа § Јаг§ЄЁ Windows -------------------- Ё¤Ґ­вЁдЁЄ в®а {bootmgr} device partition=\Device\HarddiskVolume1 description Windows Boot Manager locale ru-RU inherit {globalsettings} default {current} resumeobject {bab257f6-7439-11e2-9537-dc3d4913c436} displayorder {current} {bab257f3-7439-11e2-9537-dc3d4913c436} toolsdisplayorder {memdiag} timeout 30 ‡ Јаг§Є  Windows ------------------- Ё¤Ґ­вЁдЁЄ в®а {2bd404a9-f41b-11e0-a4b9-8001061fab34} device ramdisk=[D:]\Recovery\2bd404a9-f41b-11e0-a4b9-8001061fab34\Winre.wim,{2bd404aa-f41b-11e0-a4b9-8001061fab34} path \windows\system32\winload.exe description Windows Recovery Environment inherit {bootloadersettings} osdevice ramdisk=[D:]\Recovery\2bd404a9-f41b-11e0-a4b9-8001061fab34\Winre.wim,{2bd404aa-f41b-11e0-a4b9-8001061fab34} systemroot \windows nx OptIn winpe Yes ‡ Јаг§Є  Windows ------------------- Ё¤Ґ­вЁдЁЄ в®а {bab257f3-7439-11e2-9537-dc3d4913c436} device partition=D: path \Windows\system32\winload.exe description Windows 7 locale ru-RU inherit {bootloadersettings} recoverysequence {bab257f4-7439-11e2-9537-dc3d4913c436} recoveryenabled Yes osdevice partition=D: systemroot \Windows resumeobject {bab257f2-7439-11e2-9537-dc3d4913c436} nx OptIn ‡ Јаг§Є  Windows ------------------- Ё¤Ґ­вЁдЁЄ в®а {bab257f4-7439-11e2-9537-dc3d4913c436} device ramdisk=[D:]\Recovery\bab257f4-7439-11e2-9537-dc3d4913c436\Winre.wim,{bab257f5-7439-11e2-9537-dc3d4913c436} path \windows\system32\winload.exe description Windows Recovery Environment inherit {bootloadersettings} osdevice ramdisk=[D:]\Recovery\bab257f4-7439-11e2-9537-dc3d4913c436\Winre.wim,{bab257f5-7439-11e2-9537-dc3d4913c436} systemroot \windows nx OptIn winpe Yes ‡ Јаг§Є  Windows ------------------- Ё¤Ґ­вЁдЁЄ в®а {current} device partition=C: path \Windows\system32\winload.exe description Windows 7 locale ru-RU inherit {bootloadersettings} osdevice partition=C: systemroot \Windows resumeobject {bab257f6-7439-11e2-9537-dc3d4913c436} nx OptIn ‚л室 Ё§ ०Ё¬  ЈЁЎҐа­ жЁЁ -------------------------- Ё¤Ґ­вЁдЁЄ в®а {bab257f2-7439-11e2-9537-dc3d4913c436} device partition=D: path \Windows\system32\winresume.exe description Windows Resume Application locale ru-RU inherit {resumeloadersettings} filedevice partition=D: filepath \hiberfil.sys pae Yes debugoptionenabled No ‚л室 Ё§ ०Ё¬  ЈЁЎҐа­ жЁЁ -------------------------- Ё¤Ґ­вЁдЁЄ в®а {bab257f6-7439-11e2-9537-dc3d4913c436} device partition=C: path \Windows\system32\winresume.exe description Windows Resume Application locale ru-RU inherit {resumeloadersettings} filedevice partition=C: filepath \hiberfil.sys pae Yes debugoptionenabled No Џа®ўҐаЄ  Ї ¬пвЁ Windows --------------------- Ё¤Ґ­вЁдЁЄ в®а {memdiag} device partition=\Device\HarddiskVolume1 path \boot\memtest.exe description „Ё Ј­®бвЁЄ  Ї ¬пвЁ locale ru-RU inherit {globalsettings} badmemoryaccess Yes Џ а ¬Ґвал EMS ------------- Ё¤Ґ­вЁдЁЄ в®а {emssettings} bootems Yes Џ а ¬Ґвал ®в« ¤зЁЄ  ------------------- Ё¤Ґ­вЁдЁЄ в®а {dbgsettings} debugtype Serial debugport 1 baudrate 115200 „ҐдҐЄвл Ћ‡“ ----------- Ё¤Ґ­вЁдЁЄ в®а {badmemory} ѓ«®Ў «м­лҐ Ї а ¬Ґвал -------------------- Ё¤Ґ­вЁдЁЄ в®а {globalsettings} inherit {dbgsettings} {emssettings} {badmemory} Џ а ¬Ґвал § Јаг§зЁЄ  -------------------- Ё¤Ґ­вЁдЁЄ в®а {bootloadersettings} inherit {globalsettings} {hypervisorsettings} Џ а ¬Ґвал ЈЁЇҐаўЁ§®а  ------------------- Ё¤Ґ­вЁдЁЄ в®а {hypervisorsettings} hypervisordebugtype Serial hypervisordebugport 1 hypervisorbaudrate 115200 Џ а ¬Ґвал § Јаг§зЁЄ  ў®ббв ­®ў«Ґ­Ёп ----------------------------------- Ё¤Ґ­вЁдЁЄ в®а {resumeloadersettings} inherit {globalsettings} Џ а ¬Ґвал гбва®©бвў ------------------- Ё¤Ґ­вЁдЁЄ в®а {2bd404aa-f41b-11e0-a4b9-8001061fab34} description Ramdisk Options ramdisksdidevice partition=D: ramdisksdipath \Recovery\2bd404a9-f41b-11e0-a4b9-8001061fab34\boot.sdi Џ а ¬Ґвал гбва®©бвў ------------------- Ё¤Ґ­вЁдЁЄ в®а {bab257f5-7439-11e2-9537-dc3d4913c436} description Ramdisk Options ramdisksdidevice partition=D: ramdisksdipath \Recovery\bab257f4-7439-11e2-9537-dc3d4913c436\boot.sdi LastRegBack: 2016-12-27 11:18 ==================== End of FRST.txt ============================